Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rewrite Steams.ps1 into .NET, to prevent VirusTotal erroneously flagging the file #1426

Closed
Badgerati opened this issue Oct 21, 2024 · 2 comments · Fixed by #1428
Closed

Rewrite Steams.ps1 into .NET, to prevent VirusTotal erroneously flagging the file #1426

Badgerati opened this issue Oct 21, 2024 · 2 comments · Fixed by #1428
Assignees
@Badgerati
Labels
security 🔒
Milestone
2.11.1

Comments

@Badgerati
Copy link
Owner

Describe the Change

This was an issue found while releasing 2.11.0 to Chocolatey (Choco). Since they run scans on packages via VirusTotal (VT), it would appear that some vendors are erroneously flagging the Private/Streams.ps1 file. The flagging is due to the file containing many functions which are for reading, altering, and writing to streams - which is seen as "potentially malicious" even though it's been used in perfectly valid context.

You can see an example here: https://www.virustotal.com/gui/file/1e89d36213e613f709588bf253193574bc47fbf4a797223a44ab7742a924676f

To save having to communicate with 10 different vendors, and allow Choco to publish the package without exemptions, a quick fix here could be as simple as moving the functions into the compiled .NET DLL - which could even help give a quick perf boost.

When the rewrite is done, a quick adhoc packaging locally and running the package via VT should show 0 violations.
@Badgerati Badgerati added this to the 2.11.1 milestone Oct 21, 2024
@Badgerati Badgerati self-assigned this Oct 21, 2024
Badgerati added a commit that referenced this issue Oct 22, 2024
@Badgerati
#1426: migrates a couple stream funcs to .NET, and removes the Stream…
c948542 
…s.ps1 file
@Badgerati
Copy link
Owner Author

All of the functions, except the below 2, aren't actually being used:

  • Read-PodeStreamToEnd
  • Get-PodeCompressionStream

@Badgerati
Copy link
Owner Author

Ran the packaged changes against VirusTotal, and the scan now comes back clean
image

@Badgerati Badgerati mentioned this issue Oct 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Badgerati Badgerati

Labels
security 🔒
Projects
None yet
Milestone
2.11.1
Development

Successfully merging a pull request may close this issue.

Migrates Stream functions into the .NET Listener Badgerati/Pode
1 participant
@Badgerati