feat(arm): add FunctionAppDisallowCORS - password correctness check #6248

unu87 · 2024-05-05T10:54:28Z

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

This code defines an Azure security check to prevent Function Apps from allowing access from all regions by inspecting the CORS configuration.

Fixes # (issue)
The issue can be fixed by explicitly specifying allowed origins instead of using "*" in the CORS configuration.

Description

Include a description of what makes it a violation and any relevant external links.

Fix

How does someone fix the issue in code and/or in runtime?

Checklist:

My code follows the style guidelines of this project
I have performed a self-review of my own code
I have commented my code, particularly in hard-to-understand areas
I have made corresponding changes to the documentation
I have added tests that prove my feature, policy, or fix is effective and works
New and existing tests pass locally with my changes
Any dependent changes have been merged and published in downstream modules

ChanochShayner

Amazing 💯

…nctionAppDisallowCORS

add policy FunctionAppDisallowCORS

e692a97

unu87 requested a deployment to scan-security May 5, 2024 10:54 — with GitHub Actions Waiting

Update FunctionAppDisallowCORS.py

85c8bd3

unu87 requested a deployment to scan-security May 5, 2024 12:10 — with GitHub Actions Waiting

unu87 added 2 commits May 5, 2024 15:29

add policy FunctionAppDisallowCORS

647c236

add policy FunctionAppDisallowCORS

d1b908e

unu87 requested a deployment to scan-security May 5, 2024 12:34 — with GitHub Actions Waiting

ChanochShayner self-requested a review May 5, 2024 19:19

ChanochShayner approved these changes May 5, 2024

View reviewed changes

unu87 added 2 commits May 6, 2024 09:47

add policy FunctionAppDisallowCORS

37e2dc6

fix the lines of the code

785ca2e

unu87 requested a deployment to scan-security May 6, 2024 06:51 — with GitHub Actions Waiting

unu87 requested a deployment to scan-security May 6, 2024 06:53 — with GitHub Actions Waiting

add commit RedisCacheEnableNonSSLPort

c66680b

unu87 requested a deployment to scan-security May 7, 2024 09:44 — with GitHub Actions Waiting

Merge branch 'bridgecrewio:main' into FunctionAppDisallowCORS

5318fc4

unu87 requested a deployment to scan-security May 7, 2024 10:28 — with GitHub Actions Waiting

unu87 added 2 commits May 7, 2024 13:43

fix RedisCacheEnableNonSSLPort

1509d8b

Merge remote-tracking branch 'origin/FunctionAppDisallowCORS' into Fu…

cc32947

…nctionAppDisallowCORS

unu87 temporarily deployed to scan-security May 7, 2024 10:47 — with GitHub Actions Inactive

lirshindalman approved these changes May 8, 2024

View reviewed changes

tsmithv11 approved these changes May 8, 2024

View reviewed changes

Merge branch 'main' into FunctionAppDisallowCORS

8526b05

ChanochShayner temporarily deployed to scan-security May 8, 2024 08:06 — with GitHub Actions Inactive

ChanochShayner merged commit 9b6feb1 into bridgecrewio:main May 19, 2024
41 checks passed

ChanochShayner self-assigned this May 19, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(arm): add FunctionAppDisallowCORS - password correctness check #6248

feat(arm): add FunctionAppDisallowCORS - password correctness check #6248

unu87 commented May 5, 2024

ChanochShayner left a comment

feat(arm): add FunctionAppDisallowCORS - password correctness check #6248

feat(arm): add FunctionAppDisallowCORS - password correctness check #6248

Conversation

unu87 commented May 5, 2024

Description

Description

Fix

Checklist:

ChanochShayner left a comment

Choose a reason for hiding this comment