private static PropertyBag BuildDefaultVulnerableDependenciesMap()
        {
            var result = new PropertyBag();

            var vulnerabilityDescriptor = new VulnerableDependencyDescriptor();

            vulnerabilityDescriptor.Id   = "AtlVulnerability";
            vulnerabilityDescriptor.Name = "the Active Template Library (ATL)";
            vulnerabilityDescriptor.VulnerabilityDescription = "contains known remote execution bugs (see https://technet.microsoft.com/en-us/library/security/ms09-035.aspx).";
            vulnerabilityDescriptor.Resolution = "compile your binary using an up-to-date copy of ATL.";
            vulnerabilityDescriptor.FileHashes.Add("atlbase.h#FC-A7-3E-99-8B-D3-CC-E6-D6-28-75-F6-B4-27-DF-6E");
            vulnerabilityDescriptor.FileHashes.Add("atlimpl.cpp#7C-4C-5D-BE-B6-EF-CB-DF-AF-8E-54-E5-0E-C0-2A-FB");
            vulnerabilityDescriptor.FileHashes.Add("atlbase.h#31-F6-53-39-6A-51-B4-57-1E-F0-DD-C0-B3-54-8A-60");
            vulnerabilityDescriptor.FileHashes.Add("atlcom.h#95-EB-90-BE-CF-F8-DF-1B-3E-EC-79-0A-64-B4-96-54");
            vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#AC-EB-62-06-96-F2-ED-92-F8-F9-14-A0-50-48-80-25");
            vulnerabilityDescriptor.FileHashes.Add("atlcom.h#AE-5D-A4-A5-23-42-EA-F8-46-74-93-91-1C-4F-3B-93");
            vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#7B-C6-E4-10-50-D7-89-24-37-71-7F-1E-9D-97-84-B6");
            vulnerabilityDescriptor.FileHashes.Add("atlcom.h#0B-C1-32-3B-3B-19-84-64-07-F5-3A-7A-48-36-43-B0");
            vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#56-42-D5-31-BE-31-25-9B-E9-69-9F-2F-1F-68-CD-C2");
            vulnerabilityDescriptor.FileHashes.Add("atlcom.h#97-D2-E6-9A-A3-D5-F2-F1-BA-2A-51-A2-B6-C8-9A-4B");
            vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#A5-17-80-59-4D-4D-94-0C-68-0A-00-59-ED-6B-B3-1D");
            vulnerabilityDescriptor.FileHashes.Add("atlcom.h#97-D2-E6-9A-A3-D5-F2-F1-BA-2A-51-A2-B6-C8-9A-4B");
            vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#76-FB-17-FE-79-86-B9-7D-0E-09-97-85-9A-20-E9-4C");
            result[vulnerabilityDescriptor.Id] = vulnerabilityDescriptor;

            return(result);
        }
 nameof(VulnerableDependencyDescriptor), nameof(FileHashes), defaultValue: () => { return new StringSet(); });
        public void Analyze(BinaryAnalyzerContext context)
        {
            PEHeader peHeader = context.PE.PEHeaders.PEHeader;

            Pdb pdb = context.Pdb;

            if (pdb == null)
            {
                context.Logger.Log(MessageKind.Fail, context,
                                   RuleUtilities.BuildCouldNotLoadPdbMessage(context));
                return;
            }

            Dictionary <string, TruncatedCompilandRecordList> vulnerabilityToModules = new Dictionary <string, TruncatedCompilandRecordList>();
            TruncatedCompilandRecordList moduleList;

            foreach (DisposableEnumerableView <Symbol> omView in pdb.CreateObjectModuleIterator())
            {
                Symbol om = omView.Value;
                ObjectModuleDetails details = om.GetObjectModuleDetails();
                if (details.Language != Language.C && details.Language != Language.Cxx)
                {
                    continue;
                }

                if (!details.HasDebugInfo)
                {
                    continue;
                }

                foreach (DisposableEnumerableView <SourceFile> sfView in pdb.CreateSourceFileIterator(om))
                {
                    SourceFile sf       = sfView.Value;
                    string     fileName = Path.GetFileName(sf.FileName);

                    if (!_files.Contains(fileName) || sf.HashType == HashType.None)
                    {
                        continue;
                    }

                    string hash = fileName + "#" + BitConverter.ToString(sf.Hash);
                    VulnerableDependencyDescriptor descriptor;

                    if (_filesToVulnerabilitiesMap.TryGetValue(hash, out descriptor))
                    {
                        if (!vulnerabilityToModules.TryGetValue(descriptor.Id, out moduleList))
                        {
                            moduleList = vulnerabilityToModules[descriptor.Id] = new TruncatedCompilandRecordList();
                        }
                        moduleList.Add(om.CreateCompilandRecordWithSuffix(hash));
                    }
                }
            }

            if (vulnerabilityToModules.Count != 0)
            {
                foreach (string id in vulnerabilityToModules.Keys)
                {
                    moduleList = vulnerabilityToModules[id];
                    VulnerableDependencyDescriptor descriptor = (VulnerableDependencyDescriptor)context.Policy.GetProperty(VulnerableDependencies)[id];

                    // '{0}' was built with a version of {1} which is subject to the following issues: {2}.
                    // To resolve this, {3}. The source files that triggered this were: {4}
                    context.Logger.Log(MessageKind.Fail, context,
                                       RuleUtilities.BuildMessage(context,
                                                                  RulesResources.DoNotIncorporateVulnerableBinaries_Fail,
                                                                  descriptor.Name,
                                                                  descriptor.VulnerabilityDescription,
                                                                  descriptor.Resolution,
                                                                  moduleList.ToString()));
                }
                return;
            }

            // '{0}' does not incorporate any known vulnerable dependencies, as configured by current policy.
            context.Logger.Log(MessageKind.Pass, context,
                               RuleUtilities.BuildMessage(context,
                                                          RulesResources.DoNotIncorporateVulnerableBinaries_Pass));
        }
        private static PropertyBag BuildDefaultVulnerableDependenciesMap()
        {
            var result = new PropertyBag();

            var vulnerabilityDescriptor = new VulnerableDependencyDescriptor();

            vulnerabilityDescriptor.Id = "AtlVulnerability";
            vulnerabilityDescriptor.Name = "the Active Template Library (ATL)";
            vulnerabilityDescriptor.VulnerabilityDescription = "contains known remote execution bugs (see https://technet.microsoft.com/en-us/library/security/ms09-035.aspx).";
            vulnerabilityDescriptor.Resolution = "compile your binary using an up-to-date copy of ATL.";
            vulnerabilityDescriptor.FileHashes.Add("atlbase.h#FC-A7-3E-99-8B-D3-CC-E6-D6-28-75-F6-B4-27-DF-6E");
            vulnerabilityDescriptor.FileHashes.Add("atlimpl.cpp#7C-4C-5D-BE-B6-EF-CB-DF-AF-8E-54-E5-0E-C0-2A-FB");
            vulnerabilityDescriptor.FileHashes.Add("atlbase.h#31-F6-53-39-6A-51-B4-57-1E-F0-DD-C0-B3-54-8A-60");
            vulnerabilityDescriptor.FileHashes.Add("atlcom.h#95-EB-90-BE-CF-F8-DF-1B-3E-EC-79-0A-64-B4-96-54");
            vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#AC-EB-62-06-96-F2-ED-92-F8-F9-14-A0-50-48-80-25");
            vulnerabilityDescriptor.FileHashes.Add("atlcom.h#AE-5D-A4-A5-23-42-EA-F8-46-74-93-91-1C-4F-3B-93");
            vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#7B-C6-E4-10-50-D7-89-24-37-71-7F-1E-9D-97-84-B6");
            vulnerabilityDescriptor.FileHashes.Add("atlcom.h#0B-C1-32-3B-3B-19-84-64-07-F5-3A-7A-48-36-43-B0");
            vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#56-42-D5-31-BE-31-25-9B-E9-69-9F-2F-1F-68-CD-C2");
            vulnerabilityDescriptor.FileHashes.Add("atlcom.h#97-D2-E6-9A-A3-D5-F2-F1-BA-2A-51-A2-B6-C8-9A-4B");
            vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#A5-17-80-59-4D-4D-94-0C-68-0A-00-59-ED-6B-B3-1D");
            vulnerabilityDescriptor.FileHashes.Add("atlcom.h#97-D2-E6-9A-A3-D5-F2-F1-BA-2A-51-A2-B6-C8-9A-4B");
            vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#76-FB-17-FE-79-86-B9-7D-0E-09-97-85-9A-20-E9-4C");
            result[vulnerabilityDescriptor.Id] = vulnerabilityDescriptor;

            return result;
        }