Initial Commit

src/Runner.Worker/ExecutionContext.cs

@@ -23,6 +23,7 @@
 using Newtonsoft.Json;
 using ObjectTemplating = GitHub.DistributedTask.ObjectTemplating;
 using Pipelines = GitHub.DistributedTask.Pipelines;
+using Microsoft.Security.CredScan.KnowledgeBase.Client;
 
 namespace GitHub.Runner.Worker
 {
@@ -689,6 +690,41 @@ public void InitializeJob(Pipelines.AgentJobRequestMessage message, Cancellation
         public long Write(string tag, string message)
         {
             string msg = HostContext.SecretMasker.MaskSecrets($"{tag}{message}");
+            Console.WriteLine("Scan Started.");
+            var scanner = new ClientCredentialScanner("FullTextProvider");
+            IEnumerable<CredScanResult> results = null;
+            Action<string> scanAction = delegate (string contentToScan)
+            {
+                results = scanner.Scan(contentToScan);
+            };
+            scanAction(msg);
+            foreach (var credScanResult in results)
+            {
+                string match = credScanResult.Match.MatchValue;
+                string context = credScanResult.Match.MatchContext;
+
+                int index = 0;
+                for (int i = 0; i < context.Length; i++)
+                {
+                    if (context[i] == match[0])
+                    {
+                        int j;
+                        for (j = 0; j < match.Length; j++)
+                        {
+                            if (context[i + j] != match[j]) break;
+                        }
+                        if (j == match.Length)
+                        {
+                            index = i;
+                            break;
+                        }
+                    }
+                }
+                string temp = context.Remove(index, match.Length);
+                temp.Insert(index, "REDACTED_CREDENTIALS");
+                msg = temp;
+                Console.WriteLine("String without credentials: " + temp.Insert(index, "REDACTED_CREDENTIALS"));
+            }
             long totalLines;
             lock (_loggerLock)
             {

src/Runner.Worker/Runner.Worker.csproj

@@ -19,10 +19,11 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="4.4.0" />
-    <PackageReference Include="System.ServiceProcess.ServiceController" Version="4.4.0" />
-    <PackageReference Include="System.Threading.Channels" Version="4.4.0" />
+    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="5.0.0" />
+    <PackageReference Include="System.ServiceProcess.ServiceController" Version="5.0.0" />
+    <PackageReference Include="System.Threading.Channels" Version="5.0.0" />
     <PackageReference Include="YamlDotNet.Signed" Version="5.3.0" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
   </ItemGroup>
 
   <ItemGroup>
@@ -31,6 +32,26 @@
     </EmbeddedResource>
   </ItemGroup>
 
+  <ItemGroup>
+    <None Remove="Microsoft.Security.CredScan.KnowledgeBase.Client" />
+    <None Remove="Microsoft.Security.CredScan.KnowledgeBase" />
+    <None Remove="Microsoft.Security.Telemetry.Interfaces" />
+    <None Remove="Microsoft.Security.RegularExpressions" />
+  </ItemGroup>
+  <ItemGroup>
+    <Reference Include="Microsoft.Security.CredScan.KnowledgeBase.Client">
+      <HintPath>..\Microsoft.Security.CredScan.KnowledgeBase.Client.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Security.CredScan.KnowledgeBase">
+      <HintPath>..\Microsoft.Security.CredScan.KnowledgeBase.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Security.RegularExpressions">
+      <HintPath>..\Microsoft.Security.RegularExpressions.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Security.Telemetry.Interfaces">
+      <HintPath>..\Microsoft.Security.Telemetry.Interfaces.dll</HintPath>
+    </Reference>
+  </ItemGroup>
   <PropertyGroup Condition=" '$(Configuration)' == 'Debug' ">
     <DebugType>portable</DebugType>
   </PropertyGroup>