Refactor rule interface.

vcsjones · vcsjones · commit d02560b87283 · 2016-04-18T10:17:48.000-04:00
The interface is now broken up so that file-based checks
and signature-based checks don't share a common interface.
diff --git a/AuthenticodeLint/CheckEngine.cs b/AuthenticodeLint/CheckEngine.cs
@@ -1,5 +1,7 @@
 ﻿using System.Collections.Generic;
 using AuthenticodeLint.Rules;
+using System;
+using System.Linq;
 
 namespace AuthenticodeLint
 {
@@ -14,20 +16,12 @@ static CheckEngine()
 
         public IReadOnlyList<IAuthenticodeRule> GetRules()
         {
-            return new List<IAuthenticodeRule>
-            {
-                new Sha1PrimarySignatureRule(),
-                new Sha2SignatureExistsRule(),
-                new NoWeakFileDigestAlgorithmsRule(),
-                new TimestampedRule(),
-                new PublisherInformationPresentRule(),
-                new PublisherInformationUrlHttpsRule(),
-                new SigningCertificateDigestAlgorithmRule(),
-                new TrustedSignatureRule(),
-                new WinCertificatePaddingRule(),
-                new NoUnknownUnsignedAttibuteRule(),
-                new NoUnknownCertificatesRule()
-            };
+            return (from type in typeof(IAuthenticodeRule).Assembly.GetExportedTypes()
+                    where typeof(IAuthenticodeRule).IsAssignableFrom(type) && type.GetConstructor(Type.EmptyTypes) != null
+                    let instance = (IAuthenticodeRule)Activator.CreateInstance(type)
+                    orderby instance.RuleId
+                    select instance
+                    ).ToList();
         }
 
         public RuleEngineResult RunAllRules(string file, Graph<Signature> signatures, List<IRuleResultCollector> collectors, CheckConfiguration configuration)
@@ -52,9 +46,17 @@ public RuleEngineResult RunAllRules(string file, Graph<Signature> signatures, Li
                     {
                         result = RuleResult.Skip;
                     }
+                    else if (rule is IAuthenticodeFileRule)
+                    {
+                        result = ((IAuthenticodeFileRule)rule).Validate(file, verboseWriter, configuration);
+                    }
+                    else if (rule is IAuthenticodeSignatureRule)
+                    {
+                        result = ((IAuthenticodeSignatureRule)rule).Validate(signatures, verboseWriter, configuration);
+                    }
                     else
                     {
-                        result = rule.Validate(signatures, verboseWriter, configuration, file);
+                        throw new NotSupportedException("Rule type is not supported.");
                     }
                 }
                 if (result != RuleResult.Pass)
diff --git a/AuthenticodeLint/Rules/CertificateChainRuleBase.cs b/AuthenticodeLint/Rules/CertificateChainRuleBase.cs
@@ -2,15 +2,15 @@
 
 namespace AuthenticodeLint.Rules
 {
-    public abstract class CertificateChainRuleBase : IAuthenticodeRule
+    public abstract class CertificateChainRuleBase : IAuthenticodeSignatureRule
     {
         public abstract int RuleId { get; }
         public abstract string RuleName { get; }
         public abstract string ShortDescription { get; }
 
         protected abstract bool ValidateChain(Signature signer, X509Chain chain, SignatureLogger verboseWriter);
 
-        public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file)
+        public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {
             var signatures = graph.VisitAll();
             var result = RuleResult.Pass;
diff --git a/AuthenticodeLint/Rules/IAuthenticodeRule.cs b/AuthenticodeLint/Rules/IAuthenticodeRule.cs
@@ -5,6 +5,15 @@ public interface IAuthenticodeRule
         int RuleId { get; }
         string ShortDescription { get; }
         string RuleName { get; }
-        RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file);
+    }
+
+    public interface IAuthenticodeSignatureRule : IAuthenticodeRule
+    {
+        RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration);
+    }
+
+    public interface IAuthenticodeFileRule : IAuthenticodeRule
+    {
+        RuleResult Validate(string file, SignatureLogger verboseWriter, CheckConfiguration configuration);
     }
 }
diff --git a/AuthenticodeLint/Rules/NoUnknownCertificatesRule.cs b/AuthenticodeLint/Rules/NoUnknownCertificatesRule.cs
@@ -8,15 +8,15 @@
 
 namespace AuthenticodeLint.Rules
 {
-    public class NoUnknownCertificatesRule : IAuthenticodeRule
+    public class NoUnknownCertificatesRule : IAuthenticodeSignatureRule
     {
         public int RuleId { get; } = 10010;
 
         public string RuleName { get; } = "No Unknown Certificates";
 
         public string ShortDescription { get; } = "Checks for unknown embedded certificates.";
 
-        public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file)
+        public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {
             var result = RuleResult.Pass;
             var signatures = graph.VisitAll();
diff --git a/AuthenticodeLint/Rules/NoUnknownUnsignedAttibuteRule.cs b/AuthenticodeLint/Rules/NoUnknownUnsignedAttibuteRule.cs
@@ -3,7 +3,7 @@
 
 namespace AuthenticodeLint.Rules
 {
-    public class NoUnknownUnsignedAttibuteRule : IAuthenticodeRule
+    public class NoUnknownUnsignedAttibuteRule : IAuthenticodeSignatureRule
     {
         public int RuleId { get; } = 10009;
 
@@ -18,7 +18,7 @@ public class NoUnknownUnsignedAttibuteRule : IAuthenticodeRule
             KnownOids.NestedSignatureOid
         };
 
-        public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file)
+        public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {
             var signatures = graph.VisitAll();
             var result = RuleResult.Pass;
diff --git a/AuthenticodeLint/Rules/NoWeakFileDigestAlgorithmsRule.cs b/AuthenticodeLint/Rules/NoWeakFileDigestAlgorithmsRule.cs
@@ -1,14 +1,14 @@
 ﻿namespace AuthenticodeLint.Rules
 {
-    public class NoWeakFileDigestAlgorithmsRule : IAuthenticodeRule
+    public class NoWeakFileDigestAlgorithmsRule : IAuthenticodeSignatureRule
     {
         public int RuleId { get; } = 10002;
 
         public string RuleName { get; } = "No Weak File Digests";
 
         public string ShortDescription { get; } = "Checks for weak file digest algorithms.";
 
-        public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file)
+        public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {
             var signatures = graph.VisitAll();
             var result = RuleResult.Pass;
diff --git a/AuthenticodeLint/Rules/PublisherInformationRule.cs b/AuthenticodeLint/Rules/PublisherInformationRule.cs
@@ -3,15 +3,15 @@
 
 namespace AuthenticodeLint.Rules
 {
-    public class PublisherInformationPresentRule : IAuthenticodeRule
+    public class PublisherInformationPresentRule : IAuthenticodeSignatureRule
     {
         public int RuleId { get; } = 10004;
 
         public string RuleName { get; } = "Publisher Information Present";
 
         public string ShortDescription { get; } = "Checks that the signature provided publisher information.";
 
-        public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file)
+        public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {
             var signatures = graph.VisitAll();
             var result = RuleResult.Pass;
diff --git a/AuthenticodeLint/Rules/PublisherInformationUrlHttpsRule.cs b/AuthenticodeLint/Rules/PublisherInformationUrlHttpsRule.cs
@@ -3,15 +3,15 @@
 
 namespace AuthenticodeLint.Rules
 {
-    public class PublisherInformationUrlHttpsRule : IAuthenticodeRule
+    public class PublisherInformationUrlHttpsRule : IAuthenticodeSignatureRule
     {
         public int RuleId { get; } = 10005;
 
         public string RuleName { get; } = "Publisher Information URL HTTPS Rule";
 
         public string ShortDescription { get; } = "Checks that the signature uses HTTPS for the publisher's URL.";
 
