Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Defender errors when running against DLP policies with \. And \T syntax #990

Closed
ahuynhMITRE opened this issue Mar 12, 2024 · 1 comment · Fixed by #1302
Closed

Defender errors when running against DLP policies with \. And \T syntax #990

ahuynhMITRE opened this issue Mar 12, 2024 · 1 comment · Fixed by #1302
Assignees
@schrolla
Labels
bug This issue or pull request addresses broken functionality
Milestone
Jellyfish

Comments

@ahuynhMITRE
Copy link
Collaborator

🐛 Summary

What's wrong? Please be specific.

An agency has noted that when running the Invoke-Scuba command the PowerShell failed with no results. Attached below are the errors in the PowerShell terminal and were not specific to DLP however through additional investigation and testing two of the DLP compliance policies (attached) contained the following syntax “.” and “\T” causing the error. Once the two policies were removed/renamed the script ran successfully.

To reproduce

Steps to reproduce the behavior:

  1. Create DLP compliance policies including the syntax included in the attachments and linked above
  2. Run ScubaGear

Expected behavior

Expectation: ScubaGear to run and capture the DLP compliant policies for the defender product

Any helpful log output or screenshots

PowerShell Error:
PowerShell Error

Syntax from Provider Export:
ProviderSettingsExport-DLPSyntaxError-1

ProviderSettingsExport-DLPSyntaxError-2
@buidav buidav added the bug This issue or pull request addresses broken functionality label Mar 12, 2024
@schrolla
Copy link
Collaborator

This looks like another occurrence of escaping causing issues in the JSON. I think we need a more comprehensive solution to escaping to prevent the more general case than what was done in #822. Ideally, creating a general purpose method for escaping, passing all strings thru it, and holding that. It should handle general presence of backslashes, unicode codes, and other control characters.

@schrolla schrolla added this to the Halibut milestone Mar 18, 2024
@schrolla schrolla modified the milestones: Halibut, Iceberg Jun 3, 2024
@schrolla schrolla mentioned this issue Jul 10, 2024
Closed
5 tasks
@schrolla schrolla modified the milestones: Iceberg, Jellyfish Jul 29, 2024
@schrolla schrolla self-assigned this Sep 6, 2024
@schrolla schrolla mentioned this issue Sep 10, 2024
Merged
20 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@schrolla schrolla

Labels
bug This issue or pull request addresses broken functionality
Projects
None yet
Milestone
Jellyfish
Development

Successfully merging a pull request may close this issue.

Fix encoding issue by removing BOM from provider output files cisagov/ScubaGear
3 participants
@buidav @schrolla @ahuynhMITRE