Merge branch 'master' into AST-116624_11_6.2_PostgreSQL_Database_ensure_that_the_'log_connections'_database_flag_for_cloud_sql_postgresql_instance_is_set_to_on

Author: cx-andre-pereira

assets/queries/terraform/azure/app_service_ftps_enforce_disabled/query.rego

@@ -3,19 +3,26 @@ package Cx
 import data.generic.common as common_lib
 import data.generic.terraform as tf_lib
 
+resources := {"azurerm_app_service", "azurerm_linux_web_app", "azurerm_windows_web_app"}
+
 CxPolicy[result] {
-	function := input.document[i].resource.azurerm_app_service[name]
+	app := input.document[i].resource[resources[m]][name]
 
-	function.site_config.ftps_state == "AllAllowed"
+	app.site_config.ftps_state == "AllAllowed"
 
 	result := {
 		"documentId": input.document[i].id,
-		"resourceType": "azurerm_app_service",
-		"resourceName": tf_lib.get_resource_name(function, name),
-		"searchKey": sprintf("azurerm_app_service[%s].site_config.ftps_state", [name]),
+		"resourceType": resources[m],
+		"resourceName": tf_lib.get_resource_name(app, name),
+		"searchKey": sprintf("%s[%s].site_config.ftps_state", [resources[m], name]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": sprintf("'azurerm_app_service[%s].site_config.ftps_state' should not be set to 'AllAllowed'", [name]),
-		"keyActualValue": sprintf("'azurerm_app_service[%s].site_config.ftps_state' is set to 'AllAllowed'", [name]),
-		"searchLine": common_lib.build_search_line(["resource", "azurerm_app_service", name, "site_config", "ftps_state"], []),
+		"keyExpectedValue": sprintf("'%s[%s].site_config.ftps_state' should not be set to 'AllAllowed'", [resources[m], name]),
+		"keyActualValue": sprintf("'%s[%s].site_config.ftps_state' is set to 'AllAllowed'", [resources[m], name]),
+		"searchLine": common_lib.build_search_line(["resource", resources[m], name, "site_config", "ftps_state"], []),
+		"remediation": json.marshal({
+			"before": "AllAllowed",
+			"after": "FtpsOnly"
+		}),
+		"remediationType": "replacement",
 	}
 }

assets/queries/terraform/azure/app_service_ftps_enforce_disabled/test/negative1.tf

@@ -7,6 +7,6 @@ resource "azurerm_app_service" "negative1" {
   site_config {
     dotnet_framework_version = "v4.0"
     scm_type                 = "LocalGit"
-    ftps_state = "FtpsOnly"
+    ftps_state               = "FtpsOnly" # Options: AllAllowed, FtpsOnly, Disabled
   }
 }

assets/queries/terraform/azure/app_service_ftps_enforce_disabled/test/negative2.tf

@@ -7,6 +7,6 @@ resource "azurerm_app_service" "negative2" {
   site_config {
     dotnet_framework_version = "v4.0"
     scm_type                 = "LocalGit"
-    ftps_state = "Disabled"
+    ftps_state               = "Disabled"
   }
 }

assets/queries/terraform/azure/app_service_ftps_enforce_disabled/test/negative3.tf

@@ -0,0 +1,10 @@
+resource "azurerm_linux_web_app" "negative3" {
+  name                = "negative3"
+  resource_group_name = azurerm_resource_group.example.name
+  location            = azurerm_service_plan.example.location
+  service_plan_id     = azurerm_service_plan.example.id
+
+  site_config {
+    ftps_state = "Disabled" # Options: AllAllowed, FtpsOnly, Disabled
+  }
+}

assets/queries/terraform/azure/app_service_ftps_enforce_disabled/test/negative4.tf

@@ -0,0 +1,10 @@
+resource "azurerm_linux_web_app" "negative4" {
+  name                = "negative4"
+  resource_group_name = azurerm_resource_group.example.name
+  location            = azurerm_service_plan.example.location
+  service_plan_id     = azurerm_service_plan.example.id
+
+  site_config {
+    ftps_state = "FtpsOnly" # Options: AllAllowed, FtpsOnly, Disabled
+  }
+}

assets/queries/terraform/azure/app_service_ftps_enforce_disabled/test/negative5.tf

@@ -0,0 +1,10 @@
+resource "azurerm_windows_web_app" "negative5" {
+  name                = "negative5"
+  resource_group_name = azurerm_resource_group.example.name
+  location            = azurerm_service_plan.example.location
+  service_plan_id     = azurerm_service_plan.example.id
+
+  site_config {
+    ftps_state = "Disabled" # Options: AllAllowed, FtpsOnly, Disabled
+  }
+}

assets/queries/terraform/azure/app_service_ftps_enforce_disabled/test/negative6.tf

@@ -0,0 +1,10 @@
+resource "azurerm_windows_web_app" "negative6" {
+  name                = "negative6"
+  resource_group_name = azurerm_resource_group.example.name
+  location            = azurerm_service_plan.example.location
+  service_plan_id     = azurerm_service_plan.example.id
+
+  site_config {
+    ftps_state = "FtpsOnly" # Options: AllAllowed, FtpsOnly, Disabled
+  }
+}

assets/queries/terraform/azure/app_service_ftps_enforce_disabled/test/positive1.tf

@@ -7,6 +7,6 @@ resource "azurerm_app_service" "positive1" {
   site_config {
     dotnet_framework_version = "v4.0"
     scm_type                 = "LocalGit"
-    ftps_state = "AllAllowed"
+    ftps_state               = "AllAllowed" # Options: AllAllowed, FtpsOnly, Disabled
   }
 }

assets/queries/terraform/azure/app_service_ftps_enforce_disabled/test/positive2.tf

@@ -0,0 +1,10 @@
+resource "azurerm_linux_web_app" "positive2" {
+  name                = "positive2"
+  resource_group_name = azurerm_resource_group.example.name
+  location            = azurerm_service_plan.example.location
+  service_plan_id     = azurerm_service_plan.example.id
+
+  site_config {
+    ftps_state = "AllAllowed" # Options: AllAllowed, FtpsOnly, Disabled
+  }
+}

assets/queries/terraform/azure/app_service_ftps_enforce_disabled/test/positive3.tf

@@ -0,0 +1,10 @@
+resource "azurerm_windows_web_app" "positive3" {
+  name                = "positive3"
+  location            = azurerm_service_plan.example.location
+  resource_group_name = azurerm_resource_group.example.name
+  service_plan_id     = azurerm_service_plan.example.id
+
+  site_config {
+    ftps_state = "AllAllowed" # Options: AllAllowed, FtpsOnly, Disabled
+  }
+}