Getting rid off sarif sdk from codebase

.github/workflows/dotnet-format.yml

@@ -16,4 +16,4 @@ jobs:
       run: dotnet tool install -g dotnet-format
 
     - name: dotnet format
-      run: dotnet-format --folder --check  --exclude .\src\sarif-sdk\
+      run: dotnet-format --folder --check

BuildAndTest.cmd

@@ -38,8 +38,6 @@ echo         public const string Version = AssemblyVersion + Prerelease;
 echo     }                                                                           >> %VERSION_CONSTANTS%
 echo  }                                                                              >> %VERSION_CONSTANTS%
 
-::Download Submodules
-if not exist %~dp0src\sarif-sdk\src\Sarif.Sdk.sln (git submodule update --init --recursive)
 
 ::Restore packages
 echo Restoring packages...
@@ -65,24 +63,20 @@ call :RunTestProject BinSkim.Rules Functional  || goto :ExitFailed
 
 ::Create the BinSkim platform specific publish packages
 echo Creating Platform Specific BinSkim 'Publish' Packages
-call :CreatePublishPackage netcoreapp3.1 win-x64 || goto :ExitFailed
-call :CreatePublishPackage netcoreapp3.1 linux-x64 || goto :ExitFailed
-call :CreatePublishPackage netcoreapp3.1 osx-x64 || goto :ExitFailed
-call :CreatePublishPackage net6.0 win-x64 || goto :ExitFailed
-call :CreatePublishPackage net6.0 linux-x64 || goto :ExitFailed
-call :CreatePublishPackage net6.0 osx-x64 || goto :ExitFailed
+call :CreatePublishPackage net8.0 win-x64 || goto :ExitFailed
+call :CreatePublishPackage net8.0 linux-x64 || goto :ExitFailed
+call :CreatePublishPackage net8.0 osx-x64 || goto :ExitFailed
 
 ::Build NuGet package
 echo BuildPackages.cmd
 call BuildPackages.cmd || goto :ExitFailed
 
 echo dotnet-format
 dotnet tool update --global dotnet-format --version 4.1.131201
-dotnet-format --folder --exclude .\src\sarif-sdk\
 
 ::Update BinSkimRules.md to cover any xml changes
 echo Exporting any BinSkim rules
-.\bld\bin\x64_Release\netcoreapp3.1\BinSkim.exe export-rules .\docs\BinSkimRules.md
+.\bld\bin\x64_Release\net8.0\BinSkim.exe export-rules .\docs\BinSkimRules.md
 
 goto :Exit
 

BuildAndTest.sh

@@ -6,14 +6,10 @@ if [[  "$(uname)" == "Linux" || "$(uname)" == "Darwin" ]]; then
   sed 's#\\#/#g' src/BinSkim.sln > src/BinSkimUnix.sln
 fi
 
-if [ ! -f src/sarif-sdk/src/Sarif.Sdk.sln ]; then
-  echo "Get submodule..."
-  git submodule update --init --recursive
-fi
 
 dotnet build src/BinSkimUnix.sln --configuration Release /p:Platform="x64"
 
-dotnet test bld/bin/x64_Release/netcoreapp3.1/Test.FunctionalTests.BinSkim.Driver.dll
-dotnet test bld/bin/x64_Release/netcoreapp3.1/Test.FunctionalTests.BinSkim.Rules.dll
-dotnet test bld/bin/x64_Release/netcoreapp3.1/Test.UnitTests.BinaryParsers.dll
-dotnet test bld/bin/x64_Release/netcoreapp3.1/Test.UnitTests.BinSkim.Rules.dll
+dotnet test bld/bin/x64_Release/net8.0/Test.FunctionalTests.BinSkim.Driver.dll
+dotnet test bld/bin/x64_Release/net8.0/Test.FunctionalTests.BinSkim.Rules.dll
+dotnet test bld/bin/x64_Release/net8.0/Test.UnitTests.BinaryParsers.dll
+dotnet test bld/bin/x64_Release/net8.0/Test.UnitTests.BinSkim.Rules.dll

README.md

@@ -27,34 +27,40 @@ If you only want to run the Binskim tool without installing anything, then you c
 1. Download BinSkim from **[NuGet](https://www.nuget.org/packages/Microsoft.CodeAnalysis.BinSkim/)**
 2. Rename the file extension from .nupkg to .zip (ie. via commandline: `rename microsoft.codeanalysis.binskim.x.y.z.nupkg microsoft.codeanalysis.binskim.x.y.z.zip`)
 3. Unzip
-4. Executable files are now available in the OS specific folder within _tools\netcoreapp3.1_ (ie. linux-x64, win-x64, and osx-x64).
+4. Executable files are now available in the OS specific folder within _tools\net8.0_ (ie. linux-x64, win-x64, and osx-x64).
 5. Navigate to this location to invoke the executable:
     - Windows: `binskim.exe analyze c:\bld\*.dll --recurse true --output MyRun.sarif`
     - Linux/Unix: `./BinSkim analyze /someDirectory/testBinary -o MyRun.sarif`
     - Mac: `./BinSkim analyze /someDirectory/testBinary -o MyRun.sarif`
     - Using dotnet sdk: `dotnet binskim.dll analyze /directoryPath/testBinary -o MyRun.sarif`
 
 ### Command-Line Quick Guide
+For more information you can follow our [UserGuide.md](https://github.com/microsoft/binskim/blob/main/docs/UserGuide.md).
 
-| Argument (short form, long form) | Meaning |
-| -------------------------------- | ------- |
-| **`--trace`** | Execution traces, expressed as a semicolon-delimited list enclosed in double quotes, that should be emitted to the console and log file (if appropriate). Valid values: PdbLoad, ScanTime, RuleScanTime, PeakWorkingSet, TargetsScanned, ResultsSummary. |
-| **`--sympath`** | Symbol paths, expressed as a semicolon-delimited list enclosed in double quotes. (e.g. `SRV*https://msdl.microsoft.com/download/symbols` or `Cache*d:\symbols;Srv*https://symweb`) See https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/advanced-symsrv-use for syntax information. |
-| **`--local-symbol-directories`** | Local directory paths, expressed as a semicolon-delimited list enclosed in double quotes, that will be examined when attempting to locate PDBs. |
-| **`-o, --output`** | File path used to write and output analysis using [SARIF](https://github.com/Microsoft/sarif-sdk) |
-| **`-r, --recurse [true\|false]`** | If true, recurse into subdirectories when evaluating file specifier arguments |
-| **`-c, --config`** | (Default: ‘default’) Path to policy file to be used to configure analysis. Passing value of 'default' (or omitting the argument) invokes built-in settings |
-| **`-q, --quiet [true\|false]`** | If true, do not log results to the console |
-| **`-s, --statistics`** | Generate timing and other statistics for analysis session |
-| **`--insert`** | Optionally present data, expressed as a semicolon-delimited list enclosed in double quotes, that should be inserted into the log file. Valid values include Hashes, TextFiles, BinaryFiles, EnvironmentVariables, RegionSnippets, ContextRegionSnippets, ContextRegionSnippetPartialFingerprints, Guids, VersionControlDetails, and NondeterministicProperties. |
-| **`-e, --environment [true\|false]`** | <p>If true, log machine environment details of run to output file.</p><p>**WARNING:** This option records potentially sensitive information (such as all environment variable values) to the log file.</p> |
-| **`-p, --plugin`** | Paths to plugin, expressed as a semicolon-delimited list enclosed in double quotes, that will be invoked against all targets in the analysis set. |
-| **`--rich-return-code [true\|false]`** | If true, output a more detailed exit code consisting of a series of flags about execution, rather than outputting '0' for success/'1' for failure (see codes below) |
-| **`--level`** | Failure levels, expressed as a semicolon-delimited list enclosed in double quotes, that is used to filter the scan results. Valid values: Error, Warning and Note. |
-| **`--kind`** | Result kinds, expressed as a semicolon-delimited list enclosed in double quotes, that is used to filter the scan results. Valid values: Fail (for literal scan results), Pass, Review, Open, NotApplicable and Informational. |
-| **`--baseline`** | A Sarif file to be used as baseline. |
-| **`--help`** | Table of argument information. |
-| **`--version`** | BinSkim version details. |
-| **`value pos. 0`** | One or more specifiers to a file, directory, or filter pattern that resolves to one or more binaries to analyze. |
-
-**Example:** `binskim.exe analyze c:\bld\*.dll --recurse true --output MyRun.sarif`
+#### Analyze Command
+The primary function of BinSkim is to analyze Windows portable executables (.dlls, .exes, etc). To analyze a file, pass one or more arguments that resolve one or more portable executables.
+```pwsh
+    // Analyze a single binary named MyProjectFile.dll found in c:\temp
+    // and emit verbose messages during analysis
+    binskime.exe analyze c:\temp\MyProjectFile.dll –verbose
+    // Analyze all files with the .dll or .exe extension starting in the
+    // current working directory and recursing through all child directories
+    binskim analyze *.exe *.dll –recurse
+    // Analyze all files with the .dll extension starting in the current
+    // current directory and write results to a SARIF log file
+    binskim analyze *.dll --output MyLog.sarif 
+```
+
+#### Help command
+The following command-lines invoke the general BinSkime help message. This message will display all the built-in ModernCop commands (help, analyze, capture, et al) for which more detailed help can be requested: 
+```pwsh
+    binskim.exe --help
+```
+To request detailed help for specific commands, invoke ‘binskim.exe help [command]’, eg:
+```pwsh
+    binskim.exe help analyze
+    binskim.exe help exportRules
+    binskim.exe help exportConfig
+    binskim.exe help dump
+    binskim.exe help version
+```

ReleaseHistory.md

@@ -16,6 +16,9 @@
 - NEW => new feature 
 
 ## UNRELEASED
+* DEP: Update dotnet version to supported versions
+* NEW: Remove sarif-sdk submodule and use nuget package instead
+* DEP: Update nugate packages to latest versions
 
 ## **v4.3.1** [NuGet Package](https://www.nuget.org/packages/Microsoft.CodeAnalysis.BinSkim/4.3.1)
 * DEP: Update `msdia140.dll` from 14.40.33810.0 to 14.40.33812. [1000](https://github.com/microsoft/binskim/pull/1002)

ado-build.yml

@@ -52,8 +52,6 @@ jobs:
           script: "BuildAndTest.cmd"
 
       - task: ComponentGovernanceComponentDetection@0
-        inputs:
-          ignoreDirectories: 'src\sarif-sdk'
 
   - job: mac
     pool:
@@ -84,4 +82,4 @@ jobs:
         displayName: "Run BinSkim"
         inputs:
           targetType: "inline"
-          script: "dotnet bld/bin/x64_Release/netcoreapp3.1/binskim.dll analyze src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/macho.*"
+          script: "dotnet bld/bin/x64_Release/net8.0/binskim.dll analyze src/Test.FunctionalTests.BinSkim.Driver/BaselineTestData/macho.*"

scripts/SimpleStressTest.ps1

@@ -12,7 +12,7 @@
 [CmdletBinding()]
 param(
     [string]
-    $BinSkimFolder = "..\bld\bin\x64_Release\netcoreapp3.1",
+    $BinSkimFolder = "..\bld\bin\x64_Release\net8.0",
 
     [string]
     $SessionName = "stress",

src/BinSkim.Driver/BinSkim.Driver.csproj

@@ -29,9 +29,11 @@
   <ItemGroup>
     <PackageReference Include="CommandLineParser" Version="2.9.1" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageReference Include="System.Collections.Immutable" Version="7.0.0" />
+    <PackageReference Include="Sarif.Driver" Version="4.5.4" />
+    <PackageReference Include="Sarif.Sdk" Version="4.5.4" />
+    <PackageReference Include="System.Collections.Immutable" Version="8.0.0" />
     <PackageReference Include="System.Private.Uri" Version="4.3.2" />
-    <PackageReference Include="System.Reflection.Metadata" Version="7.0.2" />
+    <PackageReference Include="System.Reflection.Metadata" Version="8.0.0" />
   </ItemGroup>
 
   <ItemGroup>
@@ -42,7 +44,6 @@
   </ItemGroup>
 
   <ItemGroup>
-    <ProjectReference Include="..\sarif-sdk\src\Sarif.Driver\Sarif.Driver.csproj" />
     <ProjectReference Include="..\BinaryParsers\BinaryParsers.csproj" />
     <ProjectReference Include="..\BinSkim.Rules\BinSkim.Rules.csproj" />
     <ProjectReference Include="..\BinSkim.Sdk\BinSkim.Sdk.csproj" />

src/BinSkim.Rules/BinSkim.Rules.csproj

@@ -4,7 +4,7 @@
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory).., build.netcore.props))\build.netcore.props" />
   <PropertyGroup>
     <RootNamespace>Microsoft.CodeAnalysis.IL.Rules</RootNamespace>
-    <TargetFramework>$(NetStandardVersion)</TargetFramework>
+    <TargetFramework>$(NetCoreVersion)</TargetFramework>
     <Platforms>x64</Platforms>
   </PropertyGroup>
 
@@ -17,12 +17,14 @@
 
   <ItemGroup>
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageReference Include="System.Collections.Immutable" Version="7.0.0" />
-    <PackageReference Include="System.Composition" Version="7.0.0" />
+    <PackageReference Include="Sarif.Driver" Version="4.5.4" />
+    <PackageReference Include="Sarif.Sdk" Version="4.5.4" />
+    <PackageReference Include="System.Collections.Immutable" Version="8.0.0" />
+    <PackageReference Include="System.Composition" Version="8.0.0" />
+    <PackageReference Include="System.Private.Uri" Version="4.3.2" />
   </ItemGroup>
 
   <ItemGroup>
-    <ProjectReference Include="..\sarif-sdk\src\Sarif.Driver\Sarif.Driver.csproj" />
     <ProjectReference Include="..\BinaryParsers\BinaryParsers.csproj" />
     <ProjectReference Include="..\BinSkim.Sdk\BinSkim.Sdk.csproj" />
   </ItemGroup>

src/BinSkim.Sdk/BinSkim.Sdk.csproj

@@ -4,19 +4,21 @@
     <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory).., build.netcore.props))\build.netcore.props" />
   <PropertyGroup>
     <RootNamespace>Microsoft.CodeAnalysis.IL.Sdk</RootNamespace>
-    <TargetFramework>$(NetStandardVersion)</TargetFramework>
+    <TargetFrameworks>$(NetCoreVersion)</TargetFrameworks>
     <Platforms>x64</Platforms>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.ApplicationInsights" Version="2.21.0" />
+    <PackageReference Include="Microsoft.ApplicationInsights" Version="2.22.0" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageReference Include="System.Collections.Immutable" Version="7.0.0" />
+    <PackageReference Include="Sarif.Driver" Version="4.5.4" />
+    <PackageReference Include="Sarif.Sdk" Version="4.5.4" />
+    <PackageReference Include="System.Collections.Immutable" Version="8.0.0" />
+    <PackageReference Include="System.Private.Uri" Version="4.3.2" />
   </ItemGroup>
 
   <ItemGroup>
     <ProjectReference Include="..\BinaryParsers\BinaryParsers.csproj" />
-    <ProjectReference Include="..\sarif-sdk\src\Sarif.Driver\Sarif.Driver.csproj" />
   </ItemGroup>
 
   <ItemGroup>

src/BinSkim.Sdk/Telemetry.cs

@@ -87,7 +87,8 @@ public void Dispose()
         private static void ConfigureTelemetryContext(TelemetryContext context)
         {
             context.Session.Id = CreateRandomSessionId();
-            context.Component.Version = Assembly.GetCallingAssembly().GetCustomAttribute<AssemblyFileVersionAttribute>().Version;
+            AssemblyFileVersionAttribute? versionAttribute = Assembly.GetCallingAssembly().GetCustomAttribute<AssemblyFileVersionAttribute>();
+            context.Component.Version = versionAttribute?.Version ?? "Unknown";
             context.Device.OperatingSystem = RuntimeInformation.OSDescription;
         }