Fixes from refactoring and more cleanup.

vcsjones · vcsjones · commit 34afae23d31e · 2018-11-06T16:16:22.000-05:00
diff --git a/AuthenticodeLint/AuthenticodeLint.csproj b/AuthenticodeLint/AuthenticodeLint.csproj
@@ -1,18 +1,14 @@
 ﻿<Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <OutputType>Exe</OutputType>
+    <OutputType>WinExe</OutputType>
     <AssemblyName>authlint</AssemblyName>
-    <TargetFrameworks>net461</TargetFrameworks>
+    <TargetFramework>netcoreapp2.1</TargetFramework>
     <VersionPrefix>0.11.0</VersionPrefix>
     <Authors>Kevin Jones</Authors>
-    <LangVersion>latest</LangVersion>
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
     <Copyright>Kevin Jones 2016-2017</Copyright>
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="AuthenticodeExaminer" Version="0.3.0" />
   </ItemGroup>
-  <ItemGroup>
-    <Reference Include="System.Security" />
-  </ItemGroup>
 </Project>
diff --git a/AuthenticodeLint/BitStrengthCalculator.cs b/AuthenticodeLint/BitStrengthCalculator.cs
@@ -1,36 +1,30 @@
-﻿using System.Security.Cryptography.X509Certificates;
+﻿using System.Collections.Concurrent;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
 
 namespace AuthenticodeLint
 {
     public static class BitStrengthCalculator
     {
+        private static ConcurrentDictionary<string, int> _cachedEccCurveSizes = new ConcurrentDictionary<string, int>();
+
         public static CertificateBitStrength CalculateStrength(X509Certificate2 certificate)
         {
             PublicKeyAlgorithm keyAlgorithm;
             int? bitSize;
             switch (certificate.PublicKey.Oid.Value)
             {
                 case KnownOids.X509Algorithms.Ecc:
+                    keyAlgorithm = PublicKeyAlgorithm.ECDSA;
                     var parameterOid = OidParser.ReadFromBytes(certificate.PublicKey.EncodedParameters.RawData);
-                    switch (parameterOid.Value)
+                    bitSize = _cachedEccCurveSizes.GetOrAdd(parameterOid.Value, oid =>
                     {
-                        case KnownOids.EccCurves.EcdsaP256:
-                            keyAlgorithm = PublicKeyAlgorithm.ECDSA;
-                            bitSize = 256;
-                            break;
-                        case KnownOids.EccCurves.EcdsaP384:
-                            keyAlgorithm = PublicKeyAlgorithm.ECDSA;
-                            bitSize = 384;
-                            break;
-                        case KnownOids.EccCurves.EcdsaP521:
-                            keyAlgorithm = PublicKeyAlgorithm.ECDSA;
-                            bitSize = 521;
-                            break;
-                        default:
-                            keyAlgorithm = PublicKeyAlgorithm.Other;
-                            bitSize = null;
-                            break;
-                    }
+                        var curve = ECCurve.CreateFromValue(oid);
+                        using (var ecdsa = ECDsa.Create(curve))
+                        {
+                            return ecdsa.KeySize;
+                        }
+                    });
                     break;
                 case KnownOids.X509Algorithms.RSA:
                     keyAlgorithm = PublicKeyAlgorithm.RSA;
diff --git a/AuthenticodeLint/CertificatePaddingExtractor.cs b/AuthenticodeLint/CertificatePaddingExtractor.cs
@@ -32,10 +32,10 @@ public static byte[] ExtractPadding(string filePath)
                         using (var memoryStream = new MemoryStream())
                         {
                             int read;
-                            var buffer = new byte[0x1000];
-                            while ((read = reader.Read(buffer, 0, buffer.Length)) > 0)
+                            Span<byte> buffer = stackalloc byte[0x400];
+                            while ((read = reader.Read(buffer)) > 0)
                             {
-                                memoryStream.Write(buffer, 0, read);
+                                memoryStream.Write(buffer.Slice(0, read));
                             }
                             var winCertificate = memoryStream.ToArray();
                             var signer = new SignedCms();
diff --git a/AuthenticodeLint/CommandLineParser.cs b/AuthenticodeLint/CommandLineParser.cs
@@ -7,7 +7,7 @@ namespace AuthenticodeLint
 
     public readonly struct CommandLineParameter
     {
-        private  readonly string _name, _value;
+        private readonly string _name, _value;
 
         public CommandLineParameter(string name, string value)
         {
diff --git a/AuthenticodeLint/Extraction.cs b/AuthenticodeLint/Extraction.cs
@@ -1,5 +1,5 @@
 ﻿using AuthenticodeExaminer;
-using AuthenticodeLint.Interop;
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Security.Cryptography.X509Certificates;
@@ -41,19 +41,20 @@ public static void ExtractToDisk(string file, CheckConfiguration configuration,
 
         private static string SerializeCertificate(X509Certificate2 certificate)
         {
-            string base64Certificate = null;
-            var binaryCertificate = certificate.Export(X509ContentType.Cert);
-
-            uint size = 0;
-            if (Crypt32.CryptBinaryToString(binaryCertificate, (uint)binaryCertificate.Length, CryptBinaryToStringFlags.CRYPT_STRING_BASE64HEADER, null, ref size))
+            var octets = certificate.Export(X509ContentType.Cert);
+            var formatted = Convert.ToBase64String(octets);
+            var builder = new StringBuilder();
+            builder.AppendLine("-----BEGIN CERTIFICATE-----");
+            var i = 0;
+            while (i < formatted.Length)
             {
-                var builder = new StringBuilder((int)size);
-                if (Crypt32.CryptBinaryToString(binaryCertificate, (uint)binaryCertificate.Length, CryptBinaryToStringFlags.CRYPT_STRING_BASE64HEADER, builder, ref size))
-                {
-                    base64Certificate = builder.ToString();
-                }
+                const int MAX_LINE_SIZE = 64;
+                var size = Math.Min(MAX_LINE_SIZE, formatted.Length - i);
+                builder.AppendLine(formatted.Substring(i, size));
+                i += size;
             }
-            return base64Certificate; 
+            builder.AppendLine("-----END CERTIFICATE-----");
+            return builder.ToString();
         }
     }
 }
diff --git a/AuthenticodeLint/Interop/Crypt32.cs b/AuthenticodeLint/Interop/Crypt32.cs
diff --git a/AuthenticodeLint/PE/PortableExecutable.cs b/AuthenticodeLint/PE/PortableExecutable.cs
@@ -1,10 +1,8 @@
 ﻿using AuthenticodeLint.Interop;
 using System;
 using System.Collections.Generic;
-using System.Diagnostics;
 using System.IO;
 using System.IO.MemoryMappedFiles;
-using System.Linq;
 using System.Runtime.InteropServices;
 
 namespace AuthenticodeLint.PE
@@ -15,15 +13,14 @@ public class PortableExecutable : IDisposable
 
         public PortableExecutable(string filePath)
         {
-            _file = MemoryMappedFile.CreateFromFile(filePath, System.IO.FileMode.Open, "PortableExecutableView", 0, MemoryMappedFileAccess.Read);
+            _file = MemoryMappedFile.CreateFromFile(filePath, FileMode.Open, "PortableExecutableView", 0, MemoryMappedFileAccess.Read);
         }
 
         public DosHeader GetDosHeader()
         {
             using (var view = _file.CreateViewAccessor(0, 0, MemoryMappedFileAccess.Read))
             {
-                IMAGE_DOS_HEADER header;
-                view.Read(0L, out header);
+                view.Read(0L, out IMAGE_DOS_HEADER header);
                 if (header.e_magic != DOS_MAGIC)
                 {
                     throw new InvalidOperationException("File does not have a valid DOS header.");
@@ -45,12 +42,10 @@ public PeHeader GetPEHeader(DosHeader dosHeader)
                 {
                     throw new InvalidOperationException("File does not have a valid PE header.");
                 }
-                IMAGE_FILE_HEADER fileHeader;
-                view.Read(sizeof(uint), out fileHeader);
+                view.Read(sizeof(uint), out IMAGE_FILE_HEADER fileHeader);
                 if (fileHeader.Machine == IMAGE_FILE_MACHINE_AMD64)
                 {
-                    IMAGE_OPTIONAL_HEADER64 header64;
-                    view.Read(sizeof(uint) + Marshal.SizeOf<IMAGE_FILE_HEADER>(), out header64);
+                    view.Read(sizeof(uint) + Marshal.SizeOf<IMAGE_FILE_HEADER>(), out IMAGE_OPTIONAL_HEADER64 header64);
                     if (header64.Magic != PE32_64)
                     {
                         throw new InvalidOperationException("File is x86-64 but has a image type other than PE32+.");
@@ -61,8 +56,7 @@ public PeHeader GetPEHeader(DosHeader dosHeader)
                 }
                 else if (fileHeader.Machine == IMAGE_FILE_MACHINE_I386)
                 {
-                    IMAGE_OPTIONAL_HEADER32 header32;
-                    view.Read(sizeof(uint) + Marshal.SizeOf<IMAGE_FILE_HEADER>(), out header32);
+                    view.Read(sizeof(uint) + Marshal.SizeOf<IMAGE_FILE_HEADER>(), out IMAGE_OPTIONAL_HEADER32 header32);
                     if (header32.Magic != PE32_32)
                     {
                         throw new InvalidOperationException("File is x86 but has a image type other than PE32.");
diff --git a/AuthenticodeLint/Rules/10003-TimestampedRule.cs b/AuthenticodeLint/Rules/10003-TimestampedRule.cs
@@ -15,7 +15,7 @@ public class TimestampedRule : IAuthenticodeSignatureRule
 
         public RuleSet RuleSet { get; } = RuleSet.All;
 
-        public unsafe RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)
+        public RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {
             var signatures = graph.VisitAll(SignatureKind.AnySignature);
             var pass = true;
diff --git a/AuthenticodeLint/Rules/10004-PublisherInformationRule.cs b/AuthenticodeLint/Rules/10004-PublisherInformationRule.cs
@@ -29,7 +29,7 @@ public RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger v
                         break;
                     }
                 }
-                if (info == null)
+                if (info == null || info.IsEmpty)
                 {
                     result = RuleResult.Fail;
                     verboseWriter.LogSignatureMessage(signature, "Signature does not have any publisher information.");
diff --git a/AuthenticodeLint/Rules/10005-PublisherInformationUrlHttpsRule.cs b/AuthenticodeLint/Rules/10005-PublisherInformationUrlHttpsRule.cs
@@ -29,7 +29,7 @@ public RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger v
                         break;
                     }
                 }
-                if (info == null)
+                if (info == null || info.IsEmpty)
                 {
                     result = RuleResult.Fail;
                     verboseWriter.LogSignatureMessage(signature, "Signature does not have any publisher information.");
diff --git a/AuthenticodeLint/Rules/10007-TrustedSignatureRule.cs b/AuthenticodeLint/Rules/10007-TrustedSignatureRule.cs
@@ -1,7 +1,4 @@
 ﻿using AuthenticodeExaminer;
-using AuthenticodeLint.Interop;
-using System;
-using System.Runtime.InteropServices;
 
 namespace AuthenticodeLint.Rules
 {
@@ -15,14 +12,15 @@ public class TrustedSignatureRule : IAuthenticodeFileRule
 
         public RuleSet RuleSet { get; } = RuleSet.All;
 
-        public unsafe RuleResult Validate(string file, SignatureLogger verboseWriter, CheckConfiguration configuration)
+        public RuleResult Validate(string file, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {
             var inspector = new FileInspector(file);
             var result = inspector.Validate(configuration.RevocationMode);
             if (result == SignatureCheckResult.Valid)
             {
                 return RuleResult.Pass;
             }
+            verboseWriter.LogMessage($"Authenticode signature validation failed with '{result}'.");
             return RuleResult.Fail;
         }
     }
diff --git a/AuthenticodeLint/Rules/10011-StrongKeyLengthRule.cs b/AuthenticodeLint/Rules/10011-StrongKeyLengthRule.cs
@@ -7,6 +7,7 @@ namespace AuthenticodeLint.Rules
     public class StrongKeyLengthRule : IAuthenticodeSignatureRule
     {
         private const int MIN_RSADSA_KEY_SIZE = 2048;
+        private const int MIN_ECDSA_KEY_SIZE = 256;
 
         public int RuleId { get; } = 10011;
 
@@ -28,7 +29,12 @@ public RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger v
                     case PublicKeyAlgorithm.ECDSA when keyInfo.BitSize is null:
                         verboseWriter.LogSignatureMessage(signature, "Signature uses ECDSA with an unknown curve.");
                         result = RuleResult.Fail;
-                        //We don't actually check the key size for ECDSA since all known values are acceptable.
+                        break;
+                    case PublicKeyAlgorithm.ECDSA when keyInfo.BitSize < MIN_ECDSA_KEY_SIZE:
+                        verboseWriter.LogSignatureMessage(signature, $"Signature uses a ECDSA key of size {keyInfo.BitSize} which is below the recommended {MIN_ECDSA_KEY_SIZE}.");
+                        result = RuleResult.Fail;
+                        break;
+                    case PublicKeyAlgorithm.ECDSA:
                         break;
                     case PublicKeyAlgorithm.RSA when keyInfo.BitSize is null:
                         verboseWriter.LogSignatureMessage(signature, "Signature has an unknown RSA key size.");
@@ -38,6 +44,8 @@ public RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger v
                         verboseWriter.LogSignatureMessage(signature, $"Signature uses a RSA key of size {keyInfo.BitSize} which is below the recommended {MIN_RSADSA_KEY_SIZE}.");
                         result = RuleResult.Fail;
                         break;
+                    case PublicKeyAlgorithm.RSA when keyInfo.BitSize >= MIN_RSADSA_KEY_SIZE:
+                        break;
                     case PublicKeyAlgorithm.DSA when keyInfo.BitSize is null:
                         verboseWriter.LogSignatureMessage(signature, "Signature has an unknown DSA key size.");
                         result = RuleResult.Fail;
@@ -47,6 +55,8 @@ public RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger v
                         verboseWriter.LogSignatureMessage(signature, $"Signature uses a DSA key of size {keyInfo.BitSize} which is below the recommended {MIN_RSADSA_KEY_SIZE}.");
                         result = RuleResult.Fail;
                         break;
+                    case PublicKeyAlgorithm.DSA:
+                        break;
                     default:
                         verboseWriter.LogSignatureMessage(signature, $"Signature uses an unknown algorithm.");
                         result = RuleResult.Fail;
diff --git a/AuthenticodeLint/Rules/10012-RsaDsaPrimarySignatureRule.cs b/AuthenticodeLint/Rules/10012-RsaDsaPrimarySignatureRule.cs
@@ -12,7 +12,7 @@ public class RsaDsaPrimarySignatureRule : IAuthenticodeSignatureRule
 
         public string ShortDescription { get; } = "Primary signature should be RSA or DSA.";
 
-        public RuleSet RuleSet { get; } = RuleSet.All;
+        public RuleSet RuleSet { get; } = RuleSet.Compat;
 
         public RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {
@@ -25,7 +25,7 @@ public RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger v
             var info = BitStrengthCalculator.CalculateStrength(primary.Certificate);
             if (info.AlgorithmName != PublicKeyAlgorithm.RSA && info.AlgorithmName != PublicKeyAlgorithm.DSA)
             {
-                verboseWriter.LogSignatureMessage(primary, $"Primary signature should use RSA or DSA key but uses ${info.AlgorithmName.ToString()}");
+                verboseWriter.LogSignatureMessage(primary, $"Primary signature should use RSA or DSA key but uses {info.AlgorithmName.ToString()}");
                 return RuleResult.Fail;
             }
             return RuleResult.Pass;
diff --git a/AuthenticodeLint/Rules/10013-MaxKeyLengthRule.cs b/AuthenticodeLint/Rules/10013-MaxKeyLengthRule.cs
@@ -34,6 +34,8 @@ public RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger v
                         verboseWriter.LogSignatureMessage(signature, $"Signature uses ECDSA signature with a key size of {keyInfo.BitSize} exeeding maximum size of {MAX_ECDSA_KEY_SIZE}.");
                         result = RuleResult.Fail;
                         break;
+                    case PublicKeyAlgorithm.ECDSA:
+                        break;
                     case PublicKeyAlgorithm.RSA when keyInfo.BitSize is null:
                         verboseWriter.LogSignatureMessage(signature, "Signature has an unknown RSA key size.");
                         result = RuleResult.Fail;
@@ -42,6 +44,8 @@ public RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger v
                         verboseWriter.LogSignatureMessage(signature, $"Signature uses RSA signature with a key size of {keyInfo.BitSize} exeeding maximum size of {MAX_RSA_KEY_SIZE}.");
                         result = RuleResult.Fail;
                         break;
+                    case PublicKeyAlgorithm.RSA:
+                        break;
                     case PublicKeyAlgorithm.DSA when keyInfo.BitSize is null:
                         verboseWriter.LogSignatureMessage(signature, "Signature has an unknown DSA key size.");
                         result = RuleResult.Fail;
@@ -50,6 +54,8 @@ public RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger v
                         verboseWriter.LogSignatureMessage(signature, $"Signature uses DSA signature with a key size of {keyInfo.BitSize} exeeding maximum size of {MAX_DSA_KEY_SIZE}.");
                         result = RuleResult.Fail;
                         break;
+                    case PublicKeyAlgorithm.DSA:
+                        break;
                     default:
                         verboseWriter.LogSignatureMessage(signature, $"Signature uses an unknown algorithm.");
                         result = RuleResult.Fail;
diff --git a/AuthenticodeLint/SignatureHasher.cs b/AuthenticodeLint/SignatureHasher.cs
@@ -1,4 +1,5 @@
 ﻿using AuthenticodeExaminer;
+using System;
 using System.Linq;
 using System.Text;
 
