From 4b95a74cbda012ec142eb2434c341a9484d8ef07 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Thu, 11 Jan 2024 11:39:52 +0100 Subject: [PATCH 1/2] [common] Add VM-Assert-Signature `VM-Assert-Signature` will allows us to install packages checking their signatures instead of their hash. Useful for Microsoft tools like sysinternals that use URLs without version. Co-authored-by: Genwei Jiang --- packages/common.vm/common.vm.nuspec | 2 +- .../common.vm/tools/vm.common/vm.common.psm1 | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec index 8d0c87e56..22aab76d9 100755 --- a/packages/common.vm/common.vm.nuspec +++ b/packages/common.vm/common.vm.nuspec @@ -2,7 +2,7 @@ common.vm - 0.0.0.20240105 + 0.0.0.20240111 Common libraries for VM-packages Mandiant diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index 26d94f4db..9e91ceca7 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -128,6 +128,23 @@ function VM-Assert-Path { } } +# Raise an exception if the Signature of $file_path is invalid +function VM-Assert-Signature { + [CmdletBinding()] + Param( + [Parameter(Mandatory=$true)] + [String] $file_path + ) + $signature_status = (Get-AuthenticodeSignature -FilePath $file_path).Status + if ($signature_status -eq 'Valid') { + VM-Write-Log "INFO" "Valid signature: $file_path" + } else { + $err_msg = "Invalid signature: $file_path" + VM-Write-Log "ERROR" $err_msg + throw $err_msg + } +} + function VM-Get-DiskSize { $diskdrive = "${Env:SystemDrive}" $driveName = $diskdrive.substring(0, $diskdrive.length-1) From 898e91f4e2eee7ab8507f6cb03ae659db3a5b497 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Thu, 11 Jan 2024 13:13:55 +0100 Subject: [PATCH 2/2] [new package] Add Google Chrome Add Google Chrome using the new `VM-Assert-Signature` function. Co-authored-by: Genwei Jiang --- .../googlechrome.vm/googlechrome.vm.nuspec | 12 +++++++++ .../tools/chocolateyinstall.ps1 | 26 +++++++++++++++++++ scripts/test/lint.py | 1 + 3 files changed, 39 insertions(+) create mode 100644 packages/googlechrome.vm/googlechrome.vm.nuspec create mode 100644 packages/googlechrome.vm/tools/chocolateyinstall.ps1 diff --git a/packages/googlechrome.vm/googlechrome.vm.nuspec b/packages/googlechrome.vm/googlechrome.vm.nuspec new file mode 100644 index 000000000..49bdb2653 --- /dev/null +++ b/packages/googlechrome.vm/googlechrome.vm.nuspec @@ -0,0 +1,12 @@ + + + + googlechrome.vm + 0.0.0.20240111 + Google LLC. + Chrome is a popular web browser. + + + + + diff --git a/packages/googlechrome.vm/tools/chocolateyinstall.ps1 b/packages/googlechrome.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..1ec1ab4e2 --- /dev/null +++ b/packages/googlechrome.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,26 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + # Download the installer + $packageArgs = @{ + packageName = $env:ChocolateyPackageName + file = Join-Path ${Env:TEMP} 'googlechromeinstaller.msi' + url = 'https://dl.google.com/tag/s/dl/chrome/install/googlechromestandaloneenterprise.msi' + url64bit = 'https://dl.google.com/tag/s/dl/chrome/install/googlechromestandaloneenterprise64.msi' + } + $filePath = Get-ChocolateyWebFile @packageArgs + VM-Assert-Path $filePath + VM-Assert-Signature $filePath + + # Install the downloaded installer + $packageArgs = @{ + packageName = $env:ChocolateyPackageName + file = $filePath + fileType = 'MSI' + silentArgs = "/quiet /norestart /l*v `"$($env:TEMP)\$($env:chocolateyPackageName).$($env:chocolateyPackageVersion).MsiInstall.log`"" + } + Install-ChocolateyInstallPackage @packageArgs +} catch { + VM-Write-Log-Exception $_ +} diff --git a/scripts/test/lint.py b/scripts/test/lint.py index f21e9c851..7d6fd9a02 100644 --- a/scripts/test/lint.py +++ b/scripts/test/lint.py @@ -312,6 +312,7 @@ class UsesInvalidCategory(Lint): "common.vm", "debloat.vm", "flarevm.installer.vm", + "googlechrome.vm", "ida.plugin.capa.vm", "idafree.vm", "installer.vm",