55 lines
1.9 KiB
YAML
55 lines
1.9 KiB
YAML
id: azure-appservice-entra-id-missing
|
|
info:
|
|
name: Azure App Service Microsoft Entra ID Not Configured
|
|
author: princechaddha
|
|
severity: medium
|
|
description: |
|
|
Ensure that registration with Microsoft Entra ID is enabled for Microsoft Azure App Service web applications so that your applications can connect to other Azure cloud services securely without the need of access credentials such as user names and passwords.
|
|
impact: |
|
|
If the Microsoft Entra ID is not configured, it could prevent secure and simplified access to cloud services, potentially leading to manual management of credentials and increased security risks.
|
|
remediation: |
|
|
Enable the Microsoft Entra ID for Azure App Services to ensure secure connectivity to other Azure services without manual credential handling.
|
|
reference:
|
|
- https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity
|
|
tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config
|
|
|
|
flow: |
|
|
code(1);
|
|
for (let AppServiceData of iterate(template.appServiceList)) {
|
|
AppServiceData = JSON.parse(AppServiceData);
|
|
set("id", AppServiceData.id);
|
|
code(2);
|
|
}
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
az webapp list --output json --query '[*].{id:id}'
|
|
|
|
extractors:
|
|
- type: json
|
|
name: appServiceList
|
|
internal: true
|
|
json:
|
|
- '.[]'
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
az webapp identity show --ids "$ids" --query 'principalId' --output json
|
|
|
|
matchers:
|
|
- type: word
|
|
part: all
|
|
words:
|
|
- ""
|
|
|
|
extractors:
|
|
- type: dsl
|
|
dsl:
|
|
- 'id + " does not have Microsoft Entra ID configured"'
|
|
# digest: 490a0046304402201ad92dcd4d8ceccb590a8024d1918950d43955758ae2ca00997549752018a7c70220152652c4ce7abcc621532e0e7922663cefb76ab95f4bfd5fb009edd72df9da36:922c64590222798bb761d5b6d8e72950 |