Single portable .exe about attacksurfaceanalyzer HOT 12 OPEN

Alternatively, a directory structure where all of the supporting files were stored in a separate directory, like:

attack_surface_analyzer.exe
readme.txt
resources\
   resources\foo.dll
   resources\bar.dll
   …

I think this would be fine too.

from attacksurfaceanalyzer.

@Fabi that is the implementation in .net core 3.1 which is why we are not using it currently.

In the issue linked this is addressed in .NET 5

Can run managed components of the app directly from bundle, without need for extraction to disk.

Thats why I write native binaries :)
Managed are directly executed, native are always extracted.

from attacksurfaceanalyzer.

As a stopgap we could make a .bat/.sh file that just runs "resources\AttackSurfaceAnalyzer.exe", and put everything into the resources directory.

from attacksurfaceanalyzer.

That would certainly work for me.

from attacksurfaceanalyzer.

I saw that this is going to be a native feature of .NET Core 3, at least on Windows platforms.

I did experimentally create the running scripts, checked in in the Cli directory, but haven't fully tested that everything works with them (for example, I suspect the Compare command may not because it needs to load Output.cshtml from the filesystem).

from attacksurfaceanalyzer.

Unfortunately the .NET Core 3.0 approach is basically the warp packer approach, which is not desirable for our use case. Further minor experiments with other ILMerge type approaches haven't been successful either.

from attacksurfaceanalyzer.

The best workaround for now is to first install .NET Core and then run

dotnet tool install Microsoft.CST.AttackSurfaceAnalyzer.CLI

See nuget.org

from attacksurfaceanalyzer.

This should be possible in .NET 5.

https://devblogs.microsoft.com/dotnet/introducing-net-5/

from attacksurfaceanalyzer.

Depends on dotnet/runtime#36590 in .NET 5.

dotnet publish -r win-x64 /p:PublishSingleFile=true /p:IncludeNativeLibrariesInSingleFile=true

dotnet publish -r linux-x64 /p:PublishSingleFile=true

from attacksurfaceanalyzer.

Depends on dotnet/runtime#36590 in .NET 5.

dotnet publish -r win-x64 /p:PublishSingleFile=true /p:IncludeNativeLibrariesInSingleFile=true

dotnet publish -r linux-x64 /p:PublishSingleFile=true

Note that native binaries are still extracted to the Temp folder if bundled into a single binary. Otherwise they are placed in the same directory

from attacksurfaceanalyzer.

@Fabi that is the implementation in .net core 3.1 which is why we are not using it currently.

In the issue linked this is addressed in .NET 5

Can run managed components of the app directly from bundle, without need for extraction to disk.

from attacksurfaceanalyzer.

I understand now the distinction you are drawing. It sounds like it may still need to extract native binaries. Thanks for the extra info!

from attacksurfaceanalyzer.