From 6ee22385f003ccbda28e464b375ea97b72136dab Mon Sep 17 00:00:00 2001
From: CarloToso <105941898+CarloToso@users.noreply.github.com>
Date: Sun, 13 Nov 2022 01:32:44 +0100
Subject: [PATCH 01/11] Add SwitchParameter AllowInsecureRedirect
---
.../utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
index 85932f7eb86..00c9e9d570b 100644
--- a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
+++ b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
@@ -198,6 +198,13 @@ public abstract partial class WebRequestPSCmdlet : PSCmdlet
[Parameter]
public virtual SecureString Token { get; set; }
+ ///
+ /// Gets or sets the AllowInsecureRedirect property used to follow HTTP redirects from HTTPS.
+ /// AllowInsecureRedirect does not work with MaximumRedirection.
+ ///
+ [Parameter]
+ public virtual SwitchParameter AllowInsecureRedirect { get; set; }
+
#endregion
#region Headers
From 17198a3b9f4c06dbb20a8c76a79a0530005b9092 Mon Sep 17 00:00:00 2001
From: CarloToso <105941898+CarloToso@users.noreply.github.com>
Date: Sun, 13 Nov 2022 01:39:32 +0100
Subject: [PATCH 02/11] ValidateParameters
---
.../utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
index 00c9e9d570b..f3fdcb5dc00 100644
--- a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
+++ b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
@@ -467,6 +467,14 @@ internal virtual void ValidateParameters()
ThrowTerminatingError(error);
}
+ //HTTPS to HTTP redirect
+ if (AllowInsecureRedirect && (MaximumRedirection != -1))
+ {
+ ErrorRecord error = GetValidationError(WebCmdletStrings.AllowInsecureRedirectMaximumRedirectionConflict,
+ "WebCmdletAllowInsecureRedirectMaximumRedirectionConflictException");
+ ThrowTerminatingError(error);
+ }
+
// credentials
if (UseDefaultCredentials && (Credential != null))
{
From 35a1eaf5249cb947d7fb5d02975a31865ea33e9f Mon Sep 17 00:00:00 2001
From: CarloToso <105941898+CarloToso@users.noreply.github.com>
Date: Sun, 13 Nov 2022 01:44:22 +0100
Subject: [PATCH 03/11] Enable HTTP redirects from HTTPS
---
.../utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
index f3fdcb5dc00..2a6f8b44632 100644
--- a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
+++ b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
@@ -1392,7 +1392,7 @@ internal virtual HttpResponseMessage GetResponse(HttpClient client, HttpRequestM
_cancelToken = new CancellationTokenSource();
response = client.SendAsync(req, HttpCompletionOption.ResponseHeadersRead, _cancelToken.Token).GetAwaiter().GetResult();
- if (keepAuthorization && IsRedirectCode(response.StatusCode) && response.Headers.Location != null)
+ if ((keepAuthorization || AllowInsecureRedirect) && IsRedirectCode(response.StatusCode) && response.Headers.Location != null)
{
_cancelToken.Cancel();
_cancelToken = null;
From a26d327a446c2223ed4bb7a0cb738d89cba60781 Mon Sep 17 00:00:00 2001
From: CarloToso <105941898+CarloToso@users.noreply.github.com>
Date: Sun, 13 Nov 2022 02:06:52 +0100
Subject: [PATCH 04/11] fix comment
---
.../utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
index 2a6f8b44632..25f3d320750 100644
--- a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
+++ b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
@@ -467,7 +467,7 @@ internal virtual void ValidateParameters()
ThrowTerminatingError(error);
}
- //HTTPS to HTTP redirect
+ // HTTPS to HTTP redirect
if (AllowInsecureRedirect && (MaximumRedirection != -1))
{
ErrorRecord error = GetValidationError(WebCmdletStrings.AllowInsecureRedirectMaximumRedirectionConflict,
From a84ab27b9728a500bda7a0409476c0dc946334a2 Mon Sep 17 00:00:00 2001
From: CarloToso <105941898+CarloToso@users.noreply.github.com>
Date: Sun, 13 Nov 2022 02:25:48 +0100
Subject: [PATCH 05/11] Add error to WebCmdletsStrings.resx
---
.../resources/WebCmdletStrings.resx | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx b/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx
index bea0ae7d28a..87afea93a9d 100644
--- a/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx
+++ b/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx
@@ -120,6 +120,9 @@
Access to the path '{0}' is denied.
+
+ The cmdlet set MaximumRedirection while redirecting HTTPS to HTTP. Reissue the command without specifying the MaximumRedirection parameter.
+
The cmdlet cannot protect plain text secrets sent over unencrypted connections. To suppress this warning and send plain text secrets over unencrypted networks, reissue the command specifying the AllowUnencryptedAuthentication parameter.
