GuangZhu01
commented
2 years ago I am not sure if I should post analyze log here, but I encountered ERR997.ExceptionLoadingAnalysisTarget error from ADO pipeline may related to this thread. I want to know if BinSkim fully support Linux platform or not, or the scope BinSkim support Linux artifact analyze? Please let me know any update. Thanks!
Here are the details:
I have run BinSkim under same Linux vmImage ( Environment: ubuntu-20.04 Version: 20220724.1 ) to analyze elf file with Pipeline, I can got correct results for release build artifact only once, but I got error ERR997.ExceptionLoadingAnalysisTarget for publish version artifact, and I tried many times for other elfs, got same result as publish version artifact.
Is there something I missed or I forgot to do? Would you please let me know any ideas please? Thanks a lot!
Release version artifact output from BinSkim analyzing:
2022-08-08T04:47:10.5618942Z /mnt/vss/_work/1/a/myBinary.elf: notapplicable BA5001: 'myBinary.elf' was not evaluated for check 'EnablePositionIndependentExecutableMachO' as the analysis is not relevant based on observed metadata: image is not a MachO binary.
2022-08-08T04:47:10.5625049Z /mnt/vss/_work/1/a/myBinary.elf: notapplicable BA5002: 'myBinary.elf' was not evaluated for check 'DoNotAllowExecutableStack' as the analysis is not relevant based on observed metadata: image is not a MachO binary.
2022-08-08T04:47:10.5628305Z /mnt/vss/_work/1/a/myBinary.elf: error BA3002: GNU_STACK segment on 'myBinary.elf' is missing, which means the stack will likely be loaded as executable. Ensure you are using an up to date compiler and passing '-z noexecstack' to the compiler.
2022-08-08T04:47:10.5631185Z /mnt/vss/_work/1/a/myBinary.elf: error BA3004: 'myBinary.elf' is using debugging dwarf version '4'. The dwarf version 5 contains more information and should be used. To enable the debugging version 5 use '-gdwarf-5'.
2022-08-08T04:47:10.5634283Z /mnt/vss/_work/1/a/myBinary.elf: error BA3010: The GNU_RELRO segment is missing from this binary, so relocation sections in 'myBinary.elf' will not be marked as read only after the binary is loaded. An attacker can overwrite these to redirect control flow. Ensure you are compiling with the compiler flags '-Wl,z,relro' to address this.
2022-08-08T04:47:10.5637619Z /mnt/vss/_work/1/a/myBinary.elf: error BA3011: The BIND_NOW flag is missing from this binary, so relocation sections in 'myBinary.elf' will not be marked as read only after the binary is loaded. An attacker can overwrite these to redirect control flow. Ensure you are compiling with the compiler flags '-Wl,z,now' to address this.
2022-08-08T04:47:10.5639219Z
2022-08-08T04:47:10.5640106Z Done. 1 files scanned.
2022-08-08T04:47:10.5641044Z Analysis completed successfully.
2022-08-08T04:47:10.5641481Z
2022-08-08T04:47:10.5643180Z One or more rules was disabled for an analysis target, as it was determined not to be applicable to it (this is a common condition). Pass --verbose on the command-line for more information.
2022-08-08T04:47:10.5644062Z Publish version artifact output from BinSkim analyzing:
2022-08-08T04:50:43.0118865Z "dotnet BinSkim.dll analyze /mnt/vss/_work/1/a/myBinary.elf/*.elf -f -r --verbose -o Binskim_Symbols_Publish_10752880_Bedrock_results.sarif":
2022-08-08T04:50:43.2370729Z Analyzing...
2022-08-08T04:50:43.2433458Z BINSKIM : warning WRN997.ObsoleteOption : Option '--verbose' is obsolete. Use 'use --level and --kind' instead.
2022-08-08T04:50:43.4141361Z BINSKIM : warning WRN998.UnsupportedPlatform : Rule 'DoNotIncorporateVulnerableDependencies' was disabled as it cannot run on the current platform 'Linux'. It can only run on 'Windows'.
2022-08-08T04:50:43.4151951Z BINSKIM : warning WRN998.UnsupportedPlatform : Rule 'EnableSecureSourceCodeHashing' was disabled as it cannot run on the current platform 'Linux'. It can only run on 'Windows'.
2022-08-08T04:50:43.4154542Z BINSKIM : warning WRN998.UnsupportedPlatform : Rule 'DoNotShipVulnerableBinaries' was disabled as it cannot run on the current platform 'Linux'. It can only run on 'Windows'.
2022-08-08T04:50:43.4156425Z BINSKIM : warning WRN998.UnsupportedPlatform : Rule 'BuildWithSecureTools' was disabled as it cannot run on the current platform 'Linux'. It can only run on 'Windows'.
2022-08-08T04:50:43.4158300Z BINSKIM : warning WRN998.UnsupportedPlatform : Rule 'EnableCriticalCompilerWarnings' was disabled as it cannot run on the current platform 'Linux'. It can only run on 'Windows'.
2022-08-08T04:50:43.4160158Z BINSKIM : warning WRN998.UnsupportedPlatform : Rule 'EnableStackProtection' was disabled as it cannot run on the current platform 'Linux'. It can only run on 'Windows'.
2022-08-08T04:50:43.4161971Z BINSKIM : warning WRN998.UnsupportedPlatform : Rule 'InitializeStackProtection' was disabled as it cannot run on the current platform 'Linux'. It can only run on 'Windows'.
2022-08-08T04:50:43.4163863Z BINSKIM : warning WRN998.UnsupportedPlatform : Rule 'DoNotDisableStackProtectionForFunctions' was disabled as it cannot run on the current platform 'Linux'. It can only run on 'Windows'.
2022-08-08T04:50:43.4165696Z BINSKIM : warning WRN998.UnsupportedPlatform : Rule 'SignSecurely' was disabled as it cannot run on the current platform 'Linux'. It can only run on 'Windows'.
2022-08-08T04:50:43.4167486Z BINSKIM : warning WRN998.UnsupportedPlatform : Rule 'EnableSpectreMitigations' was disabled as it cannot run on the current platform 'Linux'. It can only run on 'Windows'.
2022-08-08T04:50:43.4169654Z BINSKIM : warning WRN998.UnsupportedPlatform : Rule 'EnableShadowStack' was disabled as it cannot run on the current platform 'Linux'. It can only run on 'Windows'.
2022-08-08T04:50:43.4171536Z BINSKIM : warning WRN998.UnsupportedPlatform : Rule 'EnableMicrosoftCompilerSdlSwitch' was disabled as it cannot run on the current platform 'Linux'. It can only run on 'Windows'.
2022-08-08T04:50:43.4173410Z BINSKIM : warning WRN998.UnsupportedPlatform : Rule 'ReportPECompilerData' was disabled as it cannot run on the current platform 'Linux'. It can only run on 'Windows'.
2022-08-08T04:50:57.4662671Z /mnt/vss/_work/1/a/myBinary.elf : error ERR997.ExceptionLoadingAnalysisTarget : Could not load analysis target 'myBinary.elf'.
2022-08-08T04:50:57.4781736Z
2022-08-08T04:50:57.4784598Z Done. 1 files scanned.
2022-08-08T04:50:57.4792003Z
2022-08-08T04:50:57.4794504Z Analysis did not complete due to one or more unrecoverable execution conditions.
2022-08-08T04:50:57.4796459Z Unexpected fatal runtime condition(s) observed: ExceptionLoadingTargetFile
XiaoningJin
Customer reported issue with BinSkim 1.9.2 14+ hours without completing while unhandled exceptions were being logged. This may be related to adding the new multi-threaded analysis feature.
Goal: attempt to repro customer issue and identify how to prevent moving forward.