T0pCyber / hawk

Powershell Based tool for gathering information related to O365 intrusions and potential Breaches
https://cloudforensicator.com/
MIT License
709 stars 117 forks source link

Feature: Implement Dual-Validation PSScriptAnalyzer with Standardized Settings #144

Open jonnybottles opened 4 days ago

jonnybottles commented 4 days ago

What problem would this feature solve?

Currently, PSScriptAnalyzer in Hawk:

This means:

Proposed Solution

Implement a dual-validation approach that runs PSScriptAnalyzer:

Both using the same standardized settings file to ensure consistency.

Technical Requirements

Settings File Requirements

Test Suite Updates

Pre-commit Hook Requirements

Documentation Requirements

Implementation Approach

Implementation Steps

Acceptance Criteria

Acceptance Criteria

  1. Settings File
  1. Pre-commit Hook
  1. CI Test
  1. Documentation
jonnybottles commented 4 days ago

Done:

To Do:

jonnybottles commented 2 days ago

Both pre-commit hook and workflow references same PSSA config file. Need to modify ole validate.yml to no longer call PSSA in the PSScriptAnalyzer.Tests.ps1 file and then remove that file.

jonnybottles commented 1 day ago

PSSA config file moved to Hawk/internal/configurations. Both pre-commit hook / workflow is working and ticket tasks are complete. However, the RobustCloudCommand error is now showing back up and needs to be fixed. To allow for pushing to the repo the module build in vsts-prequisites.ps1 is currently commented out to avoid the RobustCloudCommand failure.

Current recommended appraoch is to download the RobustCloudCommand from its GitHub repo and then include it in a Hawk folder Hawk/external, and have the Hawk.psd1 reference that file instead of the external no longer existing module in the PowerShell gallery.