Merge pull request #340 from HotCakeX/WDACConfig-v0.4.5

WDACConfig v0.4.5

WDACConfig/.editorconfig

@@ -26,3 +26,102 @@ dotnet_diagnostic.CA1311.severity = error
 
 # CA1416: Validate platform compatibility
 dotnet_diagnostic.CA1416.severity = error
+
+# CA5384: Do Not Use Digital Signature Algorithm (DSA)
+dotnet_diagnostic.CA5384.severity = error
+
+# CA1508: Avoid dead conditional code
+dotnet_diagnostic.CA1508.severity = error
+
+# CA1200: Avoid using cref tags with a prefix
+dotnet_diagnostic.CA1200.severity = error
+
+# CA1812: Avoid uninstantiated internal classes
+dotnet_diagnostic.CA1812.severity = error
+
+# CA1825: Avoid zero-length array allocations
+dotnet_diagnostic.CA1825.severity = error
+
+# CA1841: Prefer Dictionary.Contains methods
+dotnet_diagnostic.CA1841.severity = error
+
+# CA1845: Use span-based 'string.Concat'
+dotnet_diagnostic.CA1845.severity = error
+
+# CA1851: Possible multiple enumerations of 'IEnumerable' collection
+dotnet_diagnostic.CA1851.severity = error
+
+# CA1855: Prefer 'Clear' over 'Fill'
+dotnet_diagnostic.CA1855.severity = error
+
+# CA1865: Use char overload
+dotnet_diagnostic.CA1865.severity = error
+
+# CA1866: Use char overload
+dotnet_diagnostic.CA1866.severity = error
+
+# CA2014: Do not use stackalloc in loops
+dotnet_diagnostic.CA2014.severity = error
+
+# CA2200: Rethrow to preserve stack details
+dotnet_diagnostic.CA2200.severity = error
+
+# CA1821: Remove empty Finalizers
+dotnet_diagnostic.CA1821.severity = error
+
+# CA1820: Test for empty strings using string length
+dotnet_diagnostic.CA1820.severity = error
+
+# CA2251: Use 'string.Equals'
+dotnet_diagnostic.CA2251.severity = error
+
+# CA1064: Exceptions should be public
+dotnet_diagnostic.CA1064.severity = error
+
+# CA1040: Avoid empty interfaces
+dotnet_diagnostic.CA1040.severity = error
+
+# CA1816: Dispose methods should call SuppressFinalize
+dotnet_diagnostic.CA1816.severity = error
+
+# CA2153: Do Not Catch Corrupted State Exceptions
+dotnet_diagnostic.CA2153.severity = error
+
+# CA2300: Do not use insecure deserializer BinaryFormatter
+dotnet_diagnostic.CA2300.severity = error
+
+# CA2302: Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize
+dotnet_diagnostic.CA2302.severity = error
+
+# CA2327: Do not use insecure JsonSerializerSettings
+dotnet_diagnostic.CA2327.severity = error
+
+# CA3012: Review code for regex injection vulnerabilities
+dotnet_diagnostic.CA3012.severity = error
+
+# CA3011: Review code for DLL injection vulnerabilities
+dotnet_diagnostic.CA3011.severity = error
+
+# CA2217: Do not mark enums with FlagsAttribute
+dotnet_diagnostic.CA2217.severity = error
+
+# CA1069: Enums values should not be duplicated
+dotnet_diagnostic.CA1069.severity = error
+
+# CA1823: Avoid unused private fields
+dotnet_diagnostic.CA1823.severity = error
+
+# CA1836: Prefer IsEmpty over Count
+dotnet_diagnostic.CA1836.severity = error
+
+# CA2000: Dispose objects before losing scope
+dotnet_diagnostic.CA2000.severity = error
+
+# CA1830: Prefer strongly-typed Append and Insert method overloads on StringBuilder
+dotnet_diagnostic.CA1830.severity = error
+
+# CA1822: Mark members as static
+dotnet_diagnostic.CA1822.severity = error
+
+# CA1050: Declare types in namespaces
+dotnet_diagnostic.CA1050.severity = error

WDACConfig/Program.cs

@@ -1,14 +1,8 @@
-using System.Security.Cryptography.X509Certificates;
+using System.Collections.Generic;
+
+#nullable enable
 
 // Some test
 List<WDACConfig.AllCertificatesGrabber.AllFileSigners> Certificates = WDACConfig.AllCertificatesGrabber.WinTrust.GetAllFileSigners(@"");
 
-List<string> subjects = Certificates
-    .Select(Cert => Cert.Chain?.ChainElements?.Cast<X509ChainElement>().FirstOrDefault()?.Certificate?.Subject?.ToString())
-    .Where(subject => subject != null)
-    .ToList();
 
-foreach (var item in subjects)
-{
-    Console.WriteLine(item);
-}

WDACConfig/WDACConfig Module Files/.NETAssembliesToLoad.txt

@@ -4,6 +4,7 @@ System.Xml
 System.Linq
 System.Memory
 System.Console
+System.Net.Http
 System.Xml.Linq
 System.Text.Json
 System.Management
@@ -19,6 +20,7 @@ System.Diagnostics.Process
 System.Diagnostics.EventLog
 System.Security.Cryptography
 System.Management.Automation
+System.IO.Compression.zipfile
 System.Collections.NonGeneric
 System.Text.RegularExpressions
 System.Runtime.InteropServices

WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/ArgumentCompleterAttribute.cs

@@ -1,10 +1,10 @@
 using System;
 using System.Collections;
 using System.Collections.Generic;
+using System.Linq;
 using System.Management.Automation;
 using System.Management.Automation.Language;
 using System.Windows.Forms;
-using System.Linq;
 
 #nullable enable
 

WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/BasePolicyNamez.cs

@@ -1,9 +1,7 @@
 using System;
+using System.Collections.Generic;
 using System.Diagnostics;
 using System.Text.Json;
-using System.Collections.Generic;
-using System.Management.Automation;
-using System.Globalization;
 
 #nullable enable
 
@@ -24,33 +22,35 @@ public string[] GetValidValues()
                 CreateNoWindow = true
             };
 
-            Process process = new Process { StartInfo = startInfo };
-            process.Start();
+            using (Process process = new Process { StartInfo = startInfo })
+            {
+                process.Start();
 
-            string jsonOutput = process.StandardOutput.ReadToEnd();
-            process.WaitForExit();
+                string jsonOutput = process.StandardOutput.ReadToEnd();
+                process.WaitForExit();
 
-            // Parse the JSON output
-            JsonDocument jsonDoc = JsonDocument.Parse(jsonOutput);
-            JsonElement policiesElement = jsonDoc.RootElement.GetProperty("Policies");
+                // Parse the JSON output
+                JsonDocument jsonDoc = JsonDocument.Parse(jsonOutput);
+                JsonElement policiesElement = jsonDoc.RootElement.GetProperty("Policies");
 
-            List<string> validValues = new List<string>();
+                List<string> validValues = new List<string>();
 
-            foreach (JsonElement policyElement in policiesElement.EnumerateArray())
-            {
-                bool isSystemPolicy = policyElement.GetProperty("IsSystemPolicy").GetBoolean();
-                string? policyId = policyElement.GetProperty("PolicyID").GetString();
-                string? basePolicyId = policyElement.GetProperty("BasePolicyID").GetString();
-                string? friendlyName = policyElement.GetProperty("FriendlyName").GetString();
-
-                // Use ordinal, case-insensitive comparison for the policy IDs
-                if (!isSystemPolicy && string.Equals(policyId, basePolicyId, StringComparison.OrdinalIgnoreCase) && friendlyName != null)
+                foreach (JsonElement policyElement in policiesElement.EnumerateArray())
                 {
-                    validValues.Add(friendlyName);
+                    bool isSystemPolicy = policyElement.GetProperty("IsSystemPolicy").GetBoolean();
+                    string? policyId = policyElement.GetProperty("PolicyID").GetString();
+                    string? basePolicyId = policyElement.GetProperty("BasePolicyID").GetString();
+                    string? friendlyName = policyElement.GetProperty("FriendlyName").GetString();
+
+                    // Use ordinal, case-insensitive comparison for the policy IDs
+                    if (!isSystemPolicy && string.Equals(policyId, basePolicyId, StringComparison.OrdinalIgnoreCase) && friendlyName != null)
+                    {
+                        validValues.Add(friendlyName);
+                    }
                 }
-            }
 
-            return validValues.ToArray();
+                return validValues.ToArray();
+            }
         }
     }
 }

WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/CertCNz.cs

@@ -1,9 +1,10 @@
 using System;
 using System.Collections.Generic;
-using System.Management.Automation;
 using System.Linq;
 using System.Security.Cryptography.X509Certificates;
 
