Unknown unsigned attributes now examines timestamps.

Timestamps that have been altered to contain unknown unsigned attributes are now found.

Author: vcsjones

AuthenticodeLint/Rules/NoUnknownUnsignedAttibuteRule.cs

@@ -25,6 +25,19 @@ public RuleResult Validate(Graph<Signature> graph, SignatureLogger verboseWriter
             foreach(var signature in signatures)
             {
                 var signer = signature.SignerInfo;
+                var counterSignatures = GraphBuilder.WalkCounterSignatures(signature);
+                foreach(var counterSignature in counterSignatures.VisitAll())
+                {
+                    foreach (var attribute in counterSignature.UnsignedAttributes)
+                    {
+                        if (!_trustedUnsignedAttributes.Contains(attribute.Oid.Value))
+                        {
+                            result = RuleResult.Fail;
+                            var displayName = attribute.Oid.FriendlyName ?? "<no friendly name>";
+                            verboseWriter.LogSignatureMessage(signer, $"Signature contains counter signer with unknown unsigned attribute {displayName} ({attribute.Oid.Value}).");
+                        }
+                    }
+                }
                 foreach(var attribute in signer.UnsignedAttributes)
                 {
                     if (!_trustedUnsignedAttributes.Contains(attribute.Oid.Value))