From 043bd4cde9ed62b36dca590939b7cb9eba115ede Mon Sep 17 00:00:00 2001
From: Joe DeCock <josephdecock@gmail.com>
Date: Wed, 18 Sep 2024 14:53:45 -0500
Subject: [PATCH 1/5] Update host dependencies past transitive security
 vulnerabilities

- Update Serilog to 8.0.2. This is needed for a transitive update for System.Text.Json.
- Pin versions of Azure.Identity (1.11.4), System.Formats.Asn1 (8.0.1), and Microsoft.Data.SqlClient (5.1.6). These are depended on by EF and Sql client packages, and there's no update to those packages available that wouldn't give us a vulnerable version. Hopefully someday those packages will update such that this is no longer needed.
---
 Directory.Build.targets                           | 13 ++++++++++++-
 hosts/AspNetIdentity/Host.AspNetIdentity.csproj   | 12 ++++++++++++
 hosts/Configuration/Host.Configuration.csproj     | 12 ++++++++++++
 hosts/EntityFramework/Host.EntityFramework.csproj | 12 ++++++++++++
 4 files changed, 48 insertions(+), 1 deletion(-)

diff --git a/Directory.Build.targets b/Directory.Build.targets
index 1bb75290d..f6066beff 100644
--- a/Directory.Build.targets
+++ b/Directory.Build.targets
@@ -42,7 +42,7 @@
         <PackageReference Update="Microsoft.IdentityModel.JsonWebTokens" Version="$(WilsonVersion)"/>
         <PackageReference Update="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(WilsonVersion)"/>
         <PackageReference Update="System.IdentityModel.Tokens.Jwt" Version="$(WilsonVersion)"/>
-        <PackageReference Update="Serilog.AspNetCore" Version="8.0.0"/>
+        <PackageReference Update="Serilog.AspNetCore" Version="8.0.2"/>
 
         <!--microsoft asp.net core -->
         <PackageReference Update="Microsoft.AspNetCore.DataProtection.Abstractions" Version="$(FrameworkVersion)"/>
@@ -70,6 +70,17 @@
         <PackageReference Update="OpenTelemetry.Instrumentation.Http" Version="1.8.1" />
         <PackageReference Update="OpenTelemetry.Instrumentation.SqlClient" Version="1.8.0-beta.1" />
 
+        <!-- Transitive Dependencies -->
+        <!-- These packages are all transitive dependencies that would
+             otherwise resolve to a version with a security vulnerabilitiy. In future, we
+             would like to update Microsoft.Data.SqlClient and 
+             Microsoft.EntityFrameworkCore, and remove these explicit dependencies (assuming
+             that future versions of the intermediate dependencies that don't have this
+             problem exist someday). -->
+        <PackageReference Update="Azure.Identity" Version="1.11.4" />
+        <PackageReference Update="System.Formats.Asn1" Version="8.0.1" />
+        <PackageReference Update="Microsoft.Data.SqlClient" Version="5.1.6" />
+
     </ItemGroup>
 
     <Target Name="SetAssemblyVersion" AfterTargets="MinVer">
diff --git a/hosts/AspNetIdentity/Host.AspNetIdentity.csproj b/hosts/AspNetIdentity/Host.AspNetIdentity.csproj
index f414a5989..ad0e01b40 100644
--- a/hosts/AspNetIdentity/Host.AspNetIdentity.csproj
+++ b/hosts/AspNetIdentity/Host.AspNetIdentity.csproj
@@ -23,6 +23,18 @@
         <PackageReference Include="OpenTelemetry.Instrumentation.SqlClient" />
     </ItemGroup>
 
+    <ItemGroup>
+        <!-- The packages in this ItemGroup are all transitive dependencies that
+             would otherwise resolve to a version with a security vulnerabilitiy. 
+             In future, we would like to update Microsoft.Data.SqlClient and
+             Microsoft.EntityFrameworkCore, and remove these explicit dependencies
+             (assuming that future versions of the intermediate dependencies that
+             don't have this problem exist someday). -->
+        <PackageReference Include="Azure.Identity" />
+        <PackageReference Include="System.Formats.Asn1" />
+        <PackageReference Include="Microsoft.Data.SqlClient" />
+    </ItemGroup>
+
     <ItemGroup>
         <ProjectReference
             Include="..\..\src\AspNetIdentity\Duende.IdentityServer.AspNetIdentity.csproj" />
diff --git a/hosts/Configuration/Host.Configuration.csproj b/hosts/Configuration/Host.Configuration.csproj
index 8e0d65ac8..501e32ac1 100644
--- a/hosts/Configuration/Host.Configuration.csproj
+++ b/hosts/Configuration/Host.Configuration.csproj
@@ -36,6 +36,18 @@
         
     </ItemGroup>
 
+    <ItemGroup>
+        <!-- The packages in this ItemGroup are all transitive dependencies that
+             would otherwise resolve to a version with a security vulnerabilitiy. 
+             In future, we would like to update Microsoft.Data.SqlClient and
+             Microsoft.EntityFrameworkCore, and remove these explicit dependencies
+             (assuming that future versions of the intermediate dependencies that
+             don't have this problem exist someday). -->
+        <PackageReference Include="Azure.Identity" />
+        <PackageReference Include="System.Formats.Asn1" />
+        <PackageReference Include="Microsoft.Data.SqlClient" />
+    </ItemGroup>
+
     <ItemGroup>
         <ProjectReference Include="..\..\src\IdentityServer\Duende.IdentityServer.csproj" />
         <ProjectReference Include="..\..\src\Configuration\Duende.IdentityServer.Configuration.csproj" />
diff --git a/hosts/EntityFramework/Host.EntityFramework.csproj b/hosts/EntityFramework/Host.EntityFramework.csproj
index 1748e7cb8..aff303b6e 100644
--- a/hosts/EntityFramework/Host.EntityFramework.csproj
+++ b/hosts/EntityFramework/Host.EntityFramework.csproj
@@ -22,6 +22,18 @@
         <PackageReference Include="OpenTelemetry.Instrumentation.SqlClient" />
     </ItemGroup>
 
+    <ItemGroup>
+        <!-- The packages in this ItemGroup are all transitive dependencies that
+             would otherwise resolve to a version with a security vulnerabilitiy. 
+             In future, we would like to update Microsoft.Data.SqlClient and
+             Microsoft.EntityFrameworkCore, and remove these explicit dependencies
+             (assuming that future versions of the intermediate dependencies that
+             don't have this problem exist someday). -->
+        <PackageReference Include="Azure.Identity" />
+        <PackageReference Include="System.Formats.Asn1" />
+        <PackageReference Include="Microsoft.Data.SqlClient" />
+    </ItemGroup>
+
     <ItemGroup>
         <ProjectReference Include="..\..\src\Configuration\Duende.IdentityServer.Configuration.csproj" />
         <ProjectReference Include="..\..\src\Configuration.EntityFramework\Duende.IdentityServer.Configuration.EntityFramework.csproj" />

From 11d775659f0cd4420de72fb0d35e009df203a337 Mon Sep 17 00:00:00 2001
From: Joe DeCock <josephdecock@gmail.com>
Date: Wed, 18 Sep 2024 21:26:30 -0500
Subject: [PATCH 2/5] Rename ClientModel

The new System.ClientModel library is a dependency that we get from EF, and its namespace name conflicts with our existing class name. There's no good way to resolve the ambiguity, short of just renaming the model. We need to do the same in the templates. (https://github.com/DuendeSoftware/IdentityServer.Templates/issues/56)
---
 .../Pages/Admin/Clients/ClientRepository.cs               | 8 ++++----
 hosts/EntityFramework/Pages/Admin/Clients/Edit.cshtml.cs  | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/hosts/EntityFramework/Pages/Admin/Clients/ClientRepository.cs b/hosts/EntityFramework/Pages/Admin/Clients/ClientRepository.cs
index 6ebf78eec..80b075314 100644
--- a/hosts/EntityFramework/Pages/Admin/Clients/ClientRepository.cs
+++ b/hosts/EntityFramework/Pages/Admin/Clients/ClientRepository.cs
@@ -24,7 +24,7 @@ public class CreateClientModel : ClientSummaryModel
     public string Secret { get; set; } = default!;
 }
 
-public class ClientModel : CreateClientModel, IValidatableObject
+public class EditClientModel : CreateClientModel, IValidatableObject
 {
     [Required]
     public string AllowedScopes { get; set; } = default!;
@@ -91,7 +91,7 @@ public async Task<IEnumerable<ClientSummaryModel>> GetAllAsync(string? filter =
         return await result.ToArrayAsync();
     }
 
-    public async Task<ClientModel?> GetByIdAsync(string id)
+    public async Task<EditClientModel?> GetByIdAsync(string id)
     {
         var client = await _context.Clients
             .Include(x => x.AllowedGrantTypes)
@@ -103,7 +103,7 @@ public async Task<IEnumerable<ClientSummaryModel>> GetAllAsync(string? filter =
 
         if (client == null) return null;
 
-        return new ClientModel
+        return new EditClientModel
         {
             ClientId = client.ClientId,
             Name = client.ClientName,
@@ -146,7 +146,7 @@ public async Task CreateAsync(CreateClientModel model)
         await _context.SaveChangesAsync();
     }
 
-    public async Task UpdateAsync(ClientModel model)
+    public async Task UpdateAsync(EditClientModel model)
     {
         ArgumentNullException.ThrowIfNull(model);
         var client = await _context.Clients
diff --git a/hosts/EntityFramework/Pages/Admin/Clients/Edit.cshtml.cs b/hosts/EntityFramework/Pages/Admin/Clients/Edit.cshtml.cs
index 7a41ea695..32d382e5d 100644
--- a/hosts/EntityFramework/Pages/Admin/Clients/Edit.cshtml.cs
+++ b/hosts/EntityFramework/Pages/Admin/Clients/Edit.cshtml.cs
@@ -19,7 +19,7 @@ public EditModel(ClientRepository repository)
     }
 
     [BindProperty]
-    public ClientModel InputModel { get; set; } = default!;
+    public EditClientModel InputModel { get; set; } = default!;
     [BindProperty]
     public string? Button { get; set; }
 

From c979626520644cf557d234d2b146606e2313dd41 Mon Sep 17 00:00:00 2001
From: Joe DeCock <josephdecock@gmail.com>
Date: Wed, 18 Sep 2024 21:29:39 -0500
Subject: [PATCH 3/5] Pin transitive dependencies to avoid vulnerabilities in
 test projects

