From 84db4707c280ca335b174afd62aed59ab1a24aee Mon Sep 17 00:00:00 2001 From: Andriy Svyryd Date: Mon, 3 Nov 2025 15:19:25 -0800 Subject: [PATCH] Fix the BinSkim filter --- .config/guardian/.gdnbaselines | 92 +++------------------------------- azure-pipelines.yml | 9 ++-- 2 files changed, 11 insertions(+), 90 deletions(-) diff --git a/.config/guardian/.gdnbaselines b/.config/guardian/.gdnbaselines index b6b74d33542..31a28b47601 100644 --- a/.config/guardian/.gdnbaselines +++ b/.config/guardian/.gdnbaselines @@ -7,100 +7,20 @@ "baselines": { "default": { "name": "default", - "createdDate": "2025-10-09 21:18:42Z", - "lastUpdatedDate": "2025-10-09 21:18:42Z" + "createdDate": "2025-11-04 05:05:39Z", + "lastUpdatedDate": "2025-11-04 05:05:39Z" } }, "results": { - "9d8334bec997ff899ba849d8b31406f7c95af0ffb1d237972bd5134b8c6a9b88": { - "signature": "9d8334bec997ff899ba849d8b31406f7c95af0ffb1d237972bd5134b8c6a9b88", + "289457ef952517284338044be0d68120ad96554e2cd793b14a427b2208be2990": { + "signature": "289457ef952517284338044be0d68120ad96554e2cd793b14a427b2208be2990", "alternativeSignatures": [ - "b6a603191b00edf78ad2c6116a7a7822864031cc001884be25b3c1543dbe20a7" + "8b86228cd1b156622e76e1845b23b901cafd908a4dc0a7b7bdd5cdd714b726ab" ], "memberOf": [ "default" ], - "createdDate": "2025-10-09 21:18:42Z" - }, - "ba7df56f5519347813a7917091709adf2d27b3493d05af0fb8b7037eda3020bb": { - "signature": "ba7df56f5519347813a7917091709adf2d27b3493d05af0fb8b7037eda3020bb", - "alternativeSignatures": [ - "5269e81e8a286ccd1568a00c455c489efa62e6887bfb55ea0dddaceb7183c882" - ], - "memberOf": [ - "default" - ], - "createdDate": "2025-10-09 21:18:42Z" - }, - "bc04851b7440a10a0c2a03f2793ab06b6562fe0529e0d353765503f1bcaf8c46": { - "signature": "bc04851b7440a10a0c2a03f2793ab06b6562fe0529e0d353765503f1bcaf8c46", - "alternativeSignatures": [ - "274b9a26e35f9604cd1c84941eb97f2edaecde6607be139e9d9d687f7d6875f4" - ], - "memberOf": [ - "default" - ], - "createdDate": "2025-10-09 21:18:42Z" - }, - "9fb27502e61c5647554076d6603a1092943fb625efb6c53faa1042e0d7d217ce": { - "signature": "9fb27502e61c5647554076d6603a1092943fb625efb6c53faa1042e0d7d217ce", - "alternativeSignatures": [ - "3355e030588f68be29994a44e2b11079e90945e26c6397345d11424ce36cc5a1" - ], - "memberOf": [ - "default" - ], - "createdDate": "2025-10-09 21:18:42Z" - }, - "60f28802b8ac837691755554b460b422afaeb8dea2129097ab3b7e6c43076ea1": { - "signature": "60f28802b8ac837691755554b460b422afaeb8dea2129097ab3b7e6c43076ea1", - "alternativeSignatures": [ - "7a3aa28c8f6e629099ba288e1a78ddb3191def880ae018f7146b66689daca838" - ], - "memberOf": [ - "default" - ], - "createdDate": "2025-10-09 21:18:42Z" - }, - "3bc55e953e7199f08b4c174f6fb0f026db93865d22fc5ef535e2ba1172c8db03": { - "signature": "3bc55e953e7199f08b4c174f6fb0f026db93865d22fc5ef535e2ba1172c8db03", - "alternativeSignatures": [ - "fb3809bbf91d374d8872aa371ff0d8858232822571dae6f9e6cba6276892d953" - ], - "memberOf": [ - "default" - ], - "createdDate": "2025-10-09 21:18:42Z" - }, - "bd69975ed44d92efc4a265e13462b1471f292ad9e8566b0200b2df7786808469": { - "signature": "bd69975ed44d92efc4a265e13462b1471f292ad9e8566b0200b2df7786808469", - "alternativeSignatures": [ - "609bf3d92ef1f73cbe4d3fa001926c0e274b04f21bf6d103a39a64849437e7e3" - ], - "memberOf": [ - "default" - ], - "createdDate": "2025-10-09 21:18:42Z" - }, - "0b6a4ced009a4e3efdf4ad8f00c0b31ec0791249087560c5c6481ab2824a35a8": { - "signature": "0b6a4ced009a4e3efdf4ad8f00c0b31ec0791249087560c5c6481ab2824a35a8", - "alternativeSignatures": [ - "c19c086ed81a8e7d7877bb2fb5a9d7df126ad553cbdd32086694b927042adc0b" - ], - "memberOf": [ - "default" - ], - "createdDate": "2025-10-09 21:18:42Z" - }, - "c689fe4e10fee4bdd5a3d759c027be8b89d28303078f76bb5aeb20dc192215c9": { - "signature": "c689fe4e10fee4bdd5a3d759c027be8b89d28303078f76bb5aeb20dc192215c9", - "alternativeSignatures": [ - "4faf3b308c9131f0e11686d21fd36e1ef6779c394d37cfc43cd360b4bfb086f5" - ], - "memberOf": [ - "default" - ], - "createdDate": "2025-10-09 21:18:42Z" + "createdDate": "2025-11-04 05:05:39Z" } } } \ No newline at end of file diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 510a2ff8ce6..ba780ad8d11 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -44,7 +44,8 @@ extends: featureFlags: autoBaseline: false usePrefastVersion3: true - autoEnableRoslynWithNewRuleset: false + autoEnableRoslynWithNewRuleset: false + binskimScanAllExtensions: true sdl: createAdoIssuesForJustificationsForDisablement: false sourceAnalysisPool: @@ -55,12 +56,12 @@ extends: baselineFile: $(Build.SourcesDirectory)\.config\guardian\.gdnbaselines binskim: scanOutputDirectoryOnly: true - analyzeTargetGlob: '+:f|artifacts/bin/**/Microsoft.EntityFrameworkCore*.dll;+:f|artifacts/bin/**/Microsoft.Data.Sqlite*.dll;+:f|artifacts/bin/**/ef.exe;+:f|artifacts/bin/**/dotnet-ef.exe;-:f|artifacts/bin/**/shims/**/*.exe;' + analyzeTargetGlob: +:f|**/Microsoft.EntityFrameworkCore*.dll;+:f|**/Microsoft.Data.Sqlite*.dll;+:f|**/ef.exe;+:f|**/dotnet-ef.exe;-:f|**/shims/**/*.exe; preReleaseVersion: '4.3.1' env: - GDN_EXTRACT_TOOLS: "binskim" + GDN_EXTRACT_TOOLS: 'binskim' GDN_EXTRACT_TARGETS: true - GDN_EXTRACT_FILTER: "f|**\\*.zip;f|**\\*.nupkg;f|**\\*.vsix;f|**\\*.cspkg;f|**\\*.sfpkg;f|**\\*.package" + GDN_EXTRACT_FILTER: 'f|**/*.zip;f|**/*.nupkg;f|**/*.vsix;f|**/*.cspkg;f|**/*.sfpkg;f|**/*.package' policheck: enabled: true tsa: