microsoft · KonstantinTyukalov · Mar 23, 2023 · Jan 27, 2023 · Jan 27, 2023 · Mar 3, 2023
@@ -11,6 +11,8 @@ namespace Agent.Sdk.Util
     /// </summary>
     public interface ILoggedSecretMasker : ISecretMasker
     {
+        int MinSecretLengthLimit { get; }
+
         void AddRegex(String pattern, string origin);
         void AddValue(String value, string origin);
         void AddValueEncoder(ValueEncoder encoder, string origin);

@@ -14,9 +14,6 @@ public class LoggedSecretMasker : ILoggedSecretMasker
         private ISecretMasker _secretMasker;
         private ITraceWriter _trace;
 
-        // We don't allow to skip secrets longer than 4 characters.
-        private readonly short _maxMinSecretLength = 4;
-
         private void Trace(string msg)
         {
             this._trace?.Info(msg);
@@ -76,6 +73,9 @@ public void AddRegex(string pattern, string origin)
             AddRegex(pattern);
         }
 
+        // We don't allow to skip secrets longer than 4 characters.
+        public int MinSecretLengthLimit => 4;
+
         public int MinSecretLength
         {
             get
@@ -84,14 +84,14 @@ public int MinSecretLength
             }
             set
             {
-                if (value > _maxMinSecretLength)
+                if (value > MinSecretLengthLimit)
                 {
-                    _secretMasker.MinSecretLength = _maxMinSecretLength;
-
-                    throw new ArgumentException($"Not allowed minimum secret length. Set max value: {_maxMinSecretLength}");
+                    _secretMasker.MinSecretLength = MinSecretLengthLimit;
+                }
+                else
+                {
+                    _secretMasker.MinSecretLength = value;
                 }
-
-                _secretMasker.MinSecretLength = value;
             }
         }
 

@@ -518,26 +518,23 @@ public void InitializeJob(Pipelines.AgentJobRequestMessage message, Cancellation
             // Prepend Path
             PrependPath = new List<string>();
 
-            // Docker (JobContainer)
-            string imageName = Variables.Get("_PREVIEW_VSTS_DOCKER_IMAGE");
-            if (string.IsNullOrEmpty(imageName))
-            {
-                imageName = Environment.GetEnvironmentVariable("_PREVIEW_VSTS_DOCKER_IMAGE");
-            }
-
             var minSecretLen = AgentKnobs.MaskedSecretMinLength.GetValue(this).AsInt();
+            HostContext.SecretMasker.MinSecretLength = minSecretLen;
 
-            try
+            if (HostContext.SecretMasker.MinSecretLength < minSecretLen)
             {
-                this.HostContext.SecretMasker.MinSecretLength = minSecretLen;
+                warnings.Add(StringUtil.Loc("MinSecretsLengtLimitWarning", HostContext.SecretMasker.MinSecretLength));
             }
-            catch (ArgumentException ex)
+
+            HostContext.SecretMasker.RemoveShortSecretsFromDictionary();
+
+            // Docker (JobContainer)
+            string imageName = Variables.Get("_PREVIEW_VSTS_DOCKER_IMAGE");
+            if (string.IsNullOrEmpty(imageName))
             {
-                warnings.Add(ex.Message);
+                imageName = Environment.GetEnvironmentVariable("_PREVIEW_VSTS_DOCKER_IMAGE");
             }
 
-            this.HostContext.SecretMasker.RemoveShortSecretsFromDictionary();
-
             Containers = new List<ContainerInfo>();
             _defaultStepTarget = null;
             _currentStepTarget = null;

@@ -401,6 +401,7 @@
   "MinRequiredDockerServerVersion": "Min required docker engine API server version is '{0}', your docker ('{1}') server version is '{2}'",
   "MinRequiredGitLfsVersion": "Min required git-lfs version is '{0}', your git-lfs ('{1}') version is '{2}'",
   "MinRequiredGitVersion": "Min required git version is '{0}', your git ('{1}') version is '{2}'",
+  "MinSecretsLengtLimitWarning": "The value of the minimum length of the secrets is too high. Maximum value is set: {0}",
   "MissingAgent": "The agent no longer exists on the server. Please reconfigure the agent.",
   "MissingAttachmentFile": "Cannot upload task attachment file, attachment file location is not specified or attachment file not exist on disk",
   "MissingAttachmentName": "Can't add task attachment, attachment name is not provided.",

@@ -77,27 +77,17 @@ public void LoggedSecretMasker_Skipping_ShortSecrets()
             Assert.Equal("123", resultMessage);
         }
 
-        [Fact]
-        [Trait("Level", "L0")]
-        [Trait("Category", "SecretMasker")]
-        public void LoggedSecretMasker_Throws_Exception_If_Large_MinSecretLength_Specified()
-        {
-            var lsm = new LoggedSecretMasker(new SecretMasker());
-
-            Assert.Throws<ArgumentException>(() => lsm.MinSecretLength = 5);
-        }
-
         [Fact]
         [Trait("Level", "L0")]
         [Trait("Category", "SecretMasker")]
         public void LoggedSecretMasker_Sets_MinSecretLength_To_MaxValue()
         {
             var lsm = new LoggedSecretMasker(new SecretMasker());
+            var expectedMinSecretsLengthValue = 4;
 
-            try { lsm.MinSecretLength = 5; }
-            catch (ArgumentException) { }
+            lsm.MinSecretLength = 5;
 
-            Assert.Equal(4, lsm.MinSecretLength);
+            Assert.Equal(expectedMinSecretsLengthValue, lsm.MinSecretLength);
         }
 
         [Fact]