Storage Account Not Forcing HTTPS
- Query id: cb8e4bf0-903d-45c6-a278-9a947d82a27b
- Query name: Storage Account Not Forcing HTTPS
- Platform: Pulumi
- Severity: High
- Category: Encryption
- URL: Github
Description¶
Storage Accounts should enforce the use of HTTPS
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
name: azure-aks
runtime: yaml
description: An Aks cluster
resources:
storageAccount:
type: azure-native:storage:StorageAccount
properties:
accountName: sto4445
enableHttpsTrafficOnly: false
enableNfsV3: true
isHnsEnabled: true
kind: BlockBlobStorage
location: eastus
networkRuleSet:
bypass: AzureServices
defaultAction: Allow
ipRules: []
virtualNetworkRules:
- virtualNetworkResourceId: /subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12
resourceGroupName: res9101
sku:
name: Premium_LRS
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
name: azure-aks
runtime: yaml
description: An Aks cluster
resources:
storageAccount:
type: azure-native:storage:StorageAccount
properties:
accountName: sto4445
enableHttpsTrafficOnly: true
enableNfsV3: true
isHnsEnabled: true
kind: BlockBlobStorage
location: eastus
networkRuleSet:
bypass: AzureServices
defaultAction: Allow
ipRules: []
virtualNetworkRules:
- virtualNetworkResourceId: /subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12
resourceGroupName: res9101
sku:
name: Premium_LRS