Internal OneBranch Builds don't Like XDP Kit Test/Tool Binaries

[nibanks]

A recent automated PR for MsQuic on our internal mirror exposed the following build errors:

##[error]1. BinSkim Error BA2007 - File: artifacts/bin/xdp/pktcmd.exe.  
  Tool: BinSkim: Rule: BA2007 (EnableCriticalCompilerWarnings). https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2007EnableCriticalCompilerWarnings
  'pktcmd.exe' was compiled at too low a warning level (effective warning level 1 for one or more modules). Warning level 3 enables important static analysis in the compiler to flag bugs that can lead to memory corruption, information disclosure, or double-free vulnerabilities. To resolve this issue, compile at warning level 3 or higher by supplying /W3, /W4, or /Wall to the compiler, and resolve the warnings emitted. An example compiler command line triggering this check: -c -ID:\a\1\s\test\pkthlp -ID:\a\1\s\published\external -Zi -nologo -W1 -WX- -diagnostics:column -O2 -GL -DCODE_ANALYSIS -DUSER_MODE=1 -DPOOL_NX_OPTIN_AUTO=1 -DPOOL_ZERO_DOWN_LEVEL_SUPPORT=1 -DFNDIS=1 -Gm- -EHs -EHc -MT -GS -fp:precise -Zc:wchar_t -Zc:forScope -Zc:inline -external:W1 -Gd -TC -wd26812 -analyze:projectdirectoryD:\a\1\s\test\pktcmd -analyze:rulesetdirectory"D:\a\1\s\test\pktcmd\;C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Team Tools\Static Analysis Tools\Rule Sets;" -analyze:ruleset"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Team Tools\Static Analysis Tools\Rule Sets\NativeRecommendedRules.ruleset" -analyze:quiet -analyze:plugin"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\bin\HostX86\x86\EspXEngine.dll" -FC -errorreport:queue -I"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\include" -I"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\atlmfc\include" -I"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\VS\include" -I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt" -I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\um" -I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\shared" -I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\winrt" -I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\cppwinrt" -I"C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\Include\um" -external:I"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\include" -external:I"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\atlmfc\include" -external:I"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\VS\include" -external:I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt" -external:I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\um" -external:I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\shared" -external:I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\winrt" -external:I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\cppwinrt" -external:I"C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\Include\um" -X
Modules triggering this check: pktcmd.obj [warning level: 1]
pkthlp.obj (pkthlp_um.lib) [warning level: 1]

##[error]2. BinSkim Error BA2008 - File: artifacts/bin/xdp/pktcmd.exe.  
  Tool: BinSkim: Rule: BA2008 (EnableControlFlowGuard). https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2008EnableControlFlowGuard
  'pktcmd.exe' does not enable the control flow guard (CFG) mitigation. To resolve this issue, pass /guard:cf on both the compiler and linker command lines. Binaries also require the /DYNAMICBASE linker option in order to enable CFG.

##[error]3. BinSkim Error BA2007 - File: artifacts/bin/xdp/xskbench.exe.  
  Tool: BinSkim: Rule: BA2007 (EnableCriticalCompilerWarnings). https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2007EnableCriticalCompilerWarnings
  'xskbench.exe' was compiled at too low a warning level (effective warning level 1 for one or more modules). Warning level 3 enables important static analysis in the compiler to flag bugs that can lead to memory corruption, information disclosure, or double-free vulnerabilities. To resolve this issue, compile at warning level 3 or higher by supplying /W3, /W4, or /Wall to the compiler, and resolve the warnings emitted. An example compiler command line triggering this check: -c -ID:\a\1\s\published\external -Zi -nologo -W1 -WX- -diagnostics:column -O2 -GL -DCODE_ANALYSIS -DUSER_MODE=1 -DPOOL_NX_OPTIN_AUTO=1 -DPOOL_ZERO_DOWN_LEVEL_SUPPORT=1 -DFNDIS=1 -Gm- -EHs -EHc -MT -GS -fp:precise -Zc:wchar_t -Zc:forScope -Zc:inline -external:W1 -Gd -TC -wd26812 -analyze:projectdirectoryD:\a\1\s\test\xskbench -analyze:rulesetdirectory"D:\a\1\s\test\xskbench\;C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Team Tools\Static Analysis Tools\Rule Sets;" -analyze:ruleset"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Team Tools\Static Analysis Tools\Rule Sets\NativeRecommendedRules.ruleset" -analyze:quiet -analyze:plugin"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\bin\HostX86\x86\EspXEngine.dll" -FC -errorreport:queue -I"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\include" -I"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\atlmfc\include" -I"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\VS\include" -I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt" -I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\um" -I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\shared" -I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\winrt" -I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\cppwinrt" -I"C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\Include\um" -external:I"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\include" -external:I"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\atlmfc\include" -external:I"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\VS\include" -external:I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\ucrt" -external:I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\um" -external:I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\shared" -external:I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\winrt" -external:I"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22000.0\cppwinrt" -external:I"C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\Include\um" -X
Modules triggering this check: xskbench.obj [warning level: 1]

##[error]4. BinSkim Error BA2008 - File: artifacts/bin/xdp/xskbench.exe.  
  Tool: BinSkim: Rule: BA2008 (EnableControlFlowGuard). https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2008EnableControlFlowGuard
  'xskbench.exe' does not enable the control flow guard (CFG) mitigation. To resolve this issue, pass /guard:cf on both the compiler and linker command lines. Binaries also require the /DYNAMICBASE linker option in order to enable CFG.

I see two possible solutions here:

1. Remove/separate these test binaries from the kit, so consumers that don't need these binaries don't have to worry about this.
2. Follow the instructions above and increase the warning level on the tools' builds.

P.S. @mtfriesen I'm not quite sure how you'd like to label this issue. Probably feature request if we go for option 1, or a bug if we go for option 2.

[mtfriesen]

@nibanks did the changes to support EWDK (#71) indirectly fix this?

[nibanks]

At the very least we'll need a new release for us to try out.

[mtfriesen]

@nibanks is this bug still active?

[nibanks]

Closing this as I don't see any warnings any more.