From 150f7761f818a51f32bcef78f8d6f2a2791dda6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20De=20la=20Torre=20Vico?= Date: Wed, 11 Dec 2024 13:14:29 +0100 Subject: [PATCH] feat(app): add support for TLS 1.3 to Web Apps check (#6004) (cherry picked from commit d7b0bc02ba6ad8a528d7630ea56cf906568e8056) --- .../app_minimum_tls_version_12.py | 9 ++-- .../app_minimum_tls_version_12_test.py | 42 +++++++++++++++++++ 2 files changed, 46 insertions(+), 5 deletions(-) diff --git a/prowler/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12.py b/prowler/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12.py index 32020e2ec2c..519335a016e 100644 --- a/prowler/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12.py +++ b/prowler/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12.py @@ -19,12 +19,11 @@ def execute(self) -> Check_Report_Azure: report.location = app.location report.status_extended = f"Minimum TLS version is not set to 1.2 for app '{app_name}' in subscription '{subscription_name}'." - if ( - app.configurations - and getattr(app.configurations, "min_tls_version", "") == "1.2" - ): + if app.configurations and getattr( + app.configurations, "min_tls_version", "" + ) in ["1.2", "1.3"]: report.status = "PASS" - report.status_extended = f"Minimum TLS version is set to 1.2 for app '{app_name}' in subscription '{subscription_name}'." + report.status_extended = f"Minimum TLS version is set to {app.configurations.min_tls_version} for app '{app_name}' in subscription '{subscription_name}'." findings.append(report) diff --git a/tests/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12_test.py b/tests/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12_test.py index da0271cbc07..12a149015e3 100644 --- a/tests/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12_test.py +++ b/tests/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12_test.py @@ -171,3 +171,45 @@ def test_app_min_tls_version_10(self): assert result[0].resource_name == "app_id-1" assert result[0].subscription == AZURE_SUBSCRIPTION_ID assert result[0].location == "West Europe" + + def test_app_min_tls_version_13(self): + resource_id = f"/subscriptions/{uuid4()}" + app_client = mock.MagicMock + + with mock.patch( + "prowler.providers.common.provider.Provider.get_global_provider", + return_value=set_mocked_azure_provider(), + ), mock.patch( + "prowler.providers.azure.services.app.app_minimum_tls_version_12.app_minimum_tls_version_12.app_client", + new=app_client, + ): + from prowler.providers.azure.services.app.app_minimum_tls_version_12.app_minimum_tls_version_12 import ( + app_minimum_tls_version_12, + ) + from prowler.providers.azure.services.app.app_service import WebApp + + app_client.apps = { + AZURE_SUBSCRIPTION_ID: { + "app_id-1": WebApp( + resource_id=resource_id, + auth_enabled=False, + configurations=mock.MagicMock(min_tls_version="1.3"), + client_cert_mode="Ignore", + https_only=False, + identity=None, + location="West Europe", + ) + } + } + check = app_minimum_tls_version_12() + result = check.execute() + assert len(result) == 1 + assert result[0].status == "PASS" + assert ( + result[0].status_extended + == f"Minimum TLS version is set to 1.3 for app 'app_id-1' in subscription '{AZURE_SUBSCRIPTION_ID}'." + ) + assert result[0].resource_id == resource_id + assert result[0].resource_name == "app_id-1" + assert result[0].subscription == AZURE_SUBSCRIPTION_ID + assert result[0].location == "West Europe"