Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

URI validation for winget cli commands #4707

Open
wants to merge 33 commits into
base: master
Choose a base branch
from
Open

URI validation for winget cli commands #4707

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
2b0915e
Init URI validation
AmelBawa-msft Aug 2, 2024
e7ea781
Updated result
AmelBawa-msft Aug 2, 2024
80e3d07
empty space
AmelBawa-msft Aug 2, 2024
04be98c
Misc enhancements
AmelBawa-msft Aug 2, 2024
d108187
Updated admx/adml
AmelBawa-msft Aug 2, 2024
eb33c58
Validate untrusted zone
AmelBawa-msft Aug 5, 2024
e369739
Resolved conflicts
AmelBawa-msft Sep 30, 2024
7b48281
Move URI validation to a new file
AmelBawa-msft Oct 1, 2024
d393bf1
Addressing comments
AmelBawa-msft Oct 2, 2024
92b9076
remove pch
AmelBawa-msft Oct 4, 2024
d2c9af3
Add URI validation to download
AmelBawa-msft Oct 8, 2024
3aa8415
Resolved conflicts
AmelBawa-msft Oct 8, 2024
c07480e
Updated TPV
AmelBawa-msft Oct 9, 2024
1b90b32
Renaming
AmelBawa-msft Oct 10, 2024
7f25660
Include dir for diff plat
AmelBawa-msft Oct 11, 2024
29b0dc8
Update vcxproj
AmelBawa-msft Oct 11, 2024
b8e11fe
Resolved conflict
AmelBawa-msft Oct 11, 2024
8f04683
rm package reference
AmelBawa-msft Oct 11, 2024
caa13c2
Fix includes
AmelBawa-msft Oct 12, 2024
0ac0ab4
Create a task
AmelBawa-msft Oct 14, 2024
5ed92b6
String resource
AmelBawa-msft Oct 14, 2024
4b656d6
CE
AmelBawa-msft Oct 14, 2024
54b4e6b
Added GP
AmelBawa-msft Oct 16, 2024
1fb3c76
Added enum
AmelBawa-msft Oct 16, 2024
b5bdb1e
Added condition
AmelBawa-msft Oct 16, 2024
5f209d1
Added tests
AmelBawa-msft Oct 17, 2024
865cb0a
Resolved conflict
AmelBawa-msft Oct 17, 2024
3aa97f4
Fix UT
AmelBawa-msft Oct 17, 2024
227511a
Fix UT
AmelBawa-msft Oct 18, 2024
d84cf21
Terminate after validation
AmelBawa-msft Oct 21, 2024
ca649fe
Renaming
AmelBawa-msft Oct 31, 2024
1d6408c
Update comment
AmelBawa-msft Nov 1, 2024
70d600c
Resolve conflicts
AmelBawa-msft Nov 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
102 changes: 92 additions & 10 deletions doc/admx/DesktopAppInstaller.admx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,88 @@
<text id="WindowsPackageManagerDefaultProxy" valueName="DefaultProxy" />
</elements>
</policy>
<policy name="EnableWindowsPackageManagerSmartScreenCheck" class="Machine" displayName="$(string.EnableWindowsPackageManagerSmartScreenCheck)" explainText="$(string.EnableWindowsPackageManagerSmartScreenCheckExplanation)" key="Software\Policies\Microsoft\Windows\AppInstaller" valueName="EnableWindowsPackageManagerSmartScreenCheck">
<parentCategory ref="AppInstaller" />
<supportedOn ref="windows:SUPPORTED_Windows_10_0_RS5" />
<enabledValue>
<decimal value="1" />
</enabledValue>
<disabledValue>
<decimal value="0" />
</disabledValue>
</policy>
<policy name="EnableWindowsPackageManagerAllowedSecurityZones" class="Machine" displayName="$(string.EnableWindowsPackageManagerAllowedSecurityZones)" explainText="$(string.EnableWindowsPackageManagerAllowedSecurityZonesExplanation)" presentation="$(presentation.WindowsPackageManagerAllowedSecurityZones)" key="Software\Policies\Microsoft\Windows\AppInstaller" valueName="EnableWindowsPackageManagerAllowedSecurityZones">
<parentCategory ref="AppInstaller" />
<supportedOn ref="windows:SUPPORTED_Windows_10_0_RS5" />
<enabledValue>
<decimal value="1" />
</enabledValue>
<disabledValue>
<decimal value="0" />
</disabledValue>
<elements>
<enum id="LocalMachine" key="Software\Policies\Microsoft\Windows\AppInstaller\WindowsPackageManagerAllowedSecurityZones" valueName="LocalMachine" required="false">
<item displayName="$(string.SecurityZoneBlocked)">
<value>
<decimal value="0" />
</value>
</item>
<item displayName="$(string.SecurityZoneAllowed)">
<value>
<decimal value="1" />
</value>
</item>
</enum>
<enum id="Intranet" key="Software\Policies\Microsoft\Windows\AppInstaller\WindowsPackageManagerAllowedSecurityZones" valueName="Intranet">
<item displayName="$(string.SecurityZoneBlocked)">
<value>
<decimal value="0" />
</value>
</item>
<item displayName="$(string.SecurityZoneAllowed)">
<value>
<decimal value="1" />
</value>
</item>
</enum>
<enum id="TrustedSites" key="Software\Policies\Microsoft\Windows\AppInstaller\WindowsPackageManagerAllowedSecurityZones" valueName="TrustedSites">
<item displayName="$(string.SecurityZoneBlocked)">
<value>
<decimal value="0" />
</value>
</item>
<item displayName="$(string.SecurityZoneAllowed)">
<value>
<decimal value="1" />
</value>
</item>
</enum>
<enum id="Internet" key="Software\Policies\Microsoft\Windows\AppInstaller\WindowsPackageManagerAllowedSecurityZones" valueName="Internet">
<item displayName="$(string.SecurityZoneBlocked)">
<value>
<decimal value="0" />
</value>
</item>
<item displayName="$(string.SecurityZoneAllowed)">
<value>
<decimal value="1" />
</value>
</item>
</enum>
<enum id="UntrustedSites" key="Software\Policies\Microsoft\Windows\AppInstaller\WindowsPackageManagerAllowedSecurityZones" valueName="UntrustedSites">
<item displayName="$(string.SecurityZoneBlocked)">
<value>
<decimal value="0" />
</value>
</item>
<item displayName="$(string.SecurityZoneAllowed)">
<value>
<decimal value="1" />
</value>
</item>
</enum>
</elements>
</policy>
<policy name="EnableMsixAllowedZones" class="Machine" displayName="$(string.EnableMsixAllowedZones)" explainText="$(string.EnableMsixAllowedZonesExplanation)" presentation="$(presentation.MsixAllowedZones)" key="Software\Policies\Microsoft\Windows\AppInstaller" valueName="EnableMsixAllowedZones">
<parentCategory ref="AppInstaller" />
<supportedOn ref="windows:SUPPORTED_Windows_10_0_RS5" />
Expand All @@ -194,60 +276,60 @@
</disabledValue>
<elements>
<enum id="LocalMachine" key="Software\Policies\Microsoft\Windows\AppInstaller\MsixAllowedZones" valueName="LocalMachine" required="false">
<item displayName="$(string.ZoneBlocked)">
<item displayName="$(string.SecurityZoneBlocked)">
<value>
<decimal value="0" />
</value>
</item>
<item displayName="$(string.ZoneAllowed)">
<item displayName="$(string.SecurityZoneAllowed)">
<value>
<decimal value="1" />
</value>
</item>
</enum>
<enum id="Intranet" key="Software\Policies\Microsoft\Windows\AppInstaller\MsixAllowedZones" valueName="Intranet">
<item displayName="$(string.ZoneBlocked)">
<item displayName="$(string.SecurityZoneBlocked)">
<value>
<decimal value="0" />
</value>
</item>
<item displayName="$(string.ZoneAllowed)">
<item displayName="$(string.SecurityZoneAllowed)">
<value>
<decimal value="1" />
</value>
</item>
</enum>
<enum id="TrustedSites" key="Software\Policies\Microsoft\Windows\AppInstaller\MsixAllowedZones" valueName="TrustedSites">
<item displayName="$(string.ZoneBlocked)">
<item displayName="$(string.SecurityZoneBlocked)">
<value>
<decimal value="0" />
</value>
</item>
<item displayName="$(string.ZoneAllowed)">
<item displayName="$(string.SecurityZoneAllowed)">
<value>
<decimal value="1" />
</value>
</item>
</enum>
<enum id="Internet" key="Software\Policies\Microsoft\Windows\AppInstaller\MsixAllowedZones" valueName="Internet">
<item displayName="$(string.ZoneBlocked)">
<item displayName="$(string.SecurityZoneBlocked)">
<value>
<decimal value="0" />
</value>
</item>
<item displayName="$(string.ZoneAllowed)">
<item displayName="$(string.SecurityZoneAllowed)">
<value>
<decimal value="1" />
</value>
</item>
</enum>
<enum id="UntrustedSites" key="Software\Policies\Microsoft\Windows\AppInstaller\MsixAllowedZones" valueName="UntrustedSites">
<item displayName="$(string.ZoneBlocked)">
<item displayName="$(string.SecurityZoneBlocked)">
<value>
<decimal value="0" />
</value>
</item>
<item displayName="$(string.ZoneAllowed)">
<item displayName="$(string.SecurityZoneAllowed)">
<value>
<decimal value="1" />
</value>
Expand Down
15 changes: 13 additions & 2 deletions doc/admx/en-US/DesktopAppInstaller.adml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,20 +122,24 @@ If you disable this setting, users will not be able to use the Windows Package M
If you disable or do not configure this setting, no proxy will be used by default.

If you enable this setting, the specified proxy will be used by default.</string>
<string id="EnableWindowsPackageManagerAllowedSecurityZones">Enable App Installer Allowed Zones for the Windows Package Manager</string>
<string id="EnableWindowsPackageManagerAllowedSecurityZonesExplanation"></string>
<string id="EnableWindowsPackageManagerSmartScreenCheck">Enable Microsoft SmartScreen checks for the Windows Package Manager</string>
<string id="EnableWindowsPackageManagerSmartScreenCheckExplanation"></string>
Comment on lines +125 to +128
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding @RDMacLachlan to help with the strings for the new group policies in the ADML

<string id="EnableMsixAllowedZones">Enable App Installer Allowed Zones for MSIX Packages</string>
<string id="EnableMsixAllowedZonesExplanation">This policy controls whether App Installer allows installing packages originating from specific URL Zones. A package's origin is determined by its URI and whether a Mart-of-the-Web (MotW) is present. If multiple URIs are involved, all of them are considered; for example, when using a .appinstaller file that involves redirection.

If you enable this policy, users will be able to install MSIX packages according to the configuration for each zone.

If you disable or do not configure this policy, users will be able to install MSIX packages from any zone except for Untrusted.</string>
<string id="ZoneAllowed">Allow</string>
<string id="ZoneBlocked">Block</string>
<string id="EnableMsixSmartScreenCheck">Enable Microsoft SmartScreen checks for MSIX Packages</string>
<string id="EnableMsixSmartScreenCheckExplanation">This policy controls whether App Installer performs Microsoft SmartScreen checks when installing MSIX packages.

If you enable or do not configure this policy, the package URI will be evaluated with Microsoft SmartScreen before installation. This check is only done for packages that come from the internet.

If you disable, Microsoft SmartScreen will not be consulted before installing a package.</string>
<string id="SecurityZoneAllowed">Allow</string>
<string id="SecurityZoneBlocked">Block</string>
</stringTable>
<presentationTable>
<presentation id="SourceAutoUpdateInterval">
Expand All @@ -152,6 +156,13 @@ If you disable, Microsoft SmartScreen will not be consulted before installing a
<label>Default Proxy</label>
</textBox>
</presentation>
<presentation id="WindowsPackageManagerAllowedSecurityZones">
<dropdownList refId="LocalMachine" noSort="true" defaultItem="1">Local Machine</dropdownList>
<dropdownList refId="Intranet" noSort="true" defaultItem="1">Intranet</dropdownList>
<dropdownList refId="TrustedSites" noSort="true" defaultItem="1">Trusted Sites</dropdownList>
<dropdownList refId="Internet" noSort="true" defaultItem="1">Internet</dropdownList>
<dropdownList refId="UntrustedSites" noSort="true" defaultItem="0">Untrusted Sites</dropdownList>
</presentation>
<presentation id="MsixAllowedZones">
<dropdownList refId="LocalMachine" noSort="true" defaultItem="1">Local Machine</dropdownList>
<dropdownList refId="Intranet" noSort="true" defaultItem="1">Intranet</dropdownList>
Expand Down
Loading
Loading