Retrieve more info with Get-AuthenticodeSignature by jborean93 · Pull Request #17568 · PowerShell/PowerShell

jborean93 · 2022-06-23T05:58:51Z

PR Summary

Adds the Signatures property to the Signature output object of
Get-AuthenticodeSignature and Set-AuthenticodeSignature. This new object
is an array of signature detail objects that contains the signing and
digest algorithm as well as the timestamp information of the signature.
It does this for all the entries in the authenticode block and not just
the first entry

PR Context

I was trying to get this information to test out the changes in #17560 and found the Get-AuthenticodeSignature was lacking some of the data needed. This hopefully expands the functionality of the cmdlet and expose more data that might be useful for others.

Still need to finalise the tests and fix up a few things before I can mark this as ready.

PR Checklist

Adds the Signatures property to the Signature output object of Get-AuthenticodeSignature and Set-AuthenticodeSignature. This new object is an array of signature detail objects that contains the signing and digest algorithm as well as the timestamp information of the signature. It does this for all the entries in the authenticode block and not just the first entry

daxian-dbw · 2022-06-28T18:36:33Z

Reopen PR to re-trigger the CI runs.

pull-request-quantifier-deprecated · 2022-06-28T18:36:37Z

This PR has 503 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

Quantification details

Label      : Extra Large
Size       : +503 -0
Percentile : 83.43%

Total files changed: 6

Change summary by file extension:
.cs : +142 -0
.ps1 : +361 -0

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

Fast and predictable releases to production:
- Optimal size changes are more likely to be reviewed faster with fewer
  iterations.
- Similarity in low PR complexity drives similar review times.
Review quality is likely higher as complexity is lower:
- Bugs are more likely to be detected.
- Code inconsistencies are more likely to be detetcted.
Knowledge sharing is improved within the participants:
- Small portions can be assimilated better.
Better engineering practices are exercised:
- Solving big problems by dividing them in well contained, smaller problems.
- Exercising separation of concerns within the code changes.

What can I do to optimize my changes

Use the PullRequestQuantifier to quantify your PR accurately
- Create a context profile for your repo using the context generator
- Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
- Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
- Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
Change your engineering behaviors
- For PRs that fall outside of the desired spectrum, review the details and check if:
  - Your PR could be split in smaller, self-contained PRs instead
  - Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

One line was added: +1 -0
One line was deleted: +0 -1
One line was modified: +1 -1 (git diff doesn't know about modified, it will
interpret that line like one addition plus one deletion)
Change percentiles: Change characteristics (addition, deletion, modification)
of this PR in relation to all other PRs within the repository.

Was this comment helpful? 👍 :ok_hand: :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.

iSazonov · 2022-06-29T03:16:32Z

I'd prefer to have dotnet/runtime#34042 :-)

jborean93 · 2022-06-29T03:23:57Z

An issue from nearly 3 years ago with no progress + a somewhat vague request. Is that asking for cross platform support, more implementations in dotnet or something else? If this isn't wanted in PowerShell it would be great if I could put it in https://www.nuget.org/packages/Microsoft.Security.Extensions but it doesn't appear to be open source or available for contributors. Ultimately I'm hoping to add more information for Get-AuthenticodeSignature which includes the various signature details rather than just a general overview of the trust.

Microsoft.Security.Extensions 1.2.0
This assembly contains a collection of functions used to collect information about file signatures. This assembly is officially supported only for Windows versions on which .NETStandard 2.0 is supported.

iSazonov · 2022-06-29T03:56:05Z

@jborean93 A lot of code exists in PowerShell only because these features are missing from the .Net Runtime and Libraries. We have already removed a lot of code as .Net went from version 1 to 7. This is the preferred path. There is not much point in repackaging the code - only the risk of regression. It is more valuable to spend this effort to extend .Net.

jborean93 · 2022-06-29T04:11:55Z

The bulk of the code is very PowerShell specific. It's adding extra info the the return object of Get-AuthenticodeSignature or Set-AuthenticodeSignature. The only real code that is generic enough to potentially go in dotnet are the PInvoke defs that retrieve the signature byte array which yes it might be nice in dotnet but I honestly am not prepared to learn the whole development process there.

If the changes here aren't wanted in PowerShell that's fair enough, I won't add any more efforts in moving it to a ready state.

