Refactor project to target .NET 9.0 and remove obsolete configurations

microsoft · Jan 21, 2025 · c90c64e · c90c64e
1 parent 4ebce5c
commit c90c64e
Show file tree

Hide file tree

Showing 32 changed files with 141 additions and 274 deletions.
diff --git a/BuildAndTest.cmd b/BuildAndTest.cmd
@@ -63,23 +63,20 @@ call :RunTestProject BinSkim.Rules Functional  || goto :ExitFailed
 
 ::Create the BinSkim platform specific publish packages
 echo Creating Platform Specific BinSkim 'Publish' Packages
-call :CreatePublishPackage netcoreapp3.1 win-x64 || goto :ExitFailed
-call :CreatePublishPackage netcoreapp3.1 linux-x64 || goto :ExitFailed
-call :CreatePublishPackage netcoreapp3.1 osx-x64 || goto :ExitFailed
-call :CreatePublishPackage net6.0 win-x64 || goto :ExitFailed
-call :CreatePublishPackage net6.0 linux-x64 || goto :ExitFailed
-call :CreatePublishPackage net6.0 osx-x64 || goto :ExitFailed
+call :CreatePublishPackage net9.0 win-x64 || goto :ExitFailed
+call :CreatePublishPackage net9.0 linux-x64 || goto :ExitFailed
+call :CreatePublishPackage net9.0 osx-x64 || goto :ExitFailed
 
 ::Build NuGet package
 echo BuildPackages.cmd
 call BuildPackages.cmd || goto :ExitFailed
 
 echo dotnet-format
-dotnet tool update --global dotnet-format --version 4.1.131201
+dotnet tool update --global dotnet-format
 
 ::Update BinSkimRules.md to cover any xml changes
 echo Exporting any BinSkim rules
-.\bld\bin\x64_Release\netcoreapp3.1\BinSkim.exe export-rules .\docs\BinSkimRules.md
+.\bld\bin\x64_Release\net9.0\BinSkim.exe export-rules .\docs\BinSkimRules.md
 
 goto :Exit
 

diff --git a/BuildAndTest.sh b/BuildAndTest.sh
@@ -9,7 +9,7 @@ fi
 
 dotnet build src/BinSkimUnix.sln --configuration Release /p:Platform="x64"
 
-dotnet test bld/bin/x64_Release/netcoreapp3.1/Test.FunctionalTests.BinSkim.Driver.dll
-dotnet test bld/bin/x64_Release/netcoreapp3.1/Test.FunctionalTests.BinSkim.Rules.dll
-dotnet test bld/bin/x64_Release/netcoreapp3.1/Test.UnitTests.BinaryParsers.dll
-dotnet test bld/bin/x64_Release/netcoreapp3.1/Test.UnitTests.BinSkim.Rules.dll
+dotnet test bld/bin/x64_Release/net9.0/Test.FunctionalTests.BinSkim.Driver.dll
+dotnet test bld/bin/x64_Release/net9.0/Test.FunctionalTests.BinSkim.Rules.dll
+dotnet test bld/bin/x64_Release/net9.0/Test.UnitTests.BinaryParsers.dll
+dotnet test bld/bin/x64_Release/net9.0/Test.UnitTests.BinSkim.Rules.dll
diff --git a/BuildPackages.cmd b/BuildPackages.cmd
@@ -4,7 +4,10 @@ SETLOCAL
 
 call SetCurrentVersion.cmd
 
+@echo packing %~dp0src\Nuget\BinSkim.nuspec -Properties configuration=%Configuration%;version=%MAJOR%.%MINOR%.%PATCH%%PRERELEASE% -Verbosity Quiet -BasePath %~dp0 -OutputDirectory %~dp0bld\bin\Nuget
 %~dp0.nuget\NuGet.exe pack %~dp0src\Nuget\BinSkim.nuspec -Properties configuration=%Configuration%;version=%MAJOR%.%MINOR%.%PATCH%%PRERELEASE% -Verbosity Quiet -BasePath %~dp0 -OutputDirectory %~dp0bld\bin\Nuget || goto :ExitFailed
+
+@echo packing %~dp0src\Nuget\BinaryParsers.nuspec -Properties configuration=%Configuration%;version=%MAJOR%.%MINOR%.%PATCH%%PRERELEASE% -Verbosity Quiet -BasePath %~dp0 -OutputDirectory %~dp0bld\bin\Nuget
 %~dp0.nuget\NuGet.exe pack %~dp0src\Nuget\BinaryParsers.nuspec -Properties configuration=%Configuration%;version=%MAJOR%.%MINOR%.%PATCH%%PRERELEASE% -Verbosity Quiet -BasePath %~dp0 -OutputDirectory %~dp0bld\bin\Nuget || goto :ExitFailed
 
