Skip to content

Commit

Permalink
Improved code styles
Browse files Browse the repository at this point in the history 
Improved code styles

bumped AppControl Manager version to 1.7.0.0
  • Loading branch information
@HotCakeX
HotCakeX committed Dec 13, 2024
1 parent 03e4d5b commit ed76dd7
Show file tree
Hide file tree
Showing 20 changed files with 36 additions and 45 deletions.
4 changes: 2 additions & 2 deletions AppControl Manager/AppControl Manager.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@
<AssemblyName>AppControlManager</AssemblyName>
<PublishAot>False</PublishAot>
<ErrorReport>send</ErrorReport>
<FileVersion>1.6.0.0</FileVersion>
<FileVersion>1.7.0.0</FileVersion>
<AssemblyVersion>$(FileVersion)</AssemblyVersion>
<NeutralLanguage>en-US</NeutralLanguage>
<PackageLicenseFile>LICENSE</PackageLicenseFile>
Expand All @@ -101,7 +101,7 @@


<Version>$(FileVersion)</Version>
<Copyright>© 2024Present</Copyright>
<Copyright>© 2024-Present</Copyright>
<Title>AppControl Manager</Title>


Expand Down
7 changes: 3 additions & 4 deletions AppControl Manager/Logic/App Control Simulation/Arbitrator.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,13 +83,12 @@ internal static SimulationOutput Compare(SimulationInput simulationInput)
// At this point the file is definitely WHQL-Signed

// Get the WHQL chain packages by checking for any chain whose leaf certificate contains the WHQL EKU OID
List<ChainPackage> WHQLChainPackagesCandidates = simulationInput.AllFileSigners
List<ChainPackage> WHQLChainPackagesCandidates = [.. simulationInput.AllFileSigners
.Where(sig => sig.LeafCertificate is not null &&
sig.LeafCertificate.Certificate.Extensions
.OfType<X509EnhancedKeyUsageExtension>()
.Any(eku => eku.EnhancedKeyUsages.Cast<Oid>()
.Any(oid => oid.Value is not null && oid.Value.Contains("1.3.6.1.4.1.311.10.3.5", StringComparison.OrdinalIgnoreCase))))
.ToList();
.Any(oid => oid.Value is not null && oid.Value.Contains("1.3.6.1.4.1.311.10.3.5", StringComparison.OrdinalIgnoreCase))))];


// HashSet to store all of the Opus data from the WHQL chain packages candidates
Expand All @@ -106,7 +105,7 @@ internal static SimulationOutput Compare(SimulationInput simulationInput)
try
{
// Try to get the Opus data of the current chain (essentially the current chain's leaf certificate)
CurrentOpusData = Opus.GetOpusData(chainPackage.SignedCms).Select(p => p.CertOemID).ToList();
CurrentOpusData = [.. Opus.GetOpusData(chainPackage.SignedCms).Select(p => p.CertOemID)];
}
catch
{
Expand Down
2 changes: 1 addition & 1 deletion AppControl Manager/Logic/IntelGathering/GetMDEAdvancedHuntingLogsData.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ internal static HashSet<FileIdentity> Retrieve(List<MDEAdvancedHuntingData> data
MDEAdvancedHuntingData? possibleAppLockerBlockEvent = group.FirstOrDefault(g => string.Equals(g.ActionType, "AppControlCIScriptBlocked", StringComparison.OrdinalIgnoreCase));

// Get the possible correlated data
List<MDEAdvancedHuntingData> correlatedEvents = group.Where(g => string.Equals(g.ActionType, "AppControlCodeIntegritySigningInformation", StringComparison.OrdinalIgnoreCase)).ToList();
List<MDEAdvancedHuntingData> correlatedEvents = [.. group.Where(g => string.Equals(g.ActionType, "AppControlCodeIntegritySigningInformation", StringComparison.OrdinalIgnoreCase))];


// The SHA256 must be available in Audit/Block type of events for either Code Integrity or AppLocker
Expand Down
4 changes: 2 additions & 2 deletions AppControl Manager/Logic/Main/AppControlSimulation.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,7 @@ internal static ConcurrentDictionary<string, SimulationOutput> Invoke(

if (catRootPath is not null && catRootPath.Count > 0)
{
catRootDirectories = catRootPath.Select(dir => new DirectoryInfo(dir)).ToArray();
catRootDirectories = [.. catRootPath.Select(dir => new DirectoryInfo(dir))];
}
else
{
Expand Down Expand Up @@ -266,7 +266,7 @@ internal static ConcurrentDictionary<string, SimulationOutput> Invoke(
// Hash Sha256 values of all the file rules based on hash in the supplied xml policy file
Logger.Write("Getting the Sha256 Hash values of all the file rules based on hash in the supplied xml policy file");

HashSet<string> SHA256HashesFromXML = GetFileRuleOutput.Get(XMLData).Select(i => i.HashValue).ToHashSet();
HashSet<string> SHA256HashesFromXML = [.. GetFileRuleOutput.Get(XMLData).Select(i => i.HashValue)];

Logger.Write("Getting all of the file paths of the files that App Control supports, from the user provided directory");

Expand Down
2 changes: 1 addition & 1 deletion AppControl Manager/Logic/Main/BasePolicyCreator.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -604,7 +604,7 @@ internal static void GetBlockRules(string StagingArea, bool deploy)
Logger.Write($"Checking if the {policyName} policy is already deployed");

// Getting the list of the deployed base policies whose names match the policyName
List<CiPolicyInfo> CurrentlyDeployedBlockRules = CiToolHelper.GetPolicies(false, true, false).Where(policy => string.Equals(policy.FriendlyName, policyName, StringComparison.OrdinalIgnoreCase)).ToList();
List<CiPolicyInfo> CurrentlyDeployedBlockRules = [.. CiToolHelper.GetPolicies(false, true, false).Where(policy => string.Equals(policy.FriendlyName, policyName, StringComparison.OrdinalIgnoreCase))];

// If any policy was found
if (CurrentlyDeployedBlockRules.Count > 0)
Expand Down
4 changes: 2 additions & 2 deletions AppControl Manager/Logic/SupplementalForSelf.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,9 +54,9 @@ internal static void Deploy(string StagingArea, string basePolicyID)

List<CiPolicyInfo> CurrentlyDeployedSupplementalPolicyNoFilter = CiToolHelper.GetPolicies(false, false, true);

List<CiPolicyInfo> CurrentlyDeployedSupplementalPolicy1stFilter = CurrentlyDeployedSupplementalPolicyNoFilter.Where(policy => string.Equals(policy.FriendlyName, policyName, StringComparison.OrdinalIgnoreCase)).ToList();
List<CiPolicyInfo> CurrentlyDeployedSupplementalPolicy1stFilter = [.. CurrentlyDeployedSupplementalPolicyNoFilter.Where(policy => string.Equals(policy.FriendlyName, policyName, StringComparison.OrdinalIgnoreCase))];

List<CiPolicyInfo> CurrentlyDeployedSupplementalPolicy = CurrentlyDeployedSupplementalPolicy1stFilter.Where(policy => string.Equals(policy.BasePolicyID, trimmedBasePolicyID, StringComparison.OrdinalIgnoreCase)).ToList();
List<CiPolicyInfo> CurrentlyDeployedSupplementalPolicy = [.. CurrentlyDeployedSupplementalPolicy1stFilter.Where(policy => string.Equals(policy.BasePolicyID, trimmedBasePolicyID, StringComparison.OrdinalIgnoreCase))];

if (CurrentlyDeployedSupplementalPolicy.Count > 0)
{
Expand Down
2 changes: 1 addition & 1 deletion AppControl Manager/Logic/XMLOps/NewPFNLevelRules.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ internal static void Create(string xmlFilePath, List<string> packageFamilyNames)
}

// Make sure the PackageFamilyNames are unique and have no duplicates
packageFamilyNames = packageFamilyNames.Distinct().ToList();
packageFamilyNames = [.. packageFamilyNames.Distinct()];

foreach (string PFN in packageFamilyNames)
{
Expand Down
4 changes: 1 addition & 3 deletions AppControl Manager/MainWindow.xaml.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -910,9 +910,7 @@ private void SearchBox_TextChanged(AutoSuggestBox sender, AutoSuggestBoxTextChan
string query = sender.Text.ToLowerInvariant();

// Filter menu items based on the search query
List<string> suggestions = menuItems.Keys
.Where(name => name.Contains(query, StringComparison.OrdinalIgnoreCase))
.ToList();
List<string> suggestions = [.. menuItems.Keys.Where(name => name.Contains(query, StringComparison.OrdinalIgnoreCase))];


// Set the filtered items as suggestions in the AutoSuggestBox
Expand Down
2 changes: 1 addition & 1 deletion AppControl Manager/Package.appxmanifest
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
<Identity
Name="AppControlManager"
Publisher="CN=SelfSignedCertForAppControlManager"
Version="1.6.0.0" />
Version="1.7.0.0" />

<mp:PhoneIdentity PhoneProductId="199a23ec-7cb6-4ab5-ab50-8baca348bc79" PhonePublisherId="00000000-0000-0000-0000-000000000000"/>

Expand Down
2 changes: 1 addition & 1 deletion AppControl Manager/Pages/AllowNewApps/AllowNewAppsEventLogsDataGrid.xaml.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -320,7 +320,7 @@ private void DeSelectAll_Click(object sender, RoutedEventArgs e)
private void DataGridFlyoutMenuDelete_Click(object sender, RoutedEventArgs e)
{
// Collect the selected items to delete
List<FileIdentity> itemsToDelete = FileIdentitiesDataGrid.SelectedItems.Cast<FileIdentity>().ToList();
List<FileIdentity> itemsToDelete = [.. FileIdentitiesDataGrid.SelectedItems.Cast<FileIdentity>()];

// Remove each selected item from the FileIdentities collection
foreach (FileIdentity item in itemsToDelete)
Expand Down
2 changes: 1 addition & 1 deletion AppControl Manager/Pages/AllowNewApps/AllowNewAppsLocalFilesDataGrid.xaml.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -319,7 +319,7 @@ private void DeSelectAll_Click(object sender, RoutedEventArgs e)
private void DataGridFlyoutMenuDelete_Click(object sender, RoutedEventArgs e)
{
// Collect the selected items to delete
List<FileIdentity> itemsToDelete = FileIdentitiesDataGrid.SelectedItems.Cast<FileIdentity>().ToList();
List<FileIdentity> itemsToDelete = [.. FileIdentitiesDataGrid.SelectedItems.Cast<FileIdentity>()];

// Remove each selected item from the FileIdentities collection
foreach (FileIdentity item in itemsToDelete)
Expand Down
9 changes: 3 additions & 6 deletions AppControl Manager/Pages/AllowNewApps/AllowNewAppsStart.xaml.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@
using System.Collections.ObjectModel;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices.WindowsRuntime;
using System.Threading.Tasks;


Expand Down Expand Up @@ -244,7 +243,7 @@ await Task.Run(() =>
List<CiPolicyInfo> allDeployedBasePolicies = CiToolHelper.GetPolicies(false, true, false);

// Get all the deployed base policyIDs
List<string?> CurrentlyDeployedBasePolicyIDs = allDeployedBasePolicies.Select(p => p.BasePolicyID).ToList();
List<string?> CurrentlyDeployedBasePolicyIDs = [.. allDeployedBasePolicies.Select(p => p.BasePolicyID)];

// Trim the curly braces from the policyID
string trimmedPolicyID = codeIntegrityPolicy.PolicyID.TrimStart('{').TrimEnd('}');
Expand Down Expand Up @@ -382,7 +381,7 @@ await Task.Run(() =>
DirectoryInfo[] selectedDirectories = [];

// Convert user selected folder paths that are strings to DirectoryInfo objects
selectedDirectories = selectedDirectoriesToScan.Select(dir => new DirectoryInfo(dir)).ToArray();
selectedDirectories = [.. selectedDirectoriesToScan.Select(dir => new DirectoryInfo(dir))];

// Get all of the AppControl compatible files from user selected directories
List<FileInfo> DetectedFilesInSelectedDirectories = FileUtility.GetFilesFast(selectedDirectories, null, null);
Expand Down Expand Up @@ -434,9 +433,7 @@ await Task.Run(() =>
// Filter the logs and keep only ones generated after audit mode policy was deployed
await Task.Run(() =>
{
Output = Output
.Where(fileIdentity => fileIdentity.TimeCreated >= LogsScanStartTime)
.ToHashSet();
Output = [.. Output.Where(fileIdentity => fileIdentity.TimeCreated >= LogsScanStartTime)];
});


Expand Down
4 changes: 2 additions & 2 deletions AppControl Manager/Pages/CreateSupplementalPolicy.xaml.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -372,12 +372,12 @@ await Task.Run(() =>
DirectoryInfo[] selectedDirectories = [];

// Convert user selected folder paths that are strings to DirectoryInfo objects
selectedDirectories = filesAndFoldersFolderPaths.Select(dir => new DirectoryInfo(dir)).ToArray();
selectedDirectories = [.. filesAndFoldersFolderPaths.Select(dir => new DirectoryInfo(dir))];

FileInfo[] selectedFiles = [];

// Convert user selected file paths that are strings to FileInfo objects
selectedFiles = filesAndFoldersFilePaths.Select(file => new FileInfo(file)).ToArray();
selectedFiles = [.. filesAndFoldersFilePaths.Select(file => new FileInfo(file))];

// Collect all of the AppControl compatible files from user selected directories and files
List<FileInfo> DetectedFilesInSelectedDirectories = FileUtility.GetFilesFast(selectedDirectories, selectedFiles, null);
Expand Down
2 changes: 1 addition & 1 deletion AppControl Manager/Pages/EventLogsPolicyCreation.xaml.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -464,7 +464,7 @@ private void DeSelectAll_Click(object sender, RoutedEventArgs e)
private void DataGridFlyoutMenuDelete_Click(object sender, RoutedEventArgs e)
{
// Collect the selected items to delete
List<FileIdentity> itemsToDelete = FileIdentitiesDataGrid.SelectedItems.Cast<FileIdentity>().ToList();
List<FileIdentity> itemsToDelete = [.. FileIdentitiesDataGrid.SelectedItems.Cast<FileIdentity>()];

// Remove each selected item from the FileIdentities collection
foreach (FileIdentity item in itemsToDelete)
Expand Down
2 changes: 1 addition & 1 deletion AppControl Manager/Pages/MDEAHPolicyCreation.xaml.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -457,7 +457,7 @@ private void DeSelectAll_Click(object sender, RoutedEventArgs e)
private void DataGridFlyoutMenuDelete_Click(object sender, RoutedEventArgs e)
{
// Collect the selected items to delete
List<FileIdentity> itemsToDelete = FileIdentitiesDataGrid.SelectedItems.Cast<FileIdentity>().ToList();
List<FileIdentity> itemsToDelete = [.. FileIdentitiesDataGrid.SelectedItems.Cast<FileIdentity>()];

// Remove each selected item from the FileIdentities ObservableCollection, they won't be included in the policy
foreach (FileIdentity item in itemsToDelete)
Expand Down
4 changes: 1 addition & 3 deletions AppControl Manager/Pages/Settings.xaml.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -475,9 +475,7 @@ private void CertificateCNAutoSuggestBox_TextChanged(AutoSuggestBox sender, Auto
string query = sender.Text.ToLowerInvariant();

// Filter menu items based on the search query
List<string> suggestions = CertCommonNames
.Where(name => name.Contains(query, StringComparison.OrdinalIgnoreCase))
.ToList();
List<string> suggestions = [.. CertCommonNames.Where(name => name.Contains(query, StringComparison.OrdinalIgnoreCase))];

// Set the filtered items as suggestions in the AutoSuggestBox
sender.ItemsSource = suggestions;
Expand Down
4 changes: 2 additions & 2 deletions AppControl Manager/Pages/Simulation.xaml.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,15 +225,15 @@ private void SearchBox_TextChanged(object sender, TextChangedEventArgs e)
string searchTerm = SearchBox.Text.Trim().ToLowerInvariant();

// Perform a case-insensitive search in all relevant fields
List<SimulationOutput> filteredResults = AllSimulationOutputs.Where(output =>
List<SimulationOutput> filteredResults = [.. AllSimulationOutputs.Where(output =>
(output.Path is not null && output.Path.Contains(searchTerm, StringComparison.OrdinalIgnoreCase)) ||
(output.Source is not null && output.Source.Contains(searchTerm, StringComparison.OrdinalIgnoreCase)) ||
(output.MatchCriteria is not null && output.MatchCriteria.Contains(searchTerm, StringComparison.OrdinalIgnoreCase)) ||
(output.SpecificFileNameLevelMatchCriteria is not null && output.SpecificFileNameLevelMatchCriteria.Contains(searchTerm, StringComparison.OrdinalIgnoreCase)) ||
(output.CertSubjectCN is not null && output.CertSubjectCN.Contains(searchTerm, StringComparison.OrdinalIgnoreCase)) ||
(output.SignerName is not null && output.SignerName.Contains(searchTerm, StringComparison.OrdinalIgnoreCase)) ||
(output.FilePath is not null && output.FilePath.Contains(searchTerm, StringComparison.OrdinalIgnoreCase))
).ToList();
)];


// Update the ObservableCollection on the UI thread with the filtered results
Expand Down
10 changes: 5 additions & 5 deletions AppControl Manager/Pages/SystemInformation/ViewCurrentPolicies.xaml.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ private void SearchBox_TextChanged(object sender, TextChangedEventArgs e)
string searchTerm = SearchBox.Text.Trim().ToLowerInvariant();

