diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml
index acbac80bda7..d1386873c5c 100644
--- a/build-tools/automation/azure-pipelines.yaml
+++ b/build-tools/automation/azure-pipelines.yaml
@@ -1435,54 +1435,26 @@ stages:
packageFilter: '*.nupkg;*.msi;*.pkg;*.vsix'
GitHub.Token: $(GitHub.Token)
-- stage: tenets
- dependsOn: []
- displayName: Tenets
- jobs:
- # Check - "Xamarin.Android (Tenets Code Analysis)"
- - job: run_static_analysis
- displayName: Code Analysis
- pool:
- vmImage: $(HostedWinImage)
- timeoutInMinutes: 60
- cancelTimeoutInMinutes: 5
- steps:
- - checkout: self
- submodules: recursive
-
- - template: security\credscan\v2.yml@yaml-templates
- parameters:
- suppressionsFile: $(System.DefaultWorkingDirectory)\build-tools\automation\CredScanSuppressions.json
-
- - template: security\policheck\v1.yml@yaml-templates
- parameters:
- exclusionFile: $(System.DefaultWorkingDirectory)\build-tools\automation\PoliCheckExclusions.xml
- pE: 1|2|3|4
- rulesDBPath: $(System.DefaultWorkingDirectory)\build-tools\automation\policheck-rules-db.mdb
-
- - task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3
- displayName: Run AntiMalware (Defender) Scan
- inputs:
- FileDirPath: $(System.DefaultWorkingDirectory)
- EnableServices: true
- condition: succeededOrFailed()
-
- - task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@1
- displayName: Create Security Analysis Report
- inputs:
- CredScan: true
- PoliCheck: true
- condition: succeededOrFailed()
-
- - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
- displayName: Publish Security Analysis Logs
- inputs:
- ArtifactName: CodeAnalysisLogs
- condition: succeededOrFailed()
-
- - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1
- displayName: Fail Job if Security Issues are Detected
- inputs:
- CredScan: true
- PoliCheck: true
- condition: succeededOrFailed()
+# Check - "Xamarin.Android (Compliance)"
+- template: security/full/v0.yml@yaml-templates
+ parameters:
+ stageDependsOn: []
+ credScanSuppressionFile: $(Build.SourcesDirectory)\build-tools\automation\guardian\CredScanSuppressions.json
+ sourceGdnSuppressionFile: $(Build.SourcesDirectory)\build-tools\automation\guardian\source.gdnsuppress
+ tsaConfigFile: $(Build.SourcesDirectory)\build-tools\automation\guardian\tsaoptions-v2.json
+ policheckLocScanEnabled: true
+ policheckExclusionFilesFolder: $(Build.SourcesDirectory)\build-tools\automation\guardian
+ policheckGdnSuppressionFilesFolder: $(Build.SourcesDirectory)\build-tools\automation\guardian
+ policheckChsScanFolder: $(Build.SourcesDirectory)\Localize\loc\zh-Hans
+ policheckChtScanFolder: $(Build.SourcesDirectory)\Localize\loc\zh-Hant
+ policheckCsyScanFolder: $(Build.SourcesDirectory)\Localize\loc\cs
+ policheckDeuScanFolder: $(Build.SourcesDirectory)\Localize\loc\de
+ policheckEsnScanFolder: $(Build.SourcesDirectory)\Localize\loc\es
+ policheckFraScanFolder: $(Build.SourcesDirectory)\Localize\loc\fr
+ policheckItaScanFolder: $(Build.SourcesDirectory)\Localize\loc\it
+ policheckJpnScanFolder: $(Build.SourcesDirectory)\Localize\loc\ja
+ policheckKorScanFolder: $(Build.SourcesDirectory)\Localize\loc\ko
+ policheckPlkScanFolder: $(Build.SourcesDirectory)\Localize\loc\pl
+ policheckPtbScanFolder: $(Build.SourcesDirectory)\Localize\loc\pt-BR
+ policheckRusScanFolder: $(Build.SourcesDirectory)\Localize\loc\ru
+ policheckTrkScanFolder: $(Build.SourcesDirectory)\Localize\loc\tr
diff --git a/build-tools/automation/guardian/CHT.gdnsuppress b/build-tools/automation/guardian/CHT.gdnsuppress
new file mode 100644
index 00000000000..4396a9a378a
--- /dev/null
+++ b/build-tools/automation/guardian/CHT.gdnsuppress
@@ -0,0 +1,26 @@
+{
+ "version": "latest",
+ "suppressionSets": {
+ "default": {
+ "name": "default",
+ "createdDate": "2023-02-24 00:05:39Z",
+ "lastUpdatedDate": "2023-02-24 00:05:39Z"
+ }
+ },
+ "results": {
+ "04910d714a13bf4523ffa77350f654f52114fa4fa3d760c9f63186d41716c019": {
+ "signature": "04910d714a13bf4523ffa77350f654f52114fa4fa3d760c9f63186d41716c019",
+ "alternativeSignatures": [],
+ "target": "Localize/loc/zh-Hant/src/Xamarin.Android.Build.Tasks/Properties/Resources.resx.lcl",
+ "memberOf": [
+ "default"
+ ],
+ "tool": "policheck",
+ "ruleId": "64550",
+ "justification": "Reference to the Android package format APK.",
+ "createdDate": "2023-02-24 00:05:39Z",
+ "expirationDate": null,
+ "type": null
+ }
+ }
+}
diff --git a/build-tools/automation/CredScanSuppressions.json b/build-tools/automation/guardian/CredScanSuppressions.json
similarity index 100%
rename from build-tools/automation/CredScanSuppressions.json
rename to build-tools/automation/guardian/CredScanSuppressions.json
diff --git a/build-tools/automation/PoliCheckExclusions.xml b/build-tools/automation/guardian/PoliCheck.Exclusions.xml
similarity index 51%
rename from build-tools/automation/PoliCheckExclusions.xml
rename to build-tools/automation/guardian/PoliCheck.Exclusions.xml
index 4ec72dc9b23..3df47bb4a1a 100644
--- a/build-tools/automation/PoliCheckExclusions.xml
+++ b/build-tools/automation/guardian/PoliCheck.Exclusions.xml
@@ -1,10 +1,13 @@
- NREFACTORY
+ LICENSE-DATA|NREFACTORY|LOCALIZE
- REMAINING-INT-CONSTS.TXT|TAIWANCALENDAR.XML|XAMARIN-ANDROID-SDK-9.XML|SQLITE3.C|MAP.CSV
+ REMAINING-INT-CONSTS.TXT|TAIWANCALENDAR.XML|XAMARIN-ANDROID-SDK-9.XML|SQLITE3.C|MAP.CSV|METHODMAP.EXT.CSV|EXTERNALWHITELIST.CSV|SYMBOLARCHIVEWHITELIST.CSV|POLICHECK.EXCLUSIONS.xml
+|API-10.PARAMS.TXT|API-15.PARAMS.TXT|API-16.PARAMS.TXT|API-17.PARAMS.TXT|API-18.PARAMS.TXT|API-19.PARAMS.TXT|API-20.PARAMS.TXT|API-21.PARAMS.TXT|API-22.PARAMS.TXT|API-23.PARAMS.TXT|API-24.PARAMS.TXT
+|API-25.PARAMS.TXT|API-26.PARAMS.TXT|API-27.PARAMS.TXT|API-28.PARAMS.TXT|API-29.PARAMS.TXT|API-30.PARAMS.TXT|API-31.PARAMS.TXT|API-32.PARAMS.TXT|API-33.PARAMS.TXT
+
diff --git a/build-tools/automation/guardian/source.gdnsuppress b/build-tools/automation/guardian/source.gdnsuppress
new file mode 100644
index 00000000000..98123d3e81c
--- /dev/null
+++ b/build-tools/automation/guardian/source.gdnsuppress
@@ -0,0 +1,236 @@
+{
+ "version": "latest",
+ "suppressionSets": {
+ "default": {
+ "name": "default",
+ "createdDate": "2023-02-22 23:55:29Z",
+ "lastUpdatedDate": "2023-02-22 23:55:29Z"
+ }
+ },
+ "results": {
+ "5a0a8690d8a06dfdbf6002c67fa64a60a94f3fc77a594034cce20382e88002aa": {
+ "signature": "5a0a8690d8a06dfdbf6002c67fa64a60a94f3fc77a594034cce20382e88002aa",
+ "alternativeSignatures": [],
+ "target": "src/Xamarin.Android.Build.Tasks/Xamarin.Android.Build.Tasks.csproj",
+ "memberOf": [
+ "default"
+ ],
+ "tool": "policheck",
+ "ruleId": "79459",
+ "justification": "Reference to an external source file.",
+ "createdDate": "2023-02-22 23:55:29Z",
+ "expirationDate": null,
