Revert "Deactivate Base64 Encoded Vso Commands AB#2008236 (#5158)" (#…

…5232)

This reverts commit bc979be.

Revert "Deactivate Base64 Encoded Vso Commands AB#2008236 (#5158)" (#…

…5232)

This reverts commit bc979be.

Revert "Upgrate new version of tf.exe - vstsom.zip - AB#2257240 (#5138)…

…" (#5217)

This reverts commit 1b7fa9f.

Co-authored-by: Sanju Yadav <sanjuyadav@microsoft.com>

Revert "Upgrate new version of tf.exe - vstsom.zip - AB#2257240 (#5138)…

…" (#5217)

This reverts commit 1b7fa9f.

Co-authored-by: Sanju Yadav <sanjuyadav@microsoft.com>

Agent Release - Replaced Download .NET Vanity URL with Actual URL (#5201

)

* Update dot net url

Prevent using vso commands with Build.SourceVersionAuthor variable (#…

…5184)

Co-authored-by: Slava Irkhin <slavairkhin@microsoft.com>

Use Microsoft.Security.Utilities.Core package for the 'new' secret ma…

…sker (#5169)

When a new feature flag `DistributedTask.Agent.EnableNewMaskerAndRegexes` is enabled, a new corresponding agent knob `AZP_ENABLE_NEW_MASKER_AND_REGEXES` is turned on, we replace the use of `Microsoft.TeamFoundation.DistributedTask.Logging.SecretMasker` with `Microsoft.Security.Utilities.SecurityMasker` from the https://www.nuget.org/packages/Microsoft.Security.Utilities.Core package and https://github.com/microsoft/security-utilities repo.

This flag also enables the package's `WellKnownRegexPatterns.PreciselyClassifiedSecurityKeys` regex patterns. This class of pattern has high confidence, effectively admitting no false positives. It is also strongly oriented on detecting the latest Azure provider API key formats.

The new knob/flag pair replaces `DistributedTask.Agent.UseMaskingPerformanceEnhancements`/`AZP_ENABLE_NEW_SECRET_MASKER`, which would use a built-in `SecretMasker` that was implemented in this repo, along with a subset of the aforementioned `PreciselyClassifiedSecurityKeys` patterns also re-implemented in this repo. That code is therefore deleted in this change.

Note that in the absence of feature flags, the default behavior remains unchanged.

Benchmarking shows masking with the new feature enabled outperforming masking with it disabled even though the new feature also brings the added value of 30 additional patterns.

Co-authored-by: Michael C. Fanning <mikefan@microsoft.com>

Use Microsoft.Security.Utilities.Core package for the 'new' secret ma…

…sker (#5169)

When a new feature flag `DistributedTask.Agent.EnableNewMaskerAndRegexes` is enabled, a new corresponding agent knob `AZP_ENABLE_NEW_MASKER_AND_REGEXES` is turned on, we replace the use of `Microsoft.TeamFoundation.DistributedTask.Logging.SecretMasker` with `Microsoft.Security.Utilities.SecurityMasker` from the https://www.nuget.org/packages/Microsoft.Security.Utilities.Core package and https://github.com/microsoft/security-utilities repo.

This flag also enables the package's `WellKnownRegexPatterns.PreciselyClassifiedSecurityKeys` regex patterns. This class of pattern has high confidence, effectively admitting no false positives. It is also strongly oriented on detecting the latest Azure provider API key formats.

The new knob/flag pair replaces `DistributedTask.Agent.UseMaskingPerformanceEnhancements`/`AZP_ENABLE_NEW_SECRET_MASKER`, which would use a built-in `SecretMasker` that was implemented in this repo, along with a subset of the aforementioned `PreciselyClassifiedSecurityKeys` patterns also re-implemented in this repo. That code is therefore deleted in this change.

Note that in the absence of feature flags, the default behavior remains unchanged.

Benchmarking shows masking with the new feature enabled outperforming masking with it disabled even though the new feature also brings the added value of 30 additional patterns.

Co-authored-by: Michael C. Fanning <mikefan@microsoft.com>

add Ubuntu 20 to the list of deprecated iamges (#5148)

add Ubuntu 20 to the list of deprecated iamges (#5148)