From f5eede60b914a3c124fccf87a201f35e3fc6cdff Mon Sep 17 00:00:00 2001
From: CarloToso <105941898+CarloToso@users.noreply.github.com>
Date: Sun, 13 Nov 2022 02:54:11 +0100
Subject: [PATCH 06/11] fix WebCmdletsStrings.resx
---
.../resources/WebCmdletStrings.resx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx b/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx
index 87afea93a9d..7537450232a 100644
--- a/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx
+++ b/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx
@@ -120,7 +120,7 @@
Access to the path '{0}' is denied.
-
+
The cmdlet set MaximumRedirection while redirecting HTTPS to HTTP. Reissue the command without specifying the MaximumRedirection parameter.
From 94f78cc4b7bc66ae53da15e3f33bf2909e853394 Mon Sep 17 00:00:00 2001
From: CarloToso <105941898+CarloToso@users.noreply.github.com>
Date: Tue, 15 Nov 2022 01:06:00 +0100
Subject: [PATCH 07/11] Comment out
AllowInsecureRedirectMaximumRedirectionConflict
---
.../utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs | 4 ++--
.../resources/WebCmdletStrings.resx | 4 +++-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
index 25f3d320750..4fe6bef13ca 100644
--- a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
+++ b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
@@ -468,12 +468,12 @@ internal virtual void ValidateParameters()
}
// HTTPS to HTTP redirect
- if (AllowInsecureRedirect && (MaximumRedirection != -1))
+ /*if (AllowInsecureRedirect && (MaximumRedirection != -1))
{
ErrorRecord error = GetValidationError(WebCmdletStrings.AllowInsecureRedirectMaximumRedirectionConflict,
"WebCmdletAllowInsecureRedirectMaximumRedirectionConflictException");
ThrowTerminatingError(error);
- }
+ }*/
// credentials
if (UseDefaultCredentials && (Credential != null))
diff --git a/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx b/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx
index 7537450232a..d21a0dd1048 100644
--- a/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx
+++ b/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx
@@ -120,9 +120,11 @@
Access to the path '{0}' is denied.
+
The cmdlet cannot protect plain text secrets sent over unencrypted connections. To suppress this warning and send plain text secrets over unencrypted networks, reissue the command specifying the AllowUnencryptedAuthentication parameter.
@@ -157,7 +159,7 @@
Path '{0}' resolves to a directory. Specify a path including a file name, and then retry the command.
- The provided JSON includes a property whose name is an empty string, this is only supported using the -AsHashTable switch.
+ The provided JSON includes a property whose name is an empty string, this is only supported using the -AsHashTable switch.
Cannot convert the JSON string because a dictionary that was converted from the string contains the duplicated key '{0}'.
From e0ba600680e36e7141841e3ce39c9e57a150e4e4 Mon Sep 17 00:00:00 2001
From: CarloToso <105941898+CarloToso@users.noreply.github.com>
Date: Tue, 15 Nov 2022 01:08:30 +0100
Subject: [PATCH 08/11] AllowInsecureRedirect + MaximumRedirection
---
.../utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
index 4fe6bef13ca..c77a33f6ee5 100644
--- a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
+++ b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
@@ -1043,7 +1043,7 @@ internal virtual HttpClient GetHttpClient(bool handleRedirect)
}
// This indicates GetResponse will handle redirects.
- if (handleRedirect)
+ if (handleRedirect || AllowInsecureRedirect)
{
handler.AllowAutoRedirect = false;
}
@@ -1392,7 +1392,7 @@ internal virtual HttpResponseMessage GetResponse(HttpClient client, HttpRequestM
_cancelToken = new CancellationTokenSource();
response = client.SendAsync(req, HttpCompletionOption.ResponseHeadersRead, _cancelToken.Token).GetAwaiter().GetResult();
- if ((keepAuthorization || AllowInsecureRedirect) && IsRedirectCode(response.StatusCode) && response.Headers.Location != null)
+ if ((keepAuthorization || (AllowInsecureRedirect && (WebSession.MaximumRedirection > 0 || WebSession.MaximumRedirection == -1))) && IsRedirectCode(response.StatusCode) && response.Headers.Location != null)
{
_cancelToken.Cancel();
_cancelToken = null;
@@ -1652,7 +1652,7 @@ protected override void ProcessRecord()
}
}
while (_followRelLink && (followedRelLink < _maximumFollowRelLink));
- }
+ }
}
catch (CryptographicException ex)
{
From e43e8636eb009c71aa1b3543e16fe31ac1ca6764 Mon Sep 17 00:00:00 2001
From: CarloToso <105941898+CarloToso@users.noreply.github.com>
Date: Tue, 15 Nov 2022 01:45:09 +0100
Subject: [PATCH 09/11] Fix Spaces
---
.../utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs | 2 +-
.../resources/WebCmdletStrings.resx | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
index c77a33f6ee5..43fd85e8548 100644
--- a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
+++ b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
@@ -1652,7 +1652,7 @@ protected override void ProcessRecord()
}
}
while (_followRelLink && (followedRelLink < _maximumFollowRelLink));
- }
+ }
}
catch (CryptographicException ex)
{
diff --git a/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx b/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx
index