Skip to content

Commit

Permalink
Resolve remaining credscan bugs (#31157)
Browse files Browse the repository at this point in the history
  • Loading branch information
wtgodbe authored Mar 24, 2021
1 parent 28a6f89 commit c9a9b94
Show file tree
Hide file tree
Showing 4 changed files with 128 additions and 28 deletions.
100 changes: 100 additions & 0 deletions .config/CredScanSuppressions.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
{
"tool": "Credential Scanner",
"suppressions": [
{
"placeholder": "aspnetcore",
"_justification": "This is a fake password used in test code."
},
{
"placeholder": "password",
"_justification": "This is a fake password used in test code."
Expand All @@ -25,6 +29,98 @@
"file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\testCert.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\DataProtection\\DataProtection\\test\\TestFiles\\TestCert1.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\DataProtection\\DataProtection\\test\\TestFiles\\TestCert2.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\DataProtection\\Extensions\\test\\TestFiles\\TestCert.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\DataProtection\\Extensions\\test\\TestFiles\\TestCert2.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\DataProtection\\Extensions\\test\\TestFiles\\TestCert3.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\DataProtection\\Extensions\\test\\TestFiles\\TestCert3WithoutPrivateKey.pfx",
"_justification": "Legitimate UT certificate file without private key"
},
{
"file": "\\src\\DataProtection\\Extensions\\test\\TestFiles\\TestCertWithoutPrivateKey.pfx",
"_justification": "Legitimate UT certificate file without private key"
},
{
"file": "\\src\\DefaultBuilder\\test\\Microsoft.AspNetCore.FunctionalTests\\testCert.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Identity\\ApiAuthorization.IdentityServer\\test\\current.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Identity\\ApiAuthorization.IdentityServer\\test\\expired.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Identity\\ApiAuthorization.IdentityServer\\test\\future.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Identity\\ApiAuthorization.IdentityServer\\test\\test.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Middleware\\WebSockets\\test\\ConformanceTests\\AutobahnTestApp\\TestResources\\testCert.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Security\\Authentication\\Negotiate\\test\\Negotiate.FunctionalTest\\negotiateAuthCert.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Servers\\IIS\\tools\\TestCert.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\aspnetdevcert.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\eku.client.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\eku.code_signing.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\eku.multiple_usages.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\eku.server.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\no_extensions.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\SignalR\\clients\\ts\\FunctionalTests\\testCert.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\SignalR\\clients\\ts\\FunctionalTests\\testCertECC.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\https-aspnet.key",
"_justification": "Legitimate key file used for testing"
Expand Down Expand Up @@ -52,6 +148,10 @@
{
"file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\https-rsa.key",
"_justification": "Legitimate key file used for testing"
},
{
"file": "\\src\\SignalR\\clients\\ts\\FunctionalTests\\node_modules\\https-proxy-agent\\node_modules\\agent-base\\test\\ssl-cert-snakeoil.key",
"_justification": "Legitimate key file used for testing"
}
]
}
48 changes: 24 additions & 24 deletions src/Http/Headers/test/CacheControlHeaderValueTest.cs
Original file line number Diff line number Diff line change
Expand Up @@ -115,21 +115,21 @@ public void ToString_UseResponseDirectiveValues_AllSerializedCorrectly()

cacheControl.NoCache = true;
Assert.Equal("no-cache", cacheControl.ToString());
cacheControl.NoCacheHeaders.Add("token1");
Assert.Equal("no-cache=\"token1\"", cacheControl.ToString());
cacheControl.NoCacheHeaders.Add("PLACEHOLDER1");
Assert.Equal("no-cache=\"PLACEHOLDER1\"", cacheControl.ToString());
cacheControl.Public = true;
Assert.Equal("public, no-cache=\"token1\"", cacheControl.ToString());
Assert.Equal("public, no-cache=\"PLACEHOLDER1\"", cacheControl.ToString());

cacheControl = new CacheControlHeaderValue();
cacheControl.Private = true;
Assert.Equal("private", cacheControl.ToString());
cacheControl.PrivateHeaders.Add("token2");
cacheControl.PrivateHeaders.Add("token3");
Assert.Equal("private=\"token2, token3\"", cacheControl.ToString());
cacheControl.PrivateHeaders.Add("PLACEHOLDER2");
cacheControl.PrivateHeaders.Add("PLACEHOLDER3");
Assert.Equal("private=\"PLACEHOLDER2, PLACEHOLDER3\"", cacheControl.ToString());
cacheControl.MustRevalidate = true;
Assert.Equal("must-revalidate, private=\"token2, token3\"", cacheControl.ToString());
Assert.Equal("must-revalidate, private=\"PLACEHOLDER2, PLACEHOLDER3\"", cacheControl.ToString());
cacheControl.ProxyRevalidate = true;
Assert.Equal("must-revalidate, proxy-revalidate, private=\"token2, token3\"", cacheControl.ToString());
Assert.Equal("must-revalidate, proxy-revalidate, private=\"PLACEHOLDER2, PLACEHOLDER3\"", cacheControl.ToString());
}

[Fact]
Expand Down Expand Up @@ -218,21 +218,21 @@ public void GetHashCode_CompareCollectionFieldsSet_MatchExpectation()
var cacheControl5 = new CacheControlHeaderValue();

cacheControl1.NoCache = true;
cacheControl1.NoCacheHeaders.Add("token2");
cacheControl1.NoCacheHeaders.Add("PLACEHOLDER2");

cacheControl2.NoCache = true;
cacheControl2.NoCacheHeaders.Add("token1");
cacheControl2.NoCacheHeaders.Add("token2");
cacheControl2.NoCacheHeaders.Add("PLACEHOLDER1");
cacheControl2.NoCacheHeaders.Add("PLACEHOLDER2");

CompareHashCodes(cacheControl1, cacheControl2, false);

cacheControl1.NoCacheHeaders.Add("token1");
cacheControl1.NoCacheHeaders.Add("PLACEHOLDER1");
CompareHashCodes(cacheControl1, cacheControl2, true);

// Since NoCache and Private generate different hash codes, even if NoCacheHeaders and PrivateHeaders
// have the same values, the hash code will be different.
cacheControl3.Private = true;
cacheControl3.PrivateHeaders.Add("token2");
cacheControl3.PrivateHeaders.Add("PLACEHOLDER2");
CompareHashCodes(cacheControl1, cacheControl3, false);


Expand Down Expand Up @@ -343,27 +343,27 @@ public void Equals_CompareCollectionFieldsSet_MatchExpectation()
var cacheControl6 = new CacheControlHeaderValue();

cacheControl1.NoCache = true;
cacheControl1.NoCacheHeaders.Add("token2");
cacheControl1.NoCacheHeaders.Add("PLACEHOLDER2");

Assert.False(cacheControl1.Equals(null), "Compare with 'null'");

cacheControl2.NoCache = true;
cacheControl2.NoCacheHeaders.Add("token1");
cacheControl2.NoCacheHeaders.Add("token2");
cacheControl2.NoCacheHeaders.Add("PLACEHOLDER1");
cacheControl2.NoCacheHeaders.Add("PLACEHOLDER2");

CompareValues(cacheControl1!, cacheControl2, false);

cacheControl1!.NoCacheHeaders.Add("token1");
cacheControl1!.NoCacheHeaders.Add("PLACEHOLDER1");
CompareValues(cacheControl1, cacheControl2, true);

// Since NoCache and Private generate different hash codes, even if NoCacheHeaders and PrivateHeaders
// have the same values, the hash code will be different.
cacheControl3.Private = true;
cacheControl3.PrivateHeaders.Add("token2");
cacheControl3.PrivateHeaders.Add("PLACEHOLDER2");
CompareValues(cacheControl1, cacheControl3, false);

cacheControl4.Private = true;
cacheControl4.PrivateHeaders.Add("token3");
cacheControl4.PrivateHeaders.Add("PLACEHOLDER3");
CompareValues(cacheControl3, cacheControl4, false);

cacheControl5.Extensions.Add(new NameValueHeaderValue("custom"));
Expand All @@ -386,9 +386,9 @@ public void TryParse_DifferentValidScenarios_AllReturnTrue()

expected = new CacheControlHeaderValue();
expected.NoCache = true;
expected.NoCacheHeaders.Add("token1");
expected.NoCacheHeaders.Add("token2");
CheckValidTryParse("no-cache=\"token1, token2\"", expected);
expected.NoCacheHeaders.Add("PLACEHOLDER1");
expected.NoCacheHeaders.Add("PLACEHOLDER2");
CheckValidTryParse("no-cache=\"PLACEHOLDER1, PLACEHOLDER2\"", expected);

expected = new CacheControlHeaderValue();
expected.NoStore = true;
Expand All @@ -406,12 +406,12 @@ public void TryParse_DifferentValidScenarios_AllReturnTrue()
expected = new CacheControlHeaderValue();
expected.Public = true;
expected.Private = true;
expected.PrivateHeaders.Add("token1");
expected.PrivateHeaders.Add("PLACEHOLDER1");
expected.MustRevalidate = true;
expected.ProxyRevalidate = true;
expected.Extensions.Add(new NameValueHeaderValue("c", "d"));
expected.Extensions.Add(new NameValueHeaderValue("a", "b"));
CheckValidTryParse(",public, , private=\"token1\", must-revalidate, c=d, proxy-revalidate, a=b", expected);
CheckValidTryParse(",public, , private=\"PLACEHOLDER1\", must-revalidate, c=d, proxy-revalidate, a=b", expected);

expected = new CacheControlHeaderValue();
expected.Private = true;
Expand Down
4 changes: 2 additions & 2 deletions src/Security/Authentication/test/FacebookTests.cs
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ protected override void RegisterAuth(AuthenticationBuilder services, Action<Face
protected override void ConfigureDefaults(FacebookOptions o)
{
o.AppId = "whatever";
o.AppSecret = "whatever";
o.AppSecret = "PLACEHOLDER";
o.SignInScheme = "auth1";
}

Expand All @@ -50,7 +50,7 @@ public async Task ThrowsIfAppIdMissing()
{
using var host = await CreateHost(
app => { },
services => services.AddAuthentication().AddFacebook(o => o.SignInScheme = "Whatever"),
services => services.AddAuthentication().AddFacebook(o => o.SignInScheme = "PLACEHOLDER"),
async context =>
{
await Assert.ThrowsAsync<ArgumentException>("AppId", () => context.ChallengeAsync("Facebook"));
Expand Down
4 changes: 2 additions & 2 deletions src/Security/Authentication/test/TwitterTests.cs
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,8 @@ protected override void RegisterAuth(AuthenticationBuilder services, Action<Twit

protected override void ConfigureDefaults(TwitterOptions o)
{
o.ConsumerKey = "whatever";
o.ConsumerSecret = "whatever";
o.ConsumerKey = "PLACEHOLDER";
o.ConsumerSecret = "PLACEHOLDER";
o.SignInScheme = "auth1";
}

Expand Down

0 comments on commit c9a9b94

Please sign in to comment.