You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have performed the static code analysis for the unmanaged c++ dll.
It reported the below error
Error BA2004 'ts2coreD.dll' is a native binary that directly compiles and links one or more object files which were hashed using an insecure checksum algorithm (MD5). MD5 is subject to collision attacks and its use can compromise supply chain integrity. Pass '/ZH:SHA_256' on the cl.exe command-line to enable secure source code hashing. The following modules are out of policy:
Microsoft (R) Optimizing Compiler : cxx : 19.38.33136.0 : [directly linked] (TagTableVw.obj).
Hence We have updated the '/ZH:SHA_256' Additional options in Compiler settings for the source dll and also libraries it is referring to.
But still Binskim reports same error.
Could you please let me know what went wrong.
Version used - microsoft.codeanalysis.binskim.1.9.5
Visual studio - 2022 Enterprise
The text was updated successfully, but these errors were encountered:
can you please try to run it with the newest BinSkim version 4.3.1? It's not release to the feed, but you can build it and use it locally. If the Error remains let me know and we can investigate it further.
I have tried downloading 4.3.1 Binskim version. But unfortunately while unzipping the source code, our domain security tool have identified some malicious file and it stops unzipping it.
Hence i could not build the latest version and try it. Please suggest me any other path forward.
We have performed the static code analysis for the unmanaged c++ dll.
It reported the below error
Error BA2004 'ts2coreD.dll' is a native binary that directly compiles and links one or more object files which were hashed using an insecure checksum algorithm (MD5). MD5 is subject to collision attacks and its use can compromise supply chain integrity. Pass '/ZH:SHA_256' on the cl.exe command-line to enable secure source code hashing. The following modules are out of policy:
Microsoft (R) Optimizing Compiler : cxx : 19.38.33136.0 : [directly linked] (TagTableVw.obj).
Hence We have updated the '/ZH:SHA_256' Additional options in Compiler settings for the source dll and also libraries it is referring to.
But still Binskim reports same error.
Could you please let me know what went wrong.
Version used - microsoft.codeanalysis.binskim.1.9.5
Visual studio - 2022 Enterprise
The text was updated successfully, but these errors were encountered: