Azure Blob Storage Soft Delete Not Enabled
ID: azure-blob-soft-delete-disabled
Severity: medium
Author: princechaddha
Tags: cloud,devops,azure,microsoft,blob-storage,azure-cloud-config
Description
Section titled “Description”Ensure that Soft Delete feature is enabled for all your Microsoft Azure Storage blob objects (blobs and snapshots). Soft Delete enables you to save and recover blob data in case your Azure Storage blobs or blob snapshots are deleted. This extra layer of protection also extends to the Microsoft Azure blob data that is erased as the result of an overwrite operation. With Soft Delete feature enabled, when blob objects are deleted, they are transitioned to a soft deleted state instead of being permanently erased. When blob objects are overwritten, soft deleted snapshots are created to save the state of the overwritten blob data.
YAML Source
Section titled “YAML Source”id: azure-blob-soft-delete-disabledinfo: name: Azure Blob Storage Soft Delete Not Enabled author: princechaddha severity: medium description: | Ensure that Soft Delete feature is enabled for all your Microsoft Azure Storage blob objects (blobs and snapshots). Soft Delete enables you to save and recover blob data in case your Azure Storage blobs or blob snapshots are deleted. This extra layer of protection also extends to the Microsoft Azure blob data that is erased as the result of an overwrite operation. With Soft Delete feature enabled, when blob objects are deleted, they are transitioned to a soft deleted state instead of being permanently erased. When blob objects are overwritten, soft deleted snapshots are created to save the state of the overwritten blob data. impact: | Not having Soft Delete enabled can lead to permanent loss of blob data which cannot be recovered, leading to potential data breaches and compliance issues. remediation: | Enable the Soft Delete feature for all blob storage accounts via the Azure Portal or using Azure CLI commands to ensure data is recoverable even after deletion or overwriting. reference: - https://docs.microsoft.com/en-us/azure/storage/blobs/soft-delete-overview tags: cloud,devops,azure,microsoft,blob-storage,azure-cloud-config
flow: | code(1); for (let storageAccount of iterate(template.storageAccountNames)) { storageAccount = JSON.parse(storageAccount); set("name", storageAccount.Name); code(2); }
self-contained: truecode: - engine: - sh - bash source: | az storage account list --query '[*].{"Name":name}'
extractors: - type: json name: storageAccountNames internal: true json: - '.[]'
- engine: - sh - bash source: | az storage blob service-properties delete-policy show --account-name "$name" --output json --query 'enabled'
matchers-condition: and matchers: - type: word words: - 'false'
extractors: - type: dsl dsl: - 'name + " blob storage does not have Soft Delete enabled"'# digest: 4a0a0047304502210082ad860c75907b971b496d685af667a30184facd2ad6ba15a5922407666b193e022025e8347950124fe15ebba20460d505d60b3fb0b74bc70f7e965f5f97cf6fc891:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "cloud/azure/storageaccounts/azure-blob-soft-delete-disabled.yaml"