microsoft
/
MSRC-Microsoft-Security-Updates-API
зеркало из https://github.com/microsoft/MSRC-Microsoft-Security-Updates-API.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge pull request #80 from microsoft/stmoor/remove-apikey-req 

Remove api key requirement
This commit is contained in:
Stefani Moore 2021-02-03 18:12:45 -08:00 коммит произвёл GitHub
Родитель d2b243139f 724bdb0bc0
Коммит 6ec3d145fb
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
7 изменённых файлов: 161 добавлений и 226 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
src/MsrcSecurityUpdates/MsrcSecurityUpdates.psd1
Просмотреть файл

@ -12,7 +12,7 @@
RootModule = 'MsrcSecurityUpdates.psm1'
# Version number of this module.
ModuleVersion = '1.8.8'
ModuleVersion = '1.9.0'
# Supported PSEditions
# CompatiblePSEditions = @()
@ -130,6 +130,7 @@ PrivateData = @{
# ReleaseNotes of this module
ReleaseNotes = @'
February 3, 2021 - Removed Api-key requirement.
January 17, 2021 - Added Issuing CNA info to Get-MsrcVulnerabilityReportHtml
December 9, 2020 - Added Executive Summary to Get-MsrcVulnerabilityReportHtml
November 23, 2020 - Added Known Issues to Get-MsrcVulnerabilityReportHtml

11
src/MsrcSecurityUpdates/Private/Get-CVRFID.ps1
Просмотреть файл

@ -16,23 +16,18 @@ Process {
ErrorAction = 'Stop'
}
if ($global:msrcProxy){
$RestMethod.Add('Proxy' , $global:msrcProxy)
}
if ($global:msrcProxyCredential){
$RestMethod.Add('ProxyCredential',$global:msrcProxyCredential)
}
if ($global:MSRCApiKey) {
$RestMethod.Headers.Add('Api-Key',$global:MSRCApiKey)
$RestMethod.Add('ProxyCredential',$global:msrcProxyCredential)
} elseif ($global:MSRCAdalAccessToken) {
$RestMethod.Headers.Add('Authorization',$($global:MSRCAdalAccessToken.CreateAuthorizationHeader()))
} else {
Throw 'You need to use Set-MSRCApiKey first to set your API Key'
}
}
try {

6
src/MsrcSecurityUpdates/Private/Set-GlobalVariables.ps1 Normal file
Просмотреть файл

@ -0,0 +1,6 @@
# we also set other shared variables
$global:msrcApiUrl = 'https://api.msrc.microsoft.com'
Write-Verbose -Message "Successfully defined a msrcApiUrl global variable that points to $($global:msrcApiUrl)"
$global:msrcApiVersion = 'api-version=2016-08-01'
Write-Verbose -Message "Successfully defined a msrcApiVersion global variable that points to $($global:msrcApiVersion)"

