Update to CredScan v2 (#11765)

2024-11-23 01:34:19 +08:00 · 2020-02-04 13:21:06 -08:00 · 2020-02-04 13:21:06 -08:00 · f3cc834f0c
commit f3cc834f0c
parent 5ff8fadd19
3 changed files with 11 additions and 4 deletions
--- a/.vsts-ci/templates/credscan.yml
+++ b/.vsts-ci/templates/credscan.yml
@ -15,6 +15,7 @@ jobs:
    displayName: 'Scan for Secrets'
    inputs:
      suppressionsFile: tools/credScan/suppress.json
+      toolMajorVersion: V2
      debugMode: false

  - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
--- a/test/powershell/Modules/Microsoft.PowerShell.LocalAccounts/Pester.Command.Cmdlets.LocalAccounts.LocalUser.Tests.ps1
+++ b/test/powershell/Modules/Microsoft.PowerShell.LocalAccounts/Pester.Command.Cmdlets.LocalAccounts.LocalUser.Tests.ps1
@ -334,6 +334,7 @@ try {
        }

        It "Can set Password value at max 256" {
+            #[SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Demo/doc/test secret.")]
            $result = New-LocalUser TestUserNew1 -Password (ConvertTo-SecureString ("135@"+"A"*252) -AsPlainText -Force)

            $result.Name | Should -BeExactly TestUserNew1
@ -762,6 +763,7 @@ try {
        }

        It "Can set Password value at max 256" {
+            #[SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Demo/doc/test secret.")]
            Set-LocalUser -Name TestUserSet1 -Password (ConvertTo-SecureString ("123@"+"A"*252) -asplaintext -Force)
            $result = Get-LocalUser -Name TestUserSet1

--- a/tools/credScan/suppress.json
+++ b/tools/credScan/suppress.json
@ -2,12 +2,16 @@
    "tool": "Credential Scanner",
    "suppressions": [
      {
-       "file": "\\test\\tools\\Modules\\WebListener\\ClientCert.pfx", 
+       "file": "\\test\\tools\\Modules\\WebListener\\ClientCert.pfx",
        "_justification": "Test certificate with private key"
      },
      {
-        "file": "\\test\\tools\\Modules\\WebListener\\ServerCert.pfx", 
+        "file": "\\test\\tools\\Modules\\WebListener\\ServerCert.pfx",
         "_justification": "Test certificate with private key"
-       }
-     ]  
+       },
+       {
+         "file": "\\test\\powershell\\Modules\\Microsoft.PowerShell.Security\\certificateCommon.psm1",
+          "_justification": "Test certificate with private key and inline suppression isn't working"
+        }
+     ]
 }