From 2ca7196ae68645716ab085ff3f23ed50557bd352 Mon Sep 17 00:00:00 2001
From: Jalaj Minda <jaminda@microsoft.com>
Date: Thu, 30 Jan 2020 14:02:03 +0530
Subject: [PATCH 1/2] Fix issue #12237 - fails when service principal key
 contains quotes

---
 Tasks/AzureCLIV1/azureclitask.ts | 5 +++--
 Tasks/AzureCLIV1/task.json       | 2 +-
 Tasks/AzureCLIV1/task.loc.json   | 2 +-
 Tasks/AzureCLIV2/azureclitask.ts | 5 +++--
 Tasks/AzureCLIV2/task.json       | 2 +-
 Tasks/AzureCLIV2/task.loc.json   | 2 +-
 6 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/Tasks/AzureCLIV1/azureclitask.ts b/Tasks/AzureCLIV1/azureclitask.ts
index f693d210349c..88d6d9c3f5c5 100644
--- a/Tasks/AzureCLIV1/azureclitask.ts
+++ b/Tasks/AzureCLIV1/azureclitask.ts
@@ -140,12 +140,13 @@ export class azureclitask {
             }
             else {
                 tl.debug('key based endpoint');
-                cliPassword = tl.getEndpointAuthorizationParameter(connectedService, "serviceprincipalkey", false);
+                cliPassword = tl.getEndpointAuthorizationParameter(connectedService, "serviceprincipalkey", false).replace(/"/g, '\\"');
+                tl.setSecret(`"${cliPassword.replace(/\\/g, '\"')}"`);
                 this.servicePrincipalKey = cliPassword;
             }
 
             //login using svn
-            this.throwIfError(tl.execSync("az", "login --service-principal -u \"" + servicePrincipalId + "\" -p \"" + cliPassword + "\" --tenant \"" + tenantId + "\""), tl.loc("LoginFailed"));
+            this.throwIfError(tl.execSync("az", `login --service-principal -u "${servicePrincipalId}" -p "${cliPassword}" --tenant "${tenantId}"`), tl.loc("LoginFailed"));
         }
         else if(authScheme.toLowerCase() == "managedserviceidentity") {
             //login using msi
diff --git a/Tasks/AzureCLIV1/task.json b/Tasks/AzureCLIV1/task.json
index c136d4e0bdc0..efa650b7445f 100644
--- a/Tasks/AzureCLIV1/task.json
+++ b/Tasks/AzureCLIV1/task.json
@@ -19,7 +19,7 @@
     "demands": [],
     "version": {
         "Major": 1,
-        "Minor": 157,
+        "Minor": 163,
         "Patch": 0
     },
     "minimumAgentVersion": "2.0.0",
diff --git a/Tasks/AzureCLIV1/task.loc.json b/Tasks/AzureCLIV1/task.loc.json
index 6136a25a4a30..362fcf79431a 100644
--- a/Tasks/AzureCLIV1/task.loc.json
+++ b/Tasks/AzureCLIV1/task.loc.json
@@ -19,7 +19,7 @@
   "demands": [],
   "version": {
     "Major": 1,
-    "Minor": 157,
+    "Minor": 163,
     "Patch": 0
   },
   "minimumAgentVersion": "2.0.0",
diff --git a/Tasks/AzureCLIV2/azureclitask.ts b/Tasks/AzureCLIV2/azureclitask.ts
index 9bedcd51cca6..986770487f6d 100644
--- a/Tasks/AzureCLIV2/azureclitask.ts
+++ b/Tasks/AzureCLIV2/azureclitask.ts
@@ -98,12 +98,13 @@ export class azureclitask {
             }
             else {
                 tl.debug('key based endpoint');
-                cliPassword = tl.getEndpointAuthorizationParameter(connectedService, "serviceprincipalkey", false);
+                cliPassword = tl.getEndpointAuthorizationParameter(connectedService, "serviceprincipalkey", false).replace(/"/g, '\\"');
+                tl.setSecret(`"${cliPassword.replace(/\\/g, '\"')}"`);
                 this.servicePrincipalKey = cliPassword;
             }
 
             //login using svn
-            Utility.throwIfError(tl.execSync("az", "login --service-principal -u \"" + servicePrincipalId + "\" -p \"" + cliPassword + "\" --tenant \"" + tenantId + "\""), tl.loc("LoginFailed"));
+            Utility.throwIfError(tl.execSync("az", `login --service-principal -u "${servicePrincipalId}" -p "${cliPassword}" --tenant "${tenantId}"`), tl.loc("LoginFailed"));
         }
         else if(authScheme.toLowerCase() == "managedserviceidentity") {
             //login using msi
diff --git a/Tasks/AzureCLIV2/task.json b/Tasks/AzureCLIV2/task.json
index 4ef4ab5fe3f0..213ce699af63 100644
--- a/Tasks/AzureCLIV2/task.json
+++ b/Tasks/AzureCLIV2/task.json
@@ -21,7 +21,7 @@
     "version": {
         "Major": 2,
         "Minor": 0,
-        "Patch": 5
+        "Patch": 6
     },
     "minimumAgentVersion": "2.0.0",
     "instanceNameFormat": "Azure CLI $(scriptPath)",
diff --git a/Tasks/AzureCLIV2/task.loc.json b/Tasks/AzureCLIV2/task.loc.json
index 0fdfe29e685a..5754f48709be 100644
--- a/Tasks/AzureCLIV2/task.loc.json
+++ b/Tasks/AzureCLIV2/task.loc.json
@@ -21,7 +21,7 @@
   "version": {
     "Major": 2,
     "Minor": 0,
-    "Patch": 5
+    "Patch": 6
   },
   "minimumAgentVersion": "2.0.0",
   "instanceNameFormat": "ms-resource:loc.instanceNameFormat",

From 36cee5b922ebed5b6d9bd90eb110ca1272b55665 Mon Sep 17 00:00:00 2001
From: Jalaj Minda <jaminda@microsoft.com>
Date: Thu, 30 Jan 2020 19:01:53 +0530
Subject: [PATCH 2/2] minor change

---
 Tasks/AzureCLIV1/azureclitask.ts | 7 ++++---
 Tasks/AzureCLIV2/azureclitask.ts | 7 ++++---
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/Tasks/AzureCLIV1/azureclitask.ts b/Tasks/AzureCLIV1/azureclitask.ts
index 88d6d9c3f5c5..488106e9853f 100644
--- a/Tasks/AzureCLIV1/azureclitask.ts
+++ b/Tasks/AzureCLIV1/azureclitask.ts
@@ -140,13 +140,14 @@ export class azureclitask {
             }
             else {
                 tl.debug('key based endpoint');
-                cliPassword = tl.getEndpointAuthorizationParameter(connectedService, "serviceprincipalkey", false).replace(/"/g, '\\"');
-                tl.setSecret(`"${cliPassword.replace(/\\/g, '\"')}"`);
+                cliPassword = tl.getEndpointAuthorizationParameter(connectedService, "serviceprincipalkey", false);
                 this.servicePrincipalKey = cliPassword;
             }
 
+            let escapedCliPassword = cliPassword.replace(/"/g, '\\"');
+            tl.setSecret(escapedCliPassword.replace(/\\/g, '\"'));
             //login using svn
-            this.throwIfError(tl.execSync("az", `login --service-principal -u "${servicePrincipalId}" -p "${cliPassword}" --tenant "${tenantId}"`), tl.loc("LoginFailed"));
+            this.throwIfError(tl.execSync("az", `login --service-principal -u "${servicePrincipalId}" -p "${escapedCliPassword}" --tenant "${tenantId}"`), tl.loc("LoginFailed"));
         }
         else if(authScheme.toLowerCase() == "managedserviceidentity") {
             //login using msi
diff --git a/Tasks/AzureCLIV2/azureclitask.ts b/Tasks/AzureCLIV2/azureclitask.ts
index 986770487f6d..d84eae16e545 100644
--- a/Tasks/AzureCLIV2/azureclitask.ts
+++ b/Tasks/AzureCLIV2/azureclitask.ts
@@ -98,13 +98,14 @@ export class azureclitask {
             }
             else {
                 tl.debug('key based endpoint');
-                cliPassword = tl.getEndpointAuthorizationParameter(connectedService, "serviceprincipalkey", false).replace(/"/g, '\\"');
-                tl.setSecret(`"${cliPassword.replace(/\\/g, '\"')}"`);
+                cliPassword = tl.getEndpointAuthorizationParameter(connectedService, "serviceprincipalkey", false);
                 this.servicePrincipalKey = cliPassword;
             }
 
+            let escapedCliPassword = cliPassword.replace(/"/g, '\\"');
+            tl.setSecret(escapedCliPassword.replace(/\\/g, '\"'));
             //login using svn
-            Utility.throwIfError(tl.execSync("az", `login --service-principal -u "${servicePrincipalId}" -p "${cliPassword}" --tenant "${tenantId}"`), tl.loc("LoginFailed"));
+            Utility.throwIfError(tl.execSync("az", `login --service-principal -u "${servicePrincipalId}" -p "${escapedCliPassword}" --tenant "${tenantId}"`), tl.loc("LoginFailed"));
         }
         else if(authScheme.toLowerCase() == "managedserviceidentity") {
             //login using msi