I created a default .Net Core 1.0.1 Class library and changed buildOptions in project.json to include debugType: "Full". I used the integrated VS 2015 Fortify Scan using 16.11 and I get the errors below. How should I scan dotnet core to avoid this problem?
Project 'src\providesFileInPackage\providesFileInPackage.xproj' is not configured to output full debug information. SCA Analysis requires full debug symbols. Would you like to ignore project and continue?
(Project Properties -> Build -> "Advanced" button -> Debug Info -> "Full"
OR
Project Properties -> Compile -> Advanced Options -> Debug Info -> "Full" for VB)
My project json looks like
{
"version": "1.0.0-*",
"dependencies": {
"NETStandard.Library": "1.6.0"
},
"frameworks": {
"netstandard1.6": {
"imports": "dnxcore50"
}
},
"buildOptions": {
"define": [ "DEBUG" ],
"debugType": "full"
}
}
I had the same problem. It's blaming the xproj file and not project.json so I tried to add
<DebugType>full</DebugType>
inside the PropertyGroup but to no avail.
In the end I found a workaround by running Fortify from the command line:
msbuild MyApplicationSca.proj /p:Configuration=Release /t:Rebuild /m
My MyApplicationSca.proj looks like this:
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<MySolution>MyApplication.sln</MySolution>
<Configuration Condition=" $(Configuration) == '' ">Debug</Configuration>
<CommonMSBuildProperties>BuildingSolutionFileName=true</CommonMSBuildProperties>
<RunHPFortify Condition=" '$(RunHPFortify)' == '' ">false</RunHPFortify>
<HPFortifyPath Condition=" '$(HPFortifyPath)' == '' ">$(ProgramW6432)\HP_Fortify\HP_Fortify_SCA_and_Apps_4.40\</HPFortifyPath>
<FortifyMSBuildTasks>$(HPFortifyPath)Core\lib\FortifyMSBuildTasks.dll</FortifyMSBuildTasks>
</PropertyGroup>
<ItemGroup>
<Projects Include="$(MySolution)">
<AdditionalProperties>Platform=Any CPU</AdditionalProperties>
</Projects>
</ItemGroup>
<Target Name="Clean">
<MSBuild Projects="#(Projects)" Targets="Clean" Properties="$(CommonMSBuildProperties)" />
</Target>
<Target Name="Build">
<MSBuild Projects="#(Projects)" Targets="Build" Properties="$(CommonMSBuildProperties)"
StopOnFirstFailure="true" />
</Target>
<Target Name="Rebuild">
<MSBuild Projects="#(Projects)" Targets="Rebuild" Properties="$(CommonMSBuildProperties)"
StopOnFirstFailure="true" />
</Target>
<UsingTask TaskName="Fortify.CleanTask" AssemblyFile="$(FortifyMSBuildTasks)" />
<UsingTask TaskName="Fortify.TranslateTask" AssemblyFile="$(FortifyMSBuildTasks)" />
<UsingTask TaskName="Fortify.ScanTask" AssemblyFile="$(FortifyMSBuildTasks)" />
<Target Name="FortifyBuild" AfterTargets="Build;Rebuild" Condition="$(RunHPFortify)">
<PropertyGroup>
<BuildID>MyApplication</BuildID>
<HPFortifyLogsDir>..\HPFortifyLogs\</HPFortifyLogsDir>
<PackagesDir>$(MSBuildProjectDirectory)\packages\</PackagesDir>
<OutDir>$(MSBuildProjectDirectory)\MyApplication\bin\$(Configuration)\net452\win7-x64\</OutDir>
<SCATargetBinary>$(OutDir)MyApplication.exe</SCATargetBinary>
<FPRFilePath>$(HPFortifyLogsDir)MyApplication.fpr</FPRFilePath>
<SSCUploadToken Condition=" '$(SSCUploadToken)' == '' ">1cfe9977-905c-4da4-bb57-97e3dcc33099</SSCUploadToken>
</PropertyGroup>
<ItemGroup>
<TranslateTaskReferences Include="$(OutDir)" />
</ItemGroup>
<CleanTask BuildID="$(BuildID)" />
<TranslateTask
BuildID="$(BuildID)"
VSVersion="14.0"
JVMSettings="-Xmx1000M"
BinariesFolder="$(SCATargetBinary)"
References="#(TranslateTaskReferences)"
LogFile="$(HPFortifyLogsDir)sca_translate_task.log">
</TranslateTask>
<ScanTask
BuildID="$(BuildID)"
JVMSettings="-Xmx1000M"
LogFile="$(HPFortifyLogsDir)scan_task.log"
Output="$(FPRFilePath)" />
</Target>
</Project>
I am not investigating more than that right now but I hope this brings us a bit closer to the answer.