+ "type": null
+ },
+ "1b319055b8e507b220d0dab341e67e20f49632fd1844a08a4fcc6d4493930ac5": {
+ "signature": "1b319055b8e507b220d0dab341e67e20f49632fd1844a08a4fcc6d4493930ac5",
+ "alternativeSignatures": [],
+ "target": "src/Xamarin.Android.Build.Tasks/Xamarin.Android.Build.Tasks.csproj",
+ "memberOf": [
+ "default"
+ ],
+ "tool": "policheck",
+ "ruleId": "79459",
+ "justification": "Reference to an external source file.",
+ "createdDate": "2023-02-22 23:55:29Z",
+ "expirationDate": null,
+ "type": null
+ },
+ "6789cab1bdc97b0cc3ad057b7fdd21d63cdf8bc2679391923803fa240ef81292": {
+ "signature": "6789cab1bdc97b0cc3ad057b7fdd21d63cdf8bc2679391923803fa240ef81292",
+ "alternativeSignatures": [],
+ "target": "Documentation/guides/building-apps/build-properties.md",
+ "memberOf": [
+ "default"
+ ],
+ "tool": "policheck",
+ "ruleId": "185843",
+ "justification": "Reference to an ISCII term.",
+ "createdDate": "2023-02-22 23:55:29Z",
+ "expirationDate": null,
+ "type": null
+ },
+ "bbaf5f946cb72748567e41f0df5f1bae05550f4ba7381e21ec6b26d6c3ecec9f": {
+ "signature": "bbaf5f946cb72748567e41f0df5f1bae05550f4ba7381e21ec6b26d6c3ecec9f",
+ "alternativeSignatures": [],
+ "target": "Documentation/guides/building-apps/build-properties.md",
+ "memberOf": [
+ "default"
+ ],
+ "tool": "policheck",
+ "ruleId": "185837",
+ "justification": "Reference to an ISCII term.",
+ "createdDate": "2023-02-22 23:55:29Z",
+ "expirationDate": null,
+ "type": null
+ },
+ "db8916a0f0cdca4082c540921dd362e09a9ff413862ab826308411b76ee35789": {
+ "signature": "db8916a0f0cdca4082c540921dd362e09a9ff413862ab826308411b76ee35789",
+ "alternativeSignatures": [],
+ "target": "src/Mono.Android/Android.Util/Log.cs",
+ "memberOf": [
+ "default"
+ ],
+ "tool": "policheck",
+ "ruleId": "80418",
+ "justification": "Reference to an Android logging function.",
+ "createdDate": "2023-02-22 23:55:29Z",
+ "expirationDate": null,
+ "type": null
+ },
+ "58fab4dfef38677720e955e546a6af108332c65daafb0d043ad9d93442300a30": {
+ "signature": "58fab4dfef38677720e955e546a6af108332c65daafb0d043ad9d93442300a30",
+ "alternativeSignatures": [],
+ "target": "src/Mono.Android/Android.Util/Log.cs",
+ "memberOf": [
+ "default"
+ ],
+ "tool": "policheck",
+ "ruleId": "80418",
+ "justification": "Reference to an Android logging function.",
+ "createdDate": "2023-02-22 23:55:29Z",
+ "expirationDate": null,
+ "type": null
+ },
+ "b07e75fc8a506b94690dbd06877da06c1228e40e7deda3967f6b882b842f726d": {
+ "signature": "b07e75fc8a506b94690dbd06877da06c1228e40e7deda3967f6b882b842f726d",
+ "alternativeSignatures": [],
+ "target": "src/Mono.Android/Android.Util/Log.cs",
+ "memberOf": [
+ "default"
+ ],
+ "tool": "policheck",
+ "ruleId": "80418",
+ "justification": "Reference to an Android logging function.",
+ "createdDate": "2023-02-22 23:55:29Z",
+ "expirationDate": null,
+ "type": null
+ },
+ "87d8313310c2dd42021844b95bdcb9121bf10036fea5b212b945e0732a456e5a": {
+ "signature": "87d8313310c2dd42021844b95bdcb9121bf10036fea5b212b945e0732a456e5a",
+ "alternativeSignatures": [],
+ "target": "src/Mono.Android/Android.Util/Log.cs",
+ "memberOf": [
+ "default"
+ ],
+ "tool": "policheck",
+ "ruleId": "80418",
+ "justification": "Reference to an Android logging function.",
+ "createdDate": "2023-02-22 23:55:29Z",
+ "expirationDate": null,
+ "type": null
+ },