Pin versions of Azure.Identity (1.11.4), System.Formats.Asn1 (8.0.1), and Microsoft.Data.SqlClient (5.1.6). These are depended on by EF and Sql client packages, and there's no update to those packages available that wouldn't give us a vulnerable version. Hopefully someday those packages will update such that this is no longer needed.
---
 Directory.Build.targets                            |  6 +++---
 .../IdentityServerDb/IdentityServerDb.csproj       | 13 +++++++++++++
 .../EntityFramework.IntegrationTests.csproj        | 14 ++++++++++++++
 ...EntityFramework.Storage.IntegrationTests.csproj | 13 +++++++++++++
 .../EntityFramework.Storage.UnitTests.csproj       |  9 +++++++++
 .../IdentityServer.IntegrationTests.csproj         |  5 +++++
 6 files changed, 57 insertions(+), 3 deletions(-)

diff --git a/Directory.Build.targets b/Directory.Build.targets
index f6066beff..4789e5efe 100644
--- a/Directory.Build.targets
+++ b/Directory.Build.targets
@@ -19,9 +19,9 @@
 
         <!--tests -->
         <PackageReference Update="FluentAssertions" Version="6.5.1"/>
-        <PackageReference Update="FluentAssertions.Web" Version="1.2.5"/>
+        <PackageReference Update="FluentAssertions.Web" Version="1.5.0"/>
         <PackageReference Update="Microsoft.NET.Test.Sdk" Version="17.8.0"/>
-        <PackageReference Update="xunit" Version="2.6.2"/>
+        <PackageReference Update="xunit" Version="2.9.0"/>
         <PackageReference Update="xunit.runner.visualstudio" Version="2.5.4" PrivateAssets="All"/>
 
         <!-- testing -->
@@ -80,7 +80,7 @@
         <PackageReference Update="Azure.Identity" Version="1.11.4" />
         <PackageReference Update="System.Formats.Asn1" Version="8.0.1" />
         <PackageReference Update="Microsoft.Data.SqlClient" Version="5.1.6" />
-
+        <PackageReference Update="System.Text.Json" Version="8.0.4" />
     </ItemGroup>
 
     <Target Name="SetAssemblyVersion" AfterTargets="MinVer">
diff --git a/migrations/IdentityServerDb/IdentityServerDb.csproj b/migrations/IdentityServerDb/IdentityServerDb.csproj
index d73eb8689..10ff36749 100644
--- a/migrations/IdentityServerDb/IdentityServerDb.csproj
+++ b/migrations/IdentityServerDb/IdentityServerDb.csproj
@@ -9,6 +9,19 @@
         <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" />
     </ItemGroup>
 
+    <ItemGroup>
+        <!-- The packages in this ItemGroup are all transitive dependencies that
+             would otherwise resolve to a version with a security vulnerabilitiy. 
+             In future, we would like to update Microsoft.Data.SqlClient and
+             Microsoft.EntityFrameworkCore, and remove these explicit dependencies
+             (assuming that future versions of the intermediate dependencies that
+             don't have this problem exist someday). -->
+        <PackageReference Include="Azure.Identity" />
+        <PackageReference Include="System.Formats.Asn1" />
+        <PackageReference Include="Microsoft.Data.SqlClient" />
+        <PackageReference Include="System.Text.Json" />
+    </ItemGroup>
+    
     <ItemGroup>
         <ProjectReference Include="..\..\src\EntityFramework.Storage\Duende.IdentityServer.EntityFramework.Storage.csproj" />
         <ProjectReference Include="..\..\src\IdentityServer\Duende.IdentityServer.csproj" />
diff --git a/test/EntityFramework.IntegrationTests/EntityFramework.IntegrationTests.csproj b/test/EntityFramework.IntegrationTests/EntityFramework.IntegrationTests.csproj
index 4aa8919c2..baba48caa 100644
--- a/test/EntityFramework.IntegrationTests/EntityFramework.IntegrationTests.csproj
+++ b/test/EntityFramework.IntegrationTests/EntityFramework.IntegrationTests.csproj
@@ -15,6 +15,20 @@
         <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" />
     </ItemGroup>
 
+    <ItemGroup>
+        <!-- The packages in this ItemGroup are all transitive dependencies that
+             would otherwise resolve to a version with a security vulnerabilitiy. 
+             In future, we would like to update Microsoft.Data.SqlClient and
+             Microsoft.EntityFrameworkCore, and remove these explicit dependencies
+             (assuming that future versions of the intermediate dependencies that
+             don't have this problem exist someday). -->
+        <PackageReference Include="Azure.Identity" />
+        <PackageReference Include="System.Formats.Asn1" />
+        <PackageReference Include="Microsoft.Data.SqlClient" />
+        <PackageReference Include="System.Text.Json" />
+    </ItemGroup>
+
+
     <ItemGroup>
         <ProjectReference Include="..\..\src\EntityFramework\Duende.IdentityServer.EntityFramework.csproj" />
     </ItemGroup>
diff --git a/test/EntityFramework.Storage.IntegrationTests/EntityFramework.Storage.IntegrationTests.csproj b/test/EntityFramework.Storage.IntegrationTests/EntityFramework.Storage.IntegrationTests.csproj
index 62c23f4dd..ee6959a9d 100644
--- a/test/EntityFramework.Storage.IntegrationTests/EntityFramework.Storage.IntegrationTests.csproj
+++ b/test/EntityFramework.Storage.IntegrationTests/EntityFramework.Storage.IntegrationTests.csproj
@@ -19,6 +19,19 @@
         <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" />
     </ItemGroup>
 
+    <ItemGroup>
+        <!-- The packages in this ItemGroup are all transitive dependencies that
+             would otherwise resolve to a version with a security vulnerabilitiy. 
+             In future, we would like to update Microsoft.Data.SqlClient and
+             Microsoft.EntityFrameworkCore, and remove these explicit dependencies
+             (assuming that future versions of the intermediate dependencies that
+             don't have this problem exist someday). -->
+        <PackageReference Include="Azure.Identity" />
+        <PackageReference Include="System.Formats.Asn1" />
+        <PackageReference Include="Microsoft.Data.SqlClient" />
+        <PackageReference Include="System.Text.Json" />
+    </ItemGroup>
+    
     <ItemGroup>
         <ProjectReference Include="..\..\src\EntityFramework.Storage\Duende.IdentityServer.EntityFramework.Storage.csproj" />
         <ProjectReference Include="..\..\src\IdentityServer\Duende.IdentityServer.csproj" />
diff --git a/test/EntityFramework.Storage.UnitTests/EntityFramework.Storage.UnitTests.csproj b/test/EntityFramework.Storage.UnitTests/EntityFramework.Storage.UnitTests.csproj
index 40deba925..9cf0edea3 100644
--- a/test/EntityFramework.Storage.UnitTests/EntityFramework.Storage.UnitTests.csproj
+++ b/test/EntityFramework.Storage.UnitTests/EntityFramework.Storage.UnitTests.csproj
@@ -13,6 +13,15 @@
         <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" />
     </ItemGroup>
 
+    <ItemGroup>
+        <!-- This package is a transitive dependency that would otherwise resolve 
+             to a version with a security vulnerabilitiy. 
+             In future, we would like to update Microsoft.EntityFrameworkCore.Sqlite,
+             and remove this explicit dependency (assuming that future versions of 
+             the sqlite package that doesn't have this problem exist someday). -->
+        <PackageReference Include="System.Text.Json" />
+    </ItemGroup>
+
     <ItemGroup>
         <ProjectReference Include="..\..\src\EntityFramework.Storage\Duende.IdentityServer.EntityFramework.Storage.csproj" />
     </ItemGroup>
diff --git a/test/IdentityServer.IntegrationTests/IdentityServer.IntegrationTests.csproj b/test/IdentityServer.IntegrationTests/IdentityServer.IntegrationTests.csproj
index e6a1f0bd8..8e7aea861 100644
--- a/test/IdentityServer.IntegrationTests/IdentityServer.IntegrationTests.csproj
+++ b/test/IdentityServer.IntegrationTests/IdentityServer.IntegrationTests.csproj
@@ -22,6 +22,11 @@
         <PackageReference Include="FluentAssertions.Web" />
     </ItemGroup>
 
+    <ItemGroup>
+        <PackageReference Include="System.Net.Http" Version="4.3.4" />
+        <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
+    </ItemGroup>
+
     <ItemGroup>
         <None Update="identityserver_testing.cer">
             <CopyToOutputDirectory>Always</CopyToOutputDirectory>

From 0f04d85725f5f170a5d77f104c36e50ac5f56887 Mon Sep 17 00:00:00 2001
From: Joe DeCock <josephdecock@gmail.com>
Date: Wed, 18 Sep 2024 21:31:43 -0500
Subject: [PATCH 4/5] Convert CsQuery to AngleSharp in test projects

These are libraries for doing DOM manipulation in C#. CsQuery is no longer maintained, and it has some messy dependencies. AngleSharp is an easy replacement.
---
 Directory.Build.targets                       |  2 +-
 .../Configuration.IntegrationTests.csproj     |  2 +-
 .../IdentityServer.IntegrationTests.csproj    |  4 +-
 .../TestFramework/TestBrowserClient.cs        | 52 ++++++++++---------
 4 files changed, 31 insertions(+), 29 deletions(-)

diff --git a/Directory.Build.targets b/Directory.Build.targets
index 4789e5efe..bdf5de933 100644
--- a/Directory.Build.targets
+++ b/Directory.Build.targets
@@ -26,7 +26,7 @@
 