PaulHigin · 2022-07-11T18:24:20Z


+        /// <summary>
+        /// Gets the list of signatures and their details using the Crypt APIs.
+        /// is used to get all the signatures in a file/content rather than


Suggested change

/// is used to get all the signatures in a file/content rather than

/// It is used to get all the signatures in a file/content rather than

PaulHigin · 2022-07-11T18:24:33Z

        }

+        /// <summary>
+        /// Gets the list of signatures and their details using the Crypt APIs.


Suggested change

/// Gets the list of signatures and their details using the Crypt APIs.

/// Gets the list of signatures and their details using the Crypto APIs.

PaulHigin · 2022-07-11T18:29:03Z

+        /// is used to get all the signatures in a file/content rather than
+        /// just the overall trust information.
+        /// </summary>
+        private static SignatureDetail[] GetSignaturesFromCrypto(string fileName,


Suggested change

private static SignatureDetail[] GetSignaturesFromCrypto(string fileName,

private static SignatureDetail[] GetSignaturesFromCrypto(

string fileName,

PaulHigin · 2022-07-11T20:05:40Z

+            public unsafe byte* pbData;
+        }
+
+        [DllImport("Crypt32.dll", EntryPoint = "CryptQueryObject", SetLastError = true)]


MS documentation says CryptQueryObject is deprecated. Should we be using the current API? If not please add a comment as to why we are using this API and that it is deprecated by MS.

PaulHigin · 2022-07-11T20:23:27Z

+            int dataLength = 0;
+            unsafe
+            {
+                NativeCryptMsgGetParam(msg, paramType, idx, null, ref dataLength);


Can this fail? It seems like we should throw here on fail.

PaulHigin · 2022-07-11T20:26:46Z

+            byte[] sigData;
+            if (fileContent == null)
+            {
+                // FIXME: Handle a missing file


Not sure what this comment means. I assume API will throw if file is non-existent. Please remove the comment if it no longer applies, or fix the issue.

PaulHigin · 2022-07-11T21:50:59Z

+            }
+
+            SignedCms cmsInfo = new();
+            cmsInfo.Decode(sigData);


I think we should capture any errors here if the decode fails for any reason, and just return null or empty array for the new Signatures property. We may want to write a warning that the extra signature information could not be obtained.

PaulHigin · 2022-07-11T21:52:56Z

+                    if (attr.Oid.Value == counterSignOid)
+                    {
+                        SignedCms counterSigner = new();
+                        counterSigner.Decode(attr.Values[0].RawData);


We should handle any decoding errors.

ghost · 2022-07-26T23:01:17Z

This pull request has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 15 days. It will be closed if no further activity occurs within 10 days of this comment.

pull-request-quantifier-deprecated Bot added the Extra Large label Jun 23, 2022

ghost assigned adityapatwardhan Jun 23, 2022

iSazonov requested review from PaulHigin and TravisEz13 June 23, 2022 17:43

ghost added the Waiting on Author The PR was reviewed and requires changes or comments from the author before being accept label Jun 26, 2022

daxian-dbw closed this Jun 28, 2022

daxian-dbw reopened this Jun 28, 2022

ghost removed the Waiting on Author The PR was reviewed and requires changes or comments from the author before being accept label Jun 29, 2022

ghost added the Waiting on Author The PR was reviewed and requires changes or comments from the author before being accept label Jul 2, 2022

PaulHigin suggested changes Jul 11, 2022

View reviewed changes

ghost added the Stale label Jul 26, 2022

ghost closed this Aug 6, 2022

This pull request was closed.

	/// is used to get all the signatures in a file/content rather than
	/// It is used to get all the signatures in a file/content rather than

	/// Gets the list of signatures and their details using the Crypt APIs.
	/// Gets the list of signatures and their details using the Crypto APIs.

	private static SignatureDetail[] GetSignaturesFromCrypto(string fileName,
	private static SignatureDetail[] GetSignaturesFromCrypto(
	string fileName,

Conversation

jborean93 commented Jun 23, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

PR Summary

PR Context

PR Checklist

Uh oh!

daxian-dbw commented Jun 28, 2022

Uh oh!

pull-request-quantifier-deprecated Bot commented Jun 28, 2022

What can I do to optimize my changes

How to interpret the change counts in git diff output

Uh oh!

iSazonov commented Jun 29, 2022

Uh oh!

jborean93 commented Jun 29, 2022 • edited by unfurl-links Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

iSazonov commented Jun 29, 2022

Uh oh!

jborean93 commented Jun 29, 2022

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

ghost commented Jul 26, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

jborean93 commented Jun 23, 2022 •

edited

Loading

jborean93 commented Jun 29, 2022 •

edited by unfurl-links Bot

Loading