Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CKV_AZURE_78: false positive for "siteConfig/ftpsState: 'Disabled'" #6441

Open
arnaud-tincelin opened this issue Jun 12, 2024 · 1 comment
Open

CKV_AZURE_78: false positive for "siteConfig/ftpsState: 'Disabled'" #6441

arnaud-tincelin opened this issue Jun 12, 2024 · 1 comment
Labels
checks Check additions or changes good first issue Good for newcomers

Comments

@arnaud-tincelin
Copy link

arnaud-tincelin commented Jun 12, 2024
edited
Loading

Describe the issue

Language: Bicep
Check ID: CKV_AZURE_78

Examples
Extract of my code

resource api 'Microsoft.Web/sites@2022-09-01' = {
  name: name
  location: location
  kind: 'api'

  identity: {
    type: 'SystemAssigned'
  }

  properties: {
    serverFarmId: serverFarmId
    clientAffinityEnabled: false
    clientCertEnabled: false
    httpsOnly: true
    siteConfig: {
      ftpsState: 'Disabled'
     ...
    }
}

I would expect no issue on the FTP feature as it is set to Disabled but I am having

Tool
checkov

Rule ID 
CKV_AZURE_78

Description
Ensure FTP deployments are disabled
Resource: Microsoft.Web/sites.api

Version (please complete the following information):

We are using github action bridgecrewio/checkov-action@v12, so I expect it to use the latest

Additional context

Looking at https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppServiceFTPSState.py,

I am guessing this line

    def get_inspected_key(self) -> str:
        return "siteConfig/ftpsState"

should be

    def get_inspected_key(self) -> str:
        return "properties/siteConfig/ftpsState"
@arnaud-tincelin arnaud-tincelin added the checks Check additions or changes label Jun 12, 2024
@arnaud-tincelin arnaud-tincelin changed the title CKV_AZURE_78: false positive for "Ensure FTP deployments are disabled Resource: Microsoft.Web/sites.api" CKV_AZURE_78: false positive for "siteConfig/ftpsState: 'Disabled'" Jun 12, 2024
@Saarett
Copy link
Contributor

Saarett commented Jun 22, 2024

Hi @arnaud-tincelin , thank you for reaching out.
Seems like an easy fix, would you like to contribute a fix? 🙂

@Saarett Saarett added the good first issue Good for newcomers label Jun 22, 2024
@arnaud-tincelin arnaud-tincelin mentioned this issue Jun 22, 2024
Open
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
checks Check additions or changes good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Saarett @arnaud-tincelin