         <!-- testing -->
         <PackageReference Update="Microsoft.AspNetCore.Authentication.JwtBearer" Version="$(FrameworkVersion)" />
-        <PackageReference Update="CsQuery.NETStandard" Version="1.3.6.1" />
+        <PackageReference Update="AngleSharp" Version="1.1.2" />
         <PackageReference Update="Microsoft.NET.Test.Sdk" Version="17.8.0" />
 
 
diff --git a/test/Configuration.IntegrationTests/Configuration.IntegrationTests.csproj b/test/Configuration.IntegrationTests/Configuration.IntegrationTests.csproj
index 614806eaa..697b45b57 100644
--- a/test/Configuration.IntegrationTests/Configuration.IntegrationTests.csproj
+++ b/test/Configuration.IntegrationTests/Configuration.IntegrationTests.csproj
@@ -23,9 +23,9 @@
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
     <PackageReference Include="FluentAssertions" />
-    <PackageReference Include="CsQuery.NETStandard" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" />
     <PackageReference Include="Microsoft.AspNetCore.TestHost" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" />
+    <PackageReference Include="AngleSharp" />
   </ItemGroup>
 </Project>
diff --git a/test/IdentityServer.IntegrationTests/IdentityServer.IntegrationTests.csproj b/test/IdentityServer.IntegrationTests/IdentityServer.IntegrationTests.csproj
index 8e7aea861..5a02a8adb 100644
--- a/test/IdentityServer.IntegrationTests/IdentityServer.IntegrationTests.csproj
+++ b/test/IdentityServer.IntegrationTests/IdentityServer.IntegrationTests.csproj
@@ -13,9 +13,7 @@
         <PackageReference Include="Microsoft.AspNetCore.TestHost" />
         <PackageReference Include="System.IdentityModel.Tokens.Jwt" />
         <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" />
-
-        <PackageReference Include="CsQuery.NETStandard" Version="1.3.6.1" />
-
+        <PackageReference Include="AngleSharp" />
         <PackageReference Include="xunit" />
         <PackageReference Include="xunit.runner.visualstudio" PrivateAssets="All" />
         <PackageReference Include="FluentAssertions" />
diff --git a/test/IdentityServer.IntegrationTests/TestFramework/TestBrowserClient.cs b/test/IdentityServer.IntegrationTests/TestFramework/TestBrowserClient.cs
index 4e872dc04..4fc1a8954 100644
--- a/test/IdentityServer.IntegrationTests/TestFramework/TestBrowserClient.cs
+++ b/test/IdentityServer.IntegrationTests/TestFramework/TestBrowserClient.cs
@@ -2,7 +2,9 @@
 // See LICENSE in the project root for license information.
 
 
-using CsQuery;
+using AngleSharp.Dom;
+using AngleSharp.Html.Dom;
+using AngleSharp.Html.Parser;
 using FluentAssertions;
 using System;
 using System.Collections.Generic;
@@ -110,18 +112,17 @@ public async Task<HtmlForm> ReadFormAsync(HttpResponseMessage response, string s
     {
         response.StatusCode.Should().Be(HttpStatusCode.OK);
 
-        var htmlForm = new HtmlForm
-        {
-
-        };
+        var htmlForm = new HtmlForm();
 
         var html = await response.Content.ReadAsStringAsync();
 
-        var dom = new CQ(html);
-        var form = dom.Find(selector ?? "form");
-        form.Length.Should().Be(1);
+        var parser = new HtmlParser();
+        var document = await parser.ParseDocumentAsync(html);
+
+        var form = document.QuerySelector(selector ?? "form") as IHtmlFormElement;
+        form.Should().NotBeNull();
 
-        var postUrl = form.Attr("action");
+        var postUrl = form.Action;
         if (!postUrl.StartsWith("http", StringComparison.OrdinalIgnoreCase))
         {
             if (postUrl.StartsWith("/"))
@@ -135,14 +136,13 @@ public async Task<HtmlForm> ReadFormAsync(HttpResponseMessage response, string s
         }
         htmlForm.Action = postUrl;
 
-
         var data = new Dictionary<string, string>();
 
-        var inputs = form.Find("input");
-        foreach (var input in inputs)
+        var inputs = form.QuerySelectorAll("input");
+        foreach (var input in inputs.OfType<IHtmlInputElement>())
         {
-            var name = input.GetAttribute("name");
-            var value = input.GetAttribute("value");
+            var name = input.Name;
+            var value = input.Value;
 
             if (!data.ContainsKey(name))
             {
@@ -158,17 +158,18 @@ public async Task<HtmlForm> ReadFormAsync(HttpResponseMessage response, string s
         return htmlForm;
     }
 
-
     public Task<string> ReadElementTextAsync(string selector)
     {
         return ReadElementTextAsync(LastResponse, selector);
     }
+
     public async Task<string> ReadElementTextAsync(HttpResponseMessage response, string selector)
     {
         var html = await response.Content.ReadAsStringAsync();
 
-        var dom = new CQ(html);
-        var element = dom.Find(selector);
+        var parser = new HtmlParser();
+        var dom = parser.ParseDocument(html);
+        var element = dom.QuerySelector(selector);
         return element.Text();
     }
 
@@ -180,9 +181,10 @@ public async Task<string> ReadElementAttributeAsync(HttpResponseMessage response
     {
         var html = await response.Content.ReadAsStringAsync();
 
-        var dom = new CQ(html);
-        var element = dom.Find(selector);
-        return element.Attr(attribute);
+        var parser = new HtmlParser();
+        var dom = parser.ParseDocument(html);
+        var element = dom.QuerySelector(selector);
+        return element.GetAttribute(attribute);
     }
 
     public Task AssertExistsAsync(string selector)
@@ -196,8 +198,9 @@ public async Task AssertExistsAsync(HttpResponseMessage response, string selecto
 
         var html = await response.Content.ReadAsStringAsync();
 
