Component governance fix and build scan error fix (#264)

Author: yao-msft

Tools/PowershellModule/src/Library/Find-WinGetManifest.ps1

@@ -79,7 +79,7 @@ Function Find-WinGetManifest
 
         $FunctionAppId   = $FunctionApp.Id
         $DefaultHostName = $FunctionApp.DefaultHostName
-        
+
         $TriggerName    = "ManifestSearchPost"
         $ApiContentType = "application/json"
         $ApiMethod      = "Post"
@@ -95,21 +95,35 @@ Function Find-WinGetManifest
     PROCESS
     {
         Write-Verbose -Message "Invoking the REST API call."
-        
+
+        ## Internal scan does not recognize ternary oprator, use if else here
+        if ($Exact) {
+            $QueryMatchType = "Exact"
+        }
+        else {
+            $QueryMatchType = "Substring"
+        }
         $RequestBody = @{
             Query = @{
                 KeyWord = $Query
-                MatchType = $Exact ? "Exact" : "Substring"
+                MatchType = $QueryMatchType
             }
             Filters = @()
         }
 
+        ## Internal scan does not recognize ternary oprator, use if else here
+        if ($Exact) {
+            $FilterMatchType = "Exact"
+        }
+        else {
+            $FilterMatchType = "CaseInsensitive"
+        }
         if (![string]::IsNullOrWhiteSpace($PackageIdentifier)) {
             $RequestBody.Filters += @{
                 PackageMatchField = "PackageIdentifier"
                 RequestMatch = @{
                     KeyWord = $PackageIdentifier
-                    MatchType = $Exact ? "Exact" : "CaseInsensitive"
+                    MatchType = $FilterMatchType
                 }
             }
         }
@@ -118,7 +132,7 @@ Function Find-WinGetManifest
                 PackageMatchField = "PackageName"
                 RequestMatch = @{
                     KeyWord = $PackageName
-                    MatchType = $Exact ? "Exact" : "CaseInsensitive"
+                    MatchType = $FilterMatchType
                 }
             }
         }
@@ -131,7 +145,7 @@ Function Find-WinGetManifest
             if ($ContinuationToken) {
                 $ApiHeader["ContinuationToken"] = $ContinuationToken
             }
-            
+
             $Response = Invoke-RestMethod $AzFunctionURL -Headers $ApiHeader -Method $ApiMethod -Body $RequestBodyJson -ContentType $ApiContentType -ErrorVariable ErrorInvoke
 
             if ($ErrorInvoke) {
@@ -164,7 +178,7 @@ Function Find-WinGetManifest
                     $Return += $ManifestInfo
                 }
             }
-     
+
             $ContinuationToken = $Response.ContinuationToken
         } while (![string]::IsNullOrWhiteSpace($ContinuationToken))
     }

Tools/PowershellModule/src/Library/New-ARMObjects.ps1

@@ -65,6 +65,20 @@ Function New-ARMObjects
         return $true
     }
 
+    function Get-SecureString
+    {
+        param(
+            [string] $InputString
+        )
+
+        $Result = New-Object SecureString
+        foreach ($char in $InputString.ToCharArray()) {
+            $Result.AppendChar($char)
+        }
+
+        return $Result
+    }
+
     ## TODO: Consider multiple instances of same Azure Resource in the future
     ## Azure resource names retrieved from the Parameter files.
     $StorageAccountName   = $ARMObjects.Where({$_.ObjectType -eq "StorageAccount"}).Parameters.Parameters.storageAccountName.value
@@ -93,15 +107,15 @@ Function New-ARMObjects
 
         ## Pre ARM deployment operations
         if ($Object.ObjectType -eq "Function") {
-            $CosmosAccountEndpointValue = $(Get-AzCosmosDBAccount -Name $CosmosAccountName -ResourceGroupName $ResourceGroup).DocumentEndpoint | ConvertTo-SecureString -AsPlainText -Force
+            $CosmosAccountEndpointValue = Get-SecureString($(Get-AzCosmosDBAccount -Name $CosmosAccountName -ResourceGroupName $ResourceGroup).DocumentEndpoint)
             Write-Verbose "Creating Keyvault Secret for Azure CosmosDB endpoint."
             $Result = Set-AzKeyVaultSecret -VaultName $KeyVaultName -Name $CosmosAccountEndpointKeyName -SecretValue $CosmosAccountEndpointValue -ErrorVariable ErrorSet
             if ($ErrorSet) {
                 Write-Error "Failed to set keyvault secret. Name: $CosmosAccountEndpointKeyName Error: $ErrorSet"
                 return $false
             }
 
-            $AppConfigEndpointValue = $(Get-AzAppConfigurationStore -Name $AppConfigName -ResourceGroupName $ResourceGroup).Endpoint | ConvertTo-SecureString -AsPlainText -Force
+            $AppConfigEndpointValue = Get-SecureString($(Get-AzAppConfigurationStore -Name $AppConfigName -ResourceGroupName $ResourceGroup).Endpoint)
             Write-Verbose "Creating Keyvault Secret for Azure App Config endpoint."
             $Result = Set-AzKeyVaultSecret -VaultName $KeyVaultName -Name $AppConfigPrimaryEndpointName -SecretValue $AppConfigEndpointValue -ErrorVariable ErrorSet
             if ($ErrorSet) {
@@ -210,7 +224,7 @@ Function New-ARMObjects
             }
 
             Write-Information -MessageData "Add Function App host key to keyvault."
-            $Result = Set-AzKeyVaultSecret -VaultName $KeyVaultName -Name $AzureFunctionHostKeyName -SecretValue ($NewFunctionKeyValue | ConvertTo-SecureString -AsPlainText -Force) -ErrorVariable ErrorSet
+            $Result = Set-AzKeyVaultSecret -VaultName $KeyVaultName -Name $AzureFunctionHostKeyName -SecretValue (Get-SecureString($NewFunctionKeyValue)) -ErrorVariable ErrorSet
             if ($ErrorSet) {
                 Write-Error "Failed to set keyvault secret. Name: $AzureFunctionHostKeyName Error: $ErrorSet"
                 return $false

Tools/PowershellModule/src/Library/New-ARMParameterObjects.ps1

@@ -261,7 +261,7 @@ Function New-ARMParameterObjects
                 Parameters = @{
                     name            = @{ value = $KeyVaultName }
                     location        = @{ value = $Region }
-                    sku             = @{ value = $KeyVaultSKU}
+                    sku             = @{ value = $KeyVaultSKU }
                     accessPolicies  = @{
                         value = @(
                             @{
@@ -505,4 +505,4 @@ Function New-ARMParameterObjects
 
     ## Returns the completed object.
     return $ARMObjects
-}
+}

pipelines/templates/binSkim.yml

@@ -1,6 +1,6 @@
 # Template helper to copy PowerShell scripts and all dependencies
 parameters:
- helperLibsPath: '$(Build.SourcesDirectory)\src\WinGet.RestSource.PowershellSupport\bin\$(BuildConfiguration)\netcoreapp3.1'
+ powershellSupportPath: '$(Build.SourcesDirectory)\src\WinGet.RestSource.PowershellSupport\bin\$(BuildConfiguration)\net8.0'
  templatesPath: '$(Build.SourcesDirectory)\src\WinGet.RestSource.Infrastructure\bin\$(BuildConfiguration)\Templates'
 
 steps:
@@ -13,26 +13,31 @@ steps:
     OverWrite: true
 
 # Publish Helper Libs - win-x86
-- task: DotNetCoreCLI@2
-  displayName: 'Package Helper Libs: Portable'
+- task: CopyFiles@2
+  displayName: 'Copy Files: WinGet.RestSource.PowershellSupport'
   inputs:
-    command: publish
-    publishWebProjects: false
-    projects: '$(Build.SourcesDirectory)\src\WinGet.RestSource.PowershellSupport\WinGet.RestSource.PowershellSupport.csproj'
-    arguments: '--configuration $(BuildConfiguration) --output $(Build.ArtifactStagingDirectory)\Winget.PowerShell.Source\Library --no-restore'
-    zipAfterPublish: false
+    SourceFolder: ${{ parameters.powershellSupportPath }}
+    Contents: |
+      Microsoft.Extensions.Logging.Abstractions.dll
+      Microsoft.WinGet.PowershellSupport.dll
+      Microsoft.WinGet.RestSource.Utils.dll
+      WinGetUtilInterop.dll
+      YamlDotNet.dll
+      runtimes\**\native\WinGetUtil.dll
+    TargetFolder: '$(Build.ArtifactStagingDirectory)\Winget.PowerShell.Source\Library\WinGet.RestSource.PowershellSupport'
+    OverWrite: true
 
 - task: CopyFiles@2
   displayName: 'Copy Files: Arm Templates'
   inputs:
     Contents: ${{ parameters.templatesPath }}\**\*.json
-    TargetFolder: '$(Build.ArtifactStagingDirectory)\Winget.PowerShell.Source\Library\ARMTemplate'
+    TargetFolder: '$(Build.ArtifactStagingDirectory)\Winget.PowerShell.Source\Data\ARMTemplates'
     OverWrite: true
     flattenFolders: true
 
 - task: CopyFiles@2
   displayName: 'Copy Files: azure function'
   inputs:
     SourceFolder: '$(Build.ArtifactStagingDirectory)\WinGet.RestSource.Functions'
-    TargetFolder: '$(Build.ArtifactStagingDirectory)\Winget.PowerShell.Source\Library\RestAPI'
+    TargetFolder: '$(Build.ArtifactStagingDirectory)\Winget.PowerShell.Source\Data'
     OverWrite: true

pipelines/templates/compliance.yml

@@ -1,4 +1,4 @@
-# Template helper to package projects (using DotNetCoreCLI Publish Command)
+# Template helper to publish projects (using DotNetCoreCLI Publish Command)
 parameters:
   name: ''
   projects: ''
@@ -7,7 +7,7 @@ parameters:
 
 steps:
 - task: DotNetCoreCLI@2
-  displayName: 'Package Azure Function: WinGet.RestSource-${{ parameters.name }}'
+  displayName: 'Publish: WinGet.RestSource-${{ parameters.name }}'
   inputs:
     command: publish
     publishWebProjects: false

pipelines/templates/copy-and-publish-powershell.yml

@@ -39,15 +39,15 @@ steps:
     source: '$(Build.SourcesDirectory)\scripts\Release'
 
 # Publish Rest Function App
-- template: package.yml@self
+- template: publish.yml@self
   parameters:
     name: WinGet.RestSource.Functions
     projects: '$(Build.SourcesDirectory)\src\WinGet.RestSource.Functions\WinGet.RestSource.Functions.csproj'
     buildconfig: '$(BuildConfiguration)'
     zipAfterPublish: True
 
 # Publish Rest Function App
-- template: package.yml@self
+- template: publish.yml@self
   parameters:
     name: WinGet.RestSource.IntegrationTest
     projects: '$(Build.SourcesDirectory)\src\WinGet.RestSource.IntegrationTest\WinGet.RestSource.IntegrationTest.csproj'