Powershell: remove unused functions

aramprice · aramprice · commit 69331f60f4b9 · 2025-06-17T16:14:26.000-07:00
diff --git a/modules/BOSH.WindowsUpdates/BOSH.WindowsUpdates.Tests.ps1 b/modules/BOSH.WindowsUpdates/BOSH.WindowsUpdates.Tests.ps1
@@ -14,12 +14,11 @@ Describe "BOSH.WindowsUpdates" {
     Describe "Disable-AutomaticUpdates" {
         BeforeEach {
             $oldWuauStatus = (Get-Service wuauserv).Status
-            $oldWuauStartMode = ( Get-Service wuauserv).StartType
+            $oldWuauStartMode = (Get-Service wuauserv).StartType
 
             { Set-Service -Name wuauserv -StartupType "Manual" } | Should -Not -Throw
             { Set-Service -Name wuauserv -Status "Running" } | Should -Not -Throw
 
-
             $oldAUOptions = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update').AUOptions
             $oldEnableFeaturedSoftware = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update').EnableFeaturedSoftware
             $oldIncludeRecUpdates = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update').IncludeRecommendedUpdates
@@ -80,185 +79,4 @@ Describe "BOSH.WindowsUpdates" {
             (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update').IncludeRecommendedUpdates | Should -Be "0"
         }
     }
-
-    Describe "Enable-SecurityPatches" {
-        It "enables CVE-2015-6161" {
-            $handlerHardeningPath32Exists = $false
-            $oldIExplore32 = ""
-            if (Test-Path "HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING")
-            {
-                $handlerHardeningPathExists32 = $true
-                $oldIExplore32 = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING").'iexplore.exe'
-            }
-
-            $handlerHardeningPath64Exists = $false
-            $oldIExplore64 = ""
-            if (Test-Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING")
-            {
-                $handlerHardeningPath64Exists = $true
-                $oldIExplore64 = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING").'iexplore.exe'
-            }
-
-            { Enable-CVE-2015-6161 } | Should -Not -Throw
-
-            (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING").'iexplore.exe' | Should -Be "1"
-            (Get-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING").'iexplore.exe' | Should -Be "1"
-
-            if ($handlerHardeningPath32Exists)
-            {
-                if ($oldIExplore32 -eq "")
-                {
-                    Remove-Item-Property -Path "HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING" -Name "iexplore.exe"
-                }
-                else
-                {
-                    Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING" -Value $oldIExplore32 -Name "iexplore.exe"
-                }
-            }
-            else
-            {
-                Remove-Item "HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING"
-            }
-
-            if ($handlerHardeningPath32Exists)
-            {
-                if ($oldIExplore64 -eq "")
-                {
-                    Remove-Item-Property -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING" -Name "iexplore.exe"
-                }
-                else
-                {
-                    Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING" -Value $oldIExplore64 -Name "iexplore.exe"
-                }
-            }
-            else
-            {
-                Remove-Item "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING"
-            }
-        }
-
-        It "enables CVE-2017-8529" {
-            $disclosureFixPathExists32 = $false
-            $oldIExplore32 = ""
-            if (Test-Path "HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX")
-            {
-                $disclosureFixPathExists32 = $true
-                $oldIExplore32 = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX").'iexplore.exe'
-            }
-
-            $disclosureFixPathExists64 = $false
-            $oldIExplore64 = ""
-            if (Test-Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX")
-            {
-                $disclosureFixPathExists64 = $true
-                $oldIExplore64 = (Get-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX").'iexplore.exe'
-            }
-
-            { Enable-CVE-2017-8529 } | Should -Not -Throw
-
-            (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX").'iexplore.exe' | Should -Be "1"
-            (Get-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX").'iexplore.exe' | Should -Be "1"
-
-            if ($disclosureFixPathExists32)
-            {
-                if ($oldIExplore32 -eq "")
-                {
-                    Remove-Item-Property -Path "HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX" -Name "iexplore.exe"
