Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch From Using Unmaintained Newtonsoft.Json to Using System.Text.Json in Powershell Authentication Module #2774

Open
fey101 opened this issue Jun 4, 2024 · 1 comment · May be fixed by #3083
Open

Switch From Using Unmaintained Newtonsoft.Json to Using System.Text.Json in Powershell Authentication Module #2774

fey101 opened this issue Jun 4, 2024 · 1 comment · May be fixed by #3083
Assignees
@Ndiritu
Labels
enhancement New feature or request type:security Security, or privacy issue

Comments

@fey101
Copy link
Contributor

fey101 commented Jun 4, 2024
edited
Loading

Describe the bug

The Newtonsoft.Json dependency of the SDK's authentication module, is no longer actively maintained. In the past we have also encountered trust issues with the signed Newtonsoft.Json package throwing verificationError 18 which interprets to
"Your file is signed but we don't trust it"
and PS SDK users, have raised this too as an issue for them. See #2741 and JamesNK/Newtonsoft.Json#2755

Expected behavior

Avoid Newtonsoft.Json related issues mentioned above by switching to System.Text.Json

How to reproduce

The task will include writing tests to cover the affected code segments and mitigate against any regressions before switching to system.text.json.

The current tricky work is the Json DOM handling in the 3 files below

It should be easier to replace JsonConvert.SerializeObject with JsonSerializer.Seralize in other files like

msgraph-sdk-powershell/src/Authentication/Authentication/Cmdlets/InvokeMgGraphRequest.cs

Line 579 in f06dcb1

var body = JsonConvert.SerializeObject(content);

Acceptance Criteria

  • 100% test coverage on affected files/files originally using Newtonsoft.Json package
  • Working authentication module with the tests passing and using System.Text.Json instead of Newtonsoft.Json
@fey101 fey101 added status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience enhancement New feature or request and removed status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience labels Jun 4, 2024
@timayabi2020 timayabi2020 self-assigned this Aug 6, 2024
@Ndiritu
Copy link
Contributor

Ndiritu commented Jan 8, 2025
edited
Loading

We also need to bump System.Text.Json that has a CVE & is causing conflicts with ExchangeOnlineManagement

@Ndiritu Ndiritu added the type:security Security, or privacy issue label Jan 8, 2025
@Ndiritu Ndiritu assigned Ndiritu and unassigned timayabi2020 Jan 8, 2025
This was referenced Jan 17, 2025
Merged
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Ndiritu Ndiritu

Labels
enhancement New feature or request type:security Security, or privacy issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: Migrate from Newtonsoft.Json to System.Text.Json microsoftgraph/msgraph-sdk-powershell
3 participants
@timayabi2020 @Ndiritu @fey101