From ffa816821cd2f65bef24af0fff28b33706049944 Mon Sep 17 00:00:00 2001
From: Nikola Milosavljevic <nikolam@microsoft.com>
Date: Wed, 30 Aug 2023 08:49:20 -0700
Subject: [PATCH 1/2] Enable SDL and Binskim

---
 azure-pipelines.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index f738629601..4a04259a75 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -102,9 +102,11 @@ stages:
       publishInstallersAndChecksums: true
       # Enable SDL validation, passing through values from the 'deployment-tools-sdl-validation' group.
       SDLValidationParameters:
-        enable: false
+        enable: true
         params: >-
           -SourceToolsList @("policheck","credscan")
+          -ArtifactToolsList @("binskim")
+          -BinskimAdditionalRunConfigParams @("IgnorePdbLoadError < True","Recurse < True","SymbolsPath < SRV*https://msdl.microsoft.com/download/symbols")
           -TsaInstanceURL "$(TsaInstanceURL)"
           -TsaProjectName "$(TsaProjectName)"
           -TsaNotificationEmail "$(TsaNotificationEmail)"

From b3cf9c13743d08546c6000044a65a35fa445b82e Mon Sep 17 00:00:00 2001
From: Nikola Milosavljevic <nikolam@microsoft.com>
Date: Wed, 30 Aug 2023 11:48:36 -0700
Subject: [PATCH 2/2] Address policheck error

---
 eng/native/configurecompiler.cmake                              | 2 +-
 eng/native/{sanitizerblacklist.txt => sanitizer-ignorelist.txt} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename eng/native/{sanitizerblacklist.txt => sanitizer-ignorelist.txt} (100%)

diff --git a/eng/native/configurecompiler.cmake b/eng/native/configurecompiler.cmake
index a6e6ba4580..13c10a66a6 100644
--- a/eng/native/configurecompiler.cmake
+++ b/eng/native/configurecompiler.cmake
@@ -116,7 +116,7 @@ elseif (CLR_CMAKE_HOST_UNIX)
     string(FIND "$ENV{DEBUG_SANITIZERS}" "asan" __ASAN_POS)
     string(FIND "$ENV{DEBUG_SANITIZERS}" "ubsan" __UBSAN_POS)
     if ((${__ASAN_POS} GREATER -1) OR (${__UBSAN_POS} GREATER -1))
-      list(APPEND CLR_SANITIZE_CXX_OPTIONS -fsanitize-blacklist=${CMAKE_CURRENT_SOURCE_DIR}/sanitizerblacklist.txt)
+      list(APPEND CLR_SANITIZE_CXX_OPTIONS -fsanitize-ignorelist=${CMAKE_CURRENT_SOURCE_DIR}/sanitizer-ignorelist.txt)
       set (CLR_CXX_SANITIZERS "")
       set (CLR_LINK_SANITIZERS "")
       if (${__ASAN_POS} GREATER -1)
diff --git a/eng/native/sanitizerblacklist.txt b/eng/native/sanitizer-ignorelist.txt
similarity index 100%
rename from eng/native/sanitizerblacklist.txt
rename to eng/native/sanitizer-ignorelist.txt