checkov icon indicating copy to clipboard operation
checkov copied to clipboard
verified publisher icon bridgecrewio

feat(terraform): Ensure the default IP Restriction action for SCM is set to "Deny"

Open tdefise opened this issue 1 year ago • 2 comments

User description

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

Fixes #6114

New/Edited policies (Delete if not relevant)

Description

Check that ensure that the default IP Restriction action for SCM is set to "Deny"

Fix

Set "scm_ip_restriction_default_action" to "Deny"

Checklist:

  • [X] My code follows the style guidelines of this project
  • [X] I have performed a self-review of my own code
  • [X] I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [X] I have added tests that prove my feature, policy, or fix is effective and works
  • [ ] New and existing tests pass locally with my changes
  • [ ] Any dependent changes have been merged and published in downstream modules

Generated description

Dear maintainer, below is a concise technical summary of the changes proposed in this PR:

Implement a new check AppServiceIPResctrictionDefaultActionSCMDeny to ensure that the default IP restriction action for SCM in Azure App Services is set to 'Deny'. This check is integrated into the Checkov framework and applies to both azurerm_linux_web_app and azurerm_windows_web_app resources. The check inspects the site_config block for the scm_ip_restriction_default_action key. Additionally, test cases are added to verify the functionality of this check, ensuring it correctly identifies compliant and non-compliant configurations.

TopicDetails
SCM IP Restriction Implement a new check AppServiceIPResctrictionDefaultActionSCMDeny to ensure the default IP restriction action for SCM is set to 'Deny'.
Modified files (1)
  • checkov/terraform/checks/resource/azure/AppServiceIPResctrictionDefaultActionSCMDeny.py
Latest Contributors(0)
EmailCommitDate
Testing SCM Restriction Add test cases to verify the new check AppServiceIPResctrictionDefaultActionSCMDeny for Azure App Services.
Modified files (2)
  • tests/terraform/checks/resource/azure/test_AppServiceIPResctrictionDefaultActionSCMDeny.py
  • tests/terraform/checks/resource/azure/example_AppServiceIPResctrictionDefaultActionSCMDeny/main.tf
Latest Contributors(0)
EmailCommitDate
This pull request is reviewed by Baz. Join @tdefise and the rest of your team on (Baz).

tdefise avatar Mar 22 '24 12:03 tdefise

Dear Checkov Team,

Would it be possible to have a status on this PR please?

Kind Regards, Thomas

tdefise avatar Jun 13 '24 10:06 tdefise

@tdefise Thanks for you contribution Please fix the lint errors

achiar99 avatar Jul 23 '24 08:07 achiar99