-
Notifications
You must be signed in to change notification settings - Fork 156
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into users/marekaldorf/MSDIA140.dll_update_to_1.0…
….9734320-17-10-20240615-02
- Loading branch information
Showing
6 changed files
with
352 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
240 changes: 240 additions & 0 deletions
240
...s.BinSkim.Driver/BaselineTestData/Expected/Native_x86_VS2022_PdbRandomlyMissing.dll.sarif
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,240 @@ | ||
{ | ||
"$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.6.json", | ||
"version": "2.1.0", | ||
"runs": [ | ||
{ | ||
"results": [ | ||
{ | ||
"ruleId": "BA2005", | ||
"ruleIndex": 0, | ||
"kind": "pass", | ||
"level": "none", | ||
"message": { | ||
"id": "Pass", | ||
"arguments": [ | ||
"Native_x86_VS2022_PdbRandomlyMissing.dll" | ||
] | ||
}, | ||
"locations": [ | ||
{ | ||
"physicalLocation": { | ||
"artifactLocation": { | ||
"uri": "file:///Z:/src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/Native_x86_VS2022_PdbRandomlyMissing.dll", | ||
"index": 0 | ||
} | ||
} | ||
} | ||
] | ||
}, | ||
{ | ||
"ruleId": "BA2009", | ||
"ruleIndex": 1, | ||
"kind": "pass", | ||
"level": "none", | ||
"message": { | ||
"id": "Pass", | ||
"arguments": [ | ||
"Native_x86_VS2022_PdbRandomlyMissing.dll" | ||
] | ||
}, | ||
"locations": [ | ||
{ | ||
"physicalLocation": { | ||
"artifactLocation": { | ||
"uri": "file:///Z:/src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/Native_x86_VS2022_PdbRandomlyMissing.dll", | ||
"index": 0 | ||
} | ||
} | ||
} | ||
] | ||
}, | ||
{ | ||
"ruleId": "BA2019", | ||
"ruleIndex": 2, | ||
"kind": "pass", | ||
"level": "none", | ||
"message": { | ||
"id": "Pass", | ||
"arguments": [ | ||
"Native_x86_VS2022_PdbRandomlyMissing.dll" | ||
] | ||
}, | ||
"locations": [ | ||
{ | ||
"physicalLocation": { | ||
"artifactLocation": { | ||
"uri": "file:///Z:/src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/Native_x86_VS2022_PdbRandomlyMissing.dll", | ||
"index": 0 | ||
} | ||
} | ||
} | ||
] | ||
}, | ||
{ | ||
"ruleId": "BA2021", | ||
"ruleIndex": 3, | ||
"kind": "pass", | ||
"level": "none", | ||
"message": { | ||
"id": "Pass", | ||
"arguments": [ | ||
"Native_x86_VS2022_PdbRandomlyMissing.dll" | ||
] | ||
}, | ||
"locations": [ | ||
{ | ||
"physicalLocation": { | ||
"artifactLocation": { | ||
"uri": "file:///Z:/src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/Native_x86_VS2022_PdbRandomlyMissing.dll", | ||
"index": 0 | ||
} | ||
} | ||
} | ||
] | ||
} | ||
], | ||
"tool": { | ||
"driver": { | ||
"name": "testhost", | ||
"version": "15.0.0.0", | ||
"rules": [ | ||
{ | ||
"id": "BA2005", | ||
"name": "DoNotShipVulnerableBinaries", | ||
"fullDescription": { | ||
"text": "Do not ship obsolete libraries for which there are known security vulnerabilities." | ||
}, | ||
"help": { | ||
"text": "Do not ship obsolete libraries for which there are known security vulnerabilities." | ||
}, | ||
"messageStrings": { | ||
"Pass": { | ||
"text": "'{0}' is not known to be an obsolete binary that is vulnerable to one or more security problems." | ||
}, | ||
"Error": { | ||
"text": "'{0}' appears to be an obsolete library (version {1}) for which there are known security vulnerabilities. \r\nTo resolve this issue, obtain a version of {0} that is newer than version {2}. If this binary is not in fact {0}, ignore this warning." | ||
}, | ||
"Error_CouldNotParseVersion": { | ||
"text": "Version information for '{0}' could not be parsed. The binary therefore could not be verified not to be an obsolete binary that is known to be vulnerable to one or more security problems." | ||
}, | ||
"NotApplicable_InvalidMetadata": { | ||
"text": "'{0}' was not evaluated for check '{1}' as the analysis is not relevant based on observed metadata: {2}." | ||
} | ||
}, | ||
"helpUri": "https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2005DoNotShipVulnerableBinaries", | ||
"properties": { | ||
"equivalentBinScopeRuleReadableName": "BinaryVersionsCheck" | ||
} | ||
}, | ||
{ | ||
"id": "BA2009", | ||
"name": "EnableAddressSpaceLayoutRandomization", | ||
"fullDescription": { | ||
"text": "Binaries should linked as DYNAMICBASE to be eligible for relocation by Address Space Layout Randomization (ASLR). ASLR is an important mitigation that makes it more difficult for an attacker to exploit memory corruption vulnerabilities. Configure your tools to build with this feature enabled. For C and C++ binaries, add /DYNAMICBASE to your linker command line. For .NET applications, use a compiler shipping with Visual Studio 2008 or later." | ||
}, | ||
"help": { | ||
"text": "Binaries should linked as DYNAMICBASE to be eligible for relocation by Address Space Layout Randomization (ASLR). ASLR is an important mitigation that makes it more difficult for an attacker to exploit memory corruption vulnerabilities. Configure your tools to build with this feature enabled. For C and C++ binaries, add /DYNAMICBASE to your linker command line. For .NET applications, use a compiler shipping with Visual Studio 2008 or later." | ||
}, | ||
"messageStrings": { | ||
"Pass": { | ||
"text": "'{0}' is properly compiled to enable Address Space Layout Randomization, reducing an attacker's ability to exploit code in well-known locations." | ||
}, | ||
"Error_NotDynamicBase": { | ||
"text": "'{0}' is not marked as DYNAMICBASE. This means that the binary is not eligible for relocation by Address Space Layout Randomization (ASLR). ASLR is an important mitigation that makes it more difficult for an attacker to exploit memory corruption vulnerabilities.\r\nTo resolve this issue, configure your tools to build with this feature enabled. For C and C++ binaries, add /DYNAMICBASE to your linker command line.\r\nFor VC projects use ItemDefinitionGroup - Link - RandomizedBaseAddress property with 'true' value.\r\nFor .NET applications, use a compiler shipping with Visual Studio 2008 or later." | ||
}, | ||
"Error_RelocsStripped": { | ||
"text": "'{0}' is marked as DYNAMICBASE but relocation data has been stripped from the image, preventing address space layout randomization. " | ||
}, | ||
"Error_WinCENoRelocationSection": { | ||
"text": "'{0}' is a Windows CE image but does not contain any relocation data, preventing Address Space Layout Randomization." | ||
}, | ||
"NotApplicable_InvalidMetadata": { | ||
"text": "'{0}' was not evaluated for check '{1}' as the analysis is not relevant based on observed metadata: {2}." | ||
} | ||
}, | ||
"helpUri": "https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2009EnableAddressSpaceLayoutRandomization", | ||
"properties": { | ||
"equivalentBinScopeRuleReadableName": "DBCheck" | ||
} | ||
}, | ||
{ | ||
"id": "BA2019", | ||
"name": "DoNotMarkWritableSectionsAsShared", | ||
"fullDescription": { | ||
"text": "Code or data sections should not be marked as both shared and writable. Because these sections are shared across processes, this condition might permit a process with low privilege to alter memory in a higher privilege process.\r\nIf you do not actually require that a section be both writable and shared, remove one or both of these attributes (by modifying your .DEF file, the appropriate linker /section switch arguments, etc.).\r\nIf you must share common data across processes (for inter-process communication (IPC) or other purposes) use CreateFileMapping with proper security attributes or an actual IPC mechanism instead (COM, named pipes, LPC, etc.)." | ||
}, | ||
"help": { | ||
"text": "Code or data sections should not be marked as both shared and writable. Because these sections are shared across processes, this condition might permit a process with low privilege to alter memory in a higher privilege process.\r\nIf you do not actually require that a section be both writable and shared, remove one or both of these attributes (by modifying your .DEF file, the appropriate linker /section switch arguments, etc.).\r\nIf you must share common data across processes (for inter-process communication (IPC) or other purposes) use CreateFileMapping with proper security attributes or an actual IPC mechanism instead (COM, named pipes, LPC, etc.)." | ||
}, | ||
"messageStrings": { | ||
"Pass": { | ||
"text": "'{0}' contains no data or code sections marked as both shared and writable, helping to prevent the exploitation of code vulnerabilities." | ||
}, | ||
"Error": { | ||
"text": "'{0}' contains one or more code or data sections ({1}) which are marked as both shared and writable. Because these sections are shared across processes, this condition might permit a process with low privilege to alter memory in a higher privilege process.\r\nIf you do not actually require that a section be both writable and shared, remove one or both of these attributes (by modifying your .DEF file, the appropriate linker /section switch arguments, etc.).\r\nIf you must share common data across processes (for inter-process communication (IPC) or other purposes) use CreateFileMapping with proper security attributes or an actual IPC mechanism instead (COM, named pipes, LPC, etc.)." | ||
}, | ||
"NotApplicable_InvalidMetadata": { | ||
"text": "'{0}' was not evaluated for check '{1}' as the analysis is not relevant based on observed metadata: {2}." | ||
} | ||
}, | ||
"helpUri": "https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2019DoNotMarkWritableSectionsAsShared", | ||
"properties": { | ||
"equivalentBinScopeRuleReadableName": "SharedSectionCheck" | ||
} | ||
}, | ||
{ | ||
"id": "BA2021", | ||
"name": "DoNotMarkWritableSectionsAsExecutable", | ||
"fullDescription": { | ||
"text": "PE sections should not be marked as both writable and executable. This condition makes it easier for an attacker to exploit memory corruption vulnerabilities, as it may provide an attacker executable location(s) to inject shellcode.\r\nTo resolve this issue, configure your tools to not emit memory sections that are writable and executable. For example, look for uses of /SECTION on the linker command line for C and C++ programs, or #pragma section in C and C++ source code, which mark a section with both attributes.\r\nBe sure to disable incremental linking in release builds, as this feature creates a writable and executable section named '.textbss' in order to function." | ||
}, | ||
"help": { | ||
"text": "PE sections should not be marked as both writable and executable. This condition makes it easier for an attacker to exploit memory corruption vulnerabilities, as it may provide an attacker executable location(s) to inject shellcode.\r\nTo resolve this issue, configure your tools to not emit memory sections that are writable and executable. For example, look for uses of /SECTION on the linker command line for C and C++ programs, or #pragma section in C and C++ source code, which mark a section with both attributes.\r\nBe sure to disable incremental linking in release builds, as this feature creates a writable and executable section named '.textbss' in order to function." | ||
}, | ||
"messageStrings": { | ||
"Pass": { | ||
"text": "'{0}' contains no data or code sections marked as both shared and executable, helping to prevent the exploitation of code vulnerabilities." | ||
}, | ||
"Error": { | ||
"text": "'{0}' contains PE section(s) ({1}) that are both writable and executable. Writable and executable memory segments make it easier for an attacker to exploit memory corruption vulnerabilities, because it may provide an attacker executable location(s) to inject shellcode.\r\nTo resolve this issue, configure your tools to not emit memory sections that are writable and executable. For example, look for uses of /SECTION on the linker command line for C and C++ programs, or #pragma section in C and C++ source code, which mark a section with both attributes.\r\nEnabling incremental linking via the /INCREMENTAL argument (the default for Microsoft Visual Studio debug build) can also result in a writable and executable section named 'textbss'. For this case, disable incremental linking (or analyze an alternate build configuration that disables this feature) to resolve the problem.\r\nFor VC projects use ItemDefinitionGroup - Link - LinkIncremental property with 'false' value." | ||
}, | ||
"Error_UnexpectedSectionAligment": { | ||
"text": "'{0}' has a section alignment ({1}) that is smaller than its page size ({2})." | ||
}, | ||
"NotApplicable_InvalidMetadata": { | ||
"text": "'{0}' was not evaluated for check '{1}' as the analysis is not relevant based on observed metadata: {2}." | ||
} | ||
}, | ||
"helpUri": "https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2021DoNotMarkWritableSectionsAsExecutable", | ||
"properties": { | ||
"equivalentBinScopeRuleReadableName": "WXCheck" | ||
} | ||
} | ||
], | ||
"properties": { | ||
"comments": "A security and correctness analyzer for portable executable and MSIL formats." | ||
} | ||
} | ||
}, | ||
"invocations": [ | ||
{ | ||
"executionSuccessful": true | ||
} | ||
], | ||
"artifacts": [ | ||
{ | ||
"location": { | ||
"uri": "file:///Z:/src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/Native_x86_VS2022_PdbRandomlyMissing.dll", | ||
"index": 0 | ||
}, | ||
"hashes": { | ||
"md5": "68A19DE304E6450EB2D2B4B65C7C47E3", | ||
"sha-1": "13F06A8BCA79D5385AB59F1A5816211C96A52FDB", | ||
"sha-256": "E349466D4205C2E9D0E94A2A0FCEE000DC082137BF6075F4E484870CDBFADF7D" | ||
} | ||
} | ||
], | ||
"columnKind": "utf16CodeUnits" | ||
} | ||
] | ||
} |
Binary file added
BIN
+4 KB
....FunctionalTests.BinSkim.Driver/BaselineTestData/Native_x86_VS2022_PdbRandomlyMissing.dll
Binary file not shown.
Oops, something went wrong.