Ensure that your Azure App Services web applications have remote debugging disabled in order to enhance security and protect the applications from unauthorized access. Remote Debugging feature is available for web applications (e.g. ASP.NET, ASP.NET Core, Node.js, Python).
PoC代码[已公开]
id: azure-appservice-remote-debugging-enabled
info:
name: Azure App Service Remote Debugging Enabled
author: princechaddha
severity: high
description: |
Ensure that your Azure App Services web applications have remote debugging disabled in order to enhance security and protect the applications from unauthorized access. Remote Debugging feature is available for web applications (e.g. ASP.NET, ASP.NET Core, Node.js, Python).
impact: |
Enabling remote debugging can expose web applications to unauthorized access and potential security vulnerabilities.
remediation: |
Disable remote debugging for Azure App Services web applications through the Azure portal or using Azure CLI commands to enhance application security.
reference:
- https://docs.microsoft.com/en-us/azure/app-service/troubleshoot-remote-debug
tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config
flow: |
code(1);
for (let WebAppData of iterate(template.webAppList)) {
set("ids", WebAppData);
code(2);
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
az webapp list --query '[*].{id:id}' --output json
extractors:
- type: json
name: webAppList
internal: true
json:
- '.[].[]'
- engine:
- sh
- bash
source: |
az webapp config show --ids $ids --query 'remoteDebuggingEnabled' --output json
matchers:
- type: word
words:
- "true"
extractors:
- type: dsl
dsl:
- 'id + " has remote debugging enabled."'
# digest: 4a0a00473045022100a389ece2d0f6fa8a9633a85174d2e10ae34266780e07a12807c1ee78859161f402204c1d9cbdc25ef7c1084b085de5c5be508e076b76494aba7d1f32aa38a54d839f:922c64590222798bb761d5b6d8e72950