-        public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file)
+        public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {
             var signatures = graph.VisitAll();
             var result = RuleResult.Pass;
diff --git a/AuthenticodeLint/Rules/Sha1PrimarySignatureRule.cs b/AuthenticodeLint/Rules/Sha1PrimarySignatureRule.cs
@@ -2,15 +2,15 @@
 
 namespace AuthenticodeLint.Rules
 {
-    public class Sha1PrimarySignatureRule : IAuthenticodeRule
+    public class Sha1PrimarySignatureRule : IAuthenticodeSignatureRule
     {
         public int RuleId { get; } = 10000;
 
         public string RuleName { get; } = "Primary SHA1";
 
         public string ShortDescription { get; } = "Primary signature should be SHA1.";
 
-        public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file)
+        public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {
             var primary = graph.Items.SingleOrDefault()?.Node;
             //There are zero signatures.
diff --git a/AuthenticodeLint/Rules/Sha2SignatureExistsRule.cs b/AuthenticodeLint/Rules/Sha2SignatureExistsRule.cs
@@ -5,15 +5,15 @@
 
 namespace AuthenticodeLint.Rules
 {
-    public class Sha2SignatureExistsRule : IAuthenticodeRule
+    public class Sha2SignatureExistsRule : IAuthenticodeSignatureRule
     {
         public int RuleId { get; } = 10001;
 
         public string RuleName { get; } = "SHA2 Signed";
 
         public string ShortDescription { get; } = "A SHA2 signature should exist.";
 
-        public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file)
+        public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {
             var signatures = graph.VisitAll();
             if (signatures.Any(s =>
diff --git a/AuthenticodeLint/Rules/TimestampedRule.cs b/AuthenticodeLint/Rules/TimestampedRule.cs
@@ -3,15 +3,15 @@
 
 namespace AuthenticodeLint.Rules
 {
-    public class TimestampedRule : IAuthenticodeRule
+    public class TimestampedRule : IAuthenticodeSignatureRule
     {
         public int RuleId { get; } = 10003;
 
         public string RuleName { get; } = "Timestamped Rule";
 
         public string ShortDescription { get; } = "Signatures should have a time stamped counter signer.";
 
-        public unsafe RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file)
+        public unsafe RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {
             var signatures = graph.VisitAll();
             var pass = true;
diff --git a/AuthenticodeLint/Rules/TrustedSignatureRule.cs b/AuthenticodeLint/Rules/TrustedSignatureRule.cs
@@ -4,15 +4,15 @@
 
 namespace AuthenticodeLint.Rules
 {
-    public class TrustedSignatureRule : IAuthenticodeRule
+    public class TrustedSignatureRule : IAuthenticodeFileRule
     {
         public int RuleId { get; } = 10007;
 
         public string RuleName { get; } = "Valid Signature";
 
         public string ShortDescription { get; } = "Validates the file has correct signatures.";
 
-        public unsafe RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file)
+        public unsafe RuleResult Validate(string file, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {
             var pathPtr = Marshal.StringToHGlobalUni(file);
             try
diff --git a/AuthenticodeLint/Rules/WinCertificatePaddingRule.cs b/AuthenticodeLint/Rules/WinCertificatePaddingRule.cs
@@ -3,15 +3,15 @@
 
 namespace AuthenticodeLint.Rules
 {
-    public class WinCertificatePaddingRule : IAuthenticodeRule
+    public class WinCertificatePaddingRule : IAuthenticodeFileRule
     {
         public int RuleId { get; } = 10008;
 
         public string RuleName { get; } = "No WinCertificate Structure Padding";
 
         public string ShortDescription { get; } = "Checks for non-zero data after the signature.";
 
-        public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file)
+        public RuleResult Validate(string file, SignatureLogger verboseWriter, CheckConfiguration configuration)
         {
             var padding = CertificatePaddingExtractor.ExtractPadding(file);
             if (padding?.Any(p => p != 0) ?? false)

Original file line number	Diff line number	Diff line change
`@@ -2,15 +2,15 @@`
`2`	`2`
`3`	`3`	`namespace AuthenticodeLint.Rules`
`4`	`4`	`{`
`5`		`- public abstract class CertificateChainRuleBase : IAuthenticodeRule`
	`5`	`+ public abstract class CertificateChainRuleBase : IAuthenticodeSignatureRule`
`6`	`6`	`{`
`7`	`7`	`public abstract int RuleId { get; }`
`8`	`8`	`public abstract string RuleName { get; }`
`9`	`9`	`public abstract string ShortDescription { get; }`
`10`	`10`
`11`	`11`	`protected abstract bool ValidateChain(Signature signer, X509Chain chain, SignatureLogger verboseWriter);`
`12`	`12`
`13`		`- public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file)`
	`13`	`+ public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)`
`14`	`14`	`{`
`15`	`15`	`var signatures = graph.VisitAll();`
`16`	`16`	`var result = RuleResult.Pass;`
Original file line number	Diff line number	Diff line change
`@@ -8,15 +8,15 @@`
`8`	`8`
`9`	`9`	`namespace AuthenticodeLint.Rules`
`10`	`10`	`{`
`11`		`- public class NoUnknownCertificatesRule : IAuthenticodeRule`
	`11`	`+ public class NoUnknownCertificatesRule : IAuthenticodeSignatureRule`
`12`	`12`	`{`
`13`	`13`	`public int RuleId { get; } = 10010;`
`14`	`14`
`15`	`15`	`public string RuleName { get; } = "No Unknown Certificates";`
`16`	`16`
`17`	`17`	`public string ShortDescription { get; } = "Checks for unknown embedded certificates.";`
`18`	`18`
`19`		`- public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file)`
	`19`	`+ public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)`
`20`	`20`	`{`
`21`	`21`	`var result = RuleResult.Pass;`
`22`	`22`	`var signatures = graph.VisitAll();`
Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@`
`3`	`3`
`4`	`4`	`namespace AuthenticodeLint.Rules`
`5`	`5`	`{`
`6`		`- public class NoUnknownUnsignedAttibuteRule : IAuthenticodeRule`
	`6`	`+ public class NoUnknownUnsignedAttibuteRule : IAuthenticodeSignatureRule`
`7`	`7`	`{`
`8`	`8`	`public int RuleId { get; } = 10009;`
`9`	`9`
`@@ -18,7 +18,7 @@ public class NoUnknownUnsignedAttibuteRule : IAuthenticodeRule`
`18`	`18`	`KnownOids.NestedSignatureOid`
`19`	`19`	`};`
`20`	`20`
`21`		`- public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file)`
	`21`	`+ public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)`
`22`	`22`	`{`
`23`	`23`	`var signatures = graph.VisitAll();`
`24`	`24`	`var result = RuleResult.Pass;`
Original file line number	Diff line number	Diff line change
`@@ -1,14 +1,14 @@`
`1`	`1`	`namespace AuthenticodeLint.Rules`
`2`	`2`	`{`
`3`		`- public class NoWeakFileDigestAlgorithmsRule : IAuthenticodeRule`
	`3`	`+ public class NoWeakFileDigestAlgorithmsRule : IAuthenticodeSignatureRule`
`4`	`4`	`{`
`5`	`5`	`public int RuleId { get; } = 10002;`
`6`	`6`
`7`	`7`	`public string RuleName { get; } = "No Weak File Digests";`
`8`	`8`
`9`	`9`	`public string ShortDescription { get; } = "Checks for weak file digest algorithms.";`
`10`	`10`
`11`		`- public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file)`
	`11`	`+ public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)`
`12`	`12`	`{`
`13`	`13`	`var signatures = graph.VisitAll();`
`14`	`14`	`var result = RuleResult.Pass;`
Original file line number	Diff line number	Diff line change
`@@ -3,15 +3,15 @@`
`3`	`3`
`4`	`4`	`namespace AuthenticodeLint.Rules`
`5`	`5`	`{`
`6`		`- public class PublisherInformationPresentRule : IAuthenticodeRule`
	`6`	`+ public class PublisherInformationPresentRule : IAuthenticodeSignatureRule`
`7`	`7`	`{`
`8`	`8`	`public int RuleId { get; } = 10004;`
`9`	`9`
`10`	`10`	`public string RuleName { get; } = "Publisher Information Present";`
`11`	`11`
`12`	`12`	`public string ShortDescription { get; } = "Checks that the signature provided publisher information.";`
`13`	`13`
`14`		`- public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file)`
	`14`	`+ public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)`
`15`	`15`	`{`
`16`	`16`	`var signatures = graph.VisitAll();`
`17`	`17`	`var result = RuleResult.Pass;`
Original file line number	Diff line number	Diff line change
`@@ -3,15 +3,15 @@`
`3`	`3`
`4`	`4`	`namespace AuthenticodeLint.Rules`
`5`	`5`	`{`
`6`		`- public class PublisherInformationUrlHttpsRule : IAuthenticodeRule`
	`6`	`+ public class PublisherInformationUrlHttpsRule : IAuthenticodeSignatureRule`
`7`	`7`	`{`
`8`	`8`	`public int RuleId { get; } = 10005;`
`9`	`9`
`10`	`10`	`public string RuleName { get; } = "Publisher Information URL HTTPS Rule";`
`11`	`11`
`12`	`12`	`public string ShortDescription { get; } = "Checks that the signature uses HTTPS for the publisher's URL.";`
`13`	`13`
`14`		`- public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file)`
	`14`	`+ public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)`
`15`	`15`	`{`
`16`	`16`	`var signatures = graph.VisitAll();`
`17`	`17`	`var result = RuleResult.Pass;`
Original file line number	Diff line number	Diff line change
`@@ -2,15 +2,15 @@`
`2`	`2`
`3`	`3`	`namespace AuthenticodeLint.Rules`
`4`	`4`	`{`
`5`		`- public class Sha1PrimarySignatureRule : IAuthenticodeRule`
	`5`	`+ public class Sha1PrimarySignatureRule : IAuthenticodeSignatureRule`
`6`	`6`	`{`
`7`	`7`	`public int RuleId { get; } = 10000;`
`8`	`8`
`9`	`9`	`public string RuleName { get; } = "Primary SHA1";`
`10`	`10`
`11`	`11`	`public string ShortDescription { get; } = "Primary signature should be SHA1.";`
`12`	`12`
`13`		`- public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file)`
	`13`	`+ public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)`
`14`	`14`	`{`
`15`	`15`	`var primary = graph.Items.SingleOrDefault()?.Node;`
`16`	`16`	`//There are zero signatures.`
Original file line number	Diff line number	Diff line change
`@@ -5,15 +5,15 @@`
`5`	`5`
`6`	`6`	`namespace AuthenticodeLint.Rules`
`7`	`7`	`{`
`8`		`- public class Sha2SignatureExistsRule : IAuthenticodeRule`
	`8`	`+ public class Sha2SignatureExistsRule : IAuthenticodeSignatureRule`
`9`	`9`	`{`
`10`	`10`	`public int RuleId { get; } = 10001;`
`11`	`11`
`12`	`12`	`public string RuleName { get; } = "SHA2 Signed";`
`13`	`13`
`14`	`14`	`public string ShortDescription { get; } = "A SHA2 signature should exist.";`
`15`	`15`
`16`		`- public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration, string file)`
	`16`	`+ public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter, CheckConfiguration configuration)`
`17`	`17`	`{`
`18`	`18`	`var signatures = graph.VisitAll();`
`19`	`19`	`if (signatures.Any(s =>`