Comments (7)
suvamM
commented on June 18, 2024
1
@suvamM I was not aware that ER997.ExceptionLoadingPdb is agregated, is there documentation entry for what it agregates? I need to convert this output to matrix, so need to know what fields I need to fill in. Personally would prefer an option to not agregate such errors, are those showing in sarif files correctly? Will check tomorrow
OK, so I understood your problem correctly :)
Let me check the aggregation logic.
from binskim.
michaelcfanning
commented on June 18, 2024
We should investigate this for 4.0.1, our next release.
from binskim.
suvamM
commented on June 18, 2024
@quasarea I am looking into this issue and trying to understand it better. From the outputs above, it does not seem like there is a problem: there is an aggregated error ER997.ExceptionLoadingPdb while running the analysis on the library.dll, instead of an ER997 error for every rule, as you showed in the output below it. I think this is by design. Could you please confirm if this is the problem you are reporting?
from binskim.
quasarea
commented on June 18, 2024
@suvamM I was not aware that ER997.ExceptionLoadingPdb is aggregated, is there documentation entry for what it aggregates? I need to convert this output to matrix, so need to know what fields I need to fill in. Personally would prefer an option to not aggregate such errors, are those showing in sarif files correctly? Will check tomorrow
from binskim.
quasarea
commented on June 18, 2024
I can confirm that sarif does not contain information about particular tests as well, just aggregation. I think sarif should contain complete information instead. I could add script that if ERR997.ExceptionLoadingPdb then BA2002, BA2006, BA2007, BA2011, BA2013, BA2014, BA2024 failed, but I will have to keep track on your documentation so when you add another test that depends on pdb, I will extend my script. It is not perfect solutions for me ;)
from binskim.
shaopeng-gh
commented on June 18, 2024
thanks for reporting, adding my input,
This was actually implemented as a breaking change by request:
#465
the binary lacking of pdb is a single issue and can be fixed by a single action to add the missing pdb, and I believe most generic users of BinSkim as a tool would prefer not have the issue duplicated.
This change however as a breaking change, will be inconvenient for advanced user that is looking for a complete list.
This looks like a by design for me.
from binskim.
quasarea
commented on June 18, 2024
Its all fine if you have documented what tests are aggregated into that
error. Personally I dont think it should behave like that in sarif output.
Regards,
J
…On Fri, 5 May 2023, 19:14 Shaopeng, ***@***.***> wrote:
thanks for reporting, adding my input,
This was actually implemented as a breaking change by request:
#465 <#465>
the binary lacking of pdb is a single issue and can be fixed by a single
action to add the missing pdb, and I believe most generic users of BinSkim
as a tool would prefer not have the issue duplicated.
This change however as a breaking change, will be inconvenient for
advanced user that is looking for a complete list.
This looks like a by design for me.
—
Reply to this email directly, view it on GitHub
<#843 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACO3GBX43VZB7GWAPJE47C3XEU7PZANCNFSM6AAAAAAWDYGLRM>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
from binskim.
Related Issues (20)
- Is it true that I can pass an input file list? HOT 3
- SpectreMitigationsEnabled
- Guardian: PostAnalysis error [ EnableCriticalCompilerWarning] HOT 1
- Combability with .NET ReadyToRun and Self-Contained HOT 3
- BA2026 is reported as NotApplicable for native PE binaries compiled with /sdl switch
- BA2025, /CETCOMPAT and .NET Framework
- Users not able to know which file causes issue when exception loading pdb
- BA2004 - Should exclude "AssemblyAttributes.obj" HOT 1
- BinSkim download from symbol server not working
- Unclear Error message when the path of the file too long
- Enabling disabled rules
- BinSkim BA2014 compatibility with the new Arm64EC files
- BinSkim BA2021 compatibility with R2R Linux binaries
- Put evidence of MSVC ASAN utilization in telemetry stream
- [RULE REQUEST] Check for the import of outdated (end-of-life) Visual C++ redistributable DLLs
- Special-case compiler generated `dummy.obj` file that fires `BA2004` HOT 1
- Whether to suppress ‘PDB not found’ errors for stub .exe that invokes the .net core entry point
- Introducing an alternative to Binskim: Binary Valentine (with GUI)
- --ignorePdbLoadError behavior changed
- Insecure (SHA-1) source code hashing algorithm (BA2004 error) on Visual Basic assembly targeting .NET FX HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from binskim.