53 lines
1.7 KiB
YAML
53 lines
1.7 KiB
YAML
id: azure-appservice-remote-debugging-enabled
|
|
info:
|
|
name: Azure App Service Remote Debugging Enabled
|
|
author: princechaddha
|
|
severity: high
|
|
description: |
|
|
Ensure that your Azure App Services web applications have remote debugging disabled in order to enhance security and protect the applications from unauthorized access. Remote Debugging feature is available for web applications (e.g. ASP.NET, ASP.NET Core, Node.js, Python).
|
|
impact: |
|
|
Enabling remote debugging can expose web applications to unauthorized access and potential security vulnerabilities.
|
|
remediation: |
|
|
Disable remote debugging for Azure App Services web applications through the Azure portal or using Azure CLI commands to enhance application security.
|
|
reference:
|
|
- https://docs.microsoft.com/en-us/azure/app-service/troubleshoot-remote-debug
|
|
tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config
|
|
|
|
flow: |
|
|
code(1);
|
|
for (let WebAppData of iterate(template.webAppList)) {
|
|
set("ids", WebAppData);
|
|
code(2);
|
|
}
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
az webapp list --query '[*].{id:id}' --output json
|
|
|
|
extractors:
|
|
- type: json
|
|
name: webAppList
|
|
internal: true
|
|
json:
|
|
- '.[].[]'
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
az webapp config show --ids $ids --query 'remoteDebuggingEnabled' --output json
|
|
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "true"
|
|
|
|
extractors:
|
|
- type: dsl
|
|
dsl:
|
|
- 'id + " has remote debugging enabled."'
|
|
# digest: 4a0a0047304502210082df58784ec583fd9e5569f26bfaf1c19c284326e0352cc3c6f2808d1ea04611022027c17f8b9b6ae7df0b69beec4b65261cfd73dd67404917e61b9fdb6733b4d4da:922c64590222798bb761d5b6d8e72950 |