Fixing issue #169

internal/scanners/logic/rules.go

@@ -49,19 +49,21 @@ func (a *LogicAppScanner) GetRules() map[string]scanners.AzureRule {
 				service := target.(*armlogic.Workflow)
 				http := false
 				if service.Properties.Definition != nil {
-					triggers := service.Properties.Definition.(map[string]interface{})["triggers"].(map[string]interface{})
-					for _, t := range triggers {
-						trigger := t.(map[string]interface{})
-						if trigger["type"] == "Request" && trigger["kind"] == "Http" {
-							http = true
-							break
-						}	
+					triggers, ok := service.Properties.Definition.(map[string]interface{})["triggers"]
+					if ok {
+						for _, t := range triggers.(map[string]interface{}) {
+							trigger := t.(map[string]interface{})
+							if trigger["type"] == "Request" && trigger["kind"] == "Http" {
+								http = true
+								break
+							}
+						}
 					}
 				}
 
 				broken := http
 
-				if http && service.Properties.AccessControl != nil && service.Properties.AccessControl.Triggers == nil {
+				if http && service.Properties.AccessControl != nil && service.Properties.AccessControl.Triggers != nil {
 					broken = len(service.Properties.AccessControl.Triggers.AllowedCallerIPAddresses) == 0
 				}
 				return broken, ""

internal/scanners/logic/rules_test.go

@@ -46,12 +46,37 @@ func TestLogicAppScanner_Rules(t *testing.T) {
 			},
 		},
 		{
-			name: "LogicAppScanner Limit Http Triggers",
+			name: "LogicAppScanner No Http Triggers",
+			fields: fields{
+				rule: "logic-004",
+				target: &armlogic.Workflow{
+					ID: ref.Of("test"),
+					Properties: &armlogic.WorkflowProperties{
+						Definition: map[string]interface{}{},
+					},
+				},
+				scanContext: &scanners.ScanContext{},
+			},
+			want: want{
+				broken: false,
+				result: "",
+			},
+		},
+		{
+			name: "LogicAppScanner Limit Http Triggers without access control",
 			fields: fields{
 				rule: "logic-004",
 				target: &armlogic.Workflow{
 					ID: ref.Of("test"),
 					Properties: &armlogic.WorkflowProperties{
+						Definition: map[string]interface{}{
+							"triggers": map[string]interface{}{
+								"trigger1": map[string]interface{}{
+									"type": "Request",
+									"kind": "Http",
+								},
+							},
+						},
 						AccessControl: &armlogic.FlowAccessControlConfiguration{
 							Triggers: &armlogic.FlowAccessControlConfigurationPolicy{
 								AllowedCallerIPAddresses: []*armlogic.IPAddressRange{},
@@ -61,6 +86,39 @@ func TestLogicAppScanner_Rules(t *testing.T) {
 				},
 				scanContext: &scanners.ScanContext{},
 			},
+			want: want{
+				broken: true,
+				result: "",
+			},
+		},
+		{
+			name: "LogicAppScanner Limit Http Triggers",
+			fields: fields{
+				rule: "logic-004",
+				target: &armlogic.Workflow{
+					ID: ref.Of("test"),
+					Properties: &armlogic.WorkflowProperties{
+						Definition: map[string]interface{}{
+							"triggers": map[string]interface{}{
+								"trigger1": map[string]interface{}{
+									"type": "Request",
+									"kind": "Http",
+								},
+							},
+						},
+						AccessControl: &armlogic.FlowAccessControlConfiguration{
+							Triggers: &armlogic.FlowAccessControlConfigurationPolicy{
+								AllowedCallerIPAddresses: []*armlogic.IPAddressRange{
+									{
+										AddressRange : ref.Of("127.0.0.1/32"),
+									},
+								},
+							},
+						},
+					},
+				},
+				scanContext: &scanners.ScanContext{},
+			},
 			want: want{
 				broken: false,
 				result: "",