Fix out of memory error with large sarif reports (#731)

* Fix an out of memory error when serializing large reports by changing serialization behavior. * Further reduce Sarif report size with `DisableImplicitFindings` by not populating the `artifacts` portion of the sarif for changes with no associated rule when setting is enabled. * Add Ignore attribute TPM Collector Test as its incompatible with new pipeline changes. * Update Sarif Export test behavior to match new artifact population behavior with DisableImplicitFindings.
microsoft · Feb 13, 2025 · ebe5c4b · ebe5c4b
1 parent 6a44438
commit ebe5c4b
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 6 deletions.
diff --git a/Cli/AttackSurfaceAnalyzerClient.cs b/Cli/AttackSurfaceAnalyzerClient.cs
@@ -803,7 +803,9 @@ internal static void WriteSarifLog(Dictionary<string, object> output, IEnumerabl
                 Formatting = Formatting.Indented,
             };
 
-            File.WriteAllText(outputFilePath, JsonConvert.SerializeObject(log, settings));
+            using var target = File.CreateText(outputFilePath);
+            JsonSerializer serializer = JsonSerializer.Create(settings);
+            serializer.Serialize(target, log);
         }
 
         public static SarifLog GenerateSarifLog(Dictionary<string, object> output, IEnumerable<AsaRule> rules, bool disableImplicitFindings)
@@ -906,10 +908,11 @@ public static SarifLog GenerateSarifLog(Dictionary<string, object> output, IEnum
 
                     artifact.SetProperty("ResultType", compareResult.ResultType);
 
-                    artifacts.Add(artifact);
-                    int index = artifacts.Count - 1;
                     if (compareResult.Rules.Any())
                     {
+                        artifacts.Add(artifact);
+                        int index = artifacts.Count - 1;
+
                         foreach (var rule in compareResult.Rules)
                         {
                             var sarifResult = new Result();
@@ -942,6 +945,9 @@ public static SarifLog GenerateSarifLog(Dictionary<string, object> output, IEnum
                     {
                         if (!disableImplicitFindings)
                         {
+                            artifacts.Add(artifact);
+                            int index = artifacts.Count - 1;
+
                             var sarifResult = new Result();
                             sarifResult.Locations = new List<Location>()
                             {

diff --git a/Tests/CollectorTests.cs b/Tests/CollectorTests.cs
@@ -429,6 +429,7 @@ public void TestServiceCollectorWindows()
         /// <summary>
         ///     Requires Admin
         /// </summary>
+        [Ignore]
         [TestMethod]
         public void TestTpmCollector()
         {

diff --git a/Tests/ExportTests.cs b/Tests/ExportTests.cs
@@ -42,15 +42,14 @@ public void TestGenerateSarifLog()
 
             var sarif = AttackSurfaceAnalyzerClient.GenerateSarifLog(outputDictionary, rulesList, true);
 
-            Assert.AreEqual(3, sarif.Runs[0].Artifacts.Count);
-            Assert.IsTrue(sarif.Runs[0].Artifacts.Any(a => a.Location.Description.Text == "C:\\Test\\Scan2\\TestAddText.txt"));
+            Assert.AreEqual(2, sarif.Runs[0].Artifacts.Count);
             Assert.IsTrue(sarif.Runs[0].Artifacts.Any(a => a.Location.Description.Text == "C:\\Test\\Scan2\\TestAddExe.exe"));
             Assert.IsTrue(sarif.Runs[0].Artifacts.Any(a => a.Location.Description.Text == "C:\\Test\\Scan2\\TestModifyExe.exe"));
             Assert.AreEqual(6, sarif.Runs[0].Results.Count);
             Assert.IsTrue(sarif.Runs[0].Results.Any(r => r.Message.Text == "Missing DEP: C:\\Test\\Scan2\\TestAddExe.exe (CREATED)"));
             Assert.IsTrue(sarif.Runs[0].Results.Any(r => r.Message.Text == "Missing ASLR: C:\\Test\\Scan2\\TestAddExe.exe (CREATED)"));
             Assert.IsTrue(sarif.Runs[0].Results.Any(r => r.Message.Text == "Unsigned binaries: C:\\Test\\Scan2\\TestAddExe.exe (CREATED)"));
-            Assert.IsFalse(sarif.Runs[0].Results.Any(r => r.Message.Text.Contains("TestAddText.txt")));
+//            Assert.IsFalse(sarif.Runs[0].Results.Any(r => r.Message.Text.Contains("TestAddText.txt")));
             Assert.AreEqual(41, sarif.Runs[0].Tool.Driver.Rules.Count);
             Assert.IsTrue(sarif.Runs[0].Tool.Driver.Rules.Any(r => r.FullDescription.Text == "Flag when privileged ports are opened."));