Terraform Ftp Deployments Enabled
Description
Detects Azure App Services configured to allow unrestricted FTP/FTPS deployments. When FTP deployments are set to "AllAllowed", it creates a security risk by potentially exposing deployment credentials and enabling unauthorized code deployments to the application.
Detection Strategy
• Identify Azure App Service resources in Terraform configurations (azurerm_app_service blocks)
• Check if the site_config block contains an ftps_state setting
• Flag resources where ftps_state is set to 'AllAllowed' as vulnerable
• Report vulnerability if FTP deployments are enabled without restrictions
Vulnerable code example
resource "azurerm_app_service" "example" {
name = "my-app-service"
location = "westus2"
resource_group_name = "my-resource-group"
app_service_plan_id = azurerm_app_service_plan.main.id
site_config {
ftps_state = "AllAllowed" # Security risk: Allows both FTP and FTPS connections instead of enforcing FTPS-only...✅ Secure code example
resource "azurerm_app_service" "example" {
name = "my-app-service"
location = "westus2"
resource_group_name = "my-resource-group"
app_service_plan_id = azurerm_app_service_plan.main.id
site_config {
ftps_state = "FtpsOnly" # Security: Enforce FTPS-only connections, preventing insecure FTP...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.