dagood
Repos
74
Followers
75
Following
3

Installer packages for the .NET Core runtime and libraries

454
216

Home repository for .NET Core

18357
4459

A repository to track efforts to produce a source tarball of the .NET Core SDK and all its components

219
113

This repo contains information about the various component versions that ship with .NET Core.

132
135

Events

Implement ECDH

the Boring bindings made by Google (src).

Seems like the wrong link, or I'm missing the intent. 😄 That's the public crypto/ecdh package, and the internal Boring bindings are at https://github.com/golang/go/blob/master/src/crypto/internal/boring/ecdh.go.

Created at 6 hours ago

Write out parsed info as //sys lines

Created at 5 days ago

Fix param/return type decoding, get more info

Pointer isn't a thing

Fix bad (not) fallthrough, I2

Created at 6 days ago
delete branch
dagood delete branch dev/dagood/codeql
Created at 6 days ago

Add CodeQL3000 TSA (#807)

Created at 6 days ago
pull request closed
Add CodeQL3000 TSA for bug filing

Set up TSA (Trust Services Automation) to file bugs.

This part is based on similar code I found in ASP.NET:

            # Only file if this is automatically triggered, not a dev build.
            - name: Codeql.TSAEnabled
              value: ${{ eq(variables['Build.Reason'], 'ResourceTrigger') }}

(They check for the "Schedule" reason because their trigger is different.)

Created at 6 days ago
pull request opened
Add CodeQL3000 TSA for bug filing

Set up TSA (Trust Services Automation) to file bugs.

This part is based on similar code I found in ASP.NET:

            # Only file if this is automatically triggered, not a dev build.
            - name: Codeql.TSAEnabled
              value: ${{ eq(variables['Build.Reason'], 'ResourceTrigger') }}

(They check for the "Schedule" reason because their trigger is different.)

Created at 1 week ago

Add CodeQL3000 TSA

Created at 1 week ago
create branch
dagood create branch dev/dagood/codeql
Created at 1 week ago
opened issue
BinSkim fails with AccessViolationException while scanning linux_arm build
  Analyze:
    Running BinSkim 1.9.5
    ------------------------------------------------------------------------------
    D:\a\_work\1\.gdn\i\nuget\Microsoft.CodeAnalysis.BinSkim.1.9.5\tools\netcoreapp3.1\win-x64\BinSkim.exe analyze --config D:\a\_work\1\s\eng\compliance\Guardian\BinSkimConfig.xml --hashes --statistics --sarif-output-version OneZeroZero --output D:\a\_work\1\.gdn\.r\binskim\001\binskim.sarif @D:\a\_work\1\.gdn\.r\binskim\001\.gdntoolinput
    Analyzing...
[...]
    D:\a\_work\1\a\artifacts\go.linux-armv6l.tar.gz.extracted\go\pkg\tool\linux_arm\buildid : error ERR997.ExceptionLoadingAnalysisTarget : Could not load analysis target 'buildid'.
    D:\a\_work\1\a\artifacts\go.linux-armv6l.tar.gz.extracted\go\pkg\tool\linux_arm\cgo : error ERR997.ExceptionLoadingAnalysisTarget : Could not load analysis target 'cgo'.
[Error]     Fatal error. System.AccessViolationException: Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
[Error]        at System.Runtime.InteropServices.Marshal.ReadInt32(IntPtr, Int32)
[Error]        at Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfMemoryReader.ReadUint()
[Error]        at Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfMemoryReader.ReadLength(Boolean ByRef)
[Error]        at Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfCommonInformationEntry.ParseEntry(Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfMemoryReader, Byte, Int32)
[Error]        at Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfCommonInformationEntry.ParseAll(Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfMemoryReader, Byte)
[Error]        at Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfSymbolProvider.ParseCommonInformationEntries(Byte[], Byte[], Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfExceptionHandlingFrameParsingInput)
[Error]        at Microsoft.CodeAnalysis.BinaryParsers.ElfBinary..ctor(System.Uri, System.String)
[Error]        at Microsoft.CodeAnalysis.IL.Sdk.BinaryTargetManager.GetBinaryFromFile(System.Uri, System.String, System.String, Boolean)
[Error]        at Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext.get_Binary()
[Error]        at Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext.get_TargetLoadException()
[Error]        at Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].DetermineApplicabilityAndAnalyze(System.__Canon, System.Collections.Generic.IEnumerable`1<Microsoft.CodeAnalysis.Sarif.Driver.Skimmer`1<System.__Canon>>, System.Collections.Generic.ISet`1<System.String>)
[Error]        at Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2+<AnalyzeTargetAsync>d__40[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].MoveNext()
[Error]        at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
[Error]        at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1+AsyncStateMachineBox`1[[System.Boolean, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2+<AnalyzeTargetAsync>d__40[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]], Sarif.Driver, Version=2.4.15.0, Culture=neutral, PublicKeyToken=21a5e83f6f5bb844]].MoveNext(System.Threading.Thread)
[Error]        at System.Threading.ThreadPoolWorkQueue.Dispatch()
    Tool run time: 37.5255022 seconds
    ------------------------------------------------------------------------------
    BinSkim completed with exit code 57005
[Error]     Error running binskim job: 1 of 1
[Error]     GuardianErrorExitCodeException: binskim completed with an Error exit code: 57005. Please refer to https://github.com/Microsoft/binskim#command-line-documentation for more info.
    ------------------------------------------------------------------------------

I was able to repro locally and submitted a bug report to BinSkim:

  • https://github.com/microsoft/binskim/issues/743
Created at 1 week ago
opened issue
AccessViolationException while scanning three linux-arm ELF binaries simultaneously

I work on the Microsoft fork of Go, and saw strange behavior with recent versions of BinSkim with our linux-armv6l (arm32) cross-compiled build while running BinSkim on windows-x64. Here are the files I'm working with:

repro-linux_arm.zip

When I try to analyze all three files with binskim, I get raw exception failures with recent versions of BinSkim (extracted from the nuget packages), but successful analysis with 1.7.5:

2.0.0-rc1

#> C:\temp\binskim\microsoft.codeanalysis.binskim.2.0.0-rc1\tools\netcoreapp3.1\win-x64\BinSkim.exe analyze .\repro-linux_arm\dist .\repro-linux_arm\doc .\repro-linux_arm\fix
Analyzing...
Fatal error. System.AccessViolationException: Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
   at System.Runtime.InteropServices.Marshal.ReadInt32(IntPtr, Int32)
   at Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfMemoryReader.ReadUint()
   at Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfMemoryReader.ReadLength(Boolean ByRef)
   at Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfCommonInformationEntry.ParseEntry(Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfMemoryReader, Byte, Int32)
   at Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfCommonInformationEntry.ParseAll(Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfMemoryReader, Byte)
   at Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfSymbolProvider.ParseCommonInformationEntries(Byte[], Byte[], Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfExceptionHandlingFrameParsingInput)
   at Microsoft.CodeAnalysis.BinaryParsers.ElfBinary..ctor(System.Uri, System.String)
   at Microsoft.CodeAnalysis.IL.Sdk.BinaryTargetManager.GetBinaryFromFile(System.Uri, System.String, System.String, Boolean)
   at Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext.get_Binary()
   at Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext.get_TargetLoadException()
   at Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].DetermineApplicabilityAndAnalyze(System.__Canon, System.Collections.Generic.IEnumerable`1<Microsoft.CodeAnalysis.Sarif.Driver.Skimmer`1<System.__Canon>>, System.Collections.Generic.ISet`1<System.String>)
   at Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2+<ScanTargetsAsync>d__40[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2+<ScanTargetsAsync>d__40[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]], Sarif.Driver, Version=3.1.0.0, Culture=neutral, PublicKeyToken=21a5e83f6f5bb844]](<ScanTargetsAsync>d__40<System.__Canon,System.__Canon> ByRef)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1[[System.Boolean, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].Start[[Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2+<ScanTargetsAsync>d__40[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]], Sarif.Driver, Version=3.1.0.0, Culture=neutral, PublicKeyToken=21a5e83f6f5bb844]](<ScanTargetsAsync>d__40<System.__Canon,System.__Canon> ByRef)
   at Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].ScanTargetsAsync(System.Collections.Generic.IEnumerable`1<Microsoft.CodeAnalysis.Sarif.Driver.Skimmer`1<System.__Canon>>, System.Collections.Generic.ISet`1<System.String>)
   at Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].MultithreadedAnalyzeTargets(System.__Canon, System.__Canon, System.Collections.Generic.IEnumerable`1<Microsoft.CodeAnalysis.Sarif.Driver.Skimmer`1<System.__Canon>>, System.Collections.Generic.ISet`1<System.String>)
   at Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].AnalyzeTargets(System.__Canon, System.__Canon, System.Collections.Generic.IEnumerable`1<Microsoft.CodeAnalysis.Sarif.Driver.Skimmer`1<System.__Canon>>)
   at Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].Analyze(System.__Canon, Microsoft.CodeAnalysis.Sarif.Driver.AggregatingLogger)
   at Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].Run(System.__Canon)
   at Microsoft.CodeAnalysis.IL.MultithreadedAnalyzeCommand.Run(Microsoft.CodeAnalysis.IL.AnalyzeOptions)
   at Microsoft.CodeAnalysis.IL.BinSkim+<>c.<Main>b__0_1(Microsoft.CodeAnalysis.IL.AnalyzeOptions)
   at CommandLine.ParserResultExtensions.MapResult[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.Int32, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]](CommandLine.ParserResult`1<System.Object>, System.Func`2<System.__Canon,Int32>, System.Func`2<System.__Canon,Int32>, System.Func`2<System.__Canon,Int32>, System.Func`2<System.__Canon,Int32>, System.Func`2<System.Collections.Generic.IEnumerable`1<CommandLine.Error>,Int32>)
   at Microsoft.CodeAnalysis.IL.BinSkim.Main(System.String[])

1.9.5

#> C:\temp\binskim\microsoft.codeanalysis.binskim.1.9.5\tools\netcoreapp3.1\win-x64\BinSkim.exe analyze .\repro-linux_arm\dist .\repro-linux_arm\doc .\repro-linux_arm\fix
Analyzing...
Fatal error. System.AccessViolationException: Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
C:\temp\binskim\repro-linux_arm\dist : error ERR997.ExceptionLoadingAnalysisTarget : Could not load analysis target 'dist'.
   at System.Runtime.InteropServices.Marshal.ReadInt32(IntPtr, Int32)
   at Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfMemoryReader.ReadUint()
   at Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfMemoryReader.ReadLength(Boolean ByRef)
   at Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfCommonInformationEntry.ParseEntry(Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfMemoryReader, Byte, Int32)
   at Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfCommonInformationEntry.ParseAll(Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfMemoryReader, Byte)
   at Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfSymbolProvider.ParseCommonInformationEntries(Byte[], Byte[], Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfExceptionHandlingFrameParsingInput)
   at Microsoft.CodeAnalysis.BinaryParsers.ElfBinary..ctor(System.Uri, System.String)
   at Microsoft.CodeAnalysis.IL.Sdk.BinaryTargetManager.GetBinaryFromFile(System.Uri, System.String, System.String, Boolean)
   at Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext.get_Binary()
   at Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext.get_TargetLoadException()
   at Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].DetermineApplicabilityAndAnalyze(System.__Canon, System.Collections.Generic.IEnumerable`1<Microsoft.CodeAnalysis.Sarif.Driver.Skimmer`1<System.__Canon>>, System.Collections.Generic.ISet`1<System.String>)
   at Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2+<AnalyzeTargetAsync>d__40[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1+AsyncStateMachineBox`1[[System.Boolean, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2+<AnalyzeTargetAsync>d__40[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]], Sarif.Driver, Version=2.4.15.0, Culture=neutral, PublicKeyToken=21a5e83f6f5bb844]].ExecutionContextCallback(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1+AsyncStateMachineBox`1[[System.Boolean, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2+<AnalyzeTargetAsync>d__40[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]], Sarif.Driver, Version=2.4.15.0, Culture=neutral, PublicKeyToken=21a5e83f6f5bb844]].MoveNext(System.Threading.Thread)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1+AsyncStateMachineBox`1[[System.Boolean, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2+<AnalyzeTargetAsync>d__40[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]], Sarif.Driver, Version=2.4.15.0, Culture=neutral, PublicKeyToken=21a5e83f6f5bb844]].MoveNext()
   at System.Threading.ThreadPoolGlobals+<>c.<.cctor>b__5_0(System.Object)
   at System.Threading.Channels.AsyncOperation`1[[System.Boolean, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].SetCompletionAndInvokeContinuation()
   at System.Threading.Channels.AsyncOperation`1[[System.Boolean, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].System.Threading.IThreadPoolWorkItem.Execute()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

1.7.5 (success)

#> C:\temp\binskim\microsoft.codeanalysis.binskim.1.7.5\tools\netcoreapp3.1\win-x64\BinSkim.exe analyze .\repro-linux_arm\dist .\repro-linux_arm\doc .\repro-linux_arm\fix
Analyzing...
Analyzing 'dist'...
C:\temp\binskim\repro-linux_arm\dist: error BA3001: PIE disabled on executable 'dist'.  This means the code section will always be loaded to the same address, even if ASLR is enabled in the Linux kernel.  To address this, ensure you are compiling with '-fpie' when using clang/gcc.
C:\temp\binskim\repro-linux_arm\dist: error BA3003: The stack protector was not found in 'dist'.  This may be because the binary has no stack-based arrays, or because '--stack-protector-strong' was not used.
C:\temp\binskim\repro-linux_arm\dist: error BA3010: The GNU_RELRO segment is missing from this binary, so relocation sections in 'dist' will not be marked as read only after the binary is loaded.  An attacker can overwrite these to redirect control flow.  Ensure you are compiling with the compiler flags '-Wl,z,relro' to address this.
Analyzing 'doc'...
C:\temp\binskim\repro-linux_arm\doc: error BA3001: PIE disabled on executable 'doc'.  This means the code section will always be loaded to the same address, even if ASLR is enabled in the Linux kernel.  To address this, ensure you are compiling with '-fpie' when using clang/gcc.
C:\temp\binskim\repro-linux_arm\doc: error BA3003: The stack protector was not found in 'doc'.  This may be because the binary has no stack-based arrays, or because '--stack-protector-strong' was not used.
C:\temp\binskim\repro-linux_arm\doc: error BA3010: The GNU_RELRO segment is missing from this binary, so relocation sections in 'doc' will not be marked as read only after the binary is loaded.  An attacker can overwrite these to redirect control flow.  Ensure you are compiling with the compiler flags '-Wl,z,relro' to address this.
Analyzing 'fix'...
C:\temp\binskim\repro-linux_arm\fix: error BA3001: PIE disabled on executable 'fix'.  This means the code section will always be loaded to the same address, even if ASLR is enabled in the Linux kernel.  To address this, ensure you are compiling with '-fpie' when using clang/gcc.
C:\temp\binskim\repro-linux_arm\fix: error BA3003: The stack protector was not found in 'fix'.  This may be because the binary has no stack-based arrays, or because '--stack-protector-strong' was not used.
C:\temp\binskim\repro-linux_arm\fix: error BA3010: The GNU_RELRO segment is missing from this binary, so relocation sections in 'fix' will not be marked as read only after the binary is loaded.  An attacker can overwrite these to redirect control flow.  Ensure you are compiling with the compiler flags '-Wl,z,relro' to address this.
Analysis completed successfully.

One or more rules was disabled for an analysis target, as it was determined not to be applicable to it (this is a common condition). Pass --verbose on the command-line for more information.

A really bizarre part is that analyzing each file individually still has errors, but doesn't show the exception:

#> C:\temp\binskim\microsoft.codeanalysis.binskim.1.9.5\tools\netcoreapp3.1\win-x64\BinSkim.exe analyze .\repro-linux_arm\dist
Analyzing...
C:\temp\binskim\repro-linux_arm\dist : error ERR997.ExceptionLoadingAnalysisTarget : Could not load analysis target 'dist'.

Done. 1 files scanned.

Analysis did not complete due to one or more unrecoverable execution conditions.
Unexpected fatal runtime condition(s) observed: ExceptionLoadingTargetFile

#> C:\temp\binskim\microsoft.codeanalysis.binskim.1.9.5\tools\netcoreapp3.1\win-x64\BinSkim.exe analyze .\repro-linux_arm\doc
Analyzing...
C:\temp\binskim\repro-linux_arm\doc : error ERR997.ExceptionLoadingAnalysisTarget : Could not load analysis target 'doc'.

Done. 1 files scanned.

Analysis did not complete due to one or more unrecoverable execution conditions.
Unexpected fatal runtime condition(s) observed: ExceptionLoadingTargetFile

#> C:\temp\binskim\microsoft.codeanalysis.binskim.1.9.5\tools\netcoreapp3.1\win-x64\BinSkim.exe analyze .\repro-linux_arm\fix
Analyzing...
C:\temp\binskim\repro-linux_arm\fix : error ERR997.ExceptionLoadingAnalysisTarget : Could not load analysis target 'fix'.

Done. 1 files scanned.

Analysis did not complete due to one or more unrecoverable execution conditions.
Unexpected fatal runtime condition(s) observed: ExceptionLoadingTargetFile

Splitting * into args and changing the order can also influence whether the exception is shown:

#> C:\temp\binskim\microsoft.codeanalysis.binskim.2.0.0-rc1\tools\netcoreapp3.1\win-x64\BinSkim.exe analyze .\repro-linux_arm\dist .\repro-linux_arm\doc
Analyzing...
Fatal error. System.AccessViolationException: Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
   at System.Runtime.InteropServices.Marshal.ReadInt32(IntPtr, Int32)
   at Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfMemoryReader.ReadUint()
   at Microsoft.CodeAnalysis.BinaryParsers.Dwarf.DwarfMemoryReader.ReadLength(Boolean ByRef)
[...]
   at Microsoft.CodeAnalysis.IL.BinSkim.Main(System.String[])

#> C:\temp\binskim\microsoft.codeanalysis.binskim.2.0.0-rc1\tools\netcoreapp3.1\win-x64\BinSkim.exe analyze .\repro-linux_arm\doc .\repro-linux_arm\dist
Analyzing...
C:\temp\binskim\repro-linux_arm\doc : error ERR997.ExceptionLoadingAnalysisTarget : Could not load analysis target 'doc'.
C:\temp\binskim\repro-linux_arm\dist : error ERR997.ExceptionLoadingAnalysisTarget : Could not load analysis target 'dist'.

Done. 2 files scanned.
[...]

My first thought was threading could cause this kind of issue, so I tried adding --threads 1, but I don't see any change in the behavior.

Is this a bug in BinSkim, or is something wrong with the input?

Created at 1 week ago
delete branch
dagood delete branch dev/dagood/codeql
Created at 1 week ago

Add internal CodeQL pipeline (#78)

Created at 1 week ago
pull request closed
Add internal CodeQL pipeline
  • Related: https://github.com/microsoft/go/pull/801

While working on https://github.com/microsoft/go/pull/801, I made this pipeline to try a simpler CodeQL scan to debug an issue, and it worked here. This repo isn't flagged as needing CodeQL scanning, but I think it might in the future (and it makes sense to me to scan it) so I figure we might as well keep it.

Created at 1 week ago
delete branch
dagood delete branch dev/dagood/codeql
Created at 1 week ago
closed issue
Upgrade to CodeQL v2 task

Saw this in PR validation build logs: https://github.blog/changelog/2022-04-27-code-scanning-deprecation-of-codeql-action-v1/

On March 30, 2022, we released CodeQL Action v2, which runs on the Node.js 16 runtime. The CodeQL Action v1 will be deprecated at the same time as GHES 3.3, which is currently scheduled for December 2022.

https://github.com/microsoft/go/blob/microsoft/main/.github/workflows/codeql-analysis.yml

Created at 1 week ago
closed issue
Add CodeQL to AzDO official builds

Currently CodeQL runs in GitHub Actions: https://github.com/microsoft/go/blob/microsoft/main/.github/workflows/codeql-analysis.yml

Our official build pipelines (or rolling builds?) might require this in the future. We should probably delete the GitHub actions CodeQL workflow to only maintain our use of this tool in one place.

  • The move might handle this upgrade at the same time: https://github.com/microsoft/go/issues/731
Created at 1 week ago

Move CodeQL to validation pipeline, keep patch check in Actions (#801)

Created at 1 week ago
pull request closed
Move CodeQL to validation pipeline, keep patch check in Actions
  • Resolves https://github.com/microsoft/go/issues/739
  • Closes https://github.com/microsoft/go/issues/731 (no longer applies)

  • This PR incorporates https://github.com/microsoft/go/pull/795. Removing the CodeQL GitHub Actions workflow is a total merge conflict, and it seems better to go ahead and get both things done in this PR.

    [...] I think the visibility of patch conflicts is maybe the most important part of adding this. If the patches have conflicts, the dev doesn't even need to visit the AzDO (or CodeQL) results page to see it, since it's a line item in the results box. This seems particularly useful for releases, actually: the dev can jump right to pulling down source code to resolve the conflict, rather than poking through AzDO for a bit first.

Created at 1 week ago
pull request opened
Add internal CodeQL pipeline
  • Related: https://github.com/microsoft/go/pull/801

While working on https://github.com/microsoft/go/pull/801, I made this pipeline to try a simpler CodeQL scan to debug an issue, and it worked here. This repo isn't flagged as needing CodeQL scanning, but I think it might in the future (and it makes sense to me to scan it) so I figure we might as well keep it.

Created at 1 week ago