Address Sonarqube SonarAnalyzer.CSharp.dll finding (#719)

* Add exception for SonarAnalyzer.CSharp.dll * Improve extracted archive file clean up (#714) * Improve extracted archive file clean up Signed-off-by: egibs <20933572+egibs@users.noreply.github.com> * Wrap tmpRoot removal in a defer instead Signed-off-by: egibs <20933572+egibs@users.noreply.github.com> * Only remove if tmpRoot is created successfully Signed-off-by: egibs <20933572+egibs@users.noreply.github.com> --------- Signed-off-by: egibs <20933572+egibs@users.noreply.github.com> * Add tests * update testdata --------- Signed-off-by: egibs <20933572+egibs@users.noreply.github.com> Co-authored-by: Evan Gibler <20933572+egibs@users.noreply.github.com>
chainguard-dev · Dec 17, 2024 · d21305b · d21305b
1 parent ff9ea83
commit d21305b
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/rules/false_positives/sonarqube.yara b/rules/false_positives/sonarqube.yara
@@ -12,3 +12,18 @@ rule sonarqube_tutorial_app: override {
   condition:
     filesize < 192KB and all of them
 }
+
+rule sonar_analyzer_override: override {
+  meta:
+    description                                   = "SonarQube SonarAnalyzer.CSharp.dll"
+    COD3NYM_SUSP_OBF_NET_Reactor_Indicators_Jan24 = "medium"
+
+  strings:
+    $ = "SonarAnalyzer" fullword
+    $ = "SonarAnalysisContextBase" fullword
+    $ = "SonarCodeFixContext" fullword
+    $ = "https://www.sonarsource.com"
+
+  condition:
+    filesize > 1MB and filesize < 6MB and any of them
+}
diff --git a/tests/windows/clean/System.Reflection.Metadata.dll.simple b/tests/windows/clean/System.Reflection.Metadata.dll.simple
@@ -0,0 +1,7 @@
+# windows/clean/System.Reflection.Metadata.dll: medium
+c2/tool_transfer/os: low
+crypto/public_key: low
+crypto/rc4: low
+fs/file/read: low
+net/http/websocket: medium
+net/url/embedded: low