Update Dependencies (#705)

gfs · web-flow · commit acb21da0a415 · 2023-10-24T08:45:47.000-07:00
* Fix CodeQL Issues

* Update dependencies

* Small cleanup
diff --git a/Benchmarks/Benchmarks.csproj b/Benchmarks/Benchmarks.csproj
@@ -9,8 +9,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="BenchmarkDotNet" Version="0.13.5" />
-    <PackageReference Include="System.Data.SQLite" Version="1.0.117" />
+    <PackageReference Include="BenchmarkDotNet" Version="0.13.9" />
+    <PackageReference Include="System.Data.SQLite" Version="1.0.118" />
     <PackageReference Include="murmurhash" Version="1.0.3" />
   </ItemGroup>
 
diff --git a/Benchmarks/InsertTestsWithIntermittentTransactions.cs b/Benchmarks/InsertTestsWithIntermittentTransactions.cs
@@ -46,8 +46,6 @@ public InsertTestsWithIntermittentTransactions()
         [Params(0)]
         public int StartingSize { get; set; }
 
-        // Bag of reusable objects to write to the database.
-
         public static void Insert_X_Objects(int X, int ObjectPadding = 0, string runName = "Insert_X_Objects")
         {
             dbManager.BeginTransaction();
diff --git a/Cli/AttackSurfaceAnalyzerClient.cs b/Cli/AttackSurfaceAnalyzerClient.cs
@@ -673,7 +673,7 @@ private static ASA_ERROR RunExportCollectCommand(ExportCollectCommandOptions opt
                 foreach (RESULT_TYPE resultType in Enum.GetValues(typeof(RESULT_TYPE)))
                 {
                     var resultsForType =
-                        DatabaseManager.GetComparisonResults(opts.FirstRunId, opts.SecondRunId, analysesHash,
+                        DatabaseManager.GetComparisonResults(opts.FirstRunId ?? string.Empty, opts.SecondRunId, analysesHash,
                             resultType);
                     foreach (var result in resultsForType)
                     {
diff --git a/Cli/Cli.csproj b/Cli/Cli.csproj
@@ -37,11 +37,11 @@
   </ItemGroup>
   
   <ItemGroup>
-    <PackageReference Include="Microsoft.CodeAnalysis.Common" Version="4.6.0" />
-    <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.6.0" />
-    <PackageReference Include="Microsoft.CST.OAT.Blazor.Components" Version="1.2.45" />
-    <PackageReference Include="Microsoft.CST.OAT.Scripting" Version="1.2.45" />
-    <PackageReference Include="Sarif.Sdk" Version="4.1.0" />
-    <PackageReference Include="Tewr.Blazor.FileReader" Version="3.3.1.21360" />
+    <PackageReference Include="Microsoft.CodeAnalysis.Common" Version="4.7.0" />
+    <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.7.0" />
+    <PackageReference Include="Microsoft.CST.OAT.Blazor.Components" Version="1.2.54" />
+    <PackageReference Include="Microsoft.CST.OAT.Scripting" Version="1.2.54" />
+    <PackageReference Include="Sarif.Sdk" Version="4.3.4" />
+    <PackageReference Include="Tewr.Blazor.FileReader" Version="3.3.2.23201" />
   </ItemGroup>
 </Project>
diff --git a/Lib/Collectors/RegistryMonitor.cs b/Lib/Collectors/RegistryMonitor.cs
@@ -12,6 +12,10 @@ public class RegistryMonitor : BaseMonitor, IDisposable
     {
         public RegistryMonitor()
         {
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                log = new("System");
+            }
         }
 
         public override bool CanRunOnPlatform()
@@ -43,15 +47,18 @@ public override void StartRun()
             {
                 throw new PlatformNotSupportedException("ExecuteWindows is only supported on Windows platforms.");
             }
-            // backup the current auditpolicy
-            ExternalCommandRunner.RunExternalCommand("auditpol", $"/backup /file:{tmpFileName}");
+            if (log is { })
+            {
+                // backup the current auditpolicy
+                ExternalCommandRunner.RunExternalCommand("auditpol", $"/backup /file:{tmpFileName}");
 
-            // start listening to the event log
-            log.EntryWritten += new EntryWrittenEventHandler(MyOnEntryWritten);
-            log.EnableRaisingEvents = true;
+                // start listening to the event log
+                log.EntryWritten += new EntryWrittenEventHandler(MyOnEntryWritten);
+                log.EnableRaisingEvents = true;
 
-            // Enable auditing for registry events GUID for Registry subcategory of audit policy https://msdn.microsoft.com/en-us/library/dd973928.aspx
-            ExternalCommandRunner.RunExternalCommand("auditpol", "/set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable /failure:enable");
+                // Enable auditing for registry events GUID for Registry subcategory of audit policy https://msdn.microsoft.com/en-us/library/dd973928.aspx
+                ExternalCommandRunner.RunExternalCommand("auditpol", "/set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable /failure:enable");
+            }
         }
 
         public override void StopRun()
@@ -60,24 +67,30 @@ public override void StopRun()
             {
                 throw new PlatformNotSupportedException("ExecuteWindows is only supported on Windows platforms.");
             }
-            // restore the old auditpolicy
-            ExternalCommandRunner.RunExternalCommand("auditpol", $"/restore /file:{tmpFileName}");
+            if (log is { })
+            {
+                // restore the old auditpolicy
+                ExternalCommandRunner.RunExternalCommand("auditpol", $"/restore /file:{tmpFileName}");
 
-            //delete temporary file
-            ExternalCommandRunner.RunExternalCommand("del", tmpFileName);
+                //delete temporary file
+                ExternalCommandRunner.RunExternalCommand("del", tmpFileName);
 
-            log.EnableRaisingEvents = false;
+                log.EnableRaisingEvents = false;
+            }
         }
 
         protected virtual void Dispose(bool disposing)
         {
             if (disposing)
             {
-                log.Dispose();
+                if (log is { })
+                {
+                    log.Dispose();
+                }
             }
         }
 
-        private readonly EventLog log = new("System");
+        private readonly EventLog? log;
 
         private readonly string tmpFileName = Path.GetTempFileName();
     }
diff --git a/Lib/Lib.csproj b/Lib/Lib.csproj
@@ -35,20 +35,20 @@
 
   <ItemGroup>
     <PackageReference Include="MedallionShell" Version="1.6.2" />
-    <PackageReference Include="Microsoft.CodeAnalysis.Common" Version="4.6.0" />
-    <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.6.0" />
-    <PackageReference Include="Microsoft.CST.OAT" Version="1.2.45" />
-    <PackageReference Include="Microsoft.CST.RecursiveExtractor" Version="1.2.13" />
+    <PackageReference Include="Microsoft.CodeAnalysis.Common" Version="4.7.0" />
+    <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.7.0" />
+    <PackageReference Include="Microsoft.CST.OAT" Version="1.2.54" />
+    <PackageReference Include="Microsoft.CST.RecursiveExtractor" Version="1.2.20" />
     <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.1.1" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.Data.Sqlite" Version="7.0.5" />
+    <PackageReference Include="Microsoft.Data.Sqlite" Version="7.0.12" />
     <PackageReference Include="Microsoft.Win32.Registry" Version="5.0.0" />
-    <PackageReference Include="Microsoft.Windows.Compatibility" Version="7.0.1" />
+    <PackageReference Include="Microsoft.Windows.Compatibility" Version="7.0.5" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageReference Include="Serilog" Version="2.12.0" />
+    <PackageReference Include="Serilog" Version="3.0.1" />
     <PackageReference Include="Serilog.Sinks.Console" Version="4.1.0" />
     <PackageReference Include="Serilog.Sinks.File" Version="5.0.0" />
     <PackageReference Include="System.Diagnostics.Process" Version="4.3.0" />
-    <PackageReference Include="System.Management" Version="7.0.1" />
+    <PackageReference Include="System.Management" Version="7.0.2" />
     <PackageReference Include="System.Net.NetworkInformation" Version="4.3.0" />
     <PackageReference Include="System.IO.FileSystem.AccessControl" Version="5.0.0" />
     <PackageReference Include="Microsoft.Win32.Registry.AccessControl" Version="7.0.0" />
@@ -61,7 +61,7 @@
     <PackageReference Include="CommandLineParser" Version="2.9.1" />
     <PackageReference Include="sqlite" Version="3.13.0" />
     <PackageReference Include="Microsoft.TSS" Version="2.1.1" />
-    <PackageReference Include="PeNet" Version="3.0.0" />
+    <PackageReference Include="PeNet" Version="4.0.2" />
   </ItemGroup>
   <ItemGroup>
     <EmbeddedResource Include="..\analyses.json" Link="analyses.json" />
diff --git a/Lib/Utils/SqliteDatabaseManager.cs b/Lib/Utils/SqliteDatabaseManager.cs
@@ -799,7 +799,7 @@ public override void InsertRun(AsaRun run)
                 }
                 catch (SqliteException e)
                 {
-                    Log.Warning(e.StackTrace);
+                    Log.Warning(e.StackTrace ?? string.Empty);
                     Log.Warning(e.Message);
                 }
             }
diff --git a/Tests/DiffTests.cs b/Tests/DiffTests.cs
@@ -2,12 +2,14 @@
 using System.Linq;
 using Microsoft.CST.AttackSurfaceAnalyzer.Collectors;
 using Microsoft.CST.AttackSurfaceAnalyzer.Objects;
-using Microsoft.CST.AttackSurfaceAnalyzer.Types;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 using Microsoft.Win32;
 
-namespace Tests;
+namespace Microsoft.CST.AttackSurfaceAnalyzer.Tests;
 
+/// <summary>
+/// Test that the compare logic generates the correct diffs for various object configurations
+/// </summary>
 [TestClass]
 public class DiffTests
 {
diff --git a/Tests/Tests.csproj b/Tests/Tests.csproj
@@ -13,9 +13,9 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.6.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.0.2" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.0.2" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
   </ItemGroup>
 
   <ItemGroup>

Original file line number	Diff line number	Diff line change
`@@ -46,8 +46,6 @@ public InsertTestsWithIntermittentTransactions()`
`46`	`46`	`[Params(0)]`
`47`	`47`	`public int StartingSize { get; set; }`
`48`	`48`
`49`		`- // Bag of reusable objects to write to the database.`
`50`		`-`
`51`	`49`	`public static void Insert_X_Objects(int X, int ObjectPadding = 0, string runName = "Insert_X_Objects")`
`52`	`50`	`{`
`53`	`51`	`dbManager.BeginTransaction();`
Original file line number	Diff line number	Diff line change
`@@ -673,7 +673,7 @@ private static ASA_ERROR RunExportCollectCommand(ExportCollectCommandOptions opt`
`673`	`673`	`foreach (RESULT_TYPE resultType in Enum.GetValues(typeof(RESULT_TYPE)))`
`674`	`674`	`{`
`675`	`675`	`var resultsForType =`
`676`		`- DatabaseManager.GetComparisonResults(opts.FirstRunId, opts.SecondRunId, analysesHash,`
	`676`	`+ DatabaseManager.GetComparisonResults(opts.FirstRunId ?? string.Empty, opts.SecondRunId, analysesHash,`
`677`	`677`	`resultType);`
`678`	`678`	`foreach (var result in resultsForType)`
`679`	`679`	`{`
Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,10 @@ public class RegistryMonitor : BaseMonitor, IDisposable`
`12`	`12`	`{`
`13`	`13`	`public RegistryMonitor()`
`14`	`14`	`{`
	`15`	`+ if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))`
	`16`	`+ {`
	`17`	`+ log = new("System");`
	`18`	`+ }`
`15`	`19`	`}`
`16`	`20`
`17`	`21`	`public override bool CanRunOnPlatform()`
`@@ -43,15 +47,18 @@ public override void StartRun()`
`43`	`47`	`{`
`44`	`48`	`throw new PlatformNotSupportedException("ExecuteWindows is only supported on Windows platforms.");`
`45`	`49`	`}`
`46`		`- // backup the current auditpolicy`
`47`		`- ExternalCommandRunner.RunExternalCommand("auditpol", $"/backup /file:{tmpFileName}");`
	`50`	`+ if (log is { })`
	`51`	`+ {`
	`52`	`+ // backup the current auditpolicy`
	`53`	`+ ExternalCommandRunner.RunExternalCommand("auditpol", $"/backup /file:{tmpFileName}");`
`48`	`54`
`49`		`- // start listening to the event log`
`50`		`- log.EntryWritten += new EntryWrittenEventHandler(MyOnEntryWritten);`
`51`		`- log.EnableRaisingEvents = true;`
	`55`	`+ // start listening to the event log`
	`56`	`+ log.EntryWritten += new EntryWrittenEventHandler(MyOnEntryWritten);`
	`57`	`+ log.EnableRaisingEvents = true;`
`52`	`58`
`53`		`- // Enable auditing for registry events GUID for Registry subcategory of audit policy https://msdn.microsoft.com/en-us/library/dd973928.aspx`
`54`		`- ExternalCommandRunner.RunExternalCommand("auditpol", "/set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable /failure:enable");`
	`59`	`+ // Enable auditing for registry events GUID for Registry subcategory of audit policy https://msdn.microsoft.com/en-us/library/dd973928.aspx`
	`60`	`+ ExternalCommandRunner.RunExternalCommand("auditpol", "/set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable /failure:enable");`
	`61`	`+ }`
`55`	`62`	`}`
`56`	`63`
`57`	`64`	`public override void StopRun()`
`@@ -60,24 +67,30 @@ public override void StopRun()`
`60`	`67`	`{`
`61`	`68`	`throw new PlatformNotSupportedException("ExecuteWindows is only supported on Windows platforms.");`
`62`	`69`	`}`
`63`		`- // restore the old auditpolicy`
`64`		`- ExternalCommandRunner.RunExternalCommand("auditpol", $"/restore /file:{tmpFileName}");`
	`70`	`+ if (log is { })`
	`71`	`+ {`
	`72`	`+ // restore the old auditpolicy`
	`73`	`+ ExternalCommandRunner.RunExternalCommand("auditpol", $"/restore /file:{tmpFileName}");`
`65`	`74`
`66`		`- //delete temporary file`
`67`		`- ExternalCommandRunner.RunExternalCommand("del", tmpFileName);`
	`75`	`+ //delete temporary file`
	`76`	`+ ExternalCommandRunner.RunExternalCommand("del", tmpFileName);`
`68`	`77`
`69`		`- log.EnableRaisingEvents = false;`
	`78`	`+ log.EnableRaisingEvents = false;`
	`79`	`+ }`
`70`	`80`	`}`
`71`	`81`
`72`	`82`	`protected virtual void Dispose(bool disposing)`
`73`	`83`	`{`
`74`	`84`	`if (disposing)`
`75`	`85`	`{`
`76`		`- log.Dispose();`
	`86`	`+ if (log is { })`
	`87`	`+ {`
	`88`	`+ log.Dispose();`
	`89`	`+ }`
`77`	`90`	`}`
`78`	`91`	`}`
`79`	`92`
`80`		`- private readonly EventLog log = new("System");`
	`93`	`+ private readonly EventLog? log;`
`81`	`94`
`82`	`95`	`private readonly string tmpFileName = Path.GetTempFileName();`
`83`	`96`	`}`
Original file line number	Diff line number	Diff line change
`@@ -799,7 +799,7 @@ public override void InsertRun(AsaRun run)`
`799`	`799`	`}`
`800`	`800`	`catch (SqliteException e)`
`801`	`801`	`{`
`802`		`- Log.Warning(e.StackTrace);`
	`802`	`+ Log.Warning(e.StackTrace ?? string.Empty);`
`803`	`803`	`Log.Warning(e.Message);`
`804`	`804`	`}`
`805`	`805`	`}`