Merge branch 'release/8.0.1xx' into release/8.0.2xx
This commit is contained in:
Jason Zhai
commit
8a6870faa1
9 changed files with 127 additions and 70 deletions
|
|
@ -12,8 +12,11 @@ using System.IO;
|
|||
using System.IO.Compression;
|
||||
using System.Linq;
|
||||
using System.Reflection;
|
||||
using System.Reflection.Metadata;
|
||||
using System.Reflection.PortableExecutable;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
using System.Text.RegularExpressions;
|
||||
using System.Xml;
|
||||
using System.Xml.Linq;
|
||||
|
||||
|
|
@ -147,6 +150,10 @@ namespace Microsoft.DotNet.SourceBuild.Tasks.LeakDetection
|
|||
|
||||
private const string PoisonMarker = "POISONED";
|
||||
|
||||
private const string SbrpAttributeType = "System.Reflection.AssemblyMetadataAttribute";
|
||||
|
||||
private const string SbrpAttributeValuePattern = "source\\s?source\\-build\\-reference\\-packages";
|
||||
|
||||
private record CandidateFileEntry(string ExtractedPath, string DisplayPath);
|
||||
|
||||
public override bool Execute()
|
||||
|
|
@ -298,7 +305,11 @@ namespace Microsoft.DotNet.SourceBuild.Tasks.LeakDetection
|
|||
try
|
||||
{
|
||||
AssemblyName asm = AssemblyName.GetAssemblyName(fileToCheck);
|
||||
if (IsAssemblyPoisoned(fileToCheck))
|
||||
if (!candidate.DisplayPath.Contains("SourceBuildReferencePackages") && IsAssemblyFromSbrp(fileToCheck))
|
||||
{
|
||||
poisonEntry.Type |= PoisonType.SourceBuildReferenceAssembly;
|
||||
}
|
||||
else if (IsAssemblyPoisoned(fileToCheck))
|
||||
{
|
||||
poisonEntry.Type |= PoisonType.AssemblyAttribute;
|
||||
}
|
||||
|
|
@ -332,6 +343,41 @@ namespace Microsoft.DotNet.SourceBuild.Tasks.LeakDetection
|
|||
return false;
|
||||
}
|
||||
|
||||
private static bool IsAssemblyFromSbrp(string assemblyPath)
|
||||
{
|
||||
using var stream = new FileStream(assemblyPath, FileMode.Open, FileAccess.Read, FileShare.ReadWrite);
|
||||
using var peReader = new PEReader(stream);
|
||||
|
||||
MetadataReader reader = peReader.GetMetadataReader();
|
||||
return reader.CustomAttributes.Select(attrHandle => reader.GetCustomAttribute(attrHandle))
|
||||
.Any(attr => IsAttributeSbrp(reader, attr));
|
||||
}
|
||||
|
||||
private static bool IsAttributeSbrp(MetadataReader reader, CustomAttribute attr)
|
||||
{
|
||||
string attributeType = string.Empty;
|
||||
|
||||
if (attr.Constructor.Kind == HandleKind.MemberReference)
|
||||
{
|
||||
MemberReference mref = reader.GetMemberReference((MemberReferenceHandle)attr.Constructor);
|
||||
|
||||
if (mref.Parent.Kind == HandleKind.TypeReference)
|
||||
{
|
||||
TypeReference tref = reader.GetTypeReference((TypeReferenceHandle)mref.Parent);
|
||||
attributeType = $"{reader.GetString(tref.Namespace)}.{reader.GetString(tref.Name)}";
|
||||
}
|
||||
}
|
||||
|
||||
if (attributeType == SbrpAttributeType)
|
||||
{
|
||||
BlobReader blobReader = reader.GetBlobReader(attr.Value);
|
||||
string attributeValue = Encoding.UTF8.GetString(blobReader.ReadBytes(blobReader.Length));
|
||||
attributeValue = Regex.Replace(attributeValue, @"\p{C}+", string.Empty);
|
||||
return Regex.IsMatch(attributeValue, SbrpAttributeValuePattern);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
private static PoisonedFileEntry ExtractAndCheckZipFileOnly(IEnumerable<CatalogPackageEntry> catalogedPackages, CandidateFileEntry candidate, string markerFileName, string tempDir, Queue<CandidateFileEntry> futureFilesToCheck)
|
||||
{
|
||||
var poisonEntry = new PoisonedFileEntry();
|
||||
|
|
|
|||
|
|
@ -11,5 +11,6 @@ namespace Microsoft.DotNet.SourceBuild.Tasks.LeakDetection
|
|||
Hash = 1,
|
||||
AssemblyAttribute = 2,
|
||||
NupkgFile = 4,
|
||||
SourceBuildReferenceAssembly = 8,
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,8 +28,9 @@ src/arcade/src/Microsoft.DotNet.Build.Tasks.Installers/build/wix/eula.rtf
|
|||
# aspnetcore
|
||||
#
|
||||
|
||||
# Line 1 is a generic statement about license applicability that is being detected as "unknown"
|
||||
# A generic statement about license applicability that is being detected as "unknown"
|
||||
src/aspnetcore/src/Components/THIRD-PARTY-NOTICES.txt|unknown
|
||||
src/aspnetcore/THIRD-PARTY-NOTICES.txt|unknown
|
||||
|
||||
# Windows installer files that have a reference to a URL for license
|
||||
src/aspnetcore/src/Installers/Windows/**/*.wxl|unknown-license-reference
|
||||
|
|
|
|||
|
|
@ -48,6 +48,7 @@ index ------------
|
|||
./packs/NETStandard.Library.Ref/x.y.z/ref/netstandard2.1/System.Xml.XPath.XDocument.dll
|
||||
./sdk-manifests/
|
||||
./sdk-manifests/x.y.z/
|
||||
-./sdk-manifests/x.y.z/
|
||||
-./sdk-manifests/x.y.z/
|
||||
./sdk-manifests/x.y.z/microsoft.net.workload.emscripten.current/
|
||||
./sdk-manifests/x.y.z/microsoft.net.workload.emscripten.current/x.y.z/
|
||||
|
|
|
|||
|
|
@ -1 +1,14 @@
|
|||
<PrebuiltLeakReport />
|
||||
<PrebuiltLeakReport>
|
||||
<File Path="artifacts/x64/Release/dotnet-sdk-x.y.z-banana-rid.tar.gz/sdk/x.y.z/DotnetTools/dotnet-format/Microsoft.Bcl.AsyncInterfaces.dll">
|
||||
<Type>SourceBuildReferenceAssembly</Type>
|
||||
</File>
|
||||
<File Path="artifacts/x64/Release/Private.SourceBuilt.Artifacts.x.y.z/dotnet-format.x.y.z.nupkg/tools/netx.y/any/Microsoft.Bcl.AsyncInterfaces.dll">
|
||||
<Type>SourceBuildReferenceAssembly</Type>
|
||||
</File>
|
||||
<File Path="artifacts/x64/Release/Private.SourceBuilt.Artifacts.x.y.z/Microsoft.TestPlatform.CLI.x.y.z/contentFiles/any/netx.y/Microsoft.Extensions.DependencyModel.dll">
|
||||
<Type>SourceBuildReferenceAssembly</Type>
|
||||
</File>
|
||||
<File Path="artifacts/x64/Release/Private.SourceBuilt.Artifacts.x.y.z/Microsoft.TestPlatform.CLI.x.y.z/contentFiles/any/netx.y/Microsoft.Extensions.FileSystemGlobbing.dll">
|
||||
<Type>SourceBuildReferenceAssembly</Type>
|
||||
</File>
|
||||
</PrebuiltLeakReport>
|
||||
Loading…
Add table
Add a link
Reference in a new issue