All rules
CA5377Security Enabled by default: No
Use container level access policy
Use container level access policy
Microsoft docsDescription
A container-level access policy can be modified or revoked at any time. It provides greater flexibility and control over the permissions that are granted. For more information, see Define a stored access policy.
Cause
Container level policy is not set when generating a service Shared Access Signature (SAS).
By default, this rule analyzes the entire codebase, but this is configurable.
How to fix violations
Specify a valid group policy identifier when generating the service SAS.
Example
using System;
using Microsoft.WindowsAzure.Storage;
using Microsoft.WindowsAzure.Storage.Blob;
class ExampleClass
{
public void ExampleMethod(SharedAccessBlobPolicy policy, SharedAccessBlobHeaders headers, Nullable<SharedAccessProtocol> protocols, IPAddressOrRange ipAddressOrRange)
{
var cloudAppendBlob = new CloudAppendBlob(null);
string groupPolicyIdentifier = null;
cloudAppendBlob.GetSharedAccessSignature(policy, headers, groupPolicyIdentifier, protocols, ipAddressOrRange);
}
}
using System;
using Microsoft.WindowsAzure.Storage;
using Microsoft.WindowsAzure.Storage.Blob;
class ExampleClass
{
public void ExampleMethod(SharedAccessBlobPolicy policy, SharedAccessBlobHeaders headers, Nullable<SharedAccessProtocol> protocols, IPAddressOrRange ipAddressOrRange)
{
CloudAppendBlob cloudAppendBlob = new CloudAppendBlob(null);
string groupPolicyIdentifier = "123";
cloudAppendBlob.GetSharedAccessSignature(policy, headers, groupPolicyIdentifier, protocols, ipAddressOrRange);
}
}When to suppress
It is safe to suppress this rule if you're sure that the permissions of all resources are as restricted as possible.
Your vote
Group results
0 yes 0 no
ConsensusNone (disabled)
Severity preference (yes voters)
Suggestion0
Warning0
Error0