-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exclude ARM Binaries from BA2025 analysis #650
Changes from 3 commits
2412b46
bbc85b1
f26ef21
bfd17a3
07444d1
dd45441
075281f
dae55f5
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,6 +10,7 @@ public static class MetadataConditions | |
public static readonly string ImageIsNotExe = SdkResources.MetadataCondition_ImageIsNotExe; | ||
public static readonly string ImageIsNotMachO = SdkResources.MetadataCondition_ImageIsNotMachO; | ||
public static readonly string CouldNotLoadPdb = SdkResources.MetadataCondition_CouldNotLoadPdb; | ||
public static readonly string ImageIsArmBinary = SdkResources.MetadataCondition_ImageIsArmBinary; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
public static readonly string ImageIsDebugOnly = SdkResources.MetadataCondition_ImageIsDebugOnly; | ||
public static readonly string ImageIsNotSigned = SdkResources.MetadataCondition_ImageIsNotSigned; | ||
public static readonly string ImageIsWixBinary = SdkResources.MetadataCondition_ImageIsWixBinary; | ||
|
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -248,6 +248,30 @@ private void VerifyThrows<ExceptionType>( | |
} | ||
} | ||
|
||
private void VerifyApplicabililty( | ||
BinarySkimmer skimmer, | ||
HashSet<string> applicabilityConditions, | ||
string expectedReasonForNotAnalyzing, | ||
AnalysisApplicability expectedApplicability = AnalysisApplicability.NotApplicableToSpecifiedTarget, | ||
bool useDefaultPolicy = false) | ||
{ | ||
|
||
string ruleName = skimmer.GetType().Name; | ||
string testFilesDirectory = GetTestDirectoryFor(ruleName); | ||
testFilesDirectory = Path.Combine(Environment.CurrentDirectory, "FunctionalTestData", testFilesDirectory); | ||
testFilesDirectory = Path.Combine(testFilesDirectory, "NotApplicable"); | ||
|
||
HashSet<string> targets = this.GetTestFilesMatchingConditions(applicabilityConditions); | ||
|
||
VerifyApplicabilityResults( | ||
skimmer, | ||
targets, | ||
useDefaultPolicy, | ||
expectedApplicability, | ||
ruleName, | ||
expectedReasonForNotAnalyzing); | ||
} | ||
|
||
private void VerifyApplicability( | ||
BinarySkimmer skimmer, | ||
HashSet<string> applicabilityConditions, | ||
|
@@ -261,8 +285,6 @@ private void VerifyApplicability( | |
testFilesDirectory = Path.Combine(Environment.CurrentDirectory, "FunctionalTestData", testFilesDirectory); | ||
testFilesDirectory = Path.Combine(testFilesDirectory, "NotApplicable"); | ||
|
||
var context = new BinaryAnalyzerContext(); | ||
|
||
HashSet<string> targets = this.GetTestFilesMatchingConditions(applicabilityConditions); | ||
|
||
if (Directory.Exists(testFilesDirectory)) | ||
|
@@ -276,6 +298,26 @@ private void VerifyApplicability( | |
} | ||
} | ||
|
||
VerifyApplicabilityResults( | ||
skimmer, | ||
targets, | ||
useDefaultPolicy, | ||
expectedApplicability, | ||
ruleName, | ||
expectedReasonForNotAnalyzing); | ||
} | ||
|
||
private void VerifyApplicabilityResults( | ||
BinarySkimmer skimmer, | ||
HashSet<string> targets, | ||
bool useDefaultPolicy, | ||
AnalysisApplicability expectedApplicability, | ||
string ruleName, | ||
string expectedReasonForNotAnalyzing) | ||
{ | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Created method for shared code. |
||
|
||
var context = new BinaryAnalyzerContext(); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. first line empty can be removed. #Closed |
||
|
||
var logger = new TestMessageLogger(); | ||
context.Logger = logger; | ||
|
||
|
@@ -460,6 +502,17 @@ private HashSet<string> GetTestFilesMatchingConditions(HashSet<string> metadataC | |
result.Add(Path.Combine(testFilesDirectory, "DotnetNative_x86_VS2019_UniversalApp.exe")); | ||
} | ||
|
||
if (metadataConditions.Contains(MetadataConditions.ImageIsArmBinary)) | ||
{ | ||
result.Add(Path.Combine(testFilesDirectory, "ARM_CETShadowStack_NotApplicable.exe")); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
} | ||
|
||
if (metadataConditions.Contains(MetadataConditions.ImageIsArm64BitBinary)) | ||
{ | ||
result.Add(Path.Combine(testFilesDirectory, "ARM64_CETShadowStack_NotApplicable.exe")); | ||
result.Add(Path.Combine(testFilesDirectory, "ARM64_dotnet_CETShadowStack_NotApplicable.exe")); | ||
} | ||
|
||
return result; | ||
} | ||
|
||
|
@@ -1166,10 +1219,19 @@ public void BA2025_EnableShadowStack_Fail() | |
[Fact] | ||
public void BA2025_EnableShadowStack_NotApplicable() | ||
{ | ||
this.VerifyApplicability( | ||
HashSet<string> notApplicableArm64 = new HashSet<string>() { MetadataConditions.ImageIsArm64BitBinary }; | ||
|
||
this.VerifyApplicabililty( | ||
skimmer: new EnableShadowStack(), | ||
applicabilityConditions: null, | ||
applicabilityConditions: notApplicableArm64, | ||
expectedReasonForNotAnalyzing: MetadataConditions.ImageIsArm64BitBinary); | ||
|
||
HashSet<string> notApplicableArm = new HashSet<string>() { MetadataConditions.ImageIsArmBinary }; | ||
|
||
this.VerifyApplicabililty( | ||
skimmer: new EnableShadowStack(), | ||
applicabilityConditions: notApplicableArm64, | ||
expectedReasonForNotAnalyzing: MetadataConditions.ImageIsArmBinary); | ||
} | ||
|
||
[Fact] | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the only logic update for this change. Specifically, excluding ARM binaries from BA2025 analysis in a similar fashion as ARM64 binaries.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice code comment! Absolutely the info I was looking for. :)