Open Evmaus-MS opened 6 years ago
I like the idea of platform-specific skimmers. Here's another way to implement it:
Define an enumeration:
[Flags]
public enum SupportedPlatforms
{
Windows = 0x01,
Linux = 0x02,
All = Windows | Linux
}
Define a new property onSkimmerBase
:
public virtual SupportedPlatforms SupportedPlatforms => SupportedPlatforms.All;
Specific skimmers can override it to omit platforms they don't support, for example:
public class WindowsSpecificSkimmer : SkimmerBase
{
public override SupportedPlatforms SupportedPlatforms
=> SupportedPlatforms.All & ~SupportedPlatforms.Linux;
}
Modify the private method AnalyzeCommandBase.CreateSkimmers
as follows:
skimmers = DriverUtilities.GetExports<ISkimmer<TContext>>(DefaultPlugInAssemblies);
SupportedPlatform currentPlatform = GetCurrentPlatform(); // I don't know how to do this.
foreach (ISkimmer<TContext> skimmer in skimmers)
{
if (skimmer.SupportedPlatforms.Contains(currentPlatform))
{
result.Add(skimmer);
}
else
{
// Define a new warning-level notification, and add a new method to the Warnings class:
Warnings.LogUnsupportedPlatform(skimmer.Id, currentPlatform);
}
}
This has the nice design characteristics:
CanAnalyze
; instead if makes platform support a first-class concept in the SDK.
@michaelcfanning, @lgolding for comments on approach, as I'm new to the Sarif-SDK internals.
Background: Porting BinSkim to run on Linux involves changing some skimmers to flag as "Only supported on Windows" since they rely on native interop. I've discussed this a bit offline with Michael--it seems like there's two options for marking the checks as not supported on a particular platform.
One option is changing the meaning of "CanAnalyze()" to also cover "Can't be analyzed on this platform"--however, the return of CanAnalyze seems to answer to "Should this binary be analyzed by this rule?", which is a different question from "Is this rule supported on this platform?", so this doesn't seem like the right approach. It also would be nice to give an actual error message (rather than just "can't analyze").
One good option is having every Skimmer that can't run on non-Windows platforms throw a PlatformNotSupportedException or similar, and disable the rule after the first time the exception is thrown. This has the nice effect of not spamming the user with "We can't run this rule" when analyzing large numbers of binaries, while still surfacing it as an error. However, this currently leads to a fatal exit code--so if we go this route, we'd want to also add a new non-fatal RunTimeError and treat that exception as a different case when Skimmer.Analyze is called in the AnalyzeCommandBase. (I've got what I believe are the appropriate changes in https://github.com/Microsoft/sarif-sdk/compare/master...Evmaus-MS:skimmer-platform-unsupported and can submit a PR for them if this is the correct approach.)