Skip to content

Commit

Permalink
Tracyboehrer/4.22.8 patch release (#6847)
Browse files Browse the repository at this point in the history
* Fix for Skills endorsement check (#6846)

Co-authored-by: Tracy Boehrer <[email protected]>

* FederatedAppCredentials and factory

* add token credential authentication to BlobsTranscriptStore (#6813)

* [#6741] Remove .Net Core 3.1 from projects (#6819)

* Remove netcoreapp3.1 and fix System.Text.Json issue

* Fix System.Formats.Asn1 security issue

* Fix remaining System.Text.Json issue

* Removed unused argument from FederatedAuthenticator.CreateClientApplication

* Fix Microsoft.Bcl.AsyncInterfaces warning (#6837)

# Conflicts:
#	libraries/Microsoft.Bot.Builder.Azure/Microsoft.Bot.Builder.Azure.csproj

* add code ql comment about TypeNameHandling.None (#6843)

---------

Co-authored-by: Tracy Boehrer <[email protected]>
Co-authored-by: Jhonatan Sandoval Velasco <[email protected]>
Co-authored-by: Joel Mut <[email protected]>
  • Loading branch information
4 people authored Sep 10, 2024
1 parent a810e73 commit d6827f9
Show file tree
Hide file tree
Showing 65 changed files with 434 additions and 195 deletions.
15 changes: 3 additions & 12 deletions build/onebranch/ci-test-steps.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,21 +20,12 @@ steps:
customCommand: 'install -g @microsoft/botframework-cli@next'

- task: UseDotNet@2
displayName: "Install .NET Core 3.1.415"
displayName: "Install .NET Core 6.0"
continueOnError: true
inputs:
packageType: "sdk"
version: 3.1.415
condition: and(succeeded(), eq(variables['BuildConfiguration'],'Release-Windows'), eq(variables['BuildTarget'],'netcoreapp31'))

- task: DotNetCoreCLI@2
displayName: 'dotnet test (release) 3.1'
inputs:
command: test
projects: |
Tests/**/*Tests.csproj
arguments: '-v n -f netcoreapp3.1 --configuration release --no-build --no-restore --filter "TestCategory!=IgnoreInAutomatedBuild&TestCategory!=FunctionalTests" --collect:"Code Coverage" --settings $(Build.SourcesDirectory)\CodeCoverage.runsettings'
condition: and(succeeded(), eq(variables['BuildConfiguration'],'Release-Windows'), eq(variables['BuildTarget'],'netcoreapp31'))
version: 6.x
condition: and(succeeded(), eq(variables['BuildConfiguration'],'Release-Windows'), eq(variables['BuildTarget'],'net6'))

- task: DotNetCoreCLI@2
displayName: 'dotnet test (release) 6.0'
Expand Down
16 changes: 0 additions & 16 deletions build/onebranch/pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -42,14 +42,6 @@ variables:
stages:
- stage: Build
jobs:
- job: Debug_Windows_Configuration_31
variables:
BuildConfiguration: Debug-Windows
BuildTarget: 'netcoreapp31' # set the TargetFramework property for tests to use netcoreapp3.1
steps:
- template: ci-build-steps.yml
- template: ci-test-steps.yml
- template: ci-component-detection-steps.yml
- job: Debug_Windows_Configuration_6
variables:
BuildConfiguration: Debug-Windows
Expand All @@ -66,14 +58,6 @@ stages:
- template: ci-build-steps.yml
- template: ci-test-steps.yml
- template: ci-component-detection-steps.yml
- job: Release_Windows_Configuration_31
variables:
BuildConfiguration: Release-Windows
BuildTarget: 'netcoreapp31' # set the TargetFramework property for tests to use netcoreapp3.1
steps:
- template: ci-build-steps.yml
- template: ci-test-steps.yml
- template: ci-component-detection-steps.yml
- job: Release_Windows_Configuration_6
variables:
BuildConfiguration: Release-Windows
Expand Down
16 changes: 0 additions & 16 deletions build/yaml/botbuilder-dotnet-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -42,14 +42,6 @@ variables:
stages:
- stage: Build
jobs:
- job: Debug_Windows_Configuration_31
variables:
BuildConfiguration: Debug-Windows
BuildTarget: 'netcoreapp31' # set the TargetFramework property for tests to use netcoreapp3.1
steps:
- template: ci-build-steps.yml
- template: ci-test-steps.yml
- template: ci-component-detection-steps.yml
- job: Debug_Windows_Configuration_6
variables:
BuildConfiguration: Debug-Windows
Expand All @@ -66,14 +58,6 @@ stages:
- template: ci-build-steps.yml
- template: ci-test-steps.yml
- template: ci-component-detection-steps.yml
- job: Release_Windows_Configuration_31
variables:
BuildConfiguration: Release-Windows
BuildTarget: 'netcoreapp31' # set the TargetFramework property for tests to use netcoreapp3.1
steps:
- template: ci-build-steps.yml
- template: ci-test-steps.yml
- template: ci-component-detection-steps.yml
- job: Release_Windows_Configuration_6
variables:
BuildConfiguration: Release-Windows
Expand Down
15 changes: 3 additions & 12 deletions build/yaml/ci-test-steps.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,21 +20,12 @@ steps:
customCommand: 'install -g @microsoft/botframework-cli@next'

