Skip to content

Commit 38690c6

Browse files
jsonprjsonpr
authored
fix: Update Azure Storage Queries (#5908)
Update 2 Azure Storage Queries to reflect new Azure Tables
1 parent 3fe06fb commit 38690c6

2 files changed

Lines changed: 12 additions & 8 deletions

File tree

plugins/source/azure/policies/queries/storage/accounts_with_unrestricted_access.sql

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,12 @@ SELECT
44
:'framework',
55
:'check_id',
66
'Storage accounts should restrict network access',
7-
subscription_id,
8-
id,
7+
az_sub.subscription_id,
8+
az_stor.id,
99
case
10-
when network_acls->>'defaultAction' IS DISTINCT FROM 'Deny'
10+
when az_stor.properties -> 'networkAcls' ->>'defaultAction' IS DISTINCT FROM 'Deny'
1111
then 'fail' else 'pass'
1212
end
13-
FROM azure_storage_accounts
13+
FROM azure_storage_accounts as az_stor
14+
LEFT JOIN azure_subscription_subscriptions as az_sub
15+
ON az_sub.subscription_id = SUBSTRING(az_stor.id,16,36)

plugins/source/azure/policies/queries/storage/secure_transfer_to_storage_accounts_should_be_enabled.sql

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,12 @@ SELECT
44
:'framework',
55
:'check_id',
66
'Secure transfer to storage accounts should be enabled',
7-
subscription_id,
8-
id,
7+
az_sub.subscription_id,
8+
az_stor.id,
99
case
10-
when supports_https_traffic_only IS NOT TRUE
10+
when az_stor.properties ->> 'supportsHttpsTrafficOnly' IS DISTINCT FROM 'true'
1111
then 'fail' else 'pass'
1212
end
13-
FROM azure_storage_accounts
13+
FROM azure_storage_accounts as az_stor
14+
LEFT JOIN azure_subscription_subscriptions as az_sub
15+
ON az_sub.subscription_id = SUBSTRING(az_stor.id,16,36)

0 commit comments

Comments
 (0)