App Service Without Latest PHP Version
- Query id: 96fe318e-d631-4156-99fa-9080d57280ae
- Query name: App Service Without Latest PHP Version
- Platform: Terraform
- Severity: Low
- Category: Best Practices
- URL: Github
Description¶
Periodically newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_app_service" "example4" {
name = "example4-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
# SiteConfig block is optional before AzureRM version 3.0
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
php_version = "7.3"
}
app_settings = {
"SOME_KEY" = "some-value"
}
connection_string {
name = "Database"
type = "SQLServer"
value = "Server=some-server.mydomain.com;Integrated Security=SSPI"
}
}
Positive test num. 2 - tf file
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_service_plan" "example" {
name = "example"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
sku_name = "P1v2"
}
resource "azurerm_windows_web_app" "example5" {
name = "example5"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_service_plan.example.location
service_plan_id = azurerm_service_plan.example.id
site_config{
application_stack{
php_version = "v7.3"
}
}
}
Positive test num. 3 - tf file
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_service_plan" "example" {
name = "example"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
os_type = "Linux"
sku_name = "P1v2"
}
resource "azurerm_linux_web_app" "example6" {
name = "example6"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_service_plan.example.location
service_plan_id = azurerm_service_plan.example.id
site_config{
application_stack{
php_version = "7.4"
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_app_service" "example1" {
name = "example1-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
# SiteConfig block is optional before AzureRM version 3.0
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
php_version = "8.1"
}
app_settings = {
"SOME_KEY" = "some-value"
}
connection_string {
name = "Database"
type = "SQLServer"
value = "Server=some-server.mydomain.com;Integrated Security=SSPI"
}
}
Negative test num. 2 - tf file
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_service_plan" "example" {
name = "example"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
sku_name = "P1v2"
}
resource "azurerm_windows_web_app" "example2" {
name = "example2"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_service_plan.example.location
service_plan_id = azurerm_service_plan.example.id
site_config{
application_stack{
php_version = "v8.1"
}
}
}
Negative test num. 3 - tf file
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_service_plan" "example" {
name = "example"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
sku_name = "P1v2"
}
resource "azurerm_linux_web_app" "example3" {
name = "example3"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_service_plan.example.location
service_plan_id = azurerm_service_plan.example.id
site_config{
application_stack{
php_version = "8.1"
}
}
}