Merge branch 'develop'

Author: Todd Lair

Src/StackifyLib/StackifyLib.csproj

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <AssemblyTitle>Stackify API</AssemblyTitle>
-    <VersionPrefix>2.2.9</VersionPrefix>
+    <VersionPrefix>2.2.10</VersionPrefix>
     <TargetFrameworks>netstandard2.0;net40;net45;net451;net452;net46;net461;net462</TargetFrameworks>
     <AssemblyName>StackifyLib</AssemblyName>
     <PackageId>StackifyLib</PackageId>
@@ -13,15 +13,15 @@
     <GenerateAssemblyCompanyAttribute>false</GenerateAssemblyCompanyAttribute>
     <GenerateAssemblyProductAttribute>false</GenerateAssemblyProductAttribute>
     <GenerateAssemblyCopyrightAttribute>false</GenerateAssemblyCopyrightAttribute>
-    <Version>2.2.9</Version>
+    <Version>2.2.10</Version>
     <Authors>StackifyLib</Authors>
     <PackageProjectUrl>https://github.com/stackify/stackify-api-dotnet</PackageProjectUrl>
     <PackageLicenseUrl>https://github.com/stackify/stackify-api-dotnet/blob/master/LICENSE</PackageLicenseUrl>
     <RepositoryUrl>https://github.com/stackify/stackify-api-dotnet</RepositoryUrl>
     <RepositoryType>git</RepositoryType>
     <PackageIconUrl>https://stackify.com/wp-content/uploads/2017/02/stk.png</PackageIconUrl>
-    <AssemblyVersion>2.2.9.0</AssemblyVersion>
-    <FileVersion>2.2.9.0</FileVersion>
+    <AssemblyVersion>2.2.10.0</AssemblyVersion>
+    <FileVersion>2.2.10.0</FileVersion>
     <PackageReleaseNotes>Remove default internal file logger</PackageReleaseNotes>
     <SignAssembly>false</SignAssembly>
   </PropertyGroup>

Src/StackifyLib/Web/RealUserMonitoring.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Security.Cryptography;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
@@ -9,8 +9,12 @@ namespace StackifyLib.Web
     public static class RealUserMonitoring
     {
         private static readonly RandomNumberGenerator Rng = new RNGCryptoServiceProvider();
-
-        public static string GetHeaderScript()
+        
+        /// <summary>
+        /// Generate the header script for including RUM
+        /// </summary>
+        /// <param name="nonce">nonce value, defaults to a cryptographic unique string if left null</param>
+        public static string GetHeaderScript(string nonce = null)
         {
             var rumScriptUrl = Config.RumScriptUrl;
             var rumKey = Config.RumKey;
@@ -52,13 +56,16 @@ public static string GetHeaderScript()
                 settings["Trans"] = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(reportingUrl));
             }
 
-            // generate nonce for strict CSP rules
+            return string.Format("<script type=\"text/javascript\" nonce=\"{3}\">(window.StackifySettings || (window.StackifySettings = {0}))</script><script src=\"{1}\" data-key=\"{2}\" async></script>",
+                settings.ToString(Formatting.None), rumScriptUrl, rumKey, nonce ?? GetNonce());
+        }
+
+        // generate nonce for strict CSP rules
+        private static string GetNonce()
+        {
             var nonceBytes = new byte[20];
             Rng.GetNonZeroBytes(nonceBytes);
-            var nonce = Convert.ToBase64String(nonceBytes);
-
-            return string.Format("<script type=\"text/javascript\" nonce=\"{3}\">(window.StackifySettings || (window.StackifySettings = {0}))</script><script src=\"{1}\" data-key=\"{2}\" async></script>",
-                settings.ToString(Formatting.None), rumScriptUrl, rumKey, nonce);
+            return Convert.ToBase64String(nonceBytes);
         }
     }
 }

azure-pipelines.yml

@@ -3,10 +3,28 @@ trigger:
     include:
     - develop
 
+schedules:
+  - cron: "0 21-22 31 * *"
+    displayName: Monthly build
+    branches:
+      include:
+      - develop
+    always: true
+
 pool:
   name: win2016-vs2017
 #  name: Azure Pipelines
 
+parameters:
+  - name: RUN_VERACODE_SCAN
+    displayName: 'Upload to Veracode'
+    type: boolean
+    default: true
+  - name: RUN_VERACODE_SCA
+    displayName: 'Execute Veracode SCA'
+    type: boolean
+    default: false
+    
 steps:
   - checkout: self
     clean: true
@@ -19,7 +37,7 @@ steps:
       RunAsPreJob: true
   - task: PowerShell@2
     displayName: PowerShell Script
-    condition: and(succeeded(), eq('${{ variables.veracodeSCA }}', 'true'))
+    condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCA }}', 'true'))
     inputs:
       targetType: inline
       script: >
@@ -172,14 +190,16 @@ steps:
         $xml = [Xml] (Get-Content .\Src\StackifyLib\StackifyLib.csproj)
         $version = $xml.Project.PropertyGroup.Version
         echo $version
+        $version = "$version".Trim()
         echo "##vso[task.setvariable variable=version]$version"
         echo "StackifyLib."$version".nupkg"
       workingDirectory: $(Build.SourcesDirectory)
   - task: Veracode@3
-    displayName: 'Upload and scan: $(Build.ArtifactStagingDirectory)/StackifyLib.$(BuildVersion).nupkg'
-    enabled: False
+    displayName: 'Upload and scan: $(Build.ArtifactStagingDirectory)/StackifyLib.$(version).nupkg'
+    condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCAN }}', 'true'))
+    enabled: True
     inputs:
       AnalysisService: 51003f89-58ab-463c-8e20-41484888d9c7
       veracodeAppProfile: Retrace .Net StackifyLib
       version: AZ-Devops-Build-$(build.buildNumber)
-      filepath: $(Build.ArtifactStagingDirectory)/StackifyLib.$(BuildVersion).nupkg
+      filepath: $(Build.ArtifactStagingDirectory)/StackifyLib.$(version).nupkg