public void CreateSortedVersionDictionary_OverlappingVersionRange_ThrowsException(string firstRange, string secondRange)
{
var versionList = new PropertiesDictionary();
versionList.Add(firstRange, (CompilerMitigations.D2GuardSpecLoadAvailable).ToString());
versionList.Add(secondRange, (CompilerMitigations.QSpectreAvailable).ToString());
Assert.Throws <InvalidOperationException>(() => EnableSpectreMitigations.CreateSortedVersionDictionary(versionList));
}
private void AddCompilerMitigationDataToDictionary(PropertiesDictionary dictionary, CompilerVersionToMitigation data)
{
string start = data.MinimalSupportedVersion.ToString().Replace(int.MaxValue.ToString(), "*");
string end = data.MaximumSupportedVersion.ToString().Replace(int.MaxValue.ToString(), "*");
string key = start + " - " + end;
dictionary.Add(key, data.SupportedMitigations.ToString());
}
public void CreateSortedVersionDictionary_BadVersionRange_ThrowsException()
{
var versionList = new PropertiesDictionary();
versionList.Add("8.0.0.0 - 1.0.0.0", (CompilerMitigations.D2GuardSpecLoadAvailable).ToString());
Assert.Throws <InvalidOperationException>(() => EnableSpectreMitigations.CreateSortedVersionDictionary(versionList));
}
private void AddFakeConfigTestData(PropertiesDictionary policy)
{
PropertiesDictionary BA2024Config = new PropertiesDictionary();
PropertiesDictionary mitigatedCompilers = new PropertiesDictionary();
PropertiesDictionary fakeX86Data = GenerateMachineFamilyData();
PropertiesDictionary fakeArmData = new PropertiesDictionary();
fakeArmData.Add("1.0.0.0 - 1.8.*.*", (CompilerMitigations.D2GuardSpecLoadAvailable | CompilerMitigations.QSpectreAvailable).ToString());
fakeArmData.Add("2.0.0.0 - 2.0.0.*", (CompilerMitigations.NonoptimizedCodeMitigated | CompilerMitigations.QSpectreAvailable).ToString());
fakeArmData.Add("2.0.1.0 - 2.*.*.*", (CompilerMitigations.NonoptimizedCodeMitigated | CompilerMitigations.QSpectreAvailable).ToString());
mitigatedCompilers.Add(MachineFamily.X86.ToString(), fakeX86Data);
mitigatedCompilers.Add(MachineFamily.Arm.ToString(), fakeArmData);
BA2024Config.Add("MitigatedCompilers", mitigatedCompilers);
policy.Add("BA2024.EnableSpectreMitigations.Options", BA2024Config);
}
private TempFile CreateTempConfigFile(string ruleId, object parameter)
{
var propertiesDictionary = new PropertiesDictionary();
if (IsSarifRule(ruleId))
{
var rulePropertiesDictionary = new PropertiesDictionary();
SarifValidationSkimmerBase rule = GetRuleFromId(ruleId);
RuleEnabledState ruleEnabledState = GetRuleEnabledState(rule);
rulePropertiesDictionary.Add(nameof(DefaultDriverOptions.RuleEnabled), ruleEnabledState);
if (parameter is KeyValuePair <string, object> pair)
{
rulePropertiesDictionary.Add(pair.Key, pair.Value);
}
propertiesDictionary.Add($"{rule.Moniker}.Options", rulePropertiesDictionary);
}
var tempFile = new TempFile(".xml");
propertiesDictionary.SaveToXml(tempFile.Name);
return(tempFile);
}
public void ContentService_Published(Umbraco.Core.Services.IContentService sender, Umbraco.Core.Events.ContentPublishedEventArgs e)
{
foreach (var item in e.PublishedEntities)
{
var properties = new PropertiesDictionary(item);
var publisher = Current.Services.UserService.GetUserById(item.PublisherId.GetValueOrDefault());
if (publisher != null)
{
properties.Add("publisher", publisher.Name);
}
AsyncUtil.RunSync(() => _messagingService.SendMessageAsync("contentService", "published", properties, publisher));
}
}
/// <summary>
/// Logs a specific message with Log4Net.
