Skip to content

[ BUG] Fix false-positive on Azure storage "no public access" check for Selected networks#3029

Merged
tofikwest merged 2 commits into
mainfrom
chas/azure-public-access-check
Jun 4, 2026
Merged

[ BUG] Fix false-positive on Azure storage "no public access" check for Selected networks#3029
tofikwest merged 2 commits into
mainfrom
chas/azure-public-access-check

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented Jun 4, 2026
edited by cubic-dev-ai Bot
Loading

This is an automated pull request to merge chas/azure-public-access-check into dev.
It was created by the [Auto Pull Request] action.

Summary by cubic

Fixes the Azure Storage public access check to treat “Selected networks” (publicNetworkAccess=Enabled + networkAcls.defaultAction=Deny) as not public, preventing false positives. Adds tests and updates remediation and evidence.

  • Bug Fixes
    • Logic now passes when firewall default action is Deny, and fails (medium) only when public network access is effectively open (default action Allow).
    • Remediation advises setting networkAcls.defaultAction to Deny; evidence now includes networkDefaultAction. Tests cover both pass and fail scenarios.

Written for commit 35a7bbf. Summary will update on new commits.

Review in cubic

@vercel
Copy link
Copy Markdown

vercel Bot commented Jun 4, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
app Ready Ready Preview, Comment Jun 4, 2026 6:55pm
comp-framework-editor Ready Ready Preview, Comment Jun 4, 2026 6:55pm
1 Skipped Deployment
Project Deployment Actions Updated (UTC)
portal Skipped Skipped Jun 4, 2026 6:55pm

Request Review

cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed Jun 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Confidence score: 5/5

  • Automated review surfaced no issues in the provided summaries.
  • No files require special attention.

Re-trigger cubic

@chasprowebdev chasprowebdev changed the title [dev] [chasprowebdev] chas/azure-public-access-check [ BUG] Fix false-positive on Azure storage "no public access" check for Selected networks Jun 4, 2026
@vercel vercel Bot temporarily deployed to Preview – portal June 4, 2026 18:50 Inactive
@tofikwest tofikwest merged commit 561b03d into main Jun 4, 2026
11 checks passed
@tofikwest tofikwest deleted the chas/azure-public-access-check branch June 4, 2026 18:55
@claudfuen
Copy link
Copy Markdown
Contributor

claudfuen commented Jun 4, 2026

🎉 This PR is included in version 3.70.2 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@tofikwest tofikwest Awaiting requested review from tofikwest

@Marfuen Marfuen Awaiting requested review from Marfuen

Assignees

No one assigned

Labels

automated-pr released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@claudfuen @tofikwest @chasprowebdev