artifact-engine 1.271.1 → 2.272.0

package/Engine/cilogger.js

@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.publishEvent = void 0;
 var tl = require('azure-pipelines-task-lib');
 var packagejson = require('../package.json');
-const area = 'artifact-engine';
+const area = 'artifact-engine-v2';
 function getDefaultProps() {
     var hostType = (tl.getVariable('SYSTEM.HOSTTYPE') || "").toLowerCase();
     var isReleaseHost = hostType === 'release' || hostType === "deployment";

package/Providers/typed-rest-client/handlers/basiccreds.js

@@ -11,7 +11,7 @@ class BasicCredentialHandler {
     // currently implements pre-authorization
     // TODO: support preAuth = false where it hooks on 401
     prepareRequest(options) {
-        options.headers['Authorization'] = 'Basic ' + new Buffer(this.username + ':' + this.password).toString('base64');
+        options.headers['Authorization'] = 'Basic ' + Buffer.from(this.username + ':' + this.password, 'utf8').toString('base64');
         options.headers['X-TFS-FedAuthRedirect'] = 'Suppress';
     }
     // This handler cannot handle 401

package/Providers/typed-rest-client/handlers/ntlm.js

@@ -1,6 +1,15 @@
 "use strict";
 // Copyright (c) Microsoft. All rights reserved.
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.NtlmCredentialHandler = void 0;
 const http = require("http");
@@ -91,26 +100,28 @@ class NtlmCredentialHandler {
     }
     // The following method is an adaptation of code found at https://github.com/SamDecrock/node-http-ntlm/blob/master/httpntlm.js
     sendType3Message(httpClient, protocol, options, objs, keepaliveAgent, res, callback) {
-        if (!res.headers['www-authenticate']) {
-            return callback(new Error('www-authenticate not found on response of second request'));
-        }
-        // parse type2 message from server:
-        var type2msg = ntlm.parseType2Message(res.headers['www-authenticate']);
-        // create type3 message:
-        var type3msg = ntlm.createType3Message(type2msg, options);
-        // build type3 request:
-        var type3options = {
-            headers: {
-                'Authorization': type3msg
-            },
-            allowRedirects: false,
-            agent: keepaliveAgent
-        };
-        // pass along other options:
-        type3options.headers = _.extend(type3options.headers, options.headers);
-        type3options = _.extend(type3options, _.omit(options, 'headers'));
-        // send type3 message to server:
-        httpClient.requestInternal(protocol, type3options, objs, callback);
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!res.headers['www-authenticate']) {
+                return callback(new Error('www-authenticate not found on response of second request'));
+            }
+            // parse type2 message from server:
+            var type2msg = ntlm.parseType2Message(res.headers['www-authenticate']);
+            // create type3 message:
+            var type3msg = yield ntlm.createType3Message(type2msg, options);
+            // build type3 request:
+            var type3options = {
+                headers: {
+                    'Authorization': type3msg
+                },
+                allowRedirects: false,
+                agent: keepaliveAgent
+            };
+            // pass along other options:
+            type3options.headers = _.extend(type3options.headers, options.headers);
+            type3options = _.extend(type3options, _.omit(options, 'headers'));
+            // send type3 message to server:
+            httpClient.requestInternal(protocol, type3options, objs, callback);
+        });
     }
 }
 exports.NtlmCredentialHandler = NtlmCredentialHandler;

package/Providers/typed-rest-client/handlers/personalaccesstoken.js

@@ -10,7 +10,7 @@ class PersonalAccessTokenCredentialHandler {
     // currently implements pre-authorization
     // TODO: support preAuth = false where it hooks on 401
     prepareRequest(options) {
-        options.headers['Authorization'] = 'Basic ' + new Buffer('PAT:' + this.token).toString('base64');
+        options.headers['Authorization'] = 'Basic ' + Buffer.from('PAT:' + this.token, 'utf8').toString('base64');
         options.headers['X-TFS-FedAuthRedirect'] = 'Suppress';
     }
     // This handler cannot handle 401

package/Providers/typed-rest-client/opensource/node-http-ntlm/ntlm.js

@@ -1,4 +1,5 @@
 var crypto = require('crypto');
+var hashwasm = require('hash-wasm');
 
 var flags = {
 	NTLM_NegotiateUnicode                :  0x00000001,
@@ -70,7 +71,7 @@ function createType1Message(options){
 		type1flags = type1flags - flags.NTLM_NegotiateOemDomainSupplied;
 
 	var pos = 0;
-	var buf = new Buffer(BODY_LENGTH + domain.length + workstation.length);
+	var buf = Buffer.alloc(BODY_LENGTH + domain.length + workstation.length);
 
 
 	buf.write(protocol, pos, protocol.length); pos += protocol.length; // protocol
@@ -105,7 +106,7 @@ function parseType2Message(rawmsg, callback){
 	if(!match || !match[1])
 		return callback(new Error("Couldn't find NTLM in the message type2 comming from the server"));
 
-	var buf = new Buffer(match[1], 'base64');
+	var buf = Buffer.from(match[1], 'base64');
 
 	var msg = {};
 
@@ -133,7 +134,7 @@ function parseType2Message(rawmsg, callback){
 	return msg;
 }
 
-function createType3Message(msg2, options){
+async function createType3Message(msg2, options){
 	var nonce = msg2.serverChallenge;
 	var username = options.username;
 	var password = options.password;
@@ -151,27 +152,27 @@ function createType3Message(msg2, options){
 
 	var encryptedRandomSessionKey = "";
 	if(isUnicode){
-		workstationBytes = new Buffer(workstation, 'utf16le');
-		domainNameBytes = new Buffer(domainName, 'utf16le');
-		usernameBytes = new Buffer(username, 'utf16le');
-		encryptedRandomSessionKeyBytes = new Buffer(encryptedRandomSessionKey, 'utf16le');
+		workstationBytes = Buffer.from(workstation, 'utf16le');
+		domainNameBytes = Buffer.from(domainName, 'utf16le');
+		usernameBytes = Buffer.from(username, 'utf16le');
+		encryptedRandomSessionKeyBytes = Buffer.from(encryptedRandomSessionKey, 'utf16le');
 	}else{
-		workstationBytes = new Buffer(workstation, 'ascii');
-		domainNameBytes = new Buffer(domainName, 'ascii');
-		usernameBytes = new Buffer(username, 'ascii');
-		encryptedRandomSessionKeyBytes = new Buffer(encryptedRandomSessionKey, 'ascii');
+		workstationBytes = Buffer.from(workstation, 'ascii');
+		domainNameBytes = Buffer.from(domainName, 'ascii');
+		usernameBytes = Buffer.from(username, 'ascii');
+		encryptedRandomSessionKeyBytes = Buffer.from(encryptedRandomSessionKey, 'ascii');
 	}
 
 	var lmChallengeResponse = calc_resp(create_LM_hashed_password_v1(password), nonce);
-	var ntChallengeResponse = calc_resp(create_NT_hashed_password_v1(password), nonce);
+	var ntChallengeResponse = calc_resp(await create_NT_hashed_password_v1(password), nonce);
 
 	if(isNegotiateExtendedSecurity){
-		var pwhash = create_NT_hashed_password_v1(password);
+		var pwhash = await create_NT_hashed_password_v1(password);
 	 	var clientChallenge = "";
 	 	for(var i=0; i < 8; i++){
 	 		clientChallenge += String.fromCharCode( Math.floor(Math.random()*256) );
 	   	}
-	   	var clientChallengeBytes = new Buffer(clientChallenge, 'ascii');
+	   	var clientChallengeBytes = Buffer.from(clientChallenge, 'ascii');
 	    var challenges = ntlm2sr_calc_resp(pwhash, nonce, clientChallengeBytes);
 	    lmChallengeResponse = challenges.lmChallengeResponse;
 	    ntChallengeResponse = challenges.ntChallengeResponse;
@@ -180,7 +181,7 @@ function createType3Message(msg2, options){
 	var signature = 'NTLMSSP\0';
 
 	var pos = 0;
-	var buf = new Buffer(BODY_LENGTH + domainNameBytes.length + usernameBytes.length + workstationBytes.length + lmChallengeResponse.length + ntChallengeResponse.length + encryptedRandomSessionKeyBytes.length);
+	var buf = Buffer.alloc(BODY_LENGTH + domainNameBytes.length + usernameBytes.length + workstationBytes.length + lmChallengeResponse.length + ntChallengeResponse.length + encryptedRandomSessionKeyBytes.length);
 
 	buf.write(signature, pos, signature.length); pos += signature.length;
 	buf.writeUInt32LE(3, pos); pos += 4;          // type 1
@@ -232,9 +233,9 @@ function createType3Message(msg2, options){
 function create_LM_hashed_password_v1(password){
 	// fix the password length to 14 bytes
 	password = password.toUpperCase();
-	var passwordBytes = new Buffer(password, 'ascii');
+	var passwordBytes = Buffer.from(password, 'ascii');
 