102
src/MsrcSecurityUpdates/Public/Get-MsrcCvrfDocument.ps1
Просмотреть файл

@ -35,31 +35,26 @@ Param (
)
DynamicParam {
if (-not ($global:MSRCApiKey -or $global:MSRCAdalAccessToken)) {
$Dictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
Write-Warning -Message 'You need to use Set-MSRCApiKey first to set your API Key'
$ParameterName = 'ID'
$AttribColl1 = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
$Param1Att = New-Object System.Management.Automation.ParameterAttribute
$Param1Att.Mandatory = $true
$AttribColl1.Add($Param1Att)
} else {
$Dictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
$ParameterName = 'ID'
$AttribColl1 = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
$Param1Att = New-Object System.Management.Automation.ParameterAttribute
$Param1Att.Mandatory = $true
$AttribColl1.Add($Param1Att)
try {
$allCVRFID = Get-CVRFID
} catch {
Throw "`nUnable to get online the list of CVRF ID because:`n$($_.Exception.Message)"
}
if ($allCVRFID) {
$AttribColl1.Add((New-Object System.Management.Automation.ValidateSetAttribute($allCVRFID)))
$Dictionary.Add($ParameterName,(New-Object System.Management.Automation.RuntimeDefinedParameter($ParameterName, [string], $AttribColl1)))
$Dictionary
}
try {
$allCVRFID = Get-CVRFID
} catch {
Throw "`nUnable to get online the list of CVRF ID because:`n$($_.Exception.Message)"
}
if ($allCVRFID) {
$AttribColl1.Add((New-Object System.Management.Automation.ValidateSetAttribute($allCVRFID)))
$Dictionary.Add($ParameterName,(New-Object System.Management.Automation.RuntimeDefinedParameter($ParameterName, [string], $AttribColl1)))
$Dictionary
}
}
Begin {}
Process {
@ -76,53 +71,50 @@ Process {
$RestMethod.Add('Proxy', $global:msrcProxy)
}
if ($global:msrcProxyCredential) {
$RestMethod.Add('ProxyCredential',$global:msrcProxyCredential)
}
# Adjust header based on our variables
if ($global:MSRCApiKey) {
$RestMethod.Add('Header',@{ 'Api-Key' = $global:MSRCApiKey })
} elseif ($global:MSRCAdalAccessToken) {
if ($global:MSRCAdalAccessToken) {
$RestMethod.Add('Header',@{ 'Authorization' = $global:MSRCAdalAccessToken.CreateAuthorizationHeader() })
} else {
}
Write-Warning -Message 'You need to use Set-MSRCApiKey first to set your API Key'
}
# If we have a header defined, we proceed
if ($RestMethod['Header']) {
if ($AsXml) {
if ($AsXml) {
if($RestMethod['Header']){
$RestMethod.Header.Add('Accept','application/xml')
} else {
$RestMethod.Add('Header', @{'Accept'='application/xml'})
}
} else {
if($RestMethod['Header']){
$RestMethod.Header.Add('Accept','application/json')
}
try {
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Write-Verbose -Message "Calling $($RestMethod.uri)"
$response = Invoke-RestMethod @RestMethod
} catch {
Write-Error -Message "HTTP Get failed with status code $($_.Exception.Response.StatusCode): $($_.Exception.Response.StatusDescription)"
}
# Invoke-RestMethod will return an string on PowerShell 4.0 and earlier
# if the JSON-formatted response is larger than about two million characters
if (-not $AsXml -and $response -is [string]) {
$response = ParseJsonString($response)
}
$response
} else {
$RestMethod.Add('Header', @{'Accept'='application/json'})
}
}
try {
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Write-Verbose -Message "Calling $($RestMethod.uri)"
$response = Invoke-RestMethod @RestMethod
} catch {
Write-Error -Message "HTTP Get failed with status code $($_.Exception.Response.StatusCode): $($_.Exception.Response.StatusDescription)"
}
# Invoke-RestMethod will return an string on PowerShell 4.0 and earlier
# if the JSON-formatted response is larger than about two million characters
if (-not $AsXml -and $response -is [string]) {
$response = ParseJsonString($response)
}
$response
}
End {}
}

