dotnet ELF support

Signed-off-by: Prabhu Subramanian <[email protected]>

Author: prabhu

blint/binary.py

@@ -748,9 +748,8 @@ def add_elf_metadata(exe_file, metadata, parsed_obj):
     if exe_type:
         metadata["exe_type"] = exe_type
     metadata["functions"] = parse_functions(parsed_obj.functions)
-
     metadata["ctor_functions"] = parse_functions(parsed_obj.ctor_functions)
-
+    metadata["dotnet_dependencies"] = parse_overlay(parsed_obj)
     return metadata
 
 
@@ -886,11 +885,11 @@ def determine_elf_flags(header):
     return eflags_str
 
 
-def parse_pe_overlay(parsed_obj: lief.PE.Binary) -> dict[str, dict]:
+def parse_overlay(parsed_obj: lief.Binary) -> dict[str, dict]:
     """
-    Parse the PE overlay section to extract dependencies
+    Parse the overlay section to extract dotnet dependencies
     Args:
-        parsed_obj (lief.PE.Binary): The parsed object representing the PE binary.
+        parsed_obj (lief.Binary): The parsed object representing the PE binary.
 
     Returns:
         dict: Dict representing the deps.json if available.
@@ -902,6 +901,7 @@ def parse_pe_overlay(parsed_obj: lief.PE.Binary) -> dict[str, dict]:
                        .replace("\0", "")
                        .replace("\n", "")
                        .replace("  ", ""))
+        print (overlay_str)
         if overlay_str.find('{"runtimeTarget') > -1:
             start_index = overlay_str.find('{"runtimeTarget')
             end_index = overlay_str.rfind('}}}')
@@ -964,9 +964,9 @@ def add_pe_metadata(exe_file, metadata, parsed_obj):
         metadata["exception_functions"] = parse_functions(parsed_obj.exception_functions)
         # Detect if this PE might be dotnet
         for i, dd in enumerate(parsed_obj.data_directories):
-            if i == 14 and type(dd) == "CLR_RUNTIME_HEADER":
+            if i == 14 and isinstance(dd, lief.PE.DataDirectory.TYPES.CLR_RUNTIME_HEADER):
                 metadata["is_dotnet"] = True
-        metadata["pe_dependencies"] = parse_pe_overlay(parsed_obj)
+        metadata["dotnet_dependencies"] = parse_overlay(parsed_obj)
         tls = parsed_obj.tls
         if tls and tls.sizeof_zero_fill:
             metadata["tls_address_index"] = tls.addressof_index

blint/sbom.py

@@ -356,9 +356,9 @@ def process_exe_file(
         for entry in metadata["dynamic_entries"]:
             comp = create_dynamic_component(entry, exe)
             lib_components.append(comp)
-    # Convert libraries and targets from PE binaries
-    if metadata.get("pe_dependencies"):
-        pe_components = process_pe_dependencies(metadata.get("pe_dependencies"), dependencies_dict)
+    # Convert libraries and targets from dotnet binaries
+    if metadata.get("dotnet_dependencies"):
+        pe_components = process_dotnet_dependencies(metadata.get("dotnet_dependencies"), dependencies_dict)
         lib_components += pe_components
     if lib_components:
         components += lib_components
@@ -411,10 +411,11 @@ def create_dynamic_component(entry: Dict, exe: str) -> Component:
     Returns:
         Component: The created dynamic component object.
     """
-    purl = f"pkg:file/{entry['name']}"
+    name = entry.get("name", "").removeprefix("$ORIGIN/")
+    purl = f"pkg:file/{name}"
     comp = Component(
         type=Type.library,
-        name=entry["name"],
+        name=name,
         purl=purl,
         evidence=create_component_evidence(exe, 0.5),
         properties=[
@@ -458,19 +459,19 @@ def process_android_file(
     return components
 
 
-def process_pe_dependencies(pe_deps: dict[str, dict], dependencies_dict: dict[str, set]) -> list[Component]:
+def process_dotnet_dependencies(dotnet_deps: dict[str, dict], dependencies_dict: dict[str, set]) -> list[Component]:
     """
-    Process the dependencies metadata extracted for PE binaries
+    Process the dotnet dependencies metadata extracted for binary overlays
 
     Args:
-        pe_deps (dict[str, dict]): PE dependencies metadata
+        dotnet_deps (dict[str, dict]): PE dependencies metadata
         dependencies_dict (dict[str, set]): Existing dependencies dictionary
 
     Returns:
         list: New component list
     """
     components = []
-    libraries = pe_deps.get("libraries", {})
+    libraries = dotnet_deps.get("libraries", {})
     # k: 'Microsoft.CodeAnalysis.Analyzers/3.3.4'
     # v: {'type': 'package', 'serviceable': True, 'sha512': 'sha512-AxkxcPR+rheX0SmvpLVIGLhOUXAKG56a64kV9VQZ4y9gR9ZmPXnqZvHJnmwLSwzrEP6junUF11vuc+aqo5r68g==', 'path': 'microsoft.codeanalysis.analyzers/3.3.4', 'hashPath': 'microsoft.codeanalysis.analyzers.3.3.4.nupkg.sha512'}
     for k, v in libraries.items():
@@ -498,7 +499,7 @@ def process_pe_dependencies(pe_deps: dict[str, dict], dependencies_dict: dict[st
             comp.hashes = [Hash(alg=HashAlg.SHA_512, content=hash_content)],
         comp.bom_ref = RefType(purl)
         components.append(comp)
-    targets: dict[str, dict[str, dict]] = pe_deps.get("targets", {})
+    targets: dict[str, dict[str, dict]] = dotnet_deps.get("targets", {})
     for tk, tv in targets.items():
         for k, v in tv.items():
             tmp_a = k.split("/")