Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(#1000) Do not display sensitive persisted package arguments #1002

Merged
merged 2 commits into from
May 30, 2023
Merged

(#1000) Do not display sensitive persisted package arguments #1002

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
42566a0
(#1000) Ensure sensitive arguments are detected
gep13 May 30, 2023
47e2093
(maint) Remove usage of obsolete methods
gep13 May 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions Source/ChocolateyGui.Common.Windows/Bootstrapper.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,13 +37,13 @@ public class Bootstrapper : BootstrapperBase
private static readonly IFileSystem _fileSystem = new DotNetFileSystem();

#pragma warning disable SA1202
public static readonly string ChocolateyGuiInstallLocation = _fileSystem.get_directory_name(_fileSystem.get_current_assembly_path());
public static readonly string ChocolateyGuiInstallLocation = _fileSystem.GetDirectoryName(_fileSystem.GetCurrentAssemblyPath());
public static readonly string ChocolateyInstallEnvironmentVariableName = "ChocolateyInstall";
public static readonly string ChocolateyInstallLocation = System.Environment.GetEnvironmentVariable(ChocolateyInstallEnvironmentVariableName) ?? _fileSystem.get_directory_name(_fileSystem.get_current_assembly_path());
public static readonly string LicensedGuiAssemblyLocation = _fileSystem.combine_paths(ChocolateyInstallLocation, "extensions", "chocolateygui", "chocolateygui.licensed.dll");
public static readonly string ChocolateyInstallLocation = System.Environment.GetEnvironmentVariable(ChocolateyInstallEnvironmentVariableName) ?? _fileSystem.GetDirectoryName(_fileSystem.GetCurrentAssemblyPath());
public static readonly string LicensedGuiAssemblyLocation = _fileSystem.CombinePaths(ChocolateyInstallLocation, "extensions", "chocolateygui", "chocolateygui.licensed.dll");

public static readonly string ChocolateyGuiCommonAssemblyLocation = _fileSystem.combine_paths(ChocolateyGuiInstallLocation, "ChocolateyGui.Common.dll");
public static readonly string ChocolateyGuiCommonWindowsAssemblyLocation = _fileSystem.combine_paths(ChocolateyGuiInstallLocation, "ChocolateyGui.Common.Windows.dll");
public static readonly string ChocolateyGuiCommonAssemblyLocation = _fileSystem.CombinePaths(ChocolateyGuiInstallLocation, "ChocolateyGui.Common.dll");
public static readonly string ChocolateyGuiCommonWindowsAssemblyLocation = _fileSystem.CombinePaths(ChocolateyGuiInstallLocation, "ChocolateyGui.Common.Windows.dll");

public static readonly string ChocolateyGuiCommonAssemblySimpleName = "ChocolateyGui.Common";
public static readonly string ChocolateyGuiCommonWindowsAssemblySimpleName = "ChocolateyGui.Common.Windows";
Expand Down
48 changes: 24 additions & 24 deletions Source/ChocolateyGui.Common.Windows/Services/ChocolateyService.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ public ChocolateyService(IMapper mapper, IProgressService progressService, IChoc
_configService = configService;
_choco = Lets.GetChocolatey(initializeLogging: false).SetCustomLogging(new SerilogLogger(Logger, _progressService), logExistingMessages: false, addToExistingLoggers: true);

_localAppDataPath = _fileSystem.combine_paths(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData, Environment.SpecialFolderOption.DoNotVerify), "Chocolatey GUI");
_localAppDataPath = _fileSystem.CombinePaths(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData, Environment.SpecialFolderOption.DoNotVerify), "Chocolatey GUI");
}

public Task<bool> IsElevated()
Expand All @@ -73,7 +73,7 @@ public async Task<IEnumerable<Package>> GetInstalledPackages()
_choco.Set(
config =>
{
config.CommandName = CommandNameType.list.ToString();
config.CommandName = CommandNameType.List.ToString();
});

var chocoConfig = _choco.GetConfiguration();
Expand All @@ -91,7 +91,7 @@ public async Task<IEnumerable<Package>> GetInstalledPackages()
else
{
var nugetService = _choco.Container().GetInstance<INugetService>();
var packages = await Task.Run(() => nugetService.list_run(chocoConfig));
var packages = await Task.Run(() => nugetService.List(chocoConfig));
return packages
.Select(package => GetMappedPackage(_choco, package, _mapper, true))
.ToArray();
Expand All @@ -107,7 +107,7 @@ public async Task<IReadOnlyList<OutdatedPackage>> GetOutdatedPackages(bool inclu
return new List<OutdatedPackage>();
}

var outdatedPackagesFile = _fileSystem.combine_paths(_localAppDataPath, "outdatedPackages.xml");
var outdatedPackagesFile = _fileSystem.CombinePaths(_localAppDataPath, "outdatedPackages.xml");

var outdatedPackagesCacheDurationInMinutesSetting = _configService.GetEffectiveConfiguration().OutdatedPackagesCacheDurationInMinutes;
int outdatedPackagesCacheDurationInMinutes = 0;
Expand All @@ -116,9 +116,9 @@ public async Task<IReadOnlyList<OutdatedPackage>> GetOutdatedPackages(bool inclu
int.TryParse(outdatedPackagesCacheDurationInMinutesSetting, out outdatedPackagesCacheDurationInMinutes);
}

if (_fileSystem.file_exists(outdatedPackagesFile) && (DateTime.Now - _fileSystem.get_file_modified_date(outdatedPackagesFile)).TotalMinutes < outdatedPackagesCacheDurationInMinutes)
if (_fileSystem.FileExists(outdatedPackagesFile) && (DateTime.Now - _fileSystem.GetFileModifiedDate(outdatedPackagesFile)).TotalMinutes < outdatedPackagesCacheDurationInMinutes)
{
return _xmlService.deserialize<List<OutdatedPackage>>(outdatedPackagesFile);
return _xmlService.Deserialize<List<OutdatedPackage>>(outdatedPackagesFile);
}
else
{
Expand All @@ -140,7 +140,7 @@ public async Task<IReadOnlyList<OutdatedPackage>> GetOutdatedPackages(bool inclu
if (chocoConfig.Sources != null)
{
var nugetService = choco.Container().GetInstance<INugetService>();
var packages = await Task.Run(() => nugetService.upgrade_noop(chocoConfig, null));
var packages = await Task.Run(() => nugetService.UpgradeDryRun(chocoConfig, null));
var results = packages
.Where(p => !p.Value.Inconclusive)
.Select(p => new OutdatedPackage
Expand All @@ -154,12 +154,12 @@ public async Task<IReadOnlyList<OutdatedPackage>> GetOutdatedPackages(bool inclu
// packages, when the serialized file has become old/stale, so we NEED the file to be re-written
// when this check is done, so that it isn't always doing the check. Therefore, when we are
// getting ready to serialize the list of outdated packages, if the file already exists, delete it.
if (_fileSystem.file_exists(outdatedPackagesFile))
if (_fileSystem.FileExists(outdatedPackagesFile))
{
_fileSystem.delete_file(outdatedPackagesFile);
_fileSystem.DeleteFile(outdatedPackagesFile);
}

_xmlService.serialize(results, outdatedPackagesFile);
_xmlService.Serialize(results, outdatedPackagesFile);
}
catch (Exception ex)
{
Expand Down Expand Up @@ -189,7 +189,7 @@ public async Task<PackageOperationResult> InstallPackage(
choco.Set(
config =>
{
config.CommandName = CommandNameType.install.ToString();
config.CommandName = CommandNameType.Install.ToString();
config.PackageNames = id;
config.Features.UsePackageExitCodes = false;

Expand Down Expand Up @@ -369,7 +369,7 @@ public async Task<PackageOperationResult> UninstallPackage(string id, string ver
choco.Set(
config =>
{
config.CommandName = CommandNameType.uninstall.ToString();
config.CommandName = CommandNameType.Uninstall.ToString();
config.PackageNames = id;
config.Features.UsePackageExitCodes = false;

Expand All @@ -392,7 +392,7 @@ public async Task<PackageOperationResult> UpdatePackage(string id, Uri source =
choco.Set(
config =>
{
config.CommandName = CommandNameType.upgrade.ToString();
config.CommandName = CommandNameType.Upgrade.ToString();
config.PackageNames = id;
config.Features.UsePackageExitCodes = false;
});
Expand All @@ -409,7 +409,7 @@ public async Task<PackageOperationResult> PinPackage(string id, string version)
config =>
{
config.CommandName = "pin";
config.PinCommand.Command = PinCommandType.add;
config.PinCommand.Command = PinCommandType.Add;
config.PinCommand.Name = id;
config.Version = version;
config.Sources = ApplicationParameters.PackagesLocation;
Expand All @@ -436,7 +436,7 @@ public async Task<PackageOperationResult> UnpinPackage(string id, string version
config =>
{
config.CommandName = "pin";
config.PinCommand.Command = PinCommandType.remove;
config.PinCommand.Command = PinCommandType.Remove;
config.PinCommand.Name = id;
config.Version = version;
config.Sources = ApplicationParameters.PackagesLocation;
Expand Down Expand Up @@ -474,7 +474,7 @@ public async Task SetFeature(ChocolateyFeature feature)
config =>
{
config.CommandName = "feature";
config.FeatureCommand.Command = feature.Enabled ? chocolatey.infrastructure.app.domain.FeatureCommandType.enable : chocolatey.infrastructure.app.domain.FeatureCommandType.disable;
config.FeatureCommand.Command = feature.Enabled ? chocolatey.infrastructure.app.domain.FeatureCommandType.Enable : chocolatey.infrastructure.app.domain.FeatureCommandType.Disable;
config.FeatureCommand.Name = feature.Name;
});

Expand All @@ -497,7 +497,7 @@ public async Task SetSetting(ChocolateySetting setting)
config =>
{
config.CommandName = "config";
config.ConfigCommand.Command = chocolatey.infrastructure.app.domain.ConfigCommandType.set;
config.ConfigCommand.Command = chocolatey.infrastructure.app.domain.ConfigCommandType.Set;
config.ConfigCommand.Name = setting.Key;
config.ConfigCommand.ConfigValue = setting.Value;
});
Expand All @@ -514,7 +514,7 @@ public async Task<ChocolateySource[]> GetSources()
var config = await GetConfigFile();
var allSources = config.Sources.Select(_mapper.Map<ChocolateySource>).ToArray();

var filteredSourceIds = _configSettingsService.source_list(_choco.GetConfiguration()).Select(s => s.Id).ToArray();
var filteredSourceIds = _configSettingsService.ListSources(_choco.GetConfiguration()).Select(s => s.Id).ToArray();

var mappedSources = allSources.Where(s => filteredSourceIds.Contains(s.Id)).ToArray();
return mappedSources;
Expand All @@ -528,7 +528,7 @@ public async Task AddSource(ChocolateySource source)
config =>
{
config.CommandName = "source";
config.SourceCommand.Command = SourceCommandType.add;
config.SourceCommand.Command = SourceCommandType.Add;
config.SourceCommand.Name = source.Id;
config.Sources = source.Value;
config.SourceCommand.Username = source.UserName;
Expand Down Expand Up @@ -560,7 +560,7 @@ public async Task DisableSource(string id)
config =>
{
config.CommandName = "source";
config.SourceCommand.Command = SourceCommandType.disable;
config.SourceCommand.Command = SourceCommandType.Disable;
config.SourceCommand.Name = id;
});

Expand All @@ -573,7 +573,7 @@ public async Task EnableSource(string id)
config =>
{
config.CommandName = "source";
config.SourceCommand.Command = SourceCommandType.enable;
config.SourceCommand.Command = SourceCommandType.Enable;
config.SourceCommand.Name = id;
});

Expand Down Expand Up @@ -611,7 +611,7 @@ public async Task<bool> RemoveSource(string id)
config =>
{
config.CommandName = "source";
config.SourceCommand.Command = SourceCommandType.remove;
config.SourceCommand.Command = SourceCommandType.Remove;
config.SourceCommand.Name = id;
});

Expand Down Expand Up @@ -646,7 +646,7 @@ private static Package GetMappedPackage(GetChocolatey choco, PackageResult packa
}

var packageInfoService = choco.Container().GetInstance<IChocolateyPackageInformationService>();
var packageInfo = packageInfoService.get_package_information(package.PackageMetadata);
var packageInfo = packageInfoService.Get(package.PackageMetadata);
mappedPackage.IsPinned = packageInfo.IsPinned;
mappedPackage.IsInstalled = !string.IsNullOrWhiteSpace(package.InstallLocation) || forceInstalled;

Expand Down Expand Up @@ -714,7 +714,7 @@ private async Task<ConfigFileSettings> GetConfigFile()
var xmlService = _choco.Container().GetInstance<IXmlService>();
var config =
await Task.Run(
() => xmlService.deserialize<ConfigFileSettings>(chocolatey.infrastructure.app.ApplicationParameters.GlobalConfigFileLocation));
() => xmlService.Deserialize<ConfigFileSettings>(chocolatey.infrastructure.app.ApplicationParameters.GlobalConfigFileLocation));
return config;
}
}
Expand Down
26 changes: 13 additions & 13 deletions Source/ChocolateyGui.Common.Windows/Services/PackageArgumentsService.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,17 +40,17 @@ public PackageArgumentsService(

public IEnumerable<string> DecryptPackageArgumentsFile(string id, string version)
{
var argumentsPath = _fileSystem.combine_paths(_chocolateyConfigurationProvider.ChocolateyInstall, ".chocolatey", "{0}.{1}".format_with(id, version));
var argumentsFile = _fileSystem.combine_paths(argumentsPath, ".arguments");
var argumentsPath = _fileSystem.CombinePaths(_chocolateyConfigurationProvider.ChocolateyInstall, ".chocolatey", "{0}.{1}".FormatWith(id, version));
var argumentsFile = _fileSystem.CombinePaths(argumentsPath, ".arguments");

string arguments = string.Empty;

// Get the arguments decrypted in here and return them
try
{
if (_fileSystem.file_exists(argumentsFile))
if (_fileSystem.FileExists(argumentsFile))
{
arguments = _fileSystem.read_file(argumentsFile);
arguments = _fileSystem.ReadFile(argumentsFile);
}
}
catch (Exception ex)
Expand All @@ -69,25 +69,25 @@ public IEnumerable<string> DecryptPackageArgumentsFile(string id, string version

// The following code is borrowed from the Chocolatey codebase, should
// be extracted to a separate location in choco executable so we can re-use it.
var packageArgumentsUnencrypted = arguments.contains(" --") && arguments.to_string().Length > 4
var packageArgumentsUnencrypted = arguments.Contains(" --") && arguments.ToStringSafe().Length > 4
? arguments
: _encryptionUtility.decrypt_string(arguments);
: _encryptionUtility.DecryptString(arguments);

// Lets do a global check first to see if there are any sensitive arguments
// before we filter out the values used later.
var sensitiveArgs = ArgumentsUtility.arguments_contain_sensitive_information(packageArgumentsUnencrypted);
var sensitiveArgs = ArgumentsUtility.SensitiveArgumentsProvided(packageArgumentsUnencrypted);

var packageArgumentsSplit =
packageArgumentsUnencrypted.Split(new[] { " --" }, StringSplitOptions.RemoveEmptyEntries);

foreach (var packageArgument in packageArgumentsSplit.or_empty_list_if_null())
foreach (var packageArgument in packageArgumentsSplit.OrEmpty())
{
var isSensitiveArgument = sensitiveArgs && ArgumentsUtility.arguments_contain_sensitive_information(packageArgument);
var isSensitiveArgument = sensitiveArgs && ArgumentsUtility.SensitiveArgumentsProvided(string.Concat("--", packageArgument));

var packageArgumentSplit =
packageArgument.Split(new[] { '=' }, 2, StringSplitOptions.RemoveEmptyEntries);

var optionName = packageArgumentSplit[0].to_string();
var optionName = packageArgumentSplit[0].ToStringSafe();
var optionValue = string.Empty;

if (packageArgumentSplit.Length == 2 && isSensitiveArgument)
Expand All @@ -96,14 +96,14 @@ public IEnumerable<string> DecryptPackageArgumentsFile(string id, string version
}
else if (packageArgumentSplit.Length == 2)
{
optionValue = packageArgumentSplit[1].to_string().remove_surrounding_quotes();
optionValue = packageArgumentSplit[1].ToStringSafe().UnquoteSafe();
if (optionValue.StartsWith("'"))
{
optionValue.remove_surrounding_quotes();
optionValue.UnquoteSafe();
}
}

yield return "--{0}{1}".format_with(
yield return "--{0}{1}".FormatWith(
optionName,
string.IsNullOrWhiteSpace(optionValue) ? string.Empty : "=" + optionValue);
}
Expand Down
2 changes: 1 addition & 1 deletion Source/ChocolateyGui.Common.Windows/ViewModels/AdvancedInstallViewModel.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -440,7 +440,7 @@ private void OnSelectedVersionChanged(string stringVersion)

private void BrowseLogFile(object value)
{
var filter = "{0}|{1}|{2}".format_with(
var filter = "{0}|{1}|{2}".FormatWith(
L(nameof(Resources.FilePicker_LogFiles)) + "|*.log;*.klg",
L(nameof(Resources.FilePicker_TextFiles)) + "|*.txt;*.text;*.plain",
L(nameof(Resources.FilePicker_AllFiles)) + "|*.*");
Expand Down
2 changes: 1 addition & 1 deletion Source/ChocolateyGui.Common.Windows/Views/ShellView.xaml.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ public ShellView(

// Certain things like Cef (our markdown browser engine) get unhappy when GUI is started from a different cwd.
// If we're in a different one, reset it to our app files directory.
if (_fileSystem.get_directory_name(Environment.CurrentDirectory) != Bootstrapper.ApplicationFilesPath)
if (_fileSystem.GetDirectoryName(Environment.CurrentDirectory) != Bootstrapper.ApplicationFilesPath)
{
Environment.CurrentDirectory = Bootstrapper.ApplicationFilesPath;
}
Expand Down
Loading