fix(terraform): Update FunctionAppsAccessibleOverHttps (#7084)

lirshindalman · web-flow · commit 1aefaa4867a4 · 2025-04-07T16:25:48.000+03:00
* fix_CKV_AZURE_70

* add test

* add test

* add test
diff --git a/checkov/terraform/checks/resource/azure/FunctionAppsAccessibleOverHttps.py b/checkov/terraform/checks/resource/azure/FunctionAppsAccessibleOverHttps.py
@@ -32,7 +32,7 @@ def scan_resource_conf(self, conf: dict[str, list[Any]]) -> CheckResult:
             auth_settings_v2 = conf['auth_settings_v2'][0]
 
             # default=true for require_https
-            if 'require_https' not in auth_settings_v2.keys():
+            if 'require_https' not in auth_settings_v2:
                 return CheckResult.PASSED
 
             require_https = auth_settings_v2.get('require_https')[0]
diff --git a/tests/terraform/checks/resource/azure/example_FunctionAppAccessibleOverHttps_tfplan/example_fua_for_fail_ckv_azure_70.tf b/tests/terraform/checks/resource/azure/example_FunctionAppAccessibleOverHttps_tfplan/example_fua_for_fail_ckv_azure_70.tf
@@ -0,0 +1,50 @@
+provider "azurerm" {
+  features {}
+}
+
+variable "resource_group_name" {
+  description = "resource_group_name"
+  type = string
+  default = "rg-wwe-ictd-cyselab"
+}
+
+variable "location" {
+  description = "Azure location name"
+  type = string
+  default = "westeurope"
+}
+
+resource "azurerm_storage_account" "example" {
+  name                     = "examplestorageacc"
+  resource_group_name      = var.resource_group_name
+  location                 = var.location
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+}
+
+resource "azurerm_app_service_plan" "example" {
+  name                = "example-appserviceplan"
+  location            = var.location
+  resource_group_name = var.resource_group_name
+  sku {
+    tier = "Dynamic"
+    size = "Y1"
+  }
+}
+
+resource "azurerm_linux_function_app" "example" {
+  name                      = "example-linux-functionapp"
+  location                  = var.location
+  resource_group_name       = var.resource_group_name
+  service_plan_id           = azurerm_app_service_plan.example.id
+  storage_account_name      = azurerm_storage_account.example.name
+  storage_account_access_key = azurerm_storage_account.example.primary_access_key
+  site_config {
+    https_only = true
+    
+  }
+}
+
+output "function_app_endpoint" {
+  value = azurerm_linux_function_app.example.default_hostname
+}
diff --git a/tests/terraform/checks/resource/azure/test_FunctionAppsAccessibleOverHttps.py b/tests/terraform/checks/resource/azure/test_FunctionAppsAccessibleOverHttps.py
@@ -45,6 +45,14 @@ def test(self):
         self.assertEqual(passing_resources, passed_check_resources)
         self.assertEqual(failing_resources, failed_check_resources)
 
+    def test_tf_plan(self):
+        test_files_dir = Path(__file__).parent / "example_FunctionAppAccessibleOverHttps_tfplan"
+
+        report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id]))
+        summary = report.get_summary()
+
+        self.assertEqual(summary["failed"], 1)
+        self.assertEqual(report.failed_checks[0].check_id, 'CKV_AZURE_70')
 
 
 if __name__ == '__main__':
