Skip to content

[release/v7.3.2] Fix SuspiciousContentChecker.Match to detect a pre-defined string when the text starts with it #18916

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
TravisEz13 merged 3 commits into from
Jan 10, 2023
Merged

[release/v7.3.2] Fix SuspiciousContentChecker.Match to detect a pre-defined string when the text starts with it #18916

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
241be49
Fix `SuspiciousContentChecker.Match` to detect a pre-defined string w…
daxian-dbw Nov 30, 2022
aeb322f
Add more tests
daxian-dbw Dec 1, 2022
c2d180c
Add one more test
daxian-dbw Dec 1, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/System.Management.Automation/engine/runtime/CompiledScriptBlock.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2033,7 +2033,7 @@ public static string Match(string text)
continue;
}

for (int j = Math.Min(i, runningHash.Length) - 1; j > 0; j--)
for (int j = Math.Min(i, runningHash.Length - 1); j > 0; j--)
{
// Say our input is: `Emit` (our shortest pattern, len 4).
// Towards the end just before matching, we will:
Expand Down
35 changes: 35 additions & 0 deletions test/powershell/engine/Api/SuspiciousContentChecker.Tests.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.

Describe 'SuspiciousContentChecker verification' -Tags "CI" {
BeforeAll {
$type = [psobject].Assembly.GetType('System.Management.Automation.ScriptBlock+SuspiciousContentChecker')

$testCases = @(
@{ id = 'Should Detect (1)'; text = "add-TyPe"; expected = "Add-Type" }
@{ id = 'Should Detect (2)'; text = "GetDelegateForFunctionPointer"; expected = "GetDelegateForFunctionPointer" }
@{ id = 'Should Detect (3)'; text = "ZeroFreeGlobalAllocUnicode"; expected = "ZeroFreeGlobalAllocUnicode" }
@{ id = 'Should Detect (4)'; text = "Hello world emit new"; expected = "Emit" }
@{ id = 'Should Detect (5)'; text = "xxxx yyyyMakeByRefTypecccc Type 'help' to get help"; expected = "MakeByRefType" }
@{ id = 'Should Detect (6)'; text = "emjt TypeHandlebegood"; expected = "TypeHandle" }
@{ id = 'Should Detect (7)'; text = "emit*&)(@~>-type"; expected = "Emit" }
@{ id = 'Should Detect (8)'; text = "*&)(@~>-typeemit"; expected = "Emit" }
@{ id = 'Should Detect (9)'; text = "Type`u{48}andle`u{2122}"; expected = "TypeHandle" }
@{ id = 'Should Detect (10)'; text = "`u{2122}Type`u{48}andle`u{2122}"; expected = "TypeHandle" }
@{ id = 'Should Detect (11)'; text = "`u{D83D}`u{DE00}Type`u{48}andle`u{D83D}`u{DE00}"; expected = "TypeHandle" } ## use surrogate pairs in the string.
@{ id = 'Should Detect (12)'; text = "xx`u{48}`u{48}xx()xxx--xx[]xx;'xpox?/xxemit"; expected = "Emit" } ## suspicious string starts at the index 29.

@{ id = 'Should NOT Detect (1)'; text = "PowerShell Preview Extension v2022.11.2"; expected = $null }
@{ id = 'Should NOT Detect (2)'; text = "add-typu"; expected = $null }
@{ id = 'Should NOT Detect (3)'; text = "GetDelegateForFunctionPointfr"; expected = $null }
@{ id = 'Should NOT Detect (4)'; text = "emjt TypeHandlfe"; expected = $null }
@{ id = 'Should NOT Detect (5)'; text = "Get*&)(@~>-Types"; expected = $null }
)
}

It "Smoke testing the suspicious content detection - <id>" -TestCases $testCases {
param($text, $expected)

$type::Match($text) | Should -BeExactly $expected
}
}