New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
An incidentally [psobject]
-wrapped strongly typed array isn't recognized as such in argument-based parameter binding
#21496
Comments
[psobject]
-wrapped strongly typed array isn't recognized as such during parameter binding[psobject]
-wrapped strongly typed array isn't recognized as such in argument-based parameter binding
The New-Object mechanism does not go through the AMSI logging
Gives the output
So presume the New-Object mechanism is the preferred PowerShell mechanism. |
For creating an instance of a type using the |
Then why does it go through the AMSI logging? I interpret anything that goes through AMSI logging as "this is untrusted code" |
AMSI is a security feature for tools to hook into the language and decide what can and can not run. PowerShell is one of the better languages for this as it has very powerful tools for both auditing and controlling what is run and while there might be issues with its implementation around performance it doesn't rule out the benefits it provides. Honestly with the recent talk about the base64 string conversion I can see some improvements around how it logs values but I think the fault lies more in how the data is provided to the API. Dealing with 200MB of raw bytes then compounding it as a base64 string is quite an expensive task to do which is what is exacerbating the issue even further. It should be a sign that you need to change how things are working to avoid providing such large data to an API (like streaming the data). You'll find that PowerShell has a lot of logging mechanisms, not just for .NET method invocations but also for cmdlet invocations and the like You'll find some really nice blog posts talking about it in places like https://devblogs.microsoft.com/powershell/powershell-the-blue-team/. These features are critical for a language these days when it comes to security.
|
An alternative opinion is that it is security theatre when security should be based on permissions and access control, not by a virus detection ambulance at the bottom of a cliff. The AMSI scanning as currently implemented is nonsense, there is no formal format for the messages to be interpreted by any true access control mechanism it is just noise and no context. If it was truly an access control mechanism then both reflection invocations and all cmdlets would go through the mechanism. What is worse is all private data in arguments is being passed on to 2nd and 3rd parties and I have absolutely no idea where that is going, what is being done with it or where it is logged. If it is logged or passed on to any other process it is a violation of the protection and privacy of the process. boundary. |
@rhubarb-geek-nz, the AMSI angle is irrelevant to the issue at hand. The issue at hand is simply about parameter binding.
Whether AMSI logging should be performed at all on a per .NET-method call basis is an entirely separate matter, which you've already tried to address in: |
My solution to the new object problem was an additional cast to remove the PSObject
|
It won't gain you much beyond not having to repeat the type name, but the type-agnostic solution, using the intrinsic $bytes = (New-Object byte[] 200554320).psobject.BaseObject |
Prerequisites
Steps to reproduce
Note:
Note that parameter binding via the pipeline is not affected; that is,
, $byteArrayWrapped | Get-Foo
works as intended (note the need to wrap$byteArrayWrapped
in an aux., transitory array via the unary form of,
so as to ensure that it is passed as a single object).Expected behavior
Both calls should return virtually instantly, given that the argument type exactly matches the parameter type and that the cmdlet is otherwise a no-op.
Actual behavior
The second call, due to the invisible
[psobject]
wrapper resulting from use ofNew-Object
to construct the array, takes an excessive amount of time to complete.Error details
No response
Environment data
Visuals
No response
The text was updated successfully, but these errors were encountered: