public override void Initialize(BinaryAnalyzerContext context)
{
if (context.Policy == null)
{
return;
}
_files = new HashSet <string>(StringComparer.OrdinalIgnoreCase);
_filesToVulnerabilitiesMap = new Dictionary <string, VulnerableDependencyDescriptor>();
foreach (PropertiesDictionary dictionary in context.Policy.GetProperty(VulnerableDependencies).Values)
{
var descriptor = dictionary as VulnerableDependencyDescriptor;
// This happens if we have deserialized settings from JSON rather than XML
if (descriptor == null)
{
descriptor = new VulnerableDependencyDescriptor(dictionary);
}
foreach (string fileHash in descriptor.FileHashes)
{
_filesToVulnerabilitiesMap[fileHash] = descriptor;
_files.Add(fileHash.Split('#')[0]);
}
}
return;
}
private static PropertiesDictionary BuildDefaultVulnerableDependenciesMap()
{
var result = new PropertiesDictionary();
var vulnerabilityDescriptor = new VulnerableDependencyDescriptor();
vulnerabilityDescriptor.Name = "the Active Template Library (ATL)";
vulnerabilityDescriptor.Id = "AtlVulnerability";
vulnerabilityDescriptor.VulnerabilityDescription = "contains known remote execution bugs (see https://technet.microsoft.com/en-us/library/security/ms09-035.aspx).";
vulnerabilityDescriptor.Resolution = "compile your binary using an up-to-date copy of ATL.";
vulnerabilityDescriptor.FileHashes.Add("atlbase.h#FC-A7-3E-99-8B-D3-CC-E6-D6-28-75-F6-B4-27-DF-6E");
vulnerabilityDescriptor.FileHashes.Add("atlimpl.cpp#7C-4C-5D-BE-B6-EF-CB-DF-AF-8E-54-E5-0E-C0-2A-FB");
vulnerabilityDescriptor.FileHashes.Add("atlbase.h#31-F6-53-39-6A-51-B4-57-1E-F0-DD-C0-B3-54-8A-60");
vulnerabilityDescriptor.FileHashes.Add("atlcom.h#95-EB-90-BE-CF-F8-DF-1B-3E-EC-79-0A-64-B4-96-54");
vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#AC-EB-62-06-96-F2-ED-92-F8-F9-14-A0-50-48-80-25");
vulnerabilityDescriptor.FileHashes.Add("atlcom.h#AE-5D-A4-A5-23-42-EA-F8-46-74-93-91-1C-4F-3B-93");
vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#7B-C6-E4-10-50-D7-89-24-37-71-7F-1E-9D-97-84-B6");
vulnerabilityDescriptor.FileHashes.Add("atlcom.h#0B-C1-32-3B-3B-19-84-64-07-F5-3A-7A-48-36-43-B0");
vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#56-42-D5-31-BE-31-25-9B-E9-69-9F-2F-1F-68-CD-C2");
vulnerabilityDescriptor.FileHashes.Add("atlcom.h#97-D2-E6-9A-A3-D5-F2-F1-BA-2A-51-A2-B6-C8-9A-4B");
vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#A5-17-80-59-4D-4D-94-0C-68-0A-00-59-ED-6B-B3-1D");
vulnerabilityDescriptor.FileHashes.Add("atlcom.h#97-D2-E6-9A-A3-D5-F2-F1-BA-2A-51-A2-B6-C8-9A-4B");
vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#76-FB-17-FE-79-86-B9-7D-0E-09-97-85-9A-20-E9-4C");
result[vulnerabilityDescriptor.Id] = vulnerabilityDescriptor;
return(result);
}
nameof(VulnerableDependencyDescriptor), nameof(FileHashes), defaultValue: () => { return new StringSetCollection(); });
public override void AnalyzePortableExecutableAndPdb(BinaryAnalyzerContext context)
{
PEBinary target = context.PEBinary();
Pdb pdb = target.Pdb;
Dictionary <string, TruncatedCompilandRecordList> vulnerabilityToModules = new Dictionary <string, TruncatedCompilandRecordList>();
TruncatedCompilandRecordList moduleList;
foreach (DisposableEnumerableView <Symbol> omView in pdb.CreateObjectModuleIterator())
{
Symbol om = omView.Value;
ObjectModuleDetails details = om.GetObjectModuleDetails();
if (details.Language != Language.C && details.Language != Language.Cxx)
{
continue;
}
if (!details.HasDebugInfo)
{
continue;
}
foreach (DisposableEnumerableView <SourceFile> sfView in pdb.CreateSourceFileIterator(om))
{
SourceFile sf = sfView.Value;
string fileName = Path.GetFileName(sf.FileName);
if (!_files.Contains(fileName) || sf.HashType == HashType.None)
{
continue;
}
string hash = fileName + "#" + BitConverter.ToString(sf.Hash);
VulnerableDependencyDescriptor descriptor;
if (_filesToVulnerabilitiesMap.TryGetValue(hash, out descriptor))
{
if (!vulnerabilityToModules.TryGetValue(descriptor.Id, out moduleList))
{
moduleList = vulnerabilityToModules[descriptor.Id] = new TruncatedCompilandRecordList();
}
moduleList.Add(om.CreateCompilandRecordWithSuffix(hash));
}
}
}
if (vulnerabilityToModules.Count != 0)
{
foreach (string id in vulnerabilityToModules.Keys)
{
moduleList = vulnerabilityToModules[id];
VulnerableDependencyDescriptor descriptor = (VulnerableDependencyDescriptor)context.Policy.GetProperty(VulnerableDependencies)[id];
// '{0}' was built with a version of {1} which is subject to the following issues: {2}.
// To resolve this, {3}. The source files that triggered this were: {4}
context.Logger.Log(this,
RuleUtilities.BuildResult(ResultLevel.Error, context, null,
nameof(RuleResources.BA2002_Error),
context.TargetUri.GetFileName(),
descriptor.Name,
descriptor.VulnerabilityDescription,
descriptor.Resolution,
moduleList.CreateSortedObjectList()));
}
return;
}
// '{0}' does not incorporate any known vulnerable dependencies, as configured by current policy.
context.Logger.Log(this,
RuleUtilities.BuildResult(ResultLevel.Pass, context, null,
nameof(RuleResources.BA2002_Pass),
context.TargetUri.GetFileName()));
}
private static PropertiesDictionary BuildDefaultVulnerableDependenciesMap()
{
var result = new PropertiesDictionary();
var vulnerabilityDescriptor = new VulnerableDependencyDescriptor();
vulnerabilityDescriptor.Id = "AtlVulnerability";
vulnerabilityDescriptor.Name = "the Active Template Library (ATL)";
vulnerabilityDescriptor.VulnerabilityDescription = "contains known remote execution bugs (see https://technet.microsoft.com/en-us/library/security/ms09-035.aspx).";
vulnerabilityDescriptor.Resolution = "compile your binary using an up-to-date copy of ATL.";
vulnerabilityDescriptor.FileHashes.Add("atlbase.h#FC-A7-3E-99-8B-D3-CC-E6-D6-28-75-F6-B4-27-DF-6E");
vulnerabilityDescriptor.FileHashes.Add("atlimpl.cpp#7C-4C-5D-BE-B6-EF-CB-DF-AF-8E-54-E5-0E-C0-2A-FB");
vulnerabilityDescriptor.FileHashes.Add("atlbase.h#31-F6-53-39-6A-51-B4-57-1E-F0-DD-C0-B3-54-8A-60");
vulnerabilityDescriptor.FileHashes.Add("atlcom.h#95-EB-90-BE-CF-F8-DF-1B-3E-EC-79-0A-64-B4-96-54");
vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#AC-EB-62-06-96-F2-ED-92-F8-F9-14-A0-50-48-80-25");
vulnerabilityDescriptor.FileHashes.Add("atlcom.h#AE-5D-A4-A5-23-42-EA-F8-46-74-93-91-1C-4F-3B-93");
vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#7B-C6-E4-10-50-D7-89-24-37-71-7F-1E-9D-97-84-B6");
vulnerabilityDescriptor.FileHashes.Add("atlcom.h#0B-C1-32-3B-3B-19-84-64-07-F5-3A-7A-48-36-43-B0");
vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#56-42-D5-31-BE-31-25-9B-E9-69-9F-2F-1F-68-CD-C2");
vulnerabilityDescriptor.FileHashes.Add("atlcom.h#97-D2-E6-9A-A3-D5-F2-F1-BA-2A-51-A2-B6-C8-9A-4B");
vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#A5-17-80-59-4D-4D-94-0C-68-0A-00-59-ED-6B-B3-1D");
vulnerabilityDescriptor.FileHashes.Add("atlcom.h#97-D2-E6-9A-A3-D5-F2-F1-BA-2A-51-A2-B6-C8-9A-4B");
vulnerabilityDescriptor.FileHashes.Add("atlcomcli.h#76-FB-17-FE-79-86-B9-7D-0E-09-97-85-9A-20-E9-4C");
result[vulnerabilityDescriptor.Id] = vulnerabilityDescriptor;
return result;
}