Skip to content

Commit 83cbc28

Browse files
Add GP checks for all operations
1 parent c5845b3 commit 83cbc28

File tree

4 files changed

+62
-11
lines changed

4 files changed

+62
-11
lines changed

src/code/FindHelper.cs

Lines changed: 32 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -184,21 +184,16 @@ public IEnumerable<PSResourceInfo> FindByResourceName(
184184

185185
List<string> repositoryNamesToSearch = new List<string>();
186186

187-
Uri[] allowedRepostories = null;
188-
189-
if(GroupPolicyRepositoryEnforcement.IsGroupPolicyEnabled())
190-
{
191-
allowedRepostories = GroupPolicyRepositoryEnforcement.GetAllowedRepositoryURIs();
192-
}
193-
194187
for (int i = 0; i < repositoriesToSearch.Count; i++)
195188
{
196189
PSRepositoryInfo currentRepository = repositoriesToSearch[i];
197190

198-
if (allowedRepostories != null && !allowedRepostories.Contains(currentRepository.Uri))
191+
bool isAllowed = GroupPolicyRepositoryEnforcement.IsRepositoryAllowed(currentRepository.Uri);
192+
193+
if (!isAllowed)
199194
{
200195
_cmdletPassedIn.WriteError(new ErrorRecord(
201-
new PSInvalidOperationException($"Repository '{currentRepository.Name}' is not allowed by group policy."),
196+
new PSInvalidOperationException($"Repository '{currentRepository.Name}' is not allowed by Group Policy."),
202197
"RepositoryNotAllowedByGroupPolicy",
203198
ErrorCategory.PermissionDenied,
204199
this));
@@ -376,6 +371,20 @@ public IEnumerable<PSCommandResourceInfo> FindByCommandOrDscResource(
376371
for (int i = 0; i < repositoriesToSearch.Count; i++)
377372
{
378373
PSRepositoryInfo currentRepository = repositoriesToSearch[i];
374+
375+
bool isAllowed = GroupPolicyRepositoryEnforcement.IsRepositoryAllowed(currentRepository.Uri);
376+
377+
if (!isAllowed)
378+
{
379+
_cmdletPassedIn.WriteError(new ErrorRecord(
380+
new PSInvalidOperationException($"Repository '{currentRepository.Name}' is not allowed by Group Policy."),
381+
"RepositoryNotAllowedByGroupPolicy",
382+
ErrorCategory.PermissionDenied,
383+
this));
384+
385+
continue;
386+
}
387+
379388
repositoryNamesToSearch.Add(currentRepository.Name);
380389
_networkCredential = Utils.SetNetworkCredential(currentRepository, _networkCredential, _cmdletPassedIn);
381390
ServerApiCall currentServer = ServerFactory.GetServer(currentRepository, _cmdletPassedIn, _networkCredential);
@@ -566,6 +575,20 @@ public IEnumerable<PSResourceInfo> FindByTag(
566575
for (int i = 0; i < repositoriesToSearch.Count; i++)
567576
{
568577
PSRepositoryInfo currentRepository = repositoriesToSearch[i];
578+
579+
bool isAllowed = GroupPolicyRepositoryEnforcement.IsRepositoryAllowed(currentRepository.Uri);
580+
581+
if (!isAllowed)
582+
{
583+
_cmdletPassedIn.WriteError(new ErrorRecord(
584+
new PSInvalidOperationException($"Repository '{currentRepository.Name}' is not allowed by Group Policy."),
585+
"RepositoryNotAllowedByGroupPolicy",
586+
ErrorCategory.PermissionDenied,
587+
this));
588+
589+
continue;
590+
}
591+
569592
repositoryNamesToSearch.Add(currentRepository.Name);
570593
_networkCredential = Utils.SetNetworkCredential(currentRepository, _networkCredential, _cmdletPassedIn);
571594
ServerApiCall currentServer = ServerFactory.GetServer(currentRepository, _cmdletPassedIn, _networkCredential);

src/code/InstallHelper.cs

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -269,6 +269,20 @@ private List<PSResourceInfo> ProcessRepositories(
269269
for (int i = 0; i < listOfRepositories.Count && _pkgNamesToInstall.Count > 0; i++)
270270
{
271271
PSRepositoryInfo currentRepository = listOfRepositories[i];
272+
273+
bool isAllowed = GroupPolicyRepositoryEnforcement.IsRepositoryAllowed(currentRepository.Uri);
274+
275+
if (!isAllowed)
276+
{
277+
_cmdletPassedIn.WriteError(new ErrorRecord(
278+
new PSInvalidOperationException($"Repository '{currentRepository.Name}' is not allowed by Group Policy."),
279+
"RepositoryNotAllowedByGroupPolicy",
280+
ErrorCategory.PermissionDenied,
281+
this));
282+
283+
continue;
284+
}
285+
272286
string repoName = currentRepository.Name;
273287
sourceTrusted = currentRepository.Trusted || trustRepository;
274288

src/code/PublishHelper.cs

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -355,6 +355,19 @@ internal void PushResource(string Repository, string modulePrefix, bool SkipDepe
355355
return;
356356
}
357357

358+
bool isAllowed = GroupPolicyRepositoryEnforcement.IsRepositoryAllowed(repository.Uri);
359+
360+
if (!isAllowed)
361+
{
362+
_cmdletPassedIn.WriteError(new ErrorRecord(
363+
new PSInvalidOperationException($"Repository '{repository.Name}' is not allowed by Group Policy."),
364+
"RepositoryNotAllowedByGroupPolicy",
365+
ErrorCategory.PermissionDenied,
366+
this));
367+
368+
return;
369+
}
370+
358371
_networkCredential = Utils.SetNetworkCredential(repository, _networkCredential, _cmdletPassedIn);
359372

360373
// Check if dependencies already exist within the repo if:

src/code/ServerFactory.cs

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,12 @@
11
// Copyright (c) Microsoft Corporation. All rights reserved.
22
// Licensed under the MIT License.
33

4-
using Microsoft.PowerShell.PSResourceGet.UtilClasses;
4+
using System;
55
using System.Collections;
6+
using System.Linq;
67
using System.Management.Automation;
7-
using System.Management.Automation.Runspaces;
88
using System.Net;
9+
using Microsoft.PowerShell.PSResourceGet.UtilClasses;
910

1011
namespace Microsoft.PowerShell.PSResourceGet.Cmdlets
1112
{

0 commit comments

Comments
 (0)