AppControl Manager 1.5.2.0 (#441)

Added support for Windows 11 build 23H2. This is in response to multiple community feedbacks that are always helpful and welcome. Closes AppControl Manager needs to be supported on 23H2 #435 Completely switched to source-generated LibraryImports, improving performance. => Implementing LibraryImports instead of DllImports for improved performance #433 Implemented several new code analyzers that ensure a cleaner, safer, high performance and better code. Improved the scanned data result DataGrid in Supplemental policy creation page. Removed 3 unused columns that don't apply to local file scans, added 1 new column to display each scanned file's Opus data. Overall, this is a relatively small update. Big changes are coming in version 1.6 with many new features! In case you missed it, i posted a new video demoing AppControl Manager, check it out here https://www.youtube.com/watch?v=SzMs13n7elE
HotCakeX · Dec 2, 2024 · e334771 · e334771
1 parent b52acc1
commit e334771
Show file tree

Hide file tree

Showing 12 changed files with 126 additions and 51 deletions.
diff --git a/AppControl Manager/.editorconfig b/AppControl Manager/.editorconfig
@@ -31,7 +31,7 @@ dotnet_diagnostic.CA1309.severity = error
 dotnet_diagnostic.CA1311.severity = error
 
 # CA1416: Validate platform compatibility
-dotnet_diagnostic.CA1416.severity = silent
+dotnet_diagnostic.CA1416.severity = error
 
 # CA5384: Do Not Use Digital Signature Algorithm (DSA)
 dotnet_diagnostic.CA5384.severity = error
@@ -389,3 +389,84 @@ dotnet_diagnostic.IDE0057.severity = error
 
 # IDE0130: Namespace does not match folder structure
 dotnet_diagnostic.IDE0130.severity = silent
+
+# CsWinRT1028: Class is not marked partial
+dotnet_diagnostic.CsWinRT1028.severity = error
+
+# CA1044: Properties should not be write only
+dotnet_diagnostic.CA1044.severity = error
+
+# CsWinRT1029: Class not trimming / AOT compatible
+dotnet_diagnostic.CsWinRT1029.severity = error
+
+# CA5404: Do not disable token validation checks
+dotnet_diagnostic.CA5404.severity = error
+
+# CA5379: Ensure Key Derivation Function algorithm is sufficiently strong
+dotnet_diagnostic.CA5379.severity = error
+
+# CA1867: Use char overload
+dotnet_diagnostic.CA1867.severity = error
+
+# CA1070: Do not declare event fields as virtual
+dotnet_diagnostic.CA1070.severity = error
+
+# CA1054: URI-like parameters should not be strings
+dotnet_diagnostic.CA1054.severity = error
+
+# CA1850: Prefer static 'HashData' method over 'ComputeHash'
+dotnet_diagnostic.CA1850.severity = error
+
+# CA3004: Review code for information disclosure vulnerabilities
+dotnet_diagnostic.CA3004.severity = error
+
+# CA1056: URI-like properties should not be strings
+dotnet_diagnostic.CA1056.severity = error
+
+# CA1055: URI-like return values should not be strings
+dotnet_diagnostic.CA1055.severity = error
+
+# CA2301: Do not call BinaryFormatter.Deserialize without first setting BinaryFormatter.Binder
+dotnet_diagnostic.CA2301.severity = error
+
+# CA3010: Review code for XAML injection vulnerabilities
+dotnet_diagnostic.CA3010.severity = error
+
+# CA1837: Use 'Environment.ProcessId'
+dotnet_diagnostic.CA1837.severity = error
+
+# CA3009: Review code for XML injection vulnerabilities
+dotnet_diagnostic.CA3009.severity = error
+
+# CA3006: Review code for process command injection vulnerabilities
+dotnet_diagnostic.CA3006.severity = error
+
+# CA2328: Ensure that JsonSerializerSettings are secure
+dotnet_diagnostic.CA2328.severity = error
+
+# CA3008: Review code for XPath injection vulnerabilities
+dotnet_diagnostic.CA3008.severity = error
+
+# CA3001: Review code for SQL injection vulnerabilities
+dotnet_diagnostic.CA3001.severity = error
+
+# CA3002: Review code for XSS vulnerabilities
+dotnet_diagnostic.CA3002.severity = error
+
+# CA5385: Use Rivest-Shamir-Adleman (RSA) Algorithm With Sufficient Key Size
+dotnet_diagnostic.CA5385.severity = error
+
+# CA5387: Do Not Use Weak Key Derivation Function With Insufficient Iteration Count
+dotnet_diagnostic.CA5387.severity = error
+
+# CA1842: Do not use 'WhenAll' with a single task
+dotnet_diagnostic.CA1842.severity = error
+
+# CA1849: Call async methods when in an async method
+dotnet_diagnostic.CA1849.severity = error
+
+# CA1843: Do not use 'WaitAll' with a single task
+dotnet_diagnostic.CA1843.severity = error
+
+# CA3007: Review code for open redirect vulnerabilities
+dotnet_diagnostic.CA3007.severity = error
diff --git a/AppControl Manager/AppControl Manager.csproj b/AppControl Manager/AppControl Manager.csproj
@@ -3,7 +3,10 @@
   <PropertyGroup>
     <OutputType>WinExe</OutputType>
     <TargetFramework>net9.0-windows10.0.26100.0</TargetFramework>
-    <TargetPlatformMinVersion>10.0.26100.0</TargetPlatformMinVersion>
+    <TargetPlatformMinVersion>10.0.22621.0</TargetPlatformMinVersion>
+
+    <!-- https://learn.microsoft.com/en-us/dotnet/standard/frameworks#support-older-os-versions -->
+    <SupportedOSPlatformVersion>10.0.22621.0</SupportedOSPlatformVersion>
 
     <!-- https://learn.microsoft.com/en-us/dotnet/fundamentals/apicompat/package-validation/overview -->
     <EnablePackageValidation>true</EnablePackageValidation>
@@ -53,7 +56,6 @@
     <!-- <SuppressTrimAnalysisWarnings>false</SuppressTrimAnalysisWarnings> -->
     <!-- <TrimmerSingleWarn>false</TrimmerSingleWarn> -->
 
-    <SupportedOSPlatformVersion>10.0.26100.0</SupportedOSPlatformVersion>
     <ImplicitUsings>disable</ImplicitUsings>
     <Description>An application that simplifies management of Application Control in Windows.</Description>
     <PackageProjectUrl>https://github.com/HotCakeX/Harden-Windows-Security</PackageProjectUrl>
@@ -80,11 +82,12 @@
     <AssemblyName>AppControlManager</AssemblyName>
     <PublishAot>False</PublishAot>
     <ErrorReport>send</ErrorReport>
-    <FileVersion>1.5.1.0</FileVersion>
+    <FileVersion>1.5.2.0</FileVersion>
     <AssemblyVersion>$(FileVersion)</AssemblyVersion>
     <NeutralLanguage>en-US</NeutralLanguage>
     <PackageLicenseFile>LICENSE</PackageLicenseFile>
     <StartupObject>WDACConfig.Program</StartupObject>
+    <GenerateAssemblyInfo>True</GenerateAssemblyInfo>
 
     <!-- https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/unsafe-code -->
     <AllowUnsafeBlocks>True</AllowUnsafeBlocks>

diff --git a/AppControl Manager/Logic/IntelGathering/FileIdentity.cs b/AppControl Manager/Logic/IntelGathering/FileIdentity.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Linq;
 
 namespace WDACConfig.IntelGathering
 {
@@ -64,6 +65,13 @@ public sealed class FileIdentity
         // Determines whether the file is signed by ECC algorithm or not
         // AppControl does not support ECC Signed files yet
         public bool? IsECCSigned { get; set; }
+
+
+        // Computed property to gather all OPUSInfo from FileSignerInfos and save them in a comma-separated string for displaying purposes only
+        public string Opus => string.Join(", ", FileSignerInfos
+            .Where(signerInfo => !string.IsNullOrEmpty(signerInfo.OPUSInfo))
+            .Select(signerInfo => signerInfo.OPUSInfo));
+
     }
 
 }
diff --git a/AppControl Manager/Logic/IntelGathering/GetEventLogsData.cs b/AppControl Manager/Logic/IntelGathering/GetEventLogsData.cs
@@ -1074,17 +1074,17 @@ public static async Task<HashSet<FileIdentity>> GetAppControlEvents(string? Code
                 Task<HashSet<FileIdentity>> appLockerTask = Task.Run(() => AppLockerEventsRetriever(AppLockerEvtxFilePath));
 
                 // Await both tasks to complete
-                _ = await Task.WhenAll(codeIntegrityTask, appLockerTask);
+                HashSet<FileIdentity>[] results = await Task.WhenAll(codeIntegrityTask, appLockerTask);
 
-                // Keep the Code Integrity task's HashSet output since it's the main category and will have the majority of the events
-                combinedResult = codeIntegrityTask.Result;
+                // Assign the Code Integrity task's HashSet output since it's the main category and will have the majority of the events
+                combinedResult = results[0];
 
                 // If there are AppLocker logs
-                if (appLockerTask.Result.Count > 0)
+                if (results[1].Count > 0)
                 {
 
                     // Add elements from the AppLocker task's result, using Add to preserve uniqueness since the HashSet has its custom comparer
-                    foreach (FileIdentity item in appLockerTask.Result)
+                    foreach (FileIdentity item in results[1])
                     {
                         _ = combinedResult.Add(item);
                     }

diff --git a/AppControl Manager/Logic/IntelGathering/OptimizeMDECSVData.cs b/AppControl Manager/Logic/IntelGathering/OptimizeMDECSVData.cs
@@ -1,5 +1,4 @@
-using System;
-using System.Collections.Generic;
+using System.Collections.Generic;
 using System.IO;
 using System.Linq;
 using System.Text;
@@ -246,13 +245,13 @@ private static string[] ParseCsvLine(string line)
                 string field = fields[i];
 
                 // If the field is a JSON field, we don't want to remove quotes
-                if (field.StartsWith("{", StringComparison.OrdinalIgnoreCase) && field.EndsWith("}", StringComparison.OrdinalIgnoreCase))
+                if (field.StartsWith('{') && field.EndsWith('}'))
                 {
                     continue; // Skip JSON fields
                 }
 
                 // Remove leading and trailing quotes if they exist (for non-JSON fields)
-                if (field.StartsWith("\"", StringComparison.OrdinalIgnoreCase) && field.EndsWith("\"", StringComparison.OrdinalIgnoreCase) && field.Length > 1)
+                if (field.StartsWith('"') && field.EndsWith('"') && field.Length > 1)
                 {
                     fields[i] = field[1..^1];
                 }

diff --git a/AppControl Manager/Package.appxmanifest b/AppControl Manager/Package.appxmanifest
@@ -11,7 +11,7 @@
   <Identity
     Name="AppControlManager"
     Publisher="CN=SelfSignedCertForAppControlManager"
-    Version="1.5.1.0" />
+    Version="1.5.2.0" />
 
