Vscode-powershell: PowerShell extension - Not signed PowerShell-Files

Created on 9 Mar 2020  路  8Comments  路  Source: PowerShell/vscode-powershell

Hello,
in my company only signed PowerShell-Files are allowed to use.
Since that I wrote a script which checks all files if they are signed or not.

In your PowerShell-Extension for VSCode nearly every file is signed but the list below (please sign those files and update the plugin).
If you need I can upload the simple script to check all PowerShell-Files for future extension releases.

_Maybe thinking about to not use PowerShell files at all in the plugin and using an other language for it instead?_

---------------------------------------------------
NOT SIGNED - FILES
---------------------------------------------------

Filepath:  .\ms-vscode.powershell-2020.3.0
Filename: InvokePesterStub.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: SampleModule.psd1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: PSScriptAnalyzerSettings.psd1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: PromptExamples.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: StopTest.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: Stop-Process2.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: SampleModule.psm1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: PathProcessingWildcards.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: DebugTest.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: ContentViewTest.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: Build.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: PathProcessingNoWildcards.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: PathProcessingNonExistingPaths.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples
Filename: ExtensionExamples.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\examples\Tests
Filename: PathProcessing.Tests.ps1


Filepath: .\ms-vscode.powershell-2020.3.0\examples\Tests
Filename: SampleModule.Tests.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\modules\Plaster\1.1.3\Templates\AddPSScriptAnalyzerSettings
Filename: PSScriptAnalyzerSettings.psd1


Filepath:  .\ms-vscode.powershell-2020.3.0\modules\Plaster\1.1.3\Templates\NewPowerShellScriptModule
Filename: Module.psm1


Filepath:  .\ms-vscode.powershell-2020.3.0\modules\Plaster\1.1.3\Templates\NewPowerShellScriptModule\test
Filename: Module.T.ps1


Filepath:  .\ms-vscode.powershell-2020.3.0\modules\PowerShellEditorServices\Commands\Public
Filename: Clear-Host.ps1

I hope this list will help you.

Area-Build & Release Issue-Bug
Source
picture HerBenSte

All 8 comments

So from this list, we can ignore any in .\ms-vscode.powershell-2020.3.0\examples as those are not run... we can also ignore the Plaster stuff since those are a part of a template.

That leaves:
Clear-Host.ps1
InvokePesterStub.ps1

Both of these should be signed.

TylerLeonhardt picture TylerLeonhardt on 9 Mar 2020

InvokePesterStub.ps1 should probably be moved into the PowerShellEditorServices repo - right now it exists in this repo. However there is quite a large PR out refactoring it #2441 so I will wait until that's in to move InvokePesterStub over.

TylerLeonhardt picture TylerLeonhardt on 9 Mar 2020
👍1

I've encountered this. This file was blocked by AppLocker. Please can these files be signed?
Microsoft and others recommend not allowing exes/scripts to run via path rules where the user has write access.

    %OSDRIVE%\USERS\%USER%\.VSCODE\EXTENSIONS\MS-VSCODE.POWERSHELL-2021.6.1\MODULES\POWERSHELLEDITORSERVICES.VSCODE\POWERSHELLEDITORSERVICES.VSCODE.PSD1
padlock780 picture padlock780 on 23 Jun 2021

@padlock780 Thanks for bringing this to my attention. Our last release unfortunately encountered an issue which resulted in it not being signed. Releasing a patch update today to fix this.

andschwa picture andschwa on 23 Jun 2021

@rjmholt Since the original bug is over a year old and to my knowledge resolved with the signing we set up six months ago, I'm going to close this bug with a fix to always sign our artifacts.

andschwa picture andschwa on 23 Jun 2021
👍1

I think the problem in this issue was that the Pester script here is not signed:
https://github.com/PowerShell/vscode-powershell/blob/master/InvokePesterStub.ps1

because it's in vscode-powershell and not PSES.

TylerLeonhardt picture TylerLeonhardt on 23 Jun 2021

I can fix that too.

andschwa picture andschwa on 23 Jun 2021
👍1

Oops, wasn't totally fixed.

andschwa picture andschwa on 25 Jun 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

itfranck picture itfranck  路  3Comments
TheDanishDynamo picture TheDanishDynamo  路  3Comments
nathan-alden-hp picture nathan-alden-hp  路  3Comments
CJHarmath picture CJHarmath  路  3Comments
Line40 picture Line40  路  3Comments