@@ -9,18 +10,7 @@ public static class HashHelpers
         public static string GetHashForSignature(ICmsSignature signature)
         {
             var digest = signature.SignatureDigest();
-            var digestString = digest.Aggregate(new StringBuilder(), (acc, b) => acc.AppendFormat("{0:x2}", b)).ToString();
-            return digestString;
-        }
-
-        public static string HexEncode(byte[] data)
-        {
-            return data.Aggregate(new StringBuilder(), (acc, b) => acc.AppendFormat("{0:x2}", b)).ToString();
-        }
-
-        public static string HexEncodeBigEndian(byte[] data)
-        {
-            return data.Aggregate(new StringBuilder(), (acc, b) => acc.Insert(0, string.Format("{0:x2}", b))).ToString();
+            return digest.Aggregate(new StringBuilder(), (acc, b) => acc.AppendFormat("{0:x2}", b)).ToString();
         }
     }
 }
diff --git a/AuthenticodeLint/app.manifest b/AuthenticodeLint/app.manifest
diff --git a/AuthenticodeLintTests/AuthenticodeLintTests.csproj b/AuthenticodeLintTests/AuthenticodeLintTests.csproj

Original file line number	Diff line number	Diff line change
`@@ -32,10 +32,10 @@ public static byte[] ExtractPadding(string filePath)`
`32`	`32`	`using (var memoryStream = new MemoryStream())`
`33`	`33`	`{`
`34`	`34`	`int read;`
`35`		`- var buffer = new byte[0x1000];`
`36`		`- while ((read = reader.Read(buffer, 0, buffer.Length)) > 0)`
	`35`	`+ Span<byte> buffer = stackalloc byte[0x400];`
	`36`	`+ while ((read = reader.Read(buffer)) > 0)`
`37`	`37`	`{`
`38`		`- memoryStream.Write(buffer, 0, read);`
	`38`	`+ memoryStream.Write(buffer.Slice(0, read));`
`39`	`39`	`}`
`40`	`40`	`var winCertificate = memoryStream.ToArray();`
`41`	`41`	`var signer = new SignedCms();`
Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ namespace AuthenticodeLint`
`7`	`7`
`8`	`8`	`public readonly struct CommandLineParameter`
`9`	`9`	`{`
`10`		`- private readonly string _name, _value;`
	`10`	`+ private readonly string _name, _value;`
`11`	`11`
`12`	`12`	`public CommandLineParameter(string name, string value)`
`13`	`13`	`{`
Original file line number	Diff line number	Diff line change
`@@ -1,10 +1,8 @@`
`1`	`1`	`using AuthenticodeLint.Interop;`
`2`	`2`	`using System;`
`3`	`3`	`using System.Collections.Generic;`
`4`		`-using System.Diagnostics;`
`5`	`4`	`using System.IO;`
`6`	`5`	`using System.IO.MemoryMappedFiles;`
`7`		`-using System.Linq;`
`8`	`6`	`using System.Runtime.InteropServices;`
`9`	`7`
`10`	`8`	`namespace AuthenticodeLint.PE`
`@@ -15,15 +13,14 @@ public class PortableExecutable : IDisposable`
`15`	`13`
`16`	`14`	`public PortableExecutable(string filePath)`
`17`	`15`	`{`
`18`		`- _file = MemoryMappedFile.CreateFromFile(filePath, System.IO.FileMode.Open, "PortableExecutableView", 0, MemoryMappedFileAccess.Read);`
