Skip to content

Commit

Permalink
Merge branch 'main' into users/marekaldorf/MSDIA140.dll_update_to_1.0…
Browse files Browse the repository at this point in the history 
….9734320-17-10-20240615-02
  • Loading branch information
@AllDwarf
AllDwarf committed Aug 12, 2024
2 parents ea8b908 + 5663139 commit 0759f23
Show file tree
Hide file tree
Showing 6 changed files with 352 additions and 3 deletions.
4 changes: 3 additions & 1 deletion ReleaseHistory.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,9 @@
- NEW => new feature

## UNRELEASED
DEP: Update `msdia140.dll` from 14.40.33810.0 to 14.40.33812
* DEP: Update `msdia140.dll` from 14.40.33810.0 to 14.40.33812
* BUG: Fix `TryGetPortablePdbMetadataReader` unexpectedly causes `UnauthorizedAccessException` error when the PDB file is missing. [1001](https://github.com/microsoft/binskim/pull/1001).
* BUG: Fork telemetry to log always to Console and AppInsights in the same time when Error occur. [1002](https://github.com/microsoft/binskim/pull/1002)

## **v4.3.0**
* DEP: Update `msdia140.dll` from 14.36.32532.0 to 14.40.33810.0. This update fixes the `System.AccessViolationException: Attempted to read or write protected memory` exception that occurs when reading certain PDB files. [996](https://github.com/microsoft/binskim/pull/996)
Expand Down
16 changes: 15 additions & 1 deletion src/BinSkim.Driver/MultithreadedAnalyzeCommand.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@
using System.Linq;
using System.Reflection;

using CommandLine;

using Microsoft.CodeAnalysis.BinaryParsers;
using Microsoft.CodeAnalysis.IL.Rules;
using Microsoft.CodeAnalysis.IL.Sdk;
Expand Down Expand Up @@ -48,13 +50,25 @@ private bool IsValidScanTarget(string file)

public override BinaryAnalyzerContext InitializeGlobalContextFromOptions(AnalyzeOptions options, ref BinaryAnalyzerContext context)
{
base.InitializeGlobalContextFromOptions(options, ref context);

if (this.Telemetry?.TelemetryClient != null)
{
// Create an aggregating logger that will combine all loggers into a single logger.
var aggregatingLogger = new AggregatingLogger();
if (context.Logger is AggregatingLogger)
{
aggregatingLogger = context.Logger as AggregatingLogger;
}
else
{
aggregatingLogger.Loggers.Add(context.Logger);
}

var ruleTelemetryLogger = new RuleTelemetryLogger(this.Telemetry.TelemetryClient);
ruleTelemetryLogger.AnalysisStarted();

// Combine rule telemetry with any other loggers that may be present.
aggregatingLogger.Loggers.Add(ruleTelemetryLogger);
context.Logger = aggregatingLogger;
}
Expand All @@ -65,7 +79,7 @@ public override BinaryAnalyzerContext InitializeGlobalContextFromOptions(Analyze
? options.MaxFileSizeInKilobytes.Value
: long.MaxValue;

base.InitializeGlobalContextFromOptions(options, ref context);


// Update context object based on command-line parameters.
context.SymbolPath = options.SymbolsPath ?? context.SymbolPath;
Expand Down
6 changes: 5 additions & 1 deletion src/BinaryParsers/PEBinary/PortableExecutable/PE.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -868,7 +868,11 @@ private bool TryGetPortablePdbMetadataReader(Pdb pdb, out MetadataReader pdbMeta
out MetadataReaderProvider pdbProvider,
out _))
{
pdbProvider = MetadataReaderProvider.FromPortablePdbStream(File.OpenRead(pdb.PdbLocation));
if (File.Exists(pdb.PdbLocation))
{
pdbProvider = MetadataReaderProvider.FromPortablePdbStream(File.OpenRead(pdb.PdbLocation));
}

if (pdbProvider == null)
{
pdbMetadataReader = null;
Expand Down
240 changes: 240 additions & 0 deletions ...s.BinSkim.Driver/BaselineTestData/Expected/Native_x86_VS2022_PdbRandomlyMissing.dll.sarif
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,240 @@
{
"$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.6.json",
"version": "2.1.0",
"runs": [
{
"results": [
{
"ruleId": "BA2005",
"ruleIndex": 0,
"kind": "pass",
"level": "none",
"message": {
"id": "Pass",
"arguments": [
"Native_x86_VS2022_PdbRandomlyMissing.dll"
]
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "file:///Z:/src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/Native_x86_VS2022_PdbRandomlyMissing.dll",
"index": 0
}
}
}
]
},
{
"ruleId": "BA2009",
"ruleIndex": 1,
"kind": "pass",
"level": "none",
"message": {
"id": "Pass",
"arguments": [
"Native_x86_VS2022_PdbRandomlyMissing.dll"
]
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "file:///Z:/src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/Native_x86_VS2022_PdbRandomlyMissing.dll",
"index": 0
}
}
}
]
},
{
"ruleId": "BA2019",
"ruleIndex": 2,
"kind": "pass",
"level": "none",
"message": {
"id": "Pass",
"arguments": [
"Native_x86_VS2022_PdbRandomlyMissing.dll"
]
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "file:///Z:/src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/Native_x86_VS2022_PdbRandomlyMissing.dll",
"index": 0
}
}
}
]
},
{
"ruleId": "BA2021",
"ruleIndex": 3,
"kind": "pass",
"level": "none",
"message": {
"id": "Pass",
"arguments": [
"Native_x86_VS2022_PdbRandomlyMissing.dll"
]
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "file:///Z:/src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/Native_x86_VS2022_PdbRandomlyMissing.dll",
"index": 0
}
}
}
]
}
],
"tool": {
"driver": {
"name": "testhost",
"version": "15.0.0.0",
"rules": [
{
"id": "BA2005",
"name": "DoNotShipVulnerableBinaries",
"fullDescription": {
"text": "Do not ship obsolete libraries for which there are known security vulnerabilities."
},
"help": {
"text": "Do not ship obsolete libraries for which there are known security vulnerabilities."
},
"messageStrings": {
"Pass": {
"text": "'{0}' is not known to be an obsolete binary that is vulnerable to one or more security problems."
},
"Error": {
"text": "'{0}' appears to be an obsolete library (version {1}) for which there are known security vulnerabilities. \r\nTo resolve this issue, obtain a version of {0} that is newer than version {2}. If this binary is not in fact {0}, ignore this warning."
},
"Error_CouldNotParseVersion": {
"text": "Version information for '{0}' could not be parsed. The binary therefore could not be verified not to be an obsolete binary that is known to be vulnerable to one or more security problems."
},
"NotApplicable_InvalidMetadata": {
"text": "'{0}' was not evaluated for check '{1}' as the analysis is not relevant based on observed metadata: {2}."
}
},
"helpUri": "https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2005DoNotShipVulnerableBinaries",
"properties": {
"equivalentBinScopeRuleReadableName": "BinaryVersionsCheck"
}
},
{
"id": "BA2009",
"name": "EnableAddressSpaceLayoutRandomization",
"fullDescription": {
"text": "Binaries should linked as DYNAMICBASE to be eligible for relocation by Address Space Layout Randomization (ASLR). ASLR is an important mitigation that makes it more difficult for an attacker to exploit memory corruption vulnerabilities. Configure your tools to build with this feature enabled. For C and C++ binaries, add /DYNAMICBASE to your linker command line. For .NET applications, use a compiler shipping with Visual Studio 2008 or later."
},
"help": {
"text": "Binaries should linked as DYNAMICBASE to be eligible for relocation by Address Space Layout Randomization (ASLR). ASLR is an important mitigation that makes it more difficult for an attacker to exploit memory corruption vulnerabilities. Configure your tools to build with this feature enabled. For C and C++ binaries, add /DYNAMICBASE to your linker command line. For .NET applications, use a compiler shipping with Visual Studio 2008 or later."
},
"messageStrings": {
"Pass": {
"text": "'{0}' is properly compiled to enable Address Space Layout Randomization, reducing an attacker's ability to exploit code in well-known locations."
},
"Error_NotDynamicBase": {
"text": "'{0}' is not marked as DYNAMICBASE. This means that the binary is not eligible for relocation by Address Space Layout Randomization (ASLR). ASLR is an important mitigation that makes it more difficult for an attacker to exploit memory corruption vulnerabilities.\r\nTo resolve this issue, configure your tools to build with this feature enabled. For C and C++ binaries, add /DYNAMICBASE to your linker command line.\r\nFor VC projects use ItemDefinitionGroup - Link - RandomizedBaseAddress property with 'true' value.\r\nFor .NET applications, use a compiler shipping with Visual Studio 2008 or later."
},
"Error_RelocsStripped": {
"text": "'{0}' is marked as DYNAMICBASE but relocation data has been stripped from the image, preventing address space layout randomization. "
},
"Error_WinCENoRelocationSection": {
"text": "'{0}' is a Windows CE image but does not contain any relocation data, preventing Address Space Layout Randomization."
},
"NotApplicable_InvalidMetadata": {
"text": "'{0}' was not evaluated for check '{1}' as the analysis is not relevant based on observed metadata: {2}."
}
},
"helpUri": "https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2009EnableAddressSpaceLayoutRandomization",
"properties": {
"equivalentBinScopeRuleReadableName": "DBCheck"
}
},
{
"id": "BA2019",
"name": "DoNotMarkWritableSectionsAsShared",
"fullDescription": {
"text": "Code or data sections should not be marked as both shared and writable. Because these sections are shared across processes, this condition might permit a process with low privilege to alter memory in a higher privilege process.\r\nIf you do not actually require that a section be both writable and shared, remove one or both of these attributes (by modifying your .DEF file, the appropriate linker /section switch arguments, etc.).\r\nIf you must share common data across processes (for inter-process communication (IPC) or other purposes) use CreateFileMapping with proper security attributes or an actual IPC mechanism instead (COM, named pipes, LPC, etc.)."
},
"help": {
"text": "Code or data sections should not be marked as both shared and writable. Because these sections are shared across processes, this condition might permit a process with low privilege to alter memory in a higher privilege process.\r\nIf you do not actually require that a section be both writable and shared, remove one or both of these attributes (by modifying your .DEF file, the appropriate linker /section switch arguments, etc.).\r\nIf you must share common data across processes (for inter-process communication (IPC) or other purposes) use CreateFileMapping with proper security attributes or an actual IPC mechanism instead (COM, named pipes, LPC, etc.)."
},
"messageStrings": {
"Pass": {
"text": "'{0}' contains no data or code sections marked as both shared and writable, helping to prevent the exploitation of code vulnerabilities."
},
"Error": {
"text": "'{0}' contains one or more code or data sections ({1}) which are marked as both shared and writable. Because these sections are shared across processes, this condition might permit a process with low privilege to alter memory in a higher privilege process.\r\nIf you do not actually require that a section be both writable and shared, remove one or both of these attributes (by modifying your .DEF file, the appropriate linker /section switch arguments, etc.).\r\nIf you must share common data across processes (for inter-process communication (IPC) or other purposes) use CreateFileMapping with proper security attributes or an actual IPC mechanism instead (COM, named pipes, LPC, etc.)."
},
"NotApplicable_InvalidMetadata": {
"text": "'{0}' was not evaluated for check '{1}' as the analysis is not relevant based on observed metadata: {2}."
}
},
"helpUri": "https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2019DoNotMarkWritableSectionsAsShared",
"properties": {
"equivalentBinScopeRuleReadableName": "SharedSectionCheck"
}
},
{
"id": "BA2021",
"name": "DoNotMarkWritableSectionsAsExecutable",
"fullDescription": {
"text": "PE sections should not be marked as both writable and executable. This condition makes it easier for an attacker to exploit memory corruption vulnerabilities, as it may provide an attacker executable location(s) to inject shellcode.\r\nTo resolve this issue, configure your tools to not emit memory sections that are writable and executable. For example, look for uses of /SECTION on the linker command line for C and C++ programs, or #pragma section in C and C++ source code, which mark a section with both attributes.\r\nBe sure to disable incremental linking in release builds, as this feature creates a writable and executable section named '.textbss' in order to function."
},
"help": {
"text": "PE sections should not be marked as both writable and executable. This condition makes it easier for an attacker to exploit memory corruption vulnerabilities, as it may provide an attacker executable location(s) to inject shellcode.\r\nTo resolve this issue, configure your tools to not emit memory sections that are writable and executable. For example, look for uses of /SECTION on the linker command line for C and C++ programs, or #pragma section in C and C++ source code, which mark a section with both attributes.\r\nBe sure to disable incremental linking in release builds, as this feature creates a writable and executable section named '.textbss' in order to function."
},
"messageStrings": {
"Pass": {
"text": "'{0}' contains no data or code sections marked as both shared and executable, helping to prevent the exploitation of code vulnerabilities."
},
"Error": {
"text": "'{0}' contains PE section(s) ({1}) that are both writable and executable. Writable and executable memory segments make it easier for an attacker to exploit memory corruption vulnerabilities, because it may provide an attacker executable location(s) to inject shellcode.\r\nTo resolve this issue, configure your tools to not emit memory sections that are writable and executable. For example, look for uses of /SECTION on the linker command line for C and C++ programs, or #pragma section in C and C++ source code, which mark a section with both attributes.\r\nEnabling incremental linking via the /INCREMENTAL argument (the default for Microsoft Visual Studio debug build) can also result in a writable and executable section named 'textbss'. For this case, disable incremental linking (or analyze an alternate build configuration that disables this feature) to resolve the problem.\r\nFor VC projects use ItemDefinitionGroup - Link - LinkIncremental property with 'false' value."
},
"Error_UnexpectedSectionAligment": {
"text": "'{0}' has a section alignment ({1}) that is smaller than its page size ({2})."
},
"NotApplicable_InvalidMetadata": {
"text": "'{0}' was not evaluated for check '{1}' as the analysis is not relevant based on observed metadata: {2}."
}
},
"helpUri": "https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2021DoNotMarkWritableSectionsAsExecutable",
"properties": {
"equivalentBinScopeRuleReadableName": "WXCheck"
}
}
],
"properties": {
"comments": "A security and correctness analyzer for portable executable and MSIL formats."
}
}
},
"invocations": [
{
"executionSuccessful": true
}
],
"artifacts": [
{
"location": {
"uri": "file:///Z:/src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/Native_x86_VS2022_PdbRandomlyMissing.dll",
"index": 0
},
"hashes": {
"md5": "68A19DE304E6450EB2D2B4B65C7C47E3",
"sha-1": "13F06A8BCA79D5385AB59F1A5816211C96A52FDB",
"sha-256": "E349466D4205C2E9D0E94A2A0FCEE000DC082137BF6075F4E484870CDBFADF7D"
}
}
],
"columnKind": "utf16CodeUnits"
}
]
}
Binary file added ....FunctionalTests.BinSkim.Driver/BaselineTestData/Native_x86_VS2022_PdbRandomlyMissing.dll
View file
Binary file not shown.
Loading

0 comments on commit 0759f23

Please sign in to comment.