Related
I created a solution containing a website (not WebApp) with VS Express 2013. I use a web.Release.config file for the publish process. That worked well with VS 2013.
Now that I changed to VS 2019 Community, web.Debug.config was used for the web.config transformation though the publish was done for "Release". I suppose that is because in the configuration manager only "Debug" is possible for any configuration.
In another thread I found that I had to change website.publishproj from Debug to Release:
<Configuration Condition=" '$(Configuration)' == '' ">Release</Configuration>
Now, web.Release.config is used for the transformation:
"web.config" wurde mithilfe von "C:\Users\<project path>\Web.Release.config" in "C:\Users\<some temporary path>\obj\Release\TransformWebConfig\transformed\web.config" transformiert.
This file actually has the changes applied that are needed for Release.
However, in the destination directory web.config does not contain these changes. It seems to be the original web.config without transformation.
What must I do to make Publish copy the transformed web.config?
This is my .pubxml file:
<?xml version="1.0" encoding="utf-8"?>
<!--
Auto generated comment...
-->
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<WebPublishMethod>FileSystem</WebPublishMethod>
<PublishProvider>FileSystem</PublishProvider>
<LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>
<LastUsedPlatform>Any CPU</LastUsedPlatform>
<SiteUrlToLaunchAfterPublish />
<LaunchSiteAfterPublish>True</LaunchSiteAfterPublish>
<ExcludeApp_Data>False</ExcludeApp_Data>
<publishUrl>C:\Inetpub\vhosts\<website name>.com\httpdocs</publishUrl>
<DeleteExistingFiles>True</DeleteExistingFiles>
</PropertyGroup>
and here is website.publishproj:
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Release</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProductVersion>10.0.30319</ProductVersion>
<SchemaVersion>2.0</SchemaVersion>
<ProjectGuid>{45ff7195-6038-4b17-91ce-611a467ac837}</ProjectGuid>
<SourceWebPhysicalPath>$(MSBuildThisFileDirectory)</SourceWebPhysicalPath>
<SourceWebVirtualPath>/(Source Path Name)</SourceWebVirtualPath>
<TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
<SourceWebProject>http://localhost:56406</SourceWebProject>
<SourceWebMetabasePath>/IISExpress/7.5/LM/W3SVC/2/ROOT</SourceWebMetabasePath>
</PropertyGroup>
<PropertyGroup>
<VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">10.0</VisualStudioVersion>
<!-- for VS2010 we need to use 10.5 but for VS2012+ we should use VisualStudioVersion -->
<WebPublishTargetsVersion Condition=" '$(WebPublishTargetsVersion)' =='' and '$(VisualStudioVersion)' == 10.0 ">10.5</WebPublishTargetsVersion>
<WebPublishTargetsVersion Condition=" '$(WebPublishTargetsVersion)'=='' ">$(VisualStudioVersion)</WebPublishTargetsVersion>
<VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(WebPublishTargetsVersion)</VSToolsPath>
<_WebPublishTargetsPath Condition=" '$(_WebPublishTargetsPath)'=='' ">$(VSToolsPath)</_WebPublishTargetsPath>
<AssemblyFileVersion Condition="'$(AssemblyFileVersion)' == ''">1.0.0.0</AssemblyFileVersion>
<AssemblyVersion Condition="'$(AssemblyVersion)' == ''">1.0.0.0</AssemblyVersion>
</PropertyGroup>
<ItemGroup>
<AssemblyAttributes Include="AssemblyFileVersion">
<Value>$(AssemblyFileVersion)</Value>
</AssemblyAttributes>
<AssemblyAttributes Include="AssemblyVersion">
<Value>$(AssemblyVersion)</Value>
</AssemblyAttributes>
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\Accessories\Lib\Runtime\BaseLib\BaseLib.csproj">
<Project>{8A827F3E-CA83-4765-988D-937B0B608201}</Project>
<Name>BaseLib</Name>
</ProjectReference>
<ProjectReference Include="..\Accessories\Lib\Runtime\Config\Config.csproj">
<Project>{1B78D777-B4F8-4CEA-9A4F-554807D1E5BF}</Project>
<Name>Config</Name>
</ProjectReference>
<ProjectReference Include="..\Accessories\Lib\Runtime\GardenLib\GardenLib.csproj">
<Project>{30B09928-B911-4803-982F-519C4CDB8860}</Project>
<Name>GardenLib</Name>
</ProjectReference>
</ItemGroup>
<Import Project="$(_WebPublishTargetsPath)\Web\Microsoft.WebSite.Publishing.targets" />
</Project>
After I got some more problems publishing my website, I switched back to VS2013 Express where my publish process works well as it did before.
Maybe it's a bug in Visual Studio?
So I have the following Fake script ...
// include Fake lib
#r #"packages\FAKE.4.29.2\tools\FakeLib.dll"
open Fake
RestorePackages()
// define directories
let binDir = "./ProjFileFolder/bin/"
let objDir = "./ProjFileFolder/obj/Debug/"
let buildConf = getBuildParamOrDefault "conf" "Debug"
let buildNumber = getBuildParamOrDefault "bn" "0"
let buildVersion = "1.0.0." + buildNumber
let publishProfile = getBuildParamOrDefault "pubprofile" ""
let publishPassword = getBuildParamOrDefault "pubpwd" ""
let setParamsWeb = [
"DebugSymbols", "True"
"Configuration", buildConf
"Platform", "Any CPU"
"PublishProfile", publishProfile
"DeployOnBuild", "true"
"Password", publishPassword
"AllowUntrustedCertificate", "true"
]
// Targets
Target "Clean" (fun _ ->
CleanDirs [binDir; objDir]
)
Target "Compile" (fun _ ->
!! #"**\*.csproj"
|> MSBuild binDir "Build" setParamsWeb
|> Log "AppBuild-Output: "
)
// Dependencies
"Clean"
==> "Compile"
// start build
RunTargetOrDefault "Compile"
I had some targets that I had created in the csproj file to include a generated /docs doxygen documentation folder. This worked when initially using my old msdeploy script, which was an msdeploy folder sync command. Here they are ...
<Target Name="CustomCollectFiles">
<ItemGroup>
<_CustomFiles Include=".\docs\**\*" />
<FilesForPackagingFromProject Include="%(_CustomFiles.Identity)">
<DestinationRelativePath>docs\%(RecursiveDir)%(Filename)%(Extension)</DestinationRelativePath>
</FilesForPackagingFromProject>
</ItemGroup>
</Target>
<Choose>
<When Condition="'$(Configuration)' == 'Debug'">
<PropertyGroup>
<CopyAllFilesToSingleFolderForPackageDependsOn>
CustomCollectFiles;
$(CopyAllFilesToSingleFolderForPackageDependsOn);
</CopyAllFilesToSingleFolderForPackageDependsOn>
</PropertyGroup>
</When>
<When Condition="'$(Configuration)' == 'QA'">
<PropertyGroup>
<CopyAllFilesToSingleFolderForPackageDependsOn>
CustomCollectFiles;
$(CopyAllFilesToSingleFolderForPackageDependsOn);
</CopyAllFilesToSingleFolderForPackageDependsOn>
</PropertyGroup>
</When>
</Choose>
How do I ensure that the Fake script does the same thing or that it executes those targets in the csproj file? It runs by passing the name of the azure publish profile in that you want to use to deploy which is in the project.
So in this case because I'm deploying to azure I was able to move the targets and property group to the publish profile instead of having them in the project file directly. So I ended up with the following in our publish profile.
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<WebPublishMethod>MSDeploy</WebPublishMethod>
<ADUsesOwinOrOpenIdConnect>False</ADUsesOwinOrOpenIdConnect>
<PublishProvider>AzureWebSite</PublishProvider>
<LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>
<LastUsedPlatform>Any CPU</LastUsedPlatform>
<SiteUrlToLaunchAfterPublish>stuff</SiteUrlToLaunchAfterPublish>
<LaunchSiteAfterPublish>True</LaunchSiteAfterPublish>
<ExcludeApp_Data>False</ExcludeApp_Data>
<MSDeployServiceURL>stuff</MSDeployServiceURL>
<DeployIisAppPath>more stuff</DeployIisAppPath>
<RemoteSitePhysicalPath />
<SkipExtraFilesOnServer>True</SkipExtraFilesOnServer>
<MSDeployPublishMethod>WMSVC</MSDeployPublishMethod>
<EnableMSDeployBackup>True</EnableMSDeployBackup>
<UserName>more stuff</UserName>
<_SavePWD>True</_SavePWD>
<_DestinationType>AzureWebSite</_DestinationType>
</PropertyGroup>
<Target Name="CustomCollectFiles" BeforeTargets="Compile">
<ItemGroup>
<_CustomFiles Include=".\docs\**\*" />
<FilesForPackagingFromProject Include="%(_CustomFiles.Identity)">
<DestinationRelativePath>docs\%(RecursiveDir)%(Filename)%(Extension)</DestinationRelativePath>
</FilesForPackagingFromProject>
</ItemGroup>
</Target>
<PropertyGroup>
<CopyAllFilesToSingleFolderForPackageDependsOn>
CustomCollectFiles;
$(CopyAllFilesToSingleFolderForPackageDependsOn);
</CopyAllFilesToSingleFolderForPackageDependsOn>
</PropertyGroup>
<PropertyGroup>
<CopyAllFilesToSingleFolderForMsdeployDependsOn>
CustomCollectFiles;
$(CopyAllFilesToSingleFolderForPackageDependsOn);
</CopyAllFilesToSingleFolderForMsdeployDependsOn>
</PropertyGroup>
</Project>
We import the publish profiles into the project so that the fake script just accepts the name of the publish profile and the publish password and then the doxygen documentation which I am trying to include and which is created upon pre/post build event is included automatically. I have added this to our dev / qa publish profiles but not to our production publish profile because we don't want this deployed to prod. But it is nice to have automatically deployed and available in our dev / qa environments for anyone to access. I have included the "docs" folder in the project. Not sure if that will have any impact upon how it works.
I followed this tutorial ... https://www.asp.net/mvc/overview/deployment/visual-studio-web-deployment/deploying-extra-files . Which I suppose is an extension of this tutorial ... http://sedodream.com/2010/05/01/WebDeploymentToolMSDeployBuildPackageIncludingExtraFilesOrExcludingSpecificFiles.aspx
I have a VS solution hosted in a TFS 2012 Express with a Build system (service, controller, agent) in place. I also created a build definition with this build project file as target:
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0"
DefaultTargets="Build"
xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<OutDir Condition=" '$(OutDir)'=='' ">$(MSBuildThisFileDirectory)bin\</OutDir>
<Configuration Condition=" '$(Configuration)'=='' ">Release</Configuration>
<SourceHome Condition=" '$(SourceHome)'=='' ">$(MSBuildThisFileDirectory)</SourceHome>
<ToolsHome Condition=" '$(ToolsHome)'=='' ">$(MSBuildThisFileDirectory)tools\</ToolsHome>
</PropertyGroup>
<ItemGroup>
<Solution Include="$(SourceHome)*.sln">
<AdditionalProperties>OutDir=$(OutDir);Configuration=$(Configuration)</AdditionalProperties>
</Solution>
</ItemGroup>
<Target Name="RestorePackages">
<Exec Command=""$(MSBuildProgramFiles32)\NuGet\NuGet.exe" config -set http_proxy=http://********" />
<Exec Command=""$(MSBuildProgramFiles32)\NuGet\NuGet.exe" config -set http_proxy.user=******" />
<Exec Command=""$(MSBuildProgramFiles32)\NuGet\NuGet.exe" config -set http_proxy.password=********" />
<Exec Command=""$(MSBuildProgramFiles32)\NuGet\NuGet.exe" restore "$(SourceHome)*.sln"" />
</Target>
<Target Name="Clean">
<MSBuild Targets="Clean"
Projects="#(Solution)" />
</Target>
<Target Name="Build" DependsOnTargets="RestorePackages">
<MSBuild Targets="Build"
Projects="#(Solution)" />
</Target>
<Target Name="Rebuild" DependsOnTargets="RestorePackages">
<MSBuild Targets="Rebuild"
Projects="#(Solution)" />
</Target>
</Project>
But somehow the build keeps failing again and again. This is the error:
Exception Message: Access to the path '******************\packages\AjaxControlToolkit.15.1.4.0\Content\Web.config.transform' is denied. (type UnauthorizedAccessException).
I have no clue what's going on, any ideas?
You may check whether the files are read-only.
At the end the issue was the NETWORK SERVICE account used for the build service. That account does not seem to have enough privileges to use the proxy. Changed it to my account finally worked. I know it's not the ideal approach, but does the trick for now.
I've got the following set up (uninteresting XML removed for brevity):
MyProject.fsproj
<Project ...>
<Import Project="MyTask.props" />
...
<ItemGroup>
<Compile Include="Program.fs" />
</ItemGroup>
</Project>
MyTask.props
<Project ...>
<UsingTask XXX.UpdateAssemblyInfo />
<Target Name="UpdateAssemblyInfo"
BeforeTargets="CoreCompile">
<UpdateAssemblyInfo ...>
<Output
TaskParameter="AssemblyInfoTempFilePath"
PropertyName="AssemblyInfoTempFilePath" />
</UpdateAssemblyInfo>
<ItemGroup>
<Compile Include="$(AssemblyInfoTempFilePath)" />
</ItemGroup>
</Target>
</Project>
The problem is that the ItemGroup added by MyTask.props is added last, despite being imported right at the very start of the project. I assume that this is because the ItemGroup is not actually imported then - it's added by when the task is run.
This isn't a good thing in F#, as file order is important - including the file at the end of the build list means it's impossible to build an EXE, for example (as the entrypoint must be in the last file).
Hence my question - is there a way for me to output an ItemGroup as part of a Target and have that generated ItemGroup be first?
A bit late, but this may help someone in the future, I'm not using the import tag on this sample, but it will work the same way, the important part is the "UpdateAssemblyInfo" target, the main idea is to clear and regenerate the Compile ItemGroup using the appropriate sort order.