- task: UseDotNet@2
displayName: "Install .NET Core 3.1.415"
displayName: "Install .NET Core 6.0"
continueOnError: true
inputs:
packageType: "sdk"
version: 3.1.415
condition: and(succeeded(), eq(variables['BuildConfiguration'],'Release-Windows'), eq(variables['BuildTarget'],'netcoreapp31'))

- task: DotNetCoreCLI@2
displayName: 'dotnet test (release) 3.1'
inputs:
command: test
projects: |
Tests/**/*Tests.csproj
arguments: '-v n -f netcoreapp3.1 --configuration release --no-build --no-restore --filter "TestCategory!=IgnoreInAutomatedBuild&TestCategory!=FunctionalTests" --collect:"Code Coverage" --settings $(Build.SourcesDirectory)\CodeCoverage.runsettings'
condition: and(succeeded(), eq(variables['BuildConfiguration'],'Release-Windows'), eq(variables['BuildTarget'],'netcoreapp31'))
version: 6.x
condition: and(succeeded(), eq(variables['BuildConfiguration'],'Release-Windows'), eq(variables['BuildTarget'],'net6'))

- task: DotNetCoreCLI@2
displayName: 'dotnet test (release) 6.0'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -45,10 +45,6 @@
"description": "The target framework for the project.",
"datatype": "choice",
"choices": [
{
"choice": "netcoreapp3.1",
"description": "Target netcoreapp3.1"
},
{
"choice": "net6.0",
"description": "Target net6.0"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,10 +44,6 @@
"description": "The target framework for the project.",
"datatype": "choice",
"choices": [
{
"choice": "netcoreapp3.1",
"description": "Target netcoreapp3.1"
},
{
"choice": "net6.0",
"description": "Target net6.0"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,10 +44,6 @@
"description": "The target framework for the project.",
"datatype": "choice",
"choices": [
{
"choice": "netcoreapp3.1",
"description": "Target netcoreapp3.1"
},
{
"choice": "net6.0",
"description": "Target net6.0"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
<PackageReference Include="System.Text.Json" Version="8.0.3" />
<PackageReference Include="System.Text.Json" Version="8.0.4" />
</ItemGroup>

<ItemGroup>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@
</ItemGroup>

<ItemGroup>
<!-- Force System.Text.Json to a safe version. -->
<PackageReference Include="System.Text.Json" Version="8.0.4" />
<PackageReference Include="Microsoft.Extensions.Configuration" Version="3.1.22" />
<PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="3.1.22" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@
</ItemGroup>

<ItemGroup>
<!-- Force System.Text.Json to a safe version. -->
<PackageReference Include="System.Text.Json" Version="8.0.4" />
<PackageReference Include="Microsoft.Bot.Configuration" Condition=" '$(ReleasePackageVersion)' == '' " Version="$(LocalPackageVersion)" />
<PackageReference Include="Microsoft.Bot.Configuration" Condition=" '$(ReleasePackageVersion)' != '' " Version="$(ReleasePackageVersion)" />
<PackageReference Include="Microsoft.Bot.Builder.Dialogs.Declarative" Condition=" '$(ReleasePackageVersion)' == '' " Version="$(LocalPackageVersion)" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
using System.Net;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Storage;
using Azure.Storage.Blobs;
using Azure.Storage.Blobs.Models;
Expand Down Expand Up @@ -51,6 +52,22 @@ public BlobsTranscriptStore(string dataConnectionString, string containerName, J
{
}

/// <summary>
/// Initializes a new instance of the <see cref="BlobsTranscriptStore"/> class.
/// </summary>
/// <param name="blobServiceUri">A Uri referencing the blob container that includes the name of the account and the name of the container.</param>
/// <param name="tokenCredential">The token credential to authenticate to the Azure storage.</param>
/// <param name="containerName">Name of the Blob container where entities will be stored.</param>
/// <param name="jsonSerializer">If passing in a custom JsonSerializer, we recommend the following settings:
/// <para>jsonSerializer.TypeNameHandling = TypeNameHandling.None.</para>
/// <para>jsonSerializer.NullValueHandling = NullValueHandling.Include.</para>
/// <para>jsonSerializer.ContractResolver = new DefaultContractResolver().</para>
/// </param>
public BlobsTranscriptStore(Uri blobServiceUri, TokenCredential tokenCredential, string containerName, JsonSerializer jsonSerializer = null)
: this(blobServiceUri, tokenCredential, containerName, default, jsonSerializer)
{
}

/// <summary>
/// Initializes a new instance of the <see cref="BlobsTranscriptStore"/> class.
/// </summary>
Expand Down Expand Up @@ -99,6 +116,59 @@ public BlobsTranscriptStore(string dataConnectionString, string containerName, S
}, isThreadSafe: true);
}

/// <summary>
/// Initializes a new instance of the <see cref="BlobsTranscriptStore"/> class.
/// </summary>
/// <param name="blobServiceUri">A Uri referencing the blob container that includes the name of the account and the name of the container.</param>
/// <param name="tokenCredential">The token credential to authenticate to the Azure storage.</param>
/// <param name="containerName">Name of the Blob container where entities will be stored.</param>
/// <param name="storageTransferOptions">Used for providing options for parallel transfers <see cref="StorageTransferOptions"/>.</param>
/// <param name="jsonSerializer">If passing in a custom JsonSerializer, we recommend the following settings:
/// <para>jsonSerializer.TypeNameHandling = TypeNameHandling.None.</para>
/// <para>jsonSerializer.NullValueHandling = NullValueHandling.Include.</para>
/// <para>jsonSerializer.ContractResolver = new DefaultContractResolver().</para>
/// </param>
public BlobsTranscriptStore(Uri blobServiceUri, TokenCredential tokenCredential, string containerName, StorageTransferOptions storageTransferOptions, JsonSerializer jsonSerializer = null)
{
if (blobServiceUri == null)
{
throw new ArgumentNullException(nameof(blobServiceUri));
}

if (tokenCredential == null)
{
throw new ArgumentNullException(nameof(tokenCredential));
}

if (string.IsNullOrEmpty(containerName))
{
throw new ArgumentNullException(nameof(containerName));
}

_storageTransferOptions = storageTransferOptions;

_jsonSerializer = jsonSerializer ?? JsonSerializer.Create(new JsonSerializerSettings
{
NullValueHandling = NullValueHandling.Ignore,
Formatting = Formatting.Indented,
MaxDepth = null,
});

// Triggers a check for the existance of the container
_containerClient = new Lazy<BlobContainerClient>(
() =>
{
var containerClient = new BlobContainerClient(blobServiceUri, tokenCredential);
if (!_checkedContainers.Contains(containerName))
{
containerClient.CreateIfNotExistsAsync().Wait();
_checkedContainers.Add(containerName);
}

return containerClient;
}, isThreadSafe: true);
}

/// <summary>
/// Initializes a new instance of the <see cref="BlobsTranscriptStore"/> class.
/// </summary>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,8 @@
</PropertyGroup>

<ItemGroup>
<!-- Force System.Text.Encodings.Web to a safe version. -->
<PackageReference Include="System.Text.Json" Version="4.7.2" />
<PackageReference Include="System.Text.Encodings.Web" Version="5.0.1" />
<!-- Force System.Text.Json to a safe version. -->
<PackageReference Include="System.Text.Json" Version="8.0.4" />
<PackageReference Include="Azure.Storage.Blobs" Version="12.13.0" />
<PackageReference Include="Microsoft.Rest.ClientRuntime" Version="2.3.24" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ public AzureQueueStorage(string queuesStorageConnectionString, string queueName,

_jsonSettings = jsonSerializerSettings ?? new JsonSerializerSettings
{
TypeNameHandling = TypeNameHandling.None,
TypeNameHandling = TypeNameHandling.None, // CODEQL [cs/unsafe-type-name-handling] We use None to prevent any type information from being serialized, ensuring that no arbitrary types are deserialized, which mitigates security risks.
NullValueHandling = NullValueHandling.Ignore,
MaxDepth = null
};
Expand All @@ -67,7 +67,7 @@ internal AzureQueueStorage(QueueClient queueClient, JsonSerializerSettings jsonS
_queueClient = queueClient;
_jsonSettings = jsonSerializerSettings ?? new JsonSerializerSettings
{
TypeNameHandling = TypeNameHandling.None,
TypeNameHandling = TypeNameHandling.None, // CODEQL [cs/unsafe-type-name-handling] We use None to prevent any type information from being serialized, ensuring that no arbitrary types are deserialized, which mitigates security risks.
NullValueHandling = NullValueHandling.Ignore
};
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@


<ItemGroup>
<!-- Force System.Text.Json to a safe version. -->
<PackageReference Include="System.Text.Json" Version="8.0.4" />
<PackageReference Include="Microsoft.Rest.ClientRuntime" Version="2.3.24" />
<PackageReference Include="Azure.Storage.Queues" Version="12.11.0" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,9 @@

<ItemGroup>
<PackageReference Include="Microsoft.Rest.ClientRuntime" Version="2.3.24" />
<PackageReference Include="Microsoft.Azure.Cosmos" Version="3.40.0" />
<!-- Force Microsoft.Bcl.AsyncInterfaces to a newer version. Since Microsoft.Azure.Cosmos has 1.1.1 version, which causes MSB3277 warnings. -->
<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
<PackageReference Include="Microsoft.Azure.Cosmos" Version="3.41.0" />
<PackageReference Include="Microsoft.Azure.Storage.Blob" Version="9.4.2" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
<PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
</PropertyGroup>

<PropertyGroup>
<TargetFrameworks>netstandard2.0;netcoreapp3.1;net6.0;net8.0</TargetFrameworks>
<TargetFrameworks>netstandard2.0;net6.0;net8.0</TargetFrameworks>
<PackageId>Microsoft.Bot.Builder.Dialogs.Adaptive.Runtime</PackageId>
<Description>Library for building Adaptive Runtime bots using the Bot Framework SDK</Description>
<Summary>Library for building Adaptive Runtime bots using the Bot Framework SDK</Summary>
Expand All @@ -22,11 +22,6 @@
<DebugSymbols>true</DebugSymbols>
</PropertyGroup>

<!--It is necessary to separate these conditionals in order to avoid nuget restore errors with netcoreapp3.1.-->
<ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp3.1'">
<FrameworkReference Include="Microsoft.AspNetCore.App" />
</ItemGroup>

<ItemGroup Condition="'$(TargetFramework)' == 'net6.0'">
<FrameworkReference Include="Microsoft.AspNetCore.App" />
</ItemGroup>
Expand All @@ -36,7 +31,6 @@
</ItemGroup>

<ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.0'">
<PackageReference Include="System.Text.Encodings.Web" Version="8.0.0" />
<PackageReference Include="Microsoft.AspNetCore.Hosting.Abstractions" Version="2.1.1" />
<PackageReference Include="Microsoft.AspNetCore.Mvc.Formatters.Json" Version="2.1.0" />
<PackageReference Include="Microsoft.AspNetCore.Mvc.Core" Version="2.1.0" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@
</ItemGroup>

<ItemGroup>
<!-- Force System.Text.Json to a safe version. -->
<PackageReference Include="System.Text.Json" Version="8.0.4" />
<PackageReference Include="Microsoft.Bot.Builder.Dialogs.Declarative" Condition=" '$(ReleasePackageVersion)' == '' " Version="$(LocalPackageVersion)" />
<PackageReference Include="Microsoft.Bot.Builder.Dialogs.Declarative" Condition=" '$(ReleasePackageVersion)' != '' " Version="$(ReleasePackageVersion)" />
<PackageReference Include="Microsoft.Bot.Builder.LanguageGeneration" Condition=" '$(ReleasePackageVersion)' == '' " Version="$(LocalPackageVersion)" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@
</ItemGroup>

<ItemGroup>
<!-- Force System.Formats.Asn1 to a safe version. -->
<PackageReference Include="System.Formats.Asn1" Version="8.0.1" />
<PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="3.1.22" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
<PackageReference Include="NuGet.Packaging" Version="5.11.6" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,6 @@
<PackageReference Include="Microsoft.Extensions.Logging" Version="2.1.0" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
<PackageReference Include="System.IO.Pipelines" Version="5.0.1" />
<PackageReference Include="System.Text.Json" Version="4.7.2" />
<!-- Force System.Text.Encodings.Web to a safe version. -->
<PackageReference Include="System.Text.Encodings.Web" Version="5.0.1" />
</ItemGroup>

<ItemGroup>
Expand Down
Loading

0 comments on commit d6827f9

Please sign in to comment.