Summary
Adds a new CSPM scanner rule to detect Azure DNS zones configured as Public, which expose all DNS records to internet enumeration and can assist attackers in mapping the organisation's infrastructure.
Changes
scanner/rules/az_net_015.py — detects DNS zones with zone_type == Publicscanner/azure_client.py — adds get_dns_zones() using DnsManagementClientplaybooks/cli/fix_az_net_015.sh — creates a private DNS zone and links it to a VNetrequirements.txt — adds azure-mgmt-dns==8.0.0- All 4 compliance framework JSONs updated with AZ-NET-015 mappings (CIS 9.2, NIST PR.AC-5, ISO A.13.1.1, SOC2 CC6.6)
Test
python -m py_compile scanner/rules/az_net_015.py ✅python -m py_compile scanner/azure_client.py ✅- All 4 compliance JSONs validated ✅
Related Issue
Closes #[issue number]
Summary
Adds a new CSPM scanner rule to detect Azure DNS zones configured as Public, which expose all DNS records to internet enumeration and can assist attackers in mapping the organisation's infrastructure.
Changes
scanner/rules/az_net_015.py— detects DNS zones with zone_type == Publicscanner/azure_client.py— addsget_dns_zones()using DnsManagementClientplaybooks/cli/fix_az_net_015.sh— creates a private DNS zone and links it to a VNetrequirements.txt— addsazure-mgmt-dns==8.0.0Test
python -m py_compile scanner/rules/az_net_015.py✅python -m py_compile scanner/azure_client.py✅Related Issue
Closes #[issue number]