From af2cfcb08ffee21febeacb7f32d1d88028b76284 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Tue, 21 Feb 2023 17:28:59 -0500 Subject: [PATCH 1/9] [ci] Use compliance stage template --- build-tools/automation/azure-pipelines.yaml | 58 +++------------------ 1 file changed, 7 insertions(+), 51 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index acbac80bda7..da35a0af92a 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -1435,54 +1435,10 @@ stages: packageFilter: '*.nupkg;*.msi;*.pkg;*.vsix' GitHub.Token: $(GitHub.Token) -- stage: tenets - dependsOn: [] - displayName: Tenets - jobs: - # Check - "Xamarin.Android (Tenets Code Analysis)" - - job: run_static_analysis - displayName: Code Analysis - pool: - vmImage: $(HostedWinImage) - timeoutInMinutes: 60 - cancelTimeoutInMinutes: 5 - steps: - - checkout: self - submodules: recursive - - - template: security\credscan\v2.yml@yaml-templates - parameters: - suppressionsFile: $(System.DefaultWorkingDirectory)\build-tools\automation\CredScanSuppressions.json - - - template: security\policheck\v1.yml@yaml-templates - parameters: - exclusionFile: $(System.DefaultWorkingDirectory)\build-tools\automation\PoliCheckExclusions.xml - pE: 1|2|3|4 - rulesDBPath: $(System.DefaultWorkingDirectory)\build-tools\automation\policheck-rules-db.mdb - - - task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3 - displayName: Run AntiMalware (Defender) Scan - inputs: - FileDirPath: $(System.DefaultWorkingDirectory) - EnableServices: true - condition: succeededOrFailed() - - - task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@1 - displayName: Create Security Analysis Report - inputs: - CredScan: true - PoliCheck: true - condition: succeededOrFailed() - - - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2 - displayName: Publish Security Analysis Logs - inputs: - ArtifactName: CodeAnalysisLogs - condition: succeededOrFailed() - - - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1 - displayName: Fail Job if Security Issues are Detected - inputs: - CredScan: true - PoliCheck: true - condition: succeededOrFailed() +# Check - "Xamarin.Android (Compliance)" +- template: security/full/v0.yml@yaml-templates + parameters: + stageDependsOn: [] + credScanSuppressionFile: $(System.DefaultWorkingDirectory)\build-tools\automation\CredScanSuppressions.json + policheckExclusionFile: $(System.DefaultWorkingDirectory)\build-tools\automation\PoliCheckExclusions.xml + policheckOptionsRulesDBPath: $(System.DefaultWorkingDirectory)\build-tools\automation\policheck-rules-db.mdb From 05fb8ec6769a734bd55fd5d74de685460749eabb Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Wed, 22 Feb 2023 18:41:06 -0500 Subject: [PATCH 2/9] Update policheck exclusions --- build-tools/automation/PoliCheckExclusions.xml | 7 +++++-- build-tools/automation/azure-pipelines.yaml | 3 +-- build-tools/automation/policheck-rules-db.mdb | Bin 393216 -> 0 bytes 3 files changed, 6 insertions(+), 4 deletions(-) delete mode 100644 build-tools/automation/policheck-rules-db.mdb diff --git a/build-tools/automation/PoliCheckExclusions.xml b/build-tools/automation/PoliCheckExclusions.xml index 4ec72dc9b23..cadc65fa037 100644 --- a/build-tools/automation/PoliCheckExclusions.xml +++ b/build-tools/automation/PoliCheckExclusions.xml @@ -1,10 +1,13 @@ - NREFACTORY + LICENSE_DATA|NREFACTORY - REMAINING-INT-CONSTS.TXT|TAIWANCALENDAR.XML|XAMARIN-ANDROID-SDK-9.XML|SQLITE3.C|MAP.CSV + REMAINING-INT-CONSTS.TXT|TAIWANCALENDAR.XML|XAMARIN-ANDROID-SDK-9.XML|SQLITE3.C|MAP.CSV|METHODMAP.EXT.CSV|EXTERNALWHITELIST.CSV|SYMBOLARCHIVEWHITELIST.CSV +|API-10.PARAMS.TXT|API-15.PARAMS.TXT|API-16.PARAMS.TXT|API-17.PARAMS.TXT|API-18.PARAMS.TXT|API-19.PARAMS.TXT|API-20.PARAMS.TXT|API-21.PARAMS.TXT|API-22.PARAMS.TXT|API-23.PARAMS.TXT|API-24.PARAMS.TXT +|API-25.PARAMS.TXT|API-26.PARAMS.TXT|API-27.PARAMS.TXT|API-28.PARAMS.TXT|API-29.PARAMS.TXT|API-30.PARAMS.TXT|API-31.PARAMS.TXT|API-32.PARAMS.TXT|API-33.PARAMS.TXT + diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index da35a0af92a..66aa1155fa0 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -14,7 +14,7 @@ resources: - repository: yaml-templates type: github name: xamarin/yaml-templates - ref: refs/heads/main + ref: refs/heads/dev/pjc/xa-sec-onboard endpoint: xamarin - repository: sdk-insertions type: github @@ -1441,4 +1441,3 @@ stages: stageDependsOn: [] credScanSuppressionFile: $(System.DefaultWorkingDirectory)\build-tools\automation\CredScanSuppressions.json policheckExclusionFile: $(System.DefaultWorkingDirectory)\build-tools\automation\PoliCheckExclusions.xml - policheckOptionsRulesDBPath: $(System.DefaultWorkingDirectory)\build-tools\automation\policheck-rules-db.mdb diff --git a/build-tools/automation/policheck-rules-db.mdb b/build-tools/automation/policheck-rules-db.mdb deleted file mode 100644 index 02956d95da1c30db3126364b14f92131cffa60d2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 393216 zcmeI531D1Rz5mahnQW6}lBT5%rL;p^$|5NWe+zwk>(z-uRn;+}2E7_a4SxBx&{u!)^?wk+&?ZbDhoc(`4-@oQaok&vCM5`UFf)*H2OTY6`jt*i8Thrxp$> zJTry~&uW6h_JLIjrVL)jL^2rS8Bmt#?cEV?av@k<94K=Rxcss{;T z9GaaA$v$<^%A-YgJcH%%3DxB!*S-;n@;_%YK8;`?g z#oG{2b*dN1>roNat_D=Gs#mSJwyHK9QJ7A1Od@dEkKeR)n{HHns>3n$t47rY{WkcV z4t=lo(TU$Zsu||p@aa=4;ohfKtKEp5=LWSGVfMqmSpRNUw>qANX=RO3_b&AC?I!+Yj#uZ?3+rj4HnRDZ4$HIQo2Pv6ou%XR;OxawsB&@6!%?gPI2Z9y1vnSt2q-_!`8ZIf zaL&PDCnuf;(Fg${AOwVf5D)@FKnMr{A#fZJ@L2yCU^ZIN?qI9qGAB>EWx{r(qt>%& zZa2?qRRX6|aZt^+FLrwz%_jUzZmwGC8lPRd{mnY|(HdgIW0FRbh9)N=AOwVf5D)@FKnMr{As_^VfDkzP2zadD6*5(Y z7@2lAcG>u@ddD1n(0)C}+cAJiV;(1=r99nf|I?bvL;s0JyFJFtE(1O0pOt1ZfF703 zM!@bKgDi|nJ45@)7CCUJ2hkJb*k)eAK}%cs;*$Xq7Nhquq>jgXFjiiIK86AOv0tGL z!_f9{HwUTv^dNH-gWH{YKsh%)+?_g*?T-&shcS7;49%9O>7C#}c0YP4*pJ~1BfCbQ zoe}3)EY}`SJ{gEP8G-70eRkh8xK0{Io;$2BWO&Z9)C`1KibHxYG*CGS0U;m+gn$qb z0zyCt2mv7=1ddMv9_xt$=Bx};_1#TLyB(j%Gur=IX#aCUKaZJcFP?%U6Qx_=>E;D! z3rbyZH~%>uUt1(v`DV7d)BI-#f$byF%6FRoCa4q(_8g@3kv*(a!s$t{^TlZliJ$_Q zQP7Tde;4`$x-p&Hj|t`d=po?jg87R&VdV42&EykXnJ`49!uLD8G_v_5l4?1t`ZilqzQ{hLK zog_b4$dJ~xZ8#f#bbnLakLfhh1uoHlq0>M+-fP`Ulg3Uv;wi;$JghUPh#ZI#0zyCt z2mv7=1cZPP5CTF#2pqcvEbCIUlo<>8DgQ5A^lIRtKwIF{z>9@<7B&~=6@I7Sx`HJI z|DFHY{GIs=^8ej`pZ{WiiT|m*oAc`O4(5I-cOduN+~4Lr7!T*zr6DO70zyCt2mv8* z)DZ|yM2dk3c}#vfT$xtK=<2EOt`@b2*z`mfuxR!9ZHgh4#iV?KNC`H zCnS*c>3cIw&xDkvn?G=vF;7S!hnWWPe*6=to`@_SW*|Omb^gfJG+y);MqlyK5Tq^_ zmmw|3%)=|9=H~>w`=}2>4=45-0RF%Md)q_@QtUXJkdF{VAZknk*S!Z$u4`GqE8}g_eoInJ*K5sE#dUrDE+VM%Y>6V?lciN0PR$sQZ$%%D( zs^zXNcA{svEgUjg3A46UTh?w_wN*zj+im>zt*hGBZtU#n-P*LOd+o-K&PyH7Gt;}W z(|AgH%kB<$T4xP&WZPcaVh3_+!rtx8moVPmyEdMl?1b^~Tb*NDcCR(%q|`Qe``S)| z)!9CoMxN_zrdO=m-O<~v%>%YMdAF?ACSKcQXYZCRt2%dI+P1z!8yDHey*t--wya%$ zY1>)~DNzBbJ;r?M#eonI0zyCt2mv7=1cZPPNKe3L<#FkMTIKQO76+?`APap&Oj)H4gPxo~ z@pVJCcONzMo<$A4XH!G(In)$EGliOI(3DU!9h#}sltMF&nwij?M9nN{W>W)Ml7Z>e z%!g(MHD^InN=+FwCsR`e%}i>RLURf=)zHkMW;rx=D;FBwiNKudP7Nm2bKUKVDu5rN zgn$qb0zyCt2mv7=1cZPP5CSI{0iX4nf27vX$j$yydIZL8b%Ft(G(^0Bz~8={^YS?gN_W?gMIc_W{aMcnW<{Q(`nzjb<7(=qw1I zWHi%_W`@y}QiFbk@X1Cq(`ZgHnpxDKV)G+osqp3HV25Qi+5nf<4XBf?y)S#y$e3sFiZ8UG827MplbBw0UXckg~ z-jMLQMiVlcFg55O36~qqBBQCG20bRra*Za>X#CWm4<&q_(Nr4E`P86SC0u1Ri;ZRp zHRxvvHyX`yqgg=>dS1dSjb@e6Ttp4}V#2G9rpaiUsaXoE7Duy88I46vH4^VJ8n4ml z9wqePEYm$o)aV{1YV7F-2+(xygzY&MFqy+i0xZ2jJzD@8J)eQMThA+@M$b5)M$agq zrr7BT3ZG^)bB$)65+wwLfDjM@LO=)z0U;m+j#mOcD;PjSNR$u|0zyCt2mv7=1cZPP z5CTF#2nYcoa2yk0`yZp7qJ)4D5CTF#2nYcoAOwVf5D)@FKnMtdSZ?aZoz2Em=-pe3YOOy~00uF&G6w*i0bVZh06U}bEYvC)^?;NzR ze%Lgr^=eQ>RkLbU-713Lt*TEg-Cv>9kQ0PzT31dffG{Xg7r{*gE>^2v)eg5^lqv{? zjT)f*%0i$XwL$IGe^rppm-wqxL6xs!)oKd&NN^JM@S3Z$W}NYIwYjDyYPVX0XnGK7 zi)vFlaBWuuYNe`2q7Ofrw<`XvO8Q%oNM?0BnI9{^#mi)x>&VGmuKK}d7Z`28)t%^x zNbvg<|28E3txF_$>0u>!A`*C`;$MBzUu`0Rkk#nictg@$Ga*`sqA-9WunlDURVQ>4 zk>tA-|28H4ZAc^;k|&)czvZvn{Vf|0RNwmdZ~fkL+V_0A}dlm{n!0vua2PX@h{(a?wKP;uyp^8S*qH) z$PRvt^g}SL6a0eEE*<8FE_?p^>Q`5^|q-VXXg#lP~TzfgiaBRDt*V3(B<$>$7<;M6}?KD_vY2de3PJ<3cs{#p^qAl^JZh^7}2Jb(zS z%p$^zDLTST8a8=}0XI0*yA)6~b+aC$*fVKf4Xjb8%C5eX zD{K3gQ)M%YP@|-(Ucd8NlS&CciMBbZti~-){kt%6Gq|oADaGfXd1%a)(VF*xeP{V{ zwcle=wO!w$s9G{KMzxE(ok0X^!Ie*`{mx!8l>98(znr?zx$7AOT7xRK0k>+&P;%X2 z|8i;&28a8eL2$|Mn=#XfFpCjzkta^}Uw`n=m!5ppuc~1aCtHuN)}{Mrc~td&=c~Ye z1e2d2=jo}o3q0#mJc#B-nJa@G?M9iGuKVh|fE@^<1Z;{~8;TYyR8p-_!~e$kOjmBR7kARbDnTC# zn{ZnhZp7_Ngqw#FYq|-1s(=b+SnQry zOvPfku~=6u_8+lWQ0q74Abn^{socH~cMa*x&=1nB-TfvO`ybm~EcQSw_DkEp7k*0M zCO7!nrt6daAfAu9;(?$4)PA~s@H3TuUi@U&E!s~a!}uA4qN$Hhs|}eM)tOCW$LEEI z%b#|dn*Vf+rlG;c=iIz7*MHV!)>3|y2D5CTF#2nYcoAOwVf5D)@FKnR>* z1S~67XtJEEzEZTiX!rNSMXv@P3bX}I)jb2oR<1%o2nYcoAOwVf5D)@FKnMr{A#juv zz`)<(s|g9@@RKnSAz)6^;VXME_wd7cvqP|~pA>O2B$cIp%Si>Ign$qb0zyCt2mv7= z1cZPP5CTF#2nc~=mVnopa(=L>vuE3`-XfI)gB&0B|C2`lF?&-b;X*(N2mv7=1cZPP z5CTF#2nYcoAOtcZAnpH*Fo`1}AOwVf5D)@FKnMr{As_^VfDjM@$20+t^*g=FzYs#^ z++yqEBI=Um|HX|@!g2u|ZZ$qRe?Q!)R6$(Qax+ABrb@VTr1fbbe~|6BF&2A&EcQ)X zPG2nc<5+BO7E*v<)V*D~)uT$@(-QPXl8)y^C_Wq_9nXC?MK1(|fDjM@LO=)z0U;m+ zgn$qb0>>2r%X)WQ%3pSp{J-NWo01tJAOwVf5D)@FKnMr{As_^VfDo8$0>O!ha6$r^ zh=d&TVR)=|z5M?! z=AWw?v0oi`{lxBq2+xZ{#^K|XMI!`+fDjM@LO=)z0U;m+gn$qb0zzP72w2wh@$rA3 z9{=a=e-jh7gdzllfDjM@LO=)z0U;m+gn$qb0z%-;C*YZgBuq#k)f17DLkz@YeNVUc zLm2Q+UH|_NfBuQ3%=&+y^5QSP{{Li*|Ko705$6K<8L;g$5Bny1s8v^OJZKfr!pot5 zm9W@|{TY)510*I1j36SwQWlaHi`^58Z87ozo{PnT&}Si$mm<1fKEE;dP(=hF;|Rrv zL#8IUZ@B1%fDjM@LO=)z0U;m+gn$qb0z%-}At3AjkDYrZDHQ@jKnMr{As_^VfDjM@ zLO=){TLdO#$b3QqIkvbRnbdl$?-nrRa_{i*f12-m>_f{c&w9DKIUfV{`536j_&v=} z!H7PNk<^HD0klP8E&yVM^6}3|AF$^F*cQ3QfMHVcw zTo%)e1*RORY?nnTEc6V899ZON3wwq_=%o(ZA{Ubva$OeB`2BWr^Eh$A71S&flphv; zmyeojJ20nVo!X^E9jsLKDKi{OR2?=z=ura@gs>N9x|j{KRuzTGdK^8_b;71o?bg>p zHBDU%KmDph+qXj3uC}Y0I;3vZt^Eun*_ApWF_s>J3E;Ls+-7C~ryV4G&}pt(t~Tniav#ne_}z>VbB=rm;<_f7 z^uflAUi*{>$)=K#T$_WOg@6zc0zyCt2mv7=1cZPP5CTHrL?Ga^f`OSQLPjNzLO=)z z0U;m+gn$qb0zyCt2mv7=1WsTA9xJbi*?%1e2jI;RzZw5GXqvHV8;ja$tgYtYih~3H z#>U(9#-`q{P3IQP?1cZPP5CTF#2nYcoAOwWKiAKP(PSx#y=G&{+ z|A*thPc#;iUm+j_gn$qb0zyCt2mv7=1cZPP5CX#qV4M1*MCGV&9&$=7>mo>+x0R(X zJLGWEc=Xsa1FDo7T3S8hfwO-#l`{u;#d>_D4_wat-#4bxGj<`s(toc0SE@uQzXbvM zAyuUos`GG#t=9uvj{Vc67y5PtH(k58r3?7si@OtSP;&#S8lJRzhuVj~B}so(Du}%d zV%3Rx1)N@xr)M_2<*(cQEgKJ1pK|MmPl`Q%pxO>4ao&L03T;}9e>5%}p;HU*uU6%1 z0pgEYQ3&GigxG;7(qhaKA&5>02mv7=1WrH#zUP%Hwx`e?&AI=bWm!Ke&b30tr+bES z=X>~mqyQei!R>dny?ct@3+QOhh@?#j2mv7=1cZPPa1r=$(Y-~M@*dIl|1;m8^2?8W zZsxzcqSe|9G1cH8+S_)!-L~bIMV@h349SAf)9fI=JZM~qgI^({jvWH)&@a-9^&Q+Y zkeeI!V++CYsOjiIGP%tk!(-_67ruV)e?4b$7sqP7r6q+|)?x+7p(||s81Et)@k{ql z8!KMw`?h7`cgJSOzXtj4RXeZ(r5y~$qozCYv%AdwthmDnJzrBbdi-wJ-{Un&xUbtNushR9eb*W4|y#g$n&ojHHwr$tE*%KKneVGV_t_ zivB!1aC!x$-_r>VpMqpJqy2(otpz+0M7Awx;q^^B|3zy7NB` zUAC`(S65_Xbn$c0tLQ*SZ&&2bEyZ{=YwBC-Yom`8D|Gf*)&+kh(F53B2$9o6vksY3maO`;Qt$i$!C#hV`*P~4On z0>lqlg#z7x^7xrd6Spk9PG}c_Tm~+gH=x9*IW1d<6e|08g6l;?ACM<+rYNw2R7f zu5+}N6?>ue`kGqXKaU5|x3YfO+^ec87FR4<)EF+SSyWzLRuQfbl`Rg}*Or~XsH(QA zw)XtR<>gh^pnh#`?T##)Yd_uixgyflSJ&G!5ZODxU_vn36zPw4_V(2EvUp5J`@g%d zb)d7YE3&A3+1y2ok^FMh^hiiu)AD6=%NxtA#U$x`$2*ap{ByB4}0s^pv}3hzqLEq*r~cA(cqbTt18u5o9lYJyL)@Q-n{GA z3`Dv&w|3m#ySY0$;Wb9Y2t60C0>XbrZgwjGi7foKr< z2?tkqw)MB3(?2+Lk+O>R{{Wv@Q}=tHeYV(>&+Qp_yn^`|M)AIQ)IoK&0xWeEzN`3G zj-vu^gGN;b-IJ~F=ZiL$@NeF_G^YP^tkL|#kye|X_snv{UkkQ` zuuYmE5u#4NkJdXTcI#xb^R_x4--+}|(+0&~^=dW#=E0;B@8Mnep6^mY*tX(VC)zkc zr=<}@tbO?F(x#MbVb2Un{`M}3=cNMf8}V1C7DE>Ti}UbnG5*Ssf)I{c=;(&5NGgP1 zbQw~MU>efL`RW>^Z86dr!j(rIX1kCD`yIC7%uO+vMid1U-ze;wbP8!7#eq8x`xacc zYV!zOxPOIJrS`KPao6E*A#7J8ZS&HG!&YCrjwgyx>6a;E_-*lCkRbeb;y2Tl+AH+c zv}I)x!mtT2_ii2U<>d71Q(WyJNBApPYWC zZ+^zk|M2+TCganOr=KZZ{45cvWg^wg{%xNtP$v1zRG?&*yfT)&V18rn`Clh*F3D1*lV159kdQ)`{1V^ zzLM+O%*x^6_Oq-?gku?na_Uua)kC#1NQC;(A5<| zPJWk7{yQj>`Uam*sHfcT=!;QmD4nWT?a}XLyQP0I-jx@lrm4U)z%Nhp;Yt4kc!#$k z48DOIQ1{f}dt?CqyY;=dzc<`$&W=C-i5ie!U*V*8DDC*gQHC1MofGr5QHgt8j`(Vj zCf1xxNjNDdBY$lqKmQ}woOa#^P=30R?^d1b&Co|3eK}%GgXgO;|${)XJG$~)Bg8aZxovO|1eEb9$#*8Fv&!I z9BTxw8`3EbDr)f3JWXp*0Oo29+Ub>AgI4?b$6DSby+S|;2mv7=1cZPP5CTF#2nYco zkU0U5wVt!?)PraeCgk@grahUEnzJ#8o~>u{>9JkRZm{$W2jgJms}}!nTXTTdp2+;n z*L*6U5n6iimKJ8#2>QWk;n4;Oi#eWR<)?*Lry^nDxnRF-;nPz95*8QS=2&FunTH9B z+vXg!xZ^+vW*x4^s4mBIccI^LTGANha+r0(O|oe-TzA85u`|Bf2R+9f29@6x5_d8{ z-eR!}ux>IIn-h!OmZJB9-U7I}ZI0)HTQnW|!43;PdQ0!e2R~;xey)%E@s8>z3w}7) zk@47m+_yPC+~D(}bHFYF)aW1V?4uzjP*B-7#ko%@b~erVY5AGa3BxJbmEoD{3cF1> z~G>1cZPP5CTF#2nYcoAOwU!h6F5Y1!ufymF>v?e>Lz>pe=4{Y~?Bh zgn$qb0zyCt2mv7=1cZPP5CTFVGXi>0F*Bzlx*8hMW*ipP<8XVNJM~$?!2IJpkCHth zAOwVf5D)@FKnMr{As_^VfDjM@CprOX|DWh3K=LmHgn$qb0zyCt2mv7=1cZPP5CSIx z0croA2zOcXC4`m~%rZ1aeXMYM7|HTo2pe`Y&4pDn15t}MM%oX7F-J>{{*%R%g$wy=Fb79K?O zZO|h2y0L*WJ>*^Ofhd(yRf#tO}mZD z0_ec1dh@@_XlUX=vO`E)40>A@0P`JJFplwu&!_X1e(k>PB<@EvLO=)z0U;m+gn$qb z0zyCt2mv7=1deh7mUU{8Nut+T|8IWFRR{;RR{Olg?BIq-cVAcQKqR;+(jV>Y?TH;cZ{gyF=V4PjRjRTv?LLR{|4jQoH8&#vFO|r# z_uG;GckZ#5a!Iie5CTF#2nYcoAOwVf5D)@FKnP4E0n6HoW&O5Vqh2f8UDRH*rf6Bw z*+riZJP>$yU|+x+_^-mB6+T}0&xO^6WrZ^fKUQ#i!8HXt3f{>7W&Tt7U(T<~59Obl z@6Z3Uf5_kMf17`~|Czk6<$WUW{dvK>!o2^@y&<~~}rW&btnH(C8zS7xowdd~N4-$lME-|4$e*_ul`WzrF9L zcUAo8%Y8Gx^~u<63re17Kk1yyBe(4P*nd9s;=RB4!p|Bmd$DHTYj1SlF}UrA&mCC& zu7aZNuiv_;y1)PR=O4ZN+V?*F#!u#T-*)n^A60kV`Y-2RySnp+^G+5~)lqf{&N*sG|Vh4-di8Dr%oH!G$D{K9tc)xZ$e7!nlvdT^O2HR zEa}lSMw49nO|-7kKYMuMjL{?~&P3}<+)O4exl%Jmlbkpctt)Y*!xLwWCOL5?T36zx z4^Nyin&iZpXkCe8osn`|jnO10&P3}<9Opl#B+eL3a^g(1uEb%(sUglfb$x1(u)^nDqmydO0O}Ro(YpAeGDuCYF>!oJF7`d`wj3zk?CfaxwEbD1&^`@HDus}`xb7WD}@k8M8uj~3rXNZCgQxz@h zv~0xzNKf3W22}L;$$Z8+LA@F81FKX0AkhjE5fxN#hh)hJOa`IvgapbUq*6w}s8emz zzji|xQF}6u=~!?`8b&44*ouM`d^^F@wcE$0)aLoOx79n)1F8G{A9rRDzj`oq&->C1vnE{o z;Fp~RTcO{D`!j$$X?GS(*Ih1MFztq~#NA0YXS{a!rAh8r=(|aq9^7lj&<>Ms#L|Tl z(S@sBqDqIwP8aOXC|2umX4gh1;$WGX1-G3jKYiN&ppK9EWeM!k<+uyiUUYQ44en{W z8rL3lg0NHtP{Ny30}i`f&vt&V*KXL6(xcO4?B}bEFzJMu?VcS_-H4lM;get!&Q;6d zj@y9z9(RO&tW0(CLp2bVcifeA!^~O{GbKiUZ zM6h}?-_J(dLj7Rxoi&$!KaRYp^ z8>AWOw$+U<41VzX7iLsH`1OC-{LQ_ex;UM$M&zptK6TPPT%_eGRaRaRZpX=Mzx?~^ znu9BEc~`~Eo6dOU2kcL>_)wyNx+CL5$>Pek1NAJfRAiBDL$N$L(8MrjsUR2aiV%TW zIFtn=uOCL;Sovi~`&<9p3+{UA_Li^Cc;oB-Pk-&|8xfR+yQx&JGO0CD-hPUHa?(a= zhtG)enTSM0yjgg}?7LP7jhBuB&{!r7wON-v+Vu|?t^CXb?_B!Nul~W}lUK`e0eSL{ zf+uel>MYh8e19bBzID1ji=fs>XUhW1j^qNT4DtEzN2yBGXRI&nx-p8UkhN>#IixSU zlacY2;Q8-??Jnq9r$*IIgj5Gz!bb_-u&n+1;bsG_+u-Unl(~^>j03vH_({CRSkd&I zFFd~Rj;6crzP#;QuYcve^gF072$uffKsEJL!)uH>+d|!R&5qwMcm})YC3nm_(WPAQe8#&E5>}`Xl53dM z1Wi&6lgg$aNwoB&G2TUP>BQ1umlnHf`{kJvThAowlk}xEv$8zWSHS3H{BXVz5^ulc zuY$w*TFC5~8||ASljm{bzB|%A+5D!S{BMzYDfJ1rEYok@ENWgseUhzSiq|LqzR!Q{ z!Jj@?^Tj7xqbqI<{u7_e(y2{LfAZXcYU-(yOTQU(`(W#=2KCG-jsNuO`~Kf=tAD?l zwL)rW$v*jgWUG_zeBq|gyuYaV@AjYG_12re`?InAIv!IlBiAVWve4fwx%g&DO%^|F zEPPt9F)=)e{EWzReYyBuUoQHifu9QeFyPli!Ib!yO9_nhm&;WB;gznb}l%r94afY7wj_zgawPSPaJcPhhk z0^n|QL&(_%cpX3h5xg90^h<5Ke%aZTAwPlHpc{k>Dm$QQ%s<@sJ1^ahc)iVp8NUzL zz&DdqhmUY3VW%nwK#w{bFH0tpAL>yYTM;W8iF~ozBUXu*xz7p)IMqy)5D)@FKnMr{ zAs_^VfDjM@LO=)z0U>bw60ody=bQ2WJoTykPd$gE(ZMs8u5Z%4Q=L03Xu*2ZYl-a}Fnpr79J&$F${dye> zJCHeUd#$cB?5=5a>ifo?L6qs78_vbaW`I!C=eqRl*~jhC^Kwe`>;M_f%WO1nqDSn; z8h;yoCee|ZDRd=^hHHLM^5|U9;^5unRK0v=Oc7NXA zvhhGQ^;Dbir1WFx#GZ*{n?2nB$^9RBP_6n*@CNVw_pDN^A5+6hjK&2oX}RSaABwHG zY3rwded$LBf0530ax5G0boC)#TfH#j!jo$c+_~b8tFLd|w(MsmWBYH$08zJU(UD!$@!H z&0DF{i(x!eV=N-+QpPgOd0cull(VCl@zgTM_tZbYrOb{x8s;UAKKr9CrB>oYr0*~a zHVOi2C6D@Re9pjQ1D${R+{pzkxBc$D8>?FiUPEb6bG|e5z~T=csHUFE%px+g1=?oZ zSRCGXLG|swd|~0W>a$VS5vk!AKZ&`D-@W0BKPW!0e)Ypo|DpD8%icXOnlBx#Dqr-w zgTGq)+2vpCd&|lVe|@`^&PO8#qB-{}y+VP{WR_BD;+fIJghV?6K0Ajx2hue)(ab+g z&0DvQvIOV!Q!nqwrw^0Bsh7OL!>3-d_QH{F!e#0WyU~?DbE7iJ-{DNSOuhY}*y&DG_IcbvK6Qb&HNLI8_8h;aBsKsXOe1Iiet1L0tqXFQxw%Lx|6IHurW*_w)j z!iP9xWIB!+I5>6YWE_+=g~_)1g?lQlyg74l1aX{(V=j()IOgM6h+_ecGjMR0%2_y= zo^%KEE9&qF)a#a4Ytp(6uEN-sVR;OqUT~)Xw`;gE<<4APE>_|Tk26u%>o3LjaX$n6 z&KfKJ|N7X^|7q)ek6PyHihe@0W5quqk&F_^;l$60T!*9Z&d~KA>j2gTX_a%|ADF$h zR@Z|rN42Q=dhv~as0#D{$F6@<0%u)fjJ$fCNI%Z(UuZSP8DC3KdybcX8A4|rNmYk7 zP82b7y~uJsy=@nsgv{Rr_~OUhKfCT_I&`3^C-dBytIOVB=)Y`5Z*(Bouy-KR(-G+p zuI$;`dwHRM!HSTr!pp8&RJEwQzOo`zR@b;VR2B}`HI`L1R4ghBg=#`|i^Jhi=)9V1 zmTszTSQ_^ga)ki>6C)|5MzYDwobN9lRGIlmc13@l9XP#$x1XmI8omXS-Hi4Nj+L*t z3H8???pnQ5l1KBAZ09aJNqW9??TmHwc17;oQjAw~O?^v!ZS;|1<-tmO>jJpQ#k)Jn zTa2q_l1=Pi)8Qu;EA_Cr&h&V-8^m!Xnwzz#{jbE-%XL`MunM(t9lpymRWtGY@teU! znTbF4wY|&_45$wDNc7vqIQL7Z$&rn4L`HKOJsQNgMwj z)B@vE(+(m3XCn%J^HI6ky_x#GNXrltq>9mDkZtubkw|5>uco~{5{-I&n`&$Rd;m{@ z@8Zs$aOJnIb+n7hbFOo=l@)uT_4=Ax+dq$o#78fcpPJ|B&i^!Y*}nc=U6GB^#m_;n zq64EnTeI{NGh06~LH)$o&sM4F0D}p^$l27auD83db)d7Y zE3&A3+1y2o5o|eXV>qa5S`L?sL&#ZeLrsnQfNlMn+GTUY<>63meQjmk`L*ZU2W*zt z!J;<2xVEA$Tw7OH&ZA<{+(K*L=Y}j@=Xq7=Y>(&mJk>WXdxcl+_o$9nu#_}g%^I>( zoTcXDi@w@3%|i9C>{FiUIi4NXwA}2HJWt8cZyx*Og+5i_S>?aLk_4f?ryl2SD_tjes;jH>_sI1EJ*4Na8LY4L9XExMS zSoL9V{ThsvZR>CC4mM(WV10tx5t-#L(}Hgj@}iUyQ4#%^6>s``#|UJ$R#RR-#XA5Y-v+FBJBgwVEIB74zBKO>u>F!J~*^OSw;JwMq_Epe($r- z7JKs5+$US_W#cQBhu02|SFn=TDBc&33R-6?z*1MCKaYRqI4V#}H>xtnB$TA9b4(Mq zwm^RZB8-E;0OtwikEq^`k zF;}l~9qwl5{bH`?Bi^uM+MxKW9xHEGBNZIAiQ;RBtMfQA!?kgo^3V7<%|D2@R3H8l zs}=0NZ2Mb@)IMBvFXTshC#C&AD}Glhkgi7j)q!OV*q33oc_Z|Tp$p@87q*o*}g z>ye5&{4Ip-YNT>r+C>)b75zcvrc$Rd2tO#~xW`;45`_Ow{ASsqXgRm~Dn|2$m)}Lm zW1@t*b(xi4R1YbnxQ?txS2TN2a!^_5FEWlQc7t;{Ojr|{iirNXaHS2oX6_qw`QoZf zmh{A85_e8!$M1RKiQ>~39+nf{_cBNxu-zr!^GcNXa>Q4IXOK@KQxe8CvwJ@BljzRx zX5@f5-Hg0M9ep`sN#r?Q+2Nh0G=SY;hMElNwA)0<_c{t2JI$lrb&g&Y<3(BG!RkmH z)1fcLbtVq`#cF@6@oc|44)^QBa^EUP|Ln8&7mj5O|4=^M_{9Hs2$&^X6J5rzHVj`K z=u*cuxxCq_V?mHIHl90mWZcUAKQdg8l~9v=J>-`V5CTF#2nd0RA;4aHr~U7-F60Qc z`Z8Jsm!hwkT?0Jg4Frr;TR56?&}&Nx5RTPiTyapDJ{Uj!+v3#NIfHLZC=5nhK3Zhs z&+fIcEuOjpPHAB)`Y=CyN(ZGU%IJO`+eZ$B=xQHXdf+_~$Ckf$g7WILBrNWJ#If+` z)Fdn(!G?ax(|7#nSg>c9M3IM;Xb|S=sj{3jTdXB5u!F^je+#0)9D#egLC>xmcLSeu zymB!tU{C0~L3iF`+$|>-dn6XSI~F@9MehN~CBSgb-H+tlqH!d+;3vOYXzIhHAzpOq zY$N^_B?N?k5D)@FKnMr{As_^VfDjM@LSSqHmUU`e{GV5SrD%6iIR1NV-{L|D2mv7= z1cZPP5CTF#2nYcoAOwWK2|$43=!dVkGW@XBp$6i!vI12j#O{F*CQ-*Wf$N6!gpGPd z4dzkQThw66M!h|$;@Hleq+SRJ0U;m+gn$qb0zyCt2mv7=1TrPyu|7^Ib!r`&gPe8F z!G9hj%>QSjQ8yeRPe;qtah&6#m01grcFMnA9l%IZr{l*h>_9SD3jjHH>DL0BbN5(l z0bq}4lGg&bXaCQ3iIz$gwauCRsjCC#Ce8g1#^?P9UEvfbxnU^7*A!&1P5{s^MA{SU z1n39ij#JhXxYrqY;peT6pCMfByBuG}kyu+0x6>M)5_Y;UWX46-CB*rOMhFN2As_^V zfDjM@LO=)z0U>Zy5wNW1_4HA$R3%jsBLswi5D)@FKnMr{As_^VfDjM@ zLSWnkhQ{q9jfd(qX5%*sj^E30ABP%Fg!*v5duO$2nYcoAOwVf5D)@FKnMtd2_)dt`+&y|7O5rs3$Q<*r69R{79yb0 z;!AdK-+TXi{`S6~-c|9VFZa#()+b}PEhu@S{iJg)kKD5FWB>Wki}(KG3qNbP?8TaS zuf5TI$KbXfK6ha8y9$c7zkchY>i+)MpMUi7Yv23y8$X%XecQ>uepKCc>%W|P?dr}O z&O7ae4}Ese)xYSS+k48Ht*`f`M!PhTlI2LrA91)6N23i8LFzrO*%(nc2pDKYJW`MZ!qis8_fFu z1`n;U6r#aP4Ynn2@KJ;184X#~U}-@^HZ>3e(U3z;9yGbsU@PQ?JZkcx@l#U(O+Gc~ zENUpA26IRn3aPaAOwVf5D)@FKnMr{As__CCg8Dtspt2XqTxo-eB4KX2bzJlnhHIR z<{S(N=V;k~aH&)cjB!x8w;nLw4pIJJ7RRAoviU|93^?Rdex}z;S@td;=iKcG2DEe* z5@P=De#8+BIF|gsfJ<&4CH3X1m8xC!s-9tz|HdWN@9tRaoV0TKJiu6sJUo(f&fT}* zs#IL6--v#^@Kfjb8KM_`?+9PtfQ00}xSiJUl(5rIQ*&!eHxwy;abBVk0zyCt2mv7= z1cZPP5CTF#2plH_ME>7#aw8=hLO=)z0U;m+gn$qb0zyCt2mv9Gp1_1mN#;&+hpnm) zI|Kx9sDb#b+Y3kXYnJ`T*Z=DgQ={Ae)adp0LV7LEiBJKZ4y!R575D)@FKnMr{As_^VfDjM@LcmSH zvRaF(90RZVY0<}vc1at}4M_AtKnMr{As_^VfDjM@LO=)z0U;m+4wXQT7Ft)QcB!Zu zfM~gH?!%_d7~*U-Q%%=@CD@J41F3u4Y{7f9q_DmXs#UeAE){`yEsPIlbG5eswr0zA zJYAEcg~4IeRbMHkuLQfY`SqW16tS$6;`{#wc}D;*@PU` zF}C~Gj;A}D&Wsi$YEw2n!~IHsN+sM0#7 zL*tlN77MDhj%jHe8;2t}wk%I!HSM5^Q`-L@2~p1F?$S_!?t_uzJaBVWB0u3w2s*~ zz`58AnR=trI%ZppJq~otroT~X9n-;CIOv#7f1}bmri1x7GIGqmf!U5@>WxYpGW!PD zm%)%t3!NU)I;I15PtdVxp+lSAF&&uh3DZI!(J>vcmxLjk7W#;e>A>{xm=^koj!m1N zA&=?UwE5|ndZW_PU~`_1=-4#v=^?FSvnebunJeRAQF}tA~ za~pCo&tXvYK_|P>nHwlqAs_^VfDjM@LO=)z0U;m+gn$qb0*6MxvO41ZQXch{qTTUd zhZdgr5&}X%2nYcoAOwVf5D)@FKnMr{As_@sAYcaDN3hP!_|O8etg52bn`%}w4v%`U zXqB}8Gs7*egn$qb0zyCt2mv7=1cZPP5CTHrXeSU+dm(i%qWV=2rkZ!D%{cd{4*c#_ zow%0acOP_R(D$l#2-(~0(lx=X2ggEHljLi2>|kW?K%~E?wQF;0Pe*@mXGd9UUuRiI zZ+mpJJ~j3B^e(Kitu{w`HaGUSc1QN~_V0|Y?CFT?-MqK8yS2Zwr_A_{cI+$*FIu>_ zyX(jVUCy8_>(qFQ->b*}!|~ro`;C~G>1cZPP5CTF#2nYcoAOwVf5SSzaZUGR7 z9A)s3eY!jzVjz}viQkO>L-4~hSNpGiJoV2Ni)e*_5O|XbG_5OFwGaX_1d%5#=(g-c zXJ!w&G+S|W>h8%BZQh|fIcp(BqXqVXxMYnc-N89s)x&-(^t;drI-oY`aP}a~I)u>$ z({A{>7^WSt-JW93c~ygUcExHP z&Togl6LCZk%PhFTJ>D-Z1;ts6S zR3jtUZa`Sub&2iO2d8G1S5`*=cd(o z&-(4n&A0#fhO^G9vYt-ogLjnW$G!)S$CL{tCb{M8*w(<~@q&}5R9SgND5|Mh*aLT# z7NS!C(249II4?!qP;@f&SyjOgxnI@lI;jiK`7B+R?uH8v z9YqjgovwkR(08ETqYNXrZK4(p4zuHv%Cfi(aWQpgkLkh=gEEq44|8j3@gPz=n8tp+ zj%5HTrv0_JTeiS#eP>W6?P3WjP<{)=Aq0733)OkJ@*a9%y9w^0_j#ee8}gt~NPH~V zRMfLzzu@SzUFNwieIE1{-01s+FyuXUe80!4Qr_RDj7If$$$ETSw4&rk@HBA%mNoNw zT=`6tpc3tcj^74Rd>8N?Uz+sJQ_k5unR zK0xCayFc%5*?6FudZTh6>OQ$QSgA_K^5OnZ?*GVxYSm|gH+b*AXO-TYAYHf&gX2RA zJx{g@Uea>QH$D_wansgM|N7F84*r6DBqRAuj@|SQDfD&O>V+8>o?Lt2&J}lDeSPD$ zWj`y)JgjE)Vt1=H^h)(3D9ie{{8>(zQ`A?!zx(^)@4x!=Lr=Foed^OMKK0^LcRtmO zzr3fu^W=3;E_w35-J3@^zT_eVgn$qb0zyCt2mv7=1cbm*O(08QPSCIh4#${Nnnt~D$r9Jb6j z5TxX>ooNE$j(Xz>Dvcty1^SOcMy_7-k#@?#^3hqzQyg`SAqu!3RH-JuEw%r!<~G{`k{R z6b}moGnU2`$T!MAdHJwFIJa;-DfyR&{&#qG_^@Rh2%a5ZG`27$C6@IsMbi-sl}G)m z=y6&7Z^MwY5D)@FKnMr{As_^VfDjM@LO=)zfuoWD*Ci@-874beEA0f9psP-I)+MYk zBSEXUmCp(WX4+NVbH45D)@FKnMr{As_^V zfDkyU2zViP6H+4~9dHox`Y2Dif-d8pt4H*_9IK{#v4Xl!OD1#&We0NsBxc5gS(-sGwzqTCnF()I8F)*U z8cJD)c0d=ZC5eE_5K!{`aAGP|(-Kb3f`O6dXNNEi>pJ2&nD0u8TU6>Lz`j~@n-A=9 z=d(v}KAclhhB*Lj3lF9UXd{5tPR?wsIf;i~8h4l~Wq8>A=cM*@0*UD`DNIVN9qzDB zXD-PhXT~QBwzX4e*2L&y$7Kqpgi?+*C0-l3%~43Yq#S44TM_{-OfcSzpxVSuO)A)2 zeqfx|AVCdIcuC3N@&e;%IDA)lM*bfcZixIpP!lBtgn$qb0zyCt2mv7=1cZPP5CX>_ z0g?YVT#{k3{J%WwzlzNMf9M){<`}%ml4Kzu1cZPP5CTHLMS%OORbymfXoOuTGuxwb zq&-GQ-@Ec~b|6jctvPXfkxtw$U*p-ibgaEeN8j1>$n0EtbnnJC-u=>wv5z75l--F@ zOndLRlDLVzvmE!Lodw(NxN^Lh`>Jt|IqsTDyS*5(<=$-EZ>}F^_HK-cP>nwh{c)Gs zewWX=qx!VdGk+8}i4@jiAeu3A|5nBrfu3W{+*OwQ#&MU)s4ExgQo}o&8iu`#Tx1NN z+{1SlV&g7++zodSgS&NlaQqJ(FU0^X6?YQza9k8SnORxX1hGqOwknP95}PVMkiJso zt0xag(}hx*$W*swsnc~Pa@3P!Nyty9|4d}3C;LxsGck-*#c9!OZ6+&#(!09q{bF-5 zu$~Ht4u0P5rRgNtAt+04)~9!tC8X5*OGvXA3L^8J>PqqgC*mLIBnNSxnUZAp zjWfx101ZzzP!|+q&&jzejL9IO_%WA>KAa4t7Pv7pv_ofzVjz9`DNL7i@X!TB6X&M9 zM3?#?jTw_=_4yO+{~<;xN(cx6As_^VfDjM@LO=){F#_zPT7W67(nr;k;ZF23(aPuK z^-eUVTG2PK1_ygU*gsIB`zHF(mLI_MU-l*JQ~|W)TQTd{%t9Vd|JCUIQze**&ouNS z>p<09MHr?a04eZ$aWZKu$pku$(fbOg6*Ng|$CN}s+?1_0r zu_xvw<$p4;k?#I|pa0r}KYgy|i%+yhSKJu%rvL1r^7p;*B)0%a4K3McqG#q8duIH=f5S!9Hy3Sxy!uxkUNW{{9p$hS z+PhBE-fhLkY!3PX;=L)U$)W>xoap|NnNA2Wv`%5~0X6JK(6;PGpxTGS!jcGuXJ>e> z(zUzki$R&54o`rAql2Sh3OYDKy03tJ9+tb$LwRP?6~gnezlL29@6a)G^#PwyyHC=- z>zTx=yH#}m3j0u~@l0n7)UZQI_o|>*z_tq7R%ucpCo;-eUTGn>mo;n=MR%+_Ne6oM{ zFmn3$16!;z{-0yG_`eVG|Jes2N(cx6As_^VfDjM@LO=)z0U;m+gn$q@ zehC=)e~qVz{J-P(E=$gYfDjM@LO=)z0U;m+gn$qb0>?W6k^eWA{6EXu;#&XTC+q)@ z_eVnVCj^9m5D)@FKnMtdNhXk3?>~}U$-|KxIdSqLM_Xk-aVzM@S|4&`R)8erYtDkW zG|CX*IvK7(@6_v%Gm{HCy8O?Hled{p%E0j@!!rGP{|#8p?OyNCb?SQIIo5P5bpY%A zJ?ba%_5LfGzVn607v9ly*WH)5ee3nFyqA7&nexG;_5SI0xuZL!Zn|d2?-#uGY{SP} zTNXaP{MoN^MMP?dW|zQblo4B9w_w(yKY!)3%isIaHxAVN-T%Ix&R6ovcE@ANg=;75 z)%b1;F6Q?lt9rG65oFt?CWsEkx!V6-h`_>1f3C!L=Z7oqea^ak>a(2maGig)&E3+X z2Vz|3pBrE2kJa|}I)A^GZAdA6Olc}krgWU^|CyR!o@vWhOqUw2_}6Ru6LJU&OhOBx z(d+*ynLvvMkoEuWk|lZ}AOwVf5D)^#GXYuuFYEuiA^D9`-J|%kTX)A-+ey~{%liMZ z*YC^vf3~mf{Q^Y(KZNhGkw0wPf)i2xKiB_L`k^QxAOwVf5D)@FKnMr{As_^VfDjM@ zLg4r%AoBl@-+L=L69Pg&2nc}_lYor>%lN;H|8xI`S(xp+9oKFgjm};=dlspZye%c-D))P+bh^ z?LnKdZRkoBRBKV?u*w~Tz6sS7t5j}_+3sv+8cnGx0@&)bAMSQI=6+R+5IRvkb|C4^ zsQPxpMXRnVgQ&h(Sw|6O2SQD?y;xVQ1E^|)!|b?SDqjZMbk#Yi&K}c+9R^=6vxm9e zgqR{~58|msPKVpC*Rc#Z_Sb5L+4_t!il>$jE;pxCehZsShE$bWsLsQcCD;SoO|Yd) zFZ6d~BVDWl@p17874=*^@`9t!cA4k8^n5BTxRLvG{pIYFSE^R% znmB@bleHwni0B%<1fQ(-cDVe+9(yCO2k<9Gn=lcS%Uvir z5hoR;|8L#E(A|Go{*CRAgue3|&kr*R!Q{yf;>S;JykcPP`x-v*a7TUD=}&G>7lQo^ zB)0OleHLE(obMf7J=GrzthsT`nJ2v?ozFyRQ?YT-VFrMLEW*YgqjY~*gVGRH3)z8Nd= z8AN@$<*y?x#^pZTnAqzOAkmpB58;!x4y|tI{pp|8()2yJ6z*A0>Xh_?cUs>&4G{qjhu7EzgL{ zpwq0uzC|Z!I?lz;>nri-nuO#{MnZ1Z30Z)1(DmL)UlW*w&A`J?{X{+=@6qX)h4b{3 zbi66|XFw-sV%O`BRYmO6adJ+4iBk>pA=!)95?`zaegrM7QQpd?b z^LkK!tw;UH8g2kJX)Ef)D8`NIQ7c9v4x$StgBUlm$EBj^o$b-}DBVX;WA?(v?uBDt zU<9FUfZ5U2+nZiw-pwgrDC})uKad46XlT)5vVuni;*%8$_vimzbNDZfpZI?H)8$vb zPFeBlJ3}{Lv8U?gYBt3JIP6}z2&kENN+TMDwmN6?zCZo^!Cy6h>CQVJeIk6v0`|qF zhPeU!lKXSt+Vb$ZeRs}Y{m|2&?D%~Bv_0v3nO;OYo?EAWK()Qvw(91Dism zM{*CalfabANZ%zXV)jzAz^3ZaDP}MA2Bd9N-vbJkzL&Z2E*_B3J&gZ3W#mSDihwOD@Iuy^Q$O~W~m($8R$ch1yIlc$CJvExf?#v}jF?EiQ59NGUb<#~~x zLO=)z0U;m+gn$qb0zyCt2mv8*%n*?M|Hj(?PuBk*Glf|aDg=ap5D)@FAR_{tR8Wmc z3PV^Pcj)_k$)q$+S5FK8%A~ZTY1xm+|98tVkoEuf-9PxHKi*UMfUN&N4O7dU8ROY= z^)xe)|L>Lc|MnUJ-vV7CI5p;BpPB!EgHq2Ne}6CKy!7aJ{=TUv0%i1pC60u^BoL6v z!N>mO;CG{(n2F=R!DL=e{ytRk4>EC_(y)T@DXf`^RylenjvvXgQ7!F%l$9PVXRXII ziUlN;sg`KXb7>tVq;b0R0H!*#HPwfuCIb*j#6{{m_3TV({~xUr!KM8#?SD>)PnA3< c?SE Date: Wed, 22 Feb 2023 20:59:39 -0500 Subject: [PATCH 3/9] Update policheck exclusions --- build-tools/automation/azure-pipelines.yaml | 6 +- .../{ => guardian}/CredScanSuppressions.json | 0 .../{ => guardian}/PoliCheckExclusions.xml | 4 +- .../automation/guardian/source.gdnsuppress | 236 ++++++++++++++++++ .../automation/guardian/tsaoptions-v2.json | 11 + .../BindingDatabase.cs | 22 +- 6 files changed, 264 insertions(+), 15 deletions(-) rename build-tools/automation/{ => guardian}/CredScanSuppressions.json (100%) rename build-tools/automation/{ => guardian}/PoliCheckExclusions.xml (88%) create mode 100644 build-tools/automation/guardian/source.gdnsuppress create mode 100644 build-tools/automation/guardian/tsaoptions-v2.json diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 66aa1155fa0..3eac7fff86c 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -1439,5 +1439,7 @@ stages: - template: security/full/v0.yml@yaml-templates parameters: stageDependsOn: [] - credScanSuppressionFile: $(System.DefaultWorkingDirectory)\build-tools\automation\CredScanSuppressions.json - policheckExclusionFile: $(System.DefaultWorkingDirectory)\build-tools\automation\PoliCheckExclusions.xml + credScanSuppressionFile: $(Build.SourcesDirectory)\build-tools\automation\guardian\CredScanSuppressions.json + policheckExclusionFile: $(Build.SourcesDirectory)\build-tools\automation\guardian\PoliCheckExclusions.xml + sourceGdnSuppressionFile: $(Build.SourcesDirectory)\build-tools\automation\guardian\source.gdnsuppress + tsaConfigFile: $(Build.SourcesDirectory)\build-tools\automation\guardian\tsaoptions-v2.json diff --git a/build-tools/automation/CredScanSuppressions.json b/build-tools/automation/guardian/CredScanSuppressions.json similarity index 100% rename from build-tools/automation/CredScanSuppressions.json rename to build-tools/automation/guardian/CredScanSuppressions.json diff --git a/build-tools/automation/PoliCheckExclusions.xml b/build-tools/automation/guardian/PoliCheckExclusions.xml similarity index 88% rename from build-tools/automation/PoliCheckExclusions.xml rename to build-tools/automation/guardian/PoliCheckExclusions.xml index cadc65fa037..cb29dc1f076 100644 --- a/build-tools/automation/PoliCheckExclusions.xml +++ b/build-tools/automation/guardian/PoliCheckExclusions.xml @@ -1,12 +1,12 @@ - LICENSE_DATA|NREFACTORY + LICENSE-DATA|NREFACTORY - REMAINING-INT-CONSTS.TXT|TAIWANCALENDAR.XML|XAMARIN-ANDROID-SDK-9.XML|SQLITE3.C|MAP.CSV|METHODMAP.EXT.CSV|EXTERNALWHITELIST.CSV|SYMBOLARCHIVEWHITELIST.CSV + REMAINING-INT-CONSTS.TXT|TAIWANCALENDAR.XML|XAMARIN-ANDROID-SDK-9.XML|SQLITE3.C|MAP.CSV|METHODMAP.EXT.CSV|EXTERNALWHITELIST.CSV|SYMBOLARCHIVEWHITELIST.CSV|POLICHECKEXCLUSIONS.xml |API-10.PARAMS.TXT|API-15.PARAMS.TXT|API-16.PARAMS.TXT|API-17.PARAMS.TXT|API-18.PARAMS.TXT|API-19.PARAMS.TXT|API-20.PARAMS.TXT|API-21.PARAMS.TXT|API-22.PARAMS.TXT|API-23.PARAMS.TXT|API-24.PARAMS.TXT |API-25.PARAMS.TXT|API-26.PARAMS.TXT|API-27.PARAMS.TXT|API-28.PARAMS.TXT|API-29.PARAMS.TXT|API-30.PARAMS.TXT|API-31.PARAMS.TXT|API-32.PARAMS.TXT|API-33.PARAMS.TXT diff --git a/build-tools/automation/guardian/source.gdnsuppress b/build-tools/automation/guardian/source.gdnsuppress new file mode 100644 index 00000000000..98123d3e81c --- /dev/null +++ b/build-tools/automation/guardian/source.gdnsuppress @@ -0,0 +1,236 @@ +{ + "version": "latest", + "suppressionSets": { + "default": { + "name": "default", + "createdDate": "2023-02-22 23:55:29Z", + "lastUpdatedDate": "2023-02-22 23:55:29Z" + } + }, + "results": { + "5a0a8690d8a06dfdbf6002c67fa64a60a94f3fc77a594034cce20382e88002aa": { + "signature": "5a0a8690d8a06dfdbf6002c67fa64a60a94f3fc77a594034cce20382e88002aa", + "alternativeSignatures": [], + "target": "src/Xamarin.Android.Build.Tasks/Xamarin.Android.Build.Tasks.csproj", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "79459", + "justification": "Reference to an external source file.", + "createdDate": "2023-02-22 23:55:29Z", + "expirationDate": null, + "type": null + }, + "1b319055b8e507b220d0dab341e67e20f49632fd1844a08a4fcc6d4493930ac5": { + "signature": "1b319055b8e507b220d0dab341e67e20f49632fd1844a08a4fcc6d4493930ac5", + "alternativeSignatures": [], + "target": "src/Xamarin.Android.Build.Tasks/Xamarin.Android.Build.Tasks.csproj", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "79459", + "justification": "Reference to an external source file.", + "createdDate": "2023-02-22 23:55:29Z", + "expirationDate": null, + "type": null + }, + "6789cab1bdc97b0cc3ad057b7fdd21d63cdf8bc2679391923803fa240ef81292": { + "signature": "6789cab1bdc97b0cc3ad057b7fdd21d63cdf8bc2679391923803fa240ef81292", + "alternativeSignatures": [], + "target": "Documentation/guides/building-apps/build-properties.md", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "185843", + "justification": "Reference