-	var passwordBytesPadded = new Buffer(14);
+	var passwordBytesPadded = Buffer.alloc(14);
 	passwordBytesPadded.fill("\0");
 	var sourceEnd = 14;
 	if(passwordBytes.length < 14) sourceEnd = passwordBytes.length;
@@ -329,23 +330,22 @@ function binaryArray2bytes(array){
    		var hexchar1 = binary2hex[binString1];
    		var hexchar2 = binary2hex[binString2];
 
-   		var buf = new Buffer(hexchar1 + '' + hexchar2, 'hex');
+   		var buf = Buffer.from(hexchar1 + '' + hexchar2, 'hex');
    		bufArray.push(buf);
    	}
 
    	return Buffer.concat(bufArray);
 }
 
-function create_NT_hashed_password_v1(password){
-	var buf = new Buffer(password, 'utf16le');
-	var md4 = crypto.createHash('md4');   // CodeQL [SM04514] Suppress - NTLM only supports md4 and md5 hashing algorithms which are weak but cannot be changed to sha256 as the protocol does not support it 
-	md4.update(buf);   // CodeQL [SM01511] Suppress - NTLM only supports md4 and md5 hashing algorithms which are weak but cannot be changed to sha256 as the protocol does not support it
-	return new Buffer(md4.digest());
+async function create_NT_hashed_password_v1(password){
+	var buf = Buffer.from(password, 'utf16le');
+	var hexHash = await hashwasm.md4(buf);   // CodeQL [SM04514] [SM01511] Suppress - NTLM requires md4 hashing which is weak but cannot be changed as the protocol does not support stronger algorithms. Using hash-wasm (pure JS/WASM) since crypto.createHash('md4') was removed in Node 17+ (OpenSSL 3.0)
+	return Buffer.from(hexHash, 'hex');
 }
 
 function calc_resp(password_hash, server_challenge){
     // padding with zeros to make the hash 21 bytes long
-    var passHashPadded = new Buffer(21);
+    var passHashPadded = Buffer.alloc(21);
     passHashPadded.fill("\0");
     password_hash.copy(passHashPadded, 0, 0, password_hash.length);
 
@@ -365,7 +365,7 @@ function calc_resp(password_hash, server_challenge){
 
 function ntlm2sr_calc_resp(responseKeyNT, serverChallenge, clientChallenge){
 	// padding with zeros to make the hash 16 bytes longer
-    var lmChallengeResponse = new Buffer(clientChallenge.length + 16);
+    var lmChallengeResponse = Buffer.alloc(clientChallenge.length + 16);
     lmChallengeResponse.fill("\0");
     clientChallenge.copy(lmChallengeResponse, 0, 0, clientChallenge.length);
 
@@ -383,7 +383,4 @@ function ntlm2sr_calc_resp(responseKeyNT, serverChallenge, clientChallenge){
 
 exports.createType1Message = createType1Message;
 exports.parseType2Message = parseType2Message;
-exports.createType3Message = createType3Message;
-
-
-
+exports.createType3Message = createType3Message;

package/Providers/webClientFactory.js

@@ -47,11 +47,14 @@ class WebClientFactory {
         if (lookupKey && lookupKey.indexOf(':') > 0) {
             let lookupInfo = lookupKey.split(':', 2);
             // file contains encryption key
-            let keyFile = new Buffer(lookupInfo[0], 'base64').toString('utf8');
-            let encryptKey = new Buffer(fs.readFileSync(keyFile, 'utf8'), 'base64');
-            let encryptedContent = new Buffer(lookupInfo[1], 'base64').toString('utf8');
-            // @ts-ignore there is no type definition for createDecipher method
-            let decipher = crypto.createDecipher("aes-256-ctr", encryptKey);
+            let keyFile = Buffer.from(lookupInfo[0], 'base64').toString('utf8');
+            let encryptKey = Buffer.from(fs.readFileSync(keyFile, 'utf8'), 'base64');
+            let encryptedContent = Buffer.from(lookupInfo[1], 'base64').toString('utf8');
+            // Ensure key is 32 bytes for AES-256
+            const key = encryptKey.length === 32 ? encryptKey : crypto.createHash('sha256').update(encryptKey).digest();
+            // Use zero IV for AES-256-CTR (must match encryption side)
+            const iv = Buffer.alloc(16, 0);
+            let decipher = crypto.createDecipheriv("aes-256-ctr", key, iv);
             let decryptedContent = decipher.update(encryptedContent, 'hex', 'utf8');
             decryptedContent += decipher.final('utf8');
             return decryptedContent;

package/README.md

@@ -16,7 +16,7 @@ To use Artifact engine in your tasks or app have a look at [E2E.ts](E2ETests/jen
 ## Development
 **Build**
 ---------
-1. Run npm install in ArtifactEngine folder
+1. Run npm install in ArtifactEngineV2 folder
 2. Use command ctrl-shift-b to build from vscode
 
 **Testing**
@@ -30,10 +30,10 @@ To use Artifact engine in your tasks or app have a look at [E2E.ts](E2ETests/jen
 ------
 1. To run ArtifactEngine integration and unit tests from root directory use
 
-    `gulp test --suite=ArtifactEngine`
+    `gulp test --suite=ArtifactEngineV2`
 2. To run Performance tests update [test config file](test.config.json.example) and rename it to test.config.json  and run
 
-    `gulp test --suite=ArtifactEngine --perf`
+    `gulp test --suite=ArtifactEngineV2 --perf`
 3. To run End-to-End tests update [test config file](test.config.json.example) and rename it to test.config.json  and run
 
-    `gulp test --suite=ArtifactEngine --e2e`
+    `gulp test --suite=ArtifactEngineV2 --e2e`

package/lib.json

@@ -7,8 +7,8 @@
         "UnableToReadDirectory": "Unable to read directory %s. Error: %s",
         "RetryingDownload": "Retrying download of %s, retry count: %s",
         "SkippingItem": "Skipped processing item %s",
-        "UnhandledRejection": "artifact-engine: unhandled rejection %s",
-        "UnhandledException": "artifact-engine: unhandled exception %s",
+        "UnhandledRejection": "artifact-engine-v2: unhandled rejection %s",
+        "UnhandledException": "artifact-engine-v2: unhandled exception %s",
         "FailedRequest": "Failed request: (statusCode)"
     }
 }

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "artifact-engine",
-  "version": "1.271.1",
+  "version": "2.272.0",
   "description": "Artifact Engine to download artifacts from jenkins, teamcity, vsts",
   "repository": {
     "type": "git",
-    "url": "https://github.com/Microsoft/azure-pipelines-extensions/tree/master/Extensions/ArtifactEngine"
+    "url": "https://github.com/Microsoft/azure-pipelines-extensions/tree/master/Extensions/ArtifactEngineV2"
   },
   "keywords": [
     "artifact"
@@ -18,25 +18,23 @@
   "dependencies": {
     "azure-pipelines-task-lib": "^5.2.8",
     "handlebars": "4.7.7",
-    "minimatch": "3.1.5",
+    "hash-wasm": "^4.12.0",
+    "minimatch": "^10.0.1",
     "tunnel": "0.0.4"
   },
-  "overrides": {
-    "minimatch": "3.1.5"
-  },
   "devDependencies": {
-    "@types/minimatch": "^2.0.29",
+    "@types/minimatch": "^5.1.2",
     "@types/mocha": "^10.0.10",
-    "@types/node": "^10.17.0",
+    "@types/node": "^22.10.5",
     "@types/xml2js": "^0.4.8",
     "assert": "1.4.1",
     "mocha": "^11.7.5",
     "mocha-tap-reporter": "0.1.3",
     "nconf": "^0.12.0",
-    "nock": "9.1.0",
-    "nyc": "^15.0.0",
-    "sinon": "4.0.1",
-    "typescript": "4.0.2",
+    "nock": "^13.5.6",
+    "nyc": "^17.1.0",
+    "sinon": "^19.0.2",
+    "typescript": "^5.7.2",
     "xml2js": "^0.6.2"
   },
   "files": [
@@ -56,7 +54,8 @@
     "Strings/**"
   ],
   "scripts": {
-    "test": "nyc ./node_modules/mocha/bin/_mocha --reporter mocha-tap-reporter **/*Tests.js",
+    "test": "mocha",
+    "test:coverage": "nyc mocha",
     "build": "tsc"
   }
 }