Skip to content

Commit

Permalink
[Cherry-pick][4.20] Security and bug fixes (#6672)
Browse files Browse the repository at this point in the history
* Upgrade Antlr4.Runtime to v.4.11.1 (#6670)

* Add WithAuthority to MSAL application level (#6671)

* Use LRUCache in ExpressionParser for efficient memory usage (#6667)

* Microsoft.Rest.ClientRuntime bump (#6662)

Co-authored-by: Tracy Boehrer <trboehre@microsoft.com>

* Updated NuGet.Packaging (#6652)

Co-authored-by: PVAShiproom <pvashiproom@microsoft.com>

---------

Co-authored-by: Cecilia Avila <44245136+ceciliaavila@users.noreply.github.com>
Co-authored-by: Joel Mut <62260472+sw-joelmut@users.noreply.github.com>
Co-authored-by: Ram Fattah <38049078+ramfattah@users.noreply.github.com>
Co-authored-by: Tracy Boehrer <trboehre@microsoft.com>
Co-authored-by: PVAShiproom <pvashiproom@microsoft.com>
  • Loading branch information
6 people authored Jul 13, 2023
1 parent 868531d commit 62b1112
Show file tree
Hide file tree
Showing 19 changed files with 1,253 additions and 1,671 deletions.
8 changes: 3 additions & 5 deletions libraries/AdaptiveExpressions/parser/ExpressionParser.cs
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
// Licensed under the MIT License.

using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Data;
using System.Globalization;
Expand All @@ -11,7 +10,6 @@
using Antlr4.Runtime;
using Antlr4.Runtime.Misc;
using Antlr4.Runtime.Tree;
using Newtonsoft.Json.Linq;

namespace AdaptiveExpressions
{
Expand All @@ -20,7 +18,7 @@ namespace AdaptiveExpressions
/// </summary>
public class ExpressionParser : IExpressionParser
{
private static ConcurrentDictionary<string, IParseTree> expressionDict = new ConcurrentDictionary<string, IParseTree>();
private static LRUCache<string, IParseTree> expressionDict = new LRUCache<string, IParseTree>();

/// <summary>
/// Initializes a new instance of the <see cref="ExpressionParser"/> class.
Expand Down Expand Up @@ -64,7 +62,7 @@ public Expression Parse(string expression)
/// <returns>A ParseTree.</returns>
protected static IParseTree AntlrParse(string expression)
{
if (expressionDict.TryGetValue(expression, out var expressionParseTree))
if (expressionDict.TryGet(expression, out var expressionParseTree))
{
return expressionParseTree;
}
Expand All @@ -78,7 +76,7 @@ protected static IParseTree AntlrParse(string expression)
parser.AddErrorListener(ParserErrorListener.Instance);
parser.BuildParseTree = true;
var expressionContext = parser.file()?.expression();
expressionDict.TryAdd(expression, expressionContext);
expressionDict.Set(expression, expressionContext);
return expressionContext;
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
<PackageReference Include="System.Text.Json" Version="4.7.2" />
<PackageReference Include="System.Text.Encodings.Web" Version="5.0.1" />
<PackageReference Include="Azure.Storage.Blobs" Version="12.13.0" />
<PackageReference Include="Microsoft.Rest.ClientRuntime" Version="2.3.21" />
<PackageReference Include="Microsoft.Rest.ClientRuntime" Version="2.3.24" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
<PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
<PackageReference Include="Microsoft.Bot.Builder" Condition=" '$(ReleasePackageVersion)' == '' " Version="$(LocalPackageVersion)" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@


<ItemGroup>
<PackageReference Include="Microsoft.Rest.ClientRuntime" Version="2.3.21" />
<PackageReference Include="Microsoft.Rest.ClientRuntime" Version="2.3.24" />
<PackageReference Include="Azure.Storage.Queues" Version="12.11.0" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
<PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="Microsoft.Rest.ClientRuntime" Version="2.3.21" />
<PackageReference Include="Microsoft.Rest.ClientRuntime" Version="2.3.24" />
<PackageReference Include="Microsoft.Azure.Cosmos" Version="3.32.2" />
<PackageReference Include="Microsoft.Azure.Storage.Blob" Version="9.4.2" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
<ItemGroup>
<PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="3.1.22" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
<PackageReference Include="NuGet.Packaging" Version="5.5.1" />
<PackageReference Include="NuGet.Packaging" Version="5.11.5" />
<PackageReference Include="Microsoft.Bot.Builder.Dialogs" Condition=" '$(ReleasePackageVersion)' == '' " Version="$(LocalPackageVersion)" />
<PackageReference Include="Microsoft.Bot.Builder.Dialogs" Condition=" '$(ReleasePackageVersion)' != '' " Version="$(ReleasePackageVersion)" />
<PackageReference Include="AdaptiveExpressions" Condition=" '$(ReleasePackageVersion)' == '' " Version="$(LocalPackageVersion)" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,7 @@ protected override Lazy<IAuthenticator> BuildIAuthenticator()
private Identity.Client.IConfidentialClientApplication CreateClientApplication(X509Certificate2 clientCertificate, string appId, HttpClient customHttpClient = null)
{
var clientBuilder = Identity.Client.ConfidentialClientApplicationBuilder.Create(appId)
.WithAuthority(new Uri(OAuthEndpoint), ValidateAuthority)
.WithCertificate(clientCertificate);

if (customHttpClient != null)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,7 @@ protected override Lazy<IAuthenticator> BuildIAuthenticator()
private Identity.Client.IConfidentialClientApplication CreateClientApplication(string appId, string password, HttpClient customHttpClient = null)
{
var clientBuilder = Identity.Client.ConfidentialClientApplicationBuilder.Create(appId)
.WithAuthority(new Uri(OAuthEndpoint), ValidateAuthority)
.WithClientSecret(password);

if (customHttpClient != null)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -68,13 +68,17 @@ public MsalAppCredentials(IConfidentialClientApplication clientApplication, stri
[System.Diagnostics.CodeAnalysis.SuppressMessage("Usage", "CA2234:Pass system uri objects instead of strings", Justification = "Using string overload for legacy compatibility.")]
public MsalAppCredentials(string appId, string appPassword, string authority = null, string scope = null, bool validateAuthority = true, ILogger logger = null)
: this(
clientApplication: ConfidentialClientApplicationBuilder.Create(appId).WithClientSecret(appPassword).Build(),
clientApplication: null,
appId: appId,
authority: authority,
scope: scope,
validateAuthority: validateAuthority,
logger: logger)
{
_clientApplication = ConfidentialClientApplicationBuilder.Create(appId)
.WithAuthority(authority ?? OAuthEndpoint, validateAuthority)
.WithClientSecret(appPassword)
.Build();
}

/// <summary>
Expand All @@ -89,13 +93,17 @@ public MsalAppCredentials(string appId, string appPassword, string authority = n
[System.Diagnostics.CodeAnalysis.SuppressMessage("Usage", "CA2234:Pass system uri objects instead of strings", Justification = "Using string overload for legacy compatibility.")]
public MsalAppCredentials(string appId, X509Certificate2 certificate, string authority = null, string scope = null, bool validateAuthority = true, ILogger logger = null)
: this(
clientApplication: ConfidentialClientApplicationBuilder.Create(appId).WithCertificate(certificate).Build(),
clientApplication: null,
appId: appId,
authority: authority,
scope: scope,
validateAuthority: validateAuthority,
logger: logger)
{
_clientApplication = ConfidentialClientApplicationBuilder.Create(appId)
.WithAuthority(authority ?? OAuthEndpoint, validateAuthority)
.WithCertificate(certificate)
.Build();
}

async Task<AuthenticatorResult> IAuthenticator.GetTokenAsync(bool forceRefresh)
Expand Down Expand Up @@ -168,7 +176,7 @@ private async Task<AuthenticatorResult> AcquireTokenAsync(bool forceRefresh = fa

// This means we acquired a valid token successfully. We can make our retry policy null.
return new AuthenticatorResult()
{
{
AccessToken = msalResult.AccessToken,
ExpiresOn = msalResult.ExpiresOn
};
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
<PackageReference Include="Microsoft.Extensions.Http" Version="2.1.0" />
<PackageReference Include="Microsoft.Identity.Client" Version="4.50.0" />
<PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="5.6.0" />
<PackageReference Include="Microsoft.Rest.ClientRuntime" Version="2.3.21" />
<PackageReference Include="Microsoft.Rest.ClientRuntime" Version="2.3.24" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
<PackageReference Include="Microsoft.Bot.Schema" Condition=" '$(ReleasePackageVersion)' == '' " Version="$(LocalPackageVersion)" />
<PackageReference Include="Microsoft.Bot.Schema" Condition=" '$(ReleasePackageVersion)' != '' " Version="$(ReleasePackageVersion)" />
Expand Down
Loading

0 comments on commit 62b1112

Please sign in to comment.