Added support for ImplMap entries and relationships for .NET binaries

surfactant/infoextractors/pe_file.py

@@ -167,6 +167,11 @@ def extract_pe_info(filename):
                 for ar_info in assemblyref_info:
                     assembly_refs.append(get_assemblyref_info(ar_info))
                 file_details["dotnetAssemblyRef"] = assembly_refs
+            if implmap_info := getattr(dnet_mdtables, "ImplMap", None):
+                imp_modules = []
+                for im_info in implmap_info:
+                    insert_implmap_info(im_info, imp_modules)
+                file_details["dotnetImplMap"] = imp_modules
 
     # TODO for a custom intermediate SBOM format, the information read from the manifest and app config files
     # should be tied to a specific "<install path>/<file name>", in case the same file appears in separate
@@ -233,6 +238,17 @@ def get_assemblyref_info(asmref_info):
     return asmref
 
 
+def insert_implmap_info(im_info, imp_modules):
+    dllName = im_info.ImportScope.row.Name
+    methodName = im_info.ImportName
+    if dllName:
+        for imp_module in imp_modules:
+            if imp_module["Name"] == dllName:
+                imp_module["Functions"].append(methodName)
+                return
+        imp_modules.append({"Name": dllName, "Functions": [methodName]})
+
+
 def get_xmlns_and_tag(uri):
     check_xmlns = re.match(r"\{.*\}", uri.tag)
     xmlns = check_xmlns.group(0) if check_xmlns else ""

surfactant/relationships/_internal/windows_utils.py

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: MIT
 import pathlib
 from collections.abc import Iterable
-from typing import Any, List
+from typing import Any, List, Union
 
 from surfactant.sbomtypes import SBOM, Software
 
@@ -15,20 +15,25 @@
 # and not accidentally mix and match cultures/app config info that could differ for different copies of the same
 # file (due to app config files pointing to different assemblies despite DLL having same hash)
 # culture information to find the right assembly from app config file is likely to vary (though almost always neutral/none)
-def find_installed_software(sbom: SBOM, probedirs: List[Any], filename: str) -> List[Software]:
+def find_installed_software(
+    sbom: SBOM, probedirs: List[Any], filename: Union[str, List[str]]
+) -> List[Software]:
     possible_matches = []
     # iterate through all sbom entries
     for e in sbom.software:
         # Skip if no install path (e.g. installer/temporary file)
         if e.installPath is None:
             continue
         for pdir in probedirs:
-            # installPath contains full path+filename, so check for all combinations of probedirs+filename
-            pfile = pathlib.PureWindowsPath(pdir, filename)
-            if isinstance(e.installPath, Iterable):
-                for ifile in e.installPath:
-                    # PureWindowsPath is case-insensitive for file/directory names
-                    if pfile == pathlib.PureWindowsPath(ifile):
-                        # matching probe directory and filename, add software to list
-                        possible_matches.append(e)
+            if isinstance(filename, str):
+                filename = [filename]
+            for fname in filename:
+                # installPath contains full path+filename, so check for all combinations of probedirs+filename
+                pfile = pathlib.PureWindowsPath(pdir, fname)
+                if isinstance(e.installPath, Iterable):
+                    for ifile in e.installPath:
+                        # PureWindowsPath is case-insensitive for file/directory names
+                        if pfile == pathlib.PureWindowsPath(ifile):
+                            # matching probe directory and filename, add software to list
+                            possible_matches.append(e)
     return possible_matches

surfactant/relationships/dotnet_relationship.py

@@ -65,6 +65,63 @@ def establish_relationships(
                                 dnProbingPaths = []
                             dnProbingPaths.append(pathlib.PureWindowsPath(path).as_posix())
 
+    # https://learn.microsoft.com/en-us/dotnet/core/dependency-loading/loading-unmanaged
+    # 1. Check the active AssemblyLoadContext cache
+    # 2. Calling the import resolver set by the setDllImportResolver function
+    #    - a. Example using SetDllImportResolver: https://learn.microsoft.com/en-us/dotnet/standard/native-interop/native-library-loading
+    #    - b. Checks PInvoke's or Assembly's DefaultDllImportSearchPathsAttribute, then the assembly's directory, then LoadLibraryEx with LOAD_WITH_ALTERED_SEARCH_PATH flag
+    #       - This attribute has no effect on non-Windows platforms / Mono runtime
+    #       - https://learn.microsoft.com/en-us/dotnet/api/system.runtime.interopservices.defaultdllimportsearchpathsattribute?view=net-7.0
+    #       - i. This has a "Paths" property which is a bitwise combination of paths specified in ii:
+    #       - ii. https://learn.microsoft.com/en-us/dotnet/api/system.runtime.interopservices.dllimportsearchpath?view=net-7.0
+    # 3. The active AssemblyLoadContext calls its LoadUnmanagedDll function (Default behavior is the same as AssemblyRef probing?)
+    #    - a. Can be overridden, but the default implementation returns IntPtr.Zero, which tells the runtime to load with its default policy.
+    #    - b. https://learn.microsoft.com/en-us/dotnet/api/system.runtime.loader.assemblyloadcontext.loadunmanageddll?view=net-7.0
+    # 4. Run default unmanaged library probing logic by parsing *.deps.json probing properties
+    #    - a. If the json file isn't present, assume the calling assembly's directory contains the library
+    #    - b. https://learn.microsoft.com/en-us/dotnet/core/dependency-loading/default-probing#unmanaged-native-library-probing
+    if "dotnetImplMap" in metadata:
+        for asmRef in metadata["dotnetImplMap"]:
+            if "Name" not in asmRef:
+                continue
+            refName = asmRef["Name"]
+
+            # Check absolute path against entries in software
+            if is_absolute_path(refName):
+                ref_abspath = pathlib.PureWindowsPath(refName)
+                for e in sbom.software:
+                    if e.installPath is None:
+                        continue
+                    if isinstance(e.installPath, Iterable):
+                        for ifile in e.installPath:
+                            if ref_abspath == pathlib.PureWindowsPath(ifile):
+                                relationships.extend(Relationship(dependent_uuid, e.uuid, "Uses"))
+                continue
+
+            probedirs = []
+            if isinstance(software.installPath, Iterable):
+                for ipath in software.installPath:
+                    probedirs.append(pathlib.PureWindowsPath(ipath).parent.as_posix())
+            # Construct a list of combinations specified in (2.a)
+            # Refer to Issue #80 - Need to verify that this conforms with cross-platform behavior
+            combinations = [refName]
+            if not (refName.endswith(".dll") or refName.endswith(".exe")):
+                combinations.append(f"{refName}.dll")
+            combinations.extend(
+                [
+                    f"{refName}.so",
+                    f"{refName}.dylib",
+                    f"lib{refName}.so",
+                    f"lib{refName}.dylib",
+                    f"lib{refName}",
+                ]
+            )
+            # On Linux, if the libname ends with .so or has .so. then version variations are tried
+            # Refer to Issue #79 - Need regex matching for version variations
+            for e in find_installed_software(sbom, probedirs, combinations):
+                dependency_uuid = e.UUID
+                relationships.append(Relationship(dependent_uuid, dependency_uuid, "Uses"))
+
     # https://learn.microsoft.com/en-us/dotnet/framework/deployment/how-the-runtime-locates-assemblies
     # 1. Determine correct assembly version using configuration files (binding redirects, code location, etc)
     # 2. Check if assembly name bound before; if it is use previously loaded assembly
@@ -121,7 +178,9 @@ def establish_relationships(
                                             dependency_uuid = e.UUID
                                             relationships.append(
                                                 Relationship(
-                                                    dependent_uuid, dependency_uuid, "Uses"
+                                                    dependent_uuid,
+                                                    dependency_uuid,
+                                                    "Uses",
                                                 )
                                             )
 
@@ -135,6 +194,11 @@ def establish_relationships(
     return relationships
 
 
+def is_absolute_path(fname: str) -> bool:
+    givenpath = pathlib.PureWindowsPath(fname)
+    return givenpath.is_absolute()
+
+
 # construct a list of directories to probe for establishing dotnet relationships
 def get_dotnet_probedirs(software: Software, refCulture, refName, dnProbingPaths):
     probedirs = []