BinSkim errors on sni.dll or Microsoft.Data.SqlClient.SNI.dll

[mattjohnsonpint]

Describe the bug

BinSkim fails with multiple ERR997.ExceptionLoadingPdb errors when scanning an application that uses Microsoft.Data.SqlClient, on each of the three platform native versions of sni.dll that are distributed under the runtimes folder.

To reproduce

• Create a new empty .NET Core 3.1 project (console app is fine)
• Add Microsoft.Data.SqlClient from Nuget
• Build the application
• Download BinSkim, extract it somewhere and run binskim.exe analyze bin\Debug\netcoreapp3.1\runtimes\win-x64\native\sni.dll (adjusting the path to point at the app's bin folder)

Binskim will fail with the following:

C:\Dev\MyApp\bin\Debug\netcoreapp3.1\runtimes\win-x64\native\sni.dll : error ERR997.ExceptionLoadingPdb : BA2002 : 'sni.dll' was not evaluated for check 'DoNotIncorporateVulnerableDependencies' because its PDB could not be loaded. (E_PDB_NOT_FOUND (File not found))
C:\Dev\MyApp\bin\Debug\netcoreapp3.1\runtimes\win-x64\native\sni.dll : error ERR997.ExceptionLoadingPdb : BA2006 : 'sni.dll' was not evaluated for check 'BuildWithSecureTools' because its PDB could not be loaded. (E_PDB_NOT_FOUND (File not found))
C:\Dev\MyApp\bin\Debug\netcoreapp3.1\runtimes\win-x64\native\sni.dll : error ERR997.ExceptionLoadingPdb : BA2007 : 'sni.dll' was not evaluated for check 'EnableCriticalCompilerWarnings' because its PDB could not be loaded. (E_PDB_NOT_FOUND (File not found))
C:\Dev\MyApp\bin\Debug\netcoreapp3.1\runtimes\win-x64\native\sni.dll : error ERR997.ExceptionLoadingPdb : BA2011 : 'sni.dll' was not evaluated for check 'EnableStackProtection' because its PDB could not be loaded. (E_PDB_NOT_FOUND (File not found))
C:\Dev\MyApp\bin\Debug\netcoreapp3.1\runtimes\win-x64\native\sni.dll : error ERR997.ExceptionLoadingPdb : BA2013 : 'sni.dll' was not evaluated for check 'InitializeStackProtection' because its PDB could not be loaded. (E_PDB_NOT_FOUND (File not found))
C:\Dev\MyApp\bin\Debug\netcoreapp3.1\runtimes\win-x64\native\sni.dll : error ERR997.ExceptionLoadingPdb : BA2014 : 'sni.dll' was not evaluated for check 'DoNotDisableStackProtectionForFunctions' because its PDB could not be loaded. (E_PDB_NOT_FOUND (File not found))
C:\Dev\MyApp\bin\Debug\netcoreapp3.1\runtimes\win-x64\native\sni.dll : error ERR997.ExceptionLoadingPdb : BA2024 : 'sni.dll' was not evaluated for check 'EnableSpectreMitigations' because its PDB could not be loaded. (E_PDB_NOT_FOUND (File not found))

On 1.1.3 it errors on all three copies of sni.dll from win-arm64, win-x86, and win-x64.

I also tried using 2.0.0-preview4.20142.4 and it fails on Microsoft.Data.SqlClient.SNI.dll in the same way.

Expected behavior

Binskim shouldn't error.

Further technical details

Microsoft.Data.SqlClient version: 1.1.3 or 2.0.0-preview4.20142.4
.NET target: .NET Core 3.1
SQL Server version: n/a
Operating system: Windows 10

Additional context
Binskim runs automatically on our MSFT internal build pipeline. I'm temporarily excluding sni.dll to work around this problem, but I shouldn't have to. Please work to figure out what is special about this dll that binskim fails in this way. I'm sure others are having this issue as well. Thanks.

[Wraith2]

It looks pretty straightforward, there are no pdb's in the nuget package and BinSkim wants there to be. Given that then are closed source, native and release mode libraries it doesn't seen unreasonable to not have the pdb's in the package.

[cheenamalhotra]

Hi @mj1856

We will take care of this with Microsoft.Data.SqlClient.SNI.runtime next stable version release, will be consumed by driver starting with upcoming 2.0.0 version.

The other runtime.native.System.Data.SqlClient.sni library is not feasible and is out of our hands, so wouldn't be possible to include symbols there.

[mattjohnsonpint]

Thanks, that makes sense. I will keep excluding sni.dll from binskim for now.

[cheenamalhotra]

Hi @mj1856

The latest v2.0.0 addresses missing symbols, closing issue.