BED-7491

src/CommonLib/Logging/Logging.cs

@@ -1,5 +1,4 @@
-#nullable enable
-using System.Collections.Concurrent;
+using System.Collections.Concurrent;
 using Microsoft.Extensions.Logging;
 
 namespace SharpHoundCommonLib

src/CommonLib/Ntlm/LdapTransport.cs

@@ -1,4 +1,5 @@
-
+#nullable enable
+
 using Microsoft.Extensions.Logging;
 using SharpHoundCommonLib.Enums;
 using System;
@@ -85,4 +86,6 @@ public void Dispose() {
             _disposed = true;
         }
     }
-}
+}
+
+#nullable disable

src/CommonLib/Processors/DCLdapProcessor.cs

@@ -1,4 +1,6 @@
-using Microsoft.Extensions.Logging;
+#nullable enable
+
+using Microsoft.Extensions.Logging;
 using SharpHoundCommonLib.Enums;
 using SharpHoundCommonLib.Ntlm;
 using SharpHoundCommonLib.OutputTypes;
@@ -33,7 +35,7 @@ public class DCLdapProcessor {
     private readonly string SEC_E_BAD_BINDINGS = "80090346";
 
 
-    public DCLdapProcessor(int connectionTimeoutMs, string dcHostname, ILogger log = null) {
+    public DCLdapProcessor(int connectionTimeoutMs, string dcHostname, ILogger? log = null) {
         _log = log ?? Logging.LogProvider.CreateLogger("DCLdapProcessor");
         _scanner = new PortScanner(maxTimeout: connectionTimeoutMs);
         _ldapTimeout = connectionTimeoutMs / 1000;
@@ -43,7 +45,7 @@ public DCLdapProcessor(int connectionTimeoutMs, string dcHostname, ILogger log =
         _checkIsChannelBindingDisabledAdaptiveTimeout = new AdaptiveTimeout(maxTimeout: TimeSpan.FromMinutes(1), Logging.LogProvider.CreateLogger(nameof(CheckIsChannelBindingDisabled)));
     }
 
-    public event ComputerStatusDelegate ComputerStatusEvent;
+    public event ComputerStatusDelegate? ComputerStatusEvent;
 
     public async Task<LdapService> Scan(string computerName, string computerObjectId) {
         var hasLdap = await TestLdapPort();
@@ -173,7 +175,7 @@ public virtual async Task<bool> TestLdapsPort() {
     /// <param name="endpoint"></param>
     /// <param name="options"></param>
     /// <returns></returns>
-    protected internal virtual async Task<bool> Authenticate(Uri endpoint, LdapAuthOptions options, NtlmAuthenticationHandler ntlmAuth = null, LdapTransport ldapTransport = null, CancellationToken cancellationToken = default) {
+    protected internal virtual async Task<bool> Authenticate(Uri endpoint, LdapAuthOptions options, NtlmAuthenticationHandler? ntlmAuth = null, LdapTransport? ldapTransport = null, CancellationToken cancellationToken = default) {
         var host = endpoint.Host;
         var auth = ntlmAuth ?? new NtlmAuthenticationHandler($"LDAP/{host.ToUpper()}") {
             Options = options
@@ -229,4 +231,6 @@ protected internal virtual async Task<bool> Authenticate(Uri endpoint, LdapAuthO
     private async Task SendComputerStatus(CSVComputerStatus status) {
         if (ComputerStatusEvent is not null) await ComputerStatusEvent.Invoke(status);
     }
-}
+}
+
+#nullable disable

src/CommonLib/SMB/NetBIOS/NetBIOSSessionType.cs

@@ -1,4 +1,6 @@
-using System;
+#nullable  enable
+
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
@@ -127,3 +129,5 @@ public override bool Equals(object? obj) =>
             !(left == right);
     }
 }
+
+#nullable disable

src/CommonLib/SharpHoundCommonLib.csproj

@@ -18,7 +18,7 @@
         <DebugType>full</DebugType>
     </PropertyGroup>
     <ItemGroup>
-        <PackageReference Include="AntiXSS" Version="4.3.0" />
+        <PackageReference Include="AntiXSS" Version="4.3.0" PrivateAssets="All"/>
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
         <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.0" />
     </ItemGroup>

test/unit/ACLProcessorTest.cs

@@ -3,6 +3,7 @@
 using System.Diagnostics.CodeAnalysis;
 using System.DirectoryServices;
 using System.Linq;
+using System.Runtime.Versioning;
 using System.Security.AccessControl;
 using System.Threading;
 using System.Threading.Tasks;
@@ -60,6 +61,7 @@ public void ACLProcessor_IsACLProtected_NullNTSD_ReturnsFalse() {
             Assert.False(result);
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public async Task ACLProcessor_TestKnownDataAddMember() {
             var mockLdapUtils = new MockLdapUtils();
@@ -1421,6 +1423,7 @@ public void Test_ACLProcessor_IsACLProtected_NotProtected() {
             Assert.False(result);
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public void ACLProcessor_CalculateImplicitACLHash_ValidInput_ReturnsCorrectHash()
         {
@@ -1439,6 +1442,7 @@ public void ACLProcessor_CalculateImplicitACLHash_ValidInput_ReturnsCorrectHash(
             Assert.Equal(expectedHash, result);
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public void ACLProcessor_CalculateImplicitACLHash_DifferentInputs_ProducesUniqueHashes()
         {
@@ -1458,6 +1462,7 @@ public void ACLProcessor_CalculateImplicitACLHash_DifferentInputs_ProducesUnique
             Assert.NotEqual(protectedResult, adminsdResult);
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public void ACLProcessor_NullAdminSDHolderHash_Returns_Null_Bool()
         {
@@ -1476,6 +1481,7 @@ public void ACLProcessor_NullAdminSDHolderHash_Returns_Null_Bool()
         }
 
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public void ACLProcessor_AdminSDHolderHash_Returns_Match()
         {

test/unit/CertAbuseProcessorTest.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Runtime.Versioning;
 using System.Security.AccessControl;
 using System.Security.Principal;
 using System.Threading;
@@ -226,6 +227,7 @@ public async Task CertAbuseProcessor_ProcessEAPermissions_HandlesFailedLookup()
             Assert.Equal(TargetDomainSid, _receivedCompStatus.ObjectId);
         }
 
+        [SupportedOSPlatform("windows")]
         public static IEnumerable<object[]> ProcessEAPermissionsTestData() {
             return new List<object[]>
             {
@@ -234,6 +236,7 @@ public static IEnumerable<object[]> ProcessEAPermissionsTestData() {
             };
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyTheory]
         [MemberData(nameof(ProcessEAPermissionsTestData))]
         public async Task CertAbuseProcessor_ProcessEAPermissions_ReturnsEmpty(RawAcl dacl) {
@@ -335,6 +338,7 @@ public async Task CertAbuseProcessor_ProcessRegistryEnrollmentPermissions_Handle
             Assert.Equal(TargetDomainSid, _receivedCompStatus.ObjectId);
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public async Task CertAbuseProcessor_ProcessRegistryEnrollmentPermissions_ReturnsEmpty_WhenNoOwnerAndNoRules() {
             var mockSecurityDescriptor = new Mock<ActiveDirectorySecurityDescriptor>(null);
@@ -405,6 +409,7 @@ public async Task CertAbuseProcessor_ProcessCertTemplates_ReturnsResolvedAndUnre
             Assert.Contains(invalidCN, results.unresolvedTemplates);
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public async Task CertAbuseProcessor_GetRegistryPrincipal_ReturnsFalseForFilteredSID() {
             var sid = new SecurityIdentifier("S-1-5-3");
@@ -422,6 +427,7 @@ public async Task CertAbuseProcessor_GetRegistryPrincipal_ReturnsFalseForFiltere
             _mockLdapUtils.VerifyNoOtherCalls();
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public async Task CertAbuseProcessor_GetRegistryPrincipal_CallsResolveIDAndType_ForDomainController() {
             var expectedPrincipalType = Label.Group;
@@ -450,6 +456,7 @@ public async Task CertAbuseProcessor_GetRegistryPrincipal_CallsResolveIDAndType_
             _mockLdapUtils.VerifyNoOtherCalls();
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public async Task CertAbuseProcessor_GetRegistryPrincipal_CallsConvertLocalWellKnownPrincipal_ForNonDomainController() {
             var expectedPrincipalType = Label.Group;
@@ -477,6 +484,7 @@ public async Task CertAbuseProcessor_GetRegistryPrincipal_CallsConvertLocalWellK
             _mockLdapUtils.VerifyNoOtherCalls();
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public async Task CertAbuseProcessor_GetRegistryPrincipal_ResolvesToLocalPrincipal_ForLocalSID() {
             var expectedPrincipalType = Label.LocalGroup;
@@ -504,6 +512,7 @@ public async Task CertAbuseProcessor_GetRegistryPrincipal_ResolvesToLocalPrincip
             _mockLdapUtils.VerifyNoOtherCalls();
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public async Task CertAbuseProcessor_GetRegistryPrincipal_ResolvesToDomainPrincipal() {
             var expectedPrincipalType = Label.Group;
@@ -558,6 +567,7 @@ public void CertAbuseProcessor_OpenSamServer_CallsOpenServer_Success() {
             Assert.IsType<SAMServer>(result.Value);
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public async Task CertAbuseProcessor_GetMachineSid_ReturnsCachedValue() {
             Cache.AddMachineSid(TargetDomainSid, TargetDomainSid);
@@ -586,6 +596,7 @@ public async Task CertAbuseProcessor_GetMachineSid_OpenSAMFailure_ReturnsNull()
             Assert.Equal(TargetDomainSid, _receivedCompStatus.ObjectId);
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public async Task CertAbuseProcessor_GetMachineSid_GetMachineSidFailure_ReturnsNull() {
             var mockSamServer = new Mock<ISAMServer>();
@@ -608,6 +619,7 @@ public async Task CertAbuseProcessor_GetMachineSid_GetMachineSidFailure_ReturnsN
             Assert.Equal(TargetDomainSid, _receivedCompStatus.ObjectId);
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public async Task CertAbuseProcessor_GetMachineSid_ReturnsSid() {
             var mockSamServer = new Mock<ISAMServer>();
@@ -629,6 +641,7 @@ public async Task CertAbuseProcessor_GetMachineSid_ReturnsSid() {
             Assert.Equal(TargetDomainSid, _receivedCompStatus.ObjectId);
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public async Task CertAbuseProcessor_CreateEnrollmentAgentRestriction_NullOpaque_ReturnsFalse() {
             var nullOpaqueAce = new CommonAce(
@@ -649,6 +662,7 @@ public async Task CertAbuseProcessor_CreateEnrollmentAgentRestriction_NullOpaque
             _mockLdapUtils.VerifyNoOtherCalls();
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public async Task CertAbuseProcessor_CreateEnrollmentAgentRestriction_UnresolvedTemplate_ReturnsFalse() {
             var emptyOpaqueAce = new CommonAce(
@@ -676,6 +690,7 @@ public async Task CertAbuseProcessor_CreateEnrollmentAgentRestriction_Unresolved
             Assert.Null(result.restriction);
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public async Task CertAbuseProcessor_CreateEnrollmentAgentRestriction_NoTemplate_ReturnsAllTemplates() {
             var emptyOpaqueAce = new CommonAce(
@@ -709,6 +724,7 @@ public async Task CertAbuseProcessor_CreateEnrollmentAgentRestriction_NoTemplate
             Assert.Contains(result.restriction.Targets, t => t.ObjectIdentifier == "S-1-3");
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public async Task CertAbuseProcessor_CreateEnrollmentAgentRestriction_WithCanonicalName_ReturnsTemplate() {
             var expectedPrincipalType = Label.CertTemplate;
@@ -742,6 +758,7 @@ public async Task CertAbuseProcessor_CreateEnrollmentAgentRestriction_WithCanoni
                 Times.Once);
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public async Task CertAbuseProcessor_CreateEnrollmentAgentRestriction_WithCertTemplateOID_ReturnsTemplate() {
             var expectedPrincipalType = Label.CertTemplate;

test/unit/CommonLibHelperTests.cs

@@ -1,5 +1,5 @@
 using System;
-using System.Security.Principal;
+using System.Runtime.Versioning;
 using System.Text;
 using System.Threading.Tasks;
 using SharpHoundCommonLib;
@@ -302,6 +302,7 @@ public void DomainNameToDistinguishedName_DotsBecomeDcComponents()
             Assert.Equal("DC=test,DC=local", result);
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyTheory]
         [InlineData("S-1-5-32-544", "\\01\\02\\00\\00\\00\\00\\00\\05\\20\\00\\00\\00\\20\\02\\00\\00")]
         public void ConvertSidToHexSid_ValidSid_MatchesSecurityIdentifierBinaryForm(string sid, string expectedHexSid)
@@ -311,17 +312,9 @@ public void ConvertSidToHexSid_ValidSid_MatchesSecurityIdentifierBinaryForm(stri
 
             // Assert
             Assert.Equal(expectedHexSid, actual);
-            return;
-
-            static string BuildExpectedHexSid(string sid)
-            {
-                var securityIdentifier = new SecurityIdentifier(sid);
-                var sidBytes = new byte[securityIdentifier.BinaryLength];
-                securityIdentifier.GetBinaryForm(sidBytes, 0);
-                return $"\\{BitConverter.ToString(sidBytes).Replace('-', '\\')}";
-            }
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public void ConvertSidToHexSid_InvalidSid_Throws()
         {

test/unit/CommonLibTest.csproj

@@ -6,6 +6,8 @@
         <CollectCoverage>true</CollectCoverage>
         <CoverletOutput>..\..\docfx\coverage\</CoverletOutput>
         <CoverletOutputFormat>OpenCover</CoverletOutputFormat>
+        <!-- Suppress cross-targeting warning when referencing net472 SharpHound projects in net8.0 tests -->
+        <NoWarn>$(NoWarn);NU1702</NoWarn> 
     </PropertyGroup>
 
     <!-- Project references -->

test/unit/DCLdapProcessorTest.cs

@@ -138,7 +138,6 @@ public async Task DCLdapProcessor_CheckIsNtlmSigningRequired_Exception() {
 
         [Fact]
         public async Task DCLdapProcessor_Authenticate_InvalidCredentialsException_SEC_E_UNSUPPORTED_FUNCTION() {
-            var exception = "ErrorTest";
             var endpoint = "http://primary.testlab.local/";
             var expected = $"LDAP endpoint '{endpoint}' does not support NTLM";
 
@@ -153,7 +152,6 @@ public async Task DCLdapProcessor_Authenticate_InvalidCredentialsException_SEC_E
 
         [Fact]
         public async Task DCLdapProcessor_Authenticate_InvalidCredentialsException_SEC_E_BAD_BINDINGS() {
-            var exception = "ErrorTest";
             var endpoint = "http://primary.testlab.local/";
             var expected = $"Bad bindings with the LDAPS endpoint '{endpoint}'. Server error: {SEC_E_BAD_BINDINGS}";
 

test/unit/DomainTrustProcessorTest.cs

@@ -2,6 +2,7 @@
 using System.Collections.Generic;
 using System.DirectoryServices.Protocols;
 using System.Linq;
+using System.Runtime.Versioning;
 using System.Threading;
 using System.Threading.Tasks;
 using CommonLibTest.Facades;
@@ -23,6 +24,7 @@ public DomainTrustProcessorTest(ITestOutputHelper testOutputHelper)
             _testOutputHelper = testOutputHelper;
         }
 
+        [SupportedOSPlatform("windows")]
         [WindowsOnlyFact]
         public async Task DomainTrustProcessor_EnumerateDomainTrusts_HappyPath()
         {

test/unit/Facades/FacadeHelpers.cs

@@ -1,5 +1,5 @@
 using System.Reflection;
-using System.Runtime.Serialization;
+using System.Runtime.CompilerServices;
 
 namespace CommonLibTest.Facades
 {
@@ -9,8 +9,8 @@ public class FacadeHelpers
         private const BindingFlags publicInstance = BindingFlags.Public | BindingFlags.Instance;
 
         internal static T GetUninitializedObject<T>()
-        {
-            return (T) FormatterServices.GetUninitializedObject(typeof(T));
+        { 
+            return (T)RuntimeHelpers.GetUninitializedObject(typeof(T));
         }
 
         internal static void SetField<T1, T2>(T1 obj, string propertyName, T2 propertyValue)