Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(arm): ARM AppServiceInstanceMinimum - CKV_AZURE_212 #6502

Merged
merged 10 commits into from
Jul 29, 2024
Merged

feat(arm): ARM AppServiceInstanceMinimum - CKV_AZURE_212 #6502

merged 10 commits into from
Jul 29, 2024

Conversation

RachelBorzi
Copy link
Contributor

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

Added new policy for -
AppServiceInstanceMinimum - CKV_AZURE_212

Fixes # (issue)

New/Edited policies (Delete if not relevant)

Description

policy to ensure App Service has a minimum number of instances for failover

Fix

How does someone fix the issue in code and/or in runtime?

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes

ChanochShayner
ChanochShayner reviewed Jul 21, 2024
View reviewed changes
checkov/arm/checks/resource/AppServiceInstanceMinimum.py
def scan_resource_conf(self, conf: Dict[str, Dict[str, Dict[str, int]]]) -> CheckResult:
if "properties" in conf:
if "siteConfig" in conf["properties"]:
if "numberOfWorkers" in conf["properties"]["siteConfig"]:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please verify siteConfic before accessing it, you can see the dogFood test is failing on it.

ChanochShayner
ChanochShayner reviewed Jul 24, 2024
View reviewed changes
checkov/arm/checks/resource/AppServiceSlotMinTLS.py Outdated
from checkov.common.models.enums import CheckCategories, CheckResult


class AppServiceSlotMinTLS(BaseResourceValueCheck):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remove this check from your PR, we already have this check for those resources in CKV_AZURE_15 & CKV_AZURE_145

SteveVaknin
SteveVaknin approved these changes Jul 28, 2024
View reviewed changes
checkov/arm/checks/resource/AppServiceInstanceMinimum.py Outdated

def scan_resource_conf(self, conf: Dict[str, Dict[str, Dict[str, int]]]) -> CheckResult:
if "properties" in conf:
if "siteConfig" in conf["properties"] and conf["properties"]["siteConfig"] is not None:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

consider working with get instead, it is less complex and more readable. If the key doesn't exists it will return None.

Suggested change
if "siteConfig" in conf["properties"] and conf["properties"]["siteConfig"] is not None:
if conf.get("properties").get("siteConfig") is not None:

@ChanochShayner ChanochShayner merged commit 15b5f0e into bridgecrewio:main Jul 29, 2024
41 checks passed
ChanochShayner added a commit to channy-katz/checkov that referenced this pull request Jul 29, 2024
@RachelBorzi @MaliUser1
@ChanochShayner @actions-user
feat(arm): ARM AppServiceInstanceMinimum - CKV_AZURE_212 (bridgecrewi…
1a5ce68 
…o#6502)

* feat(ARM): AppServiceSetHealthCheck CKV_AZURE_213

* feat(arm) CKV_AZURE_154

* feat(arm) CKV_AZURE_212

* type return

* verify siteConfig

* remove check AppServiceSlotMinTLS

* changed line 23

* Update checkov/arm/checks/resource/AppServiceInstanceMinimum.py

---------

Co-authored-by: Rachel <bb50305030@gmail.com>
Co-authored-by: ChanochShayner <57212002+ChanochShayner@users.noreply.github.com>
ChanochShayner added a commit to channy-katz/checkov that referenced this pull request Jul 29, 2024
@RachelBorzi @MaliUser1
@ChanochShayner @actions-user
feat(arm): ARM AppServiceInstanceMinimum - CKV_AZURE_212 (bridgecrewi…
cc7d483 
…o#6502)

* feat(ARM): AppServiceSetHealthCheck CKV_AZURE_213

* feat(arm) CKV_AZURE_154

* feat(arm) CKV_AZURE_212

* type return

* verify siteConfig

* remove check AppServiceSlotMinTLS

* changed line 23

* Update checkov/arm/checks/resource/AppServiceInstanceMinimum.py

---------

Co-authored-by: Rachel <bb50305030@gmail.com>
Co-authored-by: ChanochShayner <57212002+ChanochShayner@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChanochShayner ChanochShayner ChanochShayner approved these changes

@SteveVaknin SteveVaknin SteveVaknin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@RachelBorzi @ChanochShayner @SteveVaknin @MaliUser1