Node Cipheriv Warning in Azure DevOps Extension - Release Task

4
votes

I am working on a project to develop an Azure DevOps release task extension. Recently, I am getting this warning message printed multiple times in the logs when the release task runs- "Warning: Use Cipheriv for counter mode of aes-256-ctr".

I was not getting it earlier. And the time when I started getting this error, I only changed some console.log(..), and not even any code that could possibly trigger this error. (Might be some npm dependency updates!)

Any idea regarding why am I getting this error, and how to fix it! If not, how to disable it?

P.S. - I know this question has been asked and could probably be categorized as duplicate. But I am asking in the context of Azure DevOps release tasks, others are independent node.js projects. And, those fixes didn't work for me.

1
node.jsazure-devopsazure-pipelinesazure-pipelines-release-pipelineazure-pipelines-build-task

1 Answers

5
votes

This is related to the Azure-Pipelines-Task-Lib and the Azure-Pipelines-agent and outside of your control. The problem should be fixed in those projects or their dependencies.

Since these all ship with the agent installer and the tasks themselves, this is not directly under your control.

This is likely caused by the dependency of the Agent on Node 6. There is work in progress to support Node 10 LTS on the agent (Node 10 now ships side-by-side in the agent installer).

The Azure-Pipelines-Agent calls the wrong method here.

    let encryptKey = crypto.randomBytes(256);
    let cipher = crypto.createCipher("aes-256-ctr", encryptKey);
    let encryptedContent = cipher.update(secret, "utf8", "hex");
    encryptedContent += cipher.final("hex");

As far as I can tell it should call crypto.createCipheriv() instead of crypto.createCipher() when running on Node 8 or higher. The Azure-Pipelines-Task-Lib seems to rely on the same piece of code.

It looks like 2.8.0 of the Azure-Pipelines-Task-Lib fixes this. It's on npm now, so upgrade to make these warnings disappear.