deleted advanced mitigations

src/BinSkim.Rules/PERules/BA2006.BuildWithSecureTools.cs

@@ -46,8 +46,7 @@ public IEnumerable<IOption> GetOptions()
             return new List<IOption>
             {
                 AllowedLibraries,
-                MinimumToolVersions,
-                AdvancedMitigationsEnforced
+                MinimumToolVersions
             }.ToImmutableArray();
         }
 
@@ -63,10 +62,6 @@ public IEnumerable<IOption> GetOptions()
             new PerLanguageOption<StringToVersionMap>(
                 AnalyzerName, nameof(AllowedLibraries), defaultValue: () => BuildAllowedLibraries());
 
-        public static PerLanguageOption<AdvancedMitigations> AdvancedMitigationsEnforced { get; } =
-            new PerLanguageOption<AdvancedMitigations>(
-                AnalyzerName, nameof(AdvancedMitigationsEnforced), defaultValue: () => AdvancedMitigations.None);
-
         public override void Initialize(BinaryAnalyzerContext context)
         {
             if (context.Policy == null) { return; }
@@ -246,32 +241,33 @@ and a SymTagCompilandDetails tag (high detail).
 
                 bool foundIssue = actualVersion < minimumVersion;
 
-                AdvancedMitigations advancedMitigations = context.Policy.GetProperty(AdvancedMitigationsEnforced);
                 if (!foundIssue &&
-                    target.PE != null &&
-                    (advancedMitigations & AdvancedMitigations.Spectre) == AdvancedMitigations.Spectre)
+                    target.PE != null)
                 {
                     var machineType = (ExtendedMachine)target.PE.Machine;
 
                     // Current toolchain is within the version range to validate.
                     // Now we'll retrieve relevant compiler mitigation details to
                     // ensure this object module's build and revision meet
                     // expectations.
-                    CompilerMitigations newMitigationData =
+                    CompilerMitigations compilerMitigation =
                         EnableSpectreMitigations.GetAvailableMitigations(context, machineType, actualVersion);
 
-                    // Current compiler version does not support Spectre mitigations.
-                    foundIssue = !newMitigationData.HasFlag(CompilerMitigations.D2GuardSpecLoadAvailable)
-                                 && !newMitigationData.HasFlag(CompilerMitigations.QSpectreAvailable);
+                    // Determine if required Spectre mitigations are missing
+                    bool hasNoMitigations = compilerMitigation.HasFlag(CompilerMitigations.None);
+                    bool lacksSpectreMitigations =
+                        !compilerMitigation.HasFlag(CompilerMitigations.D2GuardSpecLoadAvailable) &&
+                        !compilerMitigation.HasFlag(CompilerMitigations.QSpectreAvailable);
 
-                    if (foundIssue)
+                    if (hasNoMitigations || lacksSpectreMitigations)
                     {
-                        // Get the closest compiler version that has mitigations--i.e. if the user is using a 19.0 (VS2015) compiler, we should be recommending an upgrade to the
-                        // 19.0 version that has the mitigations, not an upgrade to a 19.10+ (VS2017) compiler.
-                        // Limitation--if there are multiple 'upgrade to' versions to recommend, this just going to give users the last one we see in the error.
-                        minCompilerVersion = EnableSpectreMitigations.GetClosestCompilerVersionWithSpectreMitigations(context, machineType, actualVersion);
+                        foundIssue = true;
+
+                        // Attempt to find the closest compiler version that supports Spectre mitigations
+                        minCompilerVersion = EnableSpectreMitigations.GetClosestCompilerVersionWithSpectreMitigations(
+                            context, machineType, actualVersion);
 
-                        // Indicates Spectre mitigations are not supported on this platform.  We won't flag this case.
+                        // If no suitable compiler version is found, Spectre mitigations are not supported on this platform
                         if (minCompilerVersion == null)
                         {
                             foundIssue = false;