Azure App service slot does not have debugging disabled
Description
Disabling debugging for your Azure App Service slot can help improve the security of your app. Debugging allows you to troubleshoot issues with your app by providing access to detailed information about how the app is functioning. However, it can also make it easier for attackers to gain access to sensitive information about your app, such as its code and configuration.
Code Example
go
resource "azurerm_app_service_slot" "pass2" {
name = "ted"
app_service_name = azurerm_app_service.example.name
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
https_only = false #thedefault
site_config {
dotnet_framework_version = "v4.0"
min_tls_version = "1.2" #the default is 1.2
remote_debugging_enabled = false #default is false
}
app_settings = {
"SOME_KEY" = "some-value"
}
connection_string {
name = "Database"
type = "SQLServer"
value = "Server=some-server.mydomain.com;Integrated Security=SSPI"
}
}Remediation
Terraform
- Resource: azurerm_app_service_slot
- Arguments: remote_debugging_enabled (default is false)
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0662 |
| Severity | LOW |
| IaC Type | arm |
| Frameworks | Terraform |
| Checkov ID | CKV_AZURE_155 |