Skip to content

Commit

Permalink
Fix credscan issues in aspnetcore (#30337)
Browse files Browse the repository at this point in the history 
* Fix credscan issues in DataProtection

* Fix credscan issues in Identity, except where they affect checked in certs

* Updated scan
  • Loading branch information
@Pilchie
Pilchie authored Mar 18, 2021
1 parent 35bb1b8 commit 58b37d6
Show file tree
Hide file tree
Showing 18 changed files with 153 additions and 151 deletions.
18 changes: 9 additions & 9 deletions src/Components/test/E2ETest/Tests/WebAssemblyAuthenticationTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ public void AnonymousUser_GetsRedirectedToLogin_AndBackToOriginalProtectedResour
ClickAndNavigate(link, page);

var userName = $"{Guid.NewGuid()}@example.com";
var password = $"!Test.Password1$";
var password = $"[PLACEHOLDER]-1a";

FirstTimeRegister(userName, password);

Expand All @@ -98,7 +98,7 @@ public void CanPreserveApplicationState_DuringLogIn()
ClickAndNavigate(link, page);

var userName = $"{Guid.NewGuid()}@example.com";
var password = $"!Test.Password1$";
var password = $"[PLACEHOLDER]-1a";

FirstTimeRegister(userName, password);

Expand All @@ -118,7 +118,7 @@ public void CanShareUserRolesBetweenClientAndServer()
ClickAndNavigate(By.PartialLinkText("Log in"), "/Identity/Account/Login");

var userName = $"{Guid.NewGuid()}@example.com";
var password = $"!Test.Password1$";
var password = $"[PLACEHOLDER]-1a";
FirstTimeRegister(userName, password);

ClickAndNavigate(By.PartialLinkText("Make admin"), "/new-admin");
Expand All @@ -143,7 +143,7 @@ public void AnonymousUser_CanRegister_AndGetLoggedIn()
ClickAndNavigate(By.PartialLinkText("Register"), "/Identity/Account/Register");

var userName = $"{Guid.NewGuid()}@example.com";
var password = $"!Test.Password1$";
var password = $"[PLACEHOLDER]-1a";
RegisterCore(userName, password);
CompleteProfileDetails();

Expand All @@ -160,7 +160,7 @@ public void AuthenticatedUser_ProfileIncludesDetails_And_AccessToken()
ClickAndNavigate(By.PartialLinkText("User"), "/Identity/Account/Login");

var userName = $"{Guid.NewGuid()}@example.com";
var password = $"!Test.Password1$";
var password = $"[PLACEHOLDER]-1a";
FirstTimeRegister(userName, password);

Browser.Contains("user", () => Browser.Url);
Expand Down Expand Up @@ -215,7 +215,7 @@ public void AuthenticatedUser_CanGoToProfile()
ClickAndNavigate(By.PartialLinkText("Register"), "/Identity/Account/Register");

var userName = $"{Guid.NewGuid()}@example.com";
var password = $"!Test.Password1$";
var password = $"[PLACEHOLDER]-1a";
RegisterCore(userName, password);
CompleteProfileDetails();

Expand Down Expand Up @@ -257,7 +257,7 @@ public void NewlyRegisteredUser_CanLogOut()
ClickAndNavigate(By.PartialLinkText("Register"), "/Identity/Account/Register");

var userName = $"{Guid.NewGuid()}@example.com";
var password = $"!Test.Password1$";
var password = $"[PLACEHOLDER]-1a";
RegisterCore(userName, password);
CompleteProfileDetails();

Expand All @@ -270,7 +270,7 @@ public void AlreadyRegisteredUser_CanLogOut()
ClickAndNavigate(By.PartialLinkText("Register"), "/Identity/Account/Register");

var userName = $"{Guid.NewGuid()}@example.com";
var password = $"!Test.Password1$";
var password = $"[PLACEHOLDER]-1a";
RegisterCore(userName, password);
CompleteProfileDetails();

Expand All @@ -296,7 +296,7 @@ public void LoggedInUser_OnTheIdP_CanLogInSilently()
ClickAndNavigate(By.PartialLinkText("Register"), "/Identity/Account/Register");

var userName = $"{Guid.NewGuid()}@example.com";
var password = $"!Test.Password1$";
var password = $"[PLACEHOLDER]-1a";
RegisterCore(userName, password);
CompleteProfileDetails();
ValidateLoggedIn(userName);
Expand Down
8 changes: 5 additions & 3 deletions ...ticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorDeserializerTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

using System;
using System.Text;
using System.Xml.Linq;
using Microsoft.AspNetCore.DataProtection.KeyManagement;
using Microsoft.Extensions.Logging.Abstractions;
Expand All @@ -15,20 +16,21 @@ public class AuthenticatedEncryptorDescriptorDeserializerTests
public void ImportFromXml_Cbc_CreatesAppropriateDescriptor()
{
// Arrange
var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
var descriptor = new AuthenticatedEncryptorDescriptor(
new AuthenticatedEncryptorConfiguration()
{
EncryptionAlgorithm = EncryptionAlgorithm.AES_192_CBC,
ValidationAlgorithm = ValidationAlgorithm.HMACSHA512
},
"k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret());
masterKey.ToSecret());
var control = CreateEncryptorInstanceFromDescriptor(descriptor);

const string xml = @"
var xml = $@"
<encryptor version='1' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
<encryption algorithm='AES_192_CBC' />
<validation algorithm='HMACSHA512' />
<masterKey enc:requiresEncryption='true'>k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==</masterKey>
<masterKey enc:requiresEncryption='true'>{masterKey}</masterKey>
</encryptor>";
var deserializedDescriptor = new AuthenticatedEncryptorDescriptorDeserializer().ImportFromXml(XElement.Parse(xml));
var test = CreateEncryptorInstanceFromDescriptor(deserializedDescriptor as AuthenticatedEncryptorDescriptor);
Expand Down
17 changes: 9 additions & 8 deletions .../test/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
using System;
using System.Globalization;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
using Microsoft.AspNetCore.Cryptography.Cng;
using Microsoft.AspNetCore.Cryptography.SafeHandles;
Expand Down Expand Up @@ -144,20 +145,20 @@ public void CreateAuthenticatedEncryptor_RoundTripsData_ManagedImplementation(
public void ExportToXml_ProducesCorrectPayload_Cbc()
{
// Arrange
var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret();
var descriptor = CreateDescriptor(EncryptionAlgorithm.AES_192_CBC, ValidationAlgorithm.HMACSHA512, masterKey);
var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
var descriptor = CreateDescriptor(EncryptionAlgorithm.AES_192_CBC, ValidationAlgorithm.HMACSHA512, masterKey.ToSecret());

// Act
var retVal = descriptor.ExportToXml();

// Assert
Assert.Equal(typeof(AuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType);
const string expectedXml = @"
var expectedXml = $@"
<descriptor>
<encryption algorithm='AES_192_CBC' />
<validation algorithm='HMACSHA512' />
<masterKey enc:requiresEncryption='true' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
<value>k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==</value>
<value>{masterKey}</value>
</masterKey>
</descriptor>";
XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement);
Expand All @@ -167,20 +168,20 @@ public void ExportToXml_ProducesCorrectPayload_Cbc()
public void ExportToXml_ProducesCorrectPayload_Gcm()
{
// Arrange
var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret();
var descriptor = CreateDescriptor(EncryptionAlgorithm.AES_192_GCM, ValidationAlgorithm.HMACSHA512, masterKey);
var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
var descriptor = CreateDescriptor(EncryptionAlgorithm.AES_192_GCM, ValidationAlgorithm.HMACSHA512, masterKey.ToSecret());

// Act
var retVal = descriptor.ExportToXml();

// Assert
Assert.Equal(typeof(AuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType);
const string expectedXml = @"
var expectedXml = $@"
<descriptor>
<encryption algorithm='AES_192_GCM' />
<!-- some comment here -->
<masterKey enc:requiresEncryption='true' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
<value>k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==</value>
<value>{masterKey}</value>
</masterKey>
</descriptor>";
XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement);
Expand Down
8 changes: 5 additions & 3 deletions ...dEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorDeserializerTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

using System;
using System.Text;
using System.Xml.Linq;
using Microsoft.AspNetCore.Cryptography;
using Microsoft.AspNetCore.DataProtection.KeyManagement;
Expand All @@ -18,6 +19,7 @@ public class CngCbcAuthenticatedEncryptorDescriptorDeserializerTests
[ConditionalRunTestOnlyOnWindows]
public void ImportFromXml_CreatesAppropriateDescriptor()
{
var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
// Arrange
var descriptor = new CngCbcAuthenticatedEncryptorDescriptor(
new CngCbcAuthenticatedEncryptorConfiguration()
Expand All @@ -28,14 +30,14 @@ public void ImportFromXml_CreatesAppropriateDescriptor()
HashAlgorithm = Constants.BCRYPT_SHA512_ALGORITHM,
HashAlgorithmProvider = null
},
"k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret());
masterKey.ToSecret());
var control = CreateEncryptorInstanceFromDescriptor(descriptor);

const string xml = @"
var xml = $@"
<descriptor version='1' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
<encryption algorithm='AES' keyLength='192' />
<hash algorithm='SHA512' />
<masterKey enc:requiresEncryption='true'>k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==</masterKey>
<masterKey enc:requiresEncryption='true'>{masterKey}</masterKey>
</descriptor>";
var deserializedDescriptor = new CngCbcAuthenticatedEncryptorDescriptorDeserializer().ImportFromXml(XElement.Parse(xml));
var test = CreateEncryptorInstanceFromDescriptor(deserializedDescriptor as CngCbcAuthenticatedEncryptorDescriptor);
Expand Down
17 changes: 9 additions & 8 deletions ...AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

using System;
using System.Text;
using Xunit;

namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel
Expand All @@ -12,27 +13,27 @@ public class CngCbcAuthenticatedEncryptorDescriptorTests
public void ExportToXml_WithProviders_ProducesCorrectPayload()
{
// Arrange
var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret();
var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
var descriptor = new CngCbcAuthenticatedEncryptorDescriptor(new CngCbcAuthenticatedEncryptorConfiguration()
{
EncryptionAlgorithm = "enc-alg",
EncryptionAlgorithmKeySize = 2048,
EncryptionAlgorithmProvider = "enc-alg-prov",
HashAlgorithm = "hash-alg",
HashAlgorithmProvider = "hash-alg-prov"
}, masterKey);
}, masterKey.ToSecret());

// Act
var retVal = descriptor.ExportToXml();

// Assert
Assert.Equal(typeof(CngCbcAuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType);
const string expectedXml = @"
var expectedXml = $@"
<descriptor>
<encryption algorithm='enc-alg' keyLength='2048' provider='enc-alg-prov' />
<hash algorithm='hash-alg' provider='hash-alg-prov' />
<masterKey enc:requiresEncryption='true' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
<value>k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==</value>
<value>{masterKey}</value>
</masterKey>
</descriptor>";
XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement);
Expand All @@ -42,25 +43,25 @@ public void ExportToXml_WithProviders_ProducesCorrectPayload()
public void ExportToXml_WithoutProviders_ProducesCorrectPayload()
{
// Arrange
var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret();
var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
var descriptor = new CngCbcAuthenticatedEncryptorDescriptor(new CngCbcAuthenticatedEncryptorConfiguration()
{
EncryptionAlgorithm = "enc-alg",
EncryptionAlgorithmKeySize = 2048,
HashAlgorithm = "hash-alg"
}, masterKey);
}, masterKey.ToSecret());

// Act
var retVal = descriptor.ExportToXml();

// Assert
Assert.Equal(typeof(CngCbcAuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType);
const string expectedXml = @"
var expectedXml = $@"
<descriptor>
<encryption algorithm='enc-alg' keyLength='2048' />
<hash algorithm='hash-alg' />
<masterKey enc:requiresEncryption='true' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
<value>k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==</value>
<value>{masterKey}</value>
</masterKey>
</descriptor>";
XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement);
Expand Down
8 changes: 5 additions & 3 deletions ...dEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorDeserializerTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

using System;
using System.Text;
using System.Xml.Linq;
using Microsoft.AspNetCore.Cryptography;
using Microsoft.AspNetCore.DataProtection.KeyManagement;
Expand All @@ -19,20 +20,21 @@ public class CngGcmAuthenticatedEncryptorDescriptorDeserializerTests
public void ImportFromXml_CreatesAppropriateDescriptor()
{
// Arrange
var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
var descriptor = new CngGcmAuthenticatedEncryptorDescriptor(
new CngGcmAuthenticatedEncryptorConfiguration()
{
EncryptionAlgorithm = Constants.BCRYPT_AES_ALGORITHM,
EncryptionAlgorithmKeySize = 192,
EncryptionAlgorithmProvider = null
},
"k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret());
masterKey.ToSecret());
var control = CreateEncryptorInstanceFromDescriptor(descriptor);

const string xml = @"
var xml = $@"
<descriptor version='1' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
<encryption algorithm='AES' keyLength='192' />
<masterKey enc:requiresEncryption='true'>k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==</masterKey>
<masterKey enc:requiresEncryption='true'>{masterKey}</masterKey>
</descriptor>";
var deserializedDescriptor = new CngGcmAuthenticatedEncryptorDescriptorDeserializer().ImportFromXml(XElement.Parse(xml));
var test = CreateEncryptorInstanceFromDescriptor(deserializedDescriptor as CngGcmAuthenticatedEncryptorDescriptor);
Expand Down
17 changes: 9 additions & 8 deletions ...AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

using System;
using System.Text;
using Xunit;

namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel
Expand All @@ -12,24 +13,24 @@ public class CngGcmAuthenticatedEncryptorDescriptorTests
public void ExportToXml_WithProviders_ProducesCorrectPayload()
{
// Arrange
var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret();
var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
var descriptor = new CngGcmAuthenticatedEncryptorDescriptor(new CngGcmAuthenticatedEncryptorConfiguration()
{
EncryptionAlgorithm = "enc-alg",
EncryptionAlgorithmKeySize = 2048,
EncryptionAlgorithmProvider = "enc-alg-prov"
}, masterKey);
}, masterKey.ToSecret());

// Act
var retVal = descriptor.ExportToXml();

// Assert
Assert.Equal(typeof(CngGcmAuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType);
const string expectedXml = @"
var expectedXml = $@"
<descriptor>
<encryption algorithm='enc-alg' keyLength='2048' provider='enc-alg-prov' />
<masterKey enc:requiresEncryption='true' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
<value>k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==</value>
<value>{masterKey}</value>
</masterKey>
</descriptor>";
XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement);
Expand All @@ -39,23 +40,23 @@ public void ExportToXml_WithProviders_ProducesCorrectPayload()
public void ExportToXml_WithoutProviders_ProducesCorrectPayload()
{
// Arrange
var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret();
var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
var descriptor = new CngGcmAuthenticatedEncryptorDescriptor(new CngGcmAuthenticatedEncryptorConfiguration()
{
EncryptionAlgorithm = "enc-alg",
EncryptionAlgorithmKeySize = 2048
}, masterKey);
}, masterKey.ToSecret());

// Act
var retVal = descriptor.ExportToXml();

// Assert
Assert.Equal(typeof(CngGcmAuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType);
const string expectedXml = @"
var expectedXml = $@"
<descriptor>
<encryption algorithm='enc-alg' keyLength='2048' />
<masterKey enc:requiresEncryption='true' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
<value>k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==</value>
<value>{masterKey}</value>
</masterKey>
</descriptor>";
XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement);
Expand Down
Loading

0 comments on commit 58b37d6

Please sign in to comment.