From 67916dc4592efb2a0bec902aa1a77105859ee245 Mon Sep 17 00:00:00 2001
From: Gang Wang <v-gaw@microsoft.com>
Date: Fri, 1 Dec 2023 09:48:17 +0000
Subject: [PATCH] Suppress CredScan error from legitimate unit test PFX file
 with private key (#9477)

Fixes https://devdiv.visualstudio.com/DevDiv/_workitems/edit/1922736

Context
CredentialScanner detected .\src\Tasks.UnitTests\TestResources\mycert.pfx that had certificate keys. Since it's legitimate unit test PFX file, this is false positive.

Changes Made
Suppress the CredScan error from the UT PFX file.

Testing
Verified the run with this experimental branch. The CredScan error was eliminated.

Co-authored-by: Rainer Sigwald <raines@microsoft.com>
---
 .vsts-dotnet.yml              | 1 +
 eng/CredScanSuppressions.json | 9 +++++++++
 2 files changed, 10 insertions(+)
 create mode 100644 eng/CredScanSuppressions.json

diff --git a/.vsts-dotnet.yml b/.vsts-dotnet.yml
index e541edb7ef7..1c28b3bf2ca 100644
--- a/.vsts-dotnet.yml
+++ b/.vsts-dotnet.yml
@@ -311,4 +311,5 @@ stages:
         -TsaRepositoryName "dotnet-msbuild"
         -TsaCodebaseName "dotnet-msbuild"
         -TsaPublish $True
+        -CrScanAdditionalRunConfigParams @("SuppressionsPath < $(Build.SourcesDirectory)\eng\CredScanSuppressions.json")
         -PoliCheckAdditionalRunConfigParams @("UserExclusionPath < $(Build.SourcesDirectory)\eng\policheck_exclusions.xml")'
diff --git a/eng/CredScanSuppressions.json b/eng/CredScanSuppressions.json
new file mode 100644
index 00000000000..60c6eb75461
--- /dev/null
+++ b/eng/CredScanSuppressions.json
@@ -0,0 +1,9 @@
+{
+    "tool": "Credential Scanner",
+    "suppressions": [
+      {
+        "file": "\\src\\Tasks.UnitTests\\TestResources\\mycert.pfx",
+        "_justification": "New certificate file with private key used only for testing"
+      }
+    ]
+ }
\ No newline at end of file