 goto Exit

diff --git a/README.md b/README.md
@@ -27,34 +27,34 @@ If you only want to run the Binskim tool without installing anything, then you c
 1. Download BinSkim from **[NuGet](https://www.nuget.org/packages/Microsoft.CodeAnalysis.BinSkim/)**
 2. Rename the file extension from .nupkg to .zip (ie. via commandline: `rename microsoft.codeanalysis.binskim.x.y.z.nupkg microsoft.codeanalysis.binskim.x.y.z.zip`)
 3. Unzip
-4. Executable files are now available in the OS specific folder within _tools\netcoreapp3.1_ (ie. linux-x64, win-x64, and osx-x64).
+4. Executable files are now available in the OS specific folder within _tools\net9.0_ (ie. linux-x64, win-x64, and osx-x64).
 5. Navigate to this location to invoke the executable:
-    - Windows: `binskim.exe analyze c:\bld\*.dll --recurse true --output MyRun.sarif`
-    - Linux/Unix: `./BinSkim analyze /someDirectory/testBinary -o MyRun.sarif`
-    - Mac: `./BinSkim analyze /someDirectory/testBinary -o MyRun.sarif`
-    - Using dotnet sdk: `dotnet binskim.dll analyze /directoryPath/testBinary -o MyRun.sarif`
+   - Windows: `binskim.exe analyze c:\bld\*.dll --recurse true --output MyRun.sarif`
+   - Linux/Unix: `./BinSkim analyze /someDirectory/testBinary -o MyRun.sarif`
+   - Mac: `./BinSkim analyze /someDirectory/testBinary -o MyRun.sarif`
+   - Using dotnet sdk: `dotnet binskim.dll analyze /directoryPath/testBinary -o MyRun.sarif`
 
 ### Command-Line Quick Guide
 
-| Argument (short form, long form) | Meaning |
-| -------------------------------- | ------- |
-| **`--trace`** | Execution traces, expressed as a semicolon-delimited list enclosed in double quotes, that should be emitted to the console and log file (if appropriate). Valid values: PdbLoad, ScanTime, RuleScanTime, PeakWorkingSet, TargetsScanned, ResultsSummary. |
-| **`--sympath`** | Symbol paths, expressed as a semicolon-delimited list enclosed in double quotes. (e.g. `SRV*https://msdl.microsoft.com/download/symbols` or `Cache*d:\symbols;Srv*https://symweb`) See https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/advanced-symsrv-use for syntax information. |
-| **`--local-symbol-directories`** | Local directory paths, expressed as a semicolon-delimited list enclosed in double quotes, that will be examined when attempting to locate PDBs. |
-| **`-o, --output`** | File path used to write and output analysis using [SARIF](https://github.com/Microsoft/sarif-sdk) |
-| **`-r, --recurse [true\|false]`** | If true, recurse into subdirectories when evaluating file specifier arguments |
-| **`-c, --config`** | (Default: ‘default’) Path to policy file to be used to configure analysis. Passing value of 'default' (or omitting the argument) invokes built-in settings |
-| **`-q, --quiet [true\|false]`** | If true, do not log results to the console |
-| **`-s, --statistics`** | Generate timing and other statistics for analysis session |
-| **`--insert`** | Optionally present data, expressed as a semicolon-delimited list enclosed in double quotes, that should be inserted into the log file. Valid values include Hashes, TextFiles, BinaryFiles, EnvironmentVariables, RegionSnippets, ContextRegionSnippets, ContextRegionSnippetPartialFingerprints, Guids, VersionControlDetails, and NondeterministicProperties. |
-| **`-e, --environment [true\|false]`** | <p>If true, log machine environment details of run to output file.</p><p>**WARNING:** This option records potentially sensitive information (such as all environment variable values) to the log file.</p> |
-| **`-p, --plugin`** | Paths to plugin, expressed as a semicolon-delimited list enclosed in double quotes, that will be invoked against all targets in the analysis set. |
-| **`--rich-return-code [true\|false]`** | If true, output a more detailed exit code consisting of a series of flags about execution, rather than outputting '0' for success/'1' for failure (see codes below) |
-| **`--level`** | Failure levels, expressed as a semicolon-delimited list enclosed in double quotes, that is used to filter the scan results. Valid values: Error, Warning and Note. |
-| **`--kind`** | Result kinds, expressed as a semicolon-delimited list enclosed in double quotes, that is used to filter the scan results. Valid values: Fail (for literal scan results), Pass, Review, Open, NotApplicable and Informational. |
-| **`--baseline`** | A Sarif file to be used as baseline. |
-| **`--help`** | Table of argument information. |
-| **`--version`** | BinSkim version details. |
-| **`value pos. 0`** | One or more specifiers to a file, directory, or filter pattern that resolves to one or more binaries to analyze. |
+| Argument (short form, long form)       | Meaning                                                                                                                                                                                                                                                                                                                                                         |
+| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **`--trace`**                          | Execution traces, expressed as a semicolon-delimited list enclosed in double quotes, that should be emitted to the console and log file (if appropriate). Valid values: PdbLoad, ScanTime, RuleScanTime, PeakWorkingSet, TargetsScanned, ResultsSummary.                                                                                                        |
+| **`--sympath`**                        | Symbol paths, expressed as a semicolon-delimited list enclosed in double quotes. (e.g. `SRV*https://msdl.microsoft.com/download/symbols` or `Cache*d:\symbols;Srv*https://symweb`) See https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/advanced-symsrv-use for syntax information.                                                           |
+| **`--local-symbol-directories`**       | Local directory paths, expressed as a semicolon-delimited list enclosed in double quotes, that will be examined when attempting to locate PDBs.                                                                                                                                                                                                                 |
+| **`-o, --output`**                     | File path used to write and output analysis using [SARIF](https://github.com/Microsoft/sarif-sdk)                                                                                                                                                                                                                                                               |
+| **`-r, --recurse [true\|false]`**      | If true, recurse into subdirectories when evaluating file specifier arguments                                                                                                                                                                                                                                                                                   |
+| **`-c, --config`**                     | (Default: ‘default’) Path to policy file to be used to configure analysis. Passing value of 'default' (or omitting the argument) invokes built-in settings                                                                                                                                                                                                      |
+| **`-q, --quiet [true\|false]`**        | If true, do not log results to the console                                                                                                                                                                                                                                                                                                                      |
+| **`-s, --statistics`**                 | Generate timing and other statistics for analysis session                                                                                                                                                                                                                                                                                                       |
+| **`--insert`**                         | Optionally present data, expressed as a semicolon-delimited list enclosed in double quotes, that should be inserted into the log file. Valid values include Hashes, TextFiles, BinaryFiles, EnvironmentVariables, RegionSnippets, ContextRegionSnippets, ContextRegionSnippetPartialFingerprints, Guids, VersionControlDetails, and NondeterministicProperties. |
+| **`-e, --environment [true\|false]`**  | <p>If true, log machine environment details of run to output file.</p><p>**WARNING:** This option records potentially sensitive information (such as all environment variable values) to the log file.</p>                                                                                                                                                      |
+| **`-p, --plugin`**                     | Paths to plugin, expressed as a semicolon-delimited list enclosed in double quotes, that will be invoked against all targets in the analysis set.                                                                                                                                                                                                               |
+| **`--rich-return-code [true\|false]`** | If true, output a more detailed exit code consisting of a series of flags about execution, rather than outputting '0' for success/'1' for failure (see codes below)                                                                                                                                                                                             |
+| **`--level`**                          | Failure levels, expressed as a semicolon-delimited list enclosed in double quotes, that is used to filter the scan results. Valid values: Error, Warning and Note.                                                                                                                                                                                              |
+| **`--kind`**                           | Result kinds, expressed as a semicolon-delimited list enclosed in double quotes, that is used to filter the scan results. Valid values: Fail (for literal scan results), Pass, Review, Open, NotApplicable and Informational.                                                                                                                                   |
+| **`--baseline`**                       | A Sarif file to be used as baseline.                                                                                                                                                                                                                                                                                                                            |
+| **`--help`**                           | Table of argument information.                                                                                                                                                                                                                                                                                                                                  |
+| **`--version`**                        | BinSkim version details.                                                                                                                                                                                                                                                                                                                                        |
+| **`value pos. 0`**                     | One or more specifiers to a file, directory, or filter pattern that resolves to one or more binaries to analyze.                                                                                                                                                                                                                                                |
 
 **Example:** `binskim.exe analyze c:\bld\*.dll --recurse true --output MyRun.sarif`
diff --git a/ado-build.yml b/ado-build.yml
@@ -97,4 +97,4 @@ jobs:
         displayName: "Run BinSkim"
         inputs:
           targetType: "inline"
-          script: "dotnet bld/bin/x64_Release/netcoreapp3.1/binskim.dll analyze src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/macho.*"
+          script: "dotnet bld/bin/x64_Release/net9.0/binskim.dll analyze src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/macho.*"
diff --git a/global.json b/global.json
diff --git a/scripts/SimpleStressTest.ps1 b/scripts/SimpleStressTest.ps1
@@ -12,7 +12,7 @@
 [CmdletBinding()]
 param(
     [string]
-    $BinSkimFolder = "..\bld\bin\x64_Release\netcoreapp3.1",
+    $BinSkimFolder = "..\bld\bin\x64_Release\net9.0",
 
     [string]
     $SessionName = "stress",

diff --git a/src/BinSkim.Driver/BinSkim.Driver.csproj b/src/BinSkim.Driver/BinSkim.Driver.csproj
@@ -4,7 +4,7 @@
   <PropertyGroup>
     <AssemblyName>BinSkim</AssemblyName>
     <!--  Condition="'$(OS)'=='Windows_NT'" -->
-    <TargetFrameworks>net9.0</TargetFrameworks>
+    <TargetFrameworks>$(NetCoreVersion)</TargetFrameworks>
     <TargetLatestRuntimePatch>True</TargetLatestRuntimePatch>
     <OutputType>Exe</OutputType>
     <Platforms>x64</Platforms>

diff --git a/src/BinSkim.Rules/BinSkim.Rules.csproj b/src/BinSkim.Rules/BinSkim.Rules.csproj
@@ -3,7 +3,7 @@
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory).., build.netcore.props))\build.netcore.props" />
   <PropertyGroup>
     <RootNamespace>Microsoft.CodeAnalysis.IL.Rules</RootNamespace>
-    <TargetFramework>net9.0</TargetFramework>
+    <TargetFramework>$(NetCoreVersion)</TargetFramework>
     <Platforms>x64</Platforms>
   </PropertyGroup>
   <ItemGroup>

diff --git a/src/BinSkim.Sdk/BinSkim.Sdk.csproj b/src/BinSkim.Sdk/BinSkim.Sdk.csproj
@@ -3,7 +3,7 @@
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory).., build.netcore.props))\build.netcore.props" />
   <PropertyGroup>
     <RootNamespace>Microsoft.CodeAnalysis.IL.Sdk</RootNamespace>
-    <TargetFramework>net9.0</TargetFramework>
+    <TargetFramework>$(NetCoreVersion)</TargetFramework>
     <Platforms>x64</Platforms>
   </PropertyGroup>
   <ItemGroup>

diff --git a/src/BinaryParsers/BinaryParsers.csproj b/src/BinaryParsers/BinaryParsers.csproj
@@ -3,7 +3,7 @@
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory).., build.netcore.props))\build.netcore.props" />
   <PropertyGroup>
     <RootNamespace>Microsoft.CodeAnalysis.BinaryParsers</RootNamespace>
-    <TargetFramework>net9.0</TargetFramework>
+    <TargetFramework>$(NetCoreVersion)</TargetFramework>
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
     <Platforms>x64</Platforms>
   </PropertyGroup>

diff --git a/src/BinaryParsers/PEBinary/PEBinary.cs b/src/BinaryParsers/PEBinary/PEBinary.cs
@@ -92,7 +92,8 @@ public void DisposePortableExecutableData()
         {
             if (this.pdb != null &&
                 this.pdb.IsValueCreated &&
-                this.pdb.Value != null)
+                this.pdb.Value != null &&
+                OperatingSystem.IsWindows())
             {
                 this.pdb.Value.Dispose();
             }

diff --git a/src/BinaryParsers/PEBinary/ProgramDatabase/MSDiaComWrapper.cs b/src/BinaryParsers/PEBinary/ProgramDatabase/MSDiaComWrapper.cs
@@ -36,7 +36,7 @@ private static void CoCreateFromMsdia(Guid clsidOfServer, Guid riid, out IntPtr
             var classFactory = (IClassFactory)Marshal.GetObjectForIUnknown(pClassFactory);
             classFactory.CreateInstance(IntPtr.Zero, ref riid, out pvObject);
             Marshal.Release(pClassFactory);
-            Marshal.ReleaseComObject(classFactory);
+            ResourceReleaser.Release(classFactory);
         }
 
         private const string IDiaDataSourceRiid = "79F1BB5F-B66E-48E5-B6A9-1545C323CA3D";