Skip to content

Commit

Permalink
Fix vulnerability (#1874)
Browse files Browse the repository at this point in the history 
* Fix vulnerability
  • Loading branch information
@vicancy
vicancy authored Dec 1, 2023
1 parent 4e76ffd commit 4db043d
Show file tree
Hide file tree
Showing 6 changed files with 73 additions and 51 deletions.
26 changes: 17 additions & 9 deletions .github/workflows/osx.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,12 @@ on:
jobs:
build_osx:
runs-on: macOS-latest
strategy:
matrix:
dotnet-version: [ '7.0.x', '6.0.x' ]
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v2.2.0
- uses: dorny/paths-filter@v2
id: filter
with:
filters: |
Expand All @@ -29,19 +32,24 @@ jobs:
- '**.targets'
- '*.sh'
- '*.sln'
- name: Update SubModules
if: steps.filter.outputs.src == 'true'
run: git submodule update --init --recursive
- name: Setup .NET
uses: actions/setup-dotnet@v2
- name: Setup dotnet ${{ matrix.dotnet-version }}
uses: actions/setup-dotnet@v3
with:
dotnet-version: |
7.0.x
6.0.x
dotnet-version: ${{ matrix.dotnet-version }}
- name: Display dotnet version
run: dotnet --version
- name: Build with dotnet
run: "dotnet build AzureSignalR.sln /p:DisableNet461Tests=true"
if: steps.filter.outputs.src == 'true'
- name: Test
run: "dotnet test --no-build"
if: steps.filter.outputs.src == 'true'
run: dotnet test --no-build --logger trx --results-directory "TestResults-ubuntu-${{ matrix.dotnet-version }}"
- name: Upload dotnet test results
uses: actions/upload-artifact@v3
with:
name: dotnet-results-${{ matrix.dotnet-version }}
path: TestResults-ubuntu-${{ matrix.dotnet-version }}
# Use always() to always run this step to publish test results when there are test failures
if: ${{ always() }}
23 changes: 11 additions & 12 deletions .github/workflows/ubuntu.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,12 @@ on:
jobs:
build_ubuntu:
runs-on: ubuntu-latest
strategy:
matrix:
dotnet-version: [ '7.0.x', '6.0.x' ]
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v2.2.0
- uses: dorny/paths-filter@v2
id: filter
with:
filters: |
Expand All @@ -32,25 +35,21 @@ jobs:
- name: Update SubModules
run: git submodule update --init --recursive
if: steps.filter.outputs.src == 'true'
- name: Setup dotnet
- name: Setup dotnet ${{ matrix.dotnet-version }}
uses: actions/setup-dotnet@v3
with:
dotnet-version: |
7.0.x
6.0.x
- name: Set Dotnet Version
run: echo "DOTNET_VERSION=${{ steps.dotnet-setup.outputs.dotnet-version }}" >> $GITHUB_ENV

dotnet-version: ${{ matrix.dotnet-version }}
- name: Display dotnet version
run: dotnet --version
- name: Build with dotnet
run: "dotnet build AzureSignalR.sln /p:DisableNet461Tests=true"
if: steps.filter.outputs.src == 'true'
- name: Test
run: dotnet test --no-build --logger trx --results-directory "TestResults-ubuntu-$DOTNET_VERSION"
run: dotnet test --no-build --logger trx --results-directory "TestResults-ubuntu-${{ matrix.dotnet-version }}"
- name: Upload dotnet test results
uses: actions/upload-artifact@v3
with:
name: dotnet-results-$DOTNET_VERSION
path: TestResults-ubuntu-$DOTNET_VERSION
name: dotnet-results-${{ matrix.dotnet-version }}
path: TestResults-ubuntu-${{ matrix.dotnet-version }}
# Use always() to always run this step to publish test results when there are test failures
if: ${{ always() }}
32 changes: 20 additions & 12 deletions .github/workflows/windows.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,12 @@ on:
jobs:
build_windows:
runs-on: [windows-latest]
strategy:
matrix:
dotnet-version: [ '7.0.x', '6.0.x' ]
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v2.2.0
- uses: dorny/paths-filter@v2
id: filter
with:
filters: |
Expand All @@ -32,16 +35,21 @@ jobs:
- name: Update SubModules
run: git submodule update --init --recursive
if: steps.filter.outputs.src == 'true'

- name: Setup .NET
uses: actions/setup-dotnet@v2
- name: Setup dotnet ${{ matrix.dotnet-version }}
uses: actions/setup-dotnet@v3
with:
dotnet-version: |
7.0.x
6.0.x
5.0.x
include-prerelease: true

- name: Test
run: dotnet test
dotnet-version: ${{ matrix.dotnet-version }}
- name: Display dotnet version
run: dotnet --version
- name: Build with dotnet
run: "dotnet build AzureSignalR.sln"
if: steps.filter.outputs.src == 'true'
- name: Test
run: dotnet test --no-build --logger trx --results-directory "TestResults-ubuntu-${{ matrix.dotnet-version }}"
- name: Upload dotnet test results
uses: actions/upload-artifact@v3
with:
name: dotnet-results-${{ matrix.dotnet-version }}
path: TestResults-ubuntu-${{ matrix.dotnet-version }}
# Use always() to always run this step to publish test results when there are test failures
if: ${{ always() }}
2 changes: 1 addition & 1 deletion build/dependencies.props
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@
<MoqPackageVersion>4.14.5</MoqPackageVersion>
<XunitPackageVersion>2.4.2</XunitPackageVersion>
<XunitRunnerVisualStudioPackageVersion>2.4.2</XunitRunnerVisualStudioPackageVersion>
<MicrosoftOwinTestingPackageVersion>4.0.0</MicrosoftOwinTestingPackageVersion>
<MicrosoftOwinTestingPackageVersion>4.2.2</MicrosoftOwinTestingPackageVersion>
<MicrosoftAspNetCoreTestingVersion>2.1.0</MicrosoftAspNetCoreTestingVersion>
<SystemThreadingTasksExtensionsVersion>4.5.4</SystemThreadingTasksExtensionsVersion>
<MicrosoftAspNetCoreTestHostPackageVersion>6.0.24</MicrosoftAspNetCoreTestHostPackageVersion>
Expand Down
4 changes: 3 additions & 1 deletion src/Microsoft.Azure.SignalR.AspNet/Microsoft.Azure.SignalR.AspNet.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="Microsoft.AspNet.SignalR" Version="$(MicrosoftAspNetSignalRPackageVersion)" />
<!-- Directly reference Microsoft.Owin 4.x for security fix -->
<PackageReference Include="Microsoft.Owin" Version="$(MicrosoftOwinPackageVersion)" />
<PackageReference Include="Microsoft.AspNet.SignalR" Version="$(MicrosoftAspNetSignalRPackageVersion)" />
<PackageReference Include="Microsoft.AspNetCore.Connections.Abstractions" Version="$(MicrosoftAspNetCoreConnectionsAbstractionsPackageVersion)" />
<PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="$(MicrosoftExtensionsDependencyInjectionPackageVersion)" />
<PackageReference Include="Microsoft.Extensions.Logging.EventSource" Version="$(MicrosoftExtensionsLoggingEventSourcePackageVersion)" />
Expand Down
37 changes: 21 additions & 16 deletions test/Microsoft.Azure.SignalR.Tests/ServiceConnectionTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,10 +56,11 @@ public async Task TestServiceConnectionWithNormalApplicationTask()
Assert.Equal(ServiceConnectionStatus.Connected, connection.Status);
var clientConnectionId = Guid.NewGuid().ToString();

var waitClientTask = ccm.WaitForClientConnectionAsync(clientConnectionId);
await transportConnection.Application.Output.WriteAsync(
protocol.GetMessageBytes(new OpenConnectionMessage(clientConnectionId, new Claim[] { })));

var clientConnection = await ccm.WaitForClientConnectionAsync(clientConnectionId).OrTimeout();
var clientConnection = await waitClientTask.OrTimeout();

await transportConnection.Application.Output.WriteAsync(
protocol.GetMessageBytes(new CloseConnectionMessage(clientConnectionId)));
Expand All @@ -70,10 +71,11 @@ await transportConnection.Application.Output.WriteAsync(
// another connection comes in
clientConnectionId = Guid.NewGuid().ToString();

waitClientTask = ccm.WaitForClientConnectionAsync(clientConnectionId);
await transportConnection.Application.Output.WriteAsync(
protocol.GetMessageBytes(new OpenConnectionMessage(clientConnectionId, new Claim[] { })));

clientConnection = await ccm.WaitForClientConnectionAsync(clientConnectionId).OrTimeout();
clientConnection = await waitClientTask.OrTimeout();

// complete reading to end the connection
transportConnection.Application.Output.Complete();
Expand Down Expand Up @@ -111,11 +113,11 @@ public async Task TestServiceConnectionErrorCleansAllClients()
await connection.ConnectionInitializedTask.OrTimeout();
Assert.Equal(ServiceConnectionStatus.Connected, connection.Status);
var clientConnectionId = Guid.NewGuid().ToString();

var waitClientTask = ccm.WaitForClientConnectionAsync(clientConnectionId);
await transportConnection.Application.Output.WriteAsync(
protocol.GetMessageBytes(new OpenConnectionMessage(clientConnectionId, new Claim[] { })));

var clientConnection = await ccm.WaitForClientConnectionAsync(clientConnectionId).OrTimeout();
var clientConnection = await waitClientTask.OrTimeout();
// Cancel pending read to end the server connection
transportConnection.Transport.Input.CancelPendingRead();

