id: azure-appservice-remote-debugging-enabled
info:
  name: Azure App Service Remote Debugging Enabled
  author: princechaddha
  severity: high
  description: |
    Ensure that your Azure App Services web applications have remote debugging disabled in order to enhance security and protect the applications from unauthorized access. Remote Debugging feature is available for web applications (e.g. ASP.NET, ASP.NET Core, Node.js, Python).
  impact: |
    Enabling remote debugging can expose web applications to unauthorized access and potential security vulnerabilities.
  remediation: |
    Disable remote debugging for Azure App Services web applications through the Azure portal or using Azure CLI commands to enhance application security.
  reference:
    - https://docs.microsoft.com/en-us/azure/app-service/troubleshoot-remote-debug
  tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config

flow: |
  code(1);
  for (let WebAppData of iterate(template.webAppList)) {
    set("ids", WebAppData);
    code(2);
  }

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      az webapp list --query '[*].{id:id}' --output json

    extractors:
      - type: json
        name: webAppList
        internal: true
        json:
          - '.[].[]'

  - engine:
      - sh
      - bash
    source: |
      az webapp config show --ids $ids --query 'remoteDebuggingEnabled' --output json

    matchers:
      - type: word
        words:
          - "true"

    extractors:
      - type: dsl
        dsl:
          - 'id + " has remote debugging enabled."'
# digest: 4a0a0047304502210082df58784ec583fd9e5569f26bfaf1c19c284326e0352cc3c6f2808d1ea04611022027c17f8b9b6ae7df0b69beec4b65261cfd73dd67404917e61b9fdb6733b4d4da:922c64590222798bb761d5b6d8e72950