Azure · jviau · Jul 8, 2024 · Jul 2, 2024
diff --git a/test/WebJobs.Script.Tests.Integration/Management/InstanceControllerTests.cs b/test/WebJobs.Script.Tests.Integration/Management/InstanceControllerTests.cs
@@ -28,9 +28,6 @@ namespace Microsoft.Azure.WebJobs.Script.Tests.Managment
  [Trait(TestTraits.Group, TestTraits.ContainerInstanceTests)]
  public class InstanceControllerTests
  {
- [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification = "Fake key for testing purposes.")]
- private const string ContainerEncryptionKey = "/a/vXvWJ3Hzgx4PFxlDUJJhQm5QVyGiu0NNLFm/ZMMg=";
-
  private readonly TestOptionsFactory<ScriptApplicationHostOptions> _optionsFactory = new TestOptionsFactory<ScriptApplicationHostOptions>(new ScriptApplicationHostOptions());
  private readonly Mock<IRunFromPackageHandler> _runFromPackageHandler;
 
@@ -82,14 +79,14 @@ public async Task Assign_MSISpecializationFailure_ReturnsError()
  hostAssignmentContext.Environment[EnvironmentSettingNames.MsiEndpoint] = "http://localhost:8081";
  hostAssignmentContext.Environment[EnvironmentSettingNames.MsiSecret] = "secret";
 
- var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext), ContainerEncryptionKey.ToKeyBytes());
+ var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext), TestHelpers.EncryptionKey.ToKeyBytes());
 
  var encryptedHostAssignmentContext = new EncryptedHostAssignmentContext()
  {
  EncryptedContext = encryptedHostAssignmentValue
  };
 
- environment.SetEnvironmentVariable(EnvironmentSettingNames.ContainerEncryptionKey, ContainerEncryptionKey);
+ environment.SetEnvironmentVariable(EnvironmentSettingNames.ContainerEncryptionKey, TestHelpers.EncryptionKey);
 
  IActionResult result = await instanceController.Assign(encryptedHostAssignmentContext);
 
@@ -158,14 +155,14 @@ public async Task Assignment_Sets_Secrets_Context()
  hostAssignmentContext.Secrets = new FunctionAppSecrets();
  hostAssignmentContext.IsWarmupRequest = false; // non-warmup Request
 
- var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext), ContainerEncryptionKey.ToKeyBytes());
+ var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext), TestHelpers.EncryptionKey.ToKeyBytes());
 
  var encryptedHostAssignmentContext = new EncryptedHostAssignmentContext()
  {
  EncryptedContext = encryptedHostAssignmentValue
  };
 
- environment.SetEnvironmentVariable(EnvironmentSettingNames.ContainerEncryptionKey, ContainerEncryptionKey);
+ environment.SetEnvironmentVariable(EnvironmentSettingNames.ContainerEncryptionKey, TestHelpers.EncryptionKey);
 
  await instanceController.Assign(encryptedHostAssignmentContext);
  Assert.NotNull(startupContextProvider.Context);
@@ -211,14 +208,14 @@ public async Task Assignment_Does_Not_Set_Secrets_Context_For_Warmup_Request()
  hostAssignmentContext.Secrets = new FunctionAppSecrets();
  hostAssignmentContext.IsWarmupRequest = true; // Warmup Request
 
- var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext), ContainerEncryptionKey.ToKeyBytes());
+ var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext), TestHelpers.EncryptionKey.ToKeyBytes());
 
  var encryptedHostAssignmentContext = new EncryptedHostAssignmentContext()
  {
  EncryptedContext = encryptedHostAssignmentValue
  };
 
- environment.SetEnvironmentVariable(EnvironmentSettingNames.ContainerEncryptionKey, ContainerEncryptionKey);
+ environment.SetEnvironmentVariable(EnvironmentSettingNames.ContainerEncryptionKey, TestHelpers.EncryptionKey);
 
  await instanceController.Assign(encryptedHostAssignmentContext);
  Assert.Null(startupContextProvider.Context);
@@ -252,14 +249,14 @@ public async Task Assignment_Invokes_InstanceManager_Methods_For_Warmup_Requests
 
  var encryptedHostAssignmentValue =
  SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext),
- ContainerEncryptionKey.ToKeyBytes());
+ TestHelpers.EncryptionKey.ToKeyBytes());
 
  var encryptedHostAssignmentContext = new EncryptedHostAssignmentContext()
  {
  EncryptedContext = encryptedHostAssignmentValue
  };
 
- environment.SetEnvironmentVariable(EnvironmentSettingNames.ContainerEncryptionKey, ContainerEncryptionKey);
+ environment.SetEnvironmentVariable(EnvironmentSettingNames.ContainerEncryptionKey, TestHelpers.EncryptionKey);
 
  await instanceController.Assign(encryptedHostAssignmentContext);
 

diff --git a/test/WebJobs.Script.Tests.Integration/Management/KubernetesPodControllerTests.cs b/test/WebJobs.Script.Tests.Integration/Management/KubernetesPodControllerTests.cs
@@ -28,9 +28,6 @@ namespace Microsoft.Azure.WebJobs.Script.Tests.Managment
  [Trait(TestTraits.Group, TestTraits.ContainerInstanceTests)]
  public class KubernetesPodControllerTests
  {
- [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification = "Fake key for testing purposes.")]
- private const string PodEncryptionKey = "/a/vXvWJ3Hzgx4PFxlDUJJhQm5QVyGiu0NNLFm/ZMMg=";
-
  private readonly TestOptionsFactory<ScriptApplicationHostOptions> _optionsFactory = new TestOptionsFactory<ScriptApplicationHostOptions>(new ScriptApplicationHostOptions());
 
  [Fact]
@@ -74,14 +71,14 @@ public async Task Assignment_Succeeds_With_Encryption_Key()
  hostAssignmentContext.Secrets = new FunctionAppSecrets();
  hostAssignmentContext.IsWarmupRequest = false;
 
- var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext), PodEncryptionKey.ToKeyBytes());
+ var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext), TestHelpers.EncryptionKey.ToKeyBytes());
 
  var encryptedHostAssignmentContext = new EncryptedHostAssignmentContext()
  {
  EncryptedContext = encryptedHostAssignmentValue
  };
 
- environment.SetEnvironmentVariable(EnvironmentSettingNames.PodEncryptionKey, PodEncryptionKey);
+ environment.SetEnvironmentVariable(EnvironmentSettingNames.PodEncryptionKey, TestHelpers.EncryptionKey);
  environment.SetEnvironmentVariable(EnvironmentSettingNames.KubernetesServiceHost, "http://localhost:80");
  environment.SetEnvironmentVariable(EnvironmentSettingNames.PodNamespace, "k8se-apps");
 
@@ -131,7 +128,7 @@ public async Task Assignment_Fails_Without_Encryption_Key()
  hostAssignmentContext.Secrets = new FunctionAppSecrets();
  hostAssignmentContext.IsWarmupRequest = false;
 
- var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext), PodEncryptionKey.ToKeyBytes());
+ var encryptedHostAssignmentValue = SimpleWebTokenHelper.Encrypt(JsonConvert.SerializeObject(hostAssignmentContext), TestHelpers.EncryptionKey.ToKeyBytes());
 
  var encryptedHostAssignmentContext = new EncryptedHostAssignmentContext()
  {

diff --git a/test/WebJobs.Script.Tests.Integration/Management/MeshServiceClientTests.cs b/test/WebJobs.Script.Tests.Integration/Management/MeshServiceClientTests.cs
@@ -3,10 +3,10 @@
 
 using System;
 using System.Collections.Generic;
-using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
+using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Azure.WebJobs.Script.WebHost.Management;
@@ -21,9 +21,6 @@ namespace Microsoft.Azure.WebJobs.Script.Tests.Integration.Management
 {
  public class MeshServiceClientTests
  {
- [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification = "Fake key for testing purposes.")]
- private const string ConnectionString = "DefaultEndpointsProtocol=https;AccountName=storageaccount;AccountKey=whXtW6WP8QTh84TT5wdjgzeFTj7Vc1aOiCVjTXohpE+jALoKOQ9nlQpj5C5zpgseVJxEVbaAhptP5j5DpaLgtA==";
-
  private const string MeshInitUri = "http://localhost:8954/";
  private const string ContainerName = "MockContainerName";
  private readonly IMeshServiceClient _meshServiceClient;
@@ -83,9 +80,7 @@ public async Task MountsCifsShare()
  StatusCode = HttpStatusCode.OK
  });
 
