Skip to content

Create rule S7001: Detect Azure App Service Secrets APPSEC-1846 #4037

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jul 29, 2024
Merged

Create rule S7001: Detect Azure App Service Secrets APPSEC-1846 #4037

merged 6 commits into from
Jul 29, 2024

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Jul 4, 2024

You can preview this rule here (updated a few minutes after each push).

Review

A dedicated reviewer checked the rule description successfully for:

  • logical errors and incorrect information
  • information gaps and missing content
  • text style and tone
  • PR summary and labels follow the guidelines

@loris-s-sonarsource loris-s-sonarsource changed the title Create rule S7001 Create rule S7001: Detect Azure App Service Secrets APPSEC-1846 Jul 5, 2024
@sonarqube-next SonarQube-Next
Copy link

sonarqube-next bot commented Jul 5, 2024

Quality Gate passed Quality Gate passed for 'rspec-frontend'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@sonarqube-next SonarQube-Next
Copy link

sonarqube-next bot commented Jul 5, 2024

Quality Gate passed Quality Gate passed for 'rspec-tools'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@loris-s-sonarsource loris-s-sonarsource marked this pull request as ready for review July 8, 2024 13:40
hendrik-buchwald-sonarsource
hendrik-buchwald-sonarsource suggested changes Jul 11, 2024
View reviewed changes
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few small things, see comments.

loris-s-sonarsource
loris-s-sonarsource reviewed Jul 12, 2024
View reviewed changes
loris-s-sonarsource
loris-s-sonarsource reviewed Jul 12, 2024
View reviewed changes
loris-s-sonarsource
loris-s-sonarsource reviewed Jul 12, 2024
View reviewed changes
hendrik-buchwald-sonarsource
hendrik-buchwald-sonarsource suggested changes Jul 15, 2024
View reviewed changes
@sonarqube-next SonarQube-Next
Copy link

Quality Gate passed Quality Gate passed for 'rspec-frontend'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@sonarqube-next SonarQube-Next
Copy link

Quality Gate passed Quality Gate passed for 'rspec-tools'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

hendrik-buchwald-sonarsource
hendrik-buchwald-sonarsource approved these changes Jul 15, 2024
View reviewed changes
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jamie-anderson-sonarsource jamie-anderson-sonarsource merged commit 68dc61f into master Jul 29, 2024
12 checks passed
@jamie-anderson-sonarsource jamie-anderson-sonarsource deleted the rule/add-RSPEC-S7001 branch July 29, 2024 13:04
marco-antognini-sonarsource
marco-antognini-sonarsource reviewed Aug 14, 2024
View reviewed changes
rules/S7001/secrets/metadata.json
Comment on lines +48 to +50
"STIG ASD 2023-06-08": [
"V-222642"
]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@loris-s-sonarsource @hendrik-buchwald-sonarsource
Hey. I noticed the CI complains about this:

Rule S7001 failed validation for these reasons:
 - Rule secrets:S7001 has invalid metadata in securityStandards: Additional properties are not allowed ('STIG ASD 2023-06-08' was unexpected)

(The CI only runs this check if the rule is modified or if rspec-tools is modified. I'm in the latter case.)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR #4098 modified the name of this metadata section from STIG ASD 2023-06-08 to STIG ASD_V5R3. I think this PR failed to get merged, so was not included in that PR, and then was merged later.

I'll create a PR to update the name of this section.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @jamie-anderson-sonarsource. FYI there is this similar other issue: #4040 (comment)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR #4144 is now merged and it fixes this issue. I'll open another PR for S7003.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, Jamie !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marco-antognini-sonarsource marco-antognini-sonarsource marco-antognini-sonarsource left review comments

@loris-s-sonarsource loris-s-sonarsource loris-s-sonarsource left review comments

@jamie-anderson-sonarsource jamie-anderson-sonarsource jamie-anderson-sonarsource left review comments

@hendrik-buchwald-sonarsource hendrik-buchwald-sonarsource hendrik-buchwald-sonarsource approved these changes

Assignees

@loris-s-sonarsource loris-s-sonarsource

Labels
secrets
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@hendrik-buchwald-sonarsource @marco-antognini-sonarsource @loris-s-sonarsource @jamie-anderson-sonarsource