SQ14152
Detected Windows executable files that do not require dependency isolation.
| priority | CI/CD status | severity | effort | RL level | RL assessment |
|---|---|---|---|---|---|
 | pass | low | high | None | hardening: warning Reason: vulnerability mitigation issues |
About the issueโ
Isolated Applications and Side-by-Side Assemblies are a solution to lessen the impact of dependency version conflicts. When an application depends on a common operating system component with multiple incompatible versions, it must reference the correct one. This type of isolation provides a mechanism for versioned applications and dependencies to run simultaneously without conflicts. Modern applications (and their dependencies) should always be isolation-aware. When a dependency is isolated, the operating system becomes responsible for its context activation, and it ensures the environment of the hosting application is not perturbed. Disabling isolation makes components responsible for their own context activation, which may lead to incorrect software behaviors, runtime issues, and unexpected crashes.
How to resolve the issueโ
- In Microsoft VisualStudio, you can enable isolation by passing the option /ALLOWISOLATION to the linker.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes.
For every repository, the chart shows the percentage of projects that triggered the software assurance policy. In other words, it shows how many projects were found to have the specific issue described on this page.
The percentages are calculated from the total amount of packages analyzed:
- RubyGems: 174K
- Nuget: 189K
- PyPi: 403K
- NPM: 2.1M
Recommended readingโ
- Isolated Applications and Side-by-side Assemblies (External resource - Microsoft)