Exclude ARM Binaries from BA2025 analysis #650
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
marmegh
commented
Jun 1, 2022
| { | ||
| reasonForNotAnalyzing = MetadataConditions.ImageIsArmBinary; | ||
| return notApplicable; | ||
| } |
There was a problem hiding this comment.
This is the only logic update for this change. Specifically, excluding ARM binaries from BA2025 analysis in a similar fashion as ARM64 binaries.
There was a problem hiding this comment.
Nice code comment! Absolutely the info I was looking for. :)
marmegh
commented
Jun 1, 2022
| @@ -10,6 +10,7 @@ public static class MetadataConditions | |||
| public static readonly string ImageIsNotExe = SdkResources.MetadataCondition_ImageIsNotExe; | |||
| public static readonly string ImageIsNotMachO = SdkResources.MetadataCondition_ImageIsNotMachO; | |||
| public static readonly string CouldNotLoadPdb = SdkResources.MetadataCondition_CouldNotLoadPdb; | |||
| public static readonly string ImageIsArmBinary = SdkResources.MetadataCondition_ImageIsArmBinary; | |||
There was a problem hiding this comment.
marmegh
commented
Jun 1, 2022
| AnalysisApplicability expectedApplicability, | ||
| string ruleName, | ||
| string expectedReasonForNotAnalyzing) | ||
| { |
There was a problem hiding this comment.
Created method for shared code.
shaopeng-gh
reviewed
Jun 10, 2022
| @@ -460,6 +498,17 @@ private HashSet<string> GetTestFilesMatchingConditions(HashSet<string> metadataC | |||
| result.Add(Path.Combine(testFilesDirectory, "DotnetNative_x86_VS2019_UniversalApp.exe")); | |||
| } | |||
|
|
|||
| if (metadataConditions.Contains(MetadataConditions.ImageIsArmBinary)) | |||
| { | |||
| result.Add(Path.Combine(testFilesDirectory, "ARM_CETShadowStack_NotApplicable.exe")); | |||
shaopeng-gh
reviewed
Jun 10, 2022
| string expectedReasonForNotAnalyzing) | ||
| { | ||
|
|
||
| var context = new BinaryAnalyzerContext(); |
There was a problem hiding this comment.
first line empty can be removed. #Closed
shaopeng-gh
reviewed
Jun 10, 2022
src/ReleaseHistory.md
Outdated
| @@ -7,6 +7,7 @@ | |||
| * Bump ELFSharp from 2.14.0 to 2.15.0. [#631](https://github.com/microsoft/binskim/pull/631) | |||
| * FEATURE: Enable BinSkim for MacOS. [#576](https://github.com/microsoft/binskim/pull/576) | |||
| * Bump Sarif.Sdk by updating submodule from [4e9f606 to fc9a9df](https://github.com/microsoft/sarif-sdk/compare/4e9f606bb0e88428866e253352cdc70dc68f98cb...fc9a9dfb865096b5aaa9fa3651854670940f7459). [#638](https://github.com/microsoft/binskim/pull/638) | |||
| * BUGFIX: Fix `BA2025.EnableShadowStack` warning for ARM Binaries which cannot use `/CETCOMPAT`. [#650](https://github.com/microsoft/binskim/pull/650) | |||
There was a problem hiding this comment.
BUGFIX: Fix
BA2025.EnableShadowStackwarning for ARM Binaries which cannot use/CETCOMPAT.
I see a sample below:
FALSE POSITIVE FIX: Skip PDB-driven analysis for the generated .NET core native bootstrap exe (which is not user-controllable code).
See if we think this template is better for this change
FALSE POSITIVE FIX: Skip rule xxx for xxx (reason) #Closed
shaopeng-gh
reviewed
Jun 11, 2022
| @@ -47,3 +47,40 @@ Also create two user functions `userfn_use_safebuffers_1()` and `userfn_use_safe | |||
| A simple `Windows Kernel Mode Driver` program, created with `Visual Studio 2019` that generates a .exe and associated .pdb file. Code to reproduce: | |||
| Use `NTSTATUS GsDriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath)` as entry point and do not decorated with `__declspec(safebuffers)`. | |||
| No user functions decorated with `__declspec(safebuffers)`. | |||
|
|
|||
| ## ARM64_CETShadowStack_NotApplicable.exe | |||
There was a problem hiding this comment.
add a empty line consistent with others
| this.VerifyApplicability( | ||
| HashSet<string> notApplicableArm64 = new HashSet<string>() { MetadataConditions.ImageIsArm64BitBinary }; | ||
|
|
||
| this.VerifyApplicabililtyByConditionsOnly( |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Addressing issue #627 by: