Skip to content

Commit

Permalink
Merge pull request #1002 from gep13/issue-1000
Browse files Browse the repository at this point in the history
(#1000) Do not display sensitive persisted package arguments
  • Loading branch information
AdmiringWorm authored May 30, 2023
2 parents c9a531f + 47e2093 commit a0082c2
Show file tree
Hide file tree
Showing 13 changed files with 71 additions and 71 deletions.
10 changes: 5 additions & 5 deletions Source/ChocolateyGui.Common.Windows/Bootstrapper.cs
Original file line number Diff line number Diff line change
Expand Up @@ -37,13 +37,13 @@ public class Bootstrapper : BootstrapperBase
private static readonly IFileSystem _fileSystem = new DotNetFileSystem();

#pragma warning disable SA1202
public static readonly string ChocolateyGuiInstallLocation = _fileSystem.get_directory_name(_fileSystem.get_current_assembly_path());
public static readonly string ChocolateyGuiInstallLocation = _fileSystem.GetDirectoryName(_fileSystem.GetCurrentAssemblyPath());
public static readonly string ChocolateyInstallEnvironmentVariableName = "ChocolateyInstall";
public static readonly string ChocolateyInstallLocation = System.Environment.GetEnvironmentVariable(ChocolateyInstallEnvironmentVariableName) ?? _fileSystem.get_directory_name(_fileSystem.get_current_assembly_path());
public static readonly string LicensedGuiAssemblyLocation = _fileSystem.combine_paths(ChocolateyInstallLocation, "extensions", "chocolateygui", "chocolateygui.licensed.dll");
public static readonly string ChocolateyInstallLocation = System.Environment.GetEnvironmentVariable(ChocolateyInstallEnvironmentVariableName) ?? _fileSystem.GetDirectoryName(_fileSystem.GetCurrentAssemblyPath());
public static readonly string LicensedGuiAssemblyLocation = _fileSystem.CombinePaths(ChocolateyInstallLocation, "extensions", "chocolateygui", "chocolateygui.licensed.dll");

public static readonly string ChocolateyGuiCommonAssemblyLocation = _fileSystem.combine_paths(ChocolateyGuiInstallLocation, "ChocolateyGui.Common.dll");
public static readonly string ChocolateyGuiCommonWindowsAssemblyLocation = _fileSystem.combine_paths(ChocolateyGuiInstallLocation, "ChocolateyGui.Common.Windows.dll");
public static readonly string ChocolateyGuiCommonAssemblyLocation = _fileSystem.CombinePaths(ChocolateyGuiInstallLocation, "ChocolateyGui.Common.dll");
public static readonly string ChocolateyGuiCommonWindowsAssemblyLocation = _fileSystem.CombinePaths(ChocolateyGuiInstallLocation, "ChocolateyGui.Common.Windows.dll");

public static readonly string ChocolateyGuiCommonAssemblySimpleName = "ChocolateyGui.Common";
public static readonly string ChocolateyGuiCommonWindowsAssemblySimpleName = "ChocolateyGui.Common.Windows";
Expand Down
48 changes: 24 additions & 24 deletions Source/ChocolateyGui.Common.Windows/Services/ChocolateyService.cs
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ public ChocolateyService(IMapper mapper, IProgressService progressService, IChoc
_configService = configService;
_choco = Lets.GetChocolatey(initializeLogging: false).SetCustomLogging(new SerilogLogger(Logger, _progressService), logExistingMessages: false, addToExistingLoggers: true);

_localAppDataPath = _fileSystem.combine_paths(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData, Environment.SpecialFolderOption.DoNotVerify), "Chocolatey GUI");
_localAppDataPath = _fileSystem.CombinePaths(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData, Environment.SpecialFolderOption.DoNotVerify), "Chocolatey GUI");
}

public Task<bool> IsElevated()
Expand All @@ -73,7 +73,7 @@ public async Task<IEnumerable<Package>> GetInstalledPackages()
_choco.Set(
config =>
{
config.CommandName = CommandNameType.list.ToString();
config.CommandName = CommandNameType.List.ToString();
});

var chocoConfig = _choco.GetConfiguration();
Expand All @@ -91,7 +91,7 @@ public async Task<IEnumerable<Package>> GetInstalledPackages()
else
{
var nugetService = _choco.Container().GetInstance<INugetService>();
var packages = await Task.Run(() => nugetService.list_run(chocoConfig));
var packages = await Task.Run(() => nugetService.List(chocoConfig));
return packages
.Select(package => GetMappedPackage(_choco, package, _mapper, true))
.ToArray();
Expand All @@ -107,7 +107,7 @@ public async Task<IReadOnlyList<OutdatedPackage>> GetOutdatedPackages(bool inclu
return new List<OutdatedPackage>();
}

var outdatedPackagesFile = _fileSystem.combine_paths(_localAppDataPath, "outdatedPackages.xml");
var outdatedPackagesFile = _fileSystem.CombinePaths(_localAppDataPath, "outdatedPackages.xml");

var outdatedPackagesCacheDurationInMinutesSetting = _configService.GetEffectiveConfiguration().OutdatedPackagesCacheDurationInMinutes;
int outdatedPackagesCacheDurationInMinutes = 0;
Expand All @@ -116,9 +116,9 @@ public async Task<IReadOnlyList<OutdatedPackage>> GetOutdatedPackages(bool inclu
int.TryParse(outdatedPackagesCacheDurationInMinutesSetting, out outdatedPackagesCacheDurationInMinutes);
}

if (_fileSystem.file_exists(outdatedPackagesFile) && (DateTime.Now - _fileSystem.get_file_modified_date(outdatedPackagesFile)).TotalMinutes < outdatedPackagesCacheDurationInMinutes)
if (_fileSystem.FileExists(outdatedPackagesFile) && (DateTime.Now - _fileSystem.GetFileModifiedDate(outdatedPackagesFile)).TotalMinutes < outdatedPackagesCacheDurationInMinutes)
{
return _xmlService.deserialize<List<OutdatedPackage>>(outdatedPackagesFile);
return _xmlService.Deserialize<List<OutdatedPackage>>(outdatedPackagesFile);
}
else
{
Expand All @@ -140,7 +140,7 @@ public async Task<IReadOnlyList<OutdatedPackage>> GetOutdatedPackages(bool inclu
if (chocoConfig.Sources != null)
{
var nugetService = choco.Container().GetInstance<INugetService>();
var packages = await Task.Run(() => nugetService.upgrade_noop(chocoConfig, null));
var packages = await Task.Run(() => nugetService.UpgradeDryRun(chocoConfig, null));
var results = packages
.Where(p => !p.Value.Inconclusive)
.Select(p => new OutdatedPackage
Expand All @@ -154,12 +154,12 @@ public async Task<IReadOnlyList<OutdatedPackage>> GetOutdatedPackages(bool inclu
// packages, when the serialized file has become old/stale, so we NEED the file to be re-written
// when this check is done, so that it isn't always doing the check. Therefore, when we are
// getting ready to serialize the list of outdated packages, if the file already exists, delete it.
if (_fileSystem.file_exists(outdatedPackagesFile))
if (_fileSystem.FileExists(outdatedPackagesFile))
{
_fileSystem.delete_file(outdatedPackagesFile);
_fileSystem.DeleteFile(outdatedPackagesFile);
}

_xmlService.serialize(results, outdatedPackagesFile);
_xmlService.Serialize(results, outdatedPackagesFile);
}
catch (Exception ex)
{
Expand Down Expand Up @@ -189,7 +189,7 @@ public async Task<PackageOperationResult> InstallPackage(
choco.Set(
config =>
{
config.CommandName = CommandNameType.install.ToString();
config.CommandName = CommandNameType.Install.ToString();
config.PackageNames = id;
config.Features.UsePackageExitCodes = false;

Expand Down Expand Up @@ -369,7 +369,7 @@ public async Task<PackageOperationResult> UninstallPackage(string id, string ver
choco.Set(
config =>
{
config.CommandName = CommandNameType.uninstall.ToString();
config.CommandName = CommandNameType.Uninstall.ToString();
config.PackageNames = id;
config.Features.UsePackageExitCodes = false;

Expand All @@ -392,7 +392,7 @@ public async Task<PackageOperationResult> UpdatePackage(string id, Uri source =
choco.Set(
config =>
{
config.CommandName = CommandNameType.upgrade.ToString();
config.CommandName = CommandNameType.Upgrade.ToString();
config.PackageNames = id;
config.Features.UsePackageExitCodes = false;
});
Expand All @@ -409,7 +409,7 @@ public async Task<PackageOperationResult> PinPackage(string id, string version)
config =>
{
config.CommandName = "pin";
config.PinCommand.Command = PinCommandType.add;
config.PinCommand.Command = PinCommandType.Add;
config.PinCommand.Name = id;
config.Version = version;
config.Sources = ApplicationParameters.PackagesLocation;
Expand All @@ -436,7 +436,7 @@ public async Task<PackageOperationResult> UnpinPackage(string id, string version
config =>
{
config.CommandName = "pin";
config.PinCommand.Command = PinCommandType.remove;
config.PinCommand.Command = PinCommandType.Remove;
config.PinCommand.Name = id;
config.Version = version;
config.Sources = ApplicationParameters.PackagesLocation;
Expand Down Expand Up @@ -474,7 +474,7 @@ public async Task SetFeature(ChocolateyFeature feature)
config =>
{
config.CommandName = "feature";
config.FeatureCommand.Command = feature.Enabled ? chocolatey.infrastructure.app.domain.FeatureCommandType.enable : chocolatey.infrastructure.app.domain.FeatureCommandType.disable;
config.FeatureCommand.Command = feature.Enabled ? chocolatey.infrastructure.app.domain.FeatureCommandType.Enable : chocolatey.infrastructure.app.domain.FeatureCommandType.Disable;
config.FeatureCommand.Name = feature.Name;
});