-
-
- await _meshServiceClient.MountCifs(ConnectionString, "sharename", "/data");
+ await _meshServiceClient.MountCifs(TestHelpers.StorageConnectionString, "sharename", "/data");
 
  await Task.Delay(500);
 

diff --git a/test/WebJobs.Script.Tests.Shared/TestHelpers.Constants.cs b/test/WebJobs.Script.Tests.Shared/TestHelpers.Constants.cs
@@ -0,0 +1,46 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+using System;
+using System.IO;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace Microsoft.Azure.WebJobs.Script.Tests
+{
+ public static partial class TestHelpers
+ {
+#if DEBUG
+ public const string BuildConfig = "debug";
+#else
+ public const string BuildConfig = "release";
+#endif
+ // Not a real storage account key.
+ public static readonly string StorageAccountKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("PLACEHOLDER"));
+
+ // Not a real connection string.
+ public static readonly string StorageConnectionString = $"DefaultEndpointsProtocol=http;AccountName=fakeaccount;AccountKey={StorageAccountKey}";
+
+ private static readonly Lazy<string> _encryptionKey = new Lazy<string>(
+ () =>
+ {
+ using Aes aes = Aes.Create();
+ aes.GenerateKey();
+ return Convert.ToBase64String(aes.Key);
+ });
+
+ public static string EncryptionKey => _encryptionKey.Value;
+
+ /// <summary>
+ /// Gets the common root directory that functions tests create temporary directories under.
+ /// This enables us to clean up test files by deleting this single directory.
+ /// </summary>
+ public static string FunctionsTestDirectory
+ {
+ get
+ {
+ return Path.Combine(Path.GetTempPath(), "FunctionsTest");
+ }
+ }
+ }
+}
diff --git a/test/WebJobs.Script.Tests.Shared/TestHelpers.cs b/test/WebJobs.Script.Tests.Shared/TestHelpers.cs
@@ -29,27 +29,9 @@ namespace Microsoft.Azure.WebJobs.Script.Tests
 {
  public static partial class TestHelpers
  {
-#if DEBUG
- public const string BuildConfig = "debug";
-#else
- public const string BuildConfig = "release";
-#endif
-
  private const string Chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
  private static readonly Random Random = new Random();
 
- /// <summary>
- /// Gets the common root directory that functions tests create temporary directories under.
- /// This enables us to clean up test files by deleting this single directory.
- /// </summary>
- public static string FunctionsTestDirectory
- {
- get
- {
- return Path.Combine(Path.GetTempPath(), "FunctionsTest");
- }
- }
-
  public static Task WaitOneAsync(this WaitHandle waitHandle)
  {
  if (waitHandle == null)

diff --git a/test/WebJobs.Script.Tests.Shared/WebJobs.Script.Tests.Shared.projitems b/test/WebJobs.Script.Tests.Shared/WebJobs.Script.Tests.Shared.projitems
@@ -31,6 +31,7 @@
  <Compile Include="$(MSBuildThisFileDirectory)TestTraits.cs" />
  <Compile Include="$(MSBuildThisFileDirectory)TestHandler.cs" />
  <Compile Include="$(MSBuildThisFileDirectory)TestHelpers.cs" />
+ <Compile Include="$(MSBuildThisFileDirectory)TestHelpers.Constants.cs" />
  <Compile Include="$(MSBuildThisFileDirectory)TestHelpers.Functions.cs" />
  <Compile Include="$(MSBuildThisFileDirectory)TestInvoker.cs" />
  <Compile Include="$(MSBuildThisFileDirectory)TestTelemetryChannel.cs" />

diff --git a/test/WebJobs.Script.Tests/Security/SecretManagerTests.cs b/test/WebJobs.Script.Tests/Security/SecretManagerTests.cs
@@ -19,7 +19,6 @@
 using Microsoft.Azure.WebJobs.Script.WebHost.Models;
 using Microsoft.Azure.WebJobs.Script.WebHost.Properties;
 using Microsoft.Azure.WebJobs.Script.WebHost.Security;
-using Microsoft.Azure.WebJobs.Script.WebHost.Storage;
 using Microsoft.Extensions.Logging;
 using Microsoft.WebJobs.Script.Tests;
 using Moq;
@@ -34,8 +33,6 @@ public class SecretManagerTests
  {
  private const int TestSentinelWatcherInitializationDelayMS = 50;
 
- [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Fake key for testing purposes.")]
- private const string TestEncryptionKey = "/a/vXvWJ3Hzgx4PFxlDUJJhQm5QVyGiu0NNLFm/ZMMg=";
  private readonly HostNameProvider _hostNameProvider;
  private readonly TestEnvironment _testEnvironment;
  private readonly TestLoggerProvider _loggerProvider;
@@ -63,7 +60,7 @@ public async Task CachedSecrets_UsedWhenPresent()
  {
  string startupContextPath = Path.Combine(directory.Path, Guid.NewGuid().ToString());
  _testEnvironment.SetEnvironmentVariable(EnvironmentSettingNames.AzureWebsiteStartupContextCache, startupContextPath);
- _testEnvironment.SetEnvironmentVariable(EnvironmentSettingNames.WebSiteAuthEncryptionKey, TestEncryptionKey);
+ _testEnvironment.SetEnvironmentVariable(EnvironmentSettingNames.WebSiteAuthEncryptionKey, TestHelpers.EncryptionKey);
 
  WriteStartContextCache(startupContextPath);
 
@@ -120,7 +117,7 @@ public async Task GetAuthorizationLevelOrNullAsync_ReturnsExpectedResult(string
  {
  string startupContextPath = Path.Combine(directory.Path, Guid.NewGuid().ToString());
  _testEnvironment.SetEnvironmentVariable(EnvironmentSettingNames.AzureWebsiteStartupContextCache, startupContextPath);
- _testEnvironment.SetEnvironmentVariable(EnvironmentSettingNames.WebSiteAuthEncryptionKey, TestEncryptionKey);
+ _testEnvironment.SetEnvironmentVariable(EnvironmentSettingNames.WebSiteAuthEncryptionKey, TestHelpers.EncryptionKey);
 
  WriteStartContextCache(startupContextPath);
 
@@ -181,7 +178,7 @@ private FunctionAppSecrets WriteStartContextCache(string path)
  };
 
  string json = JsonConvert.SerializeObject(context);
- var encryptionKey = Convert.FromBase64String(TestEncryptionKey);
+ var encryptionKey = Convert.FromBase64String(TestHelpers.EncryptionKey);
  string encryptedJson = SimpleWebTokenHelper.Encrypt(json, encryptionKey);
 
  File.WriteAllText(path, encryptedJson);

diff --git a/test/WebJobs.Script.Tests/StartupContextProviderTests.cs b/test/WebJobs.Script.Tests/StartupContextProviderTests.cs
@@ -20,9 +20,6 @@ namespace Microsoft.Azure.WebJobs.Script.Tests
 {
  public class StartupContextProviderTests
  {
- [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Fake key for testing purposes.")]
- private const string TestEncryptionKey = "/a/vXvWJ3Hzgx4PFxlDUJJhQm5QVyGiu0NNLFm/ZMMg=";
-
  private readonly FunctionAppSecrets _secrets;
  private readonly StartupContextProvider _startupContextProvider;
  private readonly TestEnvironment _environment;
@@ -72,7 +69,7 @@ public StartupContextProviderTests()
  _loggerProvider = new TestLoggerProvider();
  loggerFactory.AddProvider(_loggerProvider);
 
- _environment.SetEnvironmentVariable(EnvironmentSettingNames.WebSiteAuthEncryptionKey, TestEncryptionKey);
+ _environment.SetEnvironmentVariable(EnvironmentSettingNames.WebSiteAuthEncryptionKey, TestHelpers.EncryptionKey);
 
  _startupContextProvider = new StartupContextProvider(_environment, loggerFactory.CreateLogger<StartupContextProvider>());
  }