fix(arm): CKV_AZURE_56 just for authsettingsV2 name (#6557)

* CKV_AZURE_56 just for authsettingsV2 name * fixes
bridgecrewio · Jul 11, 2024 · e025a04 · e025a04
1 parent 9e00344
commit e025a04
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 17 deletions.
diff --git a/checkov/arm/checks/resource/FunctionAppsEnableAuthentication.py b/checkov/arm/checks/resource/FunctionAppsEnableAuthentication.py
@@ -1,23 +1,32 @@
-from checkov.arm.base_resource_value_check import BaseResourceValueCheck
-from checkov.common.models.enums import CheckCategories
+from __future__ import annotations
 
+from typing import Any
 
-class FunctionAppsEnableAuthentication(BaseResourceValueCheck):
+from checkov.arm.base_resource_check import BaseResourceCheck
+from checkov.common.models.enums import CheckCategories, CheckResult
+
+
+class FunctionAppsEnableAuthentication(BaseResourceCheck):
 
     def __init__(self) -> None:
         name = "Ensure that function apps enables Authentication"
         id = "CKV_AZURE_56"
         supported_resources = ("Microsoft.Web/sites/config",)
         categories = (CheckCategories.GENERAL_SECURITY,)
-        super().__init__(name=name,
-                         id=id,
-                         categories=categories,
-                         supported_resources=supported_resources,
+        super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources,)
 
-                         )
+    def scan_resource_conf(self, conf: dict[str, Any]) -> CheckResult:
+        if conf.get('name', '') != 'authsettingsV2':
+            return CheckResult.PASSED
 
-    def get_inspected_key(self) -> str:
-        return 'properties/platform/enabled'
+        properties = conf.get('properties', {})
+        if properties and isinstance(properties, dict):
+            platform = properties.get('platform', {})
+            if platform and isinstance(properties, dict):
+                enabled = platform.get('enabled', False)
+                if enabled:
+                    return CheckResult.PASSED
+        return CheckResult.FAILED
 
 
 check = FunctionAppsEnableAuthentication()
diff --git a/tests/arm/checks/resource/example_FunctionAppsEnableAuthentication/fail.json b/tests/arm/checks/resource/example_FunctionAppsEnableAuthentication/fail.json
@@ -5,7 +5,7 @@
     {
       "type": "Microsoft.Web/sites/config",
       "apiVersion": "2021-02-01",
-      "name": "fail",
+      "name": "authsettingsV2",
       "properties": {
         "httpSettings": {
           "forwardProxy": {

diff --git a/tests/arm/checks/resource/example_FunctionAppsEnableAuthentication/fail2.json b/tests/arm/checks/resource/example_FunctionAppsEnableAuthentication/fail2.json
@@ -5,7 +5,7 @@
     {
       "type": "Microsoft.Web/sites/config",
       "apiVersion": "2021-02-01",
-      "name": "fail2",
+      "name": "authsettingsV2",
       "properties": {
         "httpSettings": {
           "forwardProxy": {

diff --git a/tests/arm/checks/resource/example_FunctionAppsEnableAuthentication/pass.json b/tests/arm/checks/resource/example_FunctionAppsEnableAuthentication/pass.json
@@ -5,7 +5,7 @@
     {
       "type": "Microsoft.Web/sites/config",
       "apiVersion": "2021-02-01",
-      "name": "pass",
+      "name": "authsettingsV2",
       "properties": {
         "httpSettings": {
           "forwardProxy": {

diff --git a/tests/arm/checks/resource/example_FunctionAppsEnableAuthentication/pass2.json b/tests/arm/checks/resource/example_FunctionAppsEnableAuthentication/pass2.json
@@ -0,0 +1,18 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "resources": [
+    {
+      "type": "Microsoft.Web/sites/config",
+      "apiVersion": "2021-02-01",
+      "name": "pass",
+      "properties": {
+        "httpSettings": {
+          "forwardProxy": {
+            "convention": "Custom"
+          }
+        }
+      }
+    }
+  ]
+}
diff --git a/tests/arm/checks/resource/test_FunctionAppsEnableAuthentication.py b/tests/arm/checks/resource/test_FunctionAppsEnableAuthentication.py
@@ -20,17 +20,18 @@ def test_summary(self):
 
         passing_resources = {
             "Microsoft.Web/sites/config.pass",
+            "Microsoft.Web/sites/config.authsettingsV2"
         }
         failing_resources = {
-            "Microsoft.Web/sites/config.fail",
-            "Microsoft.Web/sites/config.fail2",
+            "Microsoft.Web/sites/config.authsettingsV2",
+            "Microsoft.Web/sites/config.authsettingsV2"
         }
 
         passed_check_resources = {c.resource for c in report.passed_checks}
         failed_check_resources = {c.resource for c in report.failed_checks}
 
-        self.assertEqual(summary["passed"], len(passing_resources))
-        self.assertEqual(summary["failed"], len(failing_resources))
+        self.assertEqual(summary["passed"], 2)
+        self.assertEqual(summary["failed"], 2)
         self.assertEqual(summary["skipped"], 0)
         self.assertEqual(summary["parsing_errors"], 0)