Merge pull request #326 from HotCakeX/WDACConfig-v0.4.4

WDACConfig v0.4.4

WDACConfig/.editorconfig

@@ -17,3 +17,12 @@ dotnet_diagnostic.CA1401.severity = error
 
 # CA1303: Do not pass literals as localized parameters
 dotnet_diagnostic.CA1303.severity = silent
+
+# CA1309: Use ordinal string comparison
+dotnet_diagnostic.CA1309.severity = error
+
+# CA1311: Specify a culture or use an invariant version
+dotnet_diagnostic.CA1311.severity = error
+
+# CA1416: Validate platform compatibility
+dotnet_diagnostic.CA1416.severity = error

WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/ArgumentCompleterAttribute.cs

@@ -6,6 +6,8 @@
 using System.Windows.Forms;
 using System.Linq;
 
+#nullable enable
+
 namespace WDACConfig.ArgCompleter
 {
 

WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/BasePolicyNamez.cs

@@ -3,6 +3,9 @@
 using System.Text.Json;
 using System.Collections.Generic;
 using System.Management.Automation;
+using System.Globalization;
+
+#nullable enable
 
 namespace WDACConfig
 {
@@ -36,12 +39,12 @@ public string[] GetValidValues()
             foreach (JsonElement policyElement in policiesElement.EnumerateArray())
             {
                 bool isSystemPolicy = policyElement.GetProperty("IsSystemPolicy").GetBoolean();
-                string policyId = policyElement.GetProperty("PolicyID").GetString();
-                string basePolicyId = policyElement.GetProperty("BasePolicyID").GetString();
-                string friendlyName = policyElement.GetProperty("FriendlyName").GetString();
+                string? policyId = policyElement.GetProperty("PolicyID").GetString();
+                string? basePolicyId = policyElement.GetProperty("BasePolicyID").GetString();
+                string? friendlyName = policyElement.GetProperty("FriendlyName").GetString();
 
                 // Use ordinal, case-insensitive comparison for the policy IDs
-                if (!isSystemPolicy && string.Equals(policyId, basePolicyId, StringComparison.OrdinalIgnoreCase))
+                if (!isSystemPolicy && string.Equals(policyId, basePolicyId, StringComparison.OrdinalIgnoreCase) && friendlyName != null)
                 {
                     validValues.Add(friendlyName);
                 }

WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/RuleOptionsx.cs

@@ -4,6 +4,8 @@
 using System.Linq;
 using System.Xml;
 
+#nullable enable
+
 namespace WDACConfig
 {
     public interface IValidateSetValuesGenerator
@@ -13,10 +15,11 @@ public interface IValidateSetValuesGenerator
 
     public class RuleOptionsx : IValidateSetValuesGenerator
     {
+
         public string[] GetValidValues()
         {
             // Load the CI Schema content
-            XmlDocument schemaData = new XmlDocument();
+            XmlDocument schemaData = new();
             schemaData.Load(Path.Combine(WDACConfig.GlobalVars.CISchemaPath));
 
             // Create a namespace manager to handle namespaces
@@ -26,18 +29,33 @@ public string[] GetValidValues()
             // Define the XPath query to fetch enumeration values
             string xpathQuery = "//xs:simpleType[@name='OptionType']/xs:restriction/xs:enumeration/@value";
 
-            // Fetch enumeration values from the schema
+            // Create a new HashSet to store the valid policy rule options
             HashSet<string> validOptions = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
-            XmlNodeList optionNodes = schemaData.SelectNodes(xpathQuery, nsManager);
+
+            // Fetch enumeration values from the schema
+            XmlNodeList? optionNodes = schemaData.SelectNodes(xpathQuery, nsManager) ?? throw new Exception("No valid options found in the Code Integrity Schema.");
+
             foreach (XmlNode node in optionNodes)
             {
-                validOptions.Add(node.Value);
+                if (node.Value != null)
+                {
+                    validOptions.Add(node.Value);
+                }
             }
 
