From ddc083932e44e5a16c547d35e95f680576c2e2e9 Mon Sep 17 00:00:00 2001 From: Ryan Fu Date: Wed, 16 Nov 2022 16:45:16 -0800 Subject: [PATCH 1/5] add spectre configuration --- src/PureLib/PureLib.vcxproj | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/PureLib/PureLib.vcxproj b/src/PureLib/PureLib.vcxproj index ac61fa317d..e9eadaf33e 100644 --- a/src/PureLib/PureLib.vcxproj +++ b/src/PureLib/PureLib.vcxproj @@ -52,6 +52,18 @@ v143 Unicode + + Spectre + + + Spectre + + + Spectre + + + Spectre + From c7bded4d08ba5f221660bc4346c1c0a42fba8cf7 Mon Sep 17 00:00:00 2001 From: Ryan Fu Date: Thu, 17 Nov 2022 10:09:06 -0800 Subject: [PATCH 2/5] test binskim task --- azure-pipelines.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index d5a657f19b..98b282a982 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -127,6 +127,17 @@ jobs: TargetFolder: '$(artifactsDir)' condition: succeededOrFailed() + # Run BimSkim for all the binaries + - task: BinSkim@3 + displayName: 'Run BinSkim ' + inputs: + arguments: 'analyze + "$(buildOutDir)\AppInstallerCLI\winget.exe" + "$(buildOutDir)\WinGetUtil\WinGetUtil.dll" + "$(buildOutDir)\WindowsPackageManager\WindowsPackageManager.dll" + "$(buildOutDir)\Microsoft.Management.Deployment.InProc\Microsoft.Management.Deployment.InProc.dll" + "$(buildOutDir)\Microsoft.WinGet.Client\Microsoft.WinGet.*Client.dll" --config default --recurse' + - task: PowerShell@2 displayName: Install Tests Dependencies inputs: @@ -319,6 +330,17 @@ jobs: verbosity: 'Verbose' alertWarningLevel: 'High' + # Run BimSkim for all the binaries + - task: BinSkim@3 + displayName: 'Run BinSkim ' + inputs: + arguments: 'analyze + "$(buildOutDir)\AppInstallerCLI\winget.exe" + "$(buildOutDir)\WinGetUtil\WinGetUtil.dll" + "$(buildOutDir)\WindowsPackageManager\WindowsPackageManager.dll" + "$(buildOutDir)\Microsoft.Management.Deployment.InProc\Microsoft.Management.Deployment.InProc.dll" + "$(buildOutDir)\Microsoft.WinGet.Client\Microsoft.WinGet.*Client.dll" --config default --recurse' + # Run BimSkim for all the binaries - task: BinSkim@3 displayName: 'Run BinSkim ' From 2fe5a9f85fc59f1008023c2f27a527b4436a89a7 Mon Sep 17 00:00:00 2001 From: Ryan Fu Date: Thu, 17 Nov 2022 10:50:05 -0800 Subject: [PATCH 3/5] finalize binskim task --- azure-pipelines.yml | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 98b282a982..584df75d6a 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -127,17 +127,6 @@ jobs: TargetFolder: '$(artifactsDir)' condition: succeededOrFailed() - # Run BimSkim for all the binaries - - task: BinSkim@3 - displayName: 'Run BinSkim ' - inputs: - arguments: 'analyze - "$(buildOutDir)\AppInstallerCLI\winget.exe" - "$(buildOutDir)\WinGetUtil\WinGetUtil.dll" - "$(buildOutDir)\WindowsPackageManager\WindowsPackageManager.dll" - "$(buildOutDir)\Microsoft.Management.Deployment.InProc\Microsoft.Management.Deployment.InProc.dll" - "$(buildOutDir)\Microsoft.WinGet.Client\Microsoft.WinGet.*Client.dll" --config default --recurse' - - task: PowerShell@2 displayName: Install Tests Dependencies inputs: @@ -339,6 +328,7 @@ jobs: "$(buildOutDir)\WinGetUtil\WinGetUtil.dll" "$(buildOutDir)\WindowsPackageManager\WindowsPackageManager.dll" "$(buildOutDir)\Microsoft.Management.Deployment.InProc\Microsoft.Management.Deployment.InProc.dll" + "$(System.DefaultWorkingDirectory)\src\WinGetUtilInterop\bin\$(buildConfiguration)\netstandard2.0\WinGetUtilInterop.dll" "$(buildOutDir)\Microsoft.WinGet.Client\Microsoft.WinGet.*Client.dll" --config default --recurse' # Run BimSkim for all the binaries From d9e7176e0d2fcd2cf696da5986cdd18a9d2c29a1 Mon Sep 17 00:00:00 2001 From: Ryan Fu Date: Thu, 17 Nov 2022 11:48:12 -0800 Subject: [PATCH 4/5] remove extra step --- azure-pipelines.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 584df75d6a..809fbe5379 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -331,12 +331,6 @@ jobs: "$(System.DefaultWorkingDirectory)\src\WinGetUtilInterop\bin\$(buildConfiguration)\netstandard2.0\WinGetUtilInterop.dll" "$(buildOutDir)\Microsoft.WinGet.Client\Microsoft.WinGet.*Client.dll" --config default --recurse' - # Run BimSkim for all the binaries - - task: BinSkim@3 - displayName: 'Run BinSkim ' - inputs: - arguments: 'analyze "$(System.DefaultWorkingDirectory)\src\win*get.exe" "$(System.DefaultWorkingDirectory)\src\WinGet*Util.dll" "$(System.DefaultWorkingDirectory)\src\Windows*PackageManager.dll" "$(System.DefaultWorkingDirectory)\src\Microsoft.Management.Deployment.*InProc.dll" --config default --recurse' - - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2 displayName: 'Publish Security Analysis Logs' From 8505670bc07b8bef225df02ab2014bcaa09743ed Mon Sep 17 00:00:00 2001 From: Ryan Fu Date: Thu, 17 Nov 2022 12:12:48 -0800 Subject: [PATCH 5/5] fix wildcard path --- azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 809fbe5379..ac86b3c968 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -328,7 +328,7 @@ jobs: "$(buildOutDir)\WinGetUtil\WinGetUtil.dll" "$(buildOutDir)\WindowsPackageManager\WindowsPackageManager.dll" "$(buildOutDir)\Microsoft.Management.Deployment.InProc\Microsoft.Management.Deployment.InProc.dll" - "$(System.DefaultWorkingDirectory)\src\WinGetUtilInterop\bin\$(buildConfiguration)\netstandard2.0\WinGetUtilInterop.dll" + "$(Build.SourcesDirectory)\src\WinGetUtilInterop\bin\WinGetUtil*Interop.dll" "$(buildOutDir)\Microsoft.WinGet.Client\Microsoft.WinGet.*Client.dll" --config default --recurse' - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2