Add initial deployment configuration files for Azure web app

azure.yaml

@@ -0,0 +1,5 @@
+name: webapp01
+metadata:
+  template: webapp01
+  description: Deployment configuration for webapp01      
+

infra/main.bicep

@@ -0,0 +1,44 @@
+// Bicep file to deploy a containerized web app to Azure
+
+@description('The name of the Azure Container Registry')
+param acrName string
+
+@description('The SKU of the Azure Container Registry')
+param acrSku string = 'Basic'
+
+@description('The name of the App Service Plan')
+param appServicePlanName string
+
+@description('The name of the Web App')
+param webAppName string
+
+@description('The location for all resources')
+param location string
+
+@description('The container image to deploy')
+param containerImage string
+
+@description('The name of the Resource Group')
+param resourceGroupName string = 'rg-webapp01-dev'
+
+// Create the resource group at the subscription level
+targetScope = 'subscription'
+
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+// Deploy resources within the resource group
+module resourcesInRG './resources.bicep' = {
+  name: 'deployResourcesInRG'
+  scope: resourceGroup
+  params: {
+    acrName: acrName
+    acrSku: acrSku
+    appServicePlanName: appServicePlanName
+    webAppName: webAppName
+    location: location
+    containerImage: containerImage
+  }
+}

infra/main.parameters.json

@@ -0,0 +1,27 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "acrName": {
+      "value": "acrwebapp01dev"
+    },
+    "acrSku": {
+      "value": "Basic"
+    },
+    "appServicePlanName": {
+      "value": "aspwebapp01dev"
+    },
+    "webAppName": {
+      "value": "webapp01dev"
+    },
+    "location": {
+      "value": "canadacentral"
+    },
+    "containerImage": {
+      "value": "acrwebapp01dev.azurecr.io/webapp01:latest"
+    },
+    "resourceGroupName": {
+      "value": "rg-webapp01-dev"
+    }
+  }
+}

infra/resources.bicep

@@ -0,0 +1,82 @@
+@description('The name of the Azure Container Registry')
+param acrName string
+
+@description('The SKU of the Azure Container Registry')
+param acrSku string
+
+@description('The name of the App Service Plan')
+param appServicePlanName string
+
+@description('The name of the Web App')
+param webAppName string
+
+@description('The location for all resources')
+param location string
+
+@description('The container image to deploy')
+param containerImage string
+
+// Deploy the Azure Container Registry
+resource acr 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = {
+  name: acrName
+  location: location
+  sku: {
+    name: acrSku
+  }
+  properties: {
+    adminUserEnabled: true
+  }
+}
+
+// Deploy the App Service Plan
+resource appServicePlan 'Microsoft.Web/serverfarms@2024-04-01' = {
+  name: appServicePlanName
+  location: location
+  sku: {
+    name: 'S1'
+    tier: 'Standard'
+  }
+  properties: {
+    reserved: true // Indicates Linux
+  }
+}
+
+// Deploy the Web App
+resource webApp 'Microsoft.Web/sites@2024-04-01' = {
+  name: webAppName
+  location: location
+  identity: {
+    type: 'SystemAssigned'
+  }
+  tags: {
+    'azd-service-name': webAppName
+  }
+  properties: {
+    serverFarmId: appServicePlan.id
+    siteConfig: {
+      appSettings: [
+        {
+          name: 'DOCKER_REGISTRY_SERVER_URL'
+          value: 'https://${acr.name}.azurecr.io'
+        }
+        {
+          name: 'DOCKER_REGISTRY_SERVER_USERNAME'
+          value: acr.properties.loginServer
+        }
+        {
+          name: 'DOCKER_REGISTRY_SERVER_PASSWORD'
+          value: acr.listCredentials().passwords[0].value
+        }
+        {
+          name: 'WEBSITES_ENABLE_APP_SERVICE_STORAGE'
+          value: 'false'
+        }
+        {
+          name: 'DOCKER_CUSTOM_IMAGE_NAME'
+          value: containerImage
+        }
+      ]
+      linuxFxVersion: 'DOCKER|${containerImage}' // Specify the container image
+    }
+  }
+}

samples/Dockerfile

@@ -0,0 +1,2 @@
+FROM alpine:3.14.0
+RUN echo "testuser:x:10999:10999:,,,:/home/testuser:/bin/bash" >> /etc/passwd && echo "testuser::18761:0:99999:7:::" >> /etc/shadow

samples/insecure.js

@@ -0,0 +1,2 @@
+let injection = "Hello, security vulnerabilities!";
+eval(`console.log(\"${injection}\");`);

samples/insecure.py

@@ -0,0 +1,26 @@
+# Commented out sample to pass  scanning 
+#
+#import hashlib
+# print("I am very insecure. Bandit thinks so too.")
+# #B110
+# xs=[1,2,3,4,5,6,7,8]
+# try:
+#     print(xs[7])
+#     print(xs[8])
+# except: pass
+
+# ys=[1, 2, None, None]
+# for y in ys:
+#     try:
+#         print(str(y+3)) #TypeErrors ahead
+#     except: continue #not how to handle them
+
+# #some imports
+# import telnetlib
+# import ftplib
+
+# #B303 and B324
+# s = b"I am a string"
+# print("MD5: " +hashlib.md5(s).hexdigest())
+# print("SHA1: " +hashlib.sha1(s).hexdigest())
+# print("SHA256: " +hashlib.sha256(s).hexdigest())