Enable analysis for managed binary #335
Conversation
| @@ -43,7 +43,7 @@ private Pdb LoadPdb() | |||
| // We should never be required to load a PDB for a managed assembly that does | |||
| // not incorporate native code, as no managed-relevant rule currently crawls | |||
| // PDBs for its analysis. | |||
There was a problem hiding this comment.
delete all this eventually. :) #Closed
| @@ -5,6 +5,12 @@ | |||
| <RootNamespace>Microsoft.CodeAnalysis.BinaryParsers</RootNamespace> | |||
| <TargetFramework>$(NetStandardVersion)</TargetFramework> | |||
| </PropertyGroup> | |||
| <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'"> | |||
| <AllowUnsafeBlocks>true</AllowUnsafeBlocks> | |||
There was a problem hiding this comment.
Can collapse this into a single property group if you remove the condition attribute #Closed
| } | ||
| } | ||
|
|
||
| return false; |
There was a problem hiding this comment.
return false [](start = 12, length = 12)
Always prefer early exit if possible. So, change the code to say if (!TryOpen) then return false immediately. #Closed
| public bool IsChecksumAlgorithmSecureForFullPdb() | ||
| { | ||
| const string sha256 = "8829d00f-11b8-4213-878b-770e8597ac16"; | ||
| var sha256guid = new Guid(sha256); |
There was a problem hiding this comment.
declare a private static readonly Guid that's initialized to this. #Closed
| const string sha256 = "8829d00f-11b8-4213-878b-770e8597ac16"; | ||
| var sha256guid = new Guid(sha256); | ||
|
|
||
| if (this.peReader.TryOpenAssociatedPortablePdb( |
There was a problem hiding this comment.
TryOpenAssociatedPortablePdb [](start = 30, length = 28)
eventually pdb location logic needs to understand binskim's '--local-symbol-directories' command-line arguments. let's open an issue and take this in a future change. #Closed
| @@ -789,5 +789,66 @@ public bool IsWixBinary | |||
| return this.isWixBinary.Value; | |||
| } | |||
| } | |||
|
|
|||
| public bool IsChecksumAlgorithmSecureForPortablePdb() | |||
There was a problem hiding this comment.
IsChecksumAlgorithmSecureForPortablePdb [](start = 20, length = 39)
rather than creating these helpers, you should add a helper that simply returns the checksum algorithm for managed PDBs.
ManagedPdbSourceFileChecksumAlgorithm { get; }
There was a problem hiding this comment.
This property s/be on the PDB class, not in the PE class.
In reply to: 563213952 [](ancestors = 563213952)
There was a problem hiding this comment.
oh...remembered why i didn't move the below logic to pdb.cs: to do th reading I need a few things: peReader and the metadatareader.
In reply to: 563214137 [](ancestors = 563214137,563213952)
There was a problem hiding this comment.
Changed a little bit, let me know what do u think.
In reply to: 563297494 [](ancestors = 563297494,563214137,563213952)
| @@ -134,6 +143,42 @@ private void WindowsNativeLoadPdbUsingDia(string pePath, string symbolPath, stri | |||
|
|
|||
| public bool IsStripped => this.GlobalScope.IsStripped; | |||
|
|
|||
| public PdbFileType FileType | |||
There was a problem hiding this comment.
You should cache this property value rather than computing it every time. #Resolved
There was a problem hiding this comment.
| get | ||
| { | ||
| string path = this.session.globalScope.symbolsFileName; | ||
| if (File.Exists(path)) |
There was a problem hiding this comment.
Make this if (File.Exists(path) || !Directory.Exists(path)) { return path;}
and you will simplify the remaining code. #Closed
There was a problem hiding this comment.
| // if (portableExecutable.IsResourceOnly) { return result; } | ||
| if (target.PE.IsManaged && di == null) | ||
| { | ||
| reasonForNotAnalyzing = MetadataConditions.CouldNotLoadPdb; |
There was a problem hiding this comment.
reasonForNotAnalyzing = MetadataConditions.CouldNotLoadPdb [](start = 16, length = 58)
in other checks, the absence of a PDB results in an error level notification, not a 'not applicable' message. 'Not applicable' is not the right return value here, as this return value means 'the binary isn't a valid scan target'. that's not true here, managed code is a valid scan target, the problem is that we can't analyze it due to a missing pdb. you should go look and see how the native pdb reading errors handle a missing pdb.
There was a problem hiding this comment.
can you validate again? pushed new changes. Thank you
In reply to: 563214549 [](ancestors = 563214549)
| @@ -62,7 +62,7 @@ | |||
| "arguments": [ | |||
| "Binskim.win-x86.RTR.dll", | |||
| "EnableSecureSourceCodeHashing", | |||
| "image is a managed IL library (i.e., ahead of time compiled) assembly" | |||
| "an exception occurred attempting to load its pdb" | |||
There was a problem hiding this comment.
"an exception occurred attempting to load its pdb" [](start = 14, length = 50)
this is wrong. a missing PDB is an error (because analysis that could have occurred did not). 'not applicable' means, 'we didn't look at this because the analysis is not applicable to this scan target'
No description provided.