feat(arm): add AppServiceJavaVersion (#6258)

* onceTime

* twoTime

* threeTime

* add type of function(None)

* add type of function(None)

* add type of function(None)

* add type of function(None)2

* add type of function(None)5

* add type of function(None)6

* change the under score

* change between any and str

checkov/arm/checks/resource/AppServiceJavaVersion.py

@@ -0,0 +1,22 @@
+from typing import Any
+from checkov.common.models.enums import CheckResult, CheckCategories
+from checkov.arm.base_resource_value_check import BaseResourceValueCheck
+
+
+class AppServiceJavaVersion(BaseResourceValueCheck):
+ def __init__(self) -> None:
+ name = "Ensure that 'Java version' is the latest, if used to run the web app"
+ id = "CKV_AZURE_83"
+ supported_resources = ('Microsoft.Web/sites',)
+ categories = (CheckCategories.GENERAL_SECURITY,)
+ super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources,
+ missing_block_result=CheckResult.UNKNOWN)
+
+ def get_inspected_key(self) -> str:
+ return "siteConfig/javaVersion"
+
+ def get_expected_value(self) -> Any:
+ return '17'
+
+
+check = AppServiceJavaVersion()

tests/arm/checks/resource/example_AppServiceJavaVersion/fail.json

@@ -0,0 +1,21 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": [
+ {
+ "type": "Microsoft.Web/sites",
+ "apiVersion": "2021-02-01",
+ "name": "fail",
+ "properties": {
+ "publisherEmail": "[parameters('adminEmail')]",
+ "publisherName": "[parameters('organizationName')]",
+ "customProperties": "[parameters('customProperties')]"
+ },
+ "siteConfig": {
+ "javaVersion": "13"
+ },
+ "resources": [],
+ "dependsOn": []
+ }
+ ]
+}

tests/arm/checks/resource/example_AppServiceJavaVersion/pass.json

@@ -0,0 +1,21 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": [
+ {
+ "type": "Microsoft.Web/sites",
+ "apiVersion": "2021-02-01",
+ "name": "pass",
+ "properties": {
+ "publisherEmail": "[parameters('adminEmail')]",
+ "publisherName": "[parameters('organizationName')]",
+ "customProperties": "[parameters('customProperties')]"
+ },
+ "siteConfig": {
+ "javaVersion": "17"
+ },
+ "resources": [],
+ "dependsOn": []
+ }
+ ]
+}

tests/arm/checks/resource/test_AppServiceJavaVersion.py

@@ -0,0 +1,41 @@
+import os
+import unittest
+
+from checkov.runner_filter import RunnerFilter
+from checkov.arm.runner import Runner
+from checkov.arm.checks.resource.AppServiceJavaVersion import check
+
+
+class TestAppServiceJavaVersion(unittest.TestCase):
+
+ def test(self):
+ runner = Runner()
+ current_dir = os.path.dirname(os.path.realpath(__file__))
+
+ test_files_dir = os.path.join(current_dir, "example_AppServiceJavaVersion")
+ report = runner.run(root_folder=test_files_dir,
+ runner_filter=RunnerFilter(checks=[check.id]))
+ summary = report.get_summary()
+
+ passing_resources = {
+ 'Microsoft.Web/sites.pass',
+ }
+ failing_resources = {
+ 'Microsoft.Web/sites.fail',
+ }
+ skipped_resources = {}
+
+ passed_check_resources = set([c.resource for c in report.passed_checks])
+ failed_check_resources = set([c.resource for c in report.failed_checks])
+
+ self.assertEqual(summary['passed'], len(passing_resources))
+ self.assertEqual(summary['failed'], len(failing_resources))
+ self.assertEqual(summary['skipped'], len(skipped_resources))
+ self.assertEqual(summary['parsing_errors'], 0)
+
+ self.assertEqual(passing_resources, passed_check_resources)
+ self.assertEqual(failing_resources, failed_check_resources)
+
+
+if __name__ == '__main__':
+ unittest.main()