Граф коммитов

264 Коммитов

Автор SHA1 Сообщение Дата
Suvam Mukherjee c4084adaae updating Rust crate versions 2024-11-19 13:42:20 -05:00
Suvam Mukherjee a98b71ccdc
Removing base62 rust crate (#109)
* removing base62 rust crate

* update release notes

* fixing version
2024-11-19 10:23:21 -05:00
Yong Yan 0d14e04fb2
Fix mismatched Azure event grid identifiable key rule id (#106)
* Fix mismatched Azure event grid identifiable key rule id

* Fix test failures

* update NugetApiKey rule id

* undo test change

* update release note

* update release note to right section
2024-11-13 17:08:32 -08:00
dependabot[bot] dbbb171336
Bump System.Text.Json in /src/Tests.Microsoft.Security.Utilities.Core (#107)
Bumps [System.Text.Json](https://github.com/dotnet/runtime) from 8.0.4 to 8.0.5.
- [Release notes](https://github.com/dotnet/runtime/releases)
- [Commits](https://github.com/dotnet/runtime/compare/v8.0.4...v8.0.5)

---
updated-dependencies:
- dependency-name: System.Text.Json
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-13 15:39:56 -08:00
Suvam Mukherjee 09b3a9a2c7
CASK detection with prefix or suffix (#103)
* CASK support for prefix or suffix

* This commit adds support to scan an input string, instead of a set of files. It also reverts the changes for SEC101/190, and keeps the fixes for common annotated security key.
2024-10-30 15:45:43 -04:00
Michael C. Fanning fd7c2de073
CommonAnnotatedKey.TryCreate(string, out CommonAnnotatedKey) raises unhandled exception (#100)
* set up release branch for v1.9.0

* Fix unhandled exception in CommonAnnotatedKey.TryCreate

* Add test file.

---------

Co-authored-by: Suvam Mukherjee <sumukherjee@microsoft.com>
2024-10-29 17:04:01 -04:00
Nick Guerrera 4d422e65de
Add rwoll and nguerrera to CODEOWNERS (#102) 2024-10-24 12:11:42 -05:00
Ross Wollman dd491f725a
devops: add basic .NET CI validation (#99) 2024-09-16 14:29:45 -07:00
Suvam Mukherjee 54d9f18432
prep for v1.8.0 release (#98) 2024-09-16 09:41:44 -07:00
Ross Wollman eb9550edb7
chore: fix build script for first-time run (#97)
Prior to this, if the user running the script had never installed a
dotnet tool before, they would get an error when the script attempted to
use nbgv. Despite the script auto-installing it, if dotnet tool has
never run before, it won't be on the PATH yet since dotnet tool mutates
that PATH but it doesn't get refreshed within the same session.
2024-09-16 10:48:37 -04:00
Michael C. Fanning 98eece40a4
Byte array corrections (#96)
* Decode secrets as base64.

* Comprehensive unit tests for new API overloads to mint keys.

* Release notes and generated rules metadata updates.
2024-09-16 07:12:14 -07:00
Michael C. Fanning 10b0373dce
Merge pull request #94 from microsoft/base64-round-tripping
Ensure that CASK secrets round-trip through base64 without changing.
2024-09-12 15:00:50 -07:00
Michael C. Fanning 92295f95c3 Ensure that CASK secrets round-trip through base64 without changing. 2024-09-12 14:40:10 -07:00
Michael C. Fanning 231bae3b88
Merge pull request #93 from microsoft/ensure-confidence-levels
Provide explicit confidence level for missing rules.
2024-09-12 10:25:37 -07:00
Michael C. Fanning fcac25e618 Update release notes. 2024-09-12 08:33:59 -07:00
Michael C. Fanning 7bf61942c0 Add test to ensure signatures are present for medium or higher confidence patterns. 2024-09-12 08:32:39 -07:00
Michael C. Fanning 3b832c6c84 Add comments describing accuracy levels. 2024-09-12 08:20:03 -07:00
Michael C. Fanning 5b4689297c Update release notes. 2024-09-12 08:07:01 -07:00
Michael C. Fanning 0e57e1659f Provide explicit confidence level for missing rules. 2024-09-12 08:03:15 -07:00
Ross Wollman c6efb2a098
chore: prep for v1.7.0 release 2024-09-10 16:21:01 -07:00
Michael C. Fanning 63691cef60
Api updates to unify all key creation through a common helper. (#92)
* Api updates to unify all key creation through a common helper.

* All tests passing/

* Update release notes.
2024-09-10 12:58:44 -07:00
Suvam Mukherjee cc66c246b9
Adding portable pdb generation support for Utilities.core (#88)
* adding portable pdb generation support for core

* moving debug type to build.props
2024-09-05 21:10:46 -04:00
Ross Wollman fc961b2056
test: fix panic in generate_and_detect_common_annotated_key_test (#90)
Starting on the 1st of September, `generate_and_detect_common_annotated_key_test` began failing with:

```
---- end_to_end_tests::generate_and_detect_common_annotated_key_test stdout ----
thread 'end_to_end_tests::generate_and_detect_common_annotated_key_test' panicked at src\end_to_end_tests.rs:23:49:
called `Option::unwrap()` on a `None` value
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
```

`generate_common_annotated_test_key` was producing `Ok("")` since the hard-coded `test_char` combined with this month happened to generate an invalid key.

The code was hitting the second branch of `generate_common_annotated_test_key`:

``` rust
        // The HIS v2 standard requires that there be no special characters in the generated key.
        if !key.contains('+') && !key.contains('/') {
            if !long_form {
                key = key.substring(0, key.len() - 4).to_string();
            }
            return Ok(key);
        } else if test_char.is_some() {
            // We could not produce a valid test key given the current signature,
            // checksum seed, reserved bits and specified test character.
            key = String::new();
            break;
        }
```

This hardens the test to prevent failing as time changes.

Follow up:

* Check in a `Cargo.lock` to ensure deterministic packages. (This is orthogonal but package non-determinism was one of the (incorrect) hypotheses for the root cause of the failure.)
* Consider accepting a timestamp into the API so that it can be made deterministic.
* Consider returning `Err("…")` instead of `Some("")`, since `""` is not a valid test key anyways.

No release note as product code was not changed.
2024-09-05 08:11:43 -07:00
Suvam Mukherjee d097d5cf79
Merge v1.6.0 back to main (#87)
* Generate annotated hash (#84) (#85)

* Add ComputeCommonAnnotatedHash

* Update return value for annotated hash helper that favors byte[].

* Update tests.

Co-authored-by: Michael C. Fanning <mikefan@microsoft.com>

* updating release history (#86)

---------

Co-authored-by: Michael C. Fanning <mikefan@microsoft.com>
2024-08-12 12:34:41 -07:00
Michael C. Fanning 5a39a40479
Generate annotated hash (#84)
* Add ComputeCommonAnnotatedHash

* Update return value for annotated hash helper that favors byte[].

* Update tests.
2024-08-08 10:17:29 -07:00
Michael C. Fanning b2034062e0 1.6.0 release. 2024-08-06 09:24:33 -07:00
Michael C. Fanning d79129bbf2
Propose low, medium and high confidence levels. (#80)
* Proposed confidence levels.

* Update release history.
2024-08-06 09:21:30 -07:00
jdraaijer-microsoft 420ae4f7ca
Rust: add benchmarks (#79)
* Rust: Add criterion and a marvin benchmark

* Rust/Bench: add identifiable_scan benchmark

* Rust/Bench: add c3id benchmark

* Rust/Bench: Add identifiable_secrets benchmark

* Rust/Bench: add secret masking benchmarks

* Rust: add README
2024-08-06 09:20:02 -07:00
Michael C. Fanning cea91fee7e
New API to make it more convenient to use byte[] args. (#83)
* New API to make it more convenient to use byte[] args.

* Update release notes.

* PR feedback.

* Update release history.

* Fix release notes.
2024-08-06 09:15:05 -07:00
Beau Belgrave e29482097c
Rust/His: Add missing scan_defs() method on Scan (#82)
When the Scan struct was updated to use a ScanEngine, the scan_defs()
method was missed being added. This caused the FFI crate to break
unknowingly.

Add scan_defs() to the Scan struct, so it behaviors exactly as before.

Signed-off-by: Beau Belgrave <beaub@linux.microsoft.com>
Co-authored-by: Beau Belgrave <beaub@linux.microsoft.com>
2024-08-05 13:47:46 -07:00
jdraaijer-microsoft 891523240b
Rust/Marvin: add slice-only functions (#73)
* Rust/Marvin: add functions operating solely on slices.

Instead of relying the offset and length field in the checksum
calculation implementation, we can use that information to construct
a slice directly after validating the relevant invariants and use
the slice to perform our calculations. This makes the code simpler,
faster, and more idiomatic.

* Rust/Marvin tests: make test cases easier to modify, and test offsets and different lengths

* Rust: add release note for marvin functions
2024-08-05 19:46:10 +05:30
jdraaijer-microsoft 20d52cad3e
Rust/c3id: Decrease allocations & formatting (#74)
* fix(cross_company_correlating_id): Decrease allocations & formatting calls during generation of c3id

There are some steps in the generation of the Cross Company Correlation ID
for which we know the amount and type of data that we will be processing at
compile time. Passing this knowledge directly to those functions decreases
the amount of time spent formatting & reallocating at runtime.

* fix(cross_company_correlating_id): remove final allocation

Thanks to a comment by @suvamM I realized that there is no need to
allocate the string data at all. Since we know the length of the data
up front, and the formatting we do is so basic that doing it by hand
works fine, we can remove the allocation and gain another 7% speedup.

* fix(cross_company_correlating_id): borrow only once

* fix(cross_company_correlating_id): document hex encoding
2024-07-30 21:50:33 +05:30
Suvam Mukherjee dd3e534be7
updating Rust crate versions (#78) 2024-07-26 23:16:11 +05:30
jdraaijer-microsoft d7c4e8bcf0
Rust/His: Make `ScanEngine` `Send` and `Sync` (#77)
* fix(Rust/His): add tests/compile time constructs to
validate concurrency

* feat!(Rust/His): tighten bounds on validator

This allows `ScanEngine` to be Send + Sync, allowing
for proper concurrent usage

* Rust: update changelog
2024-07-25 14:51:14 -07:00
Suvam Mukherjee 6d553be63c
Adding release notes for Rust crates (#75)
* adding release notes for Rust cargo packages

* fixes

* updating rust entry

* updating rust release note based on PR feedback
2024-07-24 23:54:00 +05:30
Beau Belgrave 4bd32585af
Rust/His: Introduce ScanEngine struct (#72)
* Rust/His: Introduce ScanEngine struct

Previously the Scan struct would track it's own state as well as allow
external state operations. To do this though, it required a RefCell
instance for the non-external state. This prevented the Scan struct
from being fully used in scoped thread contexts without a Mutex or Arc.

Introduce the ScanEngine struct which contains all the same code as the
Scan struct (rename) as before except for the internal state tracking.

Re-write the Scan struct to simply host the ScanEngine and a ScanState.
This ensures the logic is the same as before, however, now we can
completely drop the RefCell and make it much clearer for callers what we
expect them to do.

Signed-off-by: Beau Belgrave <beaub@linux.microsoft.com>

* updating release notes

---------

Signed-off-by: Beau Belgrave <beaub@linux.microsoft.com>
Co-authored-by: Beau Belgrave <beaub@linux.microsoft.com>
Co-authored-by: Suvam Mukherjee <sumukherjee@microsoft.com>
2024-07-23 17:16:09 +05:30
dependabot[bot] e05ae49f4c
Bump System.Text.Json from 8.0.3 to 8.0.4 in /src/Tests.Microsoft.Security.Utilities.Core (#63)
* Bump System.Text.Json in /src/Tests.Microsoft.Security.Utilities.Core

Bumps System.Text.Json from 8.0.3 to 8.0.4.

