diff --git a/linking/static/touchsocket/linked-against-touchsocket.yml b/linking/static/touchsocket/linked-against-touchsocket.yml new file mode 100644 index 00000000..a162e5a2 --- /dev/null +++ b/linking/static/touchsocket/linked-against-touchsocket.yml @@ -0,0 +1,27 @@ +rule: + meta: + name: linked against TouchSocket + namespace: linking/static/touchsocket + authors: + - still@teamt5.org + description: TouchSocket is a .NET networking library, supporting a wide variety of protocol types such as WebSocket, RPC, DMTP, Modbus, and more. + scopes: + static: file + dynamic: file + references: + - https://github.com/RRQM/TouchSocket/ + - https://www.trendmicro.com/en_us/research/24/i/earth-preta-new-malware-and-strategies.html + examples: + - 684cc28e6a7fbd12f23dbc563f06306555ebb870bd727ad60839d4ff26e7f3b2 + features: + - and: + - or: + - match: compiled to the .NET platform + - match: compiled with .NET AoT + - 3 or more: + - substring: "TouchSocket" + - substring: "TouchSocket.Core" + - substring: "TouchSocket.Dmtp" + - substring: "TouchSocket.Modbus" + - substring: "BinarySerialize" + - substring: "BinaryDeserialize" diff --git a/runtime/dotnet/compiled-with-dotnet-aot.yml b/runtime/dotnet/compiled-with-dotnet-aot.yml new file mode 100644 index 00000000..454985fd --- /dev/null +++ b/runtime/dotnet/compiled-with-dotnet-aot.yml @@ -0,0 +1,23 @@ +rule: + meta: + name: compiled with .NET AoT + namespace: runtime/dotnet + authors: + - still@teamt5.org + description: compiled using .NET Ahead-of-Time (AoT) compilation + scopes: + static: file + dynamic: file + references: + - https://learn.microsoft.com/en-us/dotnet/core/deploying/native-aot/ + examples: + - 684cc28e6a7fbd12f23dbc563f06306555ebb870bd727ad60839d4ff26e7f3b2 + features: + - and: + - substring: ".NETCoreApp,Version=" + - 2 or more: + - substring: "AotAnalysis4IL" + - substring: "https://aka.ms/nativeaot-compatibilit" + - substring: "removed by the AOT compiler" + - substring: "\\native\\" + description: During compilation, the output by default contains the path "native," which is then in turn included in the PDB path.