search

cisagov / ScubaGear

Automation to assess the state of your M365 tenant against CISA's baselines
https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project
Creative Commons Zero v1.0 Universal
1.45k stars 203 forks source link

Change from BITS to WebClient #1077

Open ivassallo19 opened 2 months ago

ivassallo19 commented 2 months ago

🐛 Summary

Within Get-OPAFile you use Start-BitsTransfer, but I run ScubaGear under a different account than my main login, as it has admin privileges, and BITS is prevented unless the session is logged in. Should change it to use WebClient as you have done within Get-ExeHash

To reproduce

Steps to reproduce the behavior:

  1. Initialize-SCuBA

Expected behavior

OPA download succeeds

Any helpful log output or screenshots

Paste the results here:

Manually attempting BITS:

Start-BitsTransfer : The operation being requested was not performed because the user has not logged on to the network

Add any screenshots of the problem here.

buidav commented 2 months ago

Thanks for opening an issue on this.

Looking into this Start-BitsTransfer was used over Webclient for Get-OPAFile because it included a download progress bar for user feedback. An idea on our end as an enhancement is to use Webclient as a failsafe for when Start-BitsTransfer fails.

ivassallo19 commented 2 months ago

Given that, another idea is to use Invoke-WebRequest, as this does include a progress bar, albeit without a total bytes or percent complete