+#nullable enable
+
 namespace WDACConfig
 {
     // Argument completer and ValidateSet for CertCNs

WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/RuleOptionsx.cs

@@ -43,6 +43,11 @@ public string[] GetValidValues()
                 }
             }
 
+            if (WDACConfig.GlobalVars.ModuleRootPath == null)
+            {
+                throw new Exception("ModuleRootPath is null!");
+            }
+
             // Construct the full path to PolicyRuleOptions.Json
             string jsonFilePath = Path.Combine(WDACConfig.GlobalVars.ModuleRootPath, "Resources", "PolicyRuleOptions.Json");
 

WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/ScanLevelz.cs

@@ -1,6 +1,3 @@
-using System;
-using System.Management.Automation;
-
 #nullable enable
 
 namespace WDACConfig

WDACConfig/WDACConfig Module Files/C#/Custom Types/AuthenticodePageHashes.cs

@@ -1,17 +1,15 @@
-using System;
-
 #nullable enable
 
 namespace WDACConfig
 {
     public class AuthenticodePageHashes
     {
-        public string SHA1Page { get; set; }
-        public string SHA256Page { get; set; }
-        public string SHa1Authenticode { get; set; }
-        public string SHA256Authenticode { get; set; }
+        public string? SHA1Page { get; set; }
+        public string? SHA256Page { get; set; }
+        public string? SHa1Authenticode { get; set; }
+        public string? SHA256Authenticode { get; set; }
 
-        public AuthenticodePageHashes(string sha1Page, string sha256Page, string sha1Authenticode, string sha256Authenticode)
+        public AuthenticodePageHashes(string? sha1Page, string? sha256Page, string? sha1Authenticode, string? sha256Authenticode)
         {
             SHA1Page = sha1Page;
             SHA256Page = sha256Page;

WDACConfig/WDACConfig Module Files/C#/Custom Types/CertificateSignerCreator.cs

@@ -1,5 +1,3 @@
-using System;
-
 #nullable enable
 
 namespace WDACConfig

WDACConfig/WDACConfig Module Files/C#/Custom Types/FileBasedInfoPackage.cs

@@ -1,4 +1,3 @@
-using System;
 using System.Collections.Generic;
 
 #nullable enable

WDACConfig/WDACConfig Module Files/C#/Custom Types/FilePublisherSignerCreator.cs

@@ -19,7 +19,18 @@ public class FilePublisherSignerCreator
         public string? AuthenticodeSHA1 { get; set; }
         public int SiSigningScenario { get; set; }
 
-        public FilePublisherSignerCreator(List<WDACConfig.CertificateDetailsCreator> certificateDetails, Version fileVersion, string fileDescription, string internalName, string originalFileName, string packageFamilyName, string productName, string fileName, string authenticodeSHA256, string authenticodeSHA1, int siSigningScenario)
+        public FilePublisherSignerCreator(
+            List<WDACConfig.CertificateDetailsCreator> certificateDetails,
+            Version fileVersion,
+            string? fileDescription,
+            string? internalName,
+            string? originalFileName,
+            string? packageFamilyName,
+            string? productName,
+            string? fileName,
+            string? authenticodeSHA256,
+            string? authenticodeSHA1,
+            int siSigningScenario)
         {
             CertificateDetails = certificateDetails;
             FileVersion = fileVersion;

WDACConfig/WDACConfig Module Files/C#/Custom Types/PublisherSignerCreator.cs

@@ -1,14 +1,15 @@
-using System;
 using System.Collections.Generic;
 
+#nullable enable
+
 namespace WDACConfig
 {
     public class PublisherSignerCreator
     {
         public List<CertificateDetailsCreator> CertificateDetails { get; set; }
-        public string FileName { get; set; }
-        public string AuthenticodeSHA256 { get; set; }
-        public string AuthenticodeSHA1 { get; set; }
+        public string? FileName { get; set; }
+        public string? AuthenticodeSHA256 { get; set; }
+        public string? AuthenticodeSHA1 { get; set; }
         public int SiSigningScenario { get; set; }
 
         public PublisherSignerCreator(List<CertificateDetailsCreator> certificateDetails, string fileName, string authenticodeSHA256, string authenticodeSHA1, int siSigningScenario)

WDACConfig/WDACConfig Module Files/C#/Custom Types/Signer.cs

@@ -1,4 +1,3 @@
-using System;
 using System.Collections.Generic;
 
 #nullable enable