diff --git a/ReleaseHistory.md b/ReleaseHistory.md index 8f130fe8..e2b45276 100644 --- a/ReleaseHistory.md +++ b/ReleaseHistory.md @@ -29,6 +29,8 @@ * BUG: Fix `--trace` missing supported values from SARIF SDK (`ScanTime`, `RuleScanTime`, `PeakWorkingSet`, `TargetsScanned`, `ResultsSummary`). [896](https://github.com/microsoft/binskim/pull/896) * BUG: Temporarily restore command-line option `--hashes` and `--statistics` as obsolete for compatibility reasons. Please do not use them as they will be removed in future releases. [945](https://github.com/microsoft/binskim/pull/945) * NEW: `BA2024.EnableSpectreMitigations` now informs user when a compiland `RawCommandLine` value is missing and the rule is therefore not able to determine if `/Qspectre` is specified. [#933](https://github.com/microsoft/binskim/pull/933) +* NEW: Add `IncludeWixBinaries` option when using config file, to include Wix binaries in the analysis. [#944](https://github.com/microsoft/binskim/pull/944) +* NEW: Support `SymbolPath`, `LocalSymbolDirectories`, `IgnorePdbLoadError` option when using config file, in addtion to passing as command line parameters. [#944](https://github.com/microsoft/binskim/pull/944) ## **v4.1.0** * DEP: Update Sarif.Sdk submodule from [120fae3 to bc8cb57](https://github.com/microsoft/sarif-sdk/compare/120fae3...bc8cb57). Full [SARIF SDK Release History](https://github.com/microsoft/sarif-sdk/blob/bc8cb57/ReleaseHistory.md). diff --git a/docs/FunctionalTestBuildScripts.md b/docs/FunctionalTestBuildScripts.md index a6f00c42..d09a070f 100644 --- a/docs/FunctionalTestBuildScripts.md +++ b/docs/FunctionalTestBuildScripts.md @@ -218,3 +218,8 @@ The Visual Studio 2022 "empty console application" template, compiled as Debug|x ## Sha256SignedUntrustedRoot.exe The Visual Studio 2022 default executable template, in project property signing tab enable sign the assembly with a test certificate with sha256RSA. + +## Wix_4.0.1_VS2022_Bundle.exe + +The Visual Studio 2022 "Wix Bundle" template, with one "Wix MSI package" that combines a default C# helloworld console app and a default C++ helloworld console app. +The default C++ helloworld console app itself will trigger BinSkim rules. Currently BinSkim does not scan files inside the package and the bundle file itself will pass BinSkim rules. diff --git a/src/BinSkim.Driver/AnalyzeOptions.cs b/src/BinSkim.Driver/AnalyzeOptions.cs index 92fca443..c1e1a01d 100644 --- a/src/BinSkim.Driver/AnalyzeOptions.cs +++ b/src/BinSkim.Driver/AnalyzeOptions.cs @@ -51,7 +51,7 @@ public class AnalyzeOptions : AnalyzeOptionsBase [Option( "ignorePdbLoadError", HelpText = "If enabled, BinSkim won't break if we have a 'PdbLoadingException'.")] - public bool IgnorePdbLoadError { get; set; } + public bool? IgnorePdbLoadError { get; set; } [Option( 's', diff --git a/src/BinSkim.Driver/MultithreadedAnalyzeCommand.cs b/src/BinSkim.Driver/MultithreadedAnalyzeCommand.cs index 3332afad..3a685923 100644 --- a/src/BinSkim.Driver/MultithreadedAnalyzeCommand.cs +++ b/src/BinSkim.Driver/MultithreadedAnalyzeCommand.cs @@ -68,9 +68,9 @@ public override BinaryAnalyzerContext InitializeGlobalContextFromOptions(Analyze base.InitializeGlobalContextFromOptions(options, ref context); // Update context object based on command-line parameters. - context.SymbolPath = options.SymbolsPath; - context.IgnorePdbLoadError = options.IgnorePdbLoadError; - context.LocalSymbolDirectories = options.LocalSymbolDirectories; + context.SymbolPath = options.SymbolsPath ?? context.SymbolPath; + context.IgnorePdbLoadError = options.IgnorePdbLoadError != null ? options.IgnorePdbLoadError.Value : context.IgnorePdbLoadError; + context.LocalSymbolDirectories = options.LocalSymbolDirectories ?? context.LocalSymbolDirectories; context.TracePdbLoads = options.Trace.Contains(nameof(Traces.PdbLoad)); context.CompilerDataLogger = @@ -101,6 +101,7 @@ protected override BinaryAnalyzerContext CreateScanTargetContext(BinaryAnalyzerC scanTargetContext.CompilerDataLogger = context.CompilerDataLogger; scanTargetContext.SymbolPath = context.SymbolPath; + scanTargetContext.IncludeWixBinaries = context.IncludeWixBinaries; scanTargetContext.IgnorePdbLoadError = context.IgnorePdbLoadError; scanTargetContext.LocalSymbolDirectories = context.LocalSymbolDirectories; scanTargetContext.TracePdbLoads = context.TracePdbLoads; diff --git a/src/BinSkim.Rules/PERules/BA2001.LoadImagesAboveFourGigabyteAddress.cs b/src/BinSkim.Rules/PERules/BA2001.LoadImagesAboveFourGigabyteAddress.cs index 07a8163f..fc1442b2 100644 --- a/src/BinSkim.Rules/PERules/BA2001.LoadImagesAboveFourGigabyteAddress.cs +++ b/src/BinSkim.Rules/PERules/BA2001.LoadImagesAboveFourGigabyteAddress.cs @@ -44,7 +44,7 @@ public class LoadImageAboveFourGigabyteAddress : PEBinarySkimmerBase nameof(RuleResources.NotApplicable_InvalidMetadata) }; - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA2002.DoNotIncorporateVulnerableDependencies.cs b/src/BinSkim.Rules/PERules/BA2002.DoNotIncorporateVulnerableDependencies.cs index cf229c14..76740e7b 100644 --- a/src/BinSkim.Rules/PERules/BA2002.DoNotIncorporateVulnerableDependencies.cs +++ b/src/BinSkim.Rules/PERules/BA2002.DoNotIncorporateVulnerableDependencies.cs @@ -77,7 +77,7 @@ public override void Initialize(BinaryAnalyzerContext context) return; } - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA2004.EnableSecureSourceCodeHashing.cs b/src/BinSkim.Rules/PERules/BA2004.EnableSecureSourceCodeHashing.cs index 786904cd..26d47221 100644 --- a/src/BinSkim.Rules/PERules/BA2004.EnableSecureSourceCodeHashing.cs +++ b/src/BinSkim.Rules/PERules/BA2004.EnableSecureSourceCodeHashing.cs @@ -41,7 +41,7 @@ public class EnableSecureSourceCodeHashing : WindowsBinaryAndPdbSkimmerBase, IOp nameof(RuleResources.NotApplicable_InvalidMetadata) }; - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { reasonForNotAnalyzing = null; return AnalysisApplicability.ApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA2005.DoNotShipVulnerableBinaries.cs b/src/BinSkim.Rules/PERules/BA2005.DoNotShipVulnerableBinaries.cs index 39d7aad8..bf3c3c73 100644 --- a/src/BinSkim.Rules/PERules/BA2005.DoNotShipVulnerableBinaries.cs +++ b/src/BinSkim.Rules/PERules/BA2005.DoNotShipVulnerableBinaries.cs @@ -72,7 +72,7 @@ private static StringToVersionMap BuildDefaultVulnerableBinariesMap() // Between one and unlimited times, as many times as possible, giving back as needed (greedy) «+» private static readonly Regex s_versionRegex = new Regex(@"\d+(\.\d+){0,3}", RegexOptions.Compiled | RegexOptions.CultureInvariant | RegexOptions.ExplicitCapture); - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { reasonForNotAnalyzing = ""; return AnalysisApplicability.ApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA2006.BuildWithSecureTools.cs b/src/BinSkim.Rules/PERules/BA2006.BuildWithSecureTools.cs index 2e0c5a16..21e10aa9 100644 --- a/src/BinSkim.Rules/PERules/BA2006.BuildWithSecureTools.cs +++ b/src/BinSkim.Rules/PERules/BA2006.BuildWithSecureTools.cs @@ -90,7 +90,7 @@ public override void Initialize(BinaryAnalyzerContext context) return; } - public override AnalysisApplicability CanAnalyzePE(PEBinary target, PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA2007.EnableCriticalCompilerWarnings.cs b/src/BinSkim.Rules/PERules/BA2007.EnableCriticalCompilerWarnings.cs index 3bac5dba..47f540c4 100644 --- a/src/BinSkim.Rules/PERules/BA2007.EnableCriticalCompilerWarnings.cs +++ b/src/BinSkim.Rules/PERules/BA2007.EnableCriticalCompilerWarnings.cs @@ -64,7 +64,7 @@ public IEnumerable GetOptions() new PerLanguageOption( AnalyzerName, nameof(RequiredCompilerWarnings), defaultValue: () => BuildRequiredCompilerWarningsSet()); - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA2008.EnableControlFlowGuard.cs b/src/BinSkim.Rules/PERules/BA2008.EnableControlFlowGuard.cs index ba781121..7085bbfa 100644 --- a/src/BinSkim.Rules/PERules/BA2008.EnableControlFlowGuard.cs +++ b/src/BinSkim.Rules/PERules/BA2008.EnableControlFlowGuard.cs @@ -65,7 +65,7 @@ public IEnumerable GetOptions() public const uint IMAGE_GUARD_CF_CHECKS = IMAGE_GUARD_CF_INSTRUMENTED | IMAGE_GUARD_CF_FUNCTION_TABLE_PRESENT; - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget; @@ -85,7 +85,7 @@ public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.Proper reasonForNotAnalyzing = MetadataConditions.ImageIsBootBinary; if (portableExecutable.IsBoot) { return result; } - Version minimumRequiredLinkerVersion = policy.GetProperty(MinimumRequiredLinkerVersion); + Version minimumRequiredLinkerVersion = context.Policy.GetProperty(MinimumRequiredLinkerVersion); if (portableExecutable.LinkerVersion < minimumRequiredLinkerVersion) { @@ -98,7 +98,7 @@ public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.Proper } reasonForNotAnalyzing = MetadataConditions.ImageIsWixBinary; - if (portableExecutable.IsWixBinary) { return result; } + if (!context.IncludeWixBinaries && portableExecutable.IsWixBinary) { return result; } reasonForNotAnalyzing = null; return AnalysisApplicability.ApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA2009.EnableAddressSpaceLayoutRandomization.cs b/src/BinSkim.Rules/PERules/BA2009.EnableAddressSpaceLayoutRandomization.cs index d7426cb4..02f6bf70 100644 --- a/src/BinSkim.Rules/PERules/BA2009.EnableAddressSpaceLayoutRandomization.cs +++ b/src/BinSkim.Rules/PERules/BA2009.EnableAddressSpaceLayoutRandomization.cs @@ -42,7 +42,7 @@ public class EnableAddressSpaceLayoutRandomization : PEBinarySkimmerBase nameof(RuleResources.NotApplicable_InvalidMetadata) }; - public override AnalysisApplicability CanAnalyzePE(PEBinary target, PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA2010.DoNotMarkImportsSectionAsExecutable.cs b/src/BinSkim.Rules/PERules/BA2010.DoNotMarkImportsSectionAsExecutable.cs index 34fc97fa..2335501f 100644 --- a/src/BinSkim.Rules/PERules/BA2010.DoNotMarkImportsSectionAsExecutable.cs +++ b/src/BinSkim.Rules/PERules/BA2010.DoNotMarkImportsSectionAsExecutable.cs @@ -40,7 +40,7 @@ public class DoNotMarkImportsSectionAsExecutable : PEBinarySkimmerBase nameof(RuleResources.NotApplicable_InvalidMetadata) }; - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA2011.EnableStackProtection.cs b/src/BinSkim.Rules/PERules/BA2011.EnableStackProtection.cs index 85d7dc59..ae7b3e5d 100644 --- a/src/BinSkim.Rules/PERules/BA2011.EnableStackProtection.cs +++ b/src/BinSkim.Rules/PERules/BA2011.EnableStackProtection.cs @@ -40,7 +40,7 @@ public class EnableStackProtection : WindowsBinaryAndPdbSkimmerBase nameof(RuleResources.NotApplicable_InvalidMetadata) }; - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { return StackProtectionUtilities.CommonCanAnalyze(target, out reasonForNotAnalyzing); } diff --git a/src/BinSkim.Rules/PERules/BA2012.DoNotModifyStackProtectionCookie.cs b/src/BinSkim.Rules/PERules/BA2012.DoNotModifyStackProtectionCookie.cs index df596a0f..e0ccfc3a 100644 --- a/src/BinSkim.Rules/PERules/BA2012.DoNotModifyStackProtectionCookie.cs +++ b/src/BinSkim.Rules/PERules/BA2012.DoNotModifyStackProtectionCookie.cs @@ -51,7 +51,7 @@ public class DoNotModifyStackProtectionCookie : PEBinarySkimmerBase nameof(RuleResources.NotApplicable_InvalidMetadata) }; - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { return StackProtectionUtilities.CommonCanAnalyze(target, out reasonForNotAnalyzing); } diff --git a/src/BinSkim.Rules/PERules/BA2013.InitializeStackProtection.cs b/src/BinSkim.Rules/PERules/BA2013.InitializeStackProtection.cs index b31e97a1..f9c8ff4f 100644 --- a/src/BinSkim.Rules/PERules/BA2013.InitializeStackProtection.cs +++ b/src/BinSkim.Rules/PERules/BA2013.InitializeStackProtection.cs @@ -45,7 +45,7 @@ public class InitializeStackProtection : WindowsBinaryAndPdbSkimmerBase nameof(RuleResources.NotApplicable_InvalidMetadata) }; - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { return StackProtectionUtilities.CommonCanAnalyze(target, out reasonForNotAnalyzing); } diff --git a/src/BinSkim.Rules/PERules/BA2014.DoNotDisableStackProtectionForFunctions.cs b/src/BinSkim.Rules/PERules/BA2014.DoNotDisableStackProtectionForFunctions.cs index 6c1251f7..1f7120ab 100644 --- a/src/BinSkim.Rules/PERules/BA2014.DoNotDisableStackProtectionForFunctions.cs +++ b/src/BinSkim.Rules/PERules/BA2014.DoNotDisableStackProtectionForFunctions.cs @@ -68,7 +68,7 @@ private static StringSet BuildApprovedFunctionsStringSet() new PerLanguageOption( AnalyzerName, nameof(StringSet), defaultValue: () => BuildApprovedFunctionsStringSet()); - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { AnalysisApplicability applicability = StackProtectionUtilities.CommonCanAnalyze(target, out reasonForNotAnalyzing); diff --git a/src/BinSkim.Rules/PERules/BA2015.EnableHighEntropyVirtualAddresses.cs b/src/BinSkim.Rules/PERules/BA2015.EnableHighEntropyVirtualAddresses.cs index 113291dc..14e93262 100644 --- a/src/BinSkim.Rules/PERules/BA2015.EnableHighEntropyVirtualAddresses.cs +++ b/src/BinSkim.Rules/PERules/BA2015.EnableHighEntropyVirtualAddresses.cs @@ -41,7 +41,7 @@ public class EnableHighEntropyVirtualAddresses : PEBinarySkimmerBase nameof(RuleResources.NotApplicable_InvalidMetadata) }; - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA2016.MarkImageAsNXCompatible.cs b/src/BinSkim.Rules/PERules/BA2016.MarkImageAsNXCompatible.cs index 4fd7dab6..38ab645f 100644 --- a/src/BinSkim.Rules/PERules/BA2016.MarkImageAsNXCompatible.cs +++ b/src/BinSkim.Rules/PERules/BA2016.MarkImageAsNXCompatible.cs @@ -42,7 +42,7 @@ public class MarkImageAsNXCompatible : PEBinarySkimmerBase nameof(RuleResources.NotApplicable_InvalidMetadata) }; - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA2018.EnableSafeSEH.cs b/src/BinSkim.Rules/PERules/BA2018.EnableSafeSEH.cs index c4047f01..548a70e8 100644 --- a/src/BinSkim.Rules/PERules/BA2018.EnableSafeSEH.cs +++ b/src/BinSkim.Rules/PERules/BA2018.EnableSafeSEH.cs @@ -41,7 +41,7 @@ public class EnableSafeSEH : PEBinarySkimmerBase nameof(RuleResources.NotApplicable_InvalidMetadata) }; - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA2019.DoNotMarkWritableSectionsAsShared.cs b/src/BinSkim.Rules/PERules/BA2019.DoNotMarkWritableSectionsAsShared.cs index 3a8e88fd..8d622b25 100644 --- a/src/BinSkim.Rules/PERules/BA2019.DoNotMarkWritableSectionsAsShared.cs +++ b/src/BinSkim.Rules/PERules/BA2019.DoNotMarkWritableSectionsAsShared.cs @@ -40,7 +40,7 @@ public class DoNotMarkWritableSectionsAsShared : PEBinarySkimmerBase nameof(RuleResources.NotApplicable_InvalidMetadata) }; - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA2021.DoNotMarkWritableSectionsAsExecutable.cs b/src/BinSkim.Rules/PERules/BA2021.DoNotMarkWritableSectionsAsExecutable.cs index 1b23ea32..717c7568 100644 --- a/src/BinSkim.Rules/PERules/BA2021.DoNotMarkWritableSectionsAsExecutable.cs +++ b/src/BinSkim.Rules/PERules/BA2021.DoNotMarkWritableSectionsAsExecutable.cs @@ -42,7 +42,7 @@ public class DoNotMarkWritableSectionsAsExecutable : PEBinarySkimmerBase private const int PAGE_SIZE = 0x1000; - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA2022.SignSecurely.cs b/src/BinSkim.Rules/PERules/BA2022.SignSecurely.cs index d71d8892..69d78dac 100644 --- a/src/BinSkim.Rules/PERules/BA2022.SignSecurely.cs +++ b/src/BinSkim.Rules/PERules/BA2022.SignSecurely.cs @@ -39,7 +39,7 @@ public class SignSecurely : WindowsBinarySkimmerBase nameof(RuleResources.NotApplicable_InvalidMetadata) }; - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { reasonForNotAnalyzing = null; return AnalysisApplicability.ApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA2024.EnableSpectreMitigations.cs b/src/BinSkim.Rules/PERules/BA2024.EnableSpectreMitigations.cs index 5a6030f9..dd6f3747 100644 --- a/src/BinSkim.Rules/PERules/BA2024.EnableSpectreMitigations.cs +++ b/src/BinSkim.Rules/PERules/BA2024.EnableSpectreMitigations.cs @@ -90,7 +90,7 @@ public IEnumerable GetOptions() // Please do not access this field outside of this class and unit tests. internal static ConcurrentDictionary compilerData = null; - public override AnalysisApplicability CanAnalyzePE(PEBinary target, PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA2025.EnableShadowStack.cs b/src/BinSkim.Rules/PERules/BA2025.EnableShadowStack.cs index 3348c23b..e7f5d186 100644 --- a/src/BinSkim.Rules/PERules/BA2025.EnableShadowStack.cs +++ b/src/BinSkim.Rules/PERules/BA2025.EnableShadowStack.cs @@ -41,7 +41,7 @@ public class EnableShadowStack : WindowsBinaryAndPdbSkimmerBase nameof(RuleResources.NotApplicable_InvalidMetadata) }; - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability notApplicable = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA2026.EnableMicrosoftCompilerSdlSwitch.cs b/src/BinSkim.Rules/PERules/BA2026.EnableMicrosoftCompilerSdlSwitch.cs index 9ec722e6..0caadbbc 100644 --- a/src/BinSkim.Rules/PERules/BA2026.EnableMicrosoftCompilerSdlSwitch.cs +++ b/src/BinSkim.Rules/PERules/BA2026.EnableMicrosoftCompilerSdlSwitch.cs @@ -38,7 +38,7 @@ public class EnableMicrosoftCompilerSdlSwitch : WindowsBinaryAndPdbSkimmerBase nameof(RuleResources.NotApplicable_InvalidMetadata) }; - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability notApplicable = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA2027.EnableSourceLink.cs b/src/BinSkim.Rules/PERules/BA2027.EnableSourceLink.cs index eecd502a..20a72f86 100644 --- a/src/BinSkim.Rules/PERules/BA2027.EnableSourceLink.cs +++ b/src/BinSkim.Rules/PERules/BA2027.EnableSourceLink.cs @@ -38,7 +38,7 @@ public override void Initialize(BinaryAnalyzerContext context) base.Initialize(context); } - public override AnalysisApplicability CanAnalyzePE(PEBinary target, PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { // Source Link is supported on the C# compiler and MSVC only. if (!target.PE.IsManaged && target.Pdb != null && !target.PE.IsTargetCompiledWithMsvc(target.Pdb)) diff --git a/src/BinSkim.Rules/PERules/BA2029.EnableIntegrityCheck.cs b/src/BinSkim.Rules/PERules/BA2029.EnableIntegrityCheck.cs index 08602ffb..3c58ad92 100644 --- a/src/BinSkim.Rules/PERules/BA2029.EnableIntegrityCheck.cs +++ b/src/BinSkim.Rules/PERules/BA2029.EnableIntegrityCheck.cs @@ -47,7 +47,7 @@ public class EnableIntegrityCheck : PEBinarySkimmerBase public const uint IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY = 0x0080; - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability notApplicable = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA4001.ReportPortableExecutableCompilerData.cs b/src/BinSkim.Rules/PERules/BA4001.ReportPortableExecutableCompilerData.cs index 017cbdcf..772187d4 100644 --- a/src/BinSkim.Rules/PERules/BA4001.ReportPortableExecutableCompilerData.cs +++ b/src/BinSkim.Rules/PERules/BA4001.ReportPortableExecutableCompilerData.cs @@ -42,7 +42,7 @@ public IEnumerable GetOptions() }.ToImmutableArray(); } - public override AnalysisApplicability CanAnalyzePE(PEBinary target, PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { reasonForNotAnalyzing = null; return AnalysisApplicability.ApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA6001.DisableIncrementalLinkingInReleaseBuilds.cs b/src/BinSkim.Rules/PERules/BA6001.DisableIncrementalLinkingInReleaseBuilds.cs index c32ba253..9228fe20 100644 --- a/src/BinSkim.Rules/PERules/BA6001.DisableIncrementalLinkingInReleaseBuilds.cs +++ b/src/BinSkim.Rules/PERules/BA6001.DisableIncrementalLinkingInReleaseBuilds.cs @@ -42,7 +42,7 @@ public class DisableIncrementalLinkingInReleaseBuilds : WindowsBinaryAndPdbSkimm private const string AnalyzerName = RuleIds.DisableIncrementalLinkingInReleaseBuilds + "." + nameof(DisableIncrementalLinkingInReleaseBuilds); - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA6002.EliminateDuplicateStrings.cs b/src/BinSkim.Rules/PERules/BA6002.EliminateDuplicateStrings.cs index 95838794..60821ad1 100644 --- a/src/BinSkim.Rules/PERules/BA6002.EliminateDuplicateStrings.cs +++ b/src/BinSkim.Rules/PERules/BA6002.EliminateDuplicateStrings.cs @@ -42,7 +42,7 @@ public class EliminateDuplicateStrings : WindowsBinaryAndPdbSkimmerBase private const string AnalyzerName = RuleIds.EliminateDuplicateStrings + "." + nameof(EliminateDuplicateStrings); - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA6004.EnableComdatFolding.cs b/src/BinSkim.Rules/PERules/BA6004.EnableComdatFolding.cs index c4fea114..ab709872 100644 --- a/src/BinSkim.Rules/PERules/BA6004.EnableComdatFolding.cs +++ b/src/BinSkim.Rules/PERules/BA6004.EnableComdatFolding.cs @@ -43,7 +43,7 @@ public class EnableComdatFolding : WindowsBinaryAndPdbSkimmerBase private const string AnalyzerName = RuleIds.EnableComdatFolding + "." + nameof(EnableComdatFolding); - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA6005.EnableOptimizeReferences.cs b/src/BinSkim.Rules/PERules/BA6005.EnableOptimizeReferences.cs index acc582c8..a5867e3a 100644 --- a/src/BinSkim.Rules/PERules/BA6005.EnableOptimizeReferences.cs +++ b/src/BinSkim.Rules/PERules/BA6005.EnableOptimizeReferences.cs @@ -42,7 +42,7 @@ public class EnableOptimizeReferences : WindowsBinaryAndPdbSkimmerBase private const string AnalyzerName = RuleIds.EnableOptimizeReferences + "." + nameof(EnableOptimizeReferences); - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/BA6006.EnableLinkTimeCodeGeneration.cs b/src/BinSkim.Rules/PERules/BA6006.EnableLinkTimeCodeGeneration.cs index 23a2efc6..25c6b4b5 100644 --- a/src/BinSkim.Rules/PERules/BA6006.EnableLinkTimeCodeGeneration.cs +++ b/src/BinSkim.Rules/PERules/BA6006.EnableLinkTimeCodeGeneration.cs @@ -42,7 +42,7 @@ public class EnableLinkTimeCodeGeneration : WindowsBinaryAndPdbSkimmerBase private const string AnalyzerName = RuleIds.EnableLinkTimeCodeGeneration + "." + nameof(EnableLinkTimeCodeGeneration); - public override AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing) + public override AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing) { PE portableExecutable = target.PE; AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget; diff --git a/src/BinSkim.Rules/PERules/PEBinarySkimmerBase.cs b/src/BinSkim.Rules/PERules/PEBinarySkimmerBase.cs index 6fb14a4d..433ad44b 100644 --- a/src/BinSkim.Rules/PERules/PEBinarySkimmerBase.cs +++ b/src/BinSkim.Rules/PERules/PEBinarySkimmerBase.cs @@ -14,7 +14,7 @@ public override AnalysisApplicability CanAnalyze(BinaryAnalyzerContext context, { PEBinary target = context.PEBinary(); return target.PE?.IsPEFile == true - ? this.CanAnalyzePE(target, context.Policy, out reasonForNotAnalyzing) + ? this.CanAnalyzePE(target, context, out reasonForNotAnalyzing) : AnalysisApplicability.NotApplicableToSpecifiedTarget; } else @@ -23,6 +23,6 @@ public override AnalysisApplicability CanAnalyze(BinaryAnalyzerContext context, } } - public abstract AnalysisApplicability CanAnalyzePE(PEBinary target, Sarif.PropertiesDictionary policy, out string reasonForNotAnalyzing); + public abstract AnalysisApplicability CanAnalyzePE(PEBinary target, BinaryAnalyzerContext context, out string reasonForNotAnalyzing); } } diff --git a/src/BinSkim.Rules/PERules/WindowsBinaryAndPdbSkimmerBase.cs b/src/BinSkim.Rules/PERules/WindowsBinaryAndPdbSkimmerBase.cs index a9c6929e..39e09eb9 100644 --- a/src/BinSkim.Rules/PERules/WindowsBinaryAndPdbSkimmerBase.cs +++ b/src/BinSkim.Rules/PERules/WindowsBinaryAndPdbSkimmerBase.cs @@ -80,7 +80,7 @@ public sealed override AnalysisApplicability CanAnalyze(BinaryAnalyzerContext co result = AnalysisApplicability.NotApplicableToSpecifiedTarget; reasonForNotAnalyzing = MetadataConditions.ImageIsWixBinary; - if (portableExecutable.IsWixBinary) { return result; } + if (!context.IncludeWixBinaries && portableExecutable.IsWixBinary) { return result; } reasonForNotAnalyzing = MetadataConditions.ImageIsILLibraryAssembly; if (portableExecutable.IsILLibrary) { return result; } diff --git a/src/BinSkim.Sdk/BinaryAnalyzerContext.cs b/src/BinSkim.Sdk/BinaryAnalyzerContext.cs index 31642a66..027af485 100644 --- a/src/BinSkim.Sdk/BinaryAnalyzerContext.cs +++ b/src/BinSkim.Sdk/BinaryAnalyzerContext.cs @@ -38,17 +38,25 @@ public override bool IsValidAnalysisTarget get => this.Binary?.Valid == true; } - public string LocalSymbolDirectories { get; set; } + public string LocalSymbolDirectories + { + get => this.Policy?.GetProperty(BinaryParsersProperties.LocalSymbolDirectories); + set => this.Policy.SetProperty(BinaryParsersProperties.LocalSymbolDirectories, value); + } public bool ComprehensiveBinaryParsing { - get { return this.Policy?.GetProperty(BinaryParsersProperties.ComprehensiveBinaryParsing) == true; } - set { this.Policy.SetProperty(BinaryParsersProperties.ComprehensiveBinaryParsing, value); } + get => this.Policy?.GetProperty(BinaryParsersProperties.ComprehensiveBinaryParsing) == true; + set => this.Policy.SetProperty(BinaryParsersProperties.ComprehensiveBinaryParsing, value); } public bool TracePdbLoads { get; set; } - public string SymbolPath { get; set; } + public string SymbolPath + { + get => this.Policy?.GetProperty(BinaryParsersProperties.SymbolPath); + set => this.Policy.SetProperty(BinaryParsersProperties.SymbolPath, value); + } public override IAnalysisLogger Logger { get; set; } @@ -66,18 +74,19 @@ public override string MimeType public override bool AnalysisComplete { get; set; } - public CompilerDataLogger CompilerDataLogger + public CompilerDataLogger CompilerDataLogger { get; set; } + + public bool IgnorePdbLoadError { - get - { - return this.Policy != null - ? this.Policy.GetProperty(SharedCompilerDataLoggerProperty) - : null; - } - set { this.Policy.SetProperty(SharedCompilerDataLoggerProperty, value); } + get => this.Policy?.GetProperty(BinaryParsersProperties.IgnorePdbLoadError) == true; + set => this.Policy.SetProperty(BinaryParsersProperties.IgnorePdbLoadError, value); } - public bool IgnorePdbLoadError { get; set; } + public bool IncludeWixBinaries + { + get => this.Policy?.GetProperty(BinaryParsersProperties.IncludeWixBinaries) == true; + set => this.Policy.SetProperty(BinaryParsersProperties.IncludeWixBinaries, value); + } internal bool disposed = false; @@ -100,11 +109,6 @@ protected virtual void Dispose(bool disposing) } } - public static PerLanguageOption SharedCompilerDataLoggerProperty { get; } = - new PerLanguageOption( - "CompilerTelemetry", nameof(SharedCompilerDataLoggerProperty), defaultValue: () => null, - "A shared CompilerDataLogger instance that will be passed to all skimmers."); - public override void Dispose() { // Do not change this code. Put cleanup code in Dispose(bool disposing) above. diff --git a/src/BinaryParsers/BinaryParsersProperties.cs b/src/BinaryParsers/BinaryParsersProperties.cs index b0577a52..6afd2b43 100644 --- a/src/BinaryParsers/BinaryParsersProperties.cs +++ b/src/BinaryParsers/BinaryParsersProperties.cs @@ -15,7 +15,11 @@ public IEnumerable GetOptions() { return new List { - ComprehensiveBinaryParsing + ComprehensiveBinaryParsing, + IgnorePdbLoadError, + IncludeWixBinaries, + LocalSymbolDirectories, + SymbolPath }.ToImmutableArray(); } @@ -24,5 +28,31 @@ public IEnumerable GetOptions() "BinaryParsers", nameof(ComprehensiveBinaryParsing), defaultValue: () => false, "Set this value to 'true' to aggressively fault in all binary data on scan target load. " + "This is useful to flush out exceptions and other issues in various binary parsers."); + + public static PerLanguageOption IgnorePdbLoadError { get; } = + new PerLanguageOption( + "BinaryParsers", nameof(IgnorePdbLoadError), defaultValue: () => false, + "Set this value to 'true' to don't break if we have a 'PdbLoadingException'."); + + public static PerLanguageOption IncludeWixBinaries { get; } = + new PerLanguageOption( + "BinaryParsers", nameof(IncludeWixBinaries), defaultValue: () => false, + "Set this value to 'true' to include Wix binaries in the analysis."); + + public static PerLanguageOption LocalSymbolDirectories { get; } = + new PerLanguageOption( + "BinaryParsers", nameof(LocalSymbolDirectories), defaultValue: () => string.Empty, + "A set of semicolon-delimited local directory paths that will be examined when attempting to locate PDBs."); + + public static PerLanguageOption SymbolPath { get; } = + new PerLanguageOption( + "BinaryParsers", nameof(SymbolPath), defaultValue: () => string.Empty, + "Symbols path value, e.g., Cache*c:\\symbols;SRV*https://msdl.microsoft.com/download/symbols " + + "or Cache*d:\\symbols;Srv*https://symweb. See " + + "https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/advanced-symsrv-use for " + + "syntax information. Note that BinSkim will clear the _NT_SYMBOL_PATH and _NT_ALT_SYMBOL_PATH " + + "environment variables at runtime. Use this argument instead for specifying the symbol path." + + "WARNING: Be sure to specify a local file cache in the symbol path if at all possible, in order " + + "to avoid the possibility of significance time-to-analyze performance degradataion."); } } diff --git a/src/Test.FunctionalTests.BinSkim.Driver/AnalyzeCommandTests.cs b/src/Test.FunctionalTests.BinSkim.Driver/AnalyzeCommandTests.cs index 421b40d2..3896e3d1 100644 --- a/src/Test.FunctionalTests.BinSkim.Driver/AnalyzeCommandTests.cs +++ b/src/Test.FunctionalTests.BinSkim.Driver/AnalyzeCommandTests.cs @@ -5,9 +5,11 @@ using System.Collections.Generic; using System.IO; using System.Linq; +using System.Runtime.InteropServices; using System.Text; using FluentAssertions; +using FluentAssertions.Execution; using Microsoft.CodeAnalysis.BinaryParsers; using Microsoft.CodeAnalysis.IL; @@ -192,6 +194,71 @@ public void AnalyzeCommand_ComputeFileHashes_Works() log.Runs[0].Artifacts[0].Hashes.Should().HaveCount(3); } + [Fact] + public void AnalyzeCommand_IncludeWixBinariesTest() + { + string fileName = Path.Combine(Path.GetTempPath(), "AnalyzeCommand_IncludeWixBinariesTest.sarif"); + string testPathV3 = Path.Combine(PEBinaryTests.BaselineTestDataDirectory, "Wix_3.11.1_VS2017_Bootstrapper.exe"); + string testPathV4 = Path.Combine(PEBinaryTests.TestData, "PE", "Wix_4.0.1_VS2022_Bundle.exe"); + var options = new AnalyzeOptions + { + TargetFileSpecifiers = new string[] { + testPathV3 + }, + OutputFilePath = fileName, + OutputFileOptions = new[] { FilePersistenceOptions.ForceOverwrite }, + }; + var command = new MultithreadedAnalyzeCommand(); + + using (new AssertionScope()) + { + var context = new BinaryAnalyzerContext(); + command.Run(options, ref context); + var log = SarifLog.Load(fileName); + log.Runs[0].Results.Should().HaveCount(0); + + context.IncludeWixBinaries = true; + command.Run(options, ref context); + log = SarifLog.Load(fileName); + log.Runs[0].Results.Should().HaveCount(1); + + options.TargetFileSpecifiers = new string[] { testPathV4 }; + context = new BinaryAnalyzerContext + { + IncludeWixBinaries = false + }; + command.Run(options, ref context); + log = SarifLog.Load(fileName); + log.Runs[0].Results.Should().HaveCount(0); + + if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) + { + log.Runs[0].Invocations[0].ToolConfigurationNotifications.Should().BeNull(); + } + else + { + log.Runs[0].Invocations[0].ToolConfigurationNotifications.Should().HaveCountGreaterThan(1); + log.Runs[0].Invocations[0].ToolConfigurationNotifications.All(n => n.Descriptor.Id == "WRN998.UnsupportedPlatform"); + } + + context.IncludeWixBinaries = true; + command.Run(options, ref context); + log = SarifLog.Load(fileName); + log.Runs[0].Results.Should().HaveCount(0); + + if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) + { + log.Runs[0].Invocations[0].ToolConfigurationNotifications.Should().HaveCount(1); + log.Runs[0].Invocations[0].ToolConfigurationNotifications.All(n => n.Descriptor.Id == "ERR997.ExceptionLoadingPdb"); + } + else + { + log.Runs[0].Invocations[0].ToolConfigurationNotifications.Should().HaveCountGreaterThan(1); + log.Runs[0].Invocations[0].ToolConfigurationNotifications.All(n => n.Descriptor.Id == "WRN998.UnsupportedPlatform"); + } + } + } + private static SarifLog ReadSarifLog(IFileSystem fileSystem, string outputFilePath, Sarif.SarifVersion readSarifVersion) { SarifLog sarifLog; diff --git a/src/Test.UnitTests.BinaryParsers/TestData/PE/Wix_4.0.1_VS2022_Bundle.exe b/src/Test.UnitTests.BinaryParsers/TestData/PE/Wix_4.0.1_VS2022_Bundle.exe new file mode 100644 index 00000000..690d68e7 Binary files /dev/null and b/src/Test.UnitTests.BinaryParsers/TestData/PE/Wix_4.0.1_VS2022_Bundle.exe differ