Skip to content

Commit

Permalink
fix(misconf): change default TLS values for the Azure storage account (
Browse files Browse the repository at this point in the history 
…#7345)

Signed-off-by: nikpivkin <[email protected]>
  • Loading branch information
@nikpivkin
nikpivkin authored Aug 15, 2024
1 parent 0047dbf commit aadb090
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 4 deletions.
2 changes: 1 addition & 1 deletion pkg/iac/adapters/arm/storage/adapt.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ func adaptAccounts(deployment azure.Deployment) []storage.Account {
Metadata: resource.Properties.GetMetadata(),
EnableLogging: types.BoolDefault(false, resource.Properties.GetMetadata()),
},
MinimumTLSVersion: resource.Properties.GetMapValue("minimumTlsVersion").AsStringValue("TLS1_0", resource.Properties.GetMetadata()),
MinimumTLSVersion: resource.Properties.GetMapValue("minimumTlsVersion").AsStringValue("", resource.Properties.GetMetadata()),
Queues: queues,
}
accounts = append(accounts, account)
Expand Down
2 changes: 1 addition & 1 deletion pkg/iac/adapters/arm/storage/adapt_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ func Test_AdaptStorageDefaults(t *testing.T) {
require.Len(t, output.Accounts, 1)

account := output.Accounts[0]
assert.Equal(t, "TLS1_0", account.MinimumTLSVersion.Value())
assert.Equal(t, "", account.MinimumTLSVersion.Value())
assert.False(t, account.EnforceHTTPS.Value())

}
Expand Down
6 changes: 4 additions & 2 deletions pkg/iac/adapters/terraform/azure/storage/adapt.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ import (
iacTypes "github.com/aquasecurity/trivy/pkg/iac/types"
)

const minimumTlsVersionOneTwo = "TLS1_2"

func Adapt(modules terraform.Modules) storage.Storage {
accounts, containers, networkRules := adaptAccounts(modules)

Expand Down Expand Up @@ -106,7 +108,7 @@ func adaptAccount(resource *terraform.Block) storage.Account {
Metadata: resource.GetMetadata(),
EnableLogging: iacTypes.BoolDefault(false, resource.GetMetadata()),
},
MinimumTLSVersion: iacTypes.StringDefault("TLS1_2", resource.GetMetadata()),
MinimumTLSVersion: iacTypes.StringDefault(minimumTlsVersionOneTwo, resource.GetMetadata()),
}

networkRulesBlocks := resource.GetBlocks("network_rules")
Expand All @@ -127,7 +129,7 @@ func adaptAccount(resource *terraform.Block) storage.Account {
}

minTLSVersionAttr := resource.GetAttribute("min_tls_version")
account.MinimumTLSVersion = minTLSVersionAttr.AsStringValueOrDefault("TLS1_0", resource)
account.MinimumTLSVersion = minTLSVersionAttr.AsStringValueOrDefault(minimumTlsVersionOneTwo, resource)
return account
}

Expand Down

0 comments on commit aadb090

Please sign in to comment.