// Perform a case-insensitive search in all relevant fields
List<CiPolicyInfo> filteredResults = AllPoliciesOutput.Where(p =>
List<CiPolicyInfo> filteredResults = [.. AllPoliciesOutput.Where(p =>
(p.PolicyID?.ToLowerInvariant().Contains(searchTerm, StringComparison.OrdinalIgnoreCase) ?? false) ||
(p.FriendlyName?.ToLowerInvariant().Contains(searchTerm, StringComparison.OrdinalIgnoreCase) ?? false) ||
(p.VersionString?.ToLowerInvariant().Contains(searchTerm, StringComparison.OrdinalIgnoreCase) ?? false) ||
Expand All @@ -150,7 +150,7 @@ private void SearchBox_TextChanged(object sender, TextChangedEventArgs e)
(p.IsOnDisk.ToString().ToLowerInvariant().Contains(searchTerm, StringComparison.OrdinalIgnoreCase)) || // Convert bool to string for comparison
(p.IsEnforced.ToString().ToLowerInvariant().Contains(searchTerm, StringComparison.OrdinalIgnoreCase)) || // Convert bool to string for comparison
(p.PolicyOptionsDisplay?.ToLowerInvariant().Contains(searchTerm, StringComparison.OrdinalIgnoreCase) ?? false)
).ToList();
)];

// Update the ObservableCollection on the UI thread with the filtered results
AllPolicies.Clear();
Expand Down Expand Up @@ -248,9 +248,9 @@ await Task.Run(() =>
{
currentlyDeployedPolicies = CiToolHelper.GetPolicies(false, true, true);

currentlyDeployedBasePolicyIDs = currentlyDeployedPolicies.Where(x => string.Equals(x.PolicyID, x.BasePolicyID, StringComparison.OrdinalIgnoreCase)).Select(p => p.BasePolicyID).ToList();
currentlyDeployedBasePolicyIDs = [.. currentlyDeployedPolicies.Where(x => string.Equals(x.PolicyID, x.BasePolicyID, StringComparison.OrdinalIgnoreCase)).Select(p => p.BasePolicyID)];

currentlyDeployedAppControlManagerSupplementalPolicies = currentlyDeployedPolicies.Where(p => string.Equals(p.FriendlyName, AppControlPolicyName, StringComparison.OrdinalIgnoreCase)).ToList();
currentlyDeployedAppControlManagerSupplementalPolicies = [.. currentlyDeployedPolicies.Where(p => string.Equals(p.FriendlyName, AppControlPolicyName, StringComparison.OrdinalIgnoreCase))];
});


Expand Down Expand Up @@ -312,7 +312,7 @@ await Task.Run(() =>
// Remove all the policies from the system
await Task.Run(() =>
{
CiToolHelper.RemovePolicy(policiesToRemove.Select(x => x.PolicyID!).ToList());
CiToolHelper.RemovePolicy([.. policiesToRemove.Select(x => x.PolicyID!)]);
});

// Refresh the DataGrid's policies and their count
Expand Down
9 changes: 4 additions & 5 deletions AppControl Manager/SiPolicy/Merger.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -268,19 +268,18 @@ private static void EnsureUniqueEKUs(string xmlFilePath)
XNamespace ns = "urn:schemas-microsoft-com:sipolicy";

// Get all EKU elements
List<XElement> ekuElements = doc.Descendants(ns + "EKU").ToList();
List<XElement> ekuElements = [.. doc.Descendants(ns + "EKU")];

// Group EKUs by their Value attribute to identify duplicates
List<IGrouping<string, XElement>> duplicateGroups = ekuElements
List<IGrouping<string, XElement>> duplicateGroups = [.. ekuElements
.GroupBy(e => (string)e.Attribute("Value")!)
.Where(g => g.Count() > 1) // Only consider duplicates
.ToList();
.Where(g => g.Count() > 1)];

foreach (IGrouping<string, XElement> group in duplicateGroups)
{
// Keep the first EKU as the "master" and remove the others
XElement ekuToKeep = group.First();
List<XElement> ekusToRemove = group.Skip(1).ToList();
List<XElement> ekusToRemove = [.. group.Skip(1)];

// Update Signer CertEKU references to point to the retained EKU
foreach (XElement ekuToRemove in ekusToRemove)
Expand Down
Loading

0 comments on commit ed76dd7

Please sign in to comment.