Ensure Azure App service slot has debugging disabled

Error: Azure App service slot does not have debugging disabled

Bridgecrew Policy ID: BC_AZR_NETWORKING_58
Checkov Check ID: CKV_AZURE_155
Severity: LOW

Azure App service slot does not have debugging disabled

Description

Disabling debugging for your Azure App Service slot can help improve the security of your app. Debugging allows you to troubleshoot issues with your app by providing access to detailed information about how the app is functioning. However, it can also make it easier for attackers to gain access to sensitive information about your app, such as its code and configuration.

Fix - Runtime

Fix - Buildtime

Terraform

  • Resource: azurerm_app_service_slot
  • Argument: remote_debugging_enabled (default is false)
resource "azurerm_app_service_slot" "pass2" {
  name                = "ted"
  app_service_name    = azurerm_app_service.example.name
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  app_service_plan_id = azurerm_app_service_plan.example.id

  https_only = false #thedefault


  site_config {
    dotnet_framework_version = "v4.0"
    min_tls_version          = "1.2" #the default is 1.2
    remote_debugging_enabled = false  #default is false
  }

  app_settings = {
    "SOME_KEY" = "some-value"
  }

  connection_string {
    name  = "Database"
    type  = "SQLServer"
    value = "Server=some-server.mydomain.com;Integrated Security=SSPI"
  }
}