-                }
-                else
-                {
-                    Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX" -Value $oldIExplore32 -Name "iexplore.exe"
-                }
-            }
-            else
-            {
-                Remove-Item "HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX"
-            }
-
-            if ($disclosureFixPathExists64)
-            {
-                if ($oldIExplore64 -eq "")
-                {
-                    Remove-Item-Property -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX" -Name "iexplore.exe"
-                }
-                else
-                {
-                    Set-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX" -Value $oldIExplore64 -Name "iexplore.exe"
-                }
-            }
-            else
-            {
-                Remove-Item "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX"
-            }
-        }
-
-        It "enables CredSSP" {
-            $credSSPPathExists = $false
-            $credSSPParamPathExists = $false
-            $oldEcryptOracle = ""
-            if (Test-Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP")
-            {
-                $credSSPPathExists = $true
-                if (Test-Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters")
-                {
-                    $credSSPParamPathExists = $true
-                    $oldEcryptOracle = (Get-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters").AllowEncryptionOracle
-                }
-            }
-
-            { Enable-CredSSP } | Should -Not -Throw
-
-            (Get-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters").AllowEncryptionOracle | Should -Be "1"
-
-            if ($credSSPPathExists)
-            {
-                if ($credSSPParamPathExists)
-                {
-                    if ($oldEcryptOracle -eq "")
-                    {
-                        Remove-Item-Property -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" -Name "AllowEncryptionOracle"
-                    }
-                    else
-                    {
-                        Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" -Value $oldEcryptOracle -Name "AllowEncryptionOracle"
-                    }
-                }
-                else
-                {
-                    Remove-Item "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters"
-                }
-            }
-            else
-            {
-                Remove-Item "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP" -Recurse
-
-            }
-        }
-    }
-
-    Describe "Upgrade-PSVersion" {
-        It "Only installs if powershell 5.1 or above is not installed" {
-            Mock -ModuleName BOSH.WindowsUpdates Test-PSVersion { $true }
-            Mock -ModuleName BOSH.WindowsUpdates Invoke-WebRequest { }
-            Mock -ModuleName BOSH.WindowsUpdates Start-Process { }
-
-            { Upgrade-PSVersion } | Should -Not -Throw
-
-            Assert-MockCalled Test-PSVersion -Times 1 -Scope It -ModuleName BOSH.WindowsUpdates
-            Assert-MockCalled Invoke-WebRequest -Times 0 -Scope It -ModuleName BOSH.WindowsUpdates
-            Assert-MockCalled Start-Process -Times 0 -Scope It -ModuleName BOSH.WindowsUpdates
-        }
-
-        It "Only installs if powershell 5.1 or above is not installed" {
-            Mock -ModuleName BOSH.WindowsUpdates Test-PSVersion { $false }
-            Mock -ModuleName BOSH.WindowsUpdates Invoke-WebRequest { }
-            Mock -ModuleName BOSH.WindowsUpdates Start-Process { }
-
-            { Upgrade-PSVersion } | Should -Not -Throw
-
-            Assert-MockCalled Test-PSVersion -Times 1 -Scope It -ModuleName BOSH.WindowsUpdates
-            Assert-MockCalled Invoke-WebRequest -Times 1 -Scope It -ParameterFilter { $Uri -eq "https://go.microsoft.com/fwlink/?linkid=839516" -and $Outfile -eq "C:\provision\PS51.msu" -and $UseBasicParsing.IsPresent } -ModuleName BOSH.WindowsUpdates
-            Assert-MockCalled Start-Process -Times 1 -Scope It -ParameterFilter { $FilePath -eq "C:\provision\PS51.msu" -and $ArgumentList -eq '/quiet /norestart /log:"C:\provision\psupgrade.log"' -and $Wait.IsPresent -and $Passthru.IsPresent } -ModuleName BOSH.WindowsUpdates
-        }
-    }
 }
diff --git a/modules/BOSH.WindowsUpdates/BOSH.WindowsUpdates.psm1 b/modules/BOSH.WindowsUpdates/BOSH.WindowsUpdates.psm1
@@ -48,7 +48,6 @@ function Wait-WindowsUpdates {
 }
 
 function Install-WindowsUpdates {
-
     # Set registry key so that we will receive the Jan 2018 patches (KB4056895)
     REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat /f /v cadca5fe-87d3-4b96-b7fb-a231484277cc /t REG_DWORD /d 0
 