-            // Read PolicyRuleOptions.Json
+            // Construct the full path to PolicyRuleOptions.Json
             string jsonFilePath = Path.Combine(WDACConfig.GlobalVars.ModuleRootPath, "Resources", "PolicyRuleOptions.Json");
+
+            // Read PolicyRuleOptions.Json
             string jsonContent = File.ReadAllText(jsonFilePath);
-            Dictionary<string, string> intel = System.Text.Json.JsonSerializer.Deserialize<Dictionary<string, string>>(jsonContent);
+
+            // Deserialize the JSON content
+            Dictionary<string, string>? intel = System.Text.Json.JsonSerializer.Deserialize<Dictionary<string, string>>(jsonContent);
+
+            if (intel == null)
+            {
+                throw new Exception("The PolicyRuleOptions.Json file did not have valid JSON content to be deserialized.");
+            }
 
             // Perform validation
             foreach (string key in intel.Values)
@@ -53,7 +71,7 @@ public string[] GetValidValues()
                 if (!intel.Values.Contains(option, StringComparer.OrdinalIgnoreCase))
                 {
                     // this should be a verbose or warning message
-                    //    throw new Exception($"Rule option '{option}' exists in the Code Integrity Schema but not being used by the module.");
+                    // throw new Exception($"Rule option '{option}' exists in the Code Integrity Schema but not being used by the module.");
                 }
             }
 

WDACConfig/WDACConfig Module Files/C#/ArgumentCompleters/ScanLevelz.cs

@@ -1,6 +1,8 @@
 using System;
 using System.Management.Automation;
 
+#nullable enable
+
 namespace WDACConfig
 {
     // Argument tab auto-completion and ValidateSet for Levels and Fallbacks parameters in the entire module

WDACConfig/WDACConfig Module Files/C#/Custom Types/AuthenticodePageHashes.cs

@@ -1,3 +1,7 @@
+using System;
+
+#nullable enable
+
 namespace WDACConfig
 {
     public class AuthenticodePageHashes

WDACConfig/WDACConfig Module Files/C#/Custom Types/CertificateDetailsCreator.cs

@@ -1,3 +1,6 @@
+
+#nullable enable
+
 namespace WDACConfig
 {
     public class CertificateDetailsCreator

WDACConfig/WDACConfig Module Files/C#/Custom Types/CertificateSignerCreator.cs

@@ -1,4 +1,7 @@
 using System;
+
+#nullable enable
+
 namespace WDACConfig
 {
     public class CertificateSignerCreator

WDACConfig/WDACConfig Module Files/C#/Custom Types/ChainElement.cs

@@ -1,6 +1,8 @@
 using System;
 using System.Security.Cryptography.X509Certificates;
 
+#nullable enable
+
 namespace WDACConfig
 {
     // the enum for CertificateType

WDACConfig/WDACConfig Module Files/C#/Custom Types/ChainPackage.cs

@@ -1,6 +1,8 @@
 using System.Security.Cryptography.Pkcs;
 using System.Security.Cryptography.X509Certificates;
 
+#nullable enable
+
 namespace WDACConfig
 {
     public class ChainPackage

WDACConfig/WDACConfig Module Files/C#/Custom Types/FileBasedInfoPackage.cs

@@ -1,6 +1,8 @@
 using System;
 using System.Collections.Generic;
 
+#nullable enable
+
 namespace WDACConfig
 {
     // Used by the BuildSignerAndHashObjects method to store and return the output

WDACConfig/WDACConfig Module Files/C#/Custom Types/FilePublisherSignerCreator.cs

@@ -1,20 +1,22 @@
 using System;
 using System.Collections.Generic;
 