	`16`	`+ _file = MemoryMappedFile.CreateFromFile(filePath, FileMode.Open, "PortableExecutableView", 0, MemoryMappedFileAccess.Read);`
`19`	`17`	`}`
`20`	`18`
`21`	`19`	`public DosHeader GetDosHeader()`
`22`	`20`	`{`
`23`	`21`	`using (var view = _file.CreateViewAccessor(0, 0, MemoryMappedFileAccess.Read))`
`24`	`22`	`{`
`25`		`- IMAGE_DOS_HEADER header;`
`26`		`- view.Read(0L, out header);`
	`23`	`+ view.Read(0L, out IMAGE_DOS_HEADER header);`
`27`	`24`	`if (header.e_magic != DOS_MAGIC)`
`28`	`25`	`{`
`29`	`26`	`throw new InvalidOperationException("File does not have a valid DOS header.");`
`@@ -45,12 +42,10 @@ public PeHeader GetPEHeader(DosHeader dosHeader)`
`45`	`42`	`{`
`46`	`43`	`throw new InvalidOperationException("File does not have a valid PE header.");`
`47`	`44`	`}`
`48`		`- IMAGE_FILE_HEADER fileHeader;`
`49`		`- view.Read(sizeof(uint), out fileHeader);`
	`45`	`+ view.Read(sizeof(uint), out IMAGE_FILE_HEADER fileHeader);`
`50`	`46`	`if (fileHeader.Machine == IMAGE_FILE_MACHINE_AMD64)`
`51`	`47`	`{`
`52`		`- IMAGE_OPTIONAL_HEADER64 header64;`
`53`		`- view.Read(sizeof(uint) + Marshal.SizeOf<IMAGE_FILE_HEADER>(), out header64);`
	`48`	`+ view.Read(sizeof(uint) + Marshal.SizeOf<IMAGE_FILE_HEADER>(), out IMAGE_OPTIONAL_HEADER64 header64);`
`54`	`49`	`if (header64.Magic != PE32_64)`
`55`	`50`	`{`
`56`	`51`	`throw new InvalidOperationException("File is x86-64 but has a image type other than PE32+.");`
`@@ -61,8 +56,7 @@ public PeHeader GetPEHeader(DosHeader dosHeader)`
`61`	`56`	`}`
`62`	`57`	`else if (fileHeader.Machine == IMAGE_FILE_MACHINE_I386)`
`63`	`58`	`{`
`64`		`- IMAGE_OPTIONAL_HEADER32 header32;`
`65`		`- view.Read(sizeof(uint) + Marshal.SizeOf<IMAGE_FILE_HEADER>(), out header32);`
	`59`	`+ view.Read(sizeof(uint) + Marshal.SizeOf<IMAGE_FILE_HEADER>(), out IMAGE_OPTIONAL_HEADER32 header32);`
`66`	`60`	`if (header32.Magic != PE32_32)`
`67`	`61`	`{`
`68`	`62`	`throw new InvalidOperationException("File is x86 but has a image type other than PE32.");`
Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ public class TimestampedRule : IAuthenticodeSignatureRule`
`15`	`15`
`16`	`16`	`public RuleSet RuleSet { get; } = RuleSet.All;`
`17`	`17`
`18`		`- public unsafe RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)`
	`18`	`+ public RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)`
`19`	`19`	`{`
`20`	`20`	`var signatures = graph.VisitAll(SignatureKind.AnySignature);`
`21`	`21`	`var pass = true;`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ public RuleResult Validate(IReadOnlyList<ICmsSignature> graph, SignatureLogger v`
`29`	`29`	`break;`
`30`	`30`	`}`
`31`	`31`	`}`
`32`		`- if (info == null)`
	`32`	`+ if (info == null \|\| info.IsEmpty)`
`33`	`33`	`{`
`34`	`34`	`result = RuleResult.Fail;`
`35`	`35`	`verboseWriter.LogSignatureMessage(signature, "Signature does not have any publisher information.");`