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Compile Include="Program.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup>
<Target Name="Build" DependsOnTargets="UpdateAssemblyInfo">
</Target>
<Target Name="UpdateAssemblyInfo">
<!-- Generate your property -->
<PropertyGroup>
<AssemblyInfoTempFilePath>ABC.xyz</AssemblyInfoTempFilePath>
</PropertyGroup>
<!-- Copy current Compile ItemGroup to TempCompile -->
<ItemGroup>
<TempCompile Include="#(Compile)"></TempCompile>
</ItemGroup>
<!-- Clear the Compile ItemGroup-->
<ItemGroup>
<Compile Remove="#(Compile)"/>
</ItemGroup>
<!-- Create the new Compile ItemGroup using the required order -->
<ItemGroup>
<Compile Include="$(AssemblyInfoTempFilePath)"/>
<Compile Include="#(TempCompile)"/>
</ItemGroup>
<!-- Display the Compile ItemGroup ordered -->
<Message Text="Compile %(Compile.Identity)"/>
</Target>
</Project>
I want to unbind my sln file from TFS server and publish it on SVN is there any "easy" option to do this. It's easy to open sln and chose unbind option in Visual Studio, but does any one ever tried to automate this process? There is a solution to edit sln file using xmlpoke and deleting binding information, but is it safe?
I have some samples published on the MSDN Code Gallery for the TFS 2010 SDK that illustrate how to do this with MSBuild and the MSBuild Community Tasks. Here's a snippet of MSBuild script from the WorkItemObjectModel sample's WorkItemType.csproj file:
<Import Project="$(MSBuildExtensionsPath32)\MSBuildCommunityTasks\MSBuild.Community.Tasks.Targets" />
<ItemGroup>
<SourceFiles
Include="$(SolutionDir)**/*.*"
Exclude="$(SolutionDir)Package/**/*.*;$(SolutionDir)**/bin/**/*.*;$(SolutionDir)**/obj/**/*.*;$(SolutionDir)**/internal.proj;$(SolutionDir)**/*.*scc;$(SolutionDir)$(SolutionName).zip">
<Visible>False</Visible>
</SourceFiles>
</ItemGroup>
<Target Name="AfterBuild" Condition="'$(Configuration)'=='Release'"
Inputs="#(SourceFiles)" Outputs="$(SolutionDir)$(SolutionName).zip">
<Delete
Files="$(SolutionDir)$(SolutionName).zip"
Condition="Exists('$(SolutionDir)$(SolutionName).zip')" />
<PropertyGroup>
<PackageDir>$(SolutionDir)Package\</PackageDir>
</PropertyGroup>
<MakeDir
Directories="$(PackageDir)" />
<Copy
SourceFiles="#(SourceFiles)"
DestinationFiles="$(PackageDir)%(RecursiveDir)%(Filename)%(Extension)" />
<Delete
Files="$(PackageDir)**/bin/**/*.*;$(PackageDir)**/obj/**/*.*" />
<RemoveDir
Directories="$(PackageDir)**/bin;$(PackageDir)**/obj" />
<Attrib
Files="#(PackageFiles)"
ReadOnly="false" />
<FileUpdate
Files="$(PackageDir)$(SolutionFileName)"
IgnoreCase="true"
Regex="^\s+GlobalSection\(TeamFoundationVersionControl\).+\n(\s*Scc.*\n)+\s+EndGlobalSection"
ReplacementText=" "
Multiline="true"
Singleline="false" />
<ItemGroup>
<ProjectFiles Include="$(PackageDir)**/*.*proj" />
</ItemGroup>
<FileUpdate
Files="#(ProjectFiles)"
Regex="<Scc[A-z]+>.+</Scc[A-z]+>"
ReplacementText=" " />
<ItemGroup>
<PackageFiles Include="$(PackageDir)**\*.*" />
</ItemGroup>
<Zip
Files="#(PackageFiles)"
WorkingDirectory="$(PackageDir)"
ZipFileName="$(SolutionDir)$(SolutionName).zip" />
<Delete
Files="#(PackageFiles)" />
<RemoveDir
Directories="$(PackageDir)" />
</Target>
In a nutshell, this script copies the source files to a temporary directory, removes the source control bindings from the solution and project files, then zips up the sources and finally deletes the temporary directory.