Update to CredScan v2 (PowerShell#11765)

calendb · Feb 4, 2020 · f3cc834 · f3cc834
1 parent 5ff8fad
commit f3cc834
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 4 deletions.
diff --git a/.vsts-ci/templates/credscan.yml b/.vsts-ci/templates/credscan.yml
@@ -15,6 +15,7 @@ jobs:
     displayName: 'Scan for Secrets'
     inputs:
       suppressionsFile: tools/credScan/suppress.json
+      toolMajorVersion: V2
       debugMode: false
 
   - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2

diff --git a/...crosoft.PowerShell.LocalAccounts/Pester.Command.Cmdlets.LocalAccounts.LocalUser.Tests.ps1 b/...crosoft.PowerShell.LocalAccounts/Pester.Command.Cmdlets.LocalAccounts.LocalUser.Tests.ps1
@@ -334,6 +334,7 @@ try {
         }
 
         It "Can set Password value at max 256" {
+            #[SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Demo/doc/test secret.")]
             $result = New-LocalUser TestUserNew1 -Password (ConvertTo-SecureString ("135@"+"A"*252) -AsPlainText -Force)
 
             $result.Name | Should -BeExactly TestUserNew1
@@ -762,6 +763,7 @@ try {
         }
 
         It "Can set Password value at max 256" {
+            #[SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Demo/doc/test secret.")]
             Set-LocalUser -Name TestUserSet1 -Password (ConvertTo-SecureString ("123@"+"A"*252) -asplaintext -Force)
             $result = Get-LocalUser -Name TestUserSet1
 

diff --git a/tools/credScan/suppress.json b/tools/credScan/suppress.json
@@ -2,12 +2,16 @@
     "tool": "Credential Scanner",
     "suppressions": [
       {
-       "file": "\\test\\tools\\Modules\\WebListener\\ClientCert.pfx", 
+       "file": "\\test\\tools\\Modules\\WebListener\\ClientCert.pfx",
         "_justification": "Test certificate with private key"
       },
       {
-        "file": "\\test\\tools\\Modules\\WebListener\\ServerCert.pfx", 
+        "file": "\\test\\tools\\Modules\\WebListener\\ServerCert.pfx",
          "_justification": "Test certificate with private key"
-       }
-     ]  
+       },
+       {
+         "file": "\\test\\powershell\\Modules\\Microsoft.PowerShell.Security\\certificateCommon.psm1",
+          "_justification": "Test certificate with private key and inline suppression isn't working"
+        }
+     ]
 }