Skip to content

Commit

Permalink
SneakAndPeek method
Browse files Browse the repository at this point in the history 
SneakAndPeek method
  • Loading branch information
@HotCakeX
HotCakeX committed Aug 2, 2024
1 parent 7b0c3b2 commit 2e07fdd
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 72 deletions.
33 changes: 33 additions & 0 deletions Harden-Windows-Security Module/Main files/C#/SneakAndPeek.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
using System;
using System.IO.Compression;
using System.Linq;
using System.Text.RegularExpressions;

namespace HardeningModule
{
public static class SneakAndPeek
{
/// <summary>
/// Takes a peek into a zip file and returns bool based on whether a file based on the query is found or not
/// </summary>
/// <param name="query"></param>
/// <param name="zipFile"></param>
/// <returns></returns>
public static bool Search(string query, string zipFile)
{
// Convert the query to a regular expression
string regexPattern = "^" + Regex.Escape(query).Replace("\\*", ".*") + "$";
Regex regex = new Regex(regexPattern, RegexOptions.IgnoreCase | RegexOptions.CultureInvariant);

// Open the zip file in read mode
using (ZipArchive zipArchive = ZipFile.OpenRead(zipFile))
{
// Make sure the selected zip has the required file
var content = zipArchive.Entries.Where(entry => regex.IsMatch(entry.FullName)).ToList();

// Return true if the number of files found is greater than 0
return content.Count > 0;
}
}
}
}
81 changes: 9 additions & 72 deletions Harden-Windows-Security Module/Main files/Core/Protect-WindowsSecurity.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,19 +146,8 @@ Function Protect-WindowsSecurity {

# Create a validate script attribute and add it to the collection
[System.Management.Automation.ValidateScriptAttribute]$PathToLGPO_ValidateScriptAttrib = New-Object -TypeName System.Management.Automation.ValidateScriptAttribute( {
try {
# Load the System.IO.Compression assembly
[System.Void][System.Reflection.Assembly]::LoadWithPartialName('System.IO.Compression.FileSystem')
# Open the zip file in read mode
[System.IO.Compression.ZipArchive]$ZipArchive = [IO.Compression.ZipFile]::OpenRead("$_")
# Make sure the selected zip has the required file
if (-NOT ($ZipArchive.Entries | Where-Object -FilterScript { $_.FullName -like 'LGPO_*/LGPO.exe' })) {
Throw 'The selected Zip file does not contain the LGPO.exe which is required for the Protect-WindowsSecurity function to work properly'
}
}
finally {
# Close the handle whether the zip file is valid or not
$ZipArchive.Dispose()
if (-NOT ([HardeningModule.SneakAndPeek]::Search('LGPO_*/LGPO.exe', $_))) {
Throw 'The selected Zip file does not contain the LGPO.exe which is required for the Protect-WindowsSecurity function to work properly'
}
# Return true if everything is okay
$true
Expand Down Expand Up @@ -194,19 +183,8 @@ Function Protect-WindowsSecurity {

# Create a validate script attribute and add it to the collection
[System.Management.Automation.ValidateScriptAttribute]$PathToMSFT365AppsSecurityBaselines_ValidateScriptAttrib = New-Object -TypeName System.Management.Automation.ValidateScriptAttribute( {
try {
# Load the System.IO.Compression assembly
[System.Void][System.Reflection.Assembly]::LoadWithPartialName('System.IO.Compression.FileSystem')
# Open the zip file in read mode
[System.IO.Compression.ZipArchive]$ZipArchive = [IO.Compression.ZipFile]::OpenRead("$_")
# Make sure the selected zip has the required file
if (-NOT ($ZipArchive.Entries | Where-Object -FilterScript { $_.FullName -like 'Microsoft 365 Apps for Enterprise*/Scripts/Baseline-LocalInstall.ps1' })) {
Throw 'The selected Zip file does not contain the Microsoft 365 Apps for Enterprise Security Baselines Baseline-LocalInstall.ps1 which is required for the Protect-WindowsSecurity function to work properly'
}
}
finally {
# Close the handle whether the zip file is valid or not
$ZipArchive.Dispose()
if (-NOT ([HardeningModule.SneakAndPeek]::Search('Microsoft 365 Apps for Enterprise*/Scripts/Baseline-LocalInstall.ps1', $_))) {
Throw 'The selected Zip file does not contain the Microsoft 365 Apps for Enterprise Security Baselines Baseline-LocalInstall.ps1 which is required for the Protect-WindowsSecurity function to work properly'
}
# Return true if everything is okay
$true
Expand Down Expand Up @@ -242,19 +220,8 @@ Function Protect-WindowsSecurity {

# Create a validate script attribute and add it to the collection
[System.Management.Automation.ValidateScriptAttribute]$PathToMSFTSecurityBaselines_ValidateScriptAttrib = New-Object -TypeName System.Management.Automation.ValidateScriptAttribute( {
try {
# Load the System.IO.Compression assembly
[System.Void][System.Reflection.Assembly]::LoadWithPartialName('System.IO.Compression.FileSystem')
# Open the zip file in read mode
[System.IO.Compression.ZipArchive]$ZipArchive = [IO.Compression.ZipFile]::OpenRead("$_")
# Make sure the selected zip has the required file
if (-NOT ($ZipArchive.Entries | Where-Object -FilterScript { $_.FullName -like 'Windows*Security Baseline/Scripts/Baseline-LocalInstall.ps1' })) {
Throw 'The selected Zip file does not contain the Microsoft Security Baselines Baseline-LocalInstall.ps1 which is required for the Protect-WindowsSecurity function to work properly'
}
}
finally {
# Close the handle whether the zip file is valid or not
$ZipArchive.Dispose()
if (-NOT ([HardeningModule.SneakAndPeek]::Search('Windows*Security Baseline/Scripts/Baseline-LocalInstall.ps1', $_))) {
Throw 'The selected Zip file does not contain the Microsoft Security Baselines Baseline-LocalInstall.ps1 which is required for the Protect-WindowsSecurity function to work properly'
}
# Return true if everything is okay
$true
Expand Down Expand Up @@ -695,13 +662,7 @@ Execution Policy: $CurrentExecutionPolicy
if ($Dialog.ShowDialog() -eq 'OK') {

try {
# Load the System.IO.Compression assembly
[System.Void][System.Reflection.Assembly]::LoadWithPartialName('System.IO.Compression.FileSystem')
# Open the zip file in read mode
[System.IO.Compression.ZipArchive]$ZipArchive = [IO.Compression.ZipFile]::OpenRead($Dialog.FileName)
# Make sure the selected zip has the required file
if (-NOT ($ZipArchive.Entries | Where-Object -FilterScript { $_.FullName -like 'Windows*Security Baseline/Scripts/Baseline-LocalInstall.ps1' })) {

if (-NOT ([HardeningModule.SneakAndPeek]::Search('Windows*Security Baseline/Scripts/Baseline-LocalInstall.ps1', $Dialog.FileName))) {
[HardeningModule.Logger]::LogMessage(
'The selected Zip file does not contain the Microsoft Security Baselines Baseline-LocalInstall.ps1 which is required for the Protect-WindowsSecurity function to work properly',
$SyncHash.Logger,
Expand All @@ -726,10 +687,6 @@ Execution Policy: $CurrentExecutionPolicy
$SyncHash.Window
)
}
finally {
# Close the handle whether the zip file is valid or not
$ZipArchive.Dispose()
}
}
})

Expand All @@ -744,13 +701,7 @@ Execution Policy: $CurrentExecutionPolicy
if ($Dialog.ShowDialog() -eq 'OK') {

try {
# Load the System.IO.Compression assembly
[System.Void][System.Reflection.Assembly]::LoadWithPartialName('System.IO.Compression.FileSystem')
# Open the zip file in read mode
[System.IO.Compression.ZipArchive]$ZipArchive = [IO.Compression.ZipFile]::OpenRead($Dialog.FileName )
# Make sure the selected zip has the required file
if (-NOT ($ZipArchive.Entries | Where-Object -FilterScript { $_.FullName -like 'Microsoft 365 Apps for Enterprise*/Scripts/Baseline-LocalInstall.ps1' })) {

if (-NOT ([HardeningModule.SneakAndPeek]::Search('Microsoft 365 Apps for Enterprise*/Scripts/Baseline-LocalInstall.ps1', $Dialog.FileName))) {
[HardeningModule.Logger]::LogMessage(
'The selected Zip file does not contain the Microsoft 365 Apps for Enterprise Security Baselines Baseline-LocalInstall.ps1 which is required for the Protect-WindowsSecurity function to work properly',
$SyncHash.Logger,
Expand All @@ -775,10 +726,6 @@ Execution Policy: $CurrentExecutionPolicy
$SyncHash.Window
)
}
finally {
# Close the handle whether the zip file is valid or not
$ZipArchive.Dispose()
}
}
})

Expand All @@ -793,13 +740,7 @@ Execution Policy: $CurrentExecutionPolicy
if ($Dialog.ShowDialog() -eq 'OK') {

try {
# Load the System.IO.Compression assembly
[System.Void][System.Reflection.Assembly]::LoadWithPartialName('System.IO.Compression.FileSystem')
# Open the zip file in read mode
[System.IO.Compression.ZipArchive]$ZipArchive = [IO.Compression.ZipFile]::OpenRead($Dialog.FileName)
# Make sure the selected zip has the required file
if (-NOT ($ZipArchive.Entries | Where-Object -FilterScript { $_.FullName -like 'LGPO_*/LGPO.exe' })) {

if (-NOT ([HardeningModule.SneakAndPeek]::Search('LGPO_*/LGPO.exe', $Dialog.FileName))) {
[HardeningModule.Logger]::LogMessage(
'The selected Zip file does not contain the LGPO.exe which is required for the Protect-WindowsSecurity function to work properly',
$SyncHash.Logger,
Expand All @@ -824,10 +765,6 @@ Execution Policy: $CurrentExecutionPolicy
$SyncHash.Window
)
}
finally {
# Close the handle whether the zip file is valid or not
$ZipArchive.Dispose()
}
}
})
#Endregion Offline-Mode-Tab
Expand Down

0 comments on commit 2e07fdd

Please sign in to comment.