App Service Without Latest Python Version
- Query id: cc4aaa9d-1070-461a-b519-04e00f42db8a
- Query name: App Service Without Latest Python Version
- Platform: Terraform
- Severity: Low
- Category: Best Practices
- URL: Github
Description¶
Periodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest full Python version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_app_service" "example4" {
name = "example4-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
# SiteConfig block is optional before AzureRM version 3.0
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
python_version = "2.7"
}
app_settings = {
"SOME_KEY" = "some-value"
}
connection_string {
name = "Database"
type = "SQLServer"
value = "Server=some-server.mydomain.com;Integrated Security=SSPI"
}
}
Positive test num. 2 - tf file
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_service_plan" "example" {
name = "example"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
sku_name = "P1v2"
}
resource "azurerm_windows_web_app" "example5" {
name = "example5"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_service_plan.example.location
service_plan_id = azurerm_service_plan.example.id
site_config{
application_stack{
python_version = "v2.7"
}
}
}
Positive test num. 3 - tf file
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_service_plan" "example" {
name = "example"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
os_type = "Linux"
sku_name = "P1v2"
}
resource "azurerm_linux_web_app" "example6" {
name = "example6"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_service_plan.example.location
service_plan_id = azurerm_service_plan.example.id
site_config{
application_stack{
python_version = "2.7"
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_app_service" "example1" {
name = "example1-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
# SiteConfig block is optional before AzureRM version 3.0
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
python_version = "3.10"
}
app_settings = {
"SOME_KEY" = "some-value"
}
connection_string {
name = "Database"
type = "SQLServer"
value = "Server=some-server.mydomain.com;Integrated Security=SSPI"
}
}
Negative test num. 2 - tf file
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_service_plan" "example" {
name = "example"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
sku_name = "P1v2"
}
resource "azurerm_windows_web_app" "example2" {
name = "example2"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_service_plan.example.location
service_plan_id = azurerm_service_plan.example.id
site_config{
application_stack{
python_version = "v3.10"
}
}
}
Negative test num. 3 - tf file
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_service_plan" "example" {
name = "example"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
sku_name = "P1v2"
}
resource "azurerm_linux_web_app" "example3" {
name = "example3"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_service_plan.example.location
service_plan_id = azurerm_service_plan.example.id
site_config{
application_stack{
python_version = "3.10"
}
}
}
Negative test num. 4 - tf file
resource "azurerm_app_service" "example1" {
name = "example1-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
# SiteConfig block is optional before AzureRM version 3.0
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
}
app_settings = {
"SOME_KEY" = "some-value"
}
connection_string {
name = "Database"
type = "SQLServer"
value = "Server=some-server.mydomain.com;Integrated Security=SSPI"
}
}