Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PowerShell extension - Not signed PowerShell-Files #2536

Closed
HerBenSte opened this issue Mar 9, 2020 · 8 comments · Fixed by #3431 or #3439
Closed

PowerShell extension - Not signed PowerShell-Files #2536

HerBenSte opened this issue Mar 9, 2020 · 8 comments · Fixed by #3431 or #3439
Assignees
@andyleejordan
Labels
Area-Build & Release Issue-Bug A bug to squash.
Milestone
Committed-vNext

Comments

@HerBenSte
Copy link

HerBenSte commented Mar 9, 2020
edited
Loading

Hello,
in my company only signed PowerShell-Files are allowed to use.
Since that I wrote a script which checks all files if they are signed or not.

In your PowerShell-Extension for VSCode nearly every file is signed but the list below (please sign those files and update the plugin).
If you need I can upload the simple script to check all PowerShell-Files for future extension releases.

Maybe thinking about to not use PowerShell files at all in the plugin and using an other language for it instead?

---------------------------------------------------
NOT SIGNED - FILES
---------------------------------------------------

Filepath:  .\ms-vscode.powershell-2020.3.0
Filename: InvokePesterStub.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: SampleModule.psd1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: PSScriptAnalyzerSettings.psd1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: PromptExamples.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: StopTest.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: Stop-Process2.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: SampleModule.psm1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: PathProcessingWildcards.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: DebugTest.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: ContentViewTest.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: Build.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: PathProcessingNoWildcards.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: PathProcessingNonExistingPaths.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: ExtensionExamples.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples\Tests
Filename: PathProcessing.Tests.ps1


Filepath: .\ms-vscode.powershell-2020.3.0\examples\Tests
Filename: SampleModule.Tests.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\modules\Plaster\1.1.3\Templates\AddPSScriptAnalyzerSettings
Filename: PSScriptAnalyzerSettings.psd1


Filepath:  .\ms-vscode.powershell-2020.3.0\modules\Plaster\1.1.3\Templates\NewPowerShellScriptModule
Filename: Module.psm1


Filepath:  .\ms-vscode.powershell-2020.3.0\modules\Plaster\1.1.3\Templates\NewPowerShellScriptModule\test
Filename: Module.T.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\modules\PowerShellEditorServices\Commands\Public
Filename: Clear-Host.ps1

I hope this list will help you.
@ghost ghost added the Needs: Triage Maintainer attention needed! label Mar 9, 2020
@TylerLeonhardt
Copy link
Member

So from this list, we can ignore any in .\ms-vscode.powershell-2020.3.0\examples as those are not run... we can also ignore the Plaster stuff since those are a part of a template.

That leaves:
Clear-Host.ps1
InvokePesterStub.ps1

Both of these should be signed.

@TylerLeonhardt
Copy link
Member

InvokePesterStub.ps1 should probably be moved into the PowerShellEditorServices repo - right now it exists in this repo. However there is quite a large PR out refactoring it #2441 so I will wait until that's in to move InvokePesterStub over.

@TylerLeonhardt TylerLeonhardt mentioned this issue Mar 9, 2020
Merged
@SydneyhSmith SydneyhSmith added Area-Build & Release Issue-Bug A bug to squash. and removed Needs: Triage Maintainer attention needed! labels Mar 11, 2020
@padlock780
Copy link

I've encountered this. This file was blocked by AppLocker. Please can these files be signed?
Microsoft and others recommend not allowing exes/scripts to run via path rules where the user has write access.

    %OSDRIVE%\USERS\%USER%\.VSCODE\EXTENSIONS\MS-VSCODE.POWERSHELL-2021.6.1\MODULES\POWERSHELLEDITORSERVICES.VSCODE\POWERSHELLEDITORSERVICES.VSCODE.PSD1

@ghost ghost added the Needs: Maintainer Attention Maintainer attention needed! label Jun 23, 2021
@andyleejordan
Copy link
Member

@padlock780 Thanks for bringing this to my attention. Our last release unfortunately encountered an issue which resulted in it not being signed. Releasing a patch update today to fix this.

@andyleejordan
Copy link
Member

@rjmholt Since the original bug is over a year old and to my knowledge resolved with the signing we set up six months ago, I'm going to close this bug with a fix to always sign our artifacts.

@andyleejordan andyleejordan added this to the Committed-vNext milestone Jun 23, 2021
@andyleejordan andyleejordan self-assigned this Jun 23, 2021
@andyleejordan andyleejordan mentioned this issue Jun 23, 2021
Closed
@TylerLeonhardt
Copy link
Member

I think the problem in this issue was that the Pester script here is not signed:
https://github.com/PowerShell/vscode-powershell/blob/master/InvokePesterStub.ps1

because it's in vscode-powershell and not PSES.

@andyleejordan
Copy link
Member

I can fix that too.

@andyleejordan andyleejordan mentioned this issue Jun 23, 2021
Closed
@andyleejordan andyleejordan mentioned this issue Jun 23, 2021
Merged
@andyleejordan andyleejordan removed the Needs: Maintainer Attention Maintainer attention needed! label Jun 23, 2021
@andyleejordan
Copy link
Member

Oops, wasn't totally fixed.

@andyleejordan andyleejordan reopened this Jun 24, 2021
@andyleejordan andyleejordan mentioned this issue Jun 24, 2021
Merged
@andyleejordan andyleejordan linked a pull request Jun 24, 2021 that will close this issue
Fix Package task #3439
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andyleejordan andyleejordan

Labels
Area-Build & Release Issue-Bug A bug to squash.
Projects
None yet
Milestone
Committed-vNext
5 participants
@andyleejordan @TylerLeonhardt @SydneyhSmith @HerBenSte @padlock780