Web App Not Using TLS Last Version
- Query id: b5c851d5-00f1-43dc-a8de-3218fd6f71be
- Query name: Web App Not Using TLS Last Version
- Platform: AzureResourceManager
- Severity: High
- Category: Encryption
- URL: Github
Description¶
Resources of type 'Microsoft.Web/sites' should define 'properties.siteConfig.minTlsVersion' with '1.2'
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Web/sites",
"apiVersion": "2020-12-01",
"name": "App",
"location": "[resourceGroup().location]",
"properties": {
"siteConfig": {
"minTlsVersion": "1.0"
}
}
}
]
}
Postitive test num. 2 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Web/sites",
"apiVersion": "2020-12-01",
"name": "App",
"location": "[resourceGroup().location]",
"properties": {}
}
]
}
Postitive test num. 3 - json file
{
"properties": {
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Web/sites",
"apiVersion": "2020-12-01",
"name": "App",
"location": "[resourceGroup().location]",
"properties": {
"siteConfig": {
"minTlsVersion": "1.0"
}
}
}
],
"outputs": {}
},
"parameters": {}
},
"kind": "template",
"type": "Microsoft.Blueprint/blueprints/artifacts",
"name": "myTemplate"
}
Postitive test num. 4 - json file
{
"properties": {
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Web/sites",
"apiVersion": "2020-12-01",
"name": "App",
"location": "[resourceGroup().location]",
"properties": {}
}
],
"outputs": {}
},
"parameters": {}
},
"kind": "template",
"type": "Microsoft.Blueprint/blueprints/artifacts",
"name": "myTemplate"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Web/sites",
"apiVersion": "2020-12-01",
"name": "App",
"location": "[resourceGroup().location]",
"properties": {
"siteConfig": {
"minTlsVersion": "1.2"
}
}
}
]
}
Negative test num. 2 - json file
{
"properties": {
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Web/sites",
"apiVersion": "2020-12-01",
"name": "App",
"location": "[resourceGroup().location]",
"properties": {
"siteConfig": {
"minTlsVersion": "1.2"
}
}
}
],
"outputs": {}
},
"parameters": {}
},
"kind": "template",
"type": "Microsoft.Blueprint/blueprints/artifacts",
"name": "myTemplate"
}