   <mp:PhoneIdentity PhoneProductId="199a23ec-7cb6-4ab5-ab50-8baca348bc79" PhonePublisherId="00000000-0000-0000-0000-000000000000"/>
 

diff --git a/AppControl Manager/Pages/CreateSupplementalPolicyFilesAndFoldersScanResults.xaml b/AppControl Manager/Pages/CreateSupplementalPolicyFilesAndFoldersScanResults.xaml
@@ -134,24 +134,22 @@ Style="{StaticResource BodyTextBlockStyle}">
                 <tk7controls:DataGrid.Columns>
                     <tk7controls:DataGridTextColumn Header="File Name" Binding="{Binding FileName}" Width="Auto" Tag="FileName"/>
                     <tk7controls:DataGridTextColumn Header="Signature Status" Binding="{Binding SignatureStatus}" Tag="SignatureStatus" Width="Auto"/>
-                    <tk7controls:DataGridTextColumn Header="Action" Binding="{Binding Action}" Width="Auto" Tag="Action"/>
                     <tk7controls:DataGridTextColumn Header="Original File Name" Binding="{Binding OriginalFileName}" Width="Auto" Tag="OriginalFileName"/>
                     <tk7controls:DataGridTextColumn Header="InternalName" Binding="{Binding InternalName}" Width="Auto" Tag="InternalName"/>
                     <tk7controls:DataGridTextColumn Header="File Description" Binding="{Binding FileDescription}" Width="Auto" Tag="FileDescription"/>
                     <tk7controls:DataGridTextColumn Header="Product Name" Binding="{Binding ProductName}" Width="Auto" Tag="ProductName"/>
                     <tk7controls:DataGridTextColumn Header="File Version" Binding="{Binding FileVersion}" Width="Auto" Tag="FileVersion"/>
                     <tk7controls:DataGridTextColumn Header="Package Family Name" Binding="{Binding PackageFamilyName}" Width="Auto" Tag="PackageFamilyName"/>
                     <tk7controls:DataGridTextColumn Header="SHA256 Hash" Binding="{Binding SHA256Hash}" Width="Auto" Tag="SHA256Hash"/>
-                    <tk7controls:DataGridTextColumn Header="SHA1 Hash" Binding="{Binding SHA1Hash}" Width="Auto" Tag="SHA1Hash"/>
-                    <tk7controls:DataGridTextColumn Header="SHA256 Flat Hash" Binding="{Binding SHA256FlatHash}" Width="Auto" Tag="SHA256FlatHash"/>
-                    <tk7controls:DataGridTextColumn Header="SHA1 Flat Hash" Binding="{Binding SHA1FlatHash}" Width="Auto" Tag="SHA1FlatHash"/>
+                    <tk7controls:DataGridTextColumn Header="SHA1 Hash" Binding="{Binding SHA1Hash}" Width="Auto" Tag="SHA1Hash"/>                    
                     <tk7controls:DataGridTextColumn Header="Signing Scenario" Binding="{Binding SISigningScenario}" Width="Auto" Tag="SISigningScenario"/>
                     <tk7controls:DataGridTextColumn Header="File Path" Binding="{Binding FilePath}" Width="Auto" Tag="FilePath"/>
                     <tk7controls:DataGridTextColumn Header="SHA1 Page Hash" Binding="{Binding SHA1PageHash}" Width="Auto" Tag="SHA1PageHash"/>
                     <tk7controls:DataGridTextColumn Header="SHA256 Page Hash" Binding="{Binding SHA256PageHash}" Width="Auto" Tag="SHA256PageHash"/>
                     <tk7controls:DataGridTextColumn Header="Has WHQL Signer" Binding="{Binding HasWHQLSigner}" Width="Auto" Tag="HasWHQLSigner"/>
                     <tk7controls:DataGridTextColumn Header="File Publishers" Binding="{Binding FilePublishersToDisplay}" Width="Auto" Tag="FilePublishersToDisplay"/>
                     <tk7controls:DataGridTextColumn Header="Is ECC Signed" Binding="{Binding IsECCSigned}" Width="Auto" Tag="IsECCSigned"/>
+                    <tk7controls:DataGridTextColumn Header="Opus Data" Binding="{Binding Opus}" Width="Auto" Tag="Opus"/>
                 </tk7controls:DataGrid.Columns>
             </tk7controls:DataGrid>
         </Border>