to an ISCII term.", + "createdDate": "2023-02-22 23:55:29Z", + "expirationDate": null, + "type": null + }, + "bbaf5f946cb72748567e41f0df5f1bae05550f4ba7381e21ec6b26d6c3ecec9f": { + "signature": "bbaf5f946cb72748567e41f0df5f1bae05550f4ba7381e21ec6b26d6c3ecec9f", + "alternativeSignatures": [], + "target": "Documentation/guides/building-apps/build-properties.md", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "185837", + "justification": "Reference to an ISCII term.", + "createdDate": "2023-02-22 23:55:29Z", + "expirationDate": null, + "type": null + }, + "db8916a0f0cdca4082c540921dd362e09a9ff413862ab826308411b76ee35789": { + "signature": "db8916a0f0cdca4082c540921dd362e09a9ff413862ab826308411b76ee35789", + "alternativeSignatures": [], + "target": "src/Mono.Android/Android.Util/Log.cs", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "80418", + "justification": "Reference to an Android logging function.", + "createdDate": "2023-02-22 23:55:29Z", + "expirationDate": null, + "type": null + }, + "58fab4dfef38677720e955e546a6af108332c65daafb0d043ad9d93442300a30": { + "signature": "58fab4dfef38677720e955e546a6af108332c65daafb0d043ad9d93442300a30", + "alternativeSignatures": [], + "target": "src/Mono.Android/Android.Util/Log.cs", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "80418", + "justification": "Reference to an Android logging function.", + "createdDate": "2023-02-22 23:55:29Z", + "expirationDate": null, + "type": null + }, + "b07e75fc8a506b94690dbd06877da06c1228e40e7deda3967f6b882b842f726d": { + "signature": "b07e75fc8a506b94690dbd06877da06c1228e40e7deda3967f6b882b842f726d", + "alternativeSignatures": [], + "target": "src/Mono.Android/Android.Util/Log.cs", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "80418", + "justification": "Reference to an Android logging function.", + "createdDate": "2023-02-22 23:55:29Z", + "expirationDate": null, + "type": null + }, + "87d8313310c2dd42021844b95bdcb9121bf10036fea5b212b945e0732a456e5a": { + "signature": "87d8313310c2dd42021844b95bdcb9121bf10036fea5b212b945e0732a456e5a", + "alternativeSignatures": [], + "target": "src/Mono.Android/Android.Util/Log.cs", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "80418", + "justification": "Reference to an Android logging function.", + "createdDate": "2023-02-22 23:55:29Z", + "expirationDate": null, + "type": null + }, + "8e5400e0233c8d887ad48bd8a48e8a7be5a579f9eefad521419b6df0828bbfac": { + "signature": "8e5400e0233c8d887ad48bd8a48e8a7be5a579f9eefad521419b6df0828bbfac", + "alternativeSignatures": [], + "target": "src/Mono.Android/Android.Util/Log.cs", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "80418", + "justification": "Reference to an Android logging function.", + "createdDate": "2023-02-22 23:55:29Z", + "expirationDate": null, + "type": null + }, + "06af52be6b6f87455b1db2eb6e631e783f1dacaf607c9b5f34cdee669992c8b5": { + "signature": "06af52be6b6f87455b1db2eb6e631e783f1dacaf607c9b5f34cdee669992c8b5", + "alternativeSignatures": [], + "target": "src/Mono.Android/Android.Util/Log.cs", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "80418", + "justification": "Reference to an Android logging function.", + "createdDate": "2023-02-22 23:55:29Z", + "expirationDate": null, + "type": null + }, + "a2b4d032c59a9d1211d218c3cd550cf8febb369941d70284d07d03ebee855bc0": { + "signature": "a2b4d032c59a9d1211d218c3cd550cf8febb369941d70284d07d03ebee855bc0", + "alternativeSignatures": [], + "target": "src/monodroid/jni/logger.cc", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "79668", + "justification": "Reference to find first set bit function.", + "createdDate": "2023-02-22 23:55:29Z", + "expirationDate": null, + "type": null + }, + "1c87b45a6044d205dc3f3562f349c238f7cabe22b4609da762df9dc44151e9fb": { + "signature": "1c87b45a6044d205dc3f3562f349c238f7cabe22b4609da762df9dc44151e9fb", + "alternativeSignatures": [], + "target": "src/monodroid/jni/logger.cc", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "79668", + "justification": "Reference to find first set bit function.", + "createdDate": "2023-02-22 23:55:29Z", + "expirationDate": null, + "type": null + }, + "a6639098c4785509a4215c9e2fc10f82c06fce461915dc11a00227ddec558845": { + "signature": "a6639098c4785509a4215c9e2fc10f82c06fce461915dc11a00227ddec558845", + "alternativeSignatures": [], + "target": "src/monodroid/jni/logger.cc", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "79668", + "justification": "Reference to find first set bit function.", + "createdDate": "2023-02-22 23:55:29Z", + "expirationDate": null, + "type": null + }, + "d6b3df0b1d35cb4acec6a954acc145c9ec22041cd463b94ff080682c65a9bd62": { + "signature": "d6b3df0b1d35cb4acec6a954acc145c9ec22041cd463b94ff080682c65a9bd62", + "alternativeSignatures": [], + "target": "src/monodroid/jni/logger.cc", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "79668", + "justification": "Reference to find first set bit function.", + "createdDate": "2023-02-22 23:55:29Z", + "expirationDate": null, + "type": null + }, + "b34b42aa41018376a31460c142f2ae910704725d9e9a4470f92b587df682369b": { + "signature": "b34b42aa41018376a31460c142f2ae910704725d9e9a4470f92b587df682369b", + "alternativeSignatures": [], + "target": "src/Xamarin.Android.Build.Tasks/Tasks/Aapt2.cs", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "80411", + "justification": "Reference to output from an external tool.", + "createdDate": "2023-02-22 23:55:29Z", + "expirationDate": null, + "type": null + }, + "75474fa652dbbf8f96826100a5fe37ba686a032ca07d61ef68a79c8e4412c150": { + "signature": "75474fa652dbbf8f96826100a5fe37ba686a032ca07d61ef68a79c8e4412c150", + "alternativeSignatures": [], + "target": "src/Xamarin.Android.Build.Tasks/Linker/MonoDroid.Tuner/Linker.cs", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "79459", + "justification": "Reference to an external source file.", + "createdDate": "2023-02-22 23:55:29Z", + "expirationDate": null, + "type": null + } + } +} diff --git a/build-tools/automation/guardian/tsaoptions-v2.json b/build-tools/automation/guardian/tsaoptions-v2.json new file mode 100644 index 00000000000..21ad8c31a7d --- /dev/null +++ b/build-tools/automation/guardian/tsaoptions-v2.json @@ -0,0 +1,11 @@ +{ + "codebaseName": "xamarin.android_main", + "notificationAliases": [ + "dotnet-android-eng@microsoft.com" + ], + "instanceUrl": "https://devdiv.visualstudio.com/", + "projectName": "DevDiv", + "areaPath": "DevDiv\\VS Client - Runtime SDKs\\Android", + "iterationPath": "DevDiv", + "allTools": true +} diff --git a/src/Xamarin.Android.Tools.Aidl/BindingDatabase.cs b/src/Xamarin.Android.Tools.Aidl/BindingDatabase.cs index 0be93e2c2e0..ac4fd818a73 100644 --- a/src/Xamarin.Android.Tools.Aidl/BindingDatabase.cs +++ b/src/Xamarin.Android.Tools.Aidl/BindingDatabase.cs @@ -9,22 +9,22 @@ public class BindingDatabase { Dictionary nsmap; Dictionary regs; - List asses = new List (); + List assems = new List (); public BindingDatabase (IEnumerable assemblies, Func resolveAssembly) { - foreach (var assfile in assemblies) { - var ass = resolveAssembly (assfile); - if (ass == null) + foreach (var assemfile in assemblies) { + var assem = resolveAssembly (assemfile); + if (assem == null) throw new InvalidOperationException ("Failed to resolve specified assembly"); - asses.Add (ass); + assems.Add (assem); } Initialize (assemblies, resolveAssembly); } - public BindingDatabase (IEnumerable asses) + public BindingDatabase (IEnumerable assems) { - this.asses.AddRange (asses); + this.assems.AddRange (assems); Initialize (null, null); } @@ -43,17 +43,17 @@ void Initialize (IEnumerable assemblies, Func var r = new Dictionary (); regs = r; - foreach (var ass in asses) { - if (!ass.CustomAttributes.Any (a => a.AttributeType.FullName != "Android.Runtime.NamespaceMappingAttribute")) + foreach (var assem in assems) { + if (!assem.CustomAttributes.Any (a => a.AttributeType.FullName != "Android.Runtime.NamespaceMappingAttribute")) continue; // irrelevant assembly. - foreach (var att in ass.CustomAttributes) { + foreach (var att in assem.CustomAttributes) { if (att.AttributeType.FullName != "Android.Runtime.NamespaceMappingAttribute") continue; string java = (string) att.Properties.First (p => p.Name == "Java").Argument.Value; string cs = (string) att.Properties.First (p => p.Name == "Managed").Argument.Value; d [java] = cs; } - foreach (var md in ass.Modules) + foreach (var md in assem.Modules) foreach (var td in md.Types.Where (t => t.IsPublic || t.IsNestedPublic)) foreach (var att in td.CustomAttributes.Where (a => a.AttributeType.FullName == "Android.Runtime.RegisterAttribute")) r [((string) att.ConstructorArguments [0].Value).Replace ('/', '.').Replace ('$', '.')] = td.FullName; From de328fea4d2aadb90880d9fbde1714393028360d Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Thu, 23 Feb 2023 17:20:35 -0500 Subject: [PATCH 4/9] Enable localized policheck --- build-tools/automation/azure-pipelines.yaml | 16 +++++++++++++++- .../PoliCheck.Exclusions.xml} | 2 +- 2 files changed, 16 insertions(+), 2 deletions(-) rename build-tools/automation/{guardian/PoliCheckExclusions.xml => policheck/PoliCheck.Exclusions.xml} (93%) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 3eac7fff86c..9b51f9b0817 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -1440,6 +1440,20 @@ stages: parameters: stageDependsOn: [] credScanSuppressionFile: $(Build.SourcesDirectory)\build-tools\automation\guardian\CredScanSuppressions.json - policheckExclusionFile: $(Build.SourcesDirectory)\build-tools\automation\guardian\PoliCheckExclusions.xml sourceGdnSuppressionFile: $(Build.SourcesDirectory)\build-tools\automation\guardian\source.gdnsuppress tsaConfigFile: $(Build.SourcesDirectory)\build-tools\automation\guardian\tsaoptions-v2.json + policheckLocScanEnabled: true + policheckExclusionFilesFolder: $(Build.SourcesDirectory)\build-tools\automation\policheck + policheckChsScanFolder: $(Build.SourcesDirectory)\Localize\loc\zh-Hans + policheckChtScanFolder: $(Build.SourcesDirectory)\Localize\loc\zh-Hant + policheckCsyScanFolder: $(Build.SourcesDirectory)\Localize\loc\cs + policheckDeuScanFolder: $(Build.SourcesDirectory)\Localize\loc\de + policheckEsnScanFolder: $(Build.SourcesDirectory)\Localize\loc\es + policheckFraScanFolder: $(Build.SourcesDirectory)\Localize\loc\fr + policheckItaScanFolder: $(Build.SourcesDirectory)\Localize\loc\it + policheckJpnScanFolder: $(Build.SourcesDirectory)\Localize\loc\ja + policheckKorScanFolder: $(Build.SourcesDirectory)\Localize\loc\ko + policheckPlkScanFolder: $(Build.SourcesDirectory)\Localize\loc\pl + policheckPtbScanFolder: $(Build.SourcesDirectory)\Localize\loc\pt-BR + policheckRusScanFolder: $(Build.SourcesDirectory)\Localize\loc\ru + policheckTrkScanFolder: $(Build.SourcesDirectory)\Localize\loc\tr diff --git a/build-tools/automation/guardian/PoliCheckExclusions.xml b/build-tools/automation/policheck/PoliCheck.Exclusions.xml similarity index 93% rename from build-tools/automation/guardian/PoliCheckExclusions.xml rename to build-tools/automation/policheck/PoliCheck.Exclusions.xml index cb29dc1f076..05ef7a09341 100644 --- a/build-tools/automation/guardian/PoliCheckExclusions.xml +++ b/build-tools/automation/policheck/PoliCheck.Exclusions.xml @@ -1,6 +1,6 @@ - LICENSE-DATA|NREFACTORY + LICENSE-DATA|NREFACTORY|LOCALIZE From