Support Windows PDB format in dotnet-symbol for ngen and ReadyToRun binaries#5871
Support Windows PDB format in dotnet-symbol for ngen and ReadyToRun binaries#5871chrisnas wants to merge 3 commits into
Conversation
|
@hoyosjs this seems fine, but please weigh in |
noahfalk
left a comment
noahfalk
left a comment
There was a problem hiding this comment.
I think this looks good but we don't want the code comments or logging to imply that we can rely on the server for validation. dotnet-symbol can't validate much about these files.
| // | ||
| // Windows PDBs (MSF container) and PDZ files (MSFZ container) use a completely | ||
| // different on-disk format that this code cannot recompute. The symbol server has | ||
| // already matched the returned content against the SymbolChecksum request header, |
There was a problem hiding this comment.
I don't think we can assume the server verified anything (it might even be a malicious server or man-in-the-middle attack). I don't think its a problem though. dotnet-symbol doesn't give security guarantees about the suitability/safety of the downloaded files. As far as I know the checksum tests are only here to provide some sanity checking and early warning against obviously bad files.
Lets remove anything that implies the server (or dotnet-symbol itself) is providing any guarantees around the file content.
|
|
||
| /// <summary> | ||
| /// Structurally validates a Windows PDB (MSF) or PDZ (MSFZ) download and accepts it. | ||
| /// The cryptographic content match was already enforced by the symbol server through |
There was a problem hiding this comment.
We can't assume the server did any verification for us.
| { | ||
| throw new InvalidChecksumException("The downloaded file is neither a portable PDB nor a valid Windows PDB (MSF/MSFZ) container"); | ||
| } | ||
| tracer.Information($"Accepting Windows PDB ({pdbFile.ContainerKind}); content was validated by the symbol server via the SymbolChecksum header"); |
There was a problem hiding this comment.
| tracer.Information($"Accepting Windows PDB ({pdbFile.ContainerKind}); content was validated by the symbol server via the SymbolChecksum header"); | |
| tracer.Information($"Accepting Windows PDB ({pdbFile.ContainerKind}); No checksum validation is available for this file format"); |
There was a problem hiding this comment.
✅ done
I've also handled the possible Exception thrown by PDBFile constructor/IsValid
- Handle possible PDBFile exception
3 participants
Fix #5111.
Some ngen and ReadyToRun assemblies contain debugging information for both Core PDB and Windows PDB files.
This pull request implements the missing Windows PDB format support.
For example, ASP.NET Core Microsoft.AspNetCore.Antiforgery.dll is bound to Microsoft.AspNetCore.Antiforgery.pdb (Core) and Microsoft.AspNetCore.Antiforgery.ni.pdb (Windows). With the current version, an exception happens when trying to validate the format of the Windows PDB file:
Note that the existing Core PDB file is not even fetched due to the exception (displayed twice due to cascading catch blocks)
With the fix, both versions are downloaded, validated and copied: