feat(app): add support for TLS 1.3 to Web Apps check (#6004)

(cherry picked from commit d7b0bc0)
prowler-cloud · Dec 11, 2024 · 150f776 · 150f776
1 parent 0556f30
commit 150f776
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 5 deletions.
diff --git a/...ler/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12.py b/...ler/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12.py
@@ -19,12 +19,11 @@ def execute(self) -> Check_Report_Azure:
                 report.location = app.location
                 report.status_extended = f"Minimum TLS version is not set to 1.2 for app '{app_name}' in subscription '{subscription_name}'."
 
-                if (
-                    app.configurations
-                    and getattr(app.configurations, "min_tls_version", "") == "1.2"
-                ):
+                if app.configurations and getattr(
+                    app.configurations, "min_tls_version", ""
+                ) in ["1.2", "1.3"]:
                     report.status = "PASS"
-                    report.status_extended = f"Minimum TLS version is set to 1.2 for app '{app_name}' in subscription '{subscription_name}'."
+                    report.status_extended = f"Minimum TLS version is set to {app.configurations.min_tls_version} for app '{app_name}' in subscription '{subscription_name}'."
 
                 findings.append(report)
 

diff --git a/...roviders/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12_test.py b/...roviders/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12_test.py
@@ -171,3 +171,45 @@ def test_app_min_tls_version_10(self):
             assert result[0].resource_name == "app_id-1"
             assert result[0].subscription == AZURE_SUBSCRIPTION_ID
             assert result[0].location == "West Europe"
+
+    def test_app_min_tls_version_13(self):
+        resource_id = f"/subscriptions/{uuid4()}"
+        app_client = mock.MagicMock
+
+        with mock.patch(
+            "prowler.providers.common.provider.Provider.get_global_provider",
+            return_value=set_mocked_azure_provider(),
+        ), mock.patch(
+            "prowler.providers.azure.services.app.app_minimum_tls_version_12.app_minimum_tls_version_12.app_client",
+            new=app_client,
+        ):
+            from prowler.providers.azure.services.app.app_minimum_tls_version_12.app_minimum_tls_version_12 import (
+                app_minimum_tls_version_12,
+            )
+            from prowler.providers.azure.services.app.app_service import WebApp
+
+            app_client.apps = {
+                AZURE_SUBSCRIPTION_ID: {
+                    "app_id-1": WebApp(
+                        resource_id=resource_id,
+                        auth_enabled=False,
+                        configurations=mock.MagicMock(min_tls_version="1.3"),
+                        client_cert_mode="Ignore",
+                        https_only=False,
+                        identity=None,
+                        location="West Europe",
+                    )
+                }
+            }
+            check = app_minimum_tls_version_12()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].status == "PASS"
+            assert (
+                result[0].status_extended
+                == f"Minimum TLS version is set to 1.3 for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'."
+            )
+            assert result[0].resource_id == resource_id
+            assert result[0].resource_name == "app_id-1"
+            assert result[0].subscription == AZURE_SUBSCRIPTION_ID
+            assert result[0].location == "West Europe"