Crc helpers (#518)

* Add CRC32 class and tests.

* Improve CRC check

* Add CRC32 class

* Update target framework for tests.

* Updating tests to look for the correct target framework

* Making class static

* Now, every validator will have one private httpclient instead of sharing between different classes

Co-authored-by: Eddy Nakamura <ednakamu@microsoft.com>
Co-authored-by: Eddy Nakamura <eddynaka@gmail.com>

Src/.editorconfig

@@ -1,6 +1,15 @@
 # Remove the line below if you want to inherit .editorconfig settings from higher directories
 root = true
 
+# Ignore paths
+[/sarif-pattern-matcher/Src/sarif-sdk/src/sarif/Autogenerated/**]
+charset = unset
+end_of_line = unset
+insert_final_newline = unset
+trim_trailing_whitespace = unset
+indent_style = unset
+indent_size = unset
+
 # C# files
 [*.cs]
 

Src/Plugins/Security/SEC101_006.GitHubPatValidator.cs

@@ -143,11 +143,14 @@ protected override IEnumerable<ValidationResult> IsValidStaticHelper(Dictionary<
             catch (ForbiddenException)
             {
                 // The token is valid but doesn't have sufficient scope to retrieve org data.
+                message += ". This token has insufficient permissions to retrieve organization data";
                 return ValidationState.Authorized;
             }
             catch (AuthorizationException)
             {
-                // The token is either invalid or has been killed
+                message = "The provided secret is not authorized to access github.com";
+
+                // The token is either invalid or has been killed.
                 return ValidationState.Unauthorized;
             }
             catch (Exception e)

Src/Plugins/Security/SEC101_102.AdoPatValidator.cs

@@ -21,62 +21,6 @@ public static class AdoPatValidator
         /// </summary>
         private const uint ChecksumAdoAppSecret = 0x1019F92E;
 
-        private static readonly uint[] Crc32Table = new uint[256]
-        {
-                0x00000000u, 0x77073096u, 0xee0e612cu, 0x990951bau, 0x076dc419u,
-                0x706af48fu, 0xe963a535u, 0x9e6495a3u, 0x0edb8832u, 0x79dcb8a4u,
-                0xe0d5e91eu, 0x97d2d988u, 0x09b64c2bu, 0x7eb17cbdu, 0xe7b82d07u,
-                0x90bf1d91u, 0x1db71064u, 0x6ab020f2u, 0xf3b97148u, 0x84be41deu,
-                0x1adad47du, 0x6ddde4ebu, 0xf4d4b551u, 0x83d385c7u, 0x136c9856u,
-                0x646ba8c0u, 0xfd62f97au, 0x8a65c9ecu, 0x14015c4fu, 0x63066cd9u,
-                0xfa0f3d63u, 0x8d080df5u, 0x3b6e20c8u, 0x4c69105eu, 0xd56041e4u,
-                0xa2677172u, 0x3c03e4d1u, 0x4b04d447u, 0xd20d85fdu, 0xa50ab56bu,
-                0x35b5a8fau, 0x42b2986cu, 0xdbbbc9d6u, 0xacbcf940u, 0x32d86ce3u,
-                0x45df5c75u, 0xdcd60dcfu, 0xabd13d59u, 0x26d930acu, 0x51de003au,
-                0xc8d75180u, 0xbfd06116u, 0x21b4f4b5u, 0x56b3c423u, 0xcfba9599u,
-                0xb8bda50fu, 0x2802b89eu, 0x5f058808u, 0xc60cd9b2u, 0xb10be924u,
-                0x2f6f7c87u, 0x58684c11u, 0xc1611dabu, 0xb6662d3du, 0x76dc4190u,
-                0x01db7106u, 0x98d220bcu, 0xefd5102au, 0x71b18589u, 0x06b6b51fu,
-                0x9fbfe4a5u, 0xe8b8d433u, 0x7807c9a2u, 0x0f00f934u, 0x9609a88eu,
-                0xe10e9818u, 0x7f6a0dbbu, 0x086d3d2du, 0x91646c97u, 0xe6635c01u,
-                0x6b6b51f4u, 0x1c6c6162u, 0x856530d8u, 0xf262004eu, 0x6c0695edu,
-                0x1b01a57bu, 0x8208f4c1u, 0xf50fc457u, 0x65b0d9c6u, 0x12b7e950u,
-                0x8bbeb8eau, 0xfcb9887cu, 0x62dd1ddfu, 0x15da2d49u, 0x8cd37cf3u,
-                0xfbd44c65u, 0x4db26158u, 0x3ab551ceu, 0xa3bc0074u, 0xd4bb30e2u,
-                0x4adfa541u, 0x3dd895d7u, 0xa4d1c46du, 0xd3d6f4fbu, 0x4369e96au,
-                0x346ed9fcu, 0xad678846u, 0xda60b8d0u, 0x44042d73u, 0x33031de5u,
-                0xaa0a4c5fu, 0xdd0d7cc9u, 0x5005713cu, 0x270241aau, 0xbe0b1010u,
-                0xc90c2086u, 0x5768b525u, 0x206f85b3u, 0xb966d409u, 0xce61e49fu,
-                0x5edef90eu, 0x29d9c998u, 0xb0d09822u, 0xc7d7a8b4u, 0x59b33d17u,
-                0x2eb40d81u, 0xb7bd5c3bu, 0xc0ba6cadu, 0xedb88320u, 0x9abfb3b6u,
-                0x03b6e20cu, 0x74b1d29au, 0xead54739u, 0x9dd277afu, 0x04db2615u,
-                0x73dc1683u, 0xe3630b12u, 0x94643b84u, 0x0d6d6a3eu, 0x7a6a5aa8u,
-                0xe40ecf0bu, 0x9309ff9du, 0x0a00ae27u, 0x7d079eb1u, 0xf00f9344u,
-                0x8708a3d2u, 0x1e01f268u, 0x6906c2feu, 0xf762575du, 0x806567cbu,
-                0x196c3671u, 0x6e6b06e7u, 0xfed41b76u, 0x89d32be0u, 0x10da7a5au,
-                0x67dd4accu, 0xf9b9df6fu, 0x8ebeeff9u, 0x17b7be43u, 0x60b08ed5u,
-                0xd6d6a3e8u, 0xa1d1937eu, 0x38d8c2c4u, 0x4fdff252u, 0xd1bb67f1u,
-                0xa6bc5767u, 0x3fb506ddu, 0x48b2364bu, 0xd80d2bdau, 0xaf0a1b4cu,
-                0x36034af6u, 0x41047a60u, 0xdf60efc3u, 0xa867df55u, 0x316e8eefu,
-                0x4669be79u, 0xcb61b38cu, 0xbc66831au, 0x256fd2a0u, 0x5268e236u,
-                0xcc0c7795u, 0xbb0b4703u, 0x220216b9u, 0x5505262fu, 0xc5ba3bbeu,
-                0xb2bd0b28u, 0x2bb45a92u, 0x5cb36a04u, 0xc2d7ffa7u, 0xb5d0cf31u,
-                0x2cd99e8bu, 0x5bdeae1du, 0x9b64c2b0u, 0xec63f226u, 0x756aa39cu,
-                0x026d930au, 0x9c0906a9u, 0xeb0e363fu, 0x72076785u, 0x05005713u,
-                0x95bf4a82u, 0xe2b87a14u, 0x7bb12baeu, 0x0cb61b38u, 0x92d28e9bu,
-                0xe5d5be0du, 0x7cdcefb7u, 0x0bdbdf21u, 0x86d3d2d4u, 0xf1d4e242u,
-                0x68ddb3f8u, 0x1fda836eu, 0x81be16cdu, 0xf6b9265bu, 0x6fb077e1u,
-                0x18b74777u, 0x88085ae6u, 0xff0f6a70u, 0x66063bcau, 0x11010b5cu,
-                0x8f659effu, 0xf862ae69u, 0x616bffd3u, 0x166ccf45u, 0xa00ae278u,
-                0xd70dd2eeu, 0x4e048354u, 0x3903b3c2u, 0xa7672661u, 0xd06016f7u,
-                0x4969474du, 0x3e6e77dbu, 0xaed16a4au, 0xd9d65adcu, 0x40df0b66u,
-                0x37d83bf0u, 0xa9bcae53u, 0xdebb9ec5u, 0x47b2cf7fu, 0x30b5ffe9u,
-                0xbdbdf21cu, 0xcabac28au, 0x53b39330u, 0x24b4a3a6u, 0xbad03605u,
-                0xcdd70693u, 0x54de5729u, 0x23d967bfu, 0xb3667a2eu, 0xc4614ab8u,
-                0x5d681b02u, 0x2a6f2b94u, 0xb40bbe37u, 0xc30c8ea1u, 0x5a05df1bu,
-                0x2d02ef8du,
-        };
-
 #pragma warning disable IDE0060 // Remove unused parameter
 
         public static IEnumerable<ValidationResult> IsValidStatic(Dictionary<string, FlexMatch> groups)
@@ -131,7 +75,7 @@ private static bool IsChecksumValid(string input, uint magicNumber)
             // Calculate the checksum
             uint newChecksum;
             {
-                uint crc32 = CalculateChecksum(0, tokenBytes, 0, tokenBytes.Length);
+                uint crc32 = Crc32.Calculate(tokenBytes);
 
                 // XOR the calculated checksum with a magic number.
                 newChecksum = crc32 ^ magicNumber;
@@ -208,18 +152,5 @@ private static byte[] ConvertFromBase32(string inputString)
 
             return output;
         }
-
-        private static uint CalculateChecksum(uint checksum, byte[] buffer, int offset, int length)
-        {
-            checksum ^= 0xffffffffU;
-            while (--length >= 0)
-            {
-                checksum = Crc32Table[(checksum ^ buffer[offset++]) & 0xFF] ^ (checksum >> 8);
-            }
-
-            checksum ^= 0xffffffffU;
-
-            return checksum;
-        }
     }
 }

Src/Plugins/Security/Security.csproj

@@ -5,7 +5,7 @@
   <Import Project="$(MSBuildThisFileDirectory)..\..\..\Targets\build.plugins.props" />
 
   <PropertyGroup Label="AssemblyAttributes">
-    <TargetFrameworks>netstandard2.0;net472</TargetFrameworks>
+    <TargetFrameworks>netstandard2.1;net472</TargetFrameworks>
     <CopyLocalLockFileAssemblies>true</CopyLocalLockFileAssemblies>
     <RootNamespace>$(RootNamespaceBase).Sarif.PatternMatcher.Plugins.Security</RootNamespace>
     <PackageId>Sarif.PatternMatcher.Security</PackageId>

Src/Plugins/Tests.Security/SEC101.SecurePlaintextSecretsTests.cs

@@ -14,7 +14,7 @@ public SecurePlaintextSecretsTests(ITestOutputHelper outputHelper) : base(output
 
         protected override string RuleId => "SEC101";
 
-        protected override string Framework => "netstandard2.0";
+        protected override string Framework => "netstandard2.1";
 
         [Fact]
         public void SecurePlaintextSecrets_EndToEndFunctionalTests()

Src/Plugins/Tests.Security/SEC102.ReviewPotentiallySensitiveDataTests.cs

@@ -14,7 +14,7 @@ public ReviewPotentiallySensitiveDataTests(ITestOutputHelper outputHelper) : bas
 
         protected override string RuleId => "SEC102";
 
-        protected override string Framework => "netstandard2.0";
+        protected override string Framework => "netstandard2.1";
 
         [Fact]
         public void ReviewPotentiallySensitiveData_EndToEndFunctionalTests()

Src/Plugins/Tests.Security/SEC103.ReviewPotentiallySensitiveFilesTests.cs

@@ -14,7 +14,7 @@ public ReviewPotentiallySensitiveFilesTests(ITestOutputHelper outputHelper) : ba
 
         protected override string RuleId => "SEC103";
 
-        protected override string Framework => "netstandard2.0";
+        protected override string Framework => "netstandard2.1";
 
         [Fact]
         public void ReviewPotentiallySensitiveFiles_EndToEndFunctionalTests()

Src/Plugins/Tests.Security/SEC104.UseSecureApiTests.cs

@@ -14,7 +14,7 @@ public UseSecureApiTests(ITestOutputHelper outputHelper) : base(outputHelper)
 
         protected override string RuleId => "SEC104";
 
-        protected override string Framework => "netstandard2.0";
+        protected override string Framework => "netstandard2.1";
 
         [Fact]
         public void UseSecureApi_EndToEndFunctionalTests()

Src/Plugins/Tests.Security/Validators/SEC101_001.HttpAuthorizationRequestHeaderValidatorTests.cs

@@ -9,7 +9,7 @@
 
 namespace Microsoft.CodeAnalysis.Sarif.PatternMatcher.Plugins.Security.Validators
 {
-    public class HttpAuthorizationRequestHeaderValidatorTests
+    public partial class HttpMockTests
     {
         private const string TestScheme = "http";
         private const string TestKey = "somekey";

Src/Plugins/Tests.Security/Validators/SEC101_007.GitHubAppCredentialsValidatorTests.cs

@@ -14,7 +14,7 @@
 
 namespace Microsoft.CodeAnalysis.Sarif.PatternMatcher.Plugins.Security.Validators
 {
-    public class GitHubAppCredentialsValidatorTests
+    public partial class HttpMockTests
     {
         [Fact]
         public void GitHubAppCredentialsValidator_MockHttpTests()
@@ -82,8 +82,7 @@ public void GitHubAppCredentialsValidator_MockHttpTests()
                 var fingerprint = new Fingerprint(fingerprintText);
                 var keyValuePairs = new Dictionary<string, string>();
 
-                GitHubAppCredentialsValidator.SetHttpClient(new HttpClient(MockHelper.MockHttpMessageHandler(testCase.HttpStatusCode, testCase.HttpContent)));
-
+                GitHubAppCredentialsValidator.Instance.SetHttpClient(new HttpClient(MockHelper.MockHttpMessageHandler(testCase.HttpStatusCode, testCase.HttpContent)));
                 ValidationState currentState = GitHubAppCredentialsValidator.IsValidDynamic(ref fingerprint,
                                                                                             ref message,
                                                                                             keyValuePairs,

Src/Plugins/Tests.Security/Validators/SEC101_010.SquarePatValidatorTests.cs

@@ -14,7 +14,7 @@
 
 namespace Microsoft.CodeAnalysis.Sarif.PatternMatcher.Plugins.Security.Validators
 {
-    public class SquarePatValidatorTests
+    public partial class HttpMockTests
     {
         [Fact]
         public void SquarePatValidator_MockHttpTests()
@@ -57,7 +57,7 @@ public void SquarePatValidator_MockHttpTests()
                 var fingerprint = new Fingerprint(fingerprintText);
                 var keyValuePairs = new Dictionary<string, string>();
 
-                SquarePatValidator.SetHttpClient(new HttpClient(MockHelper.MockHttpMessageHandler(testCase.HttpStatusCode, testCase.HttpContent)));
+                SquarePatValidator.Instance.SetHttpClient(new HttpClient(MockHelper.MockHttpMessageHandler(testCase.HttpStatusCode, testCase.HttpContent)));
 
                 ValidationState currentState = SquarePatValidator.IsValidDynamic(ref fingerprint,
                                                                                  ref message,

Src/Plugins/Tests.Security/Validators/SEC101_011.SquareCredentialsValidatorTests.cs

@@ -14,7 +14,7 @@
 
 namespace Microsoft.CodeAnalysis.Sarif.PatternMatcher.Plugins.Security.Validators
 {
-    public class SquareCredentialsValidatorTests
+    public partial class HttpMockTests
     {
         [Fact]
         public void SquareCredentialsValidator_Test()
@@ -81,7 +81,7 @@ public void SquareCredentialsValidator_MockHttpTests()
                 var fingerprint = new Fingerprint(fingerprintText);
                 var keyValuePairs = new Dictionary<string, string>();
 
-                SquareCredentialsValidator.SetHttpClient(new HttpClient(MockHelper.MockHttpMessageHandler(testCase.HttpStatusCode, testCase.HttpContent)));
+                SquareCredentialsValidator.Instance.SetHttpClient(new HttpClient(MockHelper.MockHttpMessageHandler(testCase.HttpStatusCode, testCase.HttpContent)));
 
                 ValidationState currentState = SquareCredentialsValidator.IsValidDynamic(ref fingerprint,
                                                                                          ref message,

Src/Sarif.PatternMatcher.Sdk/Crc32.cs

@@ -0,0 +1,96 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using System.Text;
+
+namespace Microsoft.CodeAnalysis.Sarif.PatternMatcher.Sdk
+{
+    public static class Crc32
+    {
+        // https://crc32.online/
+        // https://github.com/force-net/Crc32.NET
+        // https://en.wikipedia.org/wiki/Cyclic_redundancy_check
+        // This is the 'reversed representation' polynomial for
+        // little-endian implementations, i.e., the bitwise
+        // reflection of 0x04C11DB7;
+        private const uint Crc32Polynomial = 0xedb88320u;
+
+        private static readonly uint[] Crc32Table = CreateCrcTable(Crc32Polynomial);
+
+        public static uint Calculate(string text)
+        {
+            byte[] data = Encoding.ASCII.GetBytes(text);
+            return Calculate(data);
+        }
+
+        public static uint Calculate(byte[] buffer)
+        {
+            return Calculate(0, buffer, 0, buffer.Length);
+        }
+
+        public static uint Calculate(uint checksum, byte[] buffer, int offset, int length)
+        {
+            checksum ^= 0xffffffffU;
+
+            while (length >= 16)
+            {
+                uint a = Crc32Table[(3 * 256) + buffer[offset + 12]] ^
+                         Crc32Table[(2 * 256) + buffer[offset + 13]] ^
+                         Crc32Table[(1 * 256) + buffer[offset + 14]] ^
+                         Crc32Table[(0 * 256) + buffer[offset + 15]];
+
+                uint b = Crc32Table[(7 * 256) + buffer[offset + 8]] ^
+                         Crc32Table[(6 * 256) + buffer[offset + 9]] ^
+                         Crc32Table[(5 * 256) + buffer[offset + 10]] ^
+                         Crc32Table[(4 * 256) + buffer[offset + 11]];
+
+                uint c = Crc32Table[(11 * 256) + buffer[offset + 4]] ^
+                         Crc32Table[(10 * 256) + buffer[offset + 5]] ^
+                         Crc32Table[(9 * 256) + buffer[offset + 6]] ^
+                         Crc32Table[(8 * 256) + buffer[offset + 7]];
+
+                uint d = Crc32Table[(15 * 256) + ((byte)checksum ^ buffer[offset])] ^
+                         Crc32Table[(14 * 256) + ((byte)(checksum >> 8) ^ buffer[offset + 1])] ^
+                         Crc32Table[(13 * 256) + ((byte)(checksum >> 16) ^ buffer[offset + 2])] ^
+                         Crc32Table[(12 * 256) + ((checksum >> 24) ^ buffer[offset + 3])];
+
+                checksum = d ^ c ^ b ^ a;
+                offset += 16;
+                length -= 16;
+            }
+
+            while (--length >= 0)
+            {
+                checksum = Crc32Table[(checksum ^ buffer[offset++]) & 0xFF] ^ (checksum >> 8);
+            }
+
+            checksum ^= 0xffffffffU;
+
+            return checksum;
+        }
+
+        private static uint[] CreateCrcTable(uint polynomial)
+        {
+            var table = new uint[16 * 256];
+
+            for (uint i = 0; i < 256; i++)
+            {
+                uint res = i;
+
+                for (int t = 0; t < 16; t++)
+                {
+                    for (int k = 0; k < 8; k++)
+                    {
+                        res = (res & 1) == 1
+                            ? polynomial ^ (res >> 1)
+                            : (res >> 1);
+                    }
+
+                    table[(t * 256) + i] = res;
+                }
+            }
+
+            return table;
+        }
+    }
+}

Src/Sarif.PatternMatcher.Sdk/Sarif.PatternMatcher.Sdk.csproj

@@ -9,6 +9,10 @@
     <RootNamespace>$(RootNamespaceBase).Sarif.PatternMatcher.Sdk</RootNamespace>
   </PropertyGroup>
 
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+  </PropertyGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\RE2.Managed\RE2.Managed.csproj" />
     <ProjectReference Include="..\sarif-sdk\src\Sarif\Sarif.csproj" />

Src/Sarif.PatternMatcher.Sdk/ValidatorBase.cs

@@ -34,11 +34,8 @@ public abstract class ValidatorBase
             new Regex($@"The underlying connection was closed: Could not establish " +
                          "trust relationship for the SSL/TLS secure channel.", s_options);
 
-        [ThreadStatic]
-        private static HttpClient httpClient;
-
         private static bool shouldUseDynamicCache;
-
+        private HttpClient httpClient;
         private string scanIdentityGuid;
 
         static ValidatorBase()
@@ -320,7 +317,7 @@ internal static string ParseValue(string value)
             return value.Substring(indexOfFirstEqualSign + 1).Trim();
         }
 
-        internal static void SetHttpClient(HttpClient client)
+        internal void SetHttpClient(HttpClient client)
         {
             httpClient = client;
         }