daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cloud/azure/functions/azure-functionapp-access-ke...

55 lines
2.0 KiB
YAML
Raw Blame History

id: azure-functionapp-access-keys-missing
info:
name: Azure Function Access Keys Configuration
author: princechaddha
severity: high
description: |
To follow Azure cloud security best practices and prevent anonymous access, ensure that all the HTTP-triggered Azure functions managed with Microsoft Azure Function App are configured to use access keys to securely invoke functions via URLs. Access keys with a HOST scope (i.e., function keys) can be used to access all HTTP-triggered functions within the Azure Function App.
impact: |
If HTTP-triggered functions do not utilize access keys, they may be vulnerable to unauthorized access and security breaches.
remediation: |
Configure access keys for HTTP-triggered functions in Azure Function App to enforce secure and authorized function invocations.
reference:
- https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook-trigger?tabs=csharp
tags: cloud,devops,azure,microsoft,functionapp,azure-cloud-config
flow: |
code(1);
for (let AppData of iterate(template.functionApps)) {
AppData = JSON.parse(AppData);
set("name", AppData.name);
set("resourceGroup", AppData.resourceGroup);
code(2);
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
az functionapp list --query '[*].{name:name, resourceGroup:resourceGroup}' --output json
extractors:
- type: json
name: functionApps
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
az functionapp keys list --name $name --resource-group $resourceGroup --query 'functionKeys' --output json
matchers:
- type: word
words:
- "{}"
extractors:
- type: dsl
dsl:
- 'name + " has no function keys configured for HTTP-triggered functions"'
# digest: 490a004630440220051ba1486e722dd69f17ae28c1fce048d555cb433d1f6b4d8d0d69b375aeb91d02200d9ce1ccf1d48505ff431ffe4450d0727545a09bbdbbb0961083a7fc44e5d159:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink