Reduce the number of calls made to hash the RuleFile (#612)

* Reduce number of calls to hash the analysis file.

* Add Comments to Rule File

* Clean up test.

* Try explicitly calling SHA512Managed for #602

* Add Managed Crypto Tests

Author: gfs

Benchmarks/CryptoTests.cs

@@ -13,28 +13,31 @@ namespace Microsoft.CST.AttackSurfaceAnalyzer.Benchmarks
     public class CryptoTests : AsaDatabaseBenchmark
     {
         public CryptoTests()
-#nullable restore
         {
         }
 
         // The number of iterations per run
         [Params(100000)]
         public int N { get; set; }
 
+        // The number of iterations per run
+        [Params(1000)]
+        public int NumObjects { get; set; }
+
         // The amount of padding to add to the object in bytes Default size is approx 530 bytes serialized
         // Does not include SQL overhead
-        [Params(0)]
+        [Params(1000)]
         public int ObjectPadding { get; set; }
 
         [Benchmark]
         public void Generate_N_Murmur_Hashes()
         {
             for (int i = 0; i < N; i++)
             {
-                hashObjects.TryDequeue(out string? result);
-                if (result is string)
+                hashObjects.TryDequeue(out byte[]? result);
+                if (result is byte[])
                 {
-                    _ = murmur128.ComputeHash(Encoding.UTF8.GetBytes(result));
+                    _ = murmur128.ComputeHash(result);
                     hashObjects.Enqueue(result);
                 }
                 else
@@ -49,10 +52,28 @@ public void Generate_N_SHA256_Hashes()
         {
             for (int i = 0; i < N; i++)
             {
-                hashObjects.TryDequeue(out string? result);
-                if (result is string)
+                hashObjects.TryDequeue(out byte[]? result);
+                if (result is byte[])
+                {
+                    _ = sha256.ComputeHash(result);
+                    hashObjects.Enqueue(result);
+                }
+                else
+                {
+                    Log.Information("The queue is polluted with nulls");
+                }
+            }
+        }
+
+        [Benchmark]
+        public void Generate_N_SHA256Managed_Hashes()
+        {
+            for (int i = 0; i < N; i++)
+            {
+                hashObjects.TryDequeue(out byte[]? result);
+                if (result is byte[])
                 {
-                    _ = sha256.ComputeHash(Encoding.UTF8.GetBytes(result));
+                    _ = sha256managed.ComputeHash(result);
                     hashObjects.Enqueue(result);
                 }
                 else
@@ -67,10 +88,28 @@ public void Generate_N_SHA512_Hashes()
         {
             for (int i = 0; i < N; i++)
             {
-                hashObjects.TryDequeue(out string? result);
-                if (result is string)
+                hashObjects.TryDequeue(out byte[]? result);
+                if (result is byte[])
                 {
-                    _ = sha512.ComputeHash(Encoding.UTF8.GetBytes(result));
+                    _ = sha512.ComputeHash(result);
+                    hashObjects.Enqueue(result);
+                }
+                else
+                {
+                    Log.Information("The queue is polluted with nulls");
+                }
+            }
+        }
+
+        [Benchmark]
+        public void Generate_N_SHA512_Managed_Hashes()
+        {
+            for (int i = 0; i < N; i++)
+            {
+                hashObjects.TryDequeue(out byte[]? result);
+                if (result is byte[])
+                {
+                    _ = sha512managed.ComputeHash(result);
                     hashObjects.Enqueue(result);
                 }
                 else
@@ -83,19 +122,22 @@ public void Generate_N_SHA512_Hashes()
         [GlobalSetup]
         public void GlobalSetup()
         {
-            while (hashObjects.Count < N)
+            while (hashObjects.Count < NumObjects)
             {
-                hashObjects.Enqueue(JsonConvert.SerializeObject(GetRandomObject(ObjectPadding)));
+                hashObjects.Enqueue(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(GetRandomObject(ObjectPadding))));
             }
         }
 
         private static readonly HashAlgorithm murmur128 = MurmurHash.Create128();
 
         private static readonly HashAlgorithm sha256 = SHA256.Create();
 
+        private static readonly HashAlgorithm sha256managed = SHA256Managed.Create();
+
         private static readonly HashAlgorithm sha512 = SHA512.Create();
 
-        private readonly ConcurrentQueue<string> hashObjects = new ConcurrentQueue<string>();
-#nullable disable
+        private static readonly HashAlgorithm sha512managed = SHA512Managed.Create();
+
+        private readonly ConcurrentQueue<byte[]> hashObjects = new ConcurrentQueue<byte[]>();
     }
 }

Benchmarks/Program.cs

@@ -6,7 +6,7 @@ public class Program
     {
         public static void Main(string[] args)
         {
-            var summary = BenchmarkRunner.Run<InsertTestsWithoutTransactions>();
+            var summary = BenchmarkRunner.Run<CryptoTests>();
         }
     }
 }

Cli/AttackSurfaceAnalyzerClient.cs

@@ -126,6 +126,13 @@ private static void Main(string[] args)
             Environment.Exit((int)argsResult);
         }
 
+        /// <summary>
+        /// Loads the rules from the provided file, if it is not null or empty.  Or falls back to the embedded rules if it is.
+        /// </summary>
+        /// <param name="analysisFile"></param>
+        /// <returns>The loaded RuleFile</returns>
+        private static RuleFile LoadRulesFromFileOrEmbedded(string? analysisFile) => string.IsNullOrEmpty(analysisFile) ? RuleFile.LoadEmbeddedFilters() : RuleFile.FromFile(analysisFile);
+
         private static ASA_ERROR RunGuidedModeCommand(GuidedModeCommandOptions opts)
         {
             opts.RunId = opts.RunId?.Trim() ?? DateTime.Now.ToString("o", CultureInfo.InvariantCulture);
@@ -156,7 +163,13 @@ private static ASA_ERROR RunGuidedModeCommand(GuidedModeCommandOptions opts)
 
             RunCollectCommand(collectorOpts);
 
-            var analysisFile = string.IsNullOrEmpty(opts.AnalysesFile) ? RuleFile.LoadEmbeddedFilters() : RuleFile.FromFile(opts.AnalysesFile);
+            var analysisFile = LoadRulesFromFileOrEmbedded(opts.AnalysesFile);
+
+            if (!analysisFile.Rules.Any())
+            {
+                Log.Warning(Strings.Get("Err_NoRules"));
+                return ASA_ERROR.INVALID_RULES;
+            }
 
             var compareOpts = new CompareCommandOptions(firstCollectRunId, secondCollectRunId)
             {
@@ -211,6 +224,7 @@ private static ASA_ERROR RunGuidedModeCommand(GuidedModeCommandOptions opts)
         {
             if (opts is null) { return new ConcurrentDictionary<(RESULT_TYPE, CHANGE_TYPE), List<CompareResult>>(); }
             var results = new ConcurrentDictionary<(RESULT_TYPE, CHANGE_TYPE), List<CompareResult>>();
+            var analysesHash = ruleFile.GetHash();
             Parallel.ForEach(collectObjects, monitorResult =>
             {
                 var shellResult = new CompareResult()
@@ -220,7 +234,7 @@ private static ASA_ERROR RunGuidedModeCommand(GuidedModeCommandOptions opts)
                 };
 
                 shellResult.Rules = analyzer.Analyze(ruleFile.Rules, shellResult).ToList();
-                shellResult.AnalysesHash = ruleFile.GetHash();
+                shellResult.AnalysesHash = analysesHash;
 
                 if (opts.ApplySubObjectRulesToMonitor)
                 {
@@ -247,8 +261,13 @@ private static ASA_ERROR RunGuidedModeCommand(GuidedModeCommandOptions opts)
         private static ASA_ERROR RunVerifyRulesCommand(VerifyOptions opts)
         {
             var analyzer = new AsaAnalyzer(new AnalyzerOptions(opts.RunScripts));
-            var ruleFile = string.IsNullOrEmpty(opts.AnalysisFile) ? RuleFile.LoadEmbeddedFilters() : RuleFile.FromFile(opts.AnalysisFile);
-            var violations = analyzer.EnumerateRuleIssues(ruleFile.GetRules());
+            var ruleFile = LoadRulesFromFileOrEmbedded(opts.AnalysisFile);
+            if (!ruleFile.Rules.Any())
+            {
+                Log.Warning(Strings.Get("Err_NoRules"));
+                return ASA_ERROR.INVALID_RULES;
+            }
+            var violations = analyzer.EnumerateRuleIssues(ruleFile.Rules);
             OAT.Utils.Strings.Setup();
             OAT.Utils.Helpers.PrintViolations(violations);
             if (violations.Any())
@@ -469,12 +488,19 @@ private static ASA_ERROR RunExportCollectCommand(ExportCollectCommandOptions opt
                 }
             }
 
+            var ruleFile = LoadRulesFromFileOrEmbedded(opts.AnalysesFile);
+            if (!ruleFile.Rules.Any())
+            {
+                Log.Warning(Strings.Get("Err_NoRules"));
+                return ASA_ERROR.INVALID_RULES;
+            }
+
             Log.Information(Strings.Get("Comparing"), opts.FirstRunId, opts.SecondRunId);
 
             CompareCommandOptions options = new CompareCommandOptions(opts.FirstRunId, opts.SecondRunId)
             {
                 DatabaseFilename = opts.DatabaseFilename,
-                AnalysesFile = string.IsNullOrEmpty(opts.AnalysesFile) ? RuleFile.LoadEmbeddedFilters() : RuleFile.FromFile(opts.AnalysesFile),
+                AnalysesFile = ruleFile,
                 DisableAnalysis = opts.DisableAnalysis,
                 SaveToDatabase = opts.SaveToDatabase,
                 RunScripts = opts.RunScripts
@@ -659,10 +685,17 @@ private static ASA_ERROR RunExportMonitorCommand(ExportMonitorCommandOptions opt
                     return ASA_ERROR.INVALID_ID;
                 }
             }
+
+            var ruleFile = LoadRulesFromFileOrEmbedded(opts.AnalysesFile);
+            if (!ruleFile.Rules.Any())
+            {
+                Log.Warning(Strings.Get("Err_NoRules"));
+                return ASA_ERROR.INVALID_RULES;
+            }
             var monitorCompareOpts = new CompareCommandOptions(null, opts.RunId)
             {
                 DisableAnalysis = opts.DisableAnalysis,
-                AnalysesFile = string.IsNullOrEmpty(opts.AnalysesFile) ? RuleFile.LoadEmbeddedFilters() : RuleFile.FromFile(opts.AnalysesFile),
+                AnalysesFile = ruleFile,
                 ApplySubObjectRulesToMonitor = opts.ApplySubObjectRulesToMonitor,
                 RunScripts = opts.RunScripts
             };
@@ -883,7 +916,8 @@ public static List<BaseCompare> GetComparators()
                     watch = Stopwatch.StartNew();
                     var analyzer = new AsaAnalyzer(new AnalyzerOptions(opts.RunScripts));
                     var platform = DatabaseManager.RunIdToPlatform(opts.SecondRunId);
-                    var violations = analyzer.EnumerateRuleIssues(opts.AnalysesFile.GetRules());
+                    var violations = analyzer.EnumerateRuleIssues(opts.AnalysesFile.Rules);
+                    var analysesHash = opts.AnalysesFile.GetHash();
                     OAT.Utils.Strings.Setup();
                     OAT.Utils.Helpers.PrintViolations(violations);
                     if (violations.Any())
@@ -910,7 +944,7 @@ public static List<BaseCompare> GetComparators()
                                         res.Rules = analyzer.Analyze(selectedRules, res.Base, res.Compare).ToList();
                                         res.Analysis = res.Rules.Count
                                                        > 0 ? res.Rules.Max(x => ((AsaRule)x).Flag) : opts.AnalysesFile.DefaultLevels[res.ResultType];
-                                        res.AnalysesHash = opts.AnalysesFile.GetHash();
+                                        res.AnalysesHash = analysesHash;
                                     });
                                 }
                             }