Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Medium and low level vulnerabilities patched #3286

Merged
merged 8 commits into from
Jan 28, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions eng/Versions.props
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@
<LibGit2SharpVersion>0.25.2</LibGit2SharpVersion>
<log4netVersion>2.0.8</log4netVersion>
<SystemNetHttpVersion>4.3.4</SystemNetHttpVersion>
<SystemServiceModelVersion>4.3.3</SystemServiceModelVersion>
<SystemUriVersion>4.3.2</SystemUriVersion>
<MicrosoftAzureStorageBlobVersion>10.0.2</MicrosoftAzureStorageBlobVersion>
<MicrosoftAzureKeyVaultVersion>3.0.0</MicrosoftAzureKeyVaultVersion>
<MicrosoftAzureServicesAppAuthenticationVersion>1.3.1</MicrosoftAzureServicesAppAuthenticationVersion>
Expand Down
7 changes: 1 addition & 6 deletions scripts/build/TestPlatform.Dependencies.props
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,8 @@
<TestPlatformMSDiaVersion>17.1.0-preview-2-31925-026</TestPlatformMSDiaVersion>
<!-- Portable CPP test runner -->
<TestPlatformRemoteExternalsVersion>17.1.0-preview-2-31925-026</TestPlatformRemoteExternalsVersion>

<InteropExternalsVersion>17.1.0-preview-2-31925-026</InteropExternalsVersion>
<MicrosoftFakesVersion>17.0.0-beta.21179.1</MicrosoftFakesVersion>

<MicrosoftBuildPackageVersion>16.0.461</MicrosoftBuildPackageVersion>
<MicrosoftBuildFrameworkPackageVersion>$(MicrosoftBuildPackageVersion)</MicrosoftBuildFrameworkPackageVersion>
<MicrosoftBuildUtilitiesCorePackageVersion>$(MicrosoftBuildPackageVersion)</MicrosoftBuildUtilitiesCorePackageVersion>
Expand All @@ -49,14 +47,11 @@
<MicrosoftExtensionsFileSystemGlobbingPackageVersion>1.1.1</MicrosoftExtensionsFileSystemGlobbingPackageVersion>

<CoverletCoverageVersion>1.2.0</CoverletCoverageVersion>
<SystemNetHttpVersion>4.3.4</SystemNetHttpVersion>
<RoslynPublicApiAnalyzersVersion>3.3.4-beta1.21554.2</RoslynPublicApiAnalyzersVersion>

<DependencyVersionsImported>true</DependencyVersionsImported>

<RoslynPublicApiAnalyzersVersion>3.3.4-beta1.21554.2</RoslynPublicApiAnalyzersVersion>
</PropertyGroup>

<Import Project="$(MSBuildThisFileDirectory)..\..\eng\Versions.props" />
<Import Project="$(DotNetPackageVersionPropsPath)" Condition="'$(DotNetPackageVersionPropsPath)' != ''" />

</Project>
2 changes: 1 addition & 1 deletion scripts/verify-nupkgs.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ function Verify-Nuget-Packages($packageDirectory, $version)
"Microsoft.NET.Test.Sdk" = 27;
"Microsoft.TestPlatform" = 590;
"Microsoft.TestPlatform.Build" = 21;
"Microsoft.TestPlatform.CLI" = 404;
"Microsoft.TestPlatform.CLI" = 405;
"Microsoft.TestPlatform.Extensions.TrxLogger" = 35;
"Microsoft.TestPlatform.ObjectModel" = 238;
"Microsoft.TestPlatform.AdapterUtilities" = 62;
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<Project Sdk="Microsoft.NET.Sdk">
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TestPlatformRoot Condition="$(TestPlatformRoot) == ''">..\..\</TestPlatformRoot>
</PropertyGroup>
Expand Down Expand Up @@ -37,21 +37,35 @@
<ItemGroup Condition=" '$(TargetFramework)' == 'uap10.0' ">
<PackageReference Include="Microsoft.NETCore.UniversalWindowsPlatform" Version="5.1.0" />
<PackageReference Include="System.Net.Http" Version="$(SystemNetHttpVersion)" />

<!-- CVE-2018-8356 mitigation -->
<PackageReference Include="System.ServiceModel.Duplex" Version="$(SystemServiceModelVersion)" />
<PackageReference Include="System.ServiceModel.NetTcp" Version="$(SystemServiceModelVersion)" />
<PackageReference Include="System.ServiceModel.Primitives" Version="$(SystemServiceModelVersion)" />
<PackageReference Include="System.ServiceModel.Security" Version="$(SystemServiceModelVersion)" />
<PackageReference Include="System.Private.ServiceModel" Version="$(SystemServiceModelVersion)" />
<!-- / CVE-2018-8356 mitigation -->
</ItemGroup>

<ItemGroup>
<!-- CVE-2019-0657 mitigation -->
<PackageReference Include="System.Private.Uri" Version="$(SystemUriVersion)" />
<!-- / CVE-2019-0657 mitigation -->
</ItemGroup>

<ItemGroup>
<EmbeddedResource Include="Resources\Resources.resx" />
<!-- Disabled auto code generation to support net20
<Compile Update="Resources\Resources.Designer.cs">
<DesignTime>True</DesignTime>
<AutoGen>True</AutoGen>
<DependentUpon>Resources.resx</DependentUpon>
</Compile>
<EmbeddedResource Update="Resources\Resources.resx">
<Generator>ResXFileCodeGenerator</Generator>
<LastGenOutput>Resources.Designer.cs</LastGenOutput>
</EmbeddedResource>
-->
<Compile Update="Resources\Resources.Designer.cs">
<DesignTime>True</DesignTime>
<AutoGen>True</AutoGen>
<DependentUpon>Resources.resx</DependentUpon>
</Compile>
<EmbeddedResource Update="Resources\Resources.resx">
<Generator>ResXFileCodeGenerator</Generator>
<LastGenOutput>Resources.Designer.cs</LastGenOutput>
</EmbeddedResource>
-->
</ItemGroup>

<ItemGroup>
Expand Down
Original file line number Diff line number Diff line change
@@ -1,66 +1,74 @@
<?xml version="1.0" encoding="utf-8"?>
<?xml version="1.0" encoding="utf-8"?>
<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<TestPlatformRoot Condition="$(TestPlatformRoot) == ''">..\..\</TestPlatformRoot>
</PropertyGroup>
<Import Project="$(TestPlatformRoot)scripts/build/TestPlatform.Settings.targets" />
<PropertyGroup>
<AssemblyName>Microsoft.TestPlatform.PlatformAbstractions</AssemblyName>
<RootNamespace>Microsoft.TestPlatform.PlatformAbstractions</RootNamespace>
<TargetFrameworks>net45;net451;netcoreapp1.0;netcoreapp2.1;netstandard1.3;netstandard2.0</TargetFrameworks>
<TargetFrameworks Condition="'$(OS)' == 'Windows_NT'">$(TargetFrameworks);uap10.0;netstandard1.0</TargetFrameworks>
<TargetFrameworks Condition=" '$(DotNetBuildFromSource)' == 'true' ">net6.0</TargetFrameworks>
<EnableCodeAnalysis>true</EnableCodeAnalysis>
<IsTestProject>false</IsTestProject>
<!-- This causes a build error on netcoreapp1.0 -->
<NoWarn Condition="'$(TargetFramework)' != 'netcoreapp1.0'">NU1605</NoWarn>
</PropertyGroup>
<PropertyGroup>
<TestPlatformRoot Condition="$(TestPlatformRoot) == ''">..\..\</TestPlatformRoot>
</PropertyGroup>
<Import Project="$(TestPlatformRoot)scripts/build/TestPlatform.Settings.targets" />
<PropertyGroup>
<AssemblyName>Microsoft.TestPlatform.PlatformAbstractions</AssemblyName>
<RootNamespace>Microsoft.TestPlatform.PlatformAbstractions</RootNamespace>
<TargetFrameworks>net45;net451;netcoreapp1.0;netcoreapp2.1;netstandard1.3;netstandard2.0</TargetFrameworks>
<TargetFrameworks Condition="'$(OS)' == 'Windows_NT'">$(TargetFrameworks);uap10.0;netstandard1.0</TargetFrameworks>
<TargetFrameworks Condition=" '$(DotNetBuildFromSource)' == 'true' ">net6.0</TargetFrameworks>
<EnableCodeAnalysis>true</EnableCodeAnalysis>
<IsTestProject>false</IsTestProject>
<!-- This causes a build error on netcoreapp1.0 -->
<NoWarn Condition="'$(TargetFramework)' != 'netcoreapp1.0'">NU1605</NoWarn>
</PropertyGroup>

<PropertyGroup Condition="'$(TargetFramework)' == 'uap10.0'">
<CopyLocalLockFileAssemblies>false</CopyLocalLockFileAssemblies>
<NugetTargetMoniker>UAP,Version=v10.0</NugetTargetMoniker>
<TargetPlatformIdentifier>UAP</TargetPlatformIdentifier>
<TargetPlatformVersion>10.0.14393.0</TargetPlatformVersion>
<TargetPlatformMinVersion>10.0.10240.0</TargetPlatformMinVersion>
<TargetFrameworkIdentifier>.NETPortable</TargetFrameworkIdentifier>
<TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
<DefineConstants>$(DefineConstants);WINDOWS_UWP</DefineConstants>
</PropertyGroup>
<PropertyGroup Condition="'$(TargetFramework)' == 'uap10.0'">
<CopyLocalLockFileAssemblies>false</CopyLocalLockFileAssemblies>
<NugetTargetMoniker>UAP,Version=v10.0</NugetTargetMoniker>
<TargetPlatformIdentifier>UAP</TargetPlatformIdentifier>
<TargetPlatformVersion>10.0.14393.0</TargetPlatformVersion>
<TargetPlatformMinVersion>10.0.10240.0</TargetPlatformMinVersion>
<TargetFrameworkIdentifier>.NETPortable</TargetFrameworkIdentifier>
<TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
<DefineConstants>$(DefineConstants);WINDOWS_UWP</DefineConstants>
</PropertyGroup>

<ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp2.1' OR '$(TargetFramework)' == 'netcoreapp1.0' ">
<PackageReference Include="System.Threading.Thread" Version="4.0.0" />
<PackageReference Include="System.Diagnostics.Process" Version="4.1.0" />
<PackageReference Include="System.Diagnostics.TextWriterTraceListener" Version="4.0.0" />
<PackageReference Include="System.Diagnostics.TraceSource" Version="4.0.0" />
<PackageReference Include="System.Runtime.InteropServices.RuntimeInformation" Version="4.0.0" />
<PackageReference Include="System.Runtime.Loader" Version="4.0.0" />
<PackageReference Include="System.Net.Http" Version="$(SystemNetHttpVersion)" />
</ItemGroup>
<ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp2.1' OR '$(TargetFramework)' == 'netcoreapp1.0' ">
<PackageReference Include="System.Threading.Thread" Version="4.0.0" />
<PackageReference Include="System.Diagnostics.Process" Version="4.1.0" />
<PackageReference Include="System.Diagnostics.TextWriterTraceListener" Version="4.0.0" />
<PackageReference Include="System.Diagnostics.TraceSource" Version="4.0.0" />
<PackageReference Include="System.Runtime.InteropServices.RuntimeInformation" Version="4.0.0" />
<PackageReference Include="System.Runtime.Loader" Version="4.0.0" />
<PackageReference Include="System.Net.Http" Version="$(SystemNetHttpVersion)" />
</ItemGroup>

<ItemGroup Condition=" '$(TargetFramework)' == 'net451' OR '$(TargetFramework)' == 'net45' ">
<PackageReference Include="Microsoft.Internal.Dia.Interop" Version="$(TestPlatformMSDiaVersion)" />
<ItemGroup Condition=" '$(TargetFramework)' == 'net451' OR '$(TargetFramework)' == 'net45' ">
<PackageReference Include="Microsoft.Internal.Dia.Interop" Version="$(TestPlatformMSDiaVersion)" />

<Reference Include="System.Configuration" />
<Reference Include="System" />
<Reference Include="Microsoft.CSharp" />
</ItemGroup>
<Reference Include="System.Configuration" />
<Reference Include="System" />
<Reference Include="Microsoft.CSharp" />
</ItemGroup>

<ItemGroup Condition=" '$(TargetFramework)' == 'uap10.0' ">
<PackageReference Include="Microsoft.NETCore.UniversalWindowsPlatform" Version="5.1.0" />
<PackageReference Include="System.Runtime.InteropServices.RuntimeInformation" Version="4.3.0" />
<PackageReference Include="System.Net.Http" Version="$(SystemNetHttpVersion)" />
</ItemGroup>
<ItemGroup Condition=" '$(TargetFramework)' == 'uap10.0' ">
<PackageReference Include="Microsoft.NETCore.UniversalWindowsPlatform" Version="5.1.0" />
<PackageReference Include="System.Runtime.InteropServices.RuntimeInformation" Version="4.3.0" />
<PackageReference Include="System.Net.Http" Version="$(SystemNetHttpVersion)" />

<ItemGroup>
<!-- API that is common to all frameworks that we build for. -->
<AdditionalFiles Include="PublicAPI/PublicAPI.Shipped.txt" />
<AdditionalFiles Include="PublicAPI/PublicAPI.Unshipped.txt" />
<!-- API that is common to all frameworks except for .NET Standard 1.0. -->
<AdditionalFiles Condition=" '$(TargetFramework)' != 'netstandard1.0' " Include="PublicAPI\net\PublicAPI.Shipped.txt" />
<AdditionalFiles Condition=" '$(TargetFramework)' != 'netstandard1.0' " Include="PublicAPI\net\PublicAPI.Unshipped.txt" />
<!-- Framework specific API -->
<AdditionalFiles Include="PublicAPI/$(TargetFramework)/PublicAPI.Shipped.txt" />
<AdditionalFiles Include="PublicAPI/$(TargetFramework)/PublicAPI.Unshipped.txt" />
</ItemGroup>
<Import Project="$(TestPlatformRoot)scripts\build\TestPlatform.targets" />
<!-- CVE-2018-8356 mitigation -->
<PackageReference Include="System.ServiceModel.Duplex" Version="$(SystemServiceModelVersion)" />
<PackageReference Include="System.ServiceModel.NetTcp" Version="$(SystemServiceModelVersion)" />
<PackageReference Include="System.ServiceModel.Primitives" Version="$(SystemServiceModelVersion)" />
<PackageReference Include="System.ServiceModel.Security" Version="$(SystemServiceModelVersion)" />
<PackageReference Include="System.Private.ServiceModel" Version="$(SystemServiceModelVersion)" />
<!-- / CVE-2018-8356 mitigation -->
</ItemGroup>

<ItemGroup>
<!-- API that is common to all frameworks that we build for. -->
<AdditionalFiles Include="PublicAPI/PublicAPI.Shipped.txt" />
<AdditionalFiles Include="PublicAPI/PublicAPI.Unshipped.txt" />
<!-- API that is common to all frameworks except for .NET Standard 1.0. -->
<AdditionalFiles Condition=" '$(TargetFramework)' != 'netstandard1.0' " Include="PublicAPI\net\PublicAPI.Shipped.txt" />
<AdditionalFiles Condition=" '$(TargetFramework)' != 'netstandard1.0' " Include="PublicAPI\net\PublicAPI.Unshipped.txt" />
<!-- Framework specific API -->
<AdditionalFiles Include="PublicAPI/$(TargetFramework)/PublicAPI.Shipped.txt" />
<AdditionalFiles Include="PublicAPI/$(TargetFramework)/PublicAPI.Unshipped.txt" />
</ItemGroup>
<Import Project="$(TestPlatformRoot)scripts\build\TestPlatform.targets" />
</Project>
12 changes: 8 additions & 4 deletions src/testhost.x86/testhost.x86.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,10 @@
<ItemGroup>
<None Include="app.config" />
</ItemGroup>
<ItemGroup>
<PackageReference Include="System.Diagnostics.StackTrace" Condition="'$(TargetFramework)' == 'netcoreapp1.0'" Version="4.3.0" />
<PackageReference Include="System.Diagnostics.TraceSource" Condition="'$(TargetFramework)' == 'netcoreapp1.0'" Version="4.3.0" />
<PackageReference Include="System.Net.Http" Condition="'$(TargetFramework)' == 'netcoreapp1.0'" Version="$(SystemNetHttpVersion)" />
<ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp1.0'">
<PackageReference Include="System.Diagnostics.StackTrace" Version="4.3.0" />
<PackageReference Include="System.Diagnostics.TraceSource" Version="4.3.0" />
<PackageReference Include="System.Net.Http" Version="$(SystemNetHttpVersion)" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\Microsoft.TestPlatform.CommunicationUtilities\Microsoft.TestPlatform.CommunicationUtilities.csproj" />
Expand All @@ -40,6 +40,10 @@
<ProjectReference Include="..\Microsoft.TestPlatform.Common\Microsoft.TestPlatform.Common.csproj">
<FromP2P>true</FromP2P>
</ProjectReference>

<!-- CVE-2019-0657, CVE-2019-0980 and CVE-2019-0981 mitigation -->
<PackageReference Include="System.Private.Uri" Version="$(SystemUriVersion)" />
<!-- CVE-2019-0657, CVE-2019-0980 and CVE-2019-0981 mitigation -->
</ItemGroup>
<ItemGroup Condition=" $(TargetFramework.StartsWith('net4')) AND '$(OS)' != 'Windows_NT' ">
<Reference Include="netstandard" />
Expand Down
12 changes: 8 additions & 4 deletions src/testhost/testhost.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,10 @@
<Compile Include="..\testhost.x86\TestHostTraceListener.cs" Link="TestHostTraceListener.cs" />
<None Include="app.config" />
</ItemGroup>
<ItemGroup>
<PackageReference Include="System.Diagnostics.StackTrace" Condition="'$(TargetFramework)' == 'netcoreapp1.0'" Version="4.3.0" />
<PackageReference Include="System.Diagnostics.TraceSource" Condition="'$(TargetFramework)' == 'netcoreapp1.0'" Version="4.3.0" />
<PackageReference Include="System.Net.Http" Condition="'$(TargetFramework)' == 'netcoreapp1.0'" Version="$(SystemNetHttpVersion)" />
<ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp1.0'">
<PackageReference Include="System.Diagnostics.StackTrace" Version="4.3.0" />
<PackageReference Include="System.Diagnostics.TraceSource" Version="4.3.0" />
<PackageReference Include="System.Net.Http" Version="$(SystemNetHttpVersion)" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\Microsoft.TestPlatform.CommunicationUtilities\Microsoft.TestPlatform.CommunicationUtilities.csproj" />
Expand All @@ -40,6 +40,10 @@
<ProjectReference Include="..\Microsoft.TestPlatform.Common\Microsoft.TestPlatform.Common.csproj">
<FromP2P>true</FromP2P>
</ProjectReference>

<!-- CVE-2019-0657, CVE-2019-0980 and CVE-2019-0981 mitigation -->
<PackageReference Include="System.Private.Uri" Version="$(SystemUriVersion)" />
<!-- CVE-2019-0657, CVE-2019-0980 and CVE-2019-0981 mitigation -->
</ItemGroup>
<ItemGroup Condition=" $(TargetFramework.StartsWith('net4')) AND '$(OS)' != 'Windows_NT' ">
<Reference Include="netstandard" />
Expand Down