Update Dependencies (#705)

* Fix CodeQL Issues * Update dependencies * Small cleanup
microsoft · Oct 24, 2023 · acb21da · acb21da
1 parent 2fddf88
commit acb21da
Show file tree

Hide file tree

Showing 9 changed files with 53 additions and 40 deletions.
diff --git a/Benchmarks/Benchmarks.csproj b/Benchmarks/Benchmarks.csproj
@@ -9,8 +9,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="BenchmarkDotNet" Version="0.13.5" />
-    <PackageReference Include="System.Data.SQLite" Version="1.0.117" />
+    <PackageReference Include="BenchmarkDotNet" Version="0.13.9" />
+    <PackageReference Include="System.Data.SQLite" Version="1.0.118" />
     <PackageReference Include="murmurhash" Version="1.0.3" />
   </ItemGroup>
 

diff --git a/Benchmarks/InsertTestsWithIntermittentTransactions.cs b/Benchmarks/InsertTestsWithIntermittentTransactions.cs
@@ -46,8 +46,6 @@ public InsertTestsWithIntermittentTransactions()
         [Params(0)]
         public int StartingSize { get; set; }
 
-        // Bag of reusable objects to write to the database.
-
         public static void Insert_X_Objects(int X, int ObjectPadding = 0, string runName = "Insert_X_Objects")
         {
             dbManager.BeginTransaction();

diff --git a/Cli/AttackSurfaceAnalyzerClient.cs b/Cli/AttackSurfaceAnalyzerClient.cs
@@ -673,7 +673,7 @@ private static ASA_ERROR RunExportCollectCommand(ExportCollectCommandOptions opt
                 foreach (RESULT_TYPE resultType in Enum.GetValues(typeof(RESULT_TYPE)))
                 {
                     var resultsForType =
-                        DatabaseManager.GetComparisonResults(opts.FirstRunId, opts.SecondRunId, analysesHash,
+                        DatabaseManager.GetComparisonResults(opts.FirstRunId ?? string.Empty, opts.SecondRunId, analysesHash,
                             resultType);
                     foreach (var result in resultsForType)
                     {

diff --git a/Cli/Cli.csproj b/Cli/Cli.csproj
@@ -37,11 +37,11 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.CodeAnalysis.Common" Version="4.6.0" />
-    <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.6.0" />
-    <PackageReference Include="Microsoft.CST.OAT.Blazor.Components" Version="1.2.45" />
-    <PackageReference Include="Microsoft.CST.OAT.Scripting" Version="1.2.45" />
-    <PackageReference Include="Sarif.Sdk" Version="4.1.0" />
-    <PackageReference Include="Tewr.Blazor.FileReader" Version="3.3.1.21360" />
+    <PackageReference Include="Microsoft.CodeAnalysis.Common" Version="4.7.0" />
+    <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.7.0" />
+    <PackageReference Include="Microsoft.CST.OAT.Blazor.Components" Version="1.2.54" />
+    <PackageReference Include="Microsoft.CST.OAT.Scripting" Version="1.2.54" />
+    <PackageReference Include="Sarif.Sdk" Version="4.3.4" />
+    <PackageReference Include="Tewr.Blazor.FileReader" Version="3.3.2.23201" />
   </ItemGroup>
 </Project>
diff --git a/Lib/Collectors/RegistryMonitor.cs b/Lib/Collectors/RegistryMonitor.cs
@@ -12,6 +12,10 @@ public class RegistryMonitor : BaseMonitor, IDisposable
     {
         public RegistryMonitor()
         {
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                log = new("System");
+            }
         }
 
         public override bool CanRunOnPlatform()
@@ -43,15 +47,18 @@ public override void StartRun()
             {
                 throw new PlatformNotSupportedException("ExecuteWindows is only supported on Windows platforms.");
             }
-            // backup the current auditpolicy
-            ExternalCommandRunner.RunExternalCommand("auditpol", $"/backup /file:{tmpFileName}");
+            if (log is { })
+            {
+                // backup the current auditpolicy
+                ExternalCommandRunner.RunExternalCommand("auditpol", $"/backup /file:{tmpFileName}");
 
-            // start listening to the event log
-            log.EntryWritten += new EntryWrittenEventHandler(MyOnEntryWritten);
-            log.EnableRaisingEvents = true;
+                // start listening to the event log
+                log.EntryWritten += new EntryWrittenEventHandler(MyOnEntryWritten);
+                log.EnableRaisingEvents = true;
 
-            // Enable auditing for registry events GUID for Registry subcategory of audit policy https://msdn.microsoft.com/en-us/library/dd973928.aspx
-            ExternalCommandRunner.RunExternalCommand("auditpol", "/set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable /failure:enable");
+                // Enable auditing for registry events GUID for Registry subcategory of audit policy https://msdn.microsoft.com/en-us/library/dd973928.aspx
+                ExternalCommandRunner.RunExternalCommand("auditpol", "/set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable /failure:enable");
+            }
         }
 
         public override void StopRun()
@@ -60,24 +67,30 @@ public override void StopRun()
             {
                 throw new PlatformNotSupportedException("ExecuteWindows is only supported on Windows platforms.");
             }
-            // restore the old auditpolicy
-            ExternalCommandRunner.RunExternalCommand("auditpol", $"/restore /file:{tmpFileName}");
+            if (log is { })
+            {
+                // restore the old auditpolicy
+                ExternalCommandRunner.RunExternalCommand("auditpol", $"/restore /file:{tmpFileName}");
 
-            //delete temporary file
-            ExternalCommandRunner.RunExternalCommand("del", tmpFileName);
+                //delete temporary file
+                ExternalCommandRunner.RunExternalCommand("del", tmpFileName);
 
-            log.EnableRaisingEvents = false;
+                log.EnableRaisingEvents = false;
+            }
         }
 
         protected virtual void Dispose(bool disposing)
         {
             if (disposing)
             {
-                log.Dispose();
+                if (log is { })
+                {
+                    log.Dispose();
+                }
             }
         }
 
-        private readonly EventLog log = new("System");
+        private readonly EventLog? log;
 
         private readonly string tmpFileName = Path.GetTempFileName();
     }

diff --git a/Lib/Lib.csproj b/Lib/Lib.csproj
@@ -35,20 +35,20 @@
 
   <ItemGroup>
     <PackageReference Include="MedallionShell" Version="1.6.2" />
-    <PackageReference Include="Microsoft.CodeAnalysis.Common" Version="4.6.0" />
-    <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.6.0" />
-    <PackageReference Include="Microsoft.CST.OAT" Version="1.2.45" />
-    <PackageReference Include="Microsoft.CST.RecursiveExtractor" Version="1.2.13" />
+    <PackageReference Include="Microsoft.CodeAnalysis.Common" Version="4.7.0" />
+    <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.7.0" />
+    <PackageReference Include="Microsoft.CST.OAT" Version="1.2.54" />
+    <PackageReference Include="Microsoft.CST.RecursiveExtractor" Version="1.2.20" />
     <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.1.1" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.Data.Sqlite" Version="7.0.5" />
+    <PackageReference Include="Microsoft.Data.Sqlite" Version="7.0.12" />
     <PackageReference Include="Microsoft.Win32.Registry" Version="5.0.0" />
-    <PackageReference Include="Microsoft.Windows.Compatibility" Version="7.0.1" />
+    <PackageReference Include="Microsoft.Windows.Compatibility" Version="7.0.5" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageReference Include="Serilog" Version="2.12.0" />
+    <PackageReference Include="Serilog" Version="3.0.1" />
     <PackageReference Include="Serilog.Sinks.Console" Version="4.1.0" />
     <PackageReference Include="Serilog.Sinks.File" Version="5.0.0" />
     <PackageReference Include="System.Diagnostics.Process" Version="4.3.0" />
-    <PackageReference Include="System.Management" Version="7.0.1" />
+    <PackageReference Include="System.Management" Version="7.0.2" />
     <PackageReference Include="System.Net.NetworkInformation" Version="4.3.0" />
     <PackageReference Include="System.IO.FileSystem.AccessControl" Version="5.0.0" />
     <PackageReference Include="Microsoft.Win32.Registry.AccessControl" Version="7.0.0" />
@@ -61,7 +61,7 @@
     <PackageReference Include="CommandLineParser" Version="2.9.1" />
     <PackageReference Include="sqlite" Version="3.13.0" />
     <PackageReference Include="Microsoft.TSS" Version="2.1.1" />
-    <PackageReference Include="PeNet" Version="3.0.0" />
+    <PackageReference Include="PeNet" Version="4.0.2" />
   </ItemGroup>
   <ItemGroup>
     <EmbeddedResource Include="..\analyses.json" Link="analyses.json" />

diff --git a/Lib/Utils/SqliteDatabaseManager.cs b/Lib/Utils/SqliteDatabaseManager.cs
@@ -799,7 +799,7 @@ public override void InsertRun(AsaRun run)
                 }
                 catch (SqliteException e)
                 {
-                    Log.Warning(e.StackTrace);
+                    Log.Warning(e.StackTrace ?? string.Empty);
                     Log.Warning(e.Message);
                 }
             }

diff --git a/Tests/DiffTests.cs b/Tests/DiffTests.cs
@@ -2,12 +2,14 @@
 using System.Linq;
 using Microsoft.CST.AttackSurfaceAnalyzer.Collectors;
 using Microsoft.CST.AttackSurfaceAnalyzer.Objects;
-using Microsoft.CST.AttackSurfaceAnalyzer.Types;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 using Microsoft.Win32;
 
-namespace Tests;
+namespace Microsoft.CST.AttackSurfaceAnalyzer.Tests;
 
+/// <summary>
+/// Test that the compare logic generates the correct diffs for various object configurations
+/// </summary>
 [TestClass]
 public class DiffTests
 {

diff --git a/Tests/Tests.csproj b/Tests/Tests.csproj
@@ -13,9 +13,9 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.6.0" />
-    <PackageReference Include="MSTest.TestAdapter" Version="3.0.2" />
-    <PackageReference Include="MSTest.TestFramework" Version="3.0.2" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.1.1" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.1.1" />
   </ItemGroup>
 
   <ItemGroup>