Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[storage][credscan] warnings after credscan tool upgrade #25479

Closed
jeremymeng opened this issue Apr 6, 2023 · 2 comments
Closed

[storage][credscan] warnings after credscan tool upgrade #25479

jeremymeng opened this issue Apr 6, 2023 · 2 comments
Assignees
@jeremymeng
Labels
Client This issue points to a problem in the data-plane of the library. EngSys This issue is impacting the engineering system. Storage Storage Service (Queues, Blobs, Files)

Comments

@jeremymeng
Copy link
Member

jeremymeng commented Apr 6, 2023
edited
Loading

Linkified results from aggregate-report run https://dev.azure.com/azure-sdk/public/_build/results?buildId=2683780&view=results (MS INTERNAL). They are all from a signed identifier ID and seems like a false positive.

<SignedIdentifier><Id>MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=</Id><AccessPolicy><Permission>raup</Permission></AccessPolicy></SignedIdentifier>

Active results: 12
@jeremymeng jeremymeng added EngSys This issue is impacting the engineering system. Client This issue points to a problem in the data-plane of the library. Storage Storage Service (Queues, Blobs, Files) labels Apr 6, 2023
@jeremymeng
Copy link
Member Author

I am not sure why MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI= was chosen to be the id. It may look like a secrete. According to the doc, any unique char (up to 64) is fine https://learn.microsoft.com/en-us/rest/api/storageservices/define-stored-access-policy#create-or-modify-a-stored-access-policy

@jeremymeng
Copy link
Member Author

the value is a base64 encoding of 12345678901234567890123456789012

@jeremymeng jeremymeng self-assigned this Apr 7, 2023
@jeremymeng jeremymeng mentioned this issue Apr 7, 2023
Merged
jeremymeng added a commit that referenced this issue Apr 10, 2023
@jeremymeng
[credscan][file,queue] Fix warnings (#25493)
cd3685a 
Replace the secret-looking signed identifier ID with a UUID

Fixes issue #25479
azure-sdk pushed a commit to azure-sdk/azure-sdk-for-js that referenced this issue Sep 28, 2023
@deveshdama @robogatikov
@chihshenghuang @norshtein @aagusuab
CodeGen from PR 25891 in Azure/azure-rest-api-specs
c3e0e44 
[Hub Generated] Review request for Microsoft.ContainerService/aks to add version preview/2023-08-02-preview (Azure#25891)

* Adds base for updating Microsoft.ContainerService/aks from version preview/2023-07-02-preview to version 2023-08-02-preview

* Updates readme

* Updates API version in new specs and examples

* update (Azure#25469)

* Fix the IstioComponents structure (Azure#25492)

* add netorkPolicy "none" (Azure#25511)

* add netorkPolicy "none" value and description

* add "none" enum value to networkPolicy

* add addon autoscaling api (Azure#25479)

* Update trusted access put and delete to async operation (Azure#25537)

* Update trusted access put and delete to async operation

* Update example

* Update header

* Swagger changes for adding autoscalerprofile flags for daemonset/multipleexpander (Azure#25487)

* Adding json changes

* adding "daemonsets" to the custom-words

* Editing "Expander" to "expander"

* Removing daemonset custom word from this pr. look at: Azure/azure-rest-api-specs#25533

* Add AzureServiceMesh example (Azure#25560)

* Add AzureServiceMesh example

* Fix AKV resource id format

* enrich ASM examples (Azure#25598)

---------

Co-authored-by: deveshdama <[email protected]>
Co-authored-by: robogatikov <[email protected]>
Co-authored-by: Chih-Sheng Huang <[email protected]>
Co-authored-by: Tongyao Si <[email protected]>
Co-authored-by: Youn Jae Kim <[email protected]>
@github-actions github-actions bot locked and limited conversation to collaborators Jan 10, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jeremymeng jeremymeng

Labels
Client This issue points to a problem in the data-plane of the library. EngSys This issue is impacting the engineering system. Storage Storage Service (Queues, Blobs, Files)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jeremymeng