search

microsoft / azure-pipelines-task-lib

Libraries for writing VSTS and TFS build tasks
https://aka.ms/tfbuild
MIT License
414 stars 271 forks source link

addBuildTag fails when string contains a colon #1072

Open pbcahill opened 1 month ago

pbcahill commented 1 month ago

The addBuildTag function fails if the string being used contains a colon :.

Example: tl.addBuildTag("test:value");

Error returned in pipeline log: ##[error]A potentially dangerous Request.Path value was detected from the client (:).

Seems to be the same bug reported here - https://developercommunity.visualstudio.com/t/Error-when-setting-vsobuildaddbuildt/10163239 - so it is happening with regular script tasks and api calls too.

Debug logs:

##[debug]Add build tag: test:value to build: 1157156 at backend.
##[debug]Processed: ##vso[build.addbuildtag]test:value
##[debug]task result: Succeeded
##[debug]Processed: ##vso[task.complete result=Succeeded;done=true;]
Async Command Start: Add Build Tag
Async Command End: Add Build Tag
##[error]A potentially dangerous Request.Path value was detected from the client (:).
##[debug]Microsoft.VisualStudio.Services.Common.VssServiceException: A potentially dangerous Request.Path value was detected from the client (:).
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.HandleResponseAsync(HttpResponseMessage response, CancellationToken cancellationToken)
   at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync(HttpRequestMessage message, HttpCompletionOption completionOption, Object userState, CancellationToken cancellationToken)
   at Microsoft.TeamFoundation.Build.WebApi.BuildHttpClientCompatBase.SendAsync[T](HttpRequestMessage message, Object userState, CancellationToken cancellationToken, Func`3 processResponse)
   at Microsoft.TeamFoundation.Build.WebApi.BuildHttpClientCompatBase.SendAsync[T](HttpMethod method, IEnumerable`1 additionalHeaders, Guid locationId, Object routeValues, ApiResourceVersion version, HttpContent content, IEnumerable`1 queryParameters, Object userState, CancellationToken cancellationToken, Func`3 processResponse)
   at Microsoft.VisualStudio.Services.Agent.Worker.Build.BuildServer.AddBuildTag(Int32 buildId, Guid projectId, String buildTag, CancellationToken cancellationToken) in D:\a\_work\1\s\src\Agent.Worker\Build\BuildServer.cs:line 120
   at Microsoft.VisualStudio.Services.Agent.Worker.Build.BuildAddBuildTagCommand.AddBuildTagAsync(IAsyncCommandContext context, VssConnection connection, Guid projectId, Int32 buildId, String buildTag, CancellationToken cancellationToken) in D:\a\_work\1\s\src\Agent.Worker\Build\BuildCommandExtension.cs:line 188
   at Microsoft.VisualStudio.Services.Agent.Worker.AsyncCommandContext.WaitAsync() in D:\a\_work\1\s\src\Agent.Worker\AsyncCommandContext.cs:line 130
   at Microsoft.VisualStudio.Services.Agent.Worker.StepsRunner.RunStepAsync(IStep step, CancellationToken jobCancellationToken) in D:\a\_work\1\s\src\Agent.Worker\StepsRunner.cs:line 305
ivanduplenskikh commented 1 week ago

@pbcahill, thank you for escalating this problem. I've prepared a PR in the agent repository. This PR solves this issue by passing build tags as Body parameter.

pbcahill commented 6 days ago

Ok great thank you @ivanduplenskikh! I will give it a try once the new agent version is available to use.