+#nullable enable
+
 namespace WDACConfig
 {
     public class FilePublisherSignerCreator
     {
         public List<WDACConfig.CertificateDetailsCreator> CertificateDetails { get; set; }
-        public Version FileVersion { get; set; }
-        public string FileDescription { get; set; }
-        public string InternalName { get; set; }
-        public string OriginalFileName { get; set; }
-        public string PackageFamilyName { get; set; }
-        public string ProductName { get; set; }
-        public string FileName { get; set; }
-        public string AuthenticodeSHA256 { get; set; }
-        public string AuthenticodeSHA1 { get; set; }
+        public Version? FileVersion { get; set; }
+        public string? FileDescription { get; set; }
+        public string? InternalName { get; set; }
+        public string? OriginalFileName { get; set; }
+        public string? PackageFamilyName { get; set; }
+        public string? ProductName { get; set; }
+        public string? FileName { get; set; }
+        public string? AuthenticodeSHA256 { get; set; }
+        public string? AuthenticodeSHA1 { get; set; }
         public int SiSigningScenario { get; set; }
 
         public FilePublisherSignerCreator(List<WDACConfig.CertificateDetailsCreator> certificateDetails, Version fileVersion, string fileDescription, string internalName, string originalFileName, string packageFamilyName, string productName, string fileName, string authenticodeSHA256, string authenticodeSHA1, int siSigningScenario)

WDACConfig/WDACConfig Module Files/C#/Custom Types/HashCreator.cs

@@ -1,3 +1,6 @@
+
+#nullable enable
+
 namespace WDACConfig
 {
     public class HashCreator

WDACConfig/WDACConfig Module Files/C#/Custom Types/OpusSigner.cs

@@ -1,3 +1,6 @@
+
+#nullable enable
+
 namespace WDACConfig
 {
     public class OpusSigner

WDACConfig/WDACConfig Module Files/C#/Custom Types/PolicyHashObj.cs

@@ -1,5 +1,7 @@
 using System;
 
+#nullable enable
+
 // Used by WDAC Simulations
 namespace WDACConfig
 {
@@ -21,7 +23,7 @@ public PolicyHashObj(string hashvalue, string hashtype, string filepathforhash)
         // Making sure any HashSet or collection using this class will only keep unique objects based on their HashValue property
 
         // Override the Equals method
-        public override bool Equals(object obj)
+        public override bool Equals(object? obj)
         {
             if (obj == null || GetType() != obj.GetType())
             {

WDACConfig/WDACConfig Module Files/C#/Custom Types/PublisherSignerCreator.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+
 namespace WDACConfig
 {
     public class PublisherSignerCreator

WDACConfig/WDACConfig Module Files/C#/Custom Types/Signer.cs

@@ -1,6 +1,8 @@
 using System;
 using System.Collections.Generic;
 
+#nullable enable
+
 namespace WDACConfig
 {
     public class Signer

WDACConfig/WDACConfig Module Files/C#/Custom Types/SimulationInput.cs

@@ -1,3 +1,6 @@
+
+#nullable enable
+
 // Used by WDAC Simulations
 namespace WDACConfig
 {

WDACConfig/WDACConfig Module Files/C#/Custom Types/SimulationOutput.cs

@@ -1,3 +1,6 @@
+
+#nullable enable
+
 // Used by WDAC Simulations, the output of the comparer function/method
 namespace WDACConfig
 {

WDACConfig/WDACConfig Module Files/C#/Functions/AllCertificatesGrabber.cs

@@ -6,7 +6,6 @@
 
 // The following functions and methods use the Windows APIs to grab all of the certificates from a signed file
 
-#nullable disable
 namespace WDACConfig.AllCertificatesGrabber
 {
 

WDACConfig/WDACConfig Module Files/C#/Functions/AuthenticodeHashCalc.cs

@@ -2,6 +2,7 @@
 using System.Runtime.InteropServices;
 using System.Text;
 using System.IO;
+using System.Globalization;
 
 namespace WDACConfig
 {
@@ -101,7 +102,7 @@ private static string GetAuthenticodeHash(string filePath, string hashAlgorithm)
                         // Marshal.ReadByte returns a byte from the hashValue buffer at the specified offset
                         byte b = Marshal.ReadByte(hashValue, offset);
                         // Append the byte to the hashString as a hexadecimal string
-                        hashString.Append(b.ToString("X2"));
+                        hashString.Append(b.ToString("X2", CultureInfo.InvariantCulture));
                     }
                 }
             }

WDACConfig/WDACConfig Module Files/C#/Functions/CIPolicyVersion.cs

@@ -1,5 +1,7 @@
 using System;
 
+#nullable enable
+
 namespace WDACConfig
 {
     public static class CIPolicyVersion

WDACConfig/WDACConfig Module Files/C#/Functions/CertificateHelper.cs

@@ -2,7 +2,9 @@
 using System.Collections.Generic;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
-using System.Formats.Asn1; // to use the AsnReader and AsnWriter classes
+using System.Formats.Asn1;
+
+#nullable enable
 
 namespace WDACConfig
 {

WDACConfig/WDACConfig Module Files/C#/Functions/CiPolicyUtility.cs

@@ -2,6 +2,8 @@
 using System.IO;
 using System.Xml;
 
+#nullable enable
+
 namespace WDACConfig
 {
     public static class CiPolicyUtility
@@ -43,21 +45,21 @@ public static void CopyCiRules(string sourceFilePath, string destinationFilePath
             nsmgr.AddNamespace("ns", "urn:schemas-microsoft-com:sipolicy");
 
             // Select the Rules node in the source XML document
-            XmlNode sourceRulesNode = sourceXmlDoc.SelectSingleNode("/ns:SiPolicy/ns:Rules", nsmgr);
+            XmlNode? sourceRulesNode = sourceXmlDoc.SelectSingleNode("/ns:SiPolicy/ns:Rules", nsmgr);
             if (sourceRulesNode == null)
             {
                 throw new Exception("The <Rules> node was not found in the source XML file.");
             }
 
             // Select the SiPolicy node in the destination XML document
-            XmlNode destinationSiPolicyNode = destinationXmlDoc.SelectSingleNode("/ns:SiPolicy", nsmgr);
+            XmlNode? destinationSiPolicyNode = destinationXmlDoc.SelectSingleNode("/ns:SiPolicy", nsmgr);
             if (destinationSiPolicyNode == null)
             {
                 throw new Exception("The <SiPolicy> node was not found in the destination XML file.");
             }
 
             // Select the existing Rules node in the destination XML document
-            XmlNode destinationRulesNode = destinationSiPolicyNode.SelectSingleNode("ns:Rules", nsmgr);
+            XmlNode? destinationRulesNode = destinationSiPolicyNode.SelectSingleNode("ns:Rules", nsmgr);
             if (destinationRulesNode == null)
             {
                 throw new Exception("The <Rules> node was not found in the destination XML file.");

WDACConfig/WDACConfig Module Files/C#/Functions/CodeIntegritySigner.cs

@@ -2,6 +2,8 @@
 using System.Diagnostics;
 using System.IO;
 
+#nullable enable
+
 namespace WDACConfig
 {
     public static class CodeIntegritySigner

WDACConfig/WDACConfig Module Files/C#/Functions/Crypt32CertCN.cs

@@ -2,14 +2,16 @@
 using System.Runtime.InteropServices;
 using System.Text;
 
+#nullable enable
+
 namespace WDACConfig
 {
     public class CryptoAPI
     {
         // Importing function from crypt32.dll to access certificate information
         // https://learn.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetnamestringa
         [DllImport("crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)]
-        public static extern bool CertGetNameString(
+        internal static extern bool CertGetNameString(
             IntPtr pCertContext, // the handle property of the certificate object
             int dwType,
             int dwFlags,

WDACConfig/WDACConfig Module Files/C#/Functions/DebugLogger.cs

@@ -1,6 +1,8 @@
 using System;
 using System.Management.Automation.Host;
 
+#nullable enable
+
 namespace WDACConfig
 {
     public static class DebugLogger