diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/ApiAppLatestTLS-Failures.bicep b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/ApiAppLatestTLS-Failures.bicep new file mode 100644 index 00000000..c5cbcb0c --- /dev/null +++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/ApiAppLatestTLS-Failures.bicep @@ -0,0 +1,43 @@ +resource apiAppTls10 'Microsoft.Web/sites@2022-09-01' = { + kind: 'api' + name: 'apiAppTls10' + properties: { + siteConfig: { + minTlsVersion: '1.0' + } + } +} + +resource apiAppNoTls 'Microsoft.Web/sites@2022-09-01' = { + kind: 'api' + name: 'apiAppNoTls' + properties: { + siteConfig: { + } + } +} + +resource apiAppSeparateConfigTls10 'Microsoft.Web/sites@2022-09-01' = { + kind: 'api' + name: 'apiAppSeparateConfigTls10' +} + +resource apiAppConfigTls10 'Microsoft.Web/sites/config@2022-09-01' = { + parent: apiAppSeparateConfigTls10 + name: 'web' + properties: { + minTlsVersion: '1.0' + } +} + +resource apiAppSeparateConfigNoTls 'Microsoft.Web/sites@2022-09-01' = { + kind: 'api' + name: 'apiAppSeparateConfigNoTls' +} + +resource apiAppConfigNoTls 'Microsoft.Web/sites/config@2022-09-01' = { + parent: apiAppSeparateConfigNoTls + name: 'web' + properties: { + } +} diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/ApiAppLatestTLS-Passes.bicep b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/ApiAppLatestTLS-Passes.bicep new file mode 100644 index 00000000..88d6ba08 --- /dev/null +++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/ApiAppLatestTLS-Passes.bicep @@ -0,0 +1,45 @@ +resource apiAppTls12 'Microsoft.Web/sites@2022-09-01' = { + kind: 'api' + name: 'apiAppTls12' + properties: { + siteConfig: { + minTlsVersion: '1.2' + } + } +} + +resource apiAppTls13 'Microsoft.Web/sites@2022-09-01' = { + kind: 'api' + name: 'apiAppTls13' + properties: { + siteConfig: { + minTlsVersion: '1.3' + } + } +} + +resource apiAppSeparateConfigTls12 'Microsoft.Web/sites@2022-09-01' = { + kind: 'api' + name: 'apiAppSeparateConfigTls12' +} + +resource apiAppConfigTls12 'Microsoft.Web/sites/config@2022-09-01' = { + parent: apiAppSeparateConfigTls12 + name: 'web' + properties: { + minTlsVersion: '1.2' + } +} + +resource apiAppSeparateConfigTls13 'Microsoft.Web/sites@2022-09-01' = { + kind: 'api' + name: 'apiAppSeparateConfigTls13' +} + +resource apiAppConfigTls13 'Microsoft.Web/sites/config@2022-09-01' = { + parent: apiAppSeparateConfigTls13 + name: 'web' + properties: { + minTlsVersion: '1.3' + } +} diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/TA-000005.json b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/TA-000005.json new file mode 100644 index 00000000..69992715 --- /dev/null +++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000005/TA-000005.json @@ -0,0 +1,35 @@ +[ + { + "Template": "ApiAppLatestTLS-Failures.bicep", + "ReportedFailures": [ + { + "LineNumber": 6, + "Description": "properties.siteConfig.minTlsVersion set to 1.0 in apiAppTls10" + }, + { + "LineNumber": 15, + "Description": "properties.siteConfig.minTlsVersion missing in apiAppNoTls" + }, + { + "LineNumber": 20, + "Description": "properties.siteConfig.minTlsVersion missing in apiAppSeparateConfigTls10" + }, + { + "LineNumber": 29, + "Description": "properties.minTlsVersion set to 1.0 in apiAppConfigTls10" + }, + { + "LineNumber": 33, + "Description": "properties.siteConfig.minTlsVersion missing in apiAppSeparateConfigNoTls" + }, + { + "LineNumber": 41, + "Description": "properties.minTlsVersion missing in apiAppConfigNoTls" + } + ] + }, + { + "Template": "ApiAppLatestTLS-Passes.bicep", + "ReportedFailures": [] + } +] \ No newline at end of file diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/FunctionAppLatestTLS-Failures.bicep b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/FunctionAppLatestTLS-Failures.bicep