Skip to content

Updates to Code #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ahernandez411 wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Updates to Code #2

ahernandez411 wants to merge 3 commits into from

Conversation

@ahernandez411
Copy link
Owner

@ahernandez411 ahernandez411 commented Jan 26, 2023

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 26, 2023
View reviewed changes
DataAccess.cs
{
private Dictionary<string, string> _users = new Dictionary<string, string>();
private const string SqlConnectionString = "Server=localhost;Database=SecurityDb;User Id=sa;Password=MyP@ssw0rd!;";
private const string SqlConnectionString = "Server=localhost;Database=SecurityDb;User Id=sa;Password=MyP@ssw0rd!2;";

Check failure

Code scanning / CodeQL

Hard-coded connection string with credentials

'ConnectionString' property includes hard-coded credentials set in [object creation of type SqlConnection](1).
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 26, 2023
View reviewed changes
terraform/main.tf Outdated
Comment on lines +113 to +118

Check failure

Code scanning / defsec

Ensure the Function App can only be accessed via HTTPS. The default is false.

Function app does not have HTTPS enforced.
terraform/main.tf
Comment on lines +106 to +111
resource "azurerm_function_app" "bad_example" {
name = "example-function-app"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
}

Check warning

Code scanning / defsec

App Service authentication is activated

App service does not have authentication enabled.
terraform/main.tf
Comment on lines +106 to +111
resource "azurerm_function_app" "bad_example" {
name = "example-function-app"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
}

Check notice

Code scanning / defsec

Web App has registration with AD enabled

App service does not have an identity type.
terraform/main.tf
Comment on lines +106 to +111
resource "azurerm_function_app" "bad_example" {
name = "example-function-app"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
}

Check notice

Code scanning / defsec

Web App uses the latest HTTP version

App service does not have HTTP/2 enabled.
terraform/main.tf
Comment on lines +106 to +111
resource "azurerm_function_app" "bad_example" {
name = "example-function-app"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
}

Check notice

Code scanning / defsec

Web App accepts incoming client certificate

App service does not have client certificates enabled.
terraform/main.tf
Comment on lines +61 to +65
name = "bad_example"

retention_policy {
enabled = true
days = 7
}
}

resource "azurerm_network_security_rule" "bad_example" {
name = "bad_example_security_rule"
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
destination_port_range = ["3389"]
source_address_prefix = "*"
destination_address_prefix = "*"
}

resource "azurerm_network_security_group" "example" {
name = "tf-appsecuritygroup"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name

security_rule {
source_port_range = "any"
destination_port_range = ["3389"]
source_address_prefix = "*"
destination_address_prefix = "*"
}

Check notice

Code scanning / defsec

Key vault Secret should have a content type set

Secret does not have a content-type specified.
terraform/main.tf
Comment on lines +61 to +65
name = "bad_example"

retention_policy {
enabled = true
days = 7
}
}

resource "azurerm_network_security_rule" "bad_example" {
name = "bad_example_security_rule"
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
destination_port_range = ["3389"]
source_address_prefix = "*"
destination_address_prefix = "*"
}

resource "azurerm_network_security_group" "example" {
name = "tf-appsecuritygroup"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name

security_rule {
source_port_range = "any"
destination_port_range = ["3389"]
source_address_prefix = "*"
destination_address_prefix = "*"
}

Check notice

Code scanning / defsec

Key Vault Secret should have an expiration date set

Secret should have an expiry date specified.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ahernandez411