Open Am-Na-D opened 4 months ago
Hi @Am-Na-D Generally, your defender identifies the potential vulnerability correctly.
The use of Invoke-Expression in PowerShell can be risky, particularly when incorporating unsanitized user input:
# Simulated user input that includes an injection attempt
$userInput = "Get-Date && Remove-Item -Path C:\SensitiveFile -Force"
# Dangerous use of Invoke-Expression with user input
Invoke-Expression "Write-Output 'The current date is: ';$userInput"
As the example shows, the command executed by Invoke-Expression might contain some malicious command, attaches via &&
operator. So, it's not recommended to use Invoke-Expression.
From our side we're trying to minimize its usage as much as we can. Also, we have built in sanitization for commands, we're executing, which prevents potential code injections.
Hope I answered your question😊 If you don't have any other questions - feel free to close this issue.
Extension name
Winrm IIS Web App Management
Extension version
3.*
Environment type (Please select at least one enviroment where you face this issue)
Azure DevOps Server type
dev.azure.com (formerly visualstudio.com)
Azure DevOps Server Version (if applicable)
Azure Devops Server 2022.0.1
Operation system
windows server 2022 /2019/2016
Question