@@ -299,86 +298,3 @@ function Get-UpdateBatch {
         $script:MoreUpdates=0
     }
 }
-
-function Search-InstalledUpdates {
-    $Session = New-Object -ComObject Microsoft.Update.Session
-    $Searcher = $Session.CreateUpdateSearcher()
-    $Searcher.Search("IsInstalled=1").Updates | Sort-Object LastDeploymentChangeTime | ForEach-Object { "KB$($_.KBArticleIDs) | $($_.Title)" }
-}
-
-function Test-InstalledUpdates {
-    Write-Host "Running Get-HotFix:"
-    Get-HotFix
-    $Session = New-Object -ComObject Microsoft.Update.Session
-    Write-Host "Session: $Session"
-    $Searcher = $Session.CreateUpdateSearcher()
-    Write-Host "Searcher: $Searcher"
-    $UninstalledUpdates = $Searcher.Search("IsInstalled=0 and Type='Software' and IsHidden=0").Updates
-    if ($UninstalledUpdates.Count -ne 0) {
-        Write-Log "The following updates are not currently installed:"
-        foreach ($Update in $UninstalledUpdates) {
-            Write-Log "> $($Update.Title)"
-        }
-        Throw 'There are uninstalled updates'
-    }
-}
-
-<#
-.Synopsis
-    Disable Automatic Updates
-.Description
-    This cmdlet disables automatic Windows Updates
-#>
-function Disable-AutomaticUpdates {
-    Stop-Service -Name wuauserv
-    Set-Service -Name wuauserv -StartupType Disabled
-
-    Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update' -Value 1 -Name 'AUOptions'
-    Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update' -Value 0 -Name 'EnableFeaturedSoftware'
-    Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update' -Value 0 -Name 'IncludeRecommendedUpdates'
-}
-
-function Enable-CVE-2015-6161 {
-    #Enable MS15-124 - Internet Explorer ASLR Bypass fix - CVE-2015-6161
-    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING" /t REG_DWORD /v "iexplore.exe" /d 1 /f
-    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING" /t REG_DWORD /v "iexplore.exe" /d 1 /f
-}
-
-function Enable-CVE-2017-8529 {
-    #Enable Microsoft Browser Information Disclosure Vulnerability - CVE-2017-8529
-    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX" /v iexplore.exe /t REG_DWORD /d 1 /f
-    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX" /v iexplore.exe /t REG_DWORD /d 1 /f
-
-}
-
-function Enable-CredSSP {
-    #Enable CredSSP  updates - CVE-2018-0886
-    #Policy set to "mitigated"
-    reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /v AllowEncryptionOracle /t REG_DWORD /d 1 /f
-}
-
-function Upgrade-PSVersion  {
-    if (Test-PSVersion) {
-        Write-Log "Upgrade-PSVersion: No need to upgrade. PSVersion is 5 or above"
-        return
-    }
-
-    $existingProtocol = [Net.ServicePointManager]::SecurityProtocol
-    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-    Write-Log "Upgrade-PSVersion: Downloading."
-
-    $MSUPath = "c:\provision\PS51.msu"
-    Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/?linkid=839516" -UseBasicParsing -OutFile $MSUPath
-
-    Write-Log "Upgrade-PSVersion: Downloaded. Installing."
-
-    $p = Start-Process -FilePath $MSUPath -ArgumentList '/quiet /norestart /log:"C:\provision\psupgrade.log"' -Wait -PassThru
-    Write-Log "Upgrade-PSVersion: Installed. Process exit code: $($p.ExitCode)"
-    [Net.ServicePointManager]::SecurityProtocol = $existingProtocol
-}
-
-function Test-PSVersion {
-    $version = $PSVersionTable.PSVersion
-    Write-Log "Powershell is $version"
-    $version.Major -ge 5
-}
