diff --git a/.config/CredScanSuppressions.json b/.config/CredScanSuppressions.json index da14baee20e321..984a86f68e69e6 100644 --- a/.config/CredScanSuppressions.json +++ b/.config/CredScanSuppressions.json @@ -1,49 +1,70 @@ { - "tool": "Credential Scanner", - "suppressions": [ - { - "file": [ - "/eng/common/internal-feed-operations.ps1", - "/eng/common/internal-feed-operations.sh", - "/src/libraries/Common/src/Interop/Windows/WinHttp/Interop.winhttp_types.cs", - "/src/libraries/Common/src/System/Security/Cryptography/EccSecurityTransforms.cs", - "/src/libraries/Common/tests/System/Net/Configuration.Certificates.cs", - "/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.Authentication.cs", - "/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.cs", - "/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.DefaultProxyCredentials.cs", - "/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.Proxy.cs", - "/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.ServerCertificates.cs", - "/src/libraries/Common/tests/System/Net/Http/PostScenarioTest.cs", - "/src/libraries/Common/tests/System/Net/Prerequisites/Deployment/setup_certificates.ps1", - "/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/EC/ECKeyFileTests.cs", - "/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/EC/ECKeyFileTests.LimitedPrivate.cs", - "/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAKeyFileTests.cs", - "/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAKeyPemTests.cs", - "/src/libraries/System.Data.Common/tests/System/Data/Common/DbConnectionStringBuilderTest.cs", - "/src/libraries/System.Diagnostics.Process/tests/ProcessStartInfoTests.cs", - "/src/libraries/System.DirectoryServices.AccountManagement/src/System/DirectoryServices/AccountManagement/constants.cs", - "/src/libraries/System.DirectoryServices.AccountManagement/tests/PrincipalTest.cs", - "/src/libraries/System.DirectoryServices.AccountManagement/tests/UserPrincipalTest.cs", - "/src/libraries/System.Net.Http/tests/FunctionalTests/SocketsHttpHandlerTest.cs", - "/src/libraries/System.Net.Http/tests/UnitTests/DigestAuthenticationTests.cs", - "/src/libraries/System.Net.Http/tests/UnitTests/HttpEnvironmentProxyTest.cs", - "/src/libraries/System.Net.Mail/tests/Functional/SmtpClientTest.cs", - "/src/libraries/System.Net.Requests/src/System/Net/FtpControlStream.cs", - "/src/libraries/System.Net.Requests/src/System/Net/FtpWebRequest.cs", - "/src/libraries/System.Net.WebSockets.Client/tests/ConnectTest.cs", - "/src/libraries/System.Private.Uri/tests/ExtendedFunctionalTests/UriRelativeResolutionTest.cs", - "/src/libraries/System.Private.Uri/tests/FunctionalTests/UriBuilderRefreshTest.cs", - "/src/libraries/System.Private.Uri/tests/FunctionalTests/UriBuilderTests.cs", - "/src/libraries/System.Private.Uri/tests/FunctionalTests/UriRelativeResolutionTest.cs", - "/src/libraries/System.Runtime/tests/System/Uri.CreateStringTests.cs", - "/src/libraries/System.Security.Cryptography.Algorithms/tests/Rfc2898Tests.cs", - "/src/libraries/System.Security.Cryptography.Pkcs/tests/Pkcs12/Pkcs12Documents.cs", - "/src/libraries/System.Security.Cryptography.X509Certificates/tests/ExportTests.cs", - "/src/libraries/System.Security.Cryptography.Xml/tests/EncryptedXmlTest.cs", - "/src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs", - "/src/libraries/System.Security.Cryptography.Xml/tests/TestHelpers.cs" - ], - "_justification": "Mostly test files. Other files contain harmless examples or constants." - }, - ] + "tool": "Credential Scanner", + "suppressions": [ + { + "_justification": "Unit test containing connection strings under the test.", + "file": [ + "src/libraries/System.Data.Common/tests/System/Data/Common/DbConnectionStringBuilderTest.cs" + ] + }, + { + "_justification": "Private key for testing purpose.", + "file": [ + "src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyPemTests.cs", + "src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/EC/ECKeyPemTests.cs", + "src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAKeyPemTests.cs", + "src/libraries/System.Security.Cryptography.X509Certificates/tests/TestData.cs" + ], + "placeholder": [ + "-----BEGIN PRIVATE KEY-----", + "-----BEGIN * PRIVATE KEY-----" + ] + }, + { + "_justification": "Test credential for Uri testing", + "file": [ + "src/libraries/System.Net.Http/tests/UnitTests/HttpEnvironmentProxyTest.cs", + "src/libraries/System.Private.Uri/tests/ExtendedFunctionalTests/UriRelativeResolutionTest.cs", + "src/libraries/System.Private.Uri/tests/FunctionalTests/UriBuilderRefreshTest.cs", + "src/libraries/System.Private.Uri/tests/FunctionalTests/UriBuilderTests.cs", + "src/libraries/System.Private.Uri/tests/FunctionalTests/UriRelativeResolutionTest.cs", + "src/libraries/System.Runtime/tests/System/Uri.CreateStringTests.cs" + ], + "placeholder": [ + "//*:;&$=123USERINFO@", + "//*:bar@", + "//*:bar1@", + "//*:password1@", + "//*:psw@", + "//*:userinfo2@" + ] + }, + { + "_justification": "Generic test password.", + "file": [ + "src/libraries/Common/tests/System/Net/Configuration.Certificates.cs", + "src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.Authentication.cs", + "src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.cs", + "src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.DefaultProxyCredentials.cs", + "src/libraries/Common/tests/System/Net/Http/PostScenarioTest.cs", + "src/libraries/Common/tests/System/Net/Prerequisites/Deployment/setup_certificates.ps1", + "src/libraries/System.Net.Http/tests/FunctionalTests/SocketsHttpHandlerTest.cs", + "src/libraries/System.Net.Http/tests/UnitTests/DigestAuthenticationTests.cs", + "src/libraries/System.Net.Http/tests/UnitTests/HttpEnvironmentProxyTest.cs", + "src/libraries/System.Net.Mail/tests/Functional/SmtpClientTest.cs", + "src/libraries/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs", + "src/libraries/System.Security.Cryptography.Xml/tests/TestHelpers.cs" + ], + "placeholder": [ + "\"anotherpassword\"", + "\"bar\"", + "\"mono\"", + "\"password1\"", + "\"rightpassword\"", + "\"testcertificate\"", + "\"unused\"", + "\"wrongpassword\"" + ] + } + ] } diff --git a/src/libraries/Common/src/Interop/Windows/WinHttp/Interop.winhttp_types.cs b/src/libraries/Common/src/Interop/Windows/WinHttp/Interop.winhttp_types.cs index 9dd0d81b56cf12..0ab94178f5d5c3 100644 --- a/src/libraries/Common/src/Interop/Windows/WinHttp/Interop.winhttp_types.cs +++ b/src/libraries/Common/src/Interop/Windows/WinHttp/Interop.winhttp_types.cs @@ -129,8 +129,10 @@ internal partial class WinHttp public const uint WINHTTP_AUTH_TARGET_PROXY = 0x00000001; public const uint WINHTTP_OPTION_USERNAME = 0x1000; + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="It is property descriptor, not secret value.")] public const uint WINHTTP_OPTION_PASSWORD = 0x1001; public const uint WINHTTP_OPTION_PROXY_USERNAME = 0x1002; + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="It is property descriptor, not secret value.")] public const uint WINHTTP_OPTION_PROXY_PASSWORD = 0x1003; public const uint WINHTTP_OPTION_SERVER_SPN_USED = 106; diff --git a/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.Proxy.cs b/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.Proxy.cs index ca4c5ce5562aae..2580ea977b29a5 100644 --- a/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.Proxy.cs +++ b/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.Proxy.cs @@ -261,8 +261,8 @@ public async Task Proxy_SendSecureRequestThruProxy_ConnectTunnelUsed() [ConditionalFact(typeof(PlatformDetection), nameof(PlatformDetection.IsNotWindowsNanoServer))] public async Task ProxyAuth_Digest_Succeeds() { - const string expectedUsername = "testusername"; - const string expectedPassword = "testpassword"; + const string expectedUsername = "user"; + const string expectedPassword = "password"; const string authHeader = "Proxy-Authenticate: Digest realm=\"NetCore\", nonce=\"PwOnWgAAAAAAjnbW438AAJSQi1kAAAAA\", qop=\"auth\", stale=false\r\n"; LoopbackServer.Options options = new LoopbackServer.Options { IsProxy = true, Username = expectedUsername, Password = expectedPassword }; var proxyCreds = new NetworkCredential(expectedUsername, expectedPassword); diff --git a/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.ServerCertificates.cs b/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.ServerCertificates.cs index dba69f304dd662..d04b1d7aee6860 100644 --- a/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.ServerCertificates.cs +++ b/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.ServerCertificates.cs @@ -108,7 +108,7 @@ public async Task UseCallback_HaveCredsAndUseAuthenticatedCustomProxyAndPostToSe handler.ServerCertificateCustomValidationCallback = TestHelper.AllowAllCertificates; handler.Proxy = new WebProxy(proxyServer.Uri) { - Credentials = new NetworkCredential("rightusername", "rightpassword") + Credentials = new NetworkCredential("user", "password") }; const string content = "This is a test"; diff --git a/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.cs b/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.cs index e243987445c9f0..2aa3c26ee16b13 100644 --- a/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.cs +++ b/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.cs @@ -1004,6 +1004,7 @@ await LoopbackServer.CreateClientAndServerAsync(async uri => $"Accept-Patch:{fold} text/example;charset=utf-8{newline}" + $"Accept-Ranges:{fold} bytes{newline}" + $"Age: {fold}12{newline}" + + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test dummy authorization.")] $"Authorization: Bearer 63123a47139a49829bcd8d03005ca9d7{newline}" + $"Allow: {fold}GET, HEAD{newline}" + $"Alt-Svc:{fold} http/1.1=\"http2.example.com:8001\"; ma=7200{newline}" + diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/EC/ECKeyFileTests.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/EC/ECKeyFileTests.cs index 4775d6b0013c1f..62fc99addf55da 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/EC/ECKeyFileTests.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/EC/ECKeyFileTests.cs @@ -176,6 +176,7 @@ public void ReadNistP521EncryptedPkcs8_Pbes2_Aes128_Sha384() public void ReadNistP521EncryptedPkcs8_Pbes2_Aes128_Sha384_PasswordBytes() { // PBES2, PBKDF2 (SHA384), AES128 + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test key.")] const string base64 = @" MIIBXTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI/JyXWyp/t3kCAggA MAwGCCqGSIb3DQIKBQAwHQYJYIZIAWUDBAECBBA3H8mbFK5afB5GzIemCCQkBIIB diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAKeyFileTests.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAKeyFileTests.cs index f2a79bcc72904f..d47ad3b3dca171 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAKeyFileTests.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAKeyFileTests.cs @@ -763,6 +763,7 @@ public static void ReadPbes2Rc2EncryptedDiminishedDP() public static void ReadPbes2Rc2EncryptedDiminishedDP_PasswordBytes() { // PBES2: PBKDF2 + RC2-128 + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test key.")] const string base64 = @" MIIBrjBIBgkqhkiG9w0BBQ0wOzAeBgkqhkiG9w0BBQwwEQQIKZEFT76zCFECAggA AgEQMBkGCCqGSIb3DQMCMA0CAToECE1Yyzk6++IPBIIBYDDvaYLkET8eudcYLQMf @@ -788,6 +789,7 @@ public static void ReadPbes2Rc2EncryptedDiminishedDP_PasswordBytes() [Fact] public static void ReadEncryptedDiminishedDP_EmptyPassword() { + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test key.")] const string base64 = @" MIIBgTAbBgkqhkiG9w0BBQMwDgQIJtjMez/9Gg4CAggABIIBYElq9UOOphEPU3b7 G/mV8M1uEdjigidMPih3b9IIJhrjMAEix2IjS+brFL7KRQgucpZZoaFU1utvkUHg @@ -812,6 +814,7 @@ public static void ReadEncryptedDiminishedDP_EmptyPassword() [Fact] public static void ReadEncryptedDiminishedDP_EmptyPasswordBytes() { + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test key.")] const string base64 = @" MIIBgTAbBgkqhkiG9w0BBQMwDgQIJtjMez/9Gg4CAggABIIBYElq9UOOphEPU3b7 G/mV8M1uEdjigidMPih3b9IIJhrjMAEix2IjS+brFL7KRQgucpZZoaFU1utvkUHg diff --git a/src/libraries/System.Diagnostics.Process/tests/ProcessStartInfoTests.cs b/src/libraries/System.Diagnostics.Process/tests/ProcessStartInfoTests.cs index 09eea0aba6576f..ced27b832ab369 100644 --- a/src/libraries/System.Diagnostics.Process/tests/ProcessStartInfoTests.cs +++ b/src/libraries/System.Diagnostics.Process/tests/ProcessStartInfoTests.cs @@ -354,6 +354,7 @@ public void TestWorkingDirectoryPropertyInChildProcess() [ConditionalFact(typeof(RemoteExecutor), nameof(RemoteExecutor.IsSupported)), PlatformSpecific(TestPlatforms.Windows), OuterLoop] // Uses P/Invokes, Requires admin privileges public void TestUserCredentialsPropertiesOnWindows() { + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test dummy credentials.")] string username = "test", password = "PassWord123!!"; try { diff --git a/src/libraries/System.DirectoryServices.AccountManagement/src/System/DirectoryServices/AccountManagement/constants.cs b/src/libraries/System.DirectoryServices.AccountManagement/src/System/DirectoryServices/AccountManagement/constants.cs index 8662ef2bf3ca7e..93c5e6f23c771d 100644 --- a/src/libraries/System.DirectoryServices.AccountManagement/src/System/DirectoryServices/AccountManagement/constants.cs +++ b/src/libraries/System.DirectoryServices.AccountManagement/src/System/DirectoryServices/AccountManagement/constants.cs @@ -95,6 +95,7 @@ private PropertyNames() { } // these two are not publicly exposed properties, but are used internally to track ResetPassword/ExpirePasswordNow // operations against unpersisted principals, so that they can be performed once the principal has been Saved + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Not a password.")] internal const string PwdInfoPassword = "AuthenticablePrincipal.PasswordInfo.Password"; internal const string PwdInfoExpireImmediately = "AuthenticablePrincipal.PasswordInfo.ExpireImmediately"; } diff --git a/src/libraries/System.DirectoryServices.AccountManagement/tests/PrincipalTest.cs b/src/libraries/System.DirectoryServices.AccountManagement/tests/PrincipalTest.cs index b46ceab58626c8..7b91de75941bec 100644 --- a/src/libraries/System.DirectoryServices.AccountManagement/tests/PrincipalTest.cs +++ b/src/libraries/System.DirectoryServices.AccountManagement/tests/PrincipalTest.cs @@ -15,8 +15,8 @@ public abstract class PrincipalTest : IDisposable private void RefreshContext() { - string username = "Administrator"; - string password = "Adrumble@6"; + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test dummy credentials.")] + string username = "Administrator", password = "Adrumble@6"; string OU = "Tests"; string baseDomain = WindowsIdentity.GetCurrent().Name.Split(new char[] { '\\' })[1] + "-TEST"; diff --git a/src/libraries/System.DirectoryServices.AccountManagement/tests/UserPrincipalTest.cs b/src/libraries/System.DirectoryServices.AccountManagement/tests/UserPrincipalTest.cs index 73d1a92107478e..22fa3f7053b3b9 100644 --- a/src/libraries/System.DirectoryServices.AccountManagement/tests/UserPrincipalTest.cs +++ b/src/libraries/System.DirectoryServices.AccountManagement/tests/UserPrincipalTest.cs @@ -31,8 +31,8 @@ public void UserPrincipalConstructorTest() public void ComputedUACCheck() { - string username = "Administrator"; - string password = "Adrumble@6"; + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test dummy credentials.")] + string username = "Administrator", password = "Adrumble@6"; //TODO: don't assume it exists, create it if its not string OU = "TestNull"; string baseDomain =WindowsIdentity.GetCurrent().Name.Split(new char[] { '\\' })[1] + "-TEST"; diff --git a/src/libraries/System.Net.Http.WinHttpHandler/tests/UnitTests/ClientCertificateHelper.cs b/src/libraries/System.Net.Http.WinHttpHandler/tests/UnitTests/ClientCertificateHelper.cs index b0e144992937c4..c284d2be592538 100644 --- a/src/libraries/System.Net.Http.WinHttpHandler/tests/UnitTests/ClientCertificateHelper.cs +++ b/src/libraries/System.Net.Http.WinHttpHandler/tests/UnitTests/ClientCertificateHelper.cs @@ -13,6 +13,7 @@ public class ClientCertificateHelper private readonly X509Certificate2 _cert_KeyUsageIncludesDigitalSignature_EKUIncludesClientAuth_PrivateKey = new X509Certificate2( Convert.FromBase64String( + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Dummy certificate for testing.")] @"MIIKTgIBAzCCCgoGCSqGSIb3DQEHAaCCCfsEggn3MIIJ8zCCBgwGCSqGSIb3DQEHAaCCBf0EggX5 MIIF9TCCBfEGCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAiHDatvDr8QBQIC B9AEggTYv1r4ckwt7o6f6DCMHlb/zv4t7rPju+PP0PjoJ8kzPfj419aSeyPuE+65YH9WFDqafJed @@ -65,6 +66,7 @@ public class ClientCertificateHelper private readonly X509Certificate2 _cert_KeyUsageMissingDigitalSignature_EKUIncludesClientAuth_PrivateKey = new X509Certificate2( Convert.FromBase64String( + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Dummy certificate for testing.")] @"MIIKTgIBAzCCCgoGCSqGSIb3DQEHAaCCCfsEggn3MIIJ8zCCBgwGCSqGSIb3DQEHAaCCBf0EggX5 MIIF9TCCBfEGCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAiSNi65ZF5ZTQIC B9AEggTYRTivDtzHOWRR+MobtGFEUu6d1PiIlF1Ic84FWvmFCcJShkBmg3cBqDilqtamAkDkga4h @@ -117,6 +119,7 @@ public class ClientCertificateHelper private readonly X509Certificate2 _cert_KeyUsageIncludesDigitalSignature_EKUMissingClientAuth_PrivateKey = new X509Certificate2( Convert.FromBase64String( + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Dummy certificate for testing.")] @"MIIKRgIBAzCCCgIGCSqGSIb3DQEHAaCCCfMEggnvMIIJ6zCCBgQGCSqGSIb3DQEHAaCCBfUEggXx MIIF7TCCBekGCyqGSIb3DQEMCgECoIIE9jCCBPIwHAYKKoZIhvcNAQwBAzAOBAhCUuNQ0RqfZQIC B9AEggTQHCQRSiCiNI7egTvUaI1Z3tfeLwFWvG7B/za5v9fb97MExoyVQSDmUyUDTlVEcg3gVqJZ @@ -169,6 +172,7 @@ public class ClientCertificateHelper private readonly X509Certificate2 _cert_KeyUsageIncludesDigitalSignature_NoEKU_PrivateKey = new X509Certificate2( Convert.FromBase64String( + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Dummy certificate for testing.")] @"MIIKPgIBAzCCCfoGCSqGSIb3DQEHAaCCCesEggnnMIIJ4zCCBgwGCSqGSIb3DQEHAaCCBf0EggX5 MIIF9TCCBfEGCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAijQh1kbOZOYQIC B9AEggTY+wDp3V31Lh7f8YrsqEsyGZ+GlYvFhLWvDASjisYJi5NlQ0ONbf0KOXHVSvBj3tVyuHm4 @@ -221,6 +225,7 @@ public class ClientCertificateHelper private readonly X509Certificate2 _cert_KeyUsageIncludesDigitalSignature_EKUIncludesClientAuth_NoPrivateKey = new X509Certificate2( Convert.FromBase64String( + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Dummy certificate for testing.")] @"MIIDFjCCAf6gAwIBAgIQTm8+EF94L4FJ0nBFl5LICzANBgkqhkiG9w0BAQsFADAb MRkwFwYDVQQDDBB1c2VyQGV4YW1wbGUuY29tMCAXDTE1MTAwNTEwMDMwMFoYDzIx MTUxMDA1MTAwMzAwWjAbMRkwFwYDVQQDDBB1c2VyQGV4YW1wbGUuY29tMIIBIjAN diff --git a/src/libraries/System.Net.Http/tests/FunctionalTests/SocketsHttpHandlerTest.cs b/src/libraries/System.Net.Http/tests/FunctionalTests/SocketsHttpHandlerTest.cs index a60e509ba7fd17..ae32a02a0ef3bb 100644 --- a/src/libraries/System.Net.Http/tests/FunctionalTests/SocketsHttpHandlerTest.cs +++ b/src/libraries/System.Net.Http/tests/FunctionalTests/SocketsHttpHandlerTest.cs @@ -663,6 +663,7 @@ await TestHelper.WhenAllCompletedOrAnyFailed( [Theory] [InlineData("Age", "1")] + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test dummy authorisation header.")] [InlineData("Authorization", "Basic YWxhZGRpbjpvcGVuc2VzYW1l")] [InlineData("Cache-Control", "no-cache")] [InlineData("Content-Encoding", "gzip")] @@ -1519,7 +1520,7 @@ public async Task ProxyAuth_SameConnection_Succeeds() using (var handler = new HttpClientHandler()) { - handler.Proxy = new UseSpecifiedUriWebProxy(proxyUrl, new NetworkCredential("abc", "def")); + handler.Proxy = new UseSpecifiedUriWebProxy(proxyUrl, new NetworkCredential("abc", "password")); using (HttpClient client = CreateHttpClient(handler)) { diff --git a/src/libraries/System.Net.Mail/tests/Functional/SmtpClientTest.cs b/src/libraries/System.Net.Mail/tests/Functional/SmtpClientTest.cs index 8a6f58093f4d28..3d55574f0cab38 100644 --- a/src/libraries/System.Net.Mail/tests/Functional/SmtpClientTest.cs +++ b/src/libraries/System.Net.Mail/tests/Functional/SmtpClientTest.cs @@ -293,7 +293,7 @@ public void TestMailDelivery() { using var server = new LoopbackSmtpServer(); using SmtpClient client = server.CreateClient(); - client.Credentials = new NetworkCredential("Foo", "Bar"); + client.Credentials = new NetworkCredential("foo", "bar"); MailMessage msg = new MailMessage("foo@example.com", "bar@example.com", "hello", "howdydoo"); client.Send(msg); @@ -303,8 +303,8 @@ public void TestMailDelivery() Assert.Equal("hello", server.Message.Subject); Assert.Equal("howdydoo", server.Message.Body); Assert.Equal(GetClientDomain(), server.ClientDomain); - Assert.Equal("Foo", server.Username); - Assert.Equal("Bar", server.Password); + Assert.Equal("foo", server.Username); + Assert.Equal("bar", server.Password); Assert.Equal("LOGIN", server.AuthMethodUsed, StringComparer.OrdinalIgnoreCase); } diff --git a/src/libraries/System.Net.Requests/src/System/Net/FtpControlStream.cs b/src/libraries/System.Net.Requests/src/System/Net/FtpControlStream.cs index 5ddcd417e9b2b9..4fb863569a6b65 100644 --- a/src/libraries/System.Net.Requests/src/System/Net/FtpControlStream.cs +++ b/src/libraries/System.Net.Requests/src/System/Net/FtpControlStream.cs @@ -499,6 +499,7 @@ protected override PipelineEntry[] BuildCommandsList(WebRequest req) if (domainUserName.Length == 0 && password.Length == 0) { domainUserName = "anonymous"; + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Anonymous FTP credential in production code.")] password = "anonymous@"; } diff --git a/src/libraries/System.Net.Requests/src/System/Net/FtpWebRequest.cs b/src/libraries/System.Net.Requests/src/System/Net/FtpWebRequest.cs index b95ba4b49d1092..dacc4b7cf96219 100644 --- a/src/libraries/System.Net.Requests/src/System/Net/FtpWebRequest.cs +++ b/src/libraries/System.Net.Requests/src/System/Net/FtpWebRequest.cs @@ -220,6 +220,7 @@ public sealed class FtpWebRequest : WebRequest private LazyAsyncResult? _readAsyncResult; private LazyAsyncResult? _requestCompleteAsyncResult; + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Anonymous FTP credential in production code.")] private static readonly NetworkCredential s_defaultFtpNetworkCredential = new NetworkCredential("anonymous", "anonymous@", string.Empty); private const int s_DefaultTimeout = 100000; // 100 seconds private static readonly TimerThread.Queue s_DefaultTimerQueue = TimerThread.GetOrCreateQueue(s_DefaultTimeout); diff --git a/src/libraries/System.Net.WebSockets.Client/tests/ConnectTest.cs b/src/libraries/System.Net.WebSockets.Client/tests/ConnectTest.cs index 20d1cc5fdb1968..6d4d63a730f1ea 100644 --- a/src/libraries/System.Net.WebSockets.Client/tests/ConnectTest.cs +++ b/src/libraries/System.Net.WebSockets.Client/tests/ConnectTest.cs @@ -214,6 +214,7 @@ await LoopbackServer.CreateClientAndServerAsync(async uri => using (var clientSocket = new ClientWebSocket()) using (var cts = new CancellationTokenSource(TimeOutMilliseconds)) { + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test dummy authorisation header.")] clientSocket.Options.SetRequestHeader("Authorization", "AWS4-HMAC-SHA256 Credential= AKIAXXXXXXXXXXXYSZA /20190301/us-east-2/neptune-db/aws4_request, SignedHeaders=host;x-amz-date, Signature=b8155de54d9faab00000000000000000000000000a07e0d7dda49902e4d9202"); await clientSocket.ConnectAsync(uri, cts.Token); } diff --git a/src/libraries/System.Security.Cryptography.Algorithms/tests/Rfc2898Tests.cs b/src/libraries/System.Security.Cryptography.Algorithms/tests/Rfc2898Tests.cs index e4ec0101290fcc..3a13bd7b3e8900 100644 --- a/src/libraries/System.Security.Cryptography.Algorithms/tests/Rfc2898Tests.cs +++ b/src/libraries/System.Security.Cryptography.Algorithms/tests/Rfc2898Tests.cs @@ -518,6 +518,7 @@ private static IEnumerable GetKnownValuesTestCases() { CaseName = "SHA256 alternate", HashAlgorithmName = "SHA256", + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test dummy credentials.")] Password = "abcdefghij", Salt = ascii.GetBytes("abcdefghij"), IterationCount = 1, @@ -532,6 +533,7 @@ private static IEnumerable GetKnownValuesTestCases() { CaseName = "SHA384 alternate", HashAlgorithmName = "SHA384", + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test dummy credentials.")] Password = "abcdefghij", Salt = ascii.GetBytes("abcdefghij"), IterationCount = 1, @@ -546,6 +548,7 @@ private static IEnumerable GetKnownValuesTestCases() { CaseName = "SHA512 alternate", HashAlgorithmName = "SHA512", + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test dummy credentials.")] Password = "abcdefghij", Salt = ascii.GetBytes("abcdefghij"), IterationCount = 1, diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/Pkcs12/Pkcs12Documents.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/Pkcs12/Pkcs12Documents.cs index 0fc7f919bbd769..51c80e09c768b3 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/Pkcs12/Pkcs12Documents.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/Pkcs12/Pkcs12Documents.cs @@ -222,6 +222,7 @@ internal static class Pkcs12Documents "2b0e03021a05000414c429b968eeca558cc2ec486f89b78c024bdecf2804" + "087cbeafa8089685a102030927c1").HexToByteArray(); + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test dummy credentials.")] internal const string OracleWalletPassword = "123Wallet"; } } diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/tests/ExportTests.cs b/src/libraries/System.Security.Cryptography.X509Certificates/tests/ExportTests.cs index b508552ea01a94..7f0455ea74d7c5 100644 --- a/src/libraries/System.Security.Cryptography.X509Certificates/tests/ExportTests.cs +++ b/src/libraries/System.Security.Cryptography.X509Certificates/tests/ExportTests.cs @@ -76,6 +76,7 @@ public static void ExportAsPfx() [Fact] public static void ExportAsPfxWithPassword() { + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Password for testing purpose.")] const string password = "Cotton"; using (X509Certificate2 c1 = new X509Certificate2(TestData.MsCertificate)) @@ -94,6 +95,7 @@ public static void ExportAsPfxWithPassword() [Fact] public static void ExportAsPfxVerifyPassword() { + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Password for testing purpose.")] const string password = "Cotton"; using (X509Certificate2 c1 = new X509Certificate2(TestData.MsCertificate)) @@ -109,7 +111,7 @@ public static void ExportAsPfxWithPrivateKeyVerifyPassword() using (var cert = new X509Certificate2(TestData.PfxData, TestData.PfxDataPassword, X509KeyStorageFlags.Exportable)) { Assert.True(cert.HasPrivateKey, "cert.HasPrivateKey"); - + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Password for testing purpose.")] const string password = "Cotton"; byte[] pfx = cert.Export(X509ContentType.Pkcs12, password); diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/EncryptedXmlTest.cs b/src/libraries/System.Security.Cryptography.Xml/tests/EncryptedXmlTest.cs index fc0a7d80195a5e..f547ba74dda2ed 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/EncryptedXmlTest.cs +++ b/src/libraries/System.Security.Cryptography.Xml/tests/EncryptedXmlTest.cs @@ -141,6 +141,7 @@ public void Sample2() { aes.Mode = CipherMode.CBC; aes.KeySize = 256; + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test key.")] aes.Key = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640="); aes.Padding = PaddingMode.Zeros; @@ -173,6 +174,7 @@ public void RoundtripSample1() aes.Mode = CipherMode.CBC; aes.KeySize = 256; aes.IV = Convert.FromBase64String("pBUM5P03rZ6AE4ZK5EyBrw=="); + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test key.")] aes.Key = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640="); aes.Padding = PaddingMode.Zeros; @@ -203,8 +205,8 @@ public void RoundtripSample1() { aes.Mode = CipherMode.CBC; aes.KeySize = 256; - aes.Key = Convert.FromBase64String( - "o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640="); + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test key.")] + aes.Key = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640="); aes.Padding = PaddingMode.Zeros; XmlDocument doc = new XmlDocument(); diff --git a/src/libraries/System.Security.Cryptography.Xml/tests/TestHelpers.cs b/src/libraries/System.Security.Cryptography.Xml/tests/TestHelpers.cs index 3f138acfd76247..4cdcd7d483346e 100644 --- a/src/libraries/System.Security.Cryptography.Xml/tests/TestHelpers.cs +++ b/src/libraries/System.Security.Cryptography.Xml/tests/TestHelpers.cs @@ -185,6 +185,7 @@ public static IEnumerable GetSymmetricAlgorithms(bool } private static readonly byte[] SamplePfx = Convert.FromBase64String( + // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test dummy certificate.")] @"MIIFpQIBAzCCBV8GCSqGSIb3DQEHAaCCBVAEggVMMIIFSDCCAl8GCSqGSIb3DQEHBqCCAlAwggJMAgEAMIICRQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIGTfVa4+vR1UCAgfQgIICGJuFE9alFWJFkaoeewKDIEnVwRxXfMsi8dcySYnp7jljEUQBfW/GIbOf7Lg2nHd0qxvxYI2YL4Zs+d0jWbqfNHamGFCMPe1dK957Z2PsKXR183vMSgnmlLAHktsIN+Gor7q1GbQ4ljfZkGqZ/rkgUsgsSYZSnJevP/uH0VnvxemljVJ7N7gKMYO0aqrca4qJ0O4YxBYyaerPFUOYunQlvk6DOF3SQXza5oFKcPGrSpE/9eQrnmm64BtbdnUE6qqEjfZfNa6MOD3vOnapLUBsel2TtVCu8tEl7I8FGxozTLXVTXOBkL3k7xLRS52ZtpbcU2JIhlDGpxeFXmjKYzdzHoL20iJubfdkUYtHwB0XjBKKLcI7jfgGgjNauaTLAx8FF+5O9s7Zbj2+SKWv56kqAwdX+iH21VgjAN9EByIXHb3p2ZOvy4ONDXTmfSn7jbuPLZTi+u6bxn2JOLf/gjEA8FiCuQDL9gF247bnUq08Z1uzuAUeaPL13U8mxwEuvCOXx5NEQIuf3cusnaH4+7uIhPk5tnfA5XOaABySetRjZhVN5dC5/g3KTwmaDamlW3Y7Az/NzAC4uKa2ny5jwYKBgHviEKOyJfLDKr5fOMRToOfgxvAdXZohQQTE1+TcBjp+eeV5koDfB1ReCKIRHugPZu5j9SCVcYanwFeJ5M4cEHZ9U1Ytsmzjh0fwV17D/hxQ4aS4VwVpOMypMIIC4QYJKoZIhvcNAQcBoIIC0gSCAs4wggLKMIICxgYLKoZIhvcNAQwKAQKgggKeMIICmjAcBgoqhkiG9w0BDAEDMA4ECBRdKqx022cfAgIH0ASCAnjZx9fvPCHizdH6apVzWWmfy/84HvDPjFOUV1TPehTnDPkNpF/uK/ya4jlbl4Kw0Zfknt5Xydl89SMXIWa2q+nWmxyG3XyfGqOAeBfJBSdCF5K3qkZZnzEfraKZZ5Hh8IEmK+ey45O6sltua6Xl5MRBmKLiwma7vX4ihXQTMfb0WlWDYCXZi85OeF0OlUjRWAwz4PeeiBK4nmI/vNmF1EzDVdZGkrrE8mot3Y4z6bvwqip2tUUbHuMnC+/1ikAcJzCOw4NpnEWCRtIJxgJ9es8E8CUfHESnWKe4nh6tJVJ15B8/7oF7N6j7oq4Oj346JthKoWWkzifNaH79A60/uFh08Rv7zrtJf6kedY6Ve2bR5lhWn0cv9Q6IaoqTmKKTmKJnjdQO9lKRCR6iI2OsYtXBropD8xhNNqsyfpNmP0G6wFiEZZxZjWOkZEJLUzFbH+Su+7l2l4FN9sM7k211/l3/3YF1QJHwZsgL98DZL4qE+nkuZQcdtOUx8QTyTOcVb3IzgCAwZm0rgdXQpJ9yRBgOC/6MnqaCPI0jJuavXF/a28GJWWGlazx7SWTrbzNVJ83ZhQ+pfPEPtMi3t0YVLLvapu3otgpiMkv4ew/ssXwYbg6xBWfotK+NG1cPwVFy9/V9+H5dpdvRI/le2QG0F5xCfCeKh/3AuNiMPEGoVUR5kj5cwFK6eskvt/+74ZenxfNPZ2Uttiw8DsqtTx1gxhcSZeU5YWpO7O78RaYE4Ll4kPbbvIaR18Napb6NKP846z02zvaw+feXARLe0HUY58TlmUjSX3MZRK4PEdyMIQ/URyPimj4rImaDfFrKPAHIjqT3EKv+KuNs8TEVMBMGCSqGSIb3DQEJFTEGBAQBAAAAMD0wITAJBgUrDgMCGgUABBRZOo132cuo2zNyy+SH2c+pN4OGmQQU2nQao3je7DTj2G6Gge8pooPf2ncCAgfQ"); public static X509Certificate2 GetSampleX509Certificate()