-        var dom = new CQ(html);
-        var element = dom.Find(selector);
+        var parser = new HtmlParser();
+        var dom = parser.ParseDocument(html);
+        var element = dom.QuerySelectorAll(selector);
         element.Length.Should().BeGreaterThan(0);
     }
 
@@ -211,8 +214,9 @@ public async Task AssertNotExistsAsync(HttpResponseMessage response, string sele
 
         var html = await response.Content.ReadAsStringAsync();
 
-        var dom = new CQ(html);
-        var element = dom.Find(selector);
+        var parser = new HtmlParser();
+        var dom = parser.ParseDocument(html);
+        var element = dom.QuerySelectorAll(selector);
         element.Length.Should().Be(0);
     }
 

From 1ed73c9ce6c801b914a4b66bc24fe4e1e16bce75 Mon Sep 17 00:00:00 2001
From: Joe DeCock <josephdecock@gmail.com>
Date: Wed, 18 Sep 2024 21:33:31 -0500
Subject: [PATCH 5/5] Using async Task instead of async void in tests

---
 .../Validation/IsLocalUrlTests.cs             |  7 +++--
 .../BasicAuthenticationCredentialParsing.cs   | 29 ++++++++++---------
 .../Secrets/ClientAssertionSecretParsing.cs   | 15 +++++-----
 .../Secrets/FormPostCredentialParsing.cs      | 15 +++++-----
 4 files changed, 35 insertions(+), 31 deletions(-)

diff --git a/test/IdentityServer.UnitTests/Validation/IsLocalUrlTests.cs b/test/IdentityServer.UnitTests/Validation/IsLocalUrlTests.cs
index 6319748ac..c135b3584 100644
--- a/test/IdentityServer.UnitTests/Validation/IsLocalUrlTests.cs
+++ b/test/IdentityServer.UnitTests/Validation/IsLocalUrlTests.cs
@@ -1,4 +1,5 @@
 using System.Collections.Generic;
+using System.Threading.Tasks;
 using Duende.IdentityServer.Configuration;
 using Duende.IdentityServer.Extensions;
 using Duende.IdentityServer.Services;
@@ -61,7 +62,7 @@ public class IsLocalUrlTests
 
     [Theory]
     [MemberData(nameof(TestCases))]
-    public async void GetAuthorizationContextAsync(string returnUrl, bool expected)
+    public async Task GetAuthorizationContextAsync(string returnUrl, bool expected)
     {
         var interactionService = new DefaultIdentityServerInteractionService(null, null, null, null, null, null, null, 
             GetReturnUrlParser(), new LoggerFactory().CreateLogger<DefaultIdentityServerInteractionService>());
@@ -105,7 +106,7 @@ public void GetIdentityServerRelativeUrl(string returnUrl, bool expected)
 
     [Theory]
     [MemberData(nameof(TestCases))]
-    public async void OidcReturnUrlParser_ParseAsync(string returnUrl, bool expected)
+    public async Task OidcReturnUrlParser_ParseAsync(string returnUrl, bool expected)
     {
         var oidcParser = GetOidcReturnUrlParser();
         var actual = await oidcParser.ParseAsync(returnUrl);
@@ -138,7 +139,7 @@ public void ReturnUrlParser_IsValidReturnUrl(string returnUrl, bool expected)
 
     [Theory]
     [MemberData(nameof(TestCases))]
-    public async void ReturnUrlParser_ParseAsync(string returnUrl, bool expected)
+    public async Task ReturnUrlParser_ParseAsync(string returnUrl, bool expected)
     {
         var parser = GetReturnUrlParser();
         var actual = await parser.ParseAsync(returnUrl);
diff --git a/test/IdentityServer.UnitTests/Validation/Secrets/BasicAuthenticationCredentialParsing.cs b/test/IdentityServer.UnitTests/Validation/Secrets/BasicAuthenticationCredentialParsing.cs
index 92293ab2a..0578c41d1 100644
--- a/test/IdentityServer.UnitTests/Validation/Secrets/BasicAuthenticationCredentialParsing.cs
+++ b/test/IdentityServer.UnitTests/Validation/Secrets/BasicAuthenticationCredentialParsing.cs
@@ -5,6 +5,7 @@
 using System;
 using System.Net.Http;
 using System.Text;
+using System.Threading.Tasks;
 using Duende.IdentityServer;
 using Duende.IdentityServer.Configuration;
 using Duende.IdentityServer.Validation;
@@ -31,7 +32,7 @@ public BasicAuthenticationSecretParsing()
 
     [Fact]
     [Trait("Category", Category)]
-    public async void EmptyContext()
+    public async Task EmptyContext()
     {
         var context = new DefaultHttpContext();
 
@@ -42,7 +43,7 @@ public async void EmptyContext()
 
     [Fact]
     [Trait("Category", Category)]
-    public async void Valid_BasicAuthentication_Request()
+    public async Task Valid_BasicAuthentication_Request()
     {
         var context = new DefaultHttpContext();
 
@@ -67,7 +68,7 @@ public async void Valid_BasicAuthentication_Request()
     [InlineData("cl+ ient", "se+cret")]
     [InlineData("cl+ ient", "se+ cret")]
     [InlineData("client:urn", "secret")]
-    public async void Valid_BasicAuthentication_Request_in_various_Formats_Manual(string userName, string password)
+    public async Task Valid_BasicAuthentication_Request_in_various_Formats_Manual(string userName, string password)
     {
         Encoding encoding = Encoding.UTF8;
         var context = new DefaultHttpContext();
@@ -94,7 +95,7 @@ public async void Valid_BasicAuthentication_Request_in_various_Formats_Manual(st
     [InlineData("cl+ ient", "se+cret")]
     [InlineData("cl+ ient", "se+ cret")]
     [InlineData("client:urn", "secret")]
-    public async void Valid_BasicAuthentication_Request_in_various_Formats_IdentityModel(string userName, string password)
+    public async Task Valid_BasicAuthentication_Request_in_various_Formats_IdentityModel(string userName, string password)
     {
         Encoding encoding = Encoding.UTF8;
         var context = new DefaultHttpContext();
@@ -112,7 +113,7 @@ public async void Valid_BasicAuthentication_Request_in_various_Formats_IdentityM
 
     [Fact]
     [Trait("Category", Category)]
-    public async void Valid_BasicAuthentication_Request_With_UserName_Only_And_Colon_For_Optional_ClientSecret()
+    public async Task Valid_BasicAuthentication_Request_With_UserName_Only_And_Colon_For_Optional_ClientSecret()
     {
         var context = new DefaultHttpContext();
             
@@ -129,7 +130,7 @@ public async void Valid_BasicAuthentication_Request_With_UserName_Only_And_Colon
 
     [Fact]
     [Trait("Category", Category)]
-    public async void BasicAuthentication_Request_With_Empty_Basic_Header()
+    public async Task BasicAuthentication_Request_With_Empty_Basic_Header()
     {
         var context = new DefaultHttpContext();
 
@@ -142,7 +143,7 @@ public async void BasicAuthentication_Request_With_Empty_Basic_Header()
 
     [Fact]
     [Trait("Category", Category)]
-    public async void Valid_BasicAuthentication_Request_ClientId_Too_Long()
+    public async Task Valid_BasicAuthentication_Request_ClientId_Too_Long()
     {
         var context = new DefaultHttpContext();
 
@@ -159,7 +160,7 @@ public async void Valid_BasicAuthentication_Request_ClientId_Too_Long()
 
     [Fact]
     [Trait("Category", Category)]
-    public async void Valid_BasicAuthentication_Request_ClientSecret_Too_Long()
+    public async Task Valid_BasicAuthentication_Request_ClientSecret_Too_Long()
     {
         var context = new DefaultHttpContext();
 
@@ -185,7 +186,7 @@ public async void Valid_BasicAuthentication_Request_ClientSecret_Too_Long()
     [InlineData(107)]
     [InlineData(108)]
     [Trait("Category", Category)]
-    public async void Valid_BasicAuthentication_Request_Maximum_Url_Encoded_Values_Should_Work(int maxLength)
+    public async Task Valid_BasicAuthentication_Request_Maximum_Url_Encoded_Values_Should_Work(int maxLength)
     {
         var parser = CreateParser(maxLength);
 
@@ -229,7 +230,7 @@ private static BasicAuthenticationSecretParser CreateParser(int maxLength)
     [InlineData(107)]
     [InlineData(108)]
     [Trait("Category", Category)]
-    public async void Valid_BasicAuthentication_Request_Authorization_Header_Too_Long_Should_Fail(int maxLength)
+    public async Task Valid_BasicAuthentication_Request_Authorization_Header_Too_Long_Should_Fail(int maxLength)
     {
         var parser = CreateParser(maxLength);
 
@@ -249,7 +250,7 @@ public async void Valid_BasicAuthentication_Request_Authorization_Header_Too_Lon
 
     [Fact]
     [Trait("Category", Category)]
-    public async void BasicAuthentication_Request_With_Empty_Basic_Header_Variation()
+    public async Task BasicAuthentication_Request_With_Empty_Basic_Header_Variation()
     {
         var context = new DefaultHttpContext();
 
@@ -262,7 +263,7 @@ public async void BasicAuthentication_Request_With_Empty_Basic_Header_Variation(
 
     [Fact]
     [Trait("Category", Category)]
-    public async void BasicAuthentication_Request_With_Unknown_Scheme()
+    public async Task BasicAuthentication_Request_With_Unknown_Scheme()
     {
         var context = new DefaultHttpContext();
 
@@ -275,7 +276,7 @@ public async void BasicAuthentication_Request_With_Unknown_Scheme()
 
     [Fact]
     [Trait("Category", Category)]
-    public async void BasicAuthentication_Request_With_Malformed_Credentials_NoBase64_Encoding()
+    public async Task BasicAuthentication_Request_With_Malformed_Credentials_NoBase64_Encoding()
     {
         var context = new DefaultHttpContext();
 
@@ -288,7 +289,7 @@ public async void BasicAuthentication_Request_With_Malformed_Credentials_NoBase6
 
