Added tests for cert padding for libraries.

Library tests added for WIN_CERTIFICATE padding.

Author: vcsjones

AuthenticodeLintTests/Rules/WinCertificatePaddingRuleTests.cs

@@ -34,5 +34,40 @@ public void NonPaddedExecutableShouldPass()
             Assert.Equal(RuleResult.Pass, result);
             Assert.Empty(logger.Messages);
         }
+        [Fact]
+        public void PaddedLibraryShouldFail()
+        {
+            var file = "../../inputs/wintrustpadded.dl_";
+            var rule = new WinCertificatePaddingRule();
+            var logger = new MemorySignatureLogger();
+
+            var result = rule.Validate(file, logger, Configuration);
+            Assert.Equal(RuleResult.Fail, result);
+            var expectedPadding = Convert.ToBase64String(System.Text.Encoding.ASCII.GetBytes("fail"));
+            Assert.Contains($"Non-zero data found after PKCS#7 structure: {expectedPadding}.", logger.Messages);
+        }
+
+        [Fact]
+        public void NonPaddedLibraryShouldPass()
+        {
+            var file = "../../inputs/wintrustnonpadded.dl_";
+            var rule = new WinCertificatePaddingRule();
+            var logger = new MemorySignatureLogger();
+
+            var result = rule.Validate(file, logger, Configuration);
+            Assert.Equal(RuleResult.Pass, result);
+            Assert.Empty(logger.Messages);
+        }
+
+        [Fact]
+        public void NonBinaryShouldThrow()
+        {
+            //Rules shouldn't handle non-signed, non-binary content since that validation happens further up.
+            var file = "../../inputs/nonbinary.txt";
+            var rule = new WinCertificatePaddingRule();
+            var logger = new MemorySignatureLogger();
+
+            Assert.Throws<InvalidOperationException>(() => rule.Validate(file, SignatureLogger.Null, Configuration));
+        }
     }
 }

AuthenticodeLintTests/inputs/nonbinary.txt

@@ -0,0 +1 @@
+this is not a binary. Things should handle this case gracefully. No explosions.