55 lines
1.8 KiB
YAML
55 lines
1.8 KiB
YAML
id: azure-functionapp-vnet-integration-missing
|
|
info:
|
|
name: Virtual Network Integration for Azure Functions Not Enabled
|
|
author: princechaddha
|
|
severity: high
|
|
description: |
|
|
To follow Azure networking best practices and securely access cloud resources available within your Azure Virtual Network (VNet), ensure that Virtual Network integration is enabled for your Microsoft Azure Function Apps. With Virtual Network integration, you can restrict your Function App outbound connections to specific, trusted VNets only.
|
|
impact: |
|
|
Lack of Virtual Network integration may lead to insecure access to cloud resources, posing a security risk by allowing outbound connections to non-trusted networks.
|
|
remediation: |
|
|
Enable Virtual Network integration for your Azure Function Apps to secure connections to trusted Virtual Networks.
|
|
reference:
|
|
- https://docs.microsoft.com/en-us/azure/azure-functions/functions-networking-options
|
|
tags: cloud,devops,azure,microsoft,functionapp,azure-cloud-config
|
|
|
|
flow: |
|
|
code(1);
|
|
for (let AppData of iterate(template.functionApps)) {
|
|
AppData = JSON.parse(AppData);
|
|
set("name", AppData.name);
|
|
set("resourceGroup", AppData.resourceGroup);
|
|
code(2);
|
|
}
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
az functionapp list --output json --query '[*].{name:name, resourceGroup:resourceGroup}'
|
|
|
|
extractors:
|
|
- type: json
|
|
name: functionApps
|
|
internal: true
|
|
json:
|
|
- '.[]'
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
az functionapp show --name $name --resource-group $resourceGroup --query 'siteConfig.vnetName' --output json
|
|
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- ""
|
|
|
|
extractors:
|
|
- type: dsl
|
|
dsl:
|
|
- 'name + " does not have Virtual Network Integration enabled"'
|