Storage Account Not Forcing HTTPS

  • Query id: cb8e4bf0-903d-45c6-a278-9a947d82a27b
  • Query name: Storage Account Not Forcing HTTPS
  • Platform: Pulumi
  • Severity: High
  • Category: Encryption
  • URL: Github

Description

Storage Accounts should enforce the use of HTTPS
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
name: azure-aks
runtime: yaml
description: An Aks cluster
resources:
  storageAccount:
    type: azure-native:storage:StorageAccount
    properties:
      accountName: sto4445
      enableHttpsTrafficOnly: false
      enableNfsV3: true
      isHnsEnabled: true
      kind: BlockBlobStorage
      location: eastus
      networkRuleSet:
        bypass: AzureServices
        defaultAction: Allow
        ipRules: []
        virtualNetworkRules:
          - virtualNetworkResourceId: /subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12
      resourceGroupName: res9101
      sku:
        name: Premium_LRS

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
name: azure-aks
runtime: yaml
description: An Aks cluster
resources:
  storageAccount:
    type: azure-native:storage:StorageAccount
    properties:
      accountName: sto4445
      enableHttpsTrafficOnly: true
      enableNfsV3: true
      isHnsEnabled: true
      kind: BlockBlobStorage
      location: eastus
      networkRuleSet:
        bypass: AzureServices
        defaultAction: Allow
        ipRules: []
        virtualNetworkRules:
          - virtualNetworkResourceId: /subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12
      resourceGroupName: res9101
      sku:
        name: Premium_LRS