PSRule.Rules.Azure
PSRule.Rules.Azure copied to clipboard
Published
20 hours ago •
Azure
Azure
[BUG] NSG Latetal Traversal Rule failure with Azure Verified Modules (AVM)
Existing rule
Azure.NSG.LateralTraversal
Description of the issue
Creating an NSG using Azure Verified Modules (AVM) and specifying the required config needed to pass this rule (from the documentation) still generates a failed test result even thought the resource gets created with the NSG rule.
Error messages
Error: AZR-000139: sampleNetworkSecurityGroup failed Azure.NSG.LateralTraversal. Deny outbound management connections from non-management hosts.
Reproduction
Github Action Step
- name: Run PSRule analysis
uses: microsoft/[email protected]
with:
modules: PSRule.Rules.Azure
baseline: Azure.Pillar.Security
inputPath: infra/tests/temp/
outputFormat: Sarif
outputPath: reports/ps-rule-results.sarif
summary: true
continue-on-error: true
env:
PSRULE_AZURE_RESOURCE_MODULE_NOWARN: true
ps-rule.yaml on root of repo
configuration:
AZURE_BICEP_FILE_EXPANSION: true
AZURE_BICEP_FILE_EXPANSION_TIMEOUT: 30
AZURE_PARAMETER_FILE_EXPANSION: true
AZURE_DEPLOYMENT_NONSENSITIVE_PARAMETER_NAMES:
- deploymentToken
- migrationToken
- keys
execution:
unprocessedObject: Ignore
infra/tests/temp/nsgtest.bicep containing only the NSG AVM module
module nsg 'br/public:avm/res/network/network-security-group:0.5.0' = {
name: 'nsgModule'
params: {
name: 'sampleNetworkSecurityGroup'
location: 'northeurope'
securityRules: [
{
name: 'deny-hop-outbound'
properties: {
protocol: '*'
sourcePortRange: '*'
destinationPortRanges: [
'3389'
'22'
]
access: 'Deny'
priority: 200
direction: 'Outbound'
sourceAddressPrefix: 'VirtualNetwork'
destinationAddressPrefix: '*'
}
}
]
}
}
Version of PSRule
2.9.0
Version of PSRule for Azure
No response
Additional context
No response
