feat(arm): AppServicePythonVersion - 82 check the 'python version' is…

… the latest, if used to run the web app (#6282) * check the python version when run the web app * check the python version when run the web app update version to 3.10 * change the python_version between 3.9 - 3.12 * change the python_version between 3.9 - 3.12 --------- Co-authored-by: Rachel <[email protected]>
bridgecrewio · Jun 1, 2024 · 7206910 · 7206910
1 parent 55743cb
commit 7206910
Show file tree

Hide file tree

Showing 5 changed files with 1,210 additions and 0 deletions.
diff --git a/checkov/arm/checks/resource/AppServicePythonVersion.py b/checkov/arm/checks/resource/AppServicePythonVersion.py
@@ -0,0 +1,28 @@
+from typing import List, Any
+
+from checkov.arm.base_resource_value_check import BaseResourceValueCheck
+from checkov.common.models.enums import CheckCategories, CheckResult
+
+
+class AppServicePythonVersion(BaseResourceValueCheck):
+
+    def __init__(self) -> None:
+        name = "Ensure that 'Python version' is the latest, if used to run the web app"
+        id = "CKV_AZURE_82"
+        supported_resources = ("Microsoft.Web/sites",)
+        categories = (CheckCategories.GENERAL_SECURITY,)
+        super().__init__(
+            name=name,
+            id=id,
+            categories=categories,
+            supported_resources=supported_resources,
+            missing_block_result=CheckResult.UNKNOWN)
+
+    def get_inspected_key(self) -> str:
+        return "properties/siteConfig/pythonVersion"
+
+    def get_expected_values(self) -> List[Any]:
+        return ["3.9", "3.10", "3.11", "3.12"]
+
+
+check = AppServicePythonVersion()