b4ef24645cb292ffc89f5c79b53d5075fd16ef6e Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Thu, 23 Feb 2023 18:10:00 -0500 Subject: [PATCH 5/9] Bump From 911a3a3553373dbc986a71984baee03aa1b00be4 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Thu, 23 Feb 2023 18:50:07 -0500 Subject: [PATCH 6/9] Move to gdn folder --- build-tools/automation/azure-pipelines.yaml | 3 ++- .../{policheck => guardian}/PoliCheck.Exclusions.xml | 0 2 files changed, 2 insertions(+), 1 deletion(-) rename build-tools/automation/{policheck => guardian}/PoliCheck.Exclusions.xml (100%) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 9b51f9b0817..23cdaa2c9f2 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -1443,7 +1443,8 @@ stages: sourceGdnSuppressionFile: $(Build.SourcesDirectory)\build-tools\automation\guardian\source.gdnsuppress tsaConfigFile: $(Build.SourcesDirectory)\build-tools\automation\guardian\tsaoptions-v2.json policheckLocScanEnabled: true - policheckExclusionFilesFolder: $(Build.SourcesDirectory)\build-tools\automation\policheck + policheckExclusionFilesFolder: $(Build.SourcesDirectory)\build-tools\automation\guardian + policheckGdnSuppressionFilesFolder: $(Build.SourcesDirectory)\build-tools\automation\guardian policheckChsScanFolder: $(Build.SourcesDirectory)\Localize\loc\zh-Hans policheckChtScanFolder: $(Build.SourcesDirectory)\Localize\loc\zh-Hant policheckCsyScanFolder: $(Build.SourcesDirectory)\Localize\loc\cs diff --git a/build-tools/automation/policheck/PoliCheck.Exclusions.xml b/build-tools/automation/guardian/PoliCheck.Exclusions.xml similarity index 100% rename from build-tools/automation/policheck/PoliCheck.Exclusions.xml rename to build-tools/automation/guardian/PoliCheck.Exclusions.xml From af37a5ed9009ad207a1185fe0d95f7d21cf59731 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Thu, 23 Feb 2023 19:28:49 -0500 Subject: [PATCH 7/9] Update exclusions --- .../automation/guardian/CHT.gdnsuppress | 26 +++++++++++++++++++ .../guardian/PoliCheck.Exclusions.xml | 2 +- 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 build-tools/automation/guardian/CHT.gdnsuppress diff --git a/build-tools/automation/guardian/CHT.gdnsuppress b/build-tools/automation/guardian/CHT.gdnsuppress new file mode 100644 index 00000000000..4396a9a378a --- /dev/null +++ b/build-tools/automation/guardian/CHT.gdnsuppress @@ -0,0 +1,26 @@ +{ + "version": "latest", + "suppressionSets": { + "default": { + "name": "default", + "createdDate": "2023-02-24 00:05:39Z", + "lastUpdatedDate": "2023-02-24 00:05:39Z" + } + }, + "results": { + "04910d714a13bf4523ffa77350f654f52114fa4fa3d760c9f63186d41716c019": { + "signature": "04910d714a13bf4523ffa77350f654f52114fa4fa3d760c9f63186d41716c019", + "alternativeSignatures": [], + "target": "Localize/loc/zh-Hant/src/Xamarin.Android.Build.Tasks/Properties/Resources.resx.lcl", + "memberOf": [ + "default" + ], + "tool": "policheck", + "ruleId": "64550", + "justification": "Reference to the Android package format APK.", + "createdDate": "2023-02-24 00:05:39Z", + "expirationDate": null, + "type": null + } + } +} diff --git a/build-tools/automation/guardian/PoliCheck.Exclusions.xml b/build-tools/automation/guardian/PoliCheck.Exclusions.xml index 05ef7a09341..3df47bb4a1a 100644 --- a/build-tools/automation/guardian/PoliCheck.Exclusions.xml +++ b/build-tools/automation/guardian/PoliCheck.Exclusions.xml @@ -6,7 +6,7 @@ - REMAINING-INT-CONSTS.TXT|TAIWANCALENDAR.XML|XAMARIN-ANDROID-SDK-9.XML|SQLITE3.C|MAP.CSV|METHODMAP.EXT.CSV|EXTERNALWHITELIST.CSV|SYMBOLARCHIVEWHITELIST.CSV|POLICHECKEXCLUSIONS.xml + REMAINING-INT-CONSTS.TXT|TAIWANCALENDAR.XML|XAMARIN-ANDROID-SDK-9.XML|SQLITE3.C|MAP.CSV|METHODMAP.EXT.CSV|EXTERNALWHITELIST.CSV|SYMBOLARCHIVEWHITELIST.CSV|POLICHECK.EXCLUSIONS.xml |API-10.PARAMS.TXT|API-15.PARAMS.TXT|API-16.PARAMS.TXT|API-17.PARAMS.TXT|API-18.PARAMS.TXT|API-19.PARAMS.TXT|API-20.PARAMS.TXT|API-21.PARAMS.TXT|API-22.PARAMS.TXT|API-23.PARAMS.TXT|API-24.PARAMS.TXT |API-25.PARAMS.TXT|API-26.PARAMS.TXT|API-27.PARAMS.TXT|API-28.PARAMS.TXT|API-29.PARAMS.TXT|API-30.PARAMS.TXT|API-31.PARAMS.TXT|API-32.PARAMS.TXT|API-33.PARAMS.TXT From f4697420440a6ccbf02e7b5d05507be47248ea02 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Thu, 23 Feb 2023 19:32:21 -0500 Subject: [PATCH 8/9] Test report publish on this branch --- build-tools/automation/azure-pipelines.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index 23cdaa2c9f2..b3328bc705c 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -1458,3 +1458,4 @@ stages: policheckPtbScanFolder: $(Build.SourcesDirectory)\Localize\loc\pt-BR policheckRusScanFolder: $(Build.SourcesDirectory)\Localize\loc\ru policheckTrkScanFolder: $(Build.SourcesDirectory)\Localize\loc\tr + tsaReportBranch: refs/heads/dev/pjc/cs-template From 69ed7e79ae6ebd41f830578e0da72f6846af4b1a Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Fri, 24 Feb 2023 13:54:21 -0500 Subject: [PATCH 9/9] Revert testing changes --- build-tools/automation/azure-pipelines.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/build-tools/automation/azure-pipelines.yaml b/build-tools/automation/azure-pipelines.yaml index b3328bc705c..d1386873c5c 100644 --- a/build-tools/automation/azure-pipelines.yaml +++ b/build-tools/automation/azure-pipelines.yaml @@ -14,7 +14,7 @@ resources: - repository: yaml-templates type: github name: xamarin/yaml-templates - ref: refs/heads/dev/pjc/xa-sec-onboard + ref: refs/heads/main endpoint: xamarin - repository: sdk-insertions type: github @@ -1458,4 +1458,3 @@ stages: policheckPtbScanFolder: $(Build.SourcesDirectory)\Localize\loc\pt-BR policheckRusScanFolder: $(Build.SourcesDirectory)\Localize\loc\ru policheckTrkScanFolder: $(Build.SourcesDirectory)\Localize\loc\tr - tsaReportBranch: refs/heads/dev/pjc/cs-template