Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Data/ Encryption in Transit
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-ControlsCSA-CCMGDPRHIPAAISO-27001NIST-800-53PCI-DSSSOC-2
- Snyk IDSNYK-CC-00601
- creditSnyk Research Team
Description
Azure Storage shared access signature does not enforce HTTPS only and can be exposed on non-encrypted channels.
How to fix?
Set properties.supportsHttpsTrafficOnly attribute to true.
Set the https_only attribute to the value true.
Example configuration:
data "azurerm_storage_account_sas" "allow1" {
connection_string = azurerm_storage_account.examplesa.primary_connection_string
https_only = true
signed_version = "2017-07-29"
resource_types {
service = true
container = false
object = false
}
services {
blob = true
queue = false
table = false
file = false
}
start = "2018-03-21T00:00:00Z"
expiry = "2020-03-21T00:00:00Z"
permissions {
read = true
write = true
delete = false
list = false
add = true
create = true
update = false
process = false
tag = true
filter = true
}
}