new file mode 100644 index 00000000..49e636d5 --- /dev/null +++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/FunctionAppLatestTLS-Failures.bicep @@ -0,0 +1,43 @@ +resource functionAppTls10 'Microsoft.Web/sites@2022-09-01' = { + kind: 'functionapp' + name: 'functionAppTls10' + properties: { + siteConfig: { + minTlsVersion: '1.0' + } + } +} + +resource functionAppNoTls 'Microsoft.Web/sites@2022-09-01' = { + kind: 'functionapp' + name: 'functionAppNoTls' + properties: { + siteConfig: { + } + } +} + +resource functionAppSeparateConfigTls10 'Microsoft.Web/sites@2022-09-01' = { + kind: 'functionapp' + name: 'functionAppSeparateConfigTls10' +} + +resource functionAppConfigTls10 'Microsoft.Web/sites/config@2022-09-01' = { + parent: functionAppSeparateConfigTls10 + name: 'web' + properties: { + minTlsVersion: '1.0' + } +} + +resource functionAppSeparateConfigNoTls 'Microsoft.Web/sites@2022-09-01' = { + kind: 'functionapp' + name: 'functionAppSeparateConfigNoTls' +} + +resource functionAppConfigNoTls 'Microsoft.Web/sites/config@2022-09-01' = { + parent: functionAppSeparateConfigNoTls + name: 'web' + properties: { + } +} diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/FunctionAppLatestTLS-Passes.bicep b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/FunctionAppLatestTLS-Passes.bicep new file mode 100644 index 00000000..d072dd1f --- /dev/null +++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/FunctionAppLatestTLS-Passes.bicep @@ -0,0 +1,45 @@ +resource functionAppTls12 'Microsoft.Web/sites@2022-09-01' = { + kind: 'functionapp' + name: 'functionAppTls12' + properties: { + siteConfig: { + minTlsVersion: '1.2' + } + } +} + +resource functionAppTls13 'Microsoft.Web/sites@2022-09-01' = { + kind: 'functionapp' + name: 'functionAppTls13' + properties: { + siteConfig: { + minTlsVersion: '1.3' + } + } +} + +resource functionAppSeparateConfigTls12 'Microsoft.Web/sites@2022-09-01' = { + kind: 'functionapp' + name: 'functionAppSeparateConfigTls12' +} + +resource functionAppConfigTls12 'Microsoft.Web/sites/config@2022-09-01' = { + parent: functionAppSeparateConfigTls12 + name: 'web' + properties: { + minTlsVersion: '1.2' + } +} + +resource functionAppSeparateConfigTls13 'Microsoft.Web/sites@2022-09-01' = { + kind: 'functionapp' + name: 'functionAppSeparateConfigTls13' +} + +resource functionAppConfigTls13 'Microsoft.Web/sites/config@2022-09-01' = { + parent: functionAppSeparateConfigTls13 + name: 'web' + properties: { + minTlsVersion: '1.3' + } +} diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/TA-000011.json b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/TA-000011.json new file mode 100644 index 00000000..e675ace3 --- /dev/null +++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000011/TA-000011.json @@ -0,0 +1,35 @@ +[ + { + "Template": "FunctionAppLatestTLS-Failures.bicep", + "ReportedFailures": [ + { + "LineNumber": 6, + "Description": "properties.siteConfig.minTlsVersion set to 1.0 in functionAppTls10" + }, + { + "LineNumber": 15, + "Description": "properties.siteConfig.minTlsVersion missing in functionAppNoTls" + }, + { + "LineNumber": 20, + "Description": "properties.siteConfig.minTlsVersion missing in functionAppSeparateConfigTls10" + }, + { + "LineNumber": 29, + "Description": "properties.minTlsVersion set to 1.0 in functionAppConfigTls10" + }, + { + "LineNumber": 33, + "Description": "properties.siteConfig.minTlsVersion missing in functionAppSeparateConfigNoTls" + }, + { + "LineNumber": 41, + "Description": "properties.minTlsVersion missing in functionAppConfigNoTls" + } + ] + }, + { + "Template": "FunctionAppLatestTLS-Passes.bicep", + "ReportedFailures": [] + } +] \ No newline at end of file diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLS-Failures.bicep b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLS-Failures.bicep new file mode 100644 index 00000000..88d4d0fc --- /dev/null +++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLS-Failures.bicep @@ -0,0 +1,43 @@ +resource webAppTls10 'Microsoft.Web/sites@2022-09-01' = { + kind: 'app' + name: 'webAppTls10' + properties: { + siteConfig: { + minTlsVersion: '1.0' + } + } +} + +resource webAppNoTls 'Microsoft.Web/sites@2022-09-01' = { + kind: 'app' + name: 'webAppTls' + properties: { + siteConfig: { + } + } +} + +resource webAppSeparateConfigTls10 'Microsoft.Web/sites@2022-09-01' = { + kind: 'app' + name: 'webAppSeparateConfigTls10' +} + +resource webAppConfigTls10 'Microsoft.Web/sites/config@2022-09-01' = { + parent: webAppSeparateConfigTls10 + name: 'web' + properties: { + minTlsVersion: '1.0' + } +} + +resource webAppSeparateConfigNoTls 'Microsoft.Web/sites@2022-09-01' = { + kind: 'app' + name: 'webAppSeparateConfigNoTls' +} + +resource webAppConfigNoTls 'Microsoft.Web/sites/config@2022-09-01' = { + parent: webAppSeparateConfigNoTls + name: 'web' + properties: { + } +} diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLS-Passes.bicep b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLS-Passes.bicep new file mode 100644 index 00000000..84cf4940 --- /dev/null +++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLS-Passes.bicep @@ -0,0 +1,45 @@ +resource webAppTls12 'Microsoft.Web/sites@2022-09-01' = { + kind: 'app' + name: 'webAppTls12' + properties: { + siteConfig: { + minTlsVersion: '1.2' + } + } +} + +resource webAppTls13 'Microsoft.Web/sites@2022-09-01' = { + kind: 'app' + name: 'webAppTls13' + properties: { + siteConfig: { + minTlsVersion: '1.3' + } + } +} + +resource webAppSeparateConfigTls12 'Microsoft.Web/sites@2022-09-01' = { + kind: 'app' + name: 'webAppSeparateConfigTls12' +} + +resource webAppConfigTls12 'Microsoft.Web/sites/config@2022-09-01' = { + parent: webAppSeparateConfigTls12 + name: 'web' + properties: { + minTlsVersion: '1.2' + } +} + +resource webAppSeparateConfigTls13 'Microsoft.Web/sites@2022-09-01' = { + kind: 'app' + name: 'webAppSeparateConfigTls13' +} + +resource webAppConfigTls13 'Microsoft.Web/sites/config@2022-09-01' = { + parent: webAppSeparateConfigTls13 + name: 'web' + properties: { + minTlsVersion: '1.3' + } +} diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLSNoKind-Failures.bicep b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLSNoKind-Failures.bicep new file mode 100644 index 00000000..54a494d6 --- /dev/null +++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLSNoKind-Failures.bicep @@ -0,0 +1,39 @@ +resource webAppTls10 'Microsoft.Web/sites@2022-09-01' = { + name: 'webAppTls10' + properties: { + siteConfig: { + minTlsVersion: '1.0' + } + } +} + +resource webAppNoTls 'Microsoft.Web/sites@2022-09-01' = { + name: 'webAppTls' + properties: { + siteConfig: { + } + } +} + +resource webAppSeparateConfigTls10 'Microsoft.Web/sites@2022-09-01' = { + name: 'webAppSeparateConfigTls10' +} + +resource webAppConfigTls10 'Microsoft.Web/sites/config@2022-09-01' = { + parent: webAppSeparateConfigTls10 + name: 'web' + properties: { + minTlsVersion: '1.0' + } +} + +resource webAppSeparateConfigNoTls 'Microsoft.Web/sites@2022-09-01' = { + name: 'webAppSeparateConfigNoTls' +} + +resource webAppConfigNoTls 'Microsoft.Web/sites/config@2022-09-01' = { + parent: webAppSeparateConfigNoTls + name: 'web' + properties: { + } +} diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLSNoKind-Passes.bicep b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLSNoKind-Passes.bicep new file mode 100644 index 00000000..43b01235 --- /dev/null +++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/AppServicesLatestTLSNoKind-Passes.bicep @@ -0,0 +1,41 @@ +resource webAppTls12 'Microsoft.Web/sites@2022-09-01' = { + name: 