Reputation: 35
Running 3rd party code on an Azure Function (security concerns)
I am creating a website similar to dotnetfiddle.net where anyone can submit C# code. I was planning on creating an Azure Function that would compile and run the code. I am wondering if malicious code could somehow mess up my Azure environment? Or is each function execution completely isolated?
Upvotes: 0
Views: 34
Answers (1)
Reputation: 694
An Azure Function does not, by default, have permissions to your Azure tenant/subscription. If you have assigned a Managed Service Identity to the App Service running your Function AND granted that identity permissions to your Azure resources, then code executing in your function could have access to your Azure resources.
See: https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet
Another consideration is whether you have configured any kind of VNET integration for your function's Web App--if this is the case, code executing in your function would have access to other resources in your VNET.
See: https://learn.microsoft.com/en-us/azure/azure-functions/functions-networking-options
Upvotes: 1
Related Questions
- Is it safe to run user-made C# code in an (isolated) Azure function?
- Calling private functions from public azure functions?
- How to add an Azure function accessible by everyone (even by non authenticated user) into an AAD secured Azure Function App
- Calling an azure function secured by AAD
- Make Azure Functions not publicly accessible?
- Using external programs inside azure-functions
- Securing Azure function executions origin when hosted on a Consumption Plan
- Azure Functions - C# - Running external applications?
- How can an Azure Function App interact with Azure resources?
- Securing an Azure Function