-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new PE CV_CFL_LANG language code for ALIASOBJ and Rust #530
Conversation
…/microsoft/binskim into users/shaopeng-gh/addnewlangcode
"helpUri": "https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2002DoNotIncorporateVulnerableDependencies", | ||
"help": { | ||
"text": "Binaries should not take dependencies on code with known security vulnerabilities." | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you verify what happened?
this should not happen. #Resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I ran the re-baseline, will see why there is this change. The order of the json node changed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
found the reason,
not related to our change,
was the result of changing the AnalyzeCommand to use MultithreadedAnalyzeCommandBase. I did verified if change it back this will disappear.
f87857a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we have fixed the sdk, got the latest from main and re-ran the baseline, now these order changes are gone.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -92,5 +109,27 @@ public void PEBinary_TryLoadPdbFromSymbolFolder() | |||
peBinary.PdbParseException.Should().BeNull(); | |||
} | |||
} | |||
|
|||
private static bool IfContainsLanguagueCode(string fileName, Language language) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In general, you can simply use 'Contains' for these, we generally don't burn 'If' into this sort of boolean test.
Look at the way the code reads, do you see the duplication of 'if'?
if (IfContainsLanguageCode...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if (IfContainsLanguageCode...
---- thanks for the example. fixed.
HLSL = 0x10, // High Level Shader Language | ||
ObjectiveC = 0x11, | ||
ObjectiveCxx = 0x12, | ||
Swift = 0x13, | ||
ALIASOBJ = 0x14, // module generated by the aliasobj tool | ||
Rust = 0x15, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What does adding these accomplish? Does it prevent an error if we come across one of these files while trying to analyze a repo? Does it unblock future work? What does the customer get out of this addition? #Resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the only thing it is for is when the compilers Clang/GCC starts to emit the 0x15 value when the program is Rust program,
our tool will be able to parse it as "Rust" and show correctly.
src/ReleaseHistory.md
Outdated
@@ -1,5 +1,9 @@ | |||
# BinSkim Release History | |||
|
|||
## Unreleased | |||
|
|||
* FEATURE: Add new PE CV_CFL_LANG language code for ALIASOBJ and Rust. [530](https://github.com/microsoft/binskim/pull/530) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agree, changed to the other one BUGFIX
src/ReleaseHistory.md
Outdated
@@ -1,5 +1,9 @@ | |||
# BinSkim Release History | |||
|
|||
## Unreleased | |||
|
|||
* FEATURE: Add new PE CV_CFL_LANG language code for ALIASOBJ and Rust. [530](https://github.com/microsoft/binskim/pull/530) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added backticks.
CVTRES = 0x08, | ||
CVTPGD = 0x09, | ||
LINK = 0x07, // linker-generated module | ||
CVTRES = 0x08, // resource module converted with CVTRES tool |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Java = 0x0D, | ||
JScript = 0x0E, | ||
MSIL = 0x0F, | ||
MSIL = 0x0F, // Microsoft Intermediate Language (MSIL), possibly a result of using the /LTCG (Link-time Code Generation) switch |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LINK = 0x07, | ||
CVTRES = 0x08, | ||
CVTPGD = 0x09, | ||
LINK = 0x07, // linker-generated module |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agree some of the comments does not add value at all, removed all to be consistent
HLSL = 0x10, // High Level Shader Language | ||
ObjectiveC = 0x11, | ||
ObjectiveCxx = 0x12, | ||
Swift = 0x13, | ||
ALIASOBJ = 0x14, // module generated by the aliasobj tool |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agree some of the comments does not add value at all, removed all to be consistent
HLSL = 0x10, // High Level Shader Language | ||
ObjectiveC = 0x11, | ||
ObjectiveCxx = 0x12, | ||
Swift = 0x13, | ||
ALIASOBJ = 0x14, // module generated by the aliasobj tool | ||
Rust = 0x15, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, so I think what you've done is to partly port the documentation for enum values over. My feedback to you is: don't do that in an inconsistent way.
You have two choices:
- Author useful comments in places where you think a comment provides additional information over the language name. Is anyone confused by what 'Pascal' means here, for example?
- OR: port all the comments from the documentation, so that every member is consistently documented precisely as it is online.
i.e., stay out of the middle, which is to inconsistently apply exact language in some cases, partial documentation in others, and to ignore others entirely.
V_CFL_C Application language is C.
CV_CFL_CXX Application language is C++.
CV_CFL_FORTRAN Application language is FORTRAN.
CV_CFL_MASM Application language is Microsoft Macro Assembler.
CV_CFL_PASCAL Application language is Pascal.
CV_CFL_BASIC Application language is BASIC.
CV_CFL_COBOL Application language is COBOL.
CV_CFL_LINK Application is a linker-generated module.
CV_CFL_CVTRES Application is a resource module converted with CVTRES tool.
CV_CFL_CVTPGD Application is a POGO optimized module generated with CVTPGD tool.
CV_CFL_CSHARP Application language is C#.
CV_CFL_VB Application language is Visual Basic.
CV_CFL_ILASM Application language is intermediate language assembly (that is, Common Language Runtime (CLR) assembly).
CV_CFL_JAVA Application language is Java.
CV_CFL_JSCRIPT Application language is Jscript.
CV_CFL_MSIL Application language is an unknown Microsoft Intermediate Language (MSIL), possibly a result of using the /LTCG (Link-time Code Generation) switch.
CV_CFL_HLSL Application language is High Level Shader Language.
CV_CFL_OBJC Application language is Objective-C.
CV_CFL_OBJCXX Application language is Objective-C++.
CV_CFL_SWIFT Application language is Swift.
CV_CFL_ALIASOBJ Application is a module generated by the aliasobj tool.
CV_CFL_RUST Application language is Rust.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
stay out of the middle --- agree
and also agree some of the comments does not add value at all, so removed all to be consistent.
How did you generate your test binaries? Why aren't we checking in build scripts? It is not clear to me what compiler settings you are using. If someone needs to update your test binaries in the future, they will not be able to leverage your approach. In general, please try to help engineers in the future who will update your changes. In reply to: 1021451914 In reply to: 1021451914 In reply to: 1021451914 Refers to: src/Test.FunctionalTests.BinSkim.Driver/BaselineTestsData/Expected/clangcl.pe.c.codeview.exe.sarif:2 in 9b9d3a6. [](commit_id = 9b9d3a6, deletion_comment = False) |
@@ -70,6 +74,19 @@ public void PEBinary_PdbIsStripped() | |||
} | |||
} | |||
|
|||
[Fact] | |||
public void PEBinary_LanguagueCode() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Language is misspelled in this name. --- found I have several places, searched and fixed all.
updated the name.
@@ -224,28 +224,35 @@ public string GetDialect(out string versionNumber) | |||
} | |||
} | |||
|
|||
/// <summary> | |||
/// Information about the CV_CFL_LANG enumeration, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How did you review these data files? In general, these files contain too much junk to be easily verified by simply viewing them as json. Look at all the not applicable warnings. In reply to: 1021455602 In reply to: 1021455602 In reply to: 1021455602 Refers to: src/Test.FunctionalTests.BinSkim.Driver/BaselineTestsData/Expected/Native_x64_RustC_Rust_debuginfo2_v1.57.exe.sarif:6 in 9b9d3a6. [](commit_id = 9b9d3a6, deletion_comment = False) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🕐
LINK = 0x07, | ||
CVTRES = 0x08, | ||
CVTPGD = 0x09, | ||
LINK = 0x07, // linker-generated module |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agree some of the comments does not add value at all, removed all to be consistent
src/ReleaseHistory.md
Outdated
@@ -2,6 +2,7 @@ | |||
|
|||
## Unreleased | |||
|
|||
* BUGFIX: Add new PE `CV_CFL_LANG` language code for `ALIASOBJ` and `Rust`. [530](https://github.com/microsoft/binskim/pull/530) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
originally I set as FEATURE,
but we think FEATURE is not buying us much in this document.
I don't think BREAKING is good here too,
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@michaelcfanning and @VCOLAWTON is there a better label we can use for this type of code change for documentation purposes? FEATURE and BUGFIX both don't fit this scenario.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🕐
We should stop pushing SARIF files to the code. Can you figure it out a way to prevent this? How can we test without re-baseline over and over? In reply to: 1029461711 |
This is hard to maintain. --- agree. but I think this do have value, remember we found out somehow our order of the json node changes, In reply to: 1029461711 |
What we need to do is to stop depending entirely on file diffs to verify analysis. It is a useful technique but you can't use it for everything, it's a fragile approach and the diffs become overwhelming. Notice that you haven't added a code-only test for this change: that's the primary issue: we have no code-based unit test mechanism for you to isolate/verify code changes. We need to address that. Separately, my sense is that we should stop producing highly verbose log files for every test binary. i.e., our inventory of test binaries should generally be focused on specific rules (and their error-level output). Now, what we lose here is exhaustive testing of verbose output (like 'not applicable' testing). We could retain verbose testing for a smaller number of binaries. Or we could author more unit-tests that report conditions in the IDE, rather than via code diffs. In reply to: 1029481349 |
got it, will change to add code-based unit tests. In reply to: 1029484759 |
I see Rust have a new version 1.58.1 will give it a try and update PR. In reply to: 1029530224 |
as of 1.58.1 it is still not using the new lang code. I have updated the test to use the new version. In reply to: 1039566742 |
src/ReleaseHistory.md
Outdated
@@ -1,5 +1,9 @@ | |||
# BinSkim Release History | |||
|
|||
## Unreleased | |||
|
|||
* BUGFIX: Add new PE `CV_CFL_LANG` language code for `ALIASOBJ` and `Rust`. [530](https://github.com/microsoft/binskim/pull/530) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Description:
Add new PE CV_CFL_LANG language code for ALIASOBJ and RUST.