54 lines
1.7 KiB
YAML
54 lines
1.7 KiB
YAML
id: azure-appservice-auth-disabled
|
|
info:
|
|
name: Azure App Service Authentication Not Enabled
|
|
author: princechaddha
|
|
severity: medium
|
|
description: |
|
|
Ensure that App Service Authentication feature is enabled for Microsoft Azure App Service to add an extra layer of security to the authentication process implemented by your web applications.
|
|
impact: |
|
|
Disabling App Service Authentication can expose the application to unauthorized access and potential security vulnerabilities.
|
|
remediation: |
|
|
Enable the App Service Authentication feature for Azure App Services to ensure an additional layer of security for your web applications.
|
|
reference:
|
|
- https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization
|
|
tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config
|
|
|
|
flow: |
|
|
code(1);
|
|
for (let WebAppData of iterate(template.webAppList)) {
|
|
WebAppData = JSON.parse(WebAppData);
|
|
set("id", WebAppData.id);
|
|
code(2);
|
|
}
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
az webapp list --output json --query '[*].{id:id}'
|
|
|
|
extractors:
|
|
- type: json
|
|
name: webAppList
|
|
internal: true
|
|
json:
|
|
- '.[]'
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
az webapp auth show --ids "$id" --query 'enabled' --output json
|
|
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "false"
|
|
|
|
extractors:
|
|
- type: dsl
|
|
dsl:
|
|
- 'id + " does not have App Service Authentication enabled"'
|
|
# digest: 4a0a0047304502204048652cd8622af797aa47ed031f15d9250605f98108e39d10496d097e5e7810022100d19536e8b73129839dd1a0c3454a958c8ab212ddfd0d6006687fc7eeb65591a9:922c64590222798bb761d5b6d8e72950 |