Comments (12)
Alternatively, a directory structure where all of the supporting files were stored in a separate directory, like:
attack_surface_analyzer.exe
readme.txt
resources\
resources\foo.dll
resources\bar.dll
…
I think this would be fine too.
from attacksurfaceanalyzer.
@Fabi that is the implementation in .net core 3.1 which is why we are not using it currently.
In the issue linked this is addressed in .NET 5
Can run managed components of the app directly from bundle, without need for extraction to disk.
Thats why I write native binaries :)
Managed are directly executed, native are always extracted.
from attacksurfaceanalyzer.
As a stopgap we could make a .bat/.sh file that just runs "resources\AttackSurfaceAnalyzer.exe", and put everything into the resources directory.
from attacksurfaceanalyzer.
That would certainly work for me.
from attacksurfaceanalyzer.
I saw that this is going to be a native feature of .NET Core 3, at least on Windows platforms.
I did experimentally create the running scripts, checked in in the Cli directory, but haven't fully tested that everything works with them (for example, I suspect the Compare command may not because it needs to load Output.cshtml from the filesystem).
from attacksurfaceanalyzer.
Unfortunately the .NET Core 3.0 approach is basically the warp packer approach, which is not desirable for our use case. Further minor experiments with other ILMerge type approaches haven't been successful either.
from attacksurfaceanalyzer.
The best workaround for now is to first install .NET Core and then run
dotnet tool install Microsoft.CST.AttackSurfaceAnalyzer.CLI
See nuget.org
from attacksurfaceanalyzer.
This should be possible in .NET 5.
https://devblogs.microsoft.com/dotnet/introducing-net-5/
from attacksurfaceanalyzer.
Depends on dotnet/runtime#36590 in .NET 5.
dotnet publish -r win-x64 /p:PublishSingleFile=true /p:IncludeNativeLibrariesInSingleFile=true
dotnet publish -r linux-x64 /p:PublishSingleFile=true
from attacksurfaceanalyzer.
Depends on dotnet/runtime#36590 in .NET 5.
dotnet publish -r win-x64 /p:PublishSingleFile=true /p:IncludeNativeLibrariesInSingleFile=true
dotnet publish -r linux-x64 /p:PublishSingleFile=true
Note that native binaries are still extracted to the Temp folder if bundled into a single binary. Otherwise they are placed in the same directory
from attacksurfaceanalyzer.
@Fabi that is the implementation in .net core 3.1 which is why we are not using it currently.
In the issue linked this is addressed in .NET 5
Can run managed components of the app directly from bundle, without need for extraction to disk.
from attacksurfaceanalyzer.
I understand now the distinction you are drawing. It sounds like it may still need to extract native binaries. Thanks for the extra info!
from attacksurfaceanalyzer.
Related Issues (20)
- Re-Validate Rules automatically on change
- Improve write speed by changing serialized data format
- Reduce size of analysis stored in db
- Flag Zip files that are also jpegs
- Binary files getting labeled as missing DEP/ASLR/SIGN related flags HOT 4
- Report collection errors in collected objects HOT 1
- Show console output in gui
- Analyze scan from 2 different machines. HOT 4
- Sarif Report Doesn't Load Properly in VS Code
- How to change the port used HOT 3
- What are the resultslevel options? HOT 8
- In Use files are getting labeled as missing DEP/ASLR/SIGN related flags HOT 5
- Add Export Sarif Button to GUI HOT 5
- Track Exceptions when Gathering Info
- Cannot detect registry created, deleted and modified by myself. HOT 10
- Win 7 HOT 2
- GUI does not show editable field for Editing Analyses or Sandbox
- After update to 2.3.305: Microsoft.Data.Sqlite.SqliteException (0x80004005): SQLite Error 13: 'database or disk is full' HOT 9
- GitHub Pages Doc Publication Is Failing
- Out of Memory Error during Analysis Step HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from attacksurfaceanalyzer.