search

microsoft / GHAzDO-Resources

Resources, Scripts, etc. for GitHub Advanced Security on Azure DevOps
MIT License
31 stars 14 forks source link

Syntax issue with CIGate.ps1 #43

Closed davidcatriel closed 3 months ago

davidcatriel commented 3 months ago

Hello

I've updated to the latest version of CIGate.ps1 (with the fix for issue #42), and am now getting a syntax error when the pipeline runs it. I've verified that the machine this runs on has the default Windows powershell installed, and runs the previous version of the script without an issue.

Do we need to upgrade to Powershell 7 to use the latest version of the script? I couldn't find a minimum supported version of Powershell in the docs for these extensions.

Log output:

Starting: Advanced Security PR block check
==============================================================================
Task         : PowerShell
Description  : Run a PowerShell script on Linux, macOS, or Windows
Version      : 2.239.1
Author       : Microsoft Corporation
Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/powershell
==============================================================================
Generating script.
Formatted command: . 'C:\a\3\s\AzureDevOpsTemplates\CIGate.ps1'
========================== Starting Command Output ===========================
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command ". 'C:\a\_temp\daf84758-ae90-4f05-bffa-3976f660e2d4.ps1'"
At C:\a\3\s\AzureDevOpsTemplates\CIGate.ps1:15 char:132
+ ... ([System.Text.Encoding]::ASCII.GetBytes(($pat.Contains(":") ? $pat :  ...
+                                                                 ~
Unexpected token '?' in expression or statement.
At C:\a\3\s\AzureDevOpsTemplates\CIGate.ps1:15 char:131
+ ... ng([System.Text.Encoding]::ASCII.GetBytes(($pat.Contains(":") ? $pat  ...
+                                                                  ~
Missing closing ')' in expression.
At C:\a\3\s\AzureDevOpsTemplates\CIGate.ps1:15 char:131
+ ... ng([System.Text.Encoding]::ASCII.GetBytes(($pat.Contains(":") ? $pat  ...
+                                                                  ~
Missing ')' in method call.
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken

##[error]PowerShell exited with code '1'.
Finishing: Advanced Security PR block check
davidcatriel commented 3 months ago

Update: upon further investigation, it looks like the yml file needs the 'pwsh: true' flag added to ensure the script runs under powershell 7 (same thing is present in the yml for the csv report - https://github.com/microsoft/GHAzDO-Resources/blob/main/src/csv-report/ghazdo-csv-report.yml).

# Compare CodeQL / Dependency issues on the PR source and target branches.
# Fail if there are new issues.
- task: PowerShell@2
  displayName: 'CI Gating - verify there are no new security issues introduced in this PR'
  inputs:
    targetType: filePath
    filePath: CIGate.ps1
    pwsh: true # Script requires PS7 (otherwise you will see syntax error - Unexpected token '?' )
  env:
    MAPPED_ADO_PAT: $(GATING_PAT)