azure-pipelines-task-lib 5.2.3 → 5.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/internal.js +6 -4
- package/package.json +1 -1
package/internal.js
CHANGED
|
@@ -919,13 +919,15 @@ exports._exposeCertSettings = _exposeCertSettings;
|
|
|
919
919
|
// downstream vsts-node-api will retrieve the secret later
|
|
920
920
|
function _exposeTaskLibSecret(keyFile, secret) {
|
|
921
921
|
if (secret) {
|
|
922
|
-
var encryptKey = crypto.randomBytes(
|
|
923
|
-
var
|
|
922
|
+
var encryptKey = crypto.randomBytes(32);
|
|
923
|
+
var iv = crypto.randomBytes(16);
|
|
924
|
+
var cipher = crypto.createCipheriv("aes-256-ctr", encryptKey, iv);
|
|
924
925
|
var encryptedContent = cipher.update(secret, "utf8", "hex"); // CodeQL [SM01511] agent need to retrieve password later to connect to proxy server
|
|
925
926
|
encryptedContent += cipher.final("hex");
|
|
926
927
|
var storageFile = path.join(_getVariable('Agent.TempDirectory') || _getVariable("agent.workFolder") || process.cwd(), keyFile);
|
|
927
|
-
|
|
928
|
-
|
|
928
|
+
var keyAndIv = encryptKey.toString('base64') + ':' + iv.toString('base64');
|
|
929
|
+
fs.writeFileSync(storageFile, keyAndIv, { encoding: 'utf8' });
|
|
930
|
+
return Buffer.from(storageFile).toString('base64') + ':' + Buffer.from(encryptedContent).toString('base64');
|
|
929
931
|
}
|
|
930
932
|
}
|
|
931
933
|
function isSigPipeError(e) {
|