Microsoft.WinGet.RestSource

Popularity

933

Total Downloads

Contributors

Declared Dependencies

Dependents

Top issues

See all issues

SQ34109

Detected presence of hardcoded private keys.

Causes risk: plaintext private keys found

secrets

Problem

Private keys are used to protect sensitive information, digitally sign content, and to secure information transmission. Private keys are considered secrets, and as such should never be published. Depending on the private key type its exposure can carry a varying degree of risk. While it is common for private keys to be found as standalone files, the detected ones have been found embedded within another software package component. This could indicate an attempt to hide private key presence. Attackers abuse private keys to gain unauthorized server access, decrypt sensitive information, digitally sign content, or impersonate users whose private keys have been leaked.

Prevalence in PowerShell Gallery community

No prevalence information at this time

Next steps

Review the reported private keys and remove them from the software package if they were accidentally included.

If the keys were published unintentionally and the software has been made public, you should revoke the keys and file a security incident.

TH17127

Detected presence of files containing URLs that link to raw files on GitHub.

hunting

Problem

Uniform Resource Locators (URLs) are structured addresses that point to locations and assets on the internet. URLs allow software developers to build complex applications that exchange data with servers that can be hosted in multiple geographical regions. URLs can commonly be found embedded in documentation, configuration files, source code and compiled binaries. One or more embedded URLs were discovered to link to raw files hosted on GitHub. Attackers often abuse popular web services to host malicious payloads. Since code-sharing services URLs are typically allowed by security solutions, using them for payload delivery increases the odds that the malicious code will reach the user. While the presence of code-sharing service locations does not imply malicious intent, all of their uses in a software package should be documented and approved. An increasing number of software supply chain attacks in the open source space leverages the GitHub service to deliver malicious payloads.

Prevalence in PowerShell Gallery community

No prevalence information at this time

Next steps

Investigate reported detections.

If the software should not include these network references, investigate your build and release environment for software supply chain compromise.

You should delay the software release until the investigation is completed, or until the issue is risk accepted.

Consider an alternative delivery mechanism for software packages.

SQ14138

Detected Windows executable files that were compiled without following the recommended SDL process.

Causes risk: misconfigured toolchains detected

hardening

Problem

Security Development Lifecycle (SDL) is a group of enhanced compile-time checks that report common coding mistakes as errors, preventing them from reaching production. These checks minimize the number of security issues by enforcing strict memory access checks. They also prevent the use of hard-to-secure string and memory manipulation functions. To prove the binary has been compiled with these checks enabled, the compiler emits a special debug object. Removing the debug table eliminates this proof. Therefore, this check only applies to binaries that still have their debug tables.

Prevalence in PowerShell Gallery community

No prevalence information at this time

Next steps

You should keep the debug table to prove that the SDL process has been followed.

To enable these checks, refer to your programming language toolchain documentation.

In Microsoft VisualStudio, you can enable this feature by setting the compiler option /SDL to ON.

SQ14160

Detected Windows executable files that embed PDB files whose integrity is verified with an insecure hashing algorithm.

Causes risk: outdated toolchains detected

hardening

Problem

Program database (PDB) files are typically only used during software development. They contain private debug symbols that make it significantly easier to reverse engineer a closed-source application. In some cases, having a program database file is equivalent to having access to the source code. Presence of program databases could indicate that one or more software components have been built using a debug profile, instead of the release.

Prevalence in PowerShell Gallery community

No prevalence information at this time

Next steps

Private debug database files should not be embedded within executables, and you should remove them from the software package before releasing it.

The integrity verification of the embedded database files should not be done with insecure hashing algorithms. SHA1 and MD5 hashes should be deprecated throughout the application, and a more secure SHA256 algorithm should be used instead.

SQ18109

Detected Linux executable files that use a deprecated method to store the security cookie, making the buffer overrun vulnerability mitigation protection less effective.

Causes risk: reduced effectiveness mitigations

hardening

Problem

Stack canary is a special value written onto the stack that allows the operating system to detect and terminate the program if a stack overrun occurs. Older compilers might generate stack cookies in a way that makes it possible to determine their value, allowing the attacker to render the mitigation ineffective.

Prevalence in PowerShell Gallery community

No prevalence information at this time

Next steps

In GCC, you can enable the stack canary with -fstack-protector-strong or -fstack-protector-all flag, but it may also be enabled by default in more recent versions of the compiler.

Consider upgrading your compiler.

Top behaviors

See all behaviors

Accesses credentials from the Windows Credential Manager.

steal