Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Apply latest Library.Template including SDT additions
- Loading branch information
Showing
20 changed files
with
251 additions
and
38 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
<PoliCheckExclusions> | ||
<!--Each of these exclusions is a folder name -if \[name]\exists in the file path, it will be skipped --> | ||
<Exclusion Type="FolderPathFull">NODE_MODULES|.STORE</Exclusion> | ||
<!--Each of these exclusions is a folder name -if any folder or file starts with "\[name]", it will be skipped --> | ||
<!-- <Exclusion Type="FolderPathStart">ABC|XYZ</Exclusion>--> | ||
<!--Each of these file types will be completely skipped for the entire scan --> | ||
<!-- <Exclusion Type="FileType">.ABC|.XYZ</Exclusion>--> | ||
<!--The specified file names will be skipped during the scan regardless which folder they are in --> | ||
<!-- <Exclusion Type="FileName">ABC.TXT|XYZ.CS</Exclusion>--> | ||
</PoliCheckExclusions> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,18 @@ | ||
$result = @{} | ||
|
||
if ($env:AGENT_TEMPDIRECTORY) { | ||
# The DotNetCoreCLI uses an alternate location to publish these files | ||
$guidRegex = '^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$' | ||
@{ | ||
$env:AGENT_TEMPDIRECTORY = (Get-ChildItem $env:AGENT_TEMPDIRECTORY -Directory |? { $_.Name -match $guidRegex } |% { Get-ChildItem "$($_.FullName)\dotnet*.dmp","$($_.FullName)\testhost*.dmp","$($_.FullName)\Sequence_*.xml" -Recurse }); | ||
} | ||
} else { | ||
$result[$env:AGENT_TEMPDIRECTORY] = (Get-ChildItem $env:AGENT_TEMPDIRECTORY -Directory |? { $_.Name -match $guidRegex } |% { Get-ChildItem "$($_.FullName)\dotnet*.dmp","$($_.FullName)\testhost*.dmp","$($_.FullName)\Sequence_*.xml" -Recurse }); | ||
} | ||
else { | ||
$testRoot = Resolve-Path "$PSScriptRoot\..\..\test" | ||
@{ | ||
$testRoot = (Get-ChildItem "$testRoot\TestResults" -Recurse -Directory | Get-ChildItem -Recurse -File); | ||
} | ||
$result[$testRoot] = (Get-ChildItem "$testRoot\TestResults" -Recurse -Directory | Get-ChildItem -Recurse -File) | ||
} | ||
|
||
$testlogsPath = "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\test_logs" | ||
if (Test-Path $testlogsPath) { | ||
$result[$testlogsPath] = Get-ChildItem "$testlogsPath\*"; | ||
} | ||
|
||
$result |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
{ | ||
"version": "latest", | ||
"suppressionSets": { | ||
"falsepositives": { | ||
"name": "falsepositives", | ||
"createdDate": "2022-01-05 21:55:03Z", | ||
"lastUpdatedDate": "2022-01-05 21:55:03Z" | ||
} | ||
}, | ||
"results": { | ||
"f2d4b996c6d7c4016ec4fcd8ffee323140ad820bf3e162080d3def56e8341e91": { | ||
"signature": "f2d4b996c6d7c4016ec4fcd8ffee323140ad820bf3e162080d3def56e8341e91", | ||
"alternativeSignatures": [], | ||
"target": "src/Microsoft.VisualStudio.Threading.Analyzers.CSharp/VSTHRD003UseJtfRunAsyncAnalyzer.cs", | ||
"memberOf": [ | ||
"falsepositives" | ||
], | ||
"tool": "policheck", | ||
"ruleId": "80411", | ||
"justification": null, | ||
"createdDate": "2022-01-05 21:55:03Z", | ||
"expirationDate": null, | ||
"type": null | ||
}, | ||
"5bd7dbbf8a0e638bc4ee65d7db6dc4ab9054ddd64f8ec5cf4031380b01100b63": { | ||
"signature": "5bd7dbbf8a0e638bc4ee65d7db6dc4ab9054ddd64f8ec5cf4031380b01100b63", | ||
"alternativeSignatures": [], | ||
"target": "src/Microsoft.VisualStudio.Threading.Analyzers.CSharp/VSTHRD003UseJtfRunAsyncAnalyzer.cs", | ||
"memberOf": [ | ||
"falsepositives" | ||
], | ||
"tool": "policheck", | ||
"ruleId": "80411", | ||
"justification": null, | ||
"createdDate": "2022-01-05 21:55:03Z", | ||
"expirationDate": null, | ||
"type": null | ||
}, | ||
"ed020ef10e60a1a49245aad9cd8922514ac643fe6f2f689cabdfc2205d725de5": { | ||
"signature": "ed020ef10e60a1a49245aad9cd8922514ac643fe6f2f689cabdfc2205d725de5", | ||
"alternativeSignatures": [ | ||
"2b12d128e16023e34f3070e5d1c3014207692966829acbf838fe1ec92ddf6798" | ||
], | ||
"target": "microsoft.visualstudio.threading/release/net472/microsoft.visualstudio.threading.dll", | ||
"memberOf": [ | ||
"falsepositives" | ||
], | ||
"tool": "apiscan", | ||
"ruleId": "documentationnotfound", | ||
"justification": null, | ||
"createdDate": "2022-01-05 21:55:03Z", | ||
"expirationDate": null, | ||
"type": null | ||
}, | ||
"72600e5e09c73929820080a3d7fbbd591c4aac41a606251af6755e2ea3e96286": { | ||
"signature": "72600e5e09c73929820080a3d7fbbd591c4aac41a606251af6755e2ea3e96286", | ||
"alternativeSignatures": [ | ||
"e0697b669d792491bda5ab3c49a1c1bc71adc6c2a4cd903163c8d956aec5d16f" | ||
], | ||
"target": "microsoft.visualstudio.threading/release/netstandard2.0/microsoft.visualstudio.threading.dll", | ||
"memberOf": [ | ||
"falsepositives" | ||
], | ||
"tool": "apiscan", | ||
"ruleId": "documentationnotfound", | ||
"justification": null, | ||
"createdDate": "2022-01-05 21:55:03Z", | ||
"expirationDate": null, | ||
"type": null | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,74 @@ | ||
parameters: | ||
- name: EnableAPIScan | ||
type: boolean | ||
|
||
steps: | ||
|
||
### Check for checked in credentials. | ||
- task: CredScan@3 | ||
displayName: 'Run CredScan' | ||
displayName: Run CredScan | ||
|
||
### Run PoliCheck to check for disallowed terms. targetType: F indicates we're searching files and folders. | ||
- task: PoliCheck@1 | ||
displayName: 'Run PoliCheck' | ||
- task: PoliCheck@2 | ||
displayName: Run PoliCheck | ||
inputs: | ||
targetType: F | ||
targetArgument: $(System.DefaultWorkingDirectory) | ||
optionsUEPATH: $(System.DefaultWorkingDirectory)\azure-pipelines\PoliCheckExclusions.xml | ||
|
||
- task: BinSkim@3 | ||
displayName: Run BinSkim | ||
inputs: | ||
InputType: Basic | ||
Function: analyze | ||
AnalyzeTarget: $(BinSkimTargets) | ||
|
||
- task: CopyFiles@2 | ||
displayName: Collect APIScan inputs | ||
inputs: | ||
SourceFolder: $(Build.ArtifactStagingDirectory)/Symbols-$(Agent.JobName) | ||
# Exclude any patterns from the Contents (e.g. `!**/git2*`) that we have symbols for but do not need to run APIScan on. | ||
Contents: | | ||
** | ||
TargetFolder: $(Build.ArtifactStagingDirectory)/APIScanInputs | ||
condition: and(succeeded(), ${{ parameters.EnableAPIScan }}, ne(variables.ApiScanClientId, '')) | ||
|
||
- task: APIScan@2 | ||
displayName: Run APIScan | ||
inputs: | ||
softwareFolder: $(Build.ArtifactStagingDirectory)/APIScanInputs | ||
softwareName: $(SymbolsFeatureName) | ||
softwareVersionNum: $(NBGV_MajorMinorVersion) | ||
isLargeApp: false | ||
toolVersion: Latest | ||
condition: and(succeeded(), ${{ parameters.EnableAPIScan }}, ne(variables.ApiScanClientId, '')) | ||
env: | ||
AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret) | ||
|
||
- task: SdtReport@2 | ||
displayName: Create Security Analysis Report | ||
inputs: | ||
GdnExportAllTools: true | ||
|
||
- task: PublishSecurityAnalysisLogs@3 | ||
displayName: Publish Code Analysis Logs | ||
inputs: | ||
ArtifactName: CodeAnalysisLogs | ||
ArtifactType: Container | ||
PublishProcessedResults: true | ||
AllTools: true | ||
ToolLogsNotFoundAction: Standard | ||
|
||
- task: PostAnalysis@2 | ||
displayName: Break on compliance issues | ||
inputs: | ||
GdnBreakAllTools: true | ||
GdnBreakGdnToolBinSkimSeverity: Warning | ||
GdnBreakSuppressionFiles: $(System.DefaultWorkingDirectory)/azure-pipelines/falsepositives.gdnsuppress | ||
GdnBreakSuppressionSets: falsepositives | ||
GdnBreakOutputSuppressionFile: $(Build.ArtifactStagingDirectory)/guardian_failures_as_suppressions/ | ||
GdnBreakOutputSuppressionSet: falsepositives | ||
|
||
# This is useful when false positives appear so we can copy some of the output into the suppressions file. | ||
- publish: $(Build.ArtifactStagingDirectory)/guardian_failures_as_suppressions | ||
artifact: guardian_failures_as_suppressions | ||
displayName: Publish Guardian failures | ||
condition: failed() |
Oops, something went wrong.