Expand All @@ -497,7 +497,7 @@ public async Task SetSetting(ChocolateySetting setting)
config =>
{
config.CommandName = "config";
config.ConfigCommand.Command = chocolatey.infrastructure.app.domain.ConfigCommandType.set;
config.ConfigCommand.Command = chocolatey.infrastructure.app.domain.ConfigCommandType.Set;
config.ConfigCommand.Name = setting.Key;
config.ConfigCommand.ConfigValue = setting.Value;
});
Expand All @@ -514,7 +514,7 @@ public async Task<ChocolateySource[]> GetSources()
var config = await GetConfigFile();
var allSources = config.Sources.Select(_mapper.Map<ChocolateySource>).ToArray();

var filteredSourceIds = _configSettingsService.source_list(_choco.GetConfiguration()).Select(s => s.Id).ToArray();
var filteredSourceIds = _configSettingsService.ListSources(_choco.GetConfiguration()).Select(s => s.Id).ToArray();

var mappedSources = allSources.Where(s => filteredSourceIds.Contains(s.Id)).ToArray();
return mappedSources;
Expand All @@ -528,7 +528,7 @@ public async Task AddSource(ChocolateySource source)
config =>
{
config.CommandName = "source";
config.SourceCommand.Command = SourceCommandType.add;
config.SourceCommand.Command = SourceCommandType.Add;
config.SourceCommand.Name = source.Id;
config.Sources = source.Value;
config.SourceCommand.Username = source.UserName;
Expand Down Expand Up @@ -560,7 +560,7 @@ public async Task DisableSource(string id)
config =>
{
config.CommandName = "source";
config.SourceCommand.Command = SourceCommandType.disable;
config.SourceCommand.Command = SourceCommandType.Disable;
config.SourceCommand.Name = id;
});

Expand All @@ -573,7 +573,7 @@ public async Task EnableSource(string id)
config =>
{
config.CommandName = "source";
config.SourceCommand.Command = SourceCommandType.enable;
config.SourceCommand.Command = SourceCommandType.Enable;
config.SourceCommand.Name = id;
});

Expand Down Expand Up @@ -611,7 +611,7 @@ public async Task<bool> RemoveSource(string id)
config =>
{
config.CommandName = "source";
config.SourceCommand.Command = SourceCommandType.remove;
config.SourceCommand.Command = SourceCommandType.Remove;
config.SourceCommand.Name = id;
});

Expand Down Expand Up @@ -646,7 +646,7 @@ private static Package GetMappedPackage(GetChocolatey choco, PackageResult packa
}

var packageInfoService = choco.Container().GetInstance<IChocolateyPackageInformationService>();
var packageInfo = packageInfoService.get_package_information(package.PackageMetadata);
var packageInfo = packageInfoService.Get(package.PackageMetadata);
mappedPackage.IsPinned = packageInfo.IsPinned;
mappedPackage.IsInstalled = !string.IsNullOrWhiteSpace(package.InstallLocation) || forceInstalled;

Expand Down Expand Up @@ -714,7 +714,7 @@ private async Task<ConfigFileSettings> GetConfigFile()
var xmlService = _choco.Container().GetInstance<IXmlService>();
var config =
await Task.Run(
() => xmlService.deserialize<ConfigFileSettings>(chocolatey.infrastructure.app.ApplicationParameters.GlobalConfigFileLocation));
() => xmlService.Deserialize<ConfigFileSettings>(chocolatey.infrastructure.app.ApplicationParameters.GlobalConfigFileLocation));
return config;
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,17 +40,17 @@ public PackageArgumentsService(

public IEnumerable<string> DecryptPackageArgumentsFile(string id, string version)
{
var argumentsPath = _fileSystem.combine_paths(_chocolateyConfigurationProvider.ChocolateyInstall, ".chocolatey", "{0}.{1}".format_with(id, version));
var argumentsFile = _fileSystem.combine_paths(argumentsPath, ".arguments");
var argumentsPath = _fileSystem.CombinePaths(_chocolateyConfigurationProvider.ChocolateyInstall, ".chocolatey", "{0}.{1}".FormatWith(id, version));
var argumentsFile = _fileSystem.CombinePaths(argumentsPath, ".arguments");

string arguments = string.Empty;

// Get the arguments decrypted in here and return them
try
{
if (_fileSystem.file_exists(argumentsFile))
if (_fileSystem.FileExists(argumentsFile))
{
arguments = _fileSystem.read_file(argumentsFile);
arguments = _fileSystem.ReadFile(argumentsFile);
}
}
catch (Exception ex)
Expand All @@ -69,25 +69,25 @@ public IEnumerable<string> DecryptPackageArgumentsFile(string id, string version

// The following code is borrowed from the Chocolatey codebase, should
// be extracted to a separate location in choco executable so we can re-use it.
var packageArgumentsUnencrypted = arguments.contains(" --") && arguments.to_string().Length > 4
var packageArgumentsUnencrypted = arguments.Contains(" --") && arguments.ToStringSafe().Length > 4
? arguments
: _encryptionUtility.decrypt_string(arguments);
: _encryptionUtility.DecryptString(arguments);

// Lets do a global check first to see if there are any sensitive arguments
// before we filter out the values used later.
var sensitiveArgs = ArgumentsUtility.arguments_contain_sensitive_information(packageArgumentsUnencrypted);
var sensitiveArgs = ArgumentsUtility.SensitiveArgumentsProvided(packageArgumentsUnencrypted);

var packageArgumentsSplit =
packageArgumentsUnencrypted.Split(new[] { " --" }, StringSplitOptions.RemoveEmptyEntries);

foreach (var packageArgument in packageArgumentsSplit.or_empty_list_if_null())
foreach (var packageArgument in packageArgumentsSplit.OrEmpty())
{
var isSensitiveArgument = sensitiveArgs && ArgumentsUtility.arguments_contain_sensitive_information(packageArgument);
var isSensitiveArgument = sensitiveArgs && ArgumentsUtility.SensitiveArgumentsProvided(string.Concat("--", packageArgument));

var packageArgumentSplit =
packageArgument.Split(new[] { '=' }, 2, StringSplitOptions.RemoveEmptyEntries);

var optionName = packageArgumentSplit[0].to_string();
var optionName = packageArgumentSplit[0].ToStringSafe();
var optionValue = string.Empty;

if (packageArgumentSplit.Length == 2 && isSensitiveArgument)
Expand All @@ -96,14 +96,14 @@ public IEnumerable<string> DecryptPackageArgumentsFile(string id, string version
}
else if (packageArgumentSplit.Length == 2)
{
optionValue = packageArgumentSplit[1].to_string().remove_surrounding_quotes();
optionValue = packageArgumentSplit[1].ToStringSafe().UnquoteSafe();
if (optionValue.StartsWith("'"))
{
optionValue.remove_surrounding_quotes();
optionValue.UnquoteSafe();
}
}

yield return "--{0}{1}".format_with(
yield return "--{0}{1}".FormatWith(
optionName,
string.IsNullOrWhiteSpace(optionValue) ? string.Empty : "=" + optionValue);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -440,7 +440,7 @@ private void OnSelectedVersionChanged(string stringVersion)

private void BrowseLogFile(object value)
{
var filter = "{0}|{1}|{2}".format_with(
var filter = "{0}|{1}|{2}".FormatWith(
L(nameof(Resources.FilePicker_LogFiles)) + "|*.log;*.klg",
L(nameof(Resources.FilePicker_TextFiles)) + "|*.txt;*.text;*.plain",
L(nameof(Resources.FilePicker_AllFiles)) + "|*.*");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ public ShellView(

// Certain things like Cef (our markdown browser engine) get unhappy when GUI is started from a different cwd.
// If we're in a different one, reset it to our app files directory.
if (_fileSystem.get_directory_name(Environment.CurrentDirectory) != Bootstrapper.ApplicationFilesPath)
if (_fileSystem.GetDirectoryName(Environment.CurrentDirectory) != Bootstrapper.ApplicationFilesPath)
{
Environment.CurrentDirectory = Bootstrapper.ApplicationFilesPath;
}
Expand Down
Loading

0 comments on commit a0082c2

Please sign in to comment.