/// </summary>
/// <param name="level">The level of the entry.</param>
/// <param name="message">The message to log.</param>
/// <param name="correlation">The correlation id to log.</param>
/// <param name="area">The area to log.</param>
/// <param name="category">The category to log.</param>
/// <param name="eventId">The event id to log.</param>
/// <param name="when">The time to log.</param>
private static void LogData(Level level, string message, Guid correlation, string area, string category, string eventId, DateTime when)
{
IDictionary props = new PropertiesDictionary();
props.Add("Area", area);
props.Add("Category", category);
props.Add("EventID", eventId);
props.Add("Correlation", correlation);
var data = new LoggingEventData
{
TimeStampUtc = when,
LoggerName = Log.Logger.Name,
Level = level,
Message = FilterMessage(message),
ExceptionString = string.Empty,
Properties = (PropertiesDictionary)props
};
var loggingEvent = new LoggingEvent(LogDeclaringType, Log.Logger.Repository, data);
Log.Logger.Log(loggingEvent);
}
public void GetClosestCompilerVersionWithSpectreMitigations_UnsupportedOnMachine()
{
BinaryAnalyzerContext context = new BinaryAnalyzerContext();
context.Policy = new PropertiesDictionary();
PropertiesDictionary BA2024Config = new PropertiesDictionary();
PropertiesDictionary mitigatedCompilers = new PropertiesDictionary();
PropertiesDictionary fakeX86Data = GenerateMachineFamilyData();
mitigatedCompilers.Add(MachineFamily.X86.ToString(), fakeX86Data);
BA2024Config.Add("MitigatedCompilers", mitigatedCompilers);
context.Policy.Add("BA2024.EnableSpectreMitigations.Options", BA2024Config);
Assert.Null(EnableSpectreMitigations.GetClosestCompilerVersionWithSpectreMitigations(context, ExtendedMachine.Arm, new Version(1, 0, 100, 5)));
}
private static PropertiesDictionary BuildMitigatedCompilersData()
{
// As per https://blogs.msdn.microsoft.com/vcblog/2018/01/15/spectre-mitigations-in-msvc/
/*
* In current versions of the MSVC compiler, the /Qspectre switch only works on optimized code.
* You should make sure to compile your code with any of the optimization switches (e.g., /O2 or /O1 but NOT /Od) to have the mitigation applied.
* Similarly, inspect any code that uses #pragma optimize([stg], off). Work is ongoing now to make the /Qspectre mitigation work on unoptimized code.
*
* AND
*
* What versions of MSVC support the /Qspectre switch?
* All versions of Visual Studio 2017 version 15.5 and all Previews of Visual Studio version 15.6 already include an undocumented switch, /d2guardspecload, that is currently equivalent to /Qspectre.
* You can use /d2guardspecload to apply the same mitigations to your code.
* Please update to using /Qspectre as soon as you get a compiler that supports the switch as the /Qspectre switch will be maintained with new mitigations going forward.
*
* The /Qspectre switch will be available in MSVC toolsets included in all future releases of Visual Studio (including Previews).
* We will also release updates to some existing versions of Visual Studio to include support for /Qspectre.
* Releases of Visual Studio and Previews are announced on the Visual Studio Blog; update notifications are included in the Notification Hub.
* Visual Studio updates that include support for /Qspectre will be announced on the Visual C++ Team Blog and the @visualc Twitter feed.
*
* We initially plan to include support for /Qspectre in the following:
* Visual Studio 2017 version 15.6 Preview 4
* An upcoming servicing update to Visual Studio 2017 version 15.5
* A servicing update to Visual Studio 2017 “RTW”
* A servicing update to Visual Studio 2015 Update 3
*
* If you’re using an older version of MSVC we strongly encourage you to upgrade to a more recent compiler for this and other security improvements that have been developed in the last few years.
* Additionally, you’ll benefit from increased conformance, code quality, and faster compile times as well as many productivity improvements in Visual Studio.
*
*/
// UPDATED version and support information: https://blogs.msdn.microsoft.com/vcblog/2018/04/09/spectre-mitigation-changes-in-visual-studio-2017-version-15-7-preview-3/
/*
*
* With Visual Studio 2017 version 15.7 Preview 3 we have two new features to announce with regards to our Spectre mitigations.
* First, the /Qspectre switch is now supported regardless of the selected optimization level.
* Second, we have provided Spectre-mitigated implementations of the Microsoft Visual C++ libraries.
*
*/
var compilersData = new PropertiesDictionary();
// Mitigations for x86 family of processors
var x86Data = new PropertiesDictionary();
var armData = new PropertiesDictionary();
// Format of this data and the ranges:
// ThrowIfMitigationDataIsInvalid requires a range here from the start of this support
// to a version less than the compiler that implements the next level of mitigation support.
// X86\X64 support
// VS2015 15.0 Update 3 Versions
// D2GuardSpecLoad version will not be back-ported
// This terminates at 19.0 due to gaps in support in the 19.10 and 19.11 compilers
x86Data.Add("19.00.24232.0 - 19.0.*.*",
(CompilerMitigations.QSpectreAvailable).ToString());
// VS2017 RTM
// This terminates at 19.10.25099 due to gaps in support in unreleased compilers
x86Data.Add("19.10.25024.0 - 19.10.25099.*",
(CompilerMitigations.D2GuardSpecLoadAvailable | CompilerMitigations.QSpectreAvailable).ToString());
// VS2017 - 15.5.x
x86Data.Add("19.12.25830.2 - 19.12.25834.*",
(CompilerMitigations.D2GuardSpecLoadAvailable).ToString());
// This terminates at 19.12.*.* due to a gap in support for 15.6 early previews
x86Data.Add("19.12.25835.0 - 19.12.*.*",
(CompilerMitigations.D2GuardSpecLoadAvailable | CompilerMitigations.QSpectreAvailable).ToString());
// VS2017 - 15.6 Preview 3
x86Data.Add("19.13.26029.0 - 19.13.26117.*",
(CompilerMitigations.D2GuardSpecLoadAvailable).ToString());
// Version flows into 15.7 as there is no gap in support for these switches moving forwards
x86Data.Add("19.13.26118.0 - 19.14.26328.*",
(CompilerMitigations.D2GuardSpecLoadAvailable | CompilerMitigations.QSpectreAvailable).ToString());
// VS2017 15.7 Preview 3
// Add first support for mitigation under /Od as per https://blogs.msdn.microsoft.com/vcblog/2018/04/09/spectre-mitigation-changes-in-visual-studio-2017-version-15-7-preview-3/
// This assumes that future versions of Visual Studio (post 15.6) will always have these mitigations available.
x86Data.Add("19.14.26329.0 - *.*.*.*",
(CompilerMitigations.D2GuardSpecLoadAvailable | CompilerMitigations.QSpectreAvailable | CompilerMitigations.NonoptimizedCodeMitigated).ToString());
// ARM\ARM64 support
// VS2017 - 15.6 Preview 4
armData.Add("19.13.26214.0 - 19.14.26328.*",
(CompilerMitigations.D2GuardSpecLoadAvailable | CompilerMitigations.QSpectreAvailable).ToString());
// VS2017 15.7 Preview 3
armData.Add("19.14.26329.0 - *.*.*.*",
(CompilerMitigations.D2GuardSpecLoadAvailable | CompilerMitigations.QSpectreAvailable | CompilerMitigations.NonoptimizedCodeMitigated).ToString());
compilersData.Add(MachineFamily.X86.ToString(), x86Data);
compilersData.Add(MachineFamily.Arm.ToString(), armData);
return(compilersData);
}
private static PropertiesDictionary BuildMitigatedCompilersData()
{
// As per https://blogs.msdn.microsoft.com/vcblog/2018/01/15/spectre-mitigations-in-msvc/
/*
* In current versions of the MSVC compiler, the /Qspectre switch only works on optimized code.
* You should make sure to compile your code with any of the optimization switches (e.g., /O2 or /O1 but NOT /Od) to have the mitigation applied.
* Similarly, inspect any code that uses #pragma optimize([stg], off). Work is ongoing now to make the /Qspectre mitigation work on unoptimized code.
*
* AND
*
* What versions of MSVC support the /Qspectre switch?
* All versions of Visual Studio 2017 version 15.5 and all Previews of Visual Studio version 15.6 already include an undocumented switch, /d2guardspecload, that is currently equivalent to /Qspectre.
* You can use /d2guardspecload to apply the same mitigations to your code.
* Please update to using /Qspectre as soon as you get a compiler that supports the switch as the /Qspectre switch will be maintained with new mitigations going forward.
*
* The /Qspectre switch will be available in MSVC toolsets included in all future releases of Visual Studio (including Previews).
* We will also release updates to some existing versions of Visual Studio to include support for /Qspectre.
* Releases of Visual Studio and Previews are announced on the Visual Studio Blog; update notifications are included in the Notification Hub.
* Visual Studio updates that include support for /Qspectre will be announced on the Visual C++ Team Blog and the @visualc Twitter feed.
*
* We initially plan to include support for /Qspectre in the following:
* Visual Studio 2017 version 15.6 Preview 4
* An upcoming servicing update to Visual Studio 2017 version 15.5
* A servicing update to Visual Studio 2017 “RTW”
* A servicing update to Visual Studio 2015 Update 3
*
* If you’re using an older version of MSVC we strongly encourage you to upgrade to a more recent compiler for this and other security improvements that have been developed in the last few years.
* Additionally, you’ll benefit from increased conformance, code quality, and faster compile times as well as many productivity improvements in Visual Studio.
*/
var compilersData = new PropertiesDictionary();
// Mitigations for x86 family of processors
var x86Data = new PropertiesDictionary();
// VS2015 15.0 Update 3 Versions
// TODO: Uncomment and update QSpectre minimum version once we have the official build.
// https://github.com/Microsoft/binskim/issues/134
//
// D2GuardSpecLoad version will not be back-ported
// x86Data.Add("19.0.*.* - 19.0.*.*",
// (CompilerMitigations.QSpectreAvailable).ToString());
// VS2017 RTM
// TODO: Uncomment and update QSpectre minimum version once we have the official build.
// https://github.com/Microsoft/binskim/issues/134
//
// D2GuardSpecLoad version will not be back-ported
//
// x86Data.Add("19.10.*.* - 19.10.*.*",
// (CompilerMitigations.QSpectreAvailable).ToString());
// VS2017 - 15.5
// https://github.com/Microsoft/binskim/issues/134
x86Data.Add("19.12.25830.2-19.12.*.*",
(CompilerMitigations.D2GuardSpecLoadAvailable).ToString());
//
// TODO: Update QSpectre minimum version once we have the official build.
// x86Data.Add("19.12.*.* - 19.12.*.*",
// (CompilerMitigations.QSpectreAvailable | CompilerMitigations.D2GuardSpecLoadAvailable).ToString());
// VS2017 - 15.6 Preview
x86Data.Add("19.13.26029.0 - 19.13.26029.*",
(CompilerMitigations.D2GuardSpecLoadAvailable).ToString());
// TODO: Update when we have an official build supporting QSpectre.
// x86Data.Add("19.13.*.* - 19.13.*.*",
// (CompilerMitigations.QSpectreAvailable | CompilerMitigations.D2GuardSpecLoadAvailable).ToString());
// This assumes that future versions of Visual Studio (post 15.6) will always have these mitigations available.
x86Data.Add("19.14.0.0 - *.*.*.*",
(CompilerMitigations.D2GuardSpecLoadAvailable | CompilerMitigations.QSpectreAvailable).ToString());
compilersData.Add(MachineFamily.X86.ToString(), x86Data);
// TODO--Update when ARM mitigations are available.
compilersData.Add(MachineFamily.Arm.ToString(), new PropertiesDictionary());
return(compilersData);
}