+ "8e5400e0233c8d887ad48bd8a48e8a7be5a579f9eefad521419b6df0828bbfac": {
+ "signature": "8e5400e0233c8d887ad48bd8a48e8a7be5a579f9eefad521419b6df0828bbfac",
+ "alternativeSignatures": [],
+ "target": "src/Mono.Android/Android.Util/Log.cs",
+ "memberOf": [
+ "default"
+ ],
+ "tool": "policheck",
+ "ruleId": "80418",
+ "justification": "Reference to an Android logging function.",
+ "createdDate": "2023-02-22 23:55:29Z",
+ "expirationDate": null,
+ "type": null
+ },
+ "06af52be6b6f87455b1db2eb6e631e783f1dacaf607c9b5f34cdee669992c8b5": {
+ "signature": "06af52be6b6f87455b1db2eb6e631e783f1dacaf607c9b5f34cdee669992c8b5",
+ "alternativeSignatures": [],
+ "target": "src/Mono.Android/Android.Util/Log.cs",
+ "memberOf": [
+ "default"
+ ],
+ "tool": "policheck",
+ "ruleId": "80418",
+ "justification": "Reference to an Android logging function.",
+ "createdDate": "2023-02-22 23:55:29Z",
+ "expirationDate": null,
+ "type": null
+ },
+ "a2b4d032c59a9d1211d218c3cd550cf8febb369941d70284d07d03ebee855bc0": {
+ "signature": "a2b4d032c59a9d1211d218c3cd550cf8febb369941d70284d07d03ebee855bc0",
+ "alternativeSignatures": [],
+ "target": "src/monodroid/jni/logger.cc",
+ "memberOf": [
+ "default"
+ ],
+ "tool": "policheck",
+ "ruleId": "79668",
+ "justification": "Reference to find first set bit function.",
+ "createdDate": "2023-02-22 23:55:29Z",
+ "expirationDate": null,
+ "type": null
+ },
+ "1c87b45a6044d205dc3f3562f349c238f7cabe22b4609da762df9dc44151e9fb": {
+ "signature": "1c87b45a6044d205dc3f3562f349c238f7cabe22b4609da762df9dc44151e9fb",
+ "alternativeSignatures": [],
+ "target": "src/monodroid/jni/logger.cc",
+ "memberOf": [
+ "default"
+ ],
+ "tool": "policheck",
+ "ruleId": "79668",
+ "justification": "Reference to find first set bit function.",
+ "createdDate": "2023-02-22 23:55:29Z",
+ "expirationDate": null,
+ "type": null
+ },
+ "a6639098c4785509a4215c9e2fc10f82c06fce461915dc11a00227ddec558845": {
+ "signature": "a6639098c4785509a4215c9e2fc10f82c06fce461915dc11a00227ddec558845",
+ "alternativeSignatures": [],
+ "target": "src/monodroid/jni/logger.cc",
+ "memberOf": [
+ "default"
+ ],
+ "tool": "policheck",
+ "ruleId": "79668",
+ "justification": "Reference to find first set bit function.",
+ "createdDate": "2023-02-22 23:55:29Z",
+ "expirationDate": null,
+ "type": null
+ },
+ "d6b3df0b1d35cb4acec6a954acc145c9ec22041cd463b94ff080682c65a9bd62": {
+ "signature": "d6b3df0b1d35cb4acec6a954acc145c9ec22041cd463b94ff080682c65a9bd62",
+ "alternativeSignatures": [],
+ "target": "src/monodroid/jni/logger.cc",
+ "memberOf": [
+ "default"
+ ],
+ "tool": "policheck",
+ "ruleId": "79668",
+ "justification": "Reference to find first set bit function.",
+ "createdDate": "2023-02-22 23:55:29Z",
+ "expirationDate": null,
+ "type": null
+ },
+ "b34b42aa41018376a31460c142f2ae910704725d9e9a4470f92b587df682369b": {
+ "signature": "b34b42aa41018376a31460c142f2ae910704725d9e9a4470f92b587df682369b",
+ "alternativeSignatures": [],
+ "target": "src/Xamarin.Android.Build.Tasks/Tasks/Aapt2.cs",
+ "memberOf": [
+ "default"
+ ],
+ "tool": "policheck",
+ "ruleId": "80411",
+ "justification": "Reference to output from an external tool.",
+ "createdDate": "2023-02-22 23:55:29Z",
+ "expirationDate": null,
+ "type": null
+ },
+ "75474fa652dbbf8f96826100a5fe37ba686a032ca07d61ef68a79c8e4412c150": {
+ "signature": "75474fa652dbbf8f96826100a5fe37ba686a032ca07d61ef68a79c8e4412c150",
