Skip to content

Commit

Permalink
Suppress CredScan error from legitimate unit test PFX file with priva…
Browse files Browse the repository at this point in the history 
…te key (#9477)

Fixes https://devdiv.visualstudio.com/DevDiv/_workitems/edit/1922736

Context
CredentialScanner detected .\src\Tasks.UnitTests\TestResources\mycert.pfx that had certificate keys. Since it's legitimate unit test PFX file, this is false positive.

Changes Made
Suppress the CredScan error from the UT PFX file.

Testing
Verified the run with this experimental branch. The CredScan error was eliminated.

Co-authored-by: Rainer Sigwald <raines@microsoft.com>
  • Loading branch information
@GangWang01 @rainersigwald
GangWang01 and rainersigwald authored Dec 1, 2023
1 parent d8283be commit 67916dc
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 0 deletions.
1 change: 1 addition & 0 deletions .vsts-dotnet.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -311,4 +311,5 @@ stages:
-TsaRepositoryName "dotnet-msbuild"
-TsaCodebaseName "dotnet-msbuild"
-TsaPublish $True
-CrScanAdditionalRunConfigParams @("SuppressionsPath < $(Build.SourcesDirectory)\eng\CredScanSuppressions.json")
-PoliCheckAdditionalRunConfigParams @("UserExclusionPath < $(Build.SourcesDirectory)\eng\policheck_exclusions.xml")'
9 changes: 9 additions & 0 deletions eng/CredScanSuppressions.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"tool": "Credential Scanner",
"suppressions": [
{
"file": "\\src\\Tasks.UnitTests\\TestResources\\mycert.pfx",
"_justification": "New certificate file with private key used only for testing"
}
]
}

0 comments on commit 67916dc

Please sign in to comment.