CA5376Security Enabled by default: No

Use SharedAccessProtocol HttpsOnly

Description

SAS is a sensitive data which can't be transported in plain text on HTTP.

Cause

Using the GetSharedAccessSignature method under the Microsoft.WindowsAzure.Storage namespace to generate a Shared Access Signature (SAS) with specifying protocols as HttpsOrHttp.

By default, this rule analyzes the entire codebase, but this is configurable.

How to fix violations

Using HttpsOnly when generating SAS.

Example

using System;
using Microsoft.WindowsAzure.Storage;
using Microsoft.WindowsAzure.Storage.File;

class ExampleClass
{
    public void ExampleMethod(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers, string groupPolicyIdentifier, IPAddressOrRange ipAddressOrRange)
    {
        CloudFile cloudFile = new CloudFile(null);
        SharedAccessProtocol protocols = SharedAccessProtocol.HttpsOrHttp;
        cloudFile.GetSharedAccessSignature(policy, headers, groupPolicyIdentifier, protocols, ipAddressOrRange);
    }
}

using System;
using Microsoft.WindowsAzure.Storage;
using Microsoft.WindowsAzure.Storage.File;

class ExampleClass
{
    public void ExampleMethod(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers, string groupPolicyIdentifier, IPAddressOrRange ipAddressOrRange)
    {
        CloudFile cloudFile = new CloudFile(null);
        SharedAccessProtocol protocols = SharedAccessProtocol.HttpsOnly;
        cloudFile.GetSharedAccessSignature(policy, headers, groupPolicyIdentifier, protocols, ipAddressOrRange);
    }
}

When to suppress

Do not suppress this rule.

Your vote

Join a group to vote

Group results

0 yes 0 no

ConsensusNone (disabled)

Severity preference (yes voters)

Suggestion0

Warning0

Error0