From c8d5ab7690b63a0af14d648eacabc62b868fdfe9 Mon Sep 17 00:00:00 2001
From: Nikita Pivkin <nikita.pivkin@smartforce.io>
Date: Wed, 19 Nov 2025 08:03:10 +0600
Subject: [PATCH] feat(misconf): support https_traffic_only_enabled in Az
 storage account (#9784)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
---
 pkg/iac/adapters/terraform/azure/storage/adapt.go |  6 ++++--
 pkg/iac/terraform/block.go                        | 12 ++++++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/pkg/iac/adapters/terraform/azure/storage/adapt.go b/pkg/iac/adapters/terraform/azure/storage/adapt.go
index 91852a4fb2..6e66c34d16 100644
--- a/pkg/iac/adapters/terraform/azure/storage/adapt.go
+++ b/pkg/iac/adapters/terraform/azure/storage/adapt.go
@@ -176,8 +176,10 @@ func adaptAccount(resource *terraform.Block) storage.Account {
 		account.NetworkRules = append(account.NetworkRules, adaptNetworkRule(networkBlock))
 	}
 
-	httpsOnlyAttr := resource.GetAttribute("enable_https_traffic_only")
-	account.EnforceHTTPS = httpsOnlyAttr.AsBoolValueOrDefault(true, resource)
+	account.EnforceHTTPS = resource.GetFirstAttributeOf(
+		"enable_https_traffic_only",
+		"https_traffic_only_enabled", // provider above version 4
+	).AsBoolValueOrDefault(true, resource)
 
 	// Adapt blob properties
 	blobPropertiesBlock := resource.GetBlock("blob_properties")
diff --git a/pkg/iac/terraform/block.go b/pkg/iac/terraform/block.go
index a1bc3e7fd3..33dfd391a5 100644
--- a/pkg/iac/terraform/block.go
+++ b/pkg/iac/terraform/block.go
@@ -16,6 +16,7 @@ import (
 
 	"github.com/aquasecurity/trivy/pkg/iac/terraform/context"
 	iacTypes "github.com/aquasecurity/trivy/pkg/iac/types"
+	"github.com/aquasecurity/trivy/pkg/set"
 )
 
 type Block struct {
@@ -303,11 +304,18 @@ func (b *Block) GetAttributes() []*Attribute {
 }
 
 func (b *Block) GetAttribute(name string) *Attribute {
-	if b == nil || b.hclBlock == nil {
+	return b.GetFirstAttributeOf(name)
+}
+
+func (b *Block) GetFirstAttributeOf(names ...string) *Attribute {
+	if b == nil || b.hclBlock == nil || len(names) == 0 {
 		return nil
 	}
+
+	nameSet := set.New(names...)
+
 	for _, attr := range b.attributes {
-		if attr.Name() == name {
+		if ok := nameSet.Contains(attr.Name()); ok {
 			return attr
 		}
 	}