Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Powershell script causes security alerts in corporate environment #7078

Open
Quafadas opened this issue Dec 30, 2024 · 3 comments
Open

Powershell script causes security alerts in corporate environment #7078

Quafadas opened this issue Dec 30, 2024 · 3 comments

Comments

@Quafadas
Copy link
Contributor

Describe the bug

Here's the message from the security team;

Message

PowerShell is running the following command

powershell.exe -version 2 -NoProfile

& {
[Console]::OutputEncoding = [System.Text.Encoding]::UTF8
Add-Type @"
using System;
using System.Runtime.InteropServices;
public class Dir {
[DllImport("shell32.dll")]
private static extern int SHGetKnownFolderPath([MarshalAs(UnmanagedType.LPStruct)] Guid rfid, uint dwFlags, IntPtr hToken, out IntPtr pszPath);
public static string GetKnownFolderPath(string rfid) {
IntPtr pszPath;
if (SHGetKnownFolderPath(new Guid(rfid), 0, IntPtr.Zero, out pszPath) != 0) return "";
string path = Marshal.PtrToStringUni(pszPath);
Marshal.FreeCoTaskMem(pszPath);
return path;
}
}
"@
[Dir]::GetKnownFolderPath("3EB685DB-65F9-4CF6-A03A-E3EF65729F3D")
[Dir]::GetKnownFolderPath("F1B32785-6FBA-4FCF-9D55-7B8E7F157091")
}

PowerShell is being spanwed by java.exe, and the command line of Java contains "C:\Users\xxxxxxx\AppData\Local\Coursier\cache\v1\https\packages.corp.com\artifactory"

There is a GitHub site for Coursier (referenced in the java.exe command line) which makes mention of a PowerShell script to "Bypass or reduce PowerShell usage on Windows"
The script is near identical to that in our alert.
coursier/coursier#1387

We are containing to see alerts for this, would it be possible for this script to utilise a newer version of PowerShell please to prevent us receiving these alerts?

Expected behavior

Metals wouldn't trigger alerts from the security team, I believe the issue is that it's asking specifically for powershell 2, which is now considered deprecated internally.

This is somewhat outside my area of expertise, so not sure what else to add.

Operating system

Windows

Editor/Extension

VS Code

Version of Metals

v1.4.2.

Extra context or search terms

n/a
@tgodzik
Copy link
Contributor

tgodzik commented Dec 30, 2024
edited
Loading

Thanks for reporting! I looks like the issue is actually fixed in dirs-dev/directories-jvm@b76e360 but that one requires updating to Java 22, which we can't currently do.

We would need to stop using that library altogether (or use a fork without -version 2), which I don't have time to work on currently either here or in coursier.

@Quafadas
Copy link
Contributor Author

Quafadas commented Jan 3, 2025

Thanks for looking and writing back. The time issues are well understood 🙏 .

Happy new year!

@tgodzik
Copy link
Contributor

tgodzik commented Jan 11, 2025

We might also use https://github.com/coursier/coursier/pull/3217/files, though not sure if it would help in your case

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tgodzik @Quafadas