turbot/steampipe-mod-azure-perimeter

Control: App Service Web App CORS policies should prohibit public access

Description

Azure App Service Web App Cross-Origin Resource Sharing (CORS) policies should not allow unrestricted access from any origin that could enable public access.

Usage

Run the control in your terminal:

powerpipe control run azure_perimeter.control.appservice_web_app_cors_prohibit_public_access

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_perimeter.control.appservice_web_app_cors_prohibit_public_access --share

Steampipe Tables

SQL

select
a.id as resource,
case
when configuration -> 'properties' -> 'cors' -> 'allowedOrigins' @> '["*"]' then 'alarm'
else 'ok'
end as status,
case
when configuration -> 'properties' -> 'cors' -> 'allowedOrigins' @> '["*"]'
then a.name || ' CORS policy allows all domains to access the application.'
else a.name || ' CORS does not allow all domains to access the application.'
end as reason
, a.resource_group as resource_group
, sub.display_name as subscription
from
azure_app_service_web_app as a,
azure_subscription as sub
where
sub.subscription_id = a.subscription_id;

Tags