Setup for signing with v 0.2

Author: technion

OpenSafetyInstall.ps1

@@ -24,13 +24,13 @@ try {
 $signature = Get-AuthenticodeSignature $tmpfile.FullName
 if ( $signature.Status -ne 'Valid') {
     Write-Output "Warning: Downloaded file is not signed"
-    # Commented out until issues with Sectigo issuing cert are resolved
-    #Remove-Item $tmpfile.FullName
-    #exit
+    Remove-Item $tmpfile.FullName
+    exit
 }
 
 Move-Item $tmpfile.FullName -Destination "$($installpath)\open_safety.exe" -Force
 Unblock-File "$($installpath)\open_safety.exe"
+Write-Output "Verified signature and installed binary. Setting up mappings"
 
 # List from application: allowed_extensions = ["js", "jse", "vbs", "wsf", "wsh", "hta"];
 # Obtained existing names with: cmd /c assoc .ext

README.md

@@ -35,4 +35,10 @@ This application currently uses only one external crate (base64). It's designed
 - [X] Installation Powershell to fetch executable from Github releases 
 - [X] Implement CI with Github actions
 - [X] Blog post on why this is useful
-- [ ] Obtain a code signing cert
+- [ ] Obtain a code signing cert
+
+### Release guide
+
+cargo build --release
+$codeCertificate = Get-ChildItem Cert:\CurrentUser\My
+Set-AuthenticodeSignature -FilePath .\target\release\open_safety.exe  -Certificate $codeCertificate -TimeStampServer "http://timestamp.digicert.com"

src/main.rs

@@ -1,3 +1,5 @@
+#![deny(unsafe_code)]
+
 use std::env;
 use std::ffi::OsStr;
 use std::fs;
@@ -51,10 +53,10 @@ fn process_malware(filename: &std::path::Path) {
 }
 
 fn main() {
-    println!("open_safety: https://lolware.net");
+    println!("open_safety: https://lolware.net/blog/neutralising-script-ransomware/");
     let args: Vec<String> = env::args().collect();
     if args.len() < 2 {
-        println!("This program should be called with a parameter");
+        println!("This application must be provided a filename in order to take action - closing.");
         return;
     }