漏洞描述
Ensure that Backup and Restore feature is enabled and configured to create custom backups for your Microsoft Azure App Service applications.
azure-appservice-backup-not-enabled: Azure App Service Automated Backup Not Configured
PoC代码[已公开]
id: azure-appservice-backup-not-enabled
info:
name: Azure App Service Automated Backup Not Configured
author: princechaddha
severity: medium
description: |
Ensure that Backup and Restore feature is enabled and configured to create custom backups for your Microsoft Azure App Service applications.
impact: |
If Automated Backups are not enabled and configured, it may lead to potential data loss and non-compliance with regulatory requirements.
remediation: |
Enable and configure the Backup and Restore feature for Azure App Services applications through the Azure portal or Azure CLI to ensure compliance and data integrity.
reference:
- https://docs.microsoft.com/en-us/azure/app-service/manage-backup
tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config
flow: |
code(1);
for (let AppServiceData of iterate(template.appServiceList)) {
AppServiceData = JSON.parse(AppServiceData);
set("name", AppServiceData.name);
set("resourceGroup", AppServiceData.resourceGroup);
code(2);
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
az webapp list --output json --query '[*].{name:name, resourceGroup:resourceGroup}'
extractors:
- type: json
name: appServiceList
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
az webapp config backup show --webapp-name $name --resource-group $resourceGroup --output json
matchers:
- type: word
part: stderr
words:
- "Backup configuration not found"
extractors:
- type: dsl
dsl:
- 'name + " in " + resourceGroup + " does not have automated backups enabled"'
# digest: 4b0a004830460221009023e345006bc362d6981677ef17287bdc886372a95eab24ea1d0252198aa0e1022100e1c13f7deb35af6eec29d45e919773bcf7ee455dac2a32a8ed1cd7ca3fe89316:922c64590222798bb761d5b6d8e72950