Harden Windows Security v0.6.7

Harden-Windows-Security Module/.editorconfig

@@ -31,7 +31,7 @@ dotnet_diagnostic.CA1309.severity = error
 dotnet_diagnostic.CA1311.severity = error
 
 # CA1416: Validate platform compatibility
-dotnet_diagnostic.CA1416.severity = error
+dotnet_diagnostic.CA1416.severity = silent
 
 # CA5384: Do Not Use Digital Signature Algorithm (DSA)
 dotnet_diagnostic.CA5384.severity = error
@@ -272,3 +272,75 @@ dotnet_diagnostic.IDE0110.severity = error
 
 # CA2101: Specify marshaling for P/Invoke string arguments
 dotnet_diagnostic.CA2101.severity = error
+
+# IL2026: Members annotated with 'RequiresUnreferencedCodeAttribute' require dynamic access otherwise can break functionality when trimming application code
+dotnet_diagnostic.IL2026.severity = error
+
+# IDE0305: Simplify collection initialization
+dotnet_diagnostic.IDE0305.severity = error
+
+# IDE0004: Remove Unnecessary Cast
+dotnet_diagnostic.IDE0004.severity = error
+
+# IDE0017: Simplify object initialization
+dotnet_diagnostic.IDE0017.severity = error
+
+# IDE0060: Remove unused parameter
+dotnet_diagnostic.IDE0060.severity = error
+
+# IDE0044: Add readonly modifier
+dotnet_diagnostic.IDE0044.severity = error
+
+# IDE0063: Use simple 'using' statement
+dotnet_diagnostic.IDE0063.severity = error
+
+# CA1001: Types that own disposable fields should be disposable
+dotnet_diagnostic.CA1001.severity = error
+
+# CA1831: Use AsSpan or AsMemory instead of Range-based indexers when appropriate
+dotnet_diagnostic.CA1831.severity = error
+
+# CA5382: Use Secure Cookies In ASP.NET Core
+dotnet_diagnostic.CA5382.severity = error
+
+# CA1063: Implement IDisposable Correctly
+dotnet_diagnostic.CA1063.severity = error
+
+# CA1852: Seal internal types
+dotnet_diagnostic.CA1852.severity = error
+
+# CA2011: Avoid infinite recursion
+dotnet_diagnostic.CA2011.severity = error
+
+# CA2015: Do not define finalizers for types derived from MemoryManager<T>
+dotnet_diagnostic.CA2015.severity = error
+
+# CA2017: Parameter count mismatch
+dotnet_diagnostic.CA2017.severity = error
+
+# CA5397: Do not use deprecated SslProtocols values
+dotnet_diagnostic.CA5397.severity = error
+
+# CA5394: Do not use insecure randomness
+dotnet_diagnostic.CA5394.severity = error
+
+# CA2207: Initialize value type static fields inline
+dotnet_diagnostic.CA2207.severity = error
+
+# CA2219: Do not raise exceptions in finally clauses
+dotnet_diagnostic.CA2219.severity = error
+
+# CA2259: 'ThreadStatic' only affects static fields
+dotnet_diagnostic.CA2259.severity = error
+
+# CA5371: Use XmlReader for 'XmlSchema.Read()'
+dotnet_diagnostic.CA5371.severity = error
+
+# CA5364: Do Not Use Deprecated Security Protocols
+dotnet_diagnostic.CA5364.severity = error
+
+# CA1839: Use 'Environment.ProcessPath'
+dotnet_diagnostic.CA1839.severity = error
+
+# CA2265: Do not compare Span<T> to 'null' or 'default'
+dotnet_diagnostic.CA2265.severity = error

Harden-Windows-Security Module/Harden-Windows-Security Module.code-workspace

@@ -213,7 +213,6 @@
 			"vmwp",
 			"vnet",
 			"Wayback",
-			"WDAC",
 			"webmail",
 			"webserver",
 			"Webshell",

Harden-Windows-Security Module/Main files/C#/CimInstances/BitLocker-AddKeyProtectors.cs

@@ -59,7 +59,7 @@ private static void RemoveTpmBasedKeyProtectors(ManagementObject driveInstance,
             string[] KeyProtectorIDs = (string[])keyProtectorResult["VolumeKeyProtectorID"];
 
             // Check if there is at least 1 key protector
-            if (KeyProtectorIDs != null && KeyProtectorIDs.Length >= 1)
+            if (KeyProtectorIDs is not null && KeyProtectorIDs.Length >= 1)
             {
                 // Loop over all of the key protectors of the specified type and remove all of them
                 foreach (string KeyProtectorID in KeyProtectorIDs)
@@ -77,12 +77,12 @@ private static void RemoveTpmBasedKeyProtectors(ManagementObject driveInstance,
                     #region Output handling
                     uint? deletionResultCode = null;
 
-                    if (deletionResult != null)
+                    if (deletionResult is not null)
                     {
                         deletionResultCode = Convert.ToUInt32(deletionResult["ReturnValue"], CultureInfo.InvariantCulture);
                     }
 
-                    if (deletionResultCode != null && deletionResultCode == 0)
+                    if (deletionResultCode is not null && deletionResultCode == 0)
                     {
                         Logger.LogMessage($"Successfully removed a key protector of type {keyProtectorType}", LogTypeIntel.Information);
                     }
@@ -134,12 +134,12 @@ public static void AddRecoveryPassword(string DriveLetter, string? Password)
             #region Output handling
             uint? MethodInvocationResultCode = null;
 
-            if (MethodInvocationResult != null)
+            if (MethodInvocationResult is not null)
             {
                 MethodInvocationResultCode = Convert.ToUInt32(MethodInvocationResult["ReturnValue"], CultureInfo.InvariantCulture);
             }
 
-            if (MethodInvocationResultCode != null && MethodInvocationResultCode == 0)
+            if (MethodInvocationResultCode is not null && MethodInvocationResultCode == 0)
             {
                 Logger.LogMessage("Successfully added the Recovery Password key protector.", LogTypeIntel.Information);
             }
@@ -183,12 +183,12 @@ public static void AddPasswordProtector(string DriveLetter, string? PassPhrase)
             #region Output handling
             uint? MethodInvocationResultCode = null;
 
-            if (MethodInvocationResult != null)
+            if (MethodInvocationResult is not null)
             {
                 MethodInvocationResultCode = Convert.ToUInt32(MethodInvocationResult["ReturnValue"], CultureInfo.InvariantCulture);
             }
 
-            if (MethodInvocationResultCode != null && MethodInvocationResultCode == 0)
+            if (MethodInvocationResultCode is not null && MethodInvocationResultCode == 0)
             {
                 Logger.LogMessage("Successfully added Password key protector (aka Passphrase).", LogTypeIntel.Information);
             }
@@ -228,12 +228,12 @@ public static void AddTpmProtector(string DriveLetter)
             #region Output handling
             uint? MethodInvocationResultCode = null;
 
-            if (MethodInvocationResult != null)
+            if (MethodInvocationResult is not null)
             {
                 MethodInvocationResultCode = Convert.ToUInt32(MethodInvocationResult["ReturnValue"], CultureInfo.InvariantCulture);
             }
 
-            if (MethodInvocationResultCode != null && MethodInvocationResultCode == 0)
+            if (MethodInvocationResultCode is not null && MethodInvocationResultCode == 0)
             {
                 Logger.LogMessage("Successfully added the TPM key protector.", LogTypeIntel.Information);
             }
@@ -287,12 +287,12 @@ public static void AddTpmAndPinProtector(string DriveLetter, string PIN)
             #region Output handling
             uint? MethodInvocationResultCode = null;
 
-            if (MethodInvocationResult != null)
+            if (MethodInvocationResult is not null)
             {
                 MethodInvocationResultCode = Convert.ToUInt32(MethodInvocationResult["ReturnValue"], CultureInfo.InvariantCulture);
             }
 
-            if (MethodInvocationResultCode != null && MethodInvocationResultCode == 0)
+            if (MethodInvocationResultCode is not null && MethodInvocationResultCode == 0)
             {
                 Logger.LogMessage("Successfully added the TpmAndPin key protector.", LogTypeIntel.Information);
             }
@@ -347,12 +347,12 @@ public static void AddTpmAndStartupKeyProtector(string DriveLetter, string Start
             #region Output handling
             uint? MethodInvocationResultCode = null;
 
-            if (ProtectKeyWithTPMAndStartupKeyMethodInvocationResult != null)
+            if (ProtectKeyWithTPMAndStartupKeyMethodInvocationResult is not null)
             {
                 MethodInvocationResultCode = Convert.ToUInt32(ProtectKeyWithTPMAndStartupKeyMethodInvocationResult["ReturnValue"], CultureInfo.InvariantCulture);
             }
 
-            if (MethodInvocationResultCode != null && MethodInvocationResultCode == 0)
+            if (MethodInvocationResultCode is not null && MethodInvocationResultCode == 0)
             {
                 Logger.LogMessage("The TpmAndStartupKey key protector was successfully added. Backing up the Startup key in the next step.", LogTypeIntel.Information);
             }
@@ -376,12 +376,12 @@ public static void AddTpmAndStartupKeyProtector(string DriveLetter, string Start
             #region Output handling
             uint? MethodInvocationResultCode2 = null;
 
-            if (SaveExternalKeyToFileMethodInvocationResult != null)
+            if (SaveExternalKeyToFileMethodInvocationResult is not null)
             {
                 MethodInvocationResultCode2 = Convert.ToUInt32(SaveExternalKeyToFileMethodInvocationResult["ReturnValue"], CultureInfo.InvariantCulture);
             }
 
