-
Notifications
You must be signed in to change notification settings - Fork 157
/
Copy pathNative_x64_VS2015_CvtresResourceOnly.dll.sarif
287 lines (287 loc) · 17.9 KB
/
Native_x64_VS2015_CvtresResourceOnly.dll.sarif
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
{
"$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.6.json",
"version": "2.1.0",
"runs": [
{
"results": [
{
"ruleId": "BA2005",
"ruleIndex": 0,
"kind": "pass",
"level": "none",
"message": {
"id": "Pass",
"arguments": [
"Native_x64_VS2015_CvtresResourceOnly.dll"
]
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "file:///Z:/src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/Native_x64_VS2015_CvtresResourceOnly.dll",
"index": 0
}
}
}
]
},
{
"ruleId": "BA2009",
"ruleIndex": 1,
"kind": "pass",
"level": "none",
"message": {
"id": "Pass",
"arguments": [
"Native_x64_VS2015_CvtresResourceOnly.dll"
]
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "file:///Z:/src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/Native_x64_VS2015_CvtresResourceOnly.dll",
"index": 0
}
}
}
]
},
{
"ruleId": "BA2010",
"ruleIndex": 2,
"kind": "pass",
"level": "none",
"message": {
"id": "Pass",
"arguments": [
"Native_x64_VS2015_CvtresResourceOnly.dll"
]
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "file:///Z:/src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/Native_x64_VS2015_CvtresResourceOnly.dll",
"index": 0
}
}
}
]
},
{
"ruleId": "BA2019",
"ruleIndex": 3,
"kind": "pass",
"level": "none",
"message": {
"id": "Pass",
"arguments": [
"Native_x64_VS2015_CvtresResourceOnly.dll"
]
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "file:///Z:/src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/Native_x64_VS2015_CvtresResourceOnly.dll",
"index": 0
}
}
}
]
},
{
"ruleId": "BA2021",
"ruleIndex": 4,
"kind": "pass",
"level": "none",
"message": {
"id": "Pass",
"arguments": [
"Native_x64_VS2015_CvtresResourceOnly.dll"
]
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "file:///Z:/src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/Native_x64_VS2015_CvtresResourceOnly.dll",
"index": 0
}
}
}
]
}
],
"tool": {
"driver": {
"name": "testhost",
"version": "15.0.0.0",
"rules": [
{
"id": "BA2005",
"name": "DoNotShipVulnerableBinaries",
"fullDescription": {
"text": "Do not ship obsolete libraries for which there are known security vulnerabilities."
},
"help": {
"text": "Do not ship obsolete libraries for which there are known security vulnerabilities."
},
"messageStrings": {
"Pass": {
"text": "'{0}' is not known to be an obsolete binary that is vulnerable to one or more security problems."
},
"Error": {
"text": "'{0}' appears to be an obsolete library (version {1}) for which there are known security vulnerabilities. To resolve this issue, obtain a version of {0} that is newer than version {2}. If this binary is not in fact {0}, ignore this warning."
},
"Error_CouldNotParseVersion": {
"text": "Version information for '{0}' could not be parsed. The binary therefore could not be verified not to be an obsolete binary that is known to be vulnerable to one or more security problems."
},
"NotApplicable_InvalidMetadata": {
"text": "'{0}' was not evaluated for check '{1}' as the analysis is not relevant based on observed metadata: {2}."
}
},
"helpUri": "/~https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2005DoNotShipVulnerableBinaries",
"properties": {
"equivalentBinScopeRuleReadableName": "BinaryVersionsCheck"
}
},
{
"id": "BA2009",
"name": "EnableAddressSpaceLayoutRandomization",
"fullDescription": {
"text": "Binaries should linked as DYNAMICBASE to be eligible for relocation by Address Space Layout Randomization (ASLR). ASLR is an important mitigation that makes it more difficult for an attacker to exploit memory corruption vulnerabilities. Configure your tools to build with this feature enabled. For C and C++ binaries, add /DYNAMICBASE to your linker command line. For .NET applications, use a compiler shipping with Visual Studio 2008 or later."
},
"help": {
"text": "Binaries should linked as DYNAMICBASE to be eligible for relocation by Address Space Layout Randomization (ASLR). ASLR is an important mitigation that makes it more difficult for an attacker to exploit memory corruption vulnerabilities. Configure your tools to build with this feature enabled. For C and C++ binaries, add /DYNAMICBASE to your linker command line. For .NET applications, use a compiler shipping with Visual Studio 2008 or later."
},
"messageStrings": {
"Pass": {
"text": "'{0}' is properly compiled to enable Address Space Layout Randomization, reducing an attacker's ability to exploit code in well-known locations."
},
"Error_NotDynamicBase": {
"text": "'{0}' is not marked as DYNAMICBASE. This means that the binary is not eligible for relocation by Address Space Layout Randomization (ASLR). ASLR is an important mitigation that makes it more difficult for an attacker to exploit memory corruption vulnerabilities. To resolve this issue, configure your tools to build with this feature enabled. For C and C++ binaries, add /DYNAMICBASE to your linker command line. For .NET applications, use a compiler shipping with Visual Studio 2008 or later."
},
"Error_RelocsStripped": {
"text": "'{0}' is marked as DYNAMICBASE but relocation data has been stripped from the image, preventing address space layout randomization. "
},
"Error_WinCENoRelocationSection": {
"text": "'{0}' is a Windows CE image but does not contain any relocation data, preventing Address Space Layout Randomization."
},
"NotApplicable_InvalidMetadata": {
"text": "'{0}' was not evaluated for check '{1}' as the analysis is not relevant based on observed metadata: {2}."
}
},
"helpUri": "/~https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2009EnableAddressSpaceLayoutRandomization",
"properties": {
"equivalentBinScopeRuleReadableName": "DBCheck"
}
},
{
"id": "BA2010",
"name": "DoNotMarkImportsSectionAsExecutable",
"fullDescription": {
"text": "PE sections should not be marked as both writable and executable. This condition makes it easier for an attacker to exploit memory corruption vulnerabilities, as it may provide an attacker executable location(s) to inject shellcode. Because the loader will always mark the imports section as writable, it is therefore important to mark this section as non-executable. To resolve this issue, ensure that your program does not mark the imports section executable. Look for uses of /SECTION or /MERGE on the linker command line, or #pragma segment in source code, which change the imports section to be executable, or which merge the \".rdata\" segment into an executable section."
},
"help": {
"text": "PE sections should not be marked as both writable and executable. This condition makes it easier for an attacker to exploit memory corruption vulnerabilities, as it may provide an attacker executable location(s) to inject shellcode. Because the loader will always mark the imports section as writable, it is therefore important to mark this section as non-executable. To resolve this issue, ensure that your program does not mark the imports section executable. Look for uses of /SECTION or /MERGE on the linker command line, or #pragma segment in source code, which change the imports section to be executable, or which merge the \".rdata\" segment into an executable section."
},
"messageStrings": {
"Pass": {
"text": "'{0}' does not have an imports section that is marked as executable, helping to prevent the exploitation of code vulnerabilities."
},
"Error": {
"text": "'{0}' has the imports section marked executable. Because the loader will always mark the imports section as writable, it is important to mark this section as non-executable, so that an attacker cannot place shellcode here. To resolve this issue, ensure that your program does not mark the imports section as executable. Look for uses of /SECTION or /MERGE on the linker command line, or #pragma segment in source code, which change the imports section to be executable, or which merge the \".rdata\" segment into an executable section."
},
"NotApplicable_InvalidMetadata": {
"text": "'{0}' was not evaluated for check '{1}' as the analysis is not relevant based on observed metadata: {2}."
}
},
"helpUri": "/~https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2010DoNotMarkImportsSectionAsExecutable",
"properties": {
"equivalentBinScopeRuleReadableName": "ExecutableImportsCheck"
}
},
{
"id": "BA2019",
"name": "DoNotMarkWritableSectionsAsShared",
"fullDescription": {
"text": "Code or data sections should not be marked as both shared and writable. Because these sections are shared across processes, this condition might permit a process with low privilege to alter memory in a higher privilege process. If you do not actually require that a section be both writable and shared, remove one or both of these attributes (by modifying your .DEF file, the appropriate linker /section switch arguments, etc.). If you must share common data across processes (for inter-process communication (IPC) or other purposes) use CreateFileMapping with proper security attributes or an actual IPC mechanism instead (COM, named pipes, LPC, etc.)."
},
"help": {
"text": "Code or data sections should not be marked as both shared and writable. Because these sections are shared across processes, this condition might permit a process with low privilege to alter memory in a higher privilege process. If you do not actually require that a section be both writable and shared, remove one or both of these attributes (by modifying your .DEF file, the appropriate linker /section switch arguments, etc.). If you must share common data across processes (for inter-process communication (IPC) or other purposes) use CreateFileMapping with proper security attributes or an actual IPC mechanism instead (COM, named pipes, LPC, etc.)."
},
"messageStrings": {
"Pass": {
"text": "'{0}' contains no data or code sections marked as both shared and writable, helping to prevent the exploitation of code vulnerabilities."
},
"Error": {
"text": "'{0}' contains one or more code or data sections ({1}) which are marked as both shared and writable. Because these sections are shared across processes, this condition might permit a process with low privilege to alter memory in a higher privilege process. If you do not actually require that a section be both writable and shared, remove one or both of these attributes (by modifying your .DEF file, the appropriate linker /section switch arguments, etc.). If you must share common data across processes (for inter-process communication (IPC) or other purposes) use CreateFileMapping with proper security attributes or an actual IPC mechanism instead (COM, named pipes, LPC, etc.)."
},
"NotApplicable_InvalidMetadata": {
"text": "'{0}' was not evaluated for check '{1}' as the analysis is not relevant based on observed metadata: {2}."
}
},
"helpUri": "/~https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2019DoNotMarkWritableSectionsAsShared",
"properties": {
"equivalentBinScopeRuleReadableName": "SharedSectionCheck"
}
},
{
"id": "BA2021",
"name": "DoNotMarkWritableSectionsAsExecutable",
"fullDescription": {
"text": "PE sections should not be marked as both writable and executable. This condition makes it easier for an attacker to exploit memory corruption vulnerabilities, as it may provide an attacker executable location(s) to inject shellcode. To resolve this issue, configure your tools to not emit memory sections that are writable and executable. For example, look for uses of /SECTION on the linker command line for C and C++ programs, or #pragma section in C and C++ source code, which mark a section with both attributes. Be sure to disable incremental linking in release builds, as this feature creates a writable and executable section named '.textbss' in order to function."
},
"help": {
"text": "PE sections should not be marked as both writable and executable. This condition makes it easier for an attacker to exploit memory corruption vulnerabilities, as it may provide an attacker executable location(s) to inject shellcode. To resolve this issue, configure your tools to not emit memory sections that are writable and executable. For example, look for uses of /SECTION on the linker command line for C and C++ programs, or #pragma section in C and C++ source code, which mark a section with both attributes. Be sure to disable incremental linking in release builds, as this feature creates a writable and executable section named '.textbss' in order to function."
},
"messageStrings": {
"Pass": {
"text": "'{0}' contains no data or code sections marked as both shared and executable, helping to prevent the exploitation of code vulnerabilities."
},
"Error": {
"text": "'{0}' contains PE section(s) ({1}) that are both writable and executable. Writable and executable memory segments make it easier for an attacker to exploit memory corruption vulnerabilities, because it may provide an attacker executable location(s) to inject shellcode. To resolve this issue, configure your tools to not emit memory sections that are writable and executable. For example, look for uses of /SECTION on the linker command line for C and C++ programs, or #pragma section in C and C++ source code, which mark a section with both attributes. Enabling incremental linking via the /INCREMENTAL argument (the default for Microsoft Visual Studio debug build) can also result in a writable and executable section named 'textbss'. For this case, disable incremental linking (or analyze an alternate build configuration that disables this feature) to resolve the problem."
},
"Error_UnexpectedSectionAligment": {
"text": "'{0}' has a section alignment ({1}) that is smaller than its page size ({2})."
},
"NotApplicable_InvalidMetadata": {
"text": "'{0}' was not evaluated for check '{1}' as the analysis is not relevant based on observed metadata: {2}."
}
},
"helpUri": "/~https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2021DoNotMarkWritableSectionsAsExecutable",
"properties": {
"equivalentBinScopeRuleReadableName": "WXCheck"
}
}
],
"properties": {
"comments": "A security and correctness analyzer for portable executable and MSIL formats."
}
}
},
"invocations": [
{
"executionSuccessful": true
}
],
"artifacts": [
{
"location": {
"uri": "file:///Z:/src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/Native_x64_VS2015_CvtresResourceOnly.dll",
"index": 0
},
"hashes": {
"md5": "5CE4E7BE02171B5B2C7BBC90188730C1",
"sha-1": "9421E83DDB77FCF1F0FA65F06C16DD6D337B3344",
"sha-256": "DAC635A661D536349CC803AC04B3657EFCFDC6BFA4A6A7F187D9A7FB09303E16"
}
}
],
"columnKind": "utf16CodeUnits"
}
]
}