+ "alternativeSignatures": [],
+ "target": "src/Xamarin.Android.Build.Tasks/Linker/MonoDroid.Tuner/Linker.cs",
+ "memberOf": [
+ "default"
+ ],
+ "tool": "policheck",
+ "ruleId": "79459",
+ "justification": "Reference to an external source file.",
+ "createdDate": "2023-02-22 23:55:29Z",
+ "expirationDate": null,
+ "type": null
+ }
+ }
+}
diff --git a/build-tools/automation/guardian/tsaoptions-v2.json b/build-tools/automation/guardian/tsaoptions-v2.json
new file mode 100644
index 00000000000..21ad8c31a7d
--- /dev/null
+++ b/build-tools/automation/guardian/tsaoptions-v2.json
@@ -0,0 +1,11 @@
+{
+ "codebaseName": "xamarin.android_main",
+ "notificationAliases": [
+ "dotnet-android-eng@microsoft.com"
+ ],
+ "instanceUrl": "https://devdiv.visualstudio.com/",
+ "projectName": "DevDiv",
+ "areaPath": "DevDiv\\VS Client - Runtime SDKs\\Android",
+ "iterationPath": "DevDiv",
+ "allTools": true
+}
diff --git a/build-tools/automation/policheck-rules-db.mdb b/build-tools/automation/policheck-rules-db.mdb
deleted file mode 100644
index 02956d95da1..00000000000
Binary files a/build-tools/automation/policheck-rules-db.mdb and /dev/null differ
diff --git a/src/Xamarin.Android.Tools.Aidl/BindingDatabase.cs b/src/Xamarin.Android.Tools.Aidl/BindingDatabase.cs
index 0be93e2c2e0..ac4fd818a73 100644
--- a/src/Xamarin.Android.Tools.Aidl/BindingDatabase.cs
+++ b/src/Xamarin.Android.Tools.Aidl/BindingDatabase.cs
@@ -9,22 +9,22 @@ public class BindingDatabase
{
Dictionary nsmap;
Dictionary regs;
- List asses = new List ();
+ List assems = new List ();
public BindingDatabase (IEnumerable assemblies, Func resolveAssembly)
{
- foreach (var assfile in assemblies) {
- var ass = resolveAssembly (assfile);
- if (ass == null)
+ foreach (var assemfile in assemblies) {
+ var assem = resolveAssembly (assemfile);
+ if (assem == null)
throw new InvalidOperationException ("Failed to resolve specified assembly");
- asses.Add (ass);
+ assems.Add (assem);
}
Initialize (assemblies, resolveAssembly);
}
- public BindingDatabase (IEnumerable asses)
+ public BindingDatabase (IEnumerable assems)
{
- this.asses.AddRange (asses);
+ this.assems.AddRange (assems);
Initialize (null, null);
}
@@ -43,17 +43,17 @@ void Initialize (IEnumerable assemblies, Func
var r = new Dictionary ();
regs = r;
- foreach (var ass in asses) {
- if (!ass.CustomAttributes.Any (a => a.AttributeType.FullName != "Android.Runtime.NamespaceMappingAttribute"))
+ foreach (var assem in assems) {
+ if (!assem.CustomAttributes.Any (a => a.AttributeType.FullName != "Android.Runtime.NamespaceMappingAttribute"))
continue; // irrelevant assembly.
- foreach (var att in ass.CustomAttributes) {
+ foreach (var att in assem.CustomAttributes) {
if (att.AttributeType.FullName != "Android.Runtime.NamespaceMappingAttribute")
continue;
string java = (string) att.Properties.First (p => p.Name == "Java").Argument.Value;
string cs = (string) att.Properties.First (p => p.Name == "Managed").Argument.Value;
d [java] = cs;
}
- foreach (var md in ass.Modules)
+ foreach (var md in assem.Modules)
foreach (var td in md.Types.Where (t => t.IsPublic || t.IsNestedPublic))
foreach (var att in td.CustomAttributes.Where (a => a.AttributeType.FullName == "Android.Runtime.RegisterAttribute"))
r [((string) att.ConstructorArguments [0].Value).Replace ('/', '.').Replace ('$', '.')] = td.FullName;