azure-appservice-tls-latest-version-missing: Azure App Service TLS Latest Version Not Configured

id: azure-appservice-tls-latest-version-missing
info:
  name: Azure App Service TLS Latest Version Not Configured
  author: princechaddha
  severity: medium
  description: |
    Ensure that all Microsoft Azure App Service web applications are using the latest version of TLS encryption protocol to secure the applications traffic over the Internet and comply with the industry standards. This check verifies if the minimum TLS version configured is not "1.2", indicating that the latest version of TLS is not used.
  impact: |
    Using an outdated TLS version can expose the application to security vulnerabilities and non-compliance with industry standards.
  remediation: |
    Configure the minimum TLS version to "1.2" in the Azure App Service settings to ensure data is encrypted with the latest security standards.
  reference:
    - https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-bindings#enforce-https
  tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config

flow: |
  code(1);
  for (let appData of iterate(template.appList)) {
    appData = JSON.parse(appData);
    set("id", appData.id);
    code(2);
  }

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      az webapp list --output json --query '[*].{id:id}'

    extractors:
      - type: json
        name: appList
        internal: true
        json:
          - '.[]'

  - engine:
      - sh
      - bash
    source: |
      az webapp config show --ids $id --query 'minTlsVersion' --output json

    matchers:
      - type: word
        words:
          - "1.2"
        negative: true

    extractors:
      - type: dsl
        dsl:
          - 'id + " does not have the latest TLS version configured"'
# digest: 4a0a0047304502206a8f7d5ace61664435da4a71433913e520f5ad3007b68bb248d425e8f5c2d7ee022100ba22fba1b1d3c62be7fa3adb962ec8ca9752350d5005b3d9a59375ccef6e2c3d:922c64590222798bb761d5b6d8e72950