'webAppTls12' + properties: { + siteConfig: { + minTlsVersion: '1.2' + } + } +} + +resource webAppTls13 'Microsoft.Web/sites@2022-09-01' = { + name: 'webAppTls13' + properties: { + siteConfig: { + minTlsVersion: '1.3' + } + } +} + +resource webAppSeparateConfigTls12 'Microsoft.Web/sites@2022-09-01' = { + name: 'webAppSeparateConfigTls12' +} + +resource webAppConfigTls12 'Microsoft.Web/sites/config@2022-09-01' = { + parent: webAppSeparateConfigTls12 + name: 'web' + properties: { + minTlsVersion: '1.2' + } +} + +resource webAppSeparateConfigTls13 'Microsoft.Web/sites@2022-09-01' = { + name: 'webAppSeparateConfigTls13' +} + +resource webAppConfigTls13 'Microsoft.Web/sites/config@2022-09-01' = { + parent: webAppSeparateConfigTls13 + name: 'web' + properties: { + minTlsVersion: '1.3' + } +} diff --git a/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/TA-000017.json b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/TA-000017.json new file mode 100644 index 00000000..02a2cb70 --- /dev/null +++ b/src/Analyzer.Core.BuiltInRuleTests/Tests/TA-000017/TA-000017.json @@ -0,0 +1,68 @@ +[ + { + "Template": "AppServicesLatestTLS-Failures.bicep", + "ReportedFailures": [ + { + "LineNumber": 6, + "Description": "properties.siteConfig.minTlsVersion set to 1.0 in webAppTls10" + }, + { + "LineNumber": 15, + "Description": "properties.siteConfig.minTlsVersion missing in webAppNoTls" + }, + { + "LineNumber": 20, + "Description": "properties.siteConfig.minTlsVersion missing in webAppSeparateConfigTls10" + }, + { + "LineNumber": 29, + "Description": "properties.minTlsVersion set to 1.0 in webAppConfigTls10" + }, + { + "LineNumber": 33, + "Description": "properties.siteConfig.minTlsVersion missing in webAppSeparateConfigNoTls" + }, + { + "LineNumber": 41, + "Description": "properties.minTlsVersion missing in webAppConfigNoTls" + } + ] + }, + { + "Template": "AppServicesLatestTLSNoKind-Failures.bicep", + "ReportedFailures": [ + { + "LineNumber": 5, + "Description": "properties.siteConfig.minTlsVersion set to 1.0 in webAppTls10" + }, + { + "LineNumber": 13, + "Description": "properties.siteConfig.minTlsVersion missing in webAppNoTls" + }, + { + "LineNumber": 18, + "Description": "properties.siteConfig.minTlsVersion missing in webAppSeparateConfigTls10" + }, + { + "LineNumber": 26, + "Description": "properties.minTlsVersion set to 1.0 in webAppConfigTls10" + }, + { + "LineNumber": 30, + "Description": "properties.siteConfig.minTlsVersion missing in webAppSeparateConfigNoTls" + }, + { + "LineNumber": 37, + "Description": "properties.minTlsVersion missing in webAppConfigNoTls" + } + ] + }, + { + "Template": "AppServicesLatestTLS-Passes.bicep", + "ReportedFailures": [] + }, + { + "Template": "AppServicesLatestTLSNoKind-Passes.bicep", + "ReportedFailures": [] + } +] \ No newline at end of file diff --git a/src/Analyzer.Core/Rules/BuiltInRules.json b/src/Analyzer.Core/Rules/BuiltInRules.json index 0af883dd..4ac1b61b 100644 --- a/src/Analyzer.Core/Rules/BuiltInRules.json +++ b/src/Analyzer.Core/Rules/BuiltInRules.json @@ -160,11 +160,11 @@ { "resourceType": "Microsoft.Web/sites/config", "path": "properties.minTlsVersion", - "equals": "1.2" + "in": ["1.2", "1.3"] }, { "path": "properties.siteConfig.minTlsVersion", - "equals": "1.2" + "in": ["1.2", "1.3"] } ] } @@ -332,11 +332,11 @@ { "resourceType": "Microsoft.Web/sites/config", "path": "properties.minTlsVersion", - "equals": "1.2" + "in": ["1.2", "1.3"] }, { "path": "properties.siteConfig.minTlsVersion", - "equals": "1.2" + "in": ["1.2", "1.3"] } ] } @@ -536,11 +536,11 @@ { "resourceType": "Microsoft.Web/sites/config", "path": "properties.minTlsVersion", - "equals": "1.2" + "in": ["1.2", "1.3"] }, { "path": "properties.siteConfig.minTlsVersion", - "equals": "1.2" + "in": ["1.2", "1.3"] } ] }