Expand Down Expand Up @@ -167,11 +169,11 @@ public async Task TestServiceConnectionWithErrorApplicationTask()
await connection.ConnectionInitializedTask.OrTimeout();
Assert.Equal(ServiceConnectionStatus.Connected, connection.Status);
var clientConnectionId = Guid.NewGuid().ToString();

var waitClientTask = ccm.WaitForClientConnectionAsync(clientConnectionId);
await transportConnection.Application.Output.WriteAsync(
protocol.GetMessageBytes(new OpenConnectionMessage(clientConnectionId, new Claim[] { })));

var clientConnection = await ccm.WaitForClientConnectionAsync(clientConnectionId).OrTimeout();
var clientConnection = await waitClientTask.OrTimeout();

errorTcs.SetException(new InvalidOperationException("error operation"));

Expand Down Expand Up @@ -229,11 +231,11 @@ public async Task TestServiceConnectionWithEndlessApplicationTaskNeverEnds()
// completed handshake
await connection.ConnectionInitializedTask.OrTimeout();
Assert.Equal(ServiceConnectionStatus.Connected, connection.Status);

var waitClientTask = ccm.WaitForClientConnectionAsync(clientConnectionId);
await transportConnection.Application.Output.WriteAsync(
protocol.GetMessageBytes(new OpenConnectionMessage(clientConnectionId, new Claim[] { })));

var clientConnection = await ccm.WaitForClientConnectionAsync(clientConnectionId).OrTimeout();
var clientConnection = await waitClientTask.OrTimeout();

// complete reading to end the connection
transportConnection.Application.Output.Complete();
Expand Down Expand Up @@ -286,11 +288,11 @@ public async Task ClientConnectionOutgoingAbortCanEndLifeTime()
await connection.ConnectionInitializedTask.OrTimeout();
Assert.Equal(ServiceConnectionStatus.Connected, connection.Status);
var clientConnectionId = Guid.NewGuid().ToString();

var waitClientTask = ccm.WaitForClientConnectionAsync(clientConnectionId);
await transportConnection.Application.Output.WriteAsync(
protocol.GetMessageBytes(new OpenConnectionMessage(clientConnectionId, new Claim[] { })));

var clientConnection = await ccm.WaitForClientConnectionAsync(clientConnectionId).OrTimeout();
var clientConnection = await waitClientTask.OrTimeout();

clientConnection.CancelOutgoing();

Expand Down Expand Up @@ -344,10 +346,12 @@ public async Task ClientConnectionContextAbortCanSendOutCloseMessage()
Assert.Equal(ServiceConnectionStatus.Connected, connection.Status);
var clientConnectionId = Guid.NewGuid().ToString();

// make sure to register for wait first
var waitClientTask = ccm.WaitForClientConnectionAsync(clientConnectionId);

await transportConnection.Application.Output.WriteAsync(
protocol.GetMessageBytes(new OpenConnectionMessage(clientConnectionId, new Claim[] { })));

var clientConnection = await ccm.WaitForClientConnectionAsync(clientConnectionId).OrTimeout();
var clientConnection = await waitClientTask.OrTimeout();

await clientConnection.LifetimeTask.OrTimeout();

Expand Down Expand Up @@ -405,7 +409,8 @@ public async Task ClientConnectionWithDiagnosticClientTagTest()
// completed handshake
await connection.ConnectionInitializedTask.OrTimeout();
Assert.Equal(ServiceConnectionStatus.Connected, connection.Status);

var waitClientTask = Task.WhenAll(ccm.WaitForClientConnectionAsync(normalClientConnectionId),
ccm.WaitForClientConnectionAsync(diagnosticClientConnectionId));
await transportConnection.Application.Output.WriteAsync(
protocol.GetMessageBytes(new OpenConnectionMessage(diagnosticClientConnectionId, null, new Dictionary<string, StringValues>
{
Expand All @@ -415,8 +420,7 @@ await transportConnection.Application.Output.WriteAsync(
await transportConnection.Application.Output.WriteAsync(
protocol.GetMessageBytes(new OpenConnectionMessage(normalClientConnectionId, null)));

var connections = await Task.WhenAll(ccm.WaitForClientConnectionAsync(normalClientConnectionId).OrTimeout(),
ccm.WaitForClientConnectionAsync(diagnosticClientConnectionId).OrTimeout());
var connections = await waitClientTask.OrTimeout();
await Task.WhenAll(from c in connections select c.LifetimeTask.OrTimeout());

// complete reading to end the connection
Expand Down Expand Up @@ -465,10 +469,11 @@ public async Task ClientConnectionLastWillCanSendOut()
Assert.Equal(ServiceConnectionStatus.Connected, connection.Status);
var clientConnectionId = Guid.NewGuid().ToString();

var waitClientTask = ccm.WaitForClientConnectionAsync(clientConnectionId);
await transportConnection.Application.Output.WriteAsync(
protocol.GetMessageBytes(new OpenConnectionMessage(clientConnectionId, new Claim[] { })));

var clientConnection = await ccm.WaitForClientConnectionAsync(clientConnectionId).OrTimeout();
var clientConnection = await waitClientTask.OrTimeout();

// complete reading to end the connection
transportConnection.Application.Output.Complete();
Expand Down

0 comments on commit 4db043d

Please sign in to comment.