Skip to content

Security scan picks up Azurite connection string in javascript output #33284

Open
@dee-cf

Description

@dee-cf

We use @azure/storage-blob in our angular app.
After build, we run security scan and the scanner finds Azurite blob storage emulator connection string in our resulting artifacts chunks.

The connection string is:

Rd = "DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://127.0.0.1:10000/devstoreaccount1;"

Is there a way to turn this off so that connection string doesn't show up in chunks/artifacts at all?

Metadata

Metadata

Assignees

Labels

ClientThis issue points to a problem in the data-plane of the library.StorageStorage Service (Queues, Blobs, Files)customer-reportedIssues that are reported by GitHub users external to the Azure organization.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions