From daac8982e8940a289e8aa0c455508553a8a45ff6 Mon Sep 17 00:00:00 2001 From: Ashish Ranjan Date: Fri, 3 Mar 2017 15:29:45 +0530 Subject: [PATCH] Added special char trimming for ssl and updated help texts (#3724) * Added special char trimming for ssl and updated help texts * Handle review comments --- .../resources.resjson/en-US/resources.resjson | 15 +++++----- .../Tests/L0.ts | 28 +++++++++---------- .../Utility.ps1 | 12 +++++++- .../task.json | 17 +++++------ .../task.loc.json | 5 ++-- 5 files changed, 45 insertions(+), 32 deletions(-) diff --git a/Tasks/IISWebAppManagementOnMachineGroup/Strings/resources.resjson/en-US/resources.resjson b/Tasks/IISWebAppManagementOnMachineGroup/Strings/resources.resjson/en-US/resources.resjson index d8cd52ceb24c..c4523ab82360 100644 --- a/Tasks/IISWebAppManagementOnMachineGroup/Strings/resources.resjson/en-US/resources.resjson +++ b/Tasks/IISWebAppManagementOnMachineGroup/Strings/resources.resjson/en-US/resources.resjson @@ -25,7 +25,7 @@ "loc.input.label.WebsiteAuthUserName": "Username", "loc.input.help.WebsiteAuthUserName": "Provide the user name that will be used to access the website's physical path.", "loc.input.label.WebsiteAuthUserPassword": "Password", - "loc.input.help.WebsiteAuthUserPassword": "Provide the user's password that will be used to access the website's physical path.", + "loc.input.help.WebsiteAuthUserPassword": "Provide the user's password that will be used to access the website's physical path.
The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'.
Note: Special characters in password are interpreted as per command-line arguments", "loc.input.label.AddBinding": "Add binding", "loc.input.help.AddBinding": "Select the option to add port binding for the website.", "loc.input.label.Protocol": "Protocol", @@ -57,7 +57,7 @@ "loc.input.label.AppPoolUsernameForWebsite": "Username", "loc.input.help.AppPoolUsernameForWebsite": "Provide the username of the custom account that you want to use.", "loc.input.label.AppPoolPasswordForWebsite": "Password", - "loc.input.help.AppPoolPasswordForWebsite": "Provide the password for custom account.
The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'. ", + "loc.input.help.AppPoolPasswordForWebsite": "Provide the password for custom account.
The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'.
Note: Special characters in password are interpreted as per command-line arguments", "loc.input.label.ParentWebsiteNameForVD": "Parent website name", "loc.input.help.ParentWebsiteNameForVD": "Provide the name of the parent Website of the virtual directory.", "loc.input.label.VirtualPathForVD": "Virtual path", @@ -69,7 +69,7 @@ "loc.input.label.VDAuthUserName": "Username", "loc.input.help.VDAuthUserName": "Provide the user name that will be used to access the virtual directory's physical path.", "loc.input.label.VDAuthUserPassword": "Password", - "loc.input.help.VDAuthUserPassword": "Provide the user's password that will be used to access the virtual directory's physical path.", + "loc.input.help.VDAuthUserPassword": "Provide the user's password that will be used to access the virtual directory's physical path.
The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'.
Note: Special characters in password are interpreted as per command-line arguments", "loc.input.label.ParentWebsiteNameForApplication": "Parent website name", "loc.input.help.ParentWebsiteNameForApplication": "Provide the name of the parent Website under which the application will be created or updated.", "loc.input.label.VirtualPathForApplication": "Virtual path", @@ -81,7 +81,7 @@ "loc.input.label.ApplicationAuthUserName": "Username", "loc.input.help.ApplicationAuthUserName": "Provide the user name that will be used to access the application's physical path.", "loc.input.label.ApplicationAuthUserPassword": "Password", - "loc.input.help.ApplicationAuthUserPassword": "Provide the user's password that will be used to access the application's physical path.", + "loc.input.help.ApplicationAuthUserPassword": "Provide the user's password that will be used to access the application's physical path.
The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'.
Note: Special characters in password are interpreted as per command-line arguments", "loc.input.label.CreateOrUpdateAppPoolForApplication": "Create or update app pool", "loc.input.help.CreateOrUpdateAppPoolForApplication": "Select the option to create or update an application pool. If checked, the application will be created in the specified app pool.", "loc.input.label.AppPoolNameForApplication": "Name", @@ -95,7 +95,7 @@ "loc.input.label.AppPoolUsernameForApplication": "Username", "loc.input.help.AppPoolUsernameForApplication": "Provide the username of the custom account that you want to use.", "loc.input.label.AppPoolPasswordForApplication": "Password", - "loc.input.help.AppPoolPasswordForApplication": "Provide the password for custom account.
The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'.", + "loc.input.help.AppPoolPasswordForApplication": "Provide the password for custom account.
The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'.
Note: Special characters in password are interpreted as per command-line arguments", "loc.input.label.AppPoolName": "Name", "loc.input.help.AppPoolName": "Provide the name of the IIS application pool to create or update.", "loc.input.label.DotNetVersion": ".NET version", @@ -107,7 +107,7 @@ "loc.input.label.AppPoolUsername": "Username", "loc.input.help.AppPoolUsername": "Provide the username of the custom account that you want to use.", "loc.input.label.AppPoolPassword": "Password", - "loc.input.help.AppPoolPassword": "Provide the password for custom account.
The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'.", + "loc.input.help.AppPoolPassword": "Provide the password for custom account.
The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'.
Note: Special characters in password are interpreted as per command-line arguments", "loc.input.label.StartStopRecycleAppPoolName": "Application pool name", "loc.input.help.StartStopRecycleAppPoolName": "Provide the name of the IIS application pool.", "loc.input.label.AppCmdCommands": "Additional appcmd.exe commands", @@ -116,5 +116,6 @@ "loc.messages.InvalidVirtualPath": "Virtual path should begin with a /", "loc.messages.InvalidIISDeploymentType": "Invalid IIS Deployment Type : {0}", "loc.messages.InvalidActionIISWebsite": "Invalid action '{0}' selected for the IIS Website.", - "loc.messages.InvalidActionIISAppPool": "Invalid action '{0}' selected for the IIS Application Pool." + "loc.messages.InvalidActionIISAppPool": "Invalid action '{0}' selected for the IIS Application Pool.", + "loc.messages.SSLCertWarningInvalidCharacters": "SSL Certificate thumbprint contains non-hexadecimal characters. Trimming all non-hexadecimal characters." } \ No newline at end of file diff --git a/Tasks/IISWebAppManagementOnMachineGroup/Tests/L0.ts b/Tasks/IISWebAppManagementOnMachineGroup/Tests/L0.ts index 7f518868704e..4705f5732c07 100644 --- a/Tasks/IISWebAppManagementOnMachineGroup/Tests/L0.ts +++ b/Tasks/IISWebAppManagementOnMachineGroup/Tests/L0.ts @@ -36,11 +36,11 @@ describe('IISWebAppManagementOnMachineGroup Suite', function () { psr.run(path.join(__dirname, 'L0AppcmdAddUpdateWebsite.ps1'), done); }) - it('test website add binding', (done) => { + it('test add binding for website', (done) => { psr.run(path.join(__dirname, 'L0AppcmdTestBinding.ps1'), done); }) - it('test sni and sslcert addition', (done) => { + it('test sni and sslcert addition for https binding', (done) => { psr.run(path.join(__dirname, 'L0AppcmdTestSSLandSNI.ps1'), done); }) @@ -56,40 +56,40 @@ describe('IISWebAppManagementOnMachineGroup Suite', function () { psr.run(path.join(__dirname, 'L0AppcmdTestApplicationExists.ps1'), done); }) - it('test add and update application function', (done) => { + it('test add and update application', (done) => { psr.run(path.join(__dirname, 'L0AppcmdAddUpdateApplication.ps1'), done); }) - it('test virtual directory exists function', (done) => { + it('test virtual directory exists', (done) => { psr.run(path.join(__dirname, 'L0AppcmdTestVirtualDirExists.ps1'), done); }) - it('test add and update virtual directory function', (done) => { + it('test add and update virtual directory', (done) => { psr.run(path.join(__dirname, 'L0AppcmdAddUpdateVDir.ps1'), done); }) - it('test additional actions', (done) => { + it('test additional actions for website and application pool', (done) => { psr.run(path.join(__dirname, 'L0AppcmdAdditionalActions.ps1'), done); }) - it('test execute-main function', (done) => { + it('test execute main for appcmd', (done) => { psr.run(path.join(__dirname, 'L0AppcmdExecuteMain.ps1'), done); }) - it('test iis manage utility - manage virtual directory', (done) => { - psr.run(path.join(__dirname, 'L0UtilityManageVDir.ps1'), done); + it('test iis manage utility - manage website', (done) => { + psr.run(path.join(__dirname, 'L0UtilityManageWebsite.ps1'), done); }) - + it('test iis manage utility - manage application', (done) => { psr.run(path.join(__dirname, 'L0UtilityManageApp.ps1'), done); }) + it('test iis manage utility - manage virtual directory', (done) => { + psr.run(path.join(__dirname, 'L0UtilityManageVDir.ps1'), done); + }) + it('test iis manage utility - manage application pool', (done) => { psr.run(path.join(__dirname, 'L0UtilityManageAppPool.ps1'), done); }) - - it('test iis manage utility - manage website', (done) => { - psr.run(path.join(__dirname, 'L0UtilityManageWebsite.ps1'), done); - }) } }); \ No newline at end of file diff --git a/Tasks/IISWebAppManagementOnMachineGroup/Utility.ps1 b/Tasks/IISWebAppManagementOnMachineGroup/Utility.ps1 index 05549752e4bd..a87ae4dc33b1 100644 --- a/Tasks/IISWebAppManagementOnMachineGroup/Utility.ps1 +++ b/Tasks/IISWebAppManagementOnMachineGroup/Utility.ps1 @@ -226,7 +226,17 @@ function Trim-Inputs([ref]$siteName, [ref]$physicalPath, [ref]$poolName, [ref]$v } if ($sslCertThumbPrint -ne $null) { - $sslCertThumbPrint.Value = $sslCertThumbPrint.Value.Trim() + # Trim all non-hexadecimal characters from the ssl cetificate thumbprint + if([regex]::IsMatch($sslCertThumbPrint.Value, "[^a-fA-F0-9]+")) + { + Write-Warning (Get-VstsLocString -Key "SSLCertWarningInvalidCharacters") + } + + $sslCertThumbprint.Value = [Regex]::Replace($sslCertThumbprint.Value, "[^a-fA-F0-9]+" , "") + + # Mark the SSL thumbprint value to be a secret value + $sslCertThumbprintValue = $sslCertThumbprint.Value + Write-Host "##vso[task.setvariable variable=f13679253bf44b74afbd244ae83ca735;isSecret=true]$sslCertThumbprintValue" } } diff --git a/Tasks/IISWebAppManagementOnMachineGroup/task.json b/Tasks/IISWebAppManagementOnMachineGroup/task.json index 04f9433e0347..acde0b405140 100644 --- a/Tasks/IISWebAppManagementOnMachineGroup/task.json +++ b/Tasks/IISWebAppManagementOnMachineGroup/task.json @@ -16,7 +16,7 @@ "version": { "Major": 0, "Minor": 2, - "Patch": 0 + "Patch": 1 }, "minimumAgentVersion": "2.111.0", "instanceNameFormat": "Manage $(IISDeploymentType)", @@ -153,7 +153,7 @@ "groupName": "Website", "defaultValue": "", "visibleRule": "WebsitePhysicalPathAuth = WebsiteWindowsAuth", - "helpMarkDown": "Provide the user's password that will be used to access the website's physical path." + "helpMarkDown": "Provide the user's password that will be used to access the website's physical path.
The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'.
Note: Special characters in password are interpreted as per command-line arguments" }, { "name": "AddBinding", @@ -326,7 +326,7 @@ "defaultValue": "", "required": false, "groupName": "ApplicationPoolForWebsite", - "helpMarkDown": "Provide the password for custom account.
The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'. ", + "helpMarkDown": "Provide the password for custom account.
The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'.
Note: Special characters in password are interpreted as per command-line arguments", "visibleRule": "AppPoolIdentityForWebsite = SpecificUser" }, { @@ -385,7 +385,7 @@ "required": false, "defaultValue": "", "visibleRule": "VDPhysicalPathAuth = VDWindowsAuth", - "helpMarkDown": "Provide the user's password that will be used to access the virtual directory's physical path." + "helpMarkDown": "Provide the user's password that will be used to access the virtual directory's physical path.
The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'.
Note: Special characters in password are interpreted as per command-line arguments" }, { "name": "ParentWebsiteNameForApplication", @@ -443,7 +443,7 @@ "required": false, "defaultValue": "", "visibleRule": "ApplicationPhysicalPathAuth = ApplicationWindowsAuth", - "helpMarkDown": "Provide the user's password that will be used to access the application's physical path." + "helpMarkDown": "Provide the user's password that will be used to access the application's physical path.
The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'.
Note: Special characters in password are interpreted as per command-line arguments" }, { "name": "CreateOrUpdateAppPoolForApplication", @@ -524,7 +524,7 @@ "required": false, "groupName": "ApplicationPoolForApplication", "visibleRule": "AppPoolIdentityForApplication = SpecificUser", - "helpMarkDown": "Provide the password for custom account.
The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'." + "helpMarkDown": "Provide the password for custom account.
The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'.
Note: Special characters in password are interpreted as per command-line arguments" }, { "name": "AppPoolName", @@ -596,7 +596,7 @@ "required": false, "groupName": "ApplicationPool", "visibleRule": "AppPoolIdentity = SpecificUser", - "helpMarkDown": "Provide the password for custom account.
The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'." + "helpMarkDown": "Provide the password for custom account.
The best practice is to create a variable in the Build or Release definition, and mark it as 'Secret' to secure it, and then use it here, like '$(userCredentials)'.
Note: Special characters in password are interpreted as per command-line arguments" }, { "name": "StartStopRecycleAppPoolName", @@ -627,7 +627,8 @@ "InvalidVirtualPath": "Virtual path should begin with a /", "InvalidIISDeploymentType": "Invalid IIS Deployment Type : {0}", "InvalidActionIISWebsite": "Invalid action '{0}' selected for the IIS Website.", - "InvalidActionIISAppPool": "Invalid action '{0}' selected for the IIS Application Pool." + "InvalidActionIISAppPool": "Invalid action '{0}' selected for the IIS Application Pool.", + "SSLCertWarningInvalidCharacters": "SSL Certificate thumbprint contains non-hexadecimal characters. Trimming all non-hexadecimal characters." } } \ No newline at end of file diff --git a/Tasks/IISWebAppManagementOnMachineGroup/task.loc.json b/Tasks/IISWebAppManagementOnMachineGroup/task.loc.json index 3a0a8cfc464f..053b8eb8face 100644 --- a/Tasks/IISWebAppManagementOnMachineGroup/task.loc.json +++ b/Tasks/IISWebAppManagementOnMachineGroup/task.loc.json @@ -16,7 +16,7 @@ "version": { "Major": 0, "Minor": 2, - "Patch": 0 + "Patch": 1 }, "minimumAgentVersion": "2.111.0", "instanceNameFormat": "ms-resource:loc.instanceNameFormat", @@ -627,6 +627,7 @@ "InvalidVirtualPath": "ms-resource:loc.messages.InvalidVirtualPath", "InvalidIISDeploymentType": "ms-resource:loc.messages.InvalidIISDeploymentType", "InvalidActionIISWebsite": "ms-resource:loc.messages.InvalidActionIISWebsite", - "InvalidActionIISAppPool": "ms-resource:loc.messages.InvalidActionIISAppPool" + "InvalidActionIISAppPool": "ms-resource:loc.messages.InvalidActionIISAppPool", + "SSLCertWarningInvalidCharacters": "ms-resource:loc.messages.SSLCertWarningInvalidCharacters" } } \ No newline at end of file