Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Credentials fix #50230

Merged
merged 14 commits into from
Mar 26, 2021
Merged

Credentials fix #50230

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
6e4d109
Port of https://github.com/dotnet/corefx/pull/43051
Mar 23, 2021
8741e74
Shrink suppression file
Mar 23, 2021
bb366bc
Fix another bugs
Mar 24, 2021
3548198
Bump System.Net.TestData version
Mar 25, 2021
65bca41
Fix typo
Mar 25, 2021
f634140
Revert casing in connection string
Mar 25, 2021
c9cb32e
Fix connection string case
Mar 25, 2021
98435d1
more fixes
danmoseley Mar 25, 2021
73aa55d
Change suppression messages
Mar 25, 2021
e2007f5
Merge remote-tracking branch 'origin/jajahoda/cred-6.0' into jajahoda…
Mar 25, 2021
9bfa1b0
Fix typo
Mar 25, 2021
acb3937
Remove false positive
Mar 25, 2021
044614d
Merge branch 'main' into jajahoda/cred-6.0
danmoseley Mar 25, 2021
7bf1b86
Fix usersecrets
danmoseley Mar 26, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 1 addition & 59 deletions .config/CredScanSuppressions.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,7 @@
"tool": "Credential Scanner",
"suppressions": [
{
"_justification": "Unit test containing connection strings under the test.",
"file": [
"src/libraries/System.Data.Common/tests/System/Data/Common/DbConnectionStringBuilderTest.cs"
]
},
{
"_justification": "Private key for testing purpose.",
"_justification": "Suppression approved. Private key for testing purpose.",
"file": [
"src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyPemTests.cs",
"src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/EC/ECKeyPemTests.cs",
Expand All @@ -19,58 +13,6 @@
"-----BEGIN PRIVATE KEY-----",
"-----BEGIN * PRIVATE KEY-----"
]
},
{
"_justification": "Test credential for Uri testing",
"file": [
"src/libraries/System.Net.Http/tests/UnitTests/HttpEnvironmentProxyTest.cs",
"src/libraries/System.Private.Uri/tests/ExtendedFunctionalTests/UriRelativeResolutionTest.cs",
"src/libraries/System.Private.Uri/tests/FunctionalTests/UriBuilderRefreshTest.cs",
"src/libraries/System.Private.Uri/tests/FunctionalTests/UriBuilderTests.cs",
"src/libraries/System.Private.Uri/tests/FunctionalTests/UriRelativeResolutionTest.cs",
"src/libraries/System.Runtime/tests/System/Uri.CreateStringTests.cs"
],
"placeholder": [
"//*:;&$=123USERINFO@",
"//*:bar@",
"//*:bar1@",
"//*:password1@",
"//*:psw@",
"//*:userinfo2@"
]
},
{
"_justification": "Generic test password.",
"file": [
"src/libraries/Common/tests/System/Net/Configuration.Certificates.cs",
"src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.Authentication.cs",
"src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.cs",
"src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.DefaultProxyCredentials.cs",
"src/libraries/Common/tests/System/Net/Http/PostScenarioTest.cs",
"src/libraries/Common/tests/System/Net/Prerequisites/Deployment/setup_certificates.ps1",
"src/libraries/System.Net.Http/tests/FunctionalTests/SocketsHttpHandlerTest.cs",
"src/libraries/System.Net.Http/tests/UnitTests/DigestAuthenticationTests.cs",
"src/libraries/System.Net.Http/tests/UnitTests/HttpEnvironmentProxyTest.cs",
"src/libraries/System.Net.Mail/tests/Functional/SmtpClientTest.cs",
"src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs",
"src/libraries/System.Security.Cryptography.Xml/tests/TestHelpers.cs",
"src/libraries/System.Security.Cryptography.Csp/tests/PasswordDeriveBytesTests.cs",
"src/libraries/System.Security.Cryptography.Csp/tests/TrimmingTests/PasswordDeriveBytesTest.cs",
"src/libraries/System.Security.Cryptography.Algorithms/tests/Rfc2898OneShotTests.cs"
],
"placeholder": [
"\"anotherpassword\"",
"\"bar\"",
"\"mono\"",
"\"password1\"",
"\"rightpassword\"",
"\"testcertificate\"",
"\"unused\"",
"\"wrongpassword\"",
"\"PasswordGoesHere\"",
"\"FakePasswordsAreHard\"",
"\"tired\""
]
}
]
}
4 changes: 2 additions & 2 deletions src/libraries/Common/src/Interop/Windows/WinHttp/Interop.winhttp_types.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,10 +129,10 @@ internal static partial class WinHttp
public const uint WINHTTP_AUTH_TARGET_PROXY = 0x00000001;

public const uint WINHTTP_OPTION_USERNAME = 0x1000;
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="It is property descriptor, not secret value.")]
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Suppression approved. It is property descriptor, not secret value.")]
public const uint WINHTTP_OPTION_PASSWORD = 0x1001;
public const uint WINHTTP_OPTION_PROXY_USERNAME = 0x1002;
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="It is property descriptor, not secret value.")]
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Suppression approved. It is property descriptor, not secret value.")]
public const uint WINHTTP_OPTION_PROXY_PASSWORD = 0x1003;

public const uint WINHTTP_OPTION_SERVER_SPN_USED = 106;
Expand Down
4 changes: 2 additions & 2 deletions src/libraries/Common/tests/System/Net/Configuration.Certificates.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ public static partial class Configuration
{
public static partial class Certificates
{
private const string CertificatePassword = "testcertificate";
private const string TestDataFolder = "TestData";
private const string CertificatePassword = "PLACEHOLDER";
private const string TestDataFolder = "TestDataCertificates";
private const int MutexTimeoutMs = 120_000;

private static readonly X509Certificate2 s_serverCertificate;
Expand Down
4 changes: 2 additions & 2 deletions src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -306,7 +306,7 @@ public async Task GetAsync_ServerNeedsNonStandardAuthAndSetCredential_StatusCode
await LoopbackServerFactory.CreateServerAsync(async (server, url) =>
{
HttpClientHandler handler = CreateHttpClientHandler();
handler.Credentials = new NetworkCredential("unused", "unused");
handler.Credentials = new NetworkCredential("unused", "PLACEHOLDER");
using (HttpClient client = CreateHttpClient(handler))
{
Task<HttpResponseMessage> getResponseTask = client.GetAsync(url);
Expand Down Expand Up @@ -630,7 +630,7 @@ await LoopbackServer.CreateClientAndServerAsync(async uri =>
$"Accept-Patch:{fold} text/example;charset=utf-8{newline}" +
$"Accept-Ranges:{fold} bytes{newline}" +
$"Age: {fold}12{newline}" +
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test dummy authorization.")]
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Suppression approved. Unit test dummy authorization.")]
$"Authorization: Bearer 63123a47139a49829bcd8d03005ca9d7{newline}" +
$"Allow: {fold}GET, HEAD{newline}" +
$"Alt-Svc:{fold} http/1.1=\"http2.example.com:8001\"; ma=7200{newline}" +
Expand Down
2 changes: 1 addition & 1 deletion src/libraries/Common/tests/System/Net/Http/PostScenarioTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ public abstract class PostScenarioTest : HttpClientHandlerTestBase
{
private const string ExpectedContent = "Test contest";
private const string UserName = "user1";
private const string Password = "password1";
private const string Password = "PLACEHOLDER";

public PostScenarioTest(ITestOutputHelper output) : base(output) { }

Expand Down
8 changes: 4 additions & 4 deletions src/libraries/Common/tests/System/Net/Prerequisites/Deployment/setup_certificates.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,15 @@

# Certificate configuration

$script:testDataUri = "https://github.com/dotnet/runtime-assets/archive/master.zip"
$script:testDataUri = "https://github.com/dotnet/runtime-assets/archive/main.zip"
$script:testData = "runtime-assets"
$script:certificatePath = "$($script:testData)\runtime-assets-master\System.Net.TestData"
$script:certificatePath = "$($script:testData)\src\System.Net.TestData\TestDataCertificates"

$script:clientPrivateKeyPath = Join-Path $script:certificatePath "testclient1_at_contoso.com.pfx"
$script:clientPrivateKeyPassword = "testcertificate"
$script:clientPrivateKeyPassword = "PLACEHOLDER"

$script:serverPrivateKeyPath = Join-Path $script:certificatePath "contoso.com.pfx"
$script:serverPrivateKeyPassword = "testcertificate"
$script:serverPrivateKeyPassword = "PLACEHOLDER"

Function GetFullPath($relativePath)
{
Expand Down
2 changes: 1 addition & 1 deletion ...s/Common/tests/System/Security/Cryptography/AlgorithmImplementations/EC/ECKeyFileTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,7 @@ public void ReadNistP521EncryptedPkcs8_Pbes2_Aes128_Sha384()
public void ReadNistP521EncryptedPkcs8_Pbes2_Aes128_Sha384_PasswordBytes()
{
// PBES2, PBKDF2 (SHA384), AES128
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test key.")]
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Suppression approved. Unit test key.")]
const string base64 = @"
MIIBXTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI/JyXWyp/t3kCAggA
MAwGCCqGSIb3DQIKBQAwHQYJYIZIAWUDBAECBBA3H8mbFK5afB5GzIemCCQkBIIB
Expand Down
6 changes: 3 additions & 3 deletions ...Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAKeyFileTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -765,7 +765,7 @@ public static void ReadPbes2Rc2EncryptedDiminishedDP()
public static void ReadPbes2Rc2EncryptedDiminishedDP_PasswordBytes()
{
// PBES2: PBKDF2 + RC2-128
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test key.")]
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Suppression approved. Unit test key.")]
const string base64 = @"
MIIBrjBIBgkqhkiG9w0BBQ0wOzAeBgkqhkiG9w0BBQwwEQQIKZEFT76zCFECAggA
AgEQMBkGCCqGSIb3DQMCMA0CAToECE1Yyzk6++IPBIIBYDDvaYLkET8eudcYLQMf
Expand All @@ -791,7 +791,7 @@ public static void ReadPbes2Rc2EncryptedDiminishedDP_PasswordBytes()
[Fact]
public static void ReadEncryptedDiminishedDP_EmptyPassword()
{
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test key.")]
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Suppression approved. Unit test key.")]
const string base64 = @"
MIIBgTAbBgkqhkiG9w0BBQMwDgQIJtjMez/9Gg4CAggABIIBYElq9UOOphEPU3b7
G/mV8M1uEdjigidMPih3b9IIJhrjMAEix2IjS+brFL7KRQgucpZZoaFU1utvkUHg
Expand All @@ -816,7 +816,7 @@ public static void ReadEncryptedDiminishedDP_EmptyPassword()
[Fact]
public static void ReadEncryptedDiminishedDP_EmptyPasswordBytes()
{
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test key.")]
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Suppression approved. Unit test key.")]
const string base64 = @"
MIIBgTAbBgkqhkiG9w0BBQMwDgQIJtjMez/9Gg4CAggABIIBYElq9UOOphEPU3b7
G/mV8M1uEdjigidMPih3b9IIJhrjMAEix2IjS+brFL7KRQgucpZZoaFU1utvkUHg
Expand Down
6 changes: 3 additions & 3 deletions ...raries/Microsoft.Extensions.Configuration.UserSecrets/tests/ConfigurationExtensionTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,12 +125,12 @@ public void AddUserSecrets_DoesThrowsIfNotOptionalAndSecretDoesNotExist()
public void AddUserSecrets_With_SecretsId_Passed_Explicitly()
{
var userSecretsId = Guid.NewGuid().ToString();
SetSecret(userSecretsId, "Facebook:AppSecret", "value1");
SetSecret(userSecretsId, "Facebook:PLACEHOLDER", "value1");

var builder = new ConfigurationBuilder().AddUserSecrets(userSecretsId);
var configuration = builder.Build();

Assert.Equal("value1", configuration["Facebook:AppSecret"]);
Assert.Equal("value1", configuration["Facebook:PLACEHOLDER"]);
}

[Fact]
Expand All @@ -141,7 +141,7 @@ public void AddUserSecrets_Does_Not_Fail_On_Non_Existing_File()
var builder = new ConfigurationBuilder().AddUserSecrets(userSecretsId);

var configuration = builder.Build();
Assert.Null(configuration["Facebook:AppSecret"]);
Assert.Null(configuration["Facebook:PLACEHOLDER"]);
Assert.False(File.Exists(secretFilePath));
}

Expand Down
62 changes: 31 additions & 31 deletions src/libraries/System.Data.Common/tests/System/Data/Common/DbConnectionStringBuilderTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1691,17 +1691,17 @@ public void EmbeddedCharTest1()

sb["Data Source"] = "testdb";
sb["User ID"] = "someuser";
sb["Password"] = "abcdef";
Assert.Equal("Data Source=testdb;User ID=someuser;Password=abcdef",
sb["Password"] = "PLACEHOLDER";
Assert.Equal("Data Source=testdb;User ID=someuser;Password=PLACEHOLDER",
sb.ConnectionString);

sb["Password"] = "abcdef#";
Assert.Equal("Data Source=testdb;User ID=someuser;Password=abcdef#",
sb["Password"] = "PLACEHOLDER#";
Assert.Equal("Data Source=testdb;User ID=someuser;Password=PLACEHOLDER#",
sb.ConnectionString);

// an embedded single-quote value will result in the value being delimieted with double quotes
sb["Password"] = "abc\'def";
Assert.Equal("Data Source=testdb;User ID=someuser;Password=\"abc\'def\"",
sb["Password"] = "PLACEHOLDER\'def";
Assert.Equal("Data Source=testdb;User ID=someuser;Password=\"PLACEHOLDER\'def\"",
sb.ConnectionString);

// an embedded double-quote value will result in the value being delimieted with single quotes
Expand All @@ -1717,39 +1717,39 @@ public void EmbeddedCharTest1()
sb.ConnectionString);

sb = new DbConnectionStringBuilder();
sb["PASSWORD"] = "abcdef1";
sb["PASSWORD"] = "PLACEHOLDERabcdef1";
sb["user id"] = "someuser";
sb["Data Source"] = "testdb";
Assert.Equal("PASSWORD=abcdef1;user id=someuser;Data Source=testdb",
Assert.Equal("PASSWORD=PLACEHOLDERabcdef1;user id=someuser;Data Source=testdb",
sb.ConnectionString);

// case is preserved for a keyword that was added the first time
sb = new DbConnectionStringBuilder();
sb["PassWord"] = "abcdef2";
sb["PassWord"] = "PLACEHOLDERabcdef2";
sb["uSER iD"] = "someuser";
sb["DaTa SoUrCe"] = "testdb";
Assert.Equal("PassWord=abcdef2;uSER iD=someuser;DaTa SoUrCe=testdb",
Assert.Equal("PassWord=PLACEHOLDERabcdef2;uSER iD=someuser;DaTa SoUrCe=testdb",
sb.ConnectionString);
sb["passWORD"] = "abc123";
Assert.Equal("PassWord=abc123;uSER iD=someuser;DaTa SoUrCe=testdb",
sb["passWORD"] = "PLACEHOLDERabc123";
Assert.Equal("PassWord=PLACEHOLDERabc123;uSER iD=someuser;DaTa SoUrCe=testdb",
sb.ConnectionString);

// embedded equal sign in the value will cause the value to be
// delimited with double-quotes
sb = new DbConnectionStringBuilder();
sb["Password"] = "abc=def";
sb["Password"] = "PLACEHOLDER=def";
sb["Data Source"] = "testdb";
sb["User ID"] = "someuser";
Assert.Equal("Password=\"abc=def\";Data Source=testdb;User ID=someuser",
Assert.Equal("Password=\"PLACEHOLDER=def\";Data Source=testdb;User ID=someuser",
sb.ConnectionString);

// embedded semicolon in the value will cause the value to be
// delimited with double-quotes
sb = new DbConnectionStringBuilder();
sb["Password"] = "abc;def";
sb["Password"] = "PLACEHOLDER;def";
sb["Data Source"] = "testdb";
sb["User ID"] = "someuser";
Assert.Equal("Password=\"abc;def\";Data Source=testdb;User ID=someuser",
Assert.Equal("Password=\"PLACEHOLDER;def\";Data Source=testdb;User ID=someuser",
sb.ConnectionString);

// more right parentheses then left parentheses - happily takes it
Expand Down Expand Up @@ -1866,32 +1866,32 @@ public void EmbeddedCharTest3()
DbConnectionStringBuilder sb;

sb = new DbConnectionStringBuilder();
sb.ConnectionString = "User ID=SCOTT;Password=TiGeR;Data Source=" + dataSource;
sb.ConnectionString = "User ID=SCOTT;Password=PLACEHOLDER;Data Source=" + dataSource;
Assert.Equal(dataSource, sb["Data Source"]);
Assert.Equal("SCOTT", sb["User ID"]);
Assert.Equal("TiGeR", sb["Password"]);
Assert.Equal("PLACEHOLDER", sb["Password"]);
Assert.Equal(
"user id=SCOTT;password=TiGeR;data source=\"(DESCRIPTION=(ADDRESS=(PROTOCOL=" +
"user id=SCOTT;password=PLACEHOLDER;data source=\"(DESCRIPTION=(ADDRESS=(PROTOCOL=" +
"TCP)(HOST=192.168.1.101)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)" +
"(SERVICE_NAME=TESTDB)))\"", sb.ConnectionString);

sb = new DbConnectionStringBuilder(false);
sb.ConnectionString = "User ID=SCOTT;Password=TiGeR;Data Source=" + dataSource;
sb.ConnectionString = "User ID=SCOTT;Password=PLACEHOLDER;Data Source=" + dataSource;
Assert.Equal(dataSource, sb["Data Source"]);
Assert.Equal("SCOTT", sb["User ID"]);
Assert.Equal("TiGeR", sb["Password"]);
Assert.Equal("PLACEHOLDER", sb["Password"]);
Assert.Equal(
"user id=SCOTT;password=TiGeR;data source=\"(DESCRIPTION=(ADDRESS=(PROTOCOL=" +
"user id=SCOTT;password=PLACEHOLDER;data source=\"(DESCRIPTION=(ADDRESS=(PROTOCOL=" +
"TCP)(HOST=192.168.1.101)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)" +
"(SERVICE_NAME=TESTDB)))\"", sb.ConnectionString);

sb = new DbConnectionStringBuilder(true);
sb.ConnectionString = "User ID=SCOTT;Password=TiGeR;Data Source=" + dataSource;
sb.ConnectionString = "User ID=SCOTT;Password=PLACEHOLDER;Data Source=" + dataSource;
Assert.Equal(dataSource, sb["Data Source"]);
Assert.Equal("SCOTT", sb["User ID"]);
Assert.Equal("TiGeR", sb["Password"]);
Assert.Equal("PLACEHOLDER", sb["Password"]);
Assert.Equal(
"user id=SCOTT;password=TiGeR;data source=(DESCRIPTION=(ADDRESS=(PROTOCOL=" +
"user id=SCOTT;password=PLACEHOLDER;data source=(DESCRIPTION=(ADDRESS=(PROTOCOL=" +
"TCP)(HOST=192.168.1.101)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)" +
"(SERVICE_NAME=TESTDB)))", sb.ConnectionString);
}
Expand All @@ -1902,24 +1902,24 @@ public void EmbeddedCharTest4()
DbConnectionStringBuilder sb;

sb = new DbConnectionStringBuilder();
sb.ConnectionString = "PassWord=abcdef2;uSER iD=someuser;DaTa SoUrCe=testdb";
sb.ConnectionString = "PassWord=PLACEHOLDER;user iD=someuser;DaTa SoUrCe=testdb";
sb["Integrated Security"] = "False";
Assert.Equal(
"password=abcdef2;user id=someuser;data source=testdb;Integrated Security=False",
"password=PLACEHOLDER;user id=someuser;data source=testdb;Integrated Security=False",
sb.ConnectionString);

sb = new DbConnectionStringBuilder(false);
sb.ConnectionString = "PassWord=abcdef2;uSER iD=someuser;DaTa SoUrCe=testdb";
sb.ConnectionString = "PassWord=PLACEHOLDER;uSER iD=someuser;DaTa SoUrCe=testdb";
sb["Integrated Security"] = "False";
Assert.Equal(
"password=abcdef2;user id=someuser;data source=testdb;Integrated Security=False",
"password=PLACEHOLDER;user id=someuser;data source=testdb;Integrated Security=False",
sb.ConnectionString);

sb = new DbConnectionStringBuilder(true);
sb.ConnectionString = "PassWord=abcdef2;uSER iD=someuser;DaTa SoUrCe=testdb";
sb.ConnectionString = "PassWord=PLACEHOLDER;uSER iD=someuser;DaTa SoUrCe=testdb";
sb["Integrated Security"] = "False";
Assert.Equal(
"password=abcdef2;user id=someuser;data source=testdb;Integrated Security=False",
"password=PLACEHOLDER;user id=someuser;data source=testdb;Integrated Security=False",
sb.ConnectionString);
}

Expand Down
Loading