dotnet · safern · Feb 10, 2022 · Feb 3, 2022
diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml
@@ -2,21 +2,21 @@
   <ProductDependencies>
   </ProductDependencies>
   <ToolsetDependencies>
-    <Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="1.0.0-beta.21561.2">
+    <Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="1.0.0-beta.22077.9">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>3df4410511ad9900804da00ec680bd1c7d6f21e1</Sha>
+      <Sha>31e3d884010345c19f6335571e34b2b5c7ce13bc</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.Helix.Sdk" Version="2.0.0-beta.21561.2">
+    <Dependency Name="Microsoft.DotNet.Helix.Sdk" Version="2.0.0-beta.22077.9">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>3df4410511ad9900804da00ec680bd1c7d6f21e1</Sha>
+      <Sha>31e3d884010345c19f6335571e34b2b5c7ce13bc</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.Build.Tasks.Feed" Version="2.2.0-beta.21561.2">
+    <Dependency Name="Microsoft.DotNet.Build.Tasks.Feed" Version="2.2.0-beta.22077.9">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>3df4410511ad9900804da00ec680bd1c7d6f21e1</Sha>
+      <Sha>31e3d884010345c19f6335571e34b2b5c7ce13bc</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.Build.Tasks.Packaging" Version="1.0.0-beta.21561.2">
+    <Dependency Name="Microsoft.DotNet.Build.Tasks.Packaging" Version="1.0.0-beta.22077.9">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>3df4410511ad9900804da00ec680bd1c7d6f21e1</Sha>
+      <Sha>31e3d884010345c19f6335571e34b2b5c7ce13bc</Sha>
     </Dependency>
     <Dependency Name="Microsoft.Private.CoreFx.NETCoreApp" Version="4.7.0-servicing.21310.1">
       <Uri>https://github.com/dotnet/corefx</Uri>

diff --git a/eng/Versions.props b/eng/Versions.props
@@ -15,9 +15,9 @@
     <UsingToolXliff>false</UsingToolXliff>
     <!-- Package versions -->
     <!-- arcade -->
-    <MicrosoftDotNetBuildTasksFeedVersion>2.2.0-beta.21561.2</MicrosoftDotNetBuildTasksFeedVersion>
-    <MicrosoftDotNetBuildTasksPackagingVersion>1.0.0-beta.21561.2</MicrosoftDotNetBuildTasksPackagingVersion>
-    <MicrosoftDotNetHelixSdkVersion>2.0.0-beta.21561.2</MicrosoftDotNetHelixSdkVersion>
+    <MicrosoftDotNetBuildTasksFeedVersion>2.2.0-beta.22077.9</MicrosoftDotNetBuildTasksFeedVersion>
+    <MicrosoftDotNetBuildTasksPackagingVersion>1.0.0-beta.22077.9</MicrosoftDotNetBuildTasksPackagingVersion>
+    <MicrosoftDotNetHelixSdkVersion>2.0.0-beta.22077.9</MicrosoftDotNetHelixSdkVersion>
     <MicrosoftDotNetXUnitConsoleRunnerVersion>2.5.1-beta.19278.1</MicrosoftDotNetXUnitConsoleRunnerVersion>
     <!-- roslyn -->
     <MicrosoftNetCompilersToolsetVersion>3.3.0-beta2-19367-02</MicrosoftNetCompilersToolsetVersion>

diff --git a/eng/common/pipeline-logging-functions.ps1 b/eng/common/pipeline-logging-functions.ps1
@@ -12,6 +12,7 @@ $script:loggingCommandEscapeMappings = @( # TODO: WHAT ABOUT "="? WHAT ABOUT "%"
 # TODO: BUG: Escape % ???
 # TODO: Add test to verify don't need to escape "=".
 
+# Specify "-Force" to force pipeline formatted output even if "$ci" is false or not set
 function Write-PipelineTelemetryError {
     [CmdletBinding()]
     param(
@@ -25,80 +26,101 @@ function Write-PipelineTelemetryError {
         [string]$SourcePath,
         [string]$LineNumber,
         [string]$ColumnNumber,
-        [switch]$AsOutput)
+        [switch]$AsOutput,
+        [switch]$Force)
 
-        $PSBoundParameters.Remove("Category") | Out-Null
+    $PSBoundParameters.Remove('Category') | Out-Null
 
+    if ($Force -Or ((Test-Path variable:ci) -And $ci)) {
         $Message = "(NETCORE_ENGINEERING_TELEMETRY=$Category) $Message"
-        $PSBoundParameters.Remove("Message") | Out-Null
-        $PSBoundParameters.Add("Message", $Message)
-
-        Write-PipelineTaskError @PSBoundParameters
+    }
+    $PSBoundParameters.Remove('Message') | Out-Null
+    $PSBoundParameters.Add('Message', $Message)
+    Write-PipelineTaskError @PSBoundParameters
 }
 
+# Specify "-Force" to force pipeline formatted output even if "$ci" is false or not set
 function Write-PipelineTaskError {
     [CmdletBinding()]
     param(
-      [Parameter(Mandatory = $true)]
-      [string]$Message,
-      [Parameter(Mandatory = $false)]
-      [string]$Type = 'error',
-      [string]$ErrCode,
-      [string]$SourcePath,
-      [string]$LineNumber,
-      [string]$ColumnNumber,
-      [switch]$AsOutput)
-
-      if(!$ci) {
-        if($Type -eq 'error') {
-          Write-Host $Message -ForegroundColor Red
-          return
+        [Parameter(Mandatory = $true)]
+        [string]$Message,
+        [Parameter(Mandatory = $false)]
+        [string]$Type = 'error',
+        [string]$ErrCode,
+        [string]$SourcePath,
+        [string]$LineNumber,
+        [string]$ColumnNumber,
+        [switch]$AsOutput,
+        [switch]$Force
+    )
+
+    if (!$Force -And (-Not (Test-Path variable:ci) -Or !$ci)) {
+        if ($Type -eq 'error') {
+            Write-Host $Message -ForegroundColor Red
+            return
         }
         elseif ($Type -eq 'warning') {
-          Write-Host $Message -ForegroundColor Yellow
-          return
+            Write-Host $Message -ForegroundColor Yellow
+            return
         }
-      }
-  
-      if(($Type -ne 'error') -and ($Type -ne 'warning')) {
+    }
+
+    if (($Type -ne 'error') -and ($Type -ne 'warning')) {
         Write-Host $Message
         return
-      }
-      if(-not $PSBoundParameters.ContainsKey('Type')) {
+    }
+    $PSBoundParameters.Remove('Force') | Out-Null      
+    if (-not $PSBoundParameters.ContainsKey('Type')) {
         $PSBoundParameters.Add('Type', 'error')
-      }
-      Write-LogIssue @PSBoundParameters
-  }
+    }
+    Write-LogIssue @PSBoundParameters
+}
 
-  function Write-PipelineSetVariable {
+function Write-PipelineSetVariable {
     [CmdletBinding()]
     param(
-      [Parameter(Mandatory = $true)]
-      [string]$Name,
-      [string]$Value,
-      [switch]$Secret,
-      [switch]$AsOutput,
-      [bool]$IsMultiJobVariable=$true)
-
-      if($ci) {
+        [Parameter(Mandatory = $true)]
+        [string]$Name,
+        [string]$Value,
+        [switch]$Secret,
+        [switch]$AsOutput,
+        [bool]$IsMultiJobVariable = $true)
+
+    if ((Test-Path variable:ci) -And $ci) {
         Write-LoggingCommand -Area 'task' -Event 'setvariable' -Data $Value -Properties @{
-          'variable' = $Name
-          'isSecret' = $Secret
-          'isOutput' = $IsMultiJobVariable
+            'variable' = $Name
+            'isSecret' = $Secret
+            'isOutput' = $IsMultiJobVariable
         } -AsOutput:$AsOutput
-      }
-  }
+    }
+}
 
-  function Write-PipelinePrependPath {
+function Write-PipelinePrependPath {
     [CmdletBinding()]
     param(
-      [Parameter(Mandatory=$true)]
-      [string]$Path,
-      [switch]$AsOutput)
-      if($ci) {
+        [Parameter(Mandatory = $true)]
+        [string]$Path,
+        [switch]$AsOutput)
+
+    if ((Test-Path variable:ci) -And $ci) {
         Write-LoggingCommand -Area 'task' -Event 'prependpath' -Data $Path -AsOutput:$AsOutput
-      }
-  }
+    }
+}
+
+function Write-PipelineSetResult {
+    [CmdletBinding()]
+    param(
+        [ValidateSet("Succeeded", "SucceededWithIssues", "Failed", "Cancelled", "Skipped")]
+        [Parameter(Mandatory = $true)]
+        [string]$Result,
+        [string]$Message)
+    if ((Test-Path variable:ci) -And $ci) {
+        Write-LoggingCommand -Area 'task' -Event 'complete' -Data $Message -Properties @{
+            'result' = $Result
+        }
+    }
+}
 
 <########################################
 # Private functions.
@@ -115,7 +137,8 @@ function Format-LoggingCommandData {
         foreach ($mapping in $script:loggingCommandEscapeMappings) {
             $Value = $Value.Replace($mapping.Token, $mapping.Replacement)
         }
-    } else {
+    }
+    else {
         for ($i = $script:loggingCommandEscapeMappings.Length - 1 ; $i -ge 0 ; $i--) {
             $mapping = $script:loggingCommandEscapeMappings[$i]
             $Value = $Value.Replace($mapping.Replacement, $mapping.Token)
@@ -148,7 +171,8 @@ function Format-LoggingCommand {
                 if ($first) {
                     $null = $sb.Append(' ')
                     $first = $false
-                } else {
+                }
+                else {
                     $null = $sb.Append(';')
                 }
 
@@ -185,7 +209,8 @@ function Write-LoggingCommand {
     $command = Format-LoggingCommand -Area $Area -Event $Event -Data $Data -Properties $Properties
     if ($AsOutput) {
         $command
-    } else {
+    }
+    else {
         Write-Host $command
     }
 }
@@ -204,12 +229,12 @@ function Write-LogIssue {
         [switch]$AsOutput)
 
     $command = Format-LoggingCommand -Area 'task' -Event 'logissue' -Data $Message -Properties @{
-            'type' = $Type
-            'code' = $ErrCode
-            'sourcepath' = $SourcePath
-            'linenumber' = $LineNumber
-            'columnnumber' = $ColumnNumber
-        }
+        'type'         = $Type
+        'code'         = $ErrCode
+        'sourcepath'   = $SourcePath
+        'linenumber'   = $LineNumber
+        'columnnumber' = $ColumnNumber
+    }
     if ($AsOutput) {
         return $command
     }
@@ -221,7 +246,8 @@ function Write-LogIssue {
             $foregroundColor = [System.ConsoleColor]::Red
             $backgroundColor = [System.ConsoleColor]::Black
         }
-    } else {
+    }
+    else {
         $foregroundColor = $host.PrivateData.WarningForegroundColor
         $backgroundColor = $host.PrivateData.WarningBackgroundColor
         if ($foregroundColor -isnot [System.ConsoleColor] -or $backgroundColor -isnot [System.ConsoleColor]) {
@@ -231,4 +257,4 @@ function Write-LogIssue {
     }
 
     Write-Host $command -ForegroundColor $foregroundColor -BackgroundColor $backgroundColor
-}
+}
diff --git a/eng/common/sdl/configure-sdl-tool.ps1 b/eng/common/sdl/configure-sdl-tool.ps1
@@ -0,0 +1,109 @@
+Param(
+  [string] $GuardianCliLocation,
+  [string] $WorkingDirectory,
+  [string] $TargetDirectory,
+  [string] $GdnFolder,
+  # The list of Guardian tools to configure. For each object in the array:
+  # - If the item is a [hashtable], it must contain these entries:
+  #   - Name = The tool name as Guardian knows it.
+  #   - Scenario = (Optional) Scenario-specific name for this configuration entry. It must be unique
+  #     among all tool entries with the same Name.
+  #   - Args = (Optional) Array of Guardian tool configuration args, like '@("Target > C:\temp")'
+  # - If the item is a [string] $v, it is treated as '@{ Name="$v" }'
+  [object[]] $ToolsList,
+  [string] $GuardianLoggerLevel='Standard',
+  # Optional: Additional params to add to any tool using CredScan.
+  [string[]] $CrScanAdditionalRunConfigParams,
+  # Optional: Additional params to add to any tool using PoliCheck.
+  [string[]] $PoliCheckAdditionalRunConfigParams
+)
+
+$ErrorActionPreference = 'Stop'
+Set-StrictMode -Version 2.0
+$disableConfigureToolsetImport = $true
+$global:LASTEXITCODE = 0
+
+try {
+  # `tools.ps1` checks $ci to perform some actions. Since the SDL
+  # scripts don't necessarily execute in the same agent that run the
+  # build.ps1/sh script this variable isn't automatically set.
+  $ci = $true
+  . $PSScriptRoot\..\tools.ps1
+
+  # Normalize tools list: all in [hashtable] form with defined values for each key.
+  $ToolsList = $ToolsList |
+    ForEach-Object {
+      if ($_ -is [string]) {
+        $_ = @{ Name = $_ }
+      }
+
+      if (-not ($_['Scenario'])) { $_.Scenario = "" }
+      if (-not ($_['Args'])) { $_.Args = @() }
+      $_
+    }
+
+  Write-Host "List of tools to configure:"
+  $ToolsList | ForEach-Object { $_ | Out-String | Write-Host }
+
+  # We store config files in the r directory of .gdn
+  $gdnConfigPath = Join-Path $GdnFolder 'r'
+  $ValidPath = Test-Path $GuardianCliLocation
+
+  if ($ValidPath -eq $False)
+  {
+    Write-PipelineTelemetryError -Force -Category 'Sdl' -Message "Invalid Guardian CLI Location."
+    ExitWithExitCode 1
+  }
+
+  foreach ($tool in $ToolsList) {
+    # Put together the name and scenario to make a unique key.
+    $toolConfigName = $tool.Name
+    if ($tool.Scenario) {
+      $toolConfigName += "_" + $tool.Scenario
+    }
+
+    Write-Host "=== Configuring $toolConfigName..."
+
+    $gdnConfigFile = Join-Path $gdnConfigPath "$toolConfigName-configure.gdnconfig"
+
+    # For some tools, add default and automatic args.
+    if ($tool.Name -eq 'credscan') {
+      if ($targetDirectory) {
+        $tool.Args += "`"TargetDirectory < $TargetDirectory`""
+      }
+      $tool.Args += "`"OutputType < pre`""
+      $tool.Args += $CrScanAdditionalRunConfigParams
+    } elseif ($tool.Name -eq 'policheck') {
+      if ($targetDirectory) {
+        $tool.Args += "`"Target < $TargetDirectory`""
+      }
+      $tool.Args += $PoliCheckAdditionalRunConfigParams
+    }
+
+    # Create variable pointing to the args array directly so we can use splat syntax later.
+    $toolArgs = $tool.Args
+
+    # Configure the tool. If args array is provided or the current tool has some default arguments
+    # defined, add "--args" and splat each element on the end. Arg format is "{Arg id} < {Value}",
+    # one per parameter. Doc page for "guardian configure":
+    # https://dev.azure.com/securitytools/SecurityIntegration/_wiki/wikis/Guardian/1395/configure
+    Exec-BlockVerbosely {
+      & $GuardianCliLocation configure `
+        --working-directory $WorkingDirectory `
+        --tool $tool.Name `
+        --output-path $gdnConfigFile `
+        --logger-level $GuardianLoggerLevel `
+        --noninteractive `
+        --force `
+        $(if ($toolArgs) { "--args" }) @toolArgs
+      Exit-IfNZEC "Sdl"
+    }
+
+    Write-Host "Created '$toolConfigName' configuration file: $gdnConfigFile"
+  }
+}
+catch {
+  Write-Host $_.ScriptStackTrace
+  Write-PipelineTelemetryError -Force -Category 'Sdl' -Message $_
+  ExitWithExitCode 1
+}