-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
* FPS: BA2004.EnableSecureSourceCodeHashing
now will no longer generate false positives for UWP App regarding dummy.obj
.
#987
Changes from all commits
b39c5bc
61036d2
6cade06
f2d0f3a
2ba0ab4
d2e634d
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -129,6 +129,11 @@ public void AnalyzeNativeBinaryAndPdb(BinaryAnalyzerContext context) | |
continue; | ||
} | ||
|
||
if (IsLikelyUwpDummyObj(omDetails.Language, omDetails.Library, omDetails.Name)) | ||
{ | ||
continue; | ||
} | ||
|
||
if (omDetails.Name.EndsWith(MSVCStandardApplicationFrameworkFileName) || | ||
omDetails.Name.EndsWith(AssemblyAttributesObjFileName) || | ||
omDetails.Name.EndsWith(AssemblyInfoObjFileName)) | ||
|
@@ -310,5 +315,11 @@ public IEnumerable<IOption> GetOptions() | |
// RequiredCompilerWarnings, | ||
}.ToImmutableArray(); | ||
} | ||
|
||
internal static bool IsLikelyUwpDummyObj(Language language, string library, string name) => | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Thanks, this is so much more readable with the improved wrapping. If you want to change the method name to IsUwpDummyObj --well, I think it's more than 'likely' given all these checks. :) (Or 'Presumed' if you want to be super cautious.) Up to you though. If you decide to make that change let me know and I'll restamp quickly. |
||
language == Language.MASM && | ||
library != null && | ||
library.Equals(name, StringComparison.Ordinal) && | ||
library.Equals(@"c:\dummy.obj", StringComparison.Ordinal); | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
// Copyright (c) Microsoft. All rights reserved. | ||
// Licensed under the MIT license. See LICENSE file in the project root for full license information. | ||
|
||
using FluentAssertions; | ||
|
||
using Microsoft.CodeAnalysis.BinaryParsers.ProgramDatabase; | ||
|
||
using Xunit; | ||
|
||
namespace Microsoft.CodeAnalysis.IL.Rules | ||
{ | ||
public class EnableSecureSourceCodeHashingTests | ||
{ | ||
[Fact] | ||
public void IsLikelyUwpDummyObjTests() | ||
{ | ||
EnableSecureSourceCodeHashing.IsLikelyUwpDummyObj(Language.MASM, @"c:\dummy.obj", @"c:\dummy.obj").Should().BeTrue(); | ||
EnableSecureSourceCodeHashing.IsLikelyUwpDummyObj(Language.MASM, @"d:\dummy.obj", @"d:\dummy.obj").Should().BeFalse(); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @shaopeng-gh To make sure I understand this correctly, There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. yes I believe the official one should have the path fixed as |
||
EnableSecureSourceCodeHashing.IsLikelyUwpDummyObj(Language.C, @"c:\dummy.obj", @"c:\dummy.obj").Should().BeFalse(); | ||
EnableSecureSourceCodeHashing.IsLikelyUwpDummyObj(Language.MASM, @"c:\Dummy.obj", @"c:\Dummy.obj").Should().BeFalse(); | ||
EnableSecureSourceCodeHashing.IsLikelyUwpDummyObj(Language.MASM, "AnyLib", @"c:\dummy.obj").Should().BeFalse(); | ||
} | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: FPS should come after BUG in the standard order.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@stacywray I don't think that list is ordered. Alphabetical ordering makes sense, but why should BUG be prioritized over FPS otherwise?