Skip to content

Fix AvoidInternalURLs throw warnings at SDDL #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Apr 20, 2015
Merged

Fix AvoidInternalURLs throw warnings at SDDL #46

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
ff665f3
Merge pull request #23 from PowerShell/BugFixes
raghushantha Apr 10, 2015
4f1ca19
Merge pull request #35 from PowerShell/NewRule
yutingc Apr 16, 2015
178f484
Update UseShouldProcessForStateChangingFunctions.cs
yutingc Apr 17, 2015
22af2e8
Update UseShouldProcessForStateChangingFunctions.md
yutingc Apr 17, 2015
1f523c6
Merge remote-tracking branch 'origin/BugFixes' into NewRule
yutingc Apr 17, 2015
e63edce
Merge branch 'NewRule' into BugFixes
yutingc Apr 17, 2015
a68ed47
Merge pull request #38 from PowerShell/BugFixes
raghushantha Apr 17, 2015
1eee6c5
Fix AvoidUsingInternalURLs throw warnings at SDDL
yutingc Apr 20, 2015
52f882c
Change count of ":" to more than 3
yutingc Apr 20, 2015
eb7c565
Change column count to 3 and 4.
yutingc Apr 20, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion RuleDocumentation/UseShouldProcessForStateChangingFunctions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

##Description

Functions that have verbs like New, Start, Stop, Set, Reset that change system state should support 'ShouldProcess'
Functions that have verbs like New, Start, Stop, Set, Reset and Restart that change system state should support 'ShouldProcess'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is file in the current change?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I committed the changes earlier to BugFixes by accident so I reverted the changes. This file may be reverted as well.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok thanks.


##How to Fix

Expand Down
12 changes: 6 additions & 6 deletions Rules/AvoidUsingInternalURLs.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 +13,10 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Management.Automation.Language;
using Microsoft.Windows.Powershell.ScriptAnalyzer.Generic;
using System.ComponentModel.Composition;
using System.Resources;
using System.Globalization;
using System.Threading;
using System.Reflection;
using System.IO;

namespace Microsoft.Windows.Powershell.ScriptAnalyzer.BuiltinRules
Expand Down Expand Up @@ -118,7 +113,12 @@ public IEnumerable<DiagnosticRecord> AnalyzeScript(Ast ast, string fileName)
}
if (!firstPartURL.Contains("."))
{
isInternalURL = true;
//Add a check to exclude potential SDDL format. Check if a string have four components separated by ":"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the mininum format for SDDLs. So if you see a string that has owner/group/discretionary ACLs and security ACLs that it is a SDDL. I believe the ordering is required.
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379570(v=vs.85).aspx

O:owner_sid
G:group_sid
D:dacl_flags(string_ace1)(string_ace2)... (string_acen)
S:sacl_flags(string_ace1)(string_ace2)... (string_acen)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we checking if the SDDL formats are correct as well? This check is just to exclude SDDL strings being warned as internal URLS.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct No need to validate the SDDL format.

var count = firstPartURL.Count(x => x == ':');
if (count == 3 || count == 4 )
{
isInternalURL = true;
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think an SDDL can actually have 4 ":"
This is because they can have both DACL and SACL components (SACL is optional, I think)
In the test case, the string only has the DACL component.
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379570(v=vs.85).aspx

}
}
if (isInternalURL)
Expand Down
3 changes: 2 additions & 1 deletion Tests/Rules/AvoidUsingInternalURLsNoViolations.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
$correctPath = "www.bing.com"
$externalSite = "//outside.co/test"
rmdir /s /q ".\Directory"
rmdir /s /q ".\Directory"
$sd = "O:BAG:BAD:(A;;0x800;;;WD)(A;;0x120fff;;;SY)(A;;0x120fff;;;LS)(A;;0x120fff;;;NS)(A;;0x120fff;;;BA)(A;;0xee5;;;LU)(A;;LC;;;MU)(A;;0x800;;;AG)"