Skip to content

Add WinCompat deny list support using a setting in powershell.config.json #11726

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Feb 5, 2020
Merged

Add WinCompat deny list support using a setting in powershell.config.json #11726

merged 10 commits into from
Feb 5, 2020

Conversation

anmenaga
Copy link

@anmenaga anmenaga commented Jan 29, 2020
edited
Loading

PR Summary

Some Windows PowerShell modules don't work well with de/serialized objects, so they can not be used with WinCompat.
This PR adds support for an optional WindowsPowerShellCompatibilityModuleDenyList setting (a string array) in powershell.config.json so that a user can prevent specified modules from being loaded using WinCompat.
If WinCompat feature is enabled and it tries to load a module mentioned in the DenyList, then an error is generated.
Module name comparison is case-insensitive.
By default, in PowerShell packages for Windows OS, this setting will contain PSScheduledJob,BestPractices and UpdateServices modules (this list most likely will be extended in future).

Fix #11687

PR Checklist

@anmenaga anmenaga added WG-Engine core PowerShell engine, interpreter, and runtime CL-General Indicates that a PR should be marked as a general cmdlet change in the Change Log labels Jan 29, 2020
@ghost ghost added the Waiting on Author The PR was reviewed and requires changes or comments from the author before being accept label Jan 30, 2020
@SteveL-MSFT SteveL-MSFT requested a review from rjmholt January 30, 2020 00:48
@TravisEz13
Copy link
Member

Is this needed for GA?

@ghost ghost removed the Waiting on Author The PR was reviewed and requires changes or comments from the author before being accept label Jan 30, 2020
Andrew Menagarishvili added 2 commits January 30, 2020 13:47
@SteveL-MSFT SteveL-MSFT added this to the GA-consider milestone Jan 30, 2020
iSazonov
iSazonov reviewed Jan 31, 2020
View reviewed changes
@ghost ghost added the Waiting on Author The PR was reviewed and requires changes or comments from the author before being accept label Jan 31, 2020
@TravisEz13
Copy link
Member

@PoshChan Please remind me in 1 day

@daxian-dbw daxian-dbw modified the milestones: GA-consider, GA-approved Jan 31, 2020
@ghost ghost removed the Waiting on Author The PR was reviewed and requires changes or comments from the author before being accept label Jan 31, 2020
@anmenaga
Copy link
Author

Codacy issue Make 'IsModuleInDenyList' a static method is wrong as it doesn't detect a call to non-static WriteError.

@TravisEz13
Copy link
Member

@PaulHigin Can you update your review?

@ghost ghost added the Waiting on Author The PR was reviewed and requires changes or comments from the author before being accept label Jan 31, 2020
@TravisEz13
Copy link
Member

Please resolve conflicts

@PoshChan
Copy link
Collaborator

PoshChan commented Feb 1, 2020

@TravisEz13, this is the reminder you requested 1 day ago

@doctordns
Copy link
Collaborator

My earlier comment may have gotten buried - the WSUS module should be added to the WInCompat deny list.

@iSazonov iSazonov mentioned this pull request Feb 3, 2020
Closed
SteveL-MSFT
SteveL-MSFT requested changes Feb 3, 2020
View reviewed changes
Copy link
Member

@SteveL-MSFT SteveL-MSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pending adding UpdateServices module to the list

@ghost ghost added the Waiting on Author The PR was reviewed and requires changes or comments from the author before being accept label Feb 3, 2020
@ghost ghost removed the Waiting on Author The PR was reviewed and requires changes or comments from the author before being accept label Feb 4, 2020
@TravisEz13
Copy link
Member

@SteveL-MSFT Please update your review?

@ghost ghost added the Waiting on Author The PR was reviewed and requires changes or comments from the author before being accept label Feb 4, 2020
@ghost ghost removed the Waiting on Author The PR was reviewed and requires changes or comments from the author before being accept label Feb 4, 2020
@TravisEz13
Copy link
Member

@PoshChan Please remind me in 1 hour

SteveL-MSFT
SteveL-MSFT approved these changes Feb 4, 2020
View reviewed changes
Copy link
Member

@SteveL-MSFT SteveL-MSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One NIT

@PoshChan
Copy link
Collaborator

PoshChan commented Feb 4, 2020

@TravisEz13, this is the reminder you requested 1 hour ago

@TravisEz13
Copy link
Member

@PoshChan Please remind me in 1 hour

@PoshChan
Copy link
Collaborator

PoshChan commented Feb 5, 2020

@TravisEz13, this is the reminder you requested 1 hour ago

@TravisEz13 TravisEz13 merged commit 43c88a4 into PowerShell:master Feb 5, 2020
@TravisEz13 TravisEz13 modified the milestones: GA-approved, 7.0.0 Feb 8, 2020
adityapatwardhan pushed a commit to adityapatwardhan/PowerShell that referenced this pull request Feb 18, 2020
@TravisEz13
Add WinCompat deny list support using a setting in powershell.… (Powe…
038adcc 
…rShell#11726)

# Conflicts:
#	build.psm1
#	src/System.Management.Automation/engine/Modules/ImportModuleCommand.cs
@ghost
Copy link

ghost commented Feb 21, 2020

🎉v7.0.0-rc.3 has been released which incorporates this pull request.:tada:

Handy links:

@TravisEz13 TravisEz13 mentioned this pull request Oct 12, 2022
Merged
22 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@doctordns doctordns doctordns left review comments

@iSazonov iSazonov iSazonov left review comments

@TravisEz13 TravisEz13 TravisEz13 approved these changes

@SteveL-MSFT SteveL-MSFT SteveL-MSFT approved these changes

@PaulHigin PaulHigin PaulHigin approved these changes

@daxian-dbw daxian-dbw Awaiting requested review from daxian-dbw

@adityapatwardhan adityapatwardhan Awaiting requested review from adityapatwardhan

@rjmholt rjmholt Awaiting requested review from rjmholt

Assignees

@adityapatwardhan adityapatwardhan

Labels
CL-General Indicates that a PR should be marked as a general cmdlet change in the Change Log WG-Engine core PowerShell engine, interpreter, and runtime
Projects
None yet
Milestone
7.0.0-rc.3
Development

Successfully merging this pull request may close these issues.

Bug in 7.0.0-rc.2: Register-ScheduledJob ScriptBlock parameter doesn't work
9 participants
@anmenaga @TravisEz13 @PoshChan @doctordns @SteveL-MSFT @PaulHigin @iSazonov @daxian-dbw @adityapatwardhan