Skip to content

Commit

Permalink
Merge pull request #1408 from microsoft/main
Browse files Browse the repository at this point in the history
Merge 'main' into 'release-cpptools'
  • Loading branch information
WardenGnaw authored Jul 10, 2023
2 parents 3715e22 + c713778 commit a293696
Show file tree
Hide file tree
Showing 26 changed files with 412 additions and 113 deletions.
32 changes: 16 additions & 16 deletions .github/workflows/Build-And-Test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,20 +22,20 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Install .NET Core
uses: actions/setup-dotnet@v1
uses: actions/setup-dotnet@v3
with:
dotnet-version: 6.0.x

- name: Setup MSBuild.exe
uses: microsoft/setup-msbuild@v1.0.2
uses: microsoft/setup-msbuild@v1.1

- name: Setup NuGet.exe for use with actions
uses: NuGet/setup-nuget@v1.0.5
uses: NuGet/setup-nuget@v1

- name: Build MIDebugEngine
run: |
Expand All @@ -44,7 +44,7 @@ jobs:
Configuration: ${{ matrix.configuration }}

- name: Setup VSTest.console.exe
uses: darenm/Setup-VSTest@v1
uses: darenm/Setup-VSTest@v1.2

- name: Run VS Extension tests
run: vstest.console.exe ${{ github.workspace }}\bin\${{ matrix.configuration }}\MICoreUnitTests.dll ${{ github.workspace }}\bin\${{ matrix.configuration }}\JDbgUnitTests.dll ${{ github.workspace }}\bin\${{ matrix.configuration }}\SSHDebugTests.dll ${{ github.workspace }}\bin\${{ matrix.configuration }}\MIDebugEngineUnitTests.dll
Expand All @@ -54,20 +54,20 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Install .NET Core
uses: actions/setup-dotnet@v1
uses: actions/setup-dotnet@v3
with:
dotnet-version: 6.0.x

- name: Setup MSBuild.exe
uses: microsoft/setup-msbuild@v1.0.2
uses: microsoft/setup-msbuild@v1.1

- name: Setup NuGet.exe for use with actions
uses: NuGet/setup-nuget@v1.0.5
uses: NuGet/setup-nuget@v1

- name: Build MIDebugEngine
run: |
Expand Down Expand Up @@ -102,7 +102,7 @@ jobs:
dotnet test $CppTestsPath --logger "trx;LogFileName=$ResultsPath"
- name: 'Upload Test Results'
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
if: ${{ always() }}
with:
name: win_msys2_x64_results
Expand All @@ -112,12 +112,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Install .NET Core
uses: actions/setup-dotnet@v1
uses: actions/setup-dotnet@v3
with:
dotnet-version: 6.0.x

Expand All @@ -143,7 +143,7 @@ jobs:
${{ github.workspace }}/eng/Scripts/CI-Test.sh
- name: 'Upload Test Results'
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
if: ${{ always() }}
with:
name: linux_x64_results
Expand All @@ -153,12 +153,12 @@ jobs:
runs-on: macos-latest
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Install .NET Core
uses: actions/setup-dotnet@v1
uses: actions/setup-dotnet@v3
with:
dotnet-version: 6.0.x

Expand All @@ -172,7 +172,7 @@ jobs:
${{ github.workspace }}/eng/Scripts/CI-Test.sh
- name: 'Upload Test Results'
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
if: ${{ always() }}
with:
name: osx_x64_results
Expand Down
41 changes: 41 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
<!-- BEGIN MICROSOFT SECURITY.MD V0.0.8 BLOCK -->

## Security

Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).

If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.

## Reporting Security Issues

**Please do not report security vulnerabilities through public GitHub issues.**

Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).

If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).

You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc).

Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:

* Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
* Full paths of source file(s) related to the manifestation of the issue
* The location of the affected source code (tag/branch/commit or direct URL)
* Any special configuration required to reproduce the issue
* Step-by-step instructions to reproduce the issue
* Proof-of-concept or exploit code (if possible)
* Impact of the issue, including how an attacker might exploit the issue

This information will help us triage your report more quickly.

If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.

## Preferred Languages

We prefer all communications to be in English.

## Policy

Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).

<!-- END MICROSOFT SECURITY.MD BLOCK -->
12 changes: 12 additions & 0 deletions eng/pipelines/MIDebugEngine-CI.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,15 @@
---
name: $(Date:yyyMMdd).$(Rev:r)

schedules:
# Run on the 1st and 15th of every month
- cron: 30 1 1,15 * *
displayName: Biweekly Build
branches:
include:
- main
always: true # Run even if there are no code changes

stages:
- stage: CI
dependsOn: []
Expand All @@ -8,6 +18,8 @@ stages:
value: test
- name: TeamName
value: MDDDebugger
- name: Codeql.Enabled
value: true
jobs:
- template: ./jobs/VSEngSS-MicroBuild2022-1ES.job.yml
parameters:
Expand Down
9 changes: 9 additions & 0 deletions eng/pipelines/resources/TSAConfig.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"codebaseName": "MIEngine",
"notificationAliases": ["vsdbgnft@microsoft.com"],
"instanceUrl": "https://devdiv.visualstudio.com",
"projectName": "DevDiv",
"areaPath": "DevDiv\\VS Diagnostics\\Debugger - XPlat\\Cpp",
"iterationPath": "DevDiv",
"allTools": true
}
1 change: 1 addition & 0 deletions eng/pipelines/resources/falsepositives.gdnsuppress
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{}
18 changes: 15 additions & 3 deletions eng/pipelines/steps/APIScan.yml
Original file line number Diff line number Diff line change
@@ -1,21 +1,33 @@
parameters:
FolderToScan: '$(Pipeline.Workspace)\Lab.Release'
SourceFolder: '$(Pipeline.Workspace)\Lab.Release'

steps:
- task: CopyFiles@2
displayName: 'Copy Files to: $(Pipeline.Workspace)\ApiScanFiles'
inputs:
SourceFolder: ${{ parameters.FolderToScan }}
SourceFolder: ${{ parameters.SourceFolder }}
Contents: |
**\*Microsoft@(*.dll|*.pdb|*.exe)
**\*Newtonsoft@(*.dll|*.pdb|*.exe)
**\*OpenDebugAD7@(*.dll|*.pdb|*.exe)
**\*WindowsDebugLauncher@(*.dll|*.pdb|*.exe)
**\Microsoft.VisualStudio.Debugger.Interop.UnixPortSupplier.DesignTime.dll
!**\*.resources.dll
!**\Microsoft.VisualStudio.Debugger.Interop*
!**\vscode\Microsoft.VisualStudio.Interop.dll
!**\vscode\Microsoft.VisualStudio.Shared.VSCodeDebugProtocol.dll
TargetFolder: '$(Pipeline.Workspace)\ApiScanFiles'
CleanTargetFolder: true
OverWrite: true

# This gets excluded by !**\Microsoft.VisualStudio.Debugger.Interop* but we create Microsoft.VisualStudio.Debugger.Interop.UnixPortSupplier.DesignTime.dll.
- task: CopyFiles@2
displayName: 'Copy UnixPortSupplier to: $(Pipeline.Workspace)\ApiScanFiles'
inputs:
SourceFolder: ${{ parameters.SourceFolder }}
Contents: |
**\Microsoft.VisualStudio.Debugger.Interop.UnixPortSupplier.DesignTime.dll
TargetFolder: '$(Pipeline.Workspace)\ApiScanFiles'

- task: securedevelopmentteam.vss-secure-development-tools.build-task-apiscan.APIScan@2
displayName: 'Run APIScan'
inputs:
Expand Down
19 changes: 19 additions & 0 deletions eng/pipelines/steps/PostAnalysis.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
parameters:
GdnSuppressionFiles: $(Build.SourcesDirectory)\eng\pipelines\resources\falsepositives.gdnsuppress

steps:
- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
displayName: 🏋️‍♀️ Break on compliance issues
inputs:
GdnBreakAllTools: true
GdnBreakSuppressionFiles: ${{ parameters.GdnSuppressionFiles }}
GdnBreakSuppressionSets: falsepositives

- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
displayName: 📝 Generate Guardian Suppressions File
inputs:
GdnBreakAllTools: true
GdnBreakOutputSuppressionFile: $(Build.ArtifactStagingDirectory)\GuardianSuppressions
GdnBreakOutputSuppressionSet: falsepositives
continueOnError: true
condition: failed()
21 changes: 21 additions & 0 deletions eng/pipelines/tasks/AntiMalware.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
parameters:
SourcePath: $(Build.SourcesDirectory)
ArtifactPath: $(Pipeline.Workspace)

steps:
- task: AntiMalware@4
displayName: 🔎 Run AntiMalware on source
inputs:
InputType: Basic
ScanType: CustomScan
FileDirPath: ${{ parameters.SourcePath }}
continueOnError: true

- task: AntiMalware@4
displayName: 🔎 Run AntiMalware on artifacts
inputs:
InputType: Basic
ScanType: CustomScan
FileDirPath: ${{ parameters.ArtifactPath }}
DisableRemediation: false
continueOnError: true
3 changes: 2 additions & 1 deletion eng/pipelines/tasks/CredScan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@ steps:
displayName: 'Run CredScan'
inputs:
outputFormat: pre
debugMode: false
debugMode: false
continueOnError: true
7 changes: 7 additions & 0 deletions eng/pipelines/tasks/PSScriptAnalyzer.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
steps:
- task: PSScriptAnalyzer@1
displayName: 🔎 Run PSScriptAnalyzer
inputs:
Path: '$(Build.SourcesDirectory)'
Settings: required
Recurse: true
10 changes: 10 additions & 0 deletions eng/pipelines/tasks/TSAUpload.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
parameters:
TSAConfigFilePath: $(Build.SourcesDirectory)\eng\pipelines\resources\TSAconfig.json

steps:
- task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@2
displayName: 📢 Create bugs for compliance tools results
inputs:
GdnPublishTsaOnboard: true
GdnPublishTsaConfigFile: ${{ parameters.TSAConfigFilePath }} # All relevant settings are in this file.
condition: succeededOrFailed()
19 changes: 19 additions & 0 deletions eng/pipelines/templates/CodeAnalysis.template.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,32 @@ steps:
parameters:
FolderToScan: $(Pipeline.Workspace)\Lab.Release

- template: ../tasks/AntiMalware.yml
parameters:
SourcePath: $(Build.SourcesDirectory)\src

- template: ../tasks/BinSkim.yml

- template: ../tasks/PoliCheck.yml

- template: ../tasks/PSScriptAnalyzer.yml

- template: ../tasks/SdtReport.yml

- template: ../tasks/PublishSecurityAnalysisLogs.yml
parameters:
ArtifactName: 'CodeAnalysis'

## Create any bugs associated with the results.
- template: ../tasks/TSAUpload.yml

## Finally, break the build if anything was found. This is so we can bring the issue to our attention.
- template: ../steps/PostAnalysis.yml

- template: ../tasks/PublishPipelineArtifact.yml
parameters:
DisplayName: 🎁 Publish Artifact for Guardian Suppressions
artifactName: Guardian Suppressions
path: $(Build.ArtifactStagingDirectory)\GuardianSuppressions
condition: failed()
...
Loading

0 comments on commit a293696

Please sign in to comment.