-            if (MethodInvocationResultCode2 != null && MethodInvocationResultCode2 == 0)
+            if (MethodInvocationResultCode2 is not null && MethodInvocationResultCode2 == 0)
             {
                 Logger.LogMessage($"Successfully backed up the Startup key to {StartupKeyPath}", LogTypeIntel.Information);
 
@@ -441,12 +441,12 @@ public static void AddTpmAndPinAndStartupKeyProtector(string DriveLetter, string
             #region Output handling
             uint? MethodInvocationResultCode = null;
 
-            if (ProtectKeyWithTPMAndPinAndStartupKeyMethodInvocationResult != null)
+            if (ProtectKeyWithTPMAndPinAndStartupKeyMethodInvocationResult is not null)
             {
                 MethodInvocationResultCode = Convert.ToUInt32(ProtectKeyWithTPMAndPinAndStartupKeyMethodInvocationResult["ReturnValue"], CultureInfo.InvariantCulture);
             }
 
-            if (MethodInvocationResultCode != null && MethodInvocationResultCode == 0)
+            if (MethodInvocationResultCode is not null && MethodInvocationResultCode == 0)
             {
                 Logger.LogMessage("The TpmAndPinAndStartupKey key protector was successfully added. Will backup the startup key in the next step.", LogTypeIntel.Information);
             }
@@ -469,12 +469,12 @@ public static void AddTpmAndPinAndStartupKeyProtector(string DriveLetter, string
             #region Output handling
             uint? MethodInvocationResultCode2 = null;
 
-            if (SaveExternalKeyToFileMethodInvocationResult != null)
+            if (SaveExternalKeyToFileMethodInvocationResult is not null)
             {
                 MethodInvocationResultCode2 = Convert.ToUInt32(SaveExternalKeyToFileMethodInvocationResult["ReturnValue"], CultureInfo.InvariantCulture);
             }
 
-            if (MethodInvocationResultCode2 != null && MethodInvocationResultCode2 == 0)
+            if (MethodInvocationResultCode2 is not null && MethodInvocationResultCode2 == 0)
             {
                 Logger.LogMessage($"Successfully backed up the startup key to {StartupKeyPath}", LogTypeIntel.Information);
 
@@ -533,12 +533,12 @@ public static void AddStartupKeyProtector_OR_RecoveryKeyProtector(string DriveLe
             #region Output handling
             uint? MethodInvocationResultCode = null;
 
-            if (ProtectKeyWithExternalKeyMethodInvocationResult != null)
+            if (ProtectKeyWithExternalKeyMethodInvocationResult is not null)
             {
                 MethodInvocationResultCode = Convert.ToUInt32(ProtectKeyWithExternalKeyMethodInvocationResult["ReturnValue"], CultureInfo.InvariantCulture);
             }
 
-            if (MethodInvocationResultCode != null && MethodInvocationResultCode == 0)
+            if (MethodInvocationResultCode is not null && MethodInvocationResultCode == 0)
             {
                 Logger.LogMessage("The StartupKey key protector was successfully added. Will back up it in the next step.", LogTypeIntel.Information);
                 // Will move forward to the next step
@@ -562,12 +562,12 @@ public static void AddStartupKeyProtector_OR_RecoveryKeyProtector(string DriveLe
             #region Output handling
             uint? MethodInvocationResultCode2 = null;
 
-            if (SaveExternalKeyToFileMethodInvocationResult != null)
+            if (SaveExternalKeyToFileMethodInvocationResult is not null)
             {
                 MethodInvocationResultCode2 = Convert.ToUInt32(SaveExternalKeyToFileMethodInvocationResult["ReturnValue"], CultureInfo.InvariantCulture);
             }
 
-            if (MethodInvocationResultCode2 != null && MethodInvocationResultCode2 == 0)
+            if (MethodInvocationResultCode2 is not null && MethodInvocationResultCode2 == 0)
             {
                 Logger.LogMessage($"Successfully backed up the Startup key to {StartupKeyPath}", LogTypeIntel.Information);
             }
@@ -631,12 +631,12 @@ public static void AddSidProtector(string DriveLetter, string SID, bool ServiceA
             #region Output handling
             uint? MethodInvocationResultCode = null;
 
-            if (MethodInvocationResult != null)
+            if (MethodInvocationResult is not null)
             {
                 MethodInvocationResultCode = Convert.ToUInt32(MethodInvocationResult["ReturnValue"], CultureInfo.InvariantCulture);
             }
 
-            if (MethodInvocationResultCode != null && MethodInvocationResultCode == 0)
+            if (MethodInvocationResultCode is not null && MethodInvocationResultCode == 0)
             {
                 Logger.LogMessage("Successfully added the SID key protector.", LogTypeIntel.Information);
             }