Update Microsoft.Security.Utilities.Core from v1.17.0 to v1.18.0 #5224
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nguerrera
force-pushed
the
users/nguerrera/msuc-v1.18
branch
from
a537821 to
d0bcce1
Compare
merlynomsft
approved these changes
May 29, 2025
merlynomsft
reviewed
May 30, 2025
merlynomsft
approved these changes
May 30, 2025
nguerrera
commented
Jun 5, 2025
merlynomsft
approved these changes
Jun 5, 2025
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
tarunramsinghani
approved these changes
Jun 9, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
Update Microsoft.Security.Utilities.Core to latest to get secret masking improvements.
Description
Update Microsoft.Security.Utilities.Core from v1.17.0 to v1.18.0
Release Notes: https://github.com/microsoft/security-utilities/blob/release/v1.18.0/docs/ReleaseHistory.md
This release includes many new granular secret masking rules and significant performance enhancements. Benchmarks show a net speedup.
It also improves the case where a literal secret value is added to the masker that also matches a rule. In this case, redaction will use
***instead of the rule-basedSECNNN/NNN:ID. A new agent test is also added in this change to verify this behavior.The update required some refactoring to absorb the removal of
SecretMasker.Clone. The agent secret masker no longer implements the serverISecretMaskerinterface that has aClonemethod. There was only one place where the agent masker was passed to serverISecretMaskerinterface, but this was deemed to be unnecessary as we also pass anITracethat handles secret masking. We therefore now passnullin this case with a detailed comment explaining why this is correct. A new test is added to verify that masking is still performed in this code path.There is also some minor refactoring in tests to provide a shared
TestHostContext.GetTraceContentmethod. A handful of tests with duplicated code are refactored to use this and a new test takes advantage of it.Finally,
TestHostContextis updated to use the non-legacyOssSecretMasker.Risk Assessment (Low / Medium / High)
Medium. Some refactoring was needed to take this update.
Unit Tests Added or Updated (Yes / No)
Yes.
Additional Testing Performed
Configured locally built agent to run in agent pool for a non-production org. Ran with and without AZP_ENABLE_NEW_MASKER_AND_REGEXES and tested with user secret variable and secret matching a rule from the library. User secrets were redacted with *** in both cases and rule-based secrets were SECNNN/NNN:ID redacted when new masker was enabled.