Skip to content

Commit

Permalink
Enhance memory reading and COM object management with error handling …
Browse files Browse the repository at this point in the history 
…and platform checks

Add static keyword to lambdas in AnalyzeCommandTests.cs

Modified lambda expressions in AnalyzeCommandTests.cs to be static.
This change ensures that the lambdas do not capture variables from
the enclosing scope, potentially improving performance and clarity.

Fixing version constant file

Refactor project to target .NET 9.0 and remove obsolete configurations

Update ADO build configuration to target .NET 9.0 and add .vscode to .gitignore

Update GitHub workflows to target .NET 9.0 and improve formatting steps

Update .gitignore and improve Build scripts for .NET 9.0 compatibility

Directory.Packages.props fixes
  • Loading branch information
@AllDwarf
AllDwarf committed Jan 21, 2025
1 parent 7af574f commit 0884878
Show file tree
Hide file tree
Showing 37 changed files with 194 additions and 326 deletions.
6 changes: 1 addition & 5 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,7 @@ jobs:
- name: Setup .NET SDK
uses: actions/setup-dotnet@v4
with:
dotnet-version: 3.1.x
- name: Setup .NET SDK
uses: actions/setup-dotnet@v4
with:
dotnet-version: 8.0.x
dotnet-version: 9.0.x

- name: Checkout repository
uses: actions/checkout@v4
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/dotnet-format.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,18 @@ name: dotnet format

on:
pull_request:
branches: [ main ]
branches: [main]

jobs:
check-format:
runs-on: windows-latest

steps:
- name: check out code
uses: actions/checkout@v4
- name: check out code
uses: actions/checkout@v4

- name: Install format tool
run: dotnet tool install -g dotnet-format
- name: Install format tool
run: dotnet tool install -g dotnet-format

- name: dotnet format
run: dotnet-format --folder --check
- name: dotnet format
run: dotnet-format --folder --check
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,4 @@ x64/

# Workaround for an msbuild/dotnet bug on Linux
src/BinSkimLinux.sln
.vscode/settings.json
35 changes: 16 additions & 19 deletions BuildAndTest.cmd
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,18 +25,18 @@ call SetCurrentVersion.cmd
set VERSION_CONSTANTS=%~dp0src\BinaryParsers\VersionConstants.cs

@REM Rewrite VersionConstants.cs
echo // Copyright (c) Microsoft. All rights reserved. Licensed under the MIT > %VERSION_CONSTANTS%
echo // license. See LICENSE file in the project root for full license information. >> %VERSION_CONSTANTS%
echo namespace Microsoft.CodeAnalysis.IL >> %VERSION_CONSTANTS%
echo { >> %VERSION_CONSTANTS%
echo public static class VersionConstants >> %VERSION_CONSTANTS%
echo { >> %VERSION_CONSTANTS%
echo public const string Prerelease = "%PRERELEASE%"; >> %VERSION_CONSTANTS%
echo public const string AssemblyVersion = "%MAJOR%.%MINOR%.%PATCH%" + ".0"; >> %VERSION_CONSTANTS%
echo public const string FileVersion = "%MAJOR%.%MINOR%.%PATCH%" + ".0"; >> %VERSION_CONSTANTS%
echo public const string Version = AssemblyVersion + Prerelease; >> %VERSION_CONSTANTS%
echo } >> %VERSION_CONSTANTS%
echo } >> %VERSION_CONSTANTS%
echo // Copyright (c) Microsoft. All rights reserved. Licensed under the MIT> %VERSION_CONSTANTS%
echo // license. See LICENSE file in the project root for full license information.>> %VERSION_CONSTANTS%
echo namespace Microsoft.CodeAnalysis.IL>> %VERSION_CONSTANTS%
echo {>> %VERSION_CONSTANTS%
echo public static class VersionConstants>> %VERSION_CONSTANTS%
echo {>> %VERSION_CONSTANTS%
echo public const string Prerelease = "%PRERELEASE%";>> %VERSION_CONSTANTS%
echo public const string AssemblyVersion = "%MAJOR%.%MINOR%.%PATCH%" + ".0";>> %VERSION_CONSTANTS%
echo public const string FileVersion = "%MAJOR%.%MINOR%.%PATCH%" + ".0";>> %VERSION_CONSTANTS%
echo public const string Version = AssemblyVersion + Prerelease;>> %VERSION_CONSTANTS%
echo }>> %VERSION_CONSTANTS%
echo }>> %VERSION_CONSTANTS%


::Restore packages
Expand All @@ -63,12 +63,9 @@ call :RunTestProject BinSkim.Rules Functional || goto :ExitFailed

::Create the BinSkim platform specific publish packages
echo Creating Platform Specific BinSkim 'Publish' Packages
call :CreatePublishPackage netcoreapp3.1 win-x64 || goto :ExitFailed
call :CreatePublishPackage netcoreapp3.1 linux-x64 || goto :ExitFailed
call :CreatePublishPackage netcoreapp3.1 osx-x64 || goto :ExitFailed
call :CreatePublishPackage net6.0 win-x64 || goto :ExitFailed
call :CreatePublishPackage net6.0 linux-x64 || goto :ExitFailed
call :CreatePublishPackage net6.0 osx-x64 || goto :ExitFailed
call :CreatePublishPackage net9.0 win-x64 || goto :ExitFailed
call :CreatePublishPackage net9.0 linux-x64 || goto :ExitFailed
call :CreatePublishPackage net9.0 osx-x64 || goto :ExitFailed

::Build NuGet package
echo BuildPackages.cmd
Expand All @@ -79,7 +76,7 @@ dotnet tool update --global dotnet-format

::Update BinSkimRules.md to cover any xml changes
echo Exporting any BinSkim rules
.\bld\bin\x64_Release\netcoreapp3.1\BinSkim.exe export-rules .\docs\BinSkimRules.md
.\bld\bin\x64_Release\net9.0\BinSkim.exe export-rules .\docs\BinSkimRules.md

goto :Exit

Expand Down
8 changes: 4 additions & 4 deletions BuildAndTest.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ fi

dotnet build src/BinSkimUnix.sln --configuration Release /p:Platform="x64"

dotnet test bld/bin/x64_Release/netcoreapp3.1/Test.FunctionalTests.BinSkim.Driver.dll
dotnet test bld/bin/x64_Release/netcoreapp3.1/Test.FunctionalTests.BinSkim.Rules.dll
dotnet test bld/bin/x64_Release/netcoreapp3.1/Test.UnitTests.BinaryParsers.dll
dotnet test bld/bin/x64_Release/netcoreapp3.1/Test.UnitTests.BinSkim.Rules.dll
dotnet test bld/bin/x64_Release/net9.0/Test.FunctionalTests.BinSkim.Driver.dll
dotnet test bld/bin/x64_Release/net9.0/Test.FunctionalTests.BinSkim.Rules.dll
dotnet test bld/bin/x64_Release/net9.0/Test.UnitTests.BinaryParsers.dll
dotnet test bld/bin/x64_Release/net9.0/Test.UnitTests.BinSkim.Rules.dll
50 changes: 25 additions & 25 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,34 +27,34 @@ If you only want to run the Binskim tool without installing anything, then you c
1. Download BinSkim from **[NuGet](https://www.nuget.org/packages/Microsoft.CodeAnalysis.BinSkim/)**
2. Rename the file extension from .nupkg to .zip (ie. via commandline: `rename microsoft.codeanalysis.binskim.x.y.z.nupkg microsoft.codeanalysis.binskim.x.y.z.zip`)
3. Unzip
4. Executable files are now available in the OS specific folder within _tools\netcoreapp3.1_ (ie. linux-x64, win-x64, and osx-x64).
4. Executable files are now available in the OS specific folder within _tools\net9.0_ (ie. linux-x64, win-x64, and osx-x64).
5. Navigate to this location to invoke the executable:
- Windows: `binskim.exe analyze c:\bld\*.dll --recurse true --output MyRun.sarif`
- Linux/Unix: `./BinSkim analyze /someDirectory/testBinary -o MyRun.sarif`
- Mac: `./BinSkim analyze /someDirectory/testBinary -o MyRun.sarif`
- Using dotnet sdk: `dotnet binskim.dll analyze /directoryPath/testBinary -o MyRun.sarif`
- Windows: `binskim.exe analyze c:\bld\*.dll --recurse true --output MyRun.sarif`
- Linux/Unix: `./BinSkim analyze /someDirectory/testBinary -o MyRun.sarif`
- Mac: `./BinSkim analyze /someDirectory/testBinary -o MyRun.sarif`
- Using dotnet sdk: `dotnet binskim.dll analyze /directoryPath/testBinary -o MyRun.sarif`

### Command-Line Quick Guide

| Argument (short form, long form) | Meaning |
| -------------------------------- | ------- |
| **`--trace`** | Execution traces, expressed as a semicolon-delimited list enclosed in double quotes, that should be emitted to the console and log file (if appropriate). Valid values: PdbLoad, ScanTime, RuleScanTime, PeakWorkingSet, TargetsScanned, ResultsSummary. |
| **`--sympath`** | Symbol paths, expressed as a semicolon-delimited list enclosed in double quotes. (e.g. `SRV*https://msdl.microsoft.com/download/symbols` or `Cache*d:\symbols;Srv*https://symweb`) See https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/advanced-symsrv-use for syntax information. |
| **`--local-symbol-directories`** | Local directory paths, expressed as a semicolon-delimited list enclosed in double quotes, that will be examined when attempting to locate PDBs. |
| **`-o, --output`** | File path used to write and output analysis using [SARIF](https://github.com/Microsoft/sarif-sdk) |
| **`-r, --recurse [true\|false]`** | If true, recurse into subdirectories when evaluating file specifier arguments |
| **`-c, --config`** | (Default: ‘default’) Path to policy file to be used to configure analysis. Passing value of 'default' (or omitting the argument) invokes built-in settings |
| **`-q, --quiet [true\|false]`** | If true, do not log results to the console |
| **`-s, --statistics`** | Generate timing and other statistics for analysis session |
| **`--insert`** | Optionally present data, expressed as a semicolon-delimited list enclosed in double quotes, that should be inserted into the log file. Valid values include Hashes, TextFiles, BinaryFiles, EnvironmentVariables, RegionSnippets, ContextRegionSnippets, ContextRegionSnippetPartialFingerprints, Guids, VersionControlDetails, and NondeterministicProperties. |
| **`-e, --environment [true\|false]`** | <p>If true, log machine environment details of run to output file.</p><p>**WARNING:** This option records potentially sensitive information (such as all environment variable values) to the log file.</p> |
| **`-p, --plugin`** | Paths to plugin, expressed as a semicolon-delimited list enclosed in double quotes, that will be invoked against all targets in the analysis set. |
| **`--rich-return-code [true\|false]`** | If true, output a more detailed exit code consisting of a series of flags about execution, rather than outputting '0' for success/'1' for failure (see codes below) |
| **`--level`** | Failure levels, expressed as a semicolon-delimited list enclosed in double quotes, that is used to filter the scan results. Valid values: Error, Warning and Note. |
| **`--kind`** | Result kinds, expressed as a semicolon-delimited list enclosed in double quotes, that is used to filter the scan results. Valid values: Fail (for literal scan results), Pass, Review, Open, NotApplicable and Informational. |
| **`--baseline`** | A Sarif file to be used as baseline. |
| **`--help`** | Table of argument information. |
| **`--version`** | BinSkim version details. |
| **`value pos. 0`** | One or more specifiers to a file, directory, or filter pattern that resolves to one or more binaries to analyze. |
| Argument (short form, long form) | Meaning |
| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **`--trace`** | Execution traces, expressed as a semicolon-delimited list enclosed in double quotes, that should be emitted to the console and log file (if appropriate). Valid values: PdbLoad, ScanTime, RuleScanTime, PeakWorkingSet, TargetsScanned, ResultsSummary. |
| **`--sympath`** | Symbol paths, expressed as a semicolon-delimited list enclosed in double quotes. (e.g. `SRV*https://msdl.microsoft.com/download/symbols` or `Cache*d:\symbols;Srv*https://symweb`) See https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/advanced-symsrv-use for syntax information. |
| **`--local-symbol-directories`** | Local directory paths, expressed as a semicolon-delimited list enclosed in double quotes, that will be examined when attempting to locate PDBs. |
| **`-o, --output`** | File path used to write and output analysis using [SARIF](https://github.com/Microsoft/sarif-sdk) |
| **`-r, --recurse [true\|false]`** | If true, recurse into subdirectories when evaluating file specifier arguments |
| **`-c, --config`** | (Default: ‘default’) Path to policy file to be used to configure analysis. Passing value of 'default' (or omitting the argument) invokes built-in settings |
| **`-q, --quiet [true\|false]`** | If true, do not log results to the console |
| **`-s, --statistics`** | Generate timing and other statistics for analysis session |
| **`--insert`** | Optionally present data, expressed as a semicolon-delimited list enclosed in double quotes, that should be inserted into the log file. Valid values include Hashes, TextFiles, BinaryFiles, EnvironmentVariables, RegionSnippets, ContextRegionSnippets, ContextRegionSnippetPartialFingerprints, Guids, VersionControlDetails, and NondeterministicProperties. |
| **`-e, --environment [true\|false]`** | <p>If true, log machine environment details of run to output file.</p><p>**WARNING:** This option records potentially sensitive information (such as all environment variable values) to the log file.</p> |
| **`-p, --plugin`** | Paths to plugin, expressed as a semicolon-delimited list enclosed in double quotes, that will be invoked against all targets in the analysis set. |
| **`--rich-return-code [true\|false]`** | If true, output a more detailed exit code consisting of a series of flags about execution, rather than outputting '0' for success/'1' for failure (see codes below) |
| **`--level`** | Failure levels, expressed as a semicolon-delimited list enclosed in double quotes, that is used to filter the scan results. Valid values: Error, Warning and Note. |
| **`--kind`** | Result kinds, expressed as a semicolon-delimited list enclosed in double quotes, that is used to filter the scan results. Valid values: Fail (for literal scan results), Pass, Review, Open, NotApplicable and Informational. |
| **`--baseline`** | A Sarif file to be used as baseline. |
| **`--help`** | Table of argument information. |
| **`--version`** | BinSkim version details. |
| **`value pos. 0`** | One or more specifiers to a file, directory, or filter pattern that resolves to one or more binaries to analyze. |

**Example:** `binskim.exe analyze c:\bld\*.dll --recurse true --output MyRun.sarif`
52 changes: 8 additions & 44 deletions ado-build.yml
View file
Original file line number Diff line number Diff line change
@@ -1,29 +1,17 @@
pr:
- "*"
- "*"9.0.x

jobs:
- job: linux
pool:
vmImage: "ubuntu-20.04"
steps:
- task: UseDotNet@2
displayName: .NET Core 3.1 sdk
inputs:
version: "3.1.x"
packageType: sdk

- task: UseDotNet@2
displayName: .NET Core 6.0 sdk
inputs:
version: "6.0.x"
packageType: sdk

- checkout: self

- task: UseDotNet@2
displayName: .NET Core 8 sdk
displayName: .NET Core 9 sdk
inputs:
version: "8.0.x"
version: "9.0.x"
packageType: sdk

- task: Bash@3
Expand All @@ -37,21 +25,9 @@ jobs:
vmImage: "windows-latest"
steps:
- task: UseDotNet@2
displayName: .NET Core 3.1 sdk
inputs:
version: "3.1.x"
packageType: sdk

- task: UseDotNet@2
displayName: .NET Core 6.0 sdk
displayName: .NET Core 9 sdk
inputs:
version: "6.0.x"
packageType: sdk

- task: UseDotNet@2
displayName: .NET Core 8 sdk
inputs:
version: "8.0.x"
version: "9.0.x"
packageType: sdk

- checkout: self
Expand All @@ -68,21 +44,9 @@ jobs:
vmImage: "macOS-latest"
steps:
- task: UseDotNet@2
displayName: .NET Core 3.1 sdk
inputs:
version: "3.1.x"
packageType: sdk

- task: UseDotNet@2
displayName: .NET Core 6.0 sdk
inputs:
version: "6.0.x"
packageType: sdk

- task: UseDotNet@2
displayName: .NET Core 8 sdk
displayName: .NET Core 9 sdk
inputs:
version: "8.0.x"
version: "9.0.x"
packageType: sdk

- checkout: self
Expand All @@ -97,4 +61,4 @@ jobs:
displayName: "Run BinSkim"
inputs:
targetType: "inline"
script: "dotnet bld/bin/x64_Release/netcoreapp3.1/binskim.dll analyze src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/macho.*"
script: "dotnet bld/bin/x64_Release/net9.0/binskim.dll analyze src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/macho.*"
9 changes: 0 additions & 9 deletions global.json
View file

This file was deleted.

Loading

0 comments on commit 0884878

Please sign in to comment.