---
updated-dependencies:
- dependency-name: System.Text.Json
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* resolve dependabot alert

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Suvam Mukherjee (from Dev Box) <sumukherjee@microsoft.com>
2024-07-21 22:41:24 +05:30
Beau Belgrave 72c9339607
Rust/His: Allow for concurrent scans (#68)
Today the existing Scan struct tracks the options to be used as well as
the current state of the stream. This is useful when doing many streams
of data on a per-core basis. It is not as useful if you are using many
threads.

When many threads are being used, it's more useful to have a single
immutable reference that can be passed small mutable states that can
individually be reset or thrown away.

Add ScanState struct that solely keeps track of the state of a given
stream of data.

Add concurrent_parse_bytes() and concurrent_parse_reader() functions
that take a ScanState mutable reference while operating on the immutable
Scan struct. This allows for many threads to share the same Scan struct.

Move the internal scanning state within the Scan struct to a RefCell
ScanState. This allows us to keep our API the same and not break our FFI
layers while allowing for immutable changes to the byte scan.

Move the various byte scan logic methods to immutable self references
that take in a mutable ScanState reference.

Signed-off-by: Beau Belgrave <beaub@linux.microsoft.com>
Co-authored-by: Beau Belgrave <beaub@linux.microsoft.com>
2024-07-19 07:45:10 -07:00
Beau Belgrave 694689cd64
Rust: Fix benchmark performance test (#66)
The current benchmark test for the Rust scanner omitted the scanner
getting reset. This causes the scanner to accumulate possible matches
and cause the Vec to resize. This leads to an inaccurate picture of
performance of the scanner.

By properly resetting the scanner, the performance increases by ~20%.

Signed-off-by: Beau Belgrave <beaub@linux.microsoft.com>
Co-authored-by: Beau Belgrave <beaub@linux.microsoft.com>
2024-07-16 09:43:51 -07:00
Suvam Mukherjee 190d532d53
Rust compiler E0716 error fix (#64)
* compiler fix

* fixing e0716 error
2024-07-12 15:18:24 -04:00
Suvam Mukherjee 4bd43da7b5
Adding an initial secret masking capability (#61)
* adding initial secret redacter

* completing secret masker with tests

* incorporating PR feedback

* adjusting upper bounds

* updating release notes

* PR feedback

* minor fix
2024-07-05 13:57:05 -04:00
Suvam Mukherjee 4be6f8e4df
fixing compiler warnings (#60) 2024-07-02 00:09:40 -04:00
Suvam Mukherjee 6330df4e13
adding a perf benchmark (#59) 2024-07-01 15:02:49 -04:00
Suvam Mukherjee 3ac14c065c
adding support for spectre mitigated libs (#58) 2024-06-28 00:06:41 -04:00
Suvam Mukherjee e92d236f5d
Updating common annotated security key generation and validation in Rust (#57)
* adding an end-to-end test

* adding constants for long form and standard

* adding validation

* fixing failing test

* adding long-form support

* fixing generation

* adding support for long-form, normalizing rust and c# common key generation and validation

* fixes and cleanups

* adding common key generator test

* adding validation test

* adding test

* adding test

* adding test
2024-06-27 23:38:31 -04:00
Suvam Mukherjee c4ab2fcf34
updating regex pattern (#56) 2024-06-18 01:11:47 -04:00
Suvam Mukherjee 278b0b96c9
well known regex fix (#55) 2024-06-18 00:39:26 -04:00
Suvam Mukherjee 322d618c93
preparing versions for 1.5.0 (#54) 2024-06-17 23:52:29 -04:00
Michael C. Fanning 7c2ec1d4db
Regex fixes (#53)
* Resolve threading issue in base62 encoding helper.

* Lower stress case threshold.

* Publish all regex patterns.

* Review updates.
2024-06-17 23:24:44 -04:00
Michael C. Fanning 7b0b979a41
Base62 threading issue (#50)
* Resolve threading issue in base62 encoding helper.

* Lower stress case threshold.
2024-06-17 14:26:20 -07:00