     [Fact]
     [Trait("Category", Category)]
-    public async void BasicAuthentication_Request_With_Malformed_Credentials_Base64_Encoding_UserName_Only()
+    public async Task BasicAuthentication_Request_With_Malformed_Credentials_Base64_Encoding_UserName_Only()
     {
         var context = new DefaultHttpContext();
 
diff --git a/test/IdentityServer.UnitTests/Validation/Secrets/ClientAssertionSecretParsing.cs b/test/IdentityServer.UnitTests/Validation/Secrets/ClientAssertionSecretParsing.cs
index b20ccd6ed..fe6bf184c 100644
--- a/test/IdentityServer.UnitTests/Validation/Secrets/ClientAssertionSecretParsing.cs
+++ b/test/IdentityServer.UnitTests/Validation/Secrets/ClientAssertionSecretParsing.cs
@@ -6,6 +6,7 @@
 using System.IO;
 using System.Security.Claims;
 using System.Text;
+using System.Threading.Tasks;
 using Duende.IdentityServer;
 using Duende.IdentityServer.Configuration;
 using Duende.IdentityServer.Validation;
@@ -29,7 +30,7 @@ public ClientAssertionSecretParsing()
     }
 
     [Fact]
-    public async void EmptyContext()
+    public async Task EmptyContext()
     {
         var context = new DefaultHttpContext();
         context.Request.Body = new MemoryStream();
@@ -41,7 +42,7 @@ public async void EmptyContext()
     }
 
     [Fact]
-    public async void Valid_ClientAssertion()
+    public async Task Valid_ClientAssertion()
     {
         var context = new DefaultHttpContext();
 
@@ -62,7 +63,7 @@ public async void Valid_ClientAssertion()
     }
 
     [Fact]
-    public async void Missing_ClientAssertionType()
+    public async Task Missing_ClientAssertionType()
     {
         var context = new DefaultHttpContext();
 
@@ -77,7 +78,7 @@ public async void Missing_ClientAssertionType()
     }
 
     [Fact]
-    public async void Missing_ClientAssertion()
+    public async Task Missing_ClientAssertion()
     {
         var context = new DefaultHttpContext();
 
@@ -92,7 +93,7 @@ public async void Missing_ClientAssertion()
     }
 
     [Fact]
-    public async void Malformed_PostBody()
+    public async Task Malformed_PostBody()
     {
         var context = new DefaultHttpContext();
         var body = "malformed";
@@ -106,7 +107,7 @@ public async void Malformed_PostBody()
     }
 
     [Fact]
-    public async void ClientId_TooLong()
+    public async Task ClientId_TooLong()
     {
         var context = new DefaultHttpContext();
 
@@ -122,7 +123,7 @@ public async void ClientId_TooLong()
     }
 
     [Fact]
-    public async void ClientAssertion_TooLong()
+    public async Task ClientAssertion_TooLong()
     {
         var context = new DefaultHttpContext();
 
diff --git a/test/IdentityServer.UnitTests/Validation/Secrets/FormPostCredentialParsing.cs b/test/IdentityServer.UnitTests/Validation/Secrets/FormPostCredentialParsing.cs
index 0d4b506e2..b8e6ced23 100644
--- a/test/IdentityServer.UnitTests/Validation/Secrets/FormPostCredentialParsing.cs
+++ b/test/IdentityServer.UnitTests/Validation/Secrets/FormPostCredentialParsing.cs
@@ -4,6 +4,7 @@
 
 using System.IO;
 using System.Text;
+using System.Threading.Tasks;
 using Duende.IdentityServer;
 using Duende.IdentityServer.Configuration;
 using Duende.IdentityServer.Validation;
@@ -30,7 +31,7 @@ public FormPostCredentialExtraction()
 
     [Fact]
     [Trait("Category", Category)]
-    public async void EmptyContext()
+    public async Task EmptyContext()
     {
         var context = new DefaultHttpContext();
         context.Request.Body = new MemoryStream();
@@ -42,7 +43,7 @@ public async void EmptyContext()
 
     [Fact]
     [Trait("Category", Category)]
-    public async void Valid_PostBody()
+    public async Task Valid_PostBody()
     {
         var context = new DefaultHttpContext();
 
@@ -60,7 +61,7 @@ public async void Valid_PostBody()
 
     [Fact]
     [Trait("Category", Category)]
-    public async void ClientId_Too_Long()
+    public async Task ClientId_Too_Long()
     {
         var context = new DefaultHttpContext();
 
@@ -77,7 +78,7 @@ public async void ClientId_Too_Long()
 
     [Fact]
     [Trait("Category", Category)]
-    public async void ClientSecret_Too_Long()
+    public async Task ClientSecret_Too_Long()
     {
         var context = new DefaultHttpContext();
 
@@ -94,7 +95,7 @@ public async void ClientSecret_Too_Long()
 
     [Fact]
     [Trait("Category", Category)]
-    public async void Missing_ClientId()
+    public async Task Missing_ClientId()
     {
         var context = new DefaultHttpContext();
 
@@ -110,7 +111,7 @@ public async void Missing_ClientId()
 
     [Fact]
     [Trait("Category", Category)]
-    public async void Missing_ClientSecret()
+    public async Task Missing_ClientSecret()
     {
         var context = new DefaultHttpContext();
 
@@ -127,7 +128,7 @@ public async void Missing_ClientSecret()
 
     [Fact]
     [Trait("Category", Category)]
-    public async void Malformed_PostBody()
+    public async Task Malformed_PostBody()
     {
         var context = new DefaultHttpContext();