Merge pull request #1000 from FaserF/script-hardening

Romanitho · web-flow · commit 56487924eefe · 2025-08-06T12:02:02.000+02:00
WAU script hardening
diff --git a/Sources/Winget-AutoUpdate/WAU-Installer-GUI.ps1 b/Sources/Winget-AutoUpdate/WAU-Installer-GUI.ps1
@@ -381,7 +381,7 @@ Add-Type -AssemblyName PresentationFramework
 Start-PopUp "Starting..."
 
 #Set config
-$null = cmd /c ''
+$null = & "$env:WINDIR\System32\cmd.exe" /c ""
 [Console]::OutputEncoding = [System.Text.Encoding]::UTF8
 $Script:ProgressPreference = "SilentlyContinue"
 $Script:ErrorActionPreference = "SilentlyContinue"
diff --git a/Sources/Winget-AutoUpdate/Winget-Upgrade.ps1 b/Sources/Winget-AutoUpdate/Winget-Upgrade.ps1
@@ -9,7 +9,7 @@ Get-ChildItem -Path "$($Script:WorkingDir)\functions" -File -Filter "*.ps1" -Dep
 <# MAIN #>
 
 # Config console output encoding
-$null = cmd /c '';
+$null = & "$env:WINDIR\System32\cmd.exe" /c ""
 [Console]::OutputEncoding = [System.Text.Encoding]::UTF8;
 $Script:ProgressPreference = [System.Management.Automation.ActionPreference]::SilentlyContinue;
 
diff --git a/Sources/Winget-AutoUpdate/functions/Get-WingetOutdatedApps.ps1 b/Sources/Winget-AutoUpdate/functions/Get-WingetOutdatedApps.ps1
@@ -2,11 +2,11 @@
 
 function Get-WingetOutdatedApps {
 
-Param(
-    [Parameter(Position=0,Mandatory=$True,HelpMessage="You MUST supply value for winget repo, we need it")]
-    [ValidateNotNullorEmpty()]
-    [string]$src
-)
+    Param(
+        [Parameter(Position = 0, Mandatory = $True, HelpMessage = "You MUST supply value for winget repo, we need it")]
+        [ValidateNotNullorEmpty()]
+        [string]$src
+    )
     class Software {
         [string]$Name
         [string]$Id
@@ -15,7 +15,13 @@ Param(
     }
 
     #Get list of available upgrades on winget format
-    $upgradeResult = & $Winget upgrade --source $src | Where-Object { $_ -notlike "   *" } | Out-String
+    try {
+        $upgradeResult = & $Winget upgrade --source $src | Where-Object { $_ -notlike "   *" } | Out-String
+    }
+    catch {
+        Write-ToLog "Error while recieving winget upgrade list: $_" "Red"
+        $upgradeResult = $null
+    }
 
     #Start Conversion of winget format to an array. Check if "-----" exists (Winget Error Handling)
     if (!($upgradeResult -match "-----")) {
diff --git a/Sources/Winget-AutoUpdate/functions/Test-Network.ps1 b/Sources/Winget-AutoUpdate/functions/Test-Network.ps1
@@ -2,16 +2,16 @@
 
 function Test-Network {
 
-    #Init
+    # Init
     $timeout = 0
 
     #Test connectivity during 30 min then timeout
     Write-ToLog "Checking internet connection..." "Yellow"
 
     try {
         $NlaRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet"
-        $ncsiHost = Get-ItemPropertyValue    -Path $NlaRegKey -Name ActiveWebProbeHost
-        $ncsiPath = Get-ItemPropertyValue    -Path $NlaRegKey -Name ActiveWebProbePath
+        $ncsiHost = Get-ItemPropertyValue -Path $NlaRegKey -Name ActiveWebProbeHost
+        $ncsiPath = Get-ItemPropertyValue -Path $NlaRegKey -Name ActiveWebProbePath
         $ncsiContent = Get-ItemPropertyValue -Path $NlaRegKey -Name ActiveWebProbeContent
     }
     catch {
@@ -20,7 +20,7 @@ function Test-Network {
         $ncsiContent = "Microsoft Connect Test"
     }
 
-    While ($timeout -lt 1800) {
+    while ($timeout -lt 1800) {
         try {
             $ncsiResponse = Invoke-WebRequest -Uri "http://$($ncsiHost)/$($ncsiPath)" -UseBasicParsing -UserAgent ([Microsoft.PowerShell.Commands.PSUserAgent]::Chrome); # DevSkim: ignore DS137138 Insecure URL
         }
@@ -31,67 +31,60 @@ function Test-Network {
         if (($ncsiResponse) -and ($ncsiResponse.StatusCode -eq 200) -and ($ncsiResponse.content -eq $ncsiContent)) {
             Write-ToLog "Connected !" "Green"
 
-            #Check for metered connection
-            [void][Windows.Networking.Connectivity.NetworkInformation, Windows, ContentType = WindowsRuntime]
-            $cost = [Windows.Networking.Connectivity.NetworkInformation]::GetInternetConnectionProfile().GetConnectionCost()
+            # Check for metered connection
+            try {
+                [void][Windows.Networking.Connectivity.NetworkInformation, Windows, ContentType = WindowsRuntime]
+                $cost = [Windows.Networking.Connectivity.NetworkInformation]::GetInternetConnectionProfile().GetConnectionCost()
 
-            if ($cost.ApproachingDataLimit -or $cost.OverDataLimit -or $cost.Roaming -or $cost.BackgroundDataUsageRestricted -or ($cost.NetworkCostType -ne "Unrestricted")) {
+                $networkCostTypeName = [Windows.Networking.Connectivity.NetworkCostType]::GetName(
+                    [Windows.Networking.Connectivity.NetworkCostType],
+                    $cost.NetworkCostType
+                )
+            }
+            catch {
+                Write-ToLog "Could not evaluate metered connection status - skipping check." "Gray"
+                return $true
+            }
 
+            if ($cost.ApproachingDataLimit -or $cost.OverDataLimit -or $cost.Roaming -or $cost.BackgroundDataUsageRestricted -or ($networkCostTypeName -ne "Unrestricted")) {
                 Write-ToLog "Metered connection detected." "Yellow"
 
                 if ($WAUConfig.WAU_DoNotRunOnMetered -eq 1) {
-
                     Write-ToLog "WAU is configured to bypass update checking on metered connection"
                     return $false
-
                 }
                 else {
-
                     Write-ToLog "WAU is configured to force update checking on metered connection"
                     return $true
-
                 }
-
             }
             else {
-
                 return $true
-
             }
-
         }
         else {
-
             Start-Sleep 10
             $timeout += 10
 
-            #Send Warning Notif if no connection for 5 min
             if ($timeout -eq 300) {
-                #Log
                 Write-ToLog "Notify 'No connection' sent." "Yellow"
 
-                #Notif
                 $Title = $NotifLocale.local.outputs.output[0].title
                 $Message = $NotifLocale.local.outputs.output[0].message
                 $MessageType = "warning"
                 $Balise = "Connection"
                 Start-NotifTask -Title $Title -Message $Message -MessageType $MessageType -Balise $Balise
             }
-
         }
-
     }
 
-    #Send Timeout Notif if no connection for 30 min
     Write-ToLog "Timeout. No internet connection !" "Red"
 
-    #Notif
     $Title = $NotifLocale.local.outputs.output[1].title
     $Message = $NotifLocale.local.outputs.output[1].message
     $MessageType = "error"
     $Balise = "Connection"
     Start-NotifTask -Title $Title -Message $Message -MessageType $MessageType -Balise $Balise
 
     return $false
-
-}
+}
