Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RULE REQUEST] Enable Additional Security Checks #367

Closed
eddynaka opened this issue Apr 29, 2021 · 0 comments · Fixed by #388
Closed

[RULE REQUEST] Enable Additional Security Checks #367

eddynaka opened this issue Apr 29, 2021 · 0 comments · Fixed by #388
Labels
rule-request

Comments

@eddynaka
Copy link
Contributor

eddynaka commented Apr 29, 2021
edited by shaopeng-gh
Loading

Rule Proposal: Enable Additional Security Checks

Rule metadata

  • Id: BA2026
  • Name: EnableAdditionalSecurityChecks
  • Failure level: Warning

Rule descriptions

  • Short:
  • Full: /sdl enables a superset of the baseline security checks provided by /GS and overrides /GS-. By default, /sdl is off. /sdl- disables the additional security checks.

Platform & applicability

  • Platform: Windows
  • Applicable to: Native binaries with pdb
  • Not applicable to:

User-facing strings

  • Fail: '{0}' does not enable the recommended Security Development Lifecycle (SDL) checks. To Enable the recommended Security Development Lifecycle (SDL) checks pass /sdl on the cl.exe command-line.
  • Pass: '{0}' enables the recommended Security Development Lifecycle (SDL) checks. These checks change security-relevant warnings into errors, and set additional secure code-generation features.
  • [Other]:

Links/Additional Information

https://docs.microsoft.com/en-us/cpp/build/reference/sdl-enable-additional-security-checks?view=msvc-160
https://www.microsoft.com/security/blog/2012/06/06/warnings-sdl-and-improving-uninitialized-variable-detection/

Implementation Notes

How to resolve

/sdl
@shaopeng-gh shaopeng-gh linked a pull request Jun 18, 2021 that will close this issue
BA2026.EnableAdditionalSecurityChecks #388
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
rule-request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

BA2026.EnableAdditionalSecurityChecks microsoft/binskim
1 participant
@eddynaka