181
src/MsrcSecurityUpdates/Public/Get-MsrcSecurityUpdate.ps1
Просмотреть файл

@ -89,130 +89,111 @@ Param (
[String]$Vulnerability
)
DynamicParam {
$Dictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
if (-not ($global:MSRCApiKey -or $global:MSRCAdalAccessToken)) {
$ParameterName = 'CVRF'
$AttribColl1 = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
$Param1Att = New-Object System.Management.Automation.ParameterAttribute
$Param1Att.Mandatory = $true
# $Param1Att.ValueFromPipeline = $true
$Param1Att.ParameterSetName = 'ByCVRF'
$AttribColl1.Add($Param1Att)
Write-Warning -Message 'You need to use Set-MSRCApiKey first to set your API Key'
} else {
$Dictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
$ParameterName = 'CVRF'
$AttribColl1 = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
$Param1Att = New-Object System.Management.Automation.ParameterAttribute
$Param1Att.Mandatory = $true
# $Param1Att.ValueFromPipeline = $true
$Param1Att.ParameterSetName = 'ByCVRF'
$AttribColl1.Add($Param1Att)
try {
$allCVRFID = Get-CVRFID
} catch {
Throw "`nUnable to get online the list of CVRF ID because:`n$($_.Exception.Message)"
}
if ($allCVRFID) {
$AttribColl1.Add((New-Object System.Management.Automation.ValidateSetAttribute($allCVRFID)))
$Dictionary.Add($ParameterName,(New-Object System.Management.Automation.RuntimeDefinedParameter($ParameterName, [string], $AttribColl1)))
$Dictionary
}
try {
$allCVRFID = Get-CVRFID
} catch {
Throw "`nUnable to get online the list of CVRF ID because:`n$($_.Exception.Message)"
}
if ($allCVRFID) {
$AttribColl1.Add((New-Object System.Management.Automation.ValidateSetAttribute($allCVRFID)))
$Dictionary.Add($ParameterName,(New-Object System.Management.Automation.RuntimeDefinedParameter($ParameterName, [string], $AttribColl1)))
$Dictionary
}
}
Begin {}
Process {
if (-not ($global:MSRCApiKey -or $global:MSRCAdalAccessToken)) {
switch ($PSCmdlet.ParameterSetName) {
Write-Warning -Message 'You need to use Set-MSRCApiKey first to set your API Key'
ByDate {
} else {
switch ($PSCmdlet.ParameterSetName) {
$sb = New-Object System.Text.StringBuilder
ByDate {
$null = $sb.Append("$($msrcApiUrl)/Updates?`$filter=")
$sb = New-Object System.Text.StringBuilder
if ($PSBoundParameters.ContainsKey('Before')) {
$null = $sb.Append("$($msrcApiUrl)/Updates?`$filter=")
if ($PSBoundParameters.ContainsKey('Before')) {
$null = $sb.Append("CurrentReleaseDate lt $($Before.ToString('yyyy-MM-dd'))")
if ($PSBoundParameters.ContainsKey('After')) {
$null = $sb.Append(' and ')
}
}
$null = $sb.Append("CurrentReleaseDate lt $($Before.ToString('yyyy-MM-dd'))")
if ($PSBoundParameters.ContainsKey('After')) {
$null = $sb.Append("CurrentReleaseDate gt $($After.ToString('yyyy-MM-dd'))")
$null = $sb.Append(' and ')
}
$null = $sb.Append("&$($msrcApiVersion)")
$url = $sb.ToString()
break
}
ByYear {
$url = "{0}/Updates('{1}')?{2}" -f $msrcApiUrl,$Year,$msrcApiVersion
break
if ($PSBoundParameters.ContainsKey('After')) {
$null = $sb.Append("CurrentReleaseDate gt $($After.ToString('yyyy-MM-dd'))")
}
ByVulnerability {
$url = "{0}/Updates('{1}')?{2}" -f $msrcApiUrl,$Vulnerability,$msrcApiVersion
break
}
ByCVRF {
$url = "{0}/Updates('{1}')?{2}" -f $msrcApiUrl,$($PSBoundParameters['CVRF']),$msrcApiVersion
break
}
Default {
$url = "{0}/Updates?{1}" -f $msrcApiUrl,$msrcApiVersion
}
}
$RestMethod = @{
uri = $url
Headers = @{ 'Accept' = 'application/json' }
ErrorAction = 'Stop'
}
if ($global:msrcProxy){
$RestMethod.Add('Proxy' , $global:msrcProxy)
}
if ($global:msrcProxyCredential){
$RestMethod.Add('ProxyCredential' , $global:msrcProxyCredential)
}
if ($global:MSRCAdalAccessToken)
{
$RestMethod.Headers.Add('Authorization' , $global:MSRCAdalAccessToken.CreateAuthorizationHeader())
}
elseif ($global:MSRCApiKey)
{
$RestMethod.Headers.Add('Api-Key' , $global:MSRCApiKey)
}
else
{
Throw 'You need to use Set-MSRCApiKey first to set your API Key'
}
try {
$null = $sb.Append("&$($msrcApiVersion)")
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Write-Verbose -Message "Calling $($RestMethod.uri)"
$url = $sb.ToString()
$r = Invoke-RestMethod @RestMethod
} catch {
Write-Error -Message "HTTP Get failed with status code $($_.Exception.Response.StatusCode): $($_.Exception.Response.StatusDescription)"
break
}
if (-not $r) {
Write-Warning -Message 'No results returned from the /Update API'
} else {
$r.Value
ByYear {
$url = "{0}/Updates('{1}')?{2}" -f $msrcApiUrl,$Year,$msrcApiVersion
break
}
ByVulnerability {
$url = "{0}/Updates('{1}')?{2}" -f $msrcApiUrl,$Vulnerability,$msrcApiVersion
break
}
ByCVRF {
$url = "{0}/Updates('{1}')?{2}" -f $msrcApiUrl,$($PSBoundParameters['CVRF']),$msrcApiVersion
break
}
Default {
$url = "{0}/Updates?{1}" -f $msrcApiUrl,$msrcApiVersion
}
}
$RestMethod = @{
uri = $url
Headers = @{ 'Accept' = 'application/json' }
ErrorAction = 'Stop'
}
if ($global:msrcProxy){
$RestMethod.Add('Proxy' , $global:msrcProxy)
}
if ($global:msrcProxyCredential){
$RestMethod.Add('ProxyCredential' , $global:msrcProxyCredential)
}
if ($global:MSRCAdalAccessToken)
{
$RestMethod.Headers.Add('Authorization' , $global:MSRCAdalAccessToken.CreateAuthorizationHeader())
}
try {
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Write-Verbose -Message "Calling $($RestMethod.uri)"
$r = Invoke-RestMethod @RestMethod
} catch {
Write-Error -Message "HTTP Get failed with status code $($_.Exception.Response.StatusCode): $($_.Exception.Response.StatusDescription)"
}
if (-not $r) {
Write-Warning -Message 'No results returned from the /Update API'
} else {
$r.Value
}
}
End {}
}

48
src/MsrcSecurityUpdates/Public/Set-MSRCApiKey.ps1
Просмотреть файл

@ -1,48 +0,0 @@
Function Set-MSRCApiKey {
[CmdletBinding(SupportsShouldProcess)]
Param(
[Parameter(Mandatory)]
$ApiKey,
[Parameter()]
[System.Uri]$Proxy,
[Parameter()]
[ValidateNotNull()]
[System.Management.Automation.PSCredential]
[System.Management.Automation.Credential()]
$ProxyCredential = [System.Management.Automation.PSCredential]::Empty
)
Begin {}
Process {
if ($PSCmdlet.ShouldProcess($ApiKey,'Set item')) {
$global:MSRCApiKey = $ApiKey
Write-Verbose -Message "Successfully set your API Key required by cmdlets of this module. Calls to the MSRC APIs will now use your API key."
# we also set other shared variables
$global:msrcApiUrl = 'https://api.msrc.microsoft.com'
Write-Verbose -Message "Successfully defined a msrcApiUrl global variable that points to $($global:msrcApiUrl)"
$global:msrcApiVersion = 'api-version=2016-08-01'
Write-Verbose -Message "Successfully defined a msrcApiVersion global variable that points to $($global:msrcApiVersion)"
if ($ProxyCredential -ne [System.Management.Automation.PSCredential]::Empty) {
$global:msrcProxyCredential = $ProxyCredential
Write-Verbose -Message 'Successfully defined a msrcProxyCredential global variable'
}
if ($Proxy) {
$global:msrcProxy = $Proxy
Write-Verbose -Message "Successfully defined a msrcProxyCredential global variable that points to $($global:msrcProxy)"
}
if ($global:MSRCAdalAccessToken)
{
Remove-Variable -Name MSRCAdalAccessToken -Scope Global
}
}
}
End {}
}

36
src/MsrcSecurityUpdates/Public/Set-MsrcAdalAccessToken.ps1
Просмотреть файл

@ -3,7 +3,13 @@ Function Set-MSRCAdalAccessToken {
Param()
Begin {}
Process {
if ([AppDomain]::CurrentDomain.SetupInformation.TargetFrameworkName -like "*v5.*") {
throw ".Net Core v5.x is not currently supported"
}
if ($PSCmdlet.ShouldProcess('Set the MSRCApiKey using MSRCAdalAccessToken')) {
Add-Type -Path "$PSScriptRoot/../Microsoft.IdentityModel.Clients.ActiveDirectory.dll" -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
$authority = 'https://login.windows.net/microsoft.onmicrosoft.com/'
$authContext = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext($authority)
@ -12,27 +18,29 @@ Process {
$promptBehavior = [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Auto
$ResourceId = 'https://msrc-api-prod.azurewebsites.net'
$ClientId = 'c7fe3b9e-4d97-462d-ae1b-c16e679be355'
$authResult = $authContext.AcquireToken($ResourceId, $ClientId, $rUri,$promptBehavior)
$global:MSRCAdalAccessToken = $null
$global:MSRCAdalAccessToken = $authResult
Write-Verbose -Message "Successfully set your Access Token required by cmdlets of this module. Calls to the MSRC APIs will now use your access token."
if ($authContext.AcquireToken -ne $null) {
$global:MSRCAdalAccessToken = $authContext.AcquireToken($ResourceId, $ClientId, $rUri,$promptBehavior)
} elseif ($authContext.AcquireTokenAsync -ne $null) {
$platformParams = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters($promptBehavior)
$task = $authContext.AcquireTokenAsync($ResourceId, $ClientId, $rUri,$platformParams)
$task.Wait()
$global:MSRCAdalAccessToken = $task.Result
}
# we also set other shared variables
$global:msrcApiUrl = 'https://api.msrc.microsoft.com'
Write-Verbose -Message "Successfully defined a msrcApiUrl global variable that points to $($global:msrcApiUrl)"
$global:msrcApiVersion = 'api-version=2016-08-01'
Write-Verbose -Message "Successfully defined a msrcApiVersion global variable that points to $($global:msrcApiVersion)"
if ($global:MSRCApiKey)
{
Remove-Variable -Name MSRCApiKey -Scope Global
if ($global:MSRCAdalAccessToken -ne $null) {
Write-Verbose -Message "Successfully set your Access Token required by cmdlets of this module. Calls to the MSRC APIs will now use your access token."
} else {
throw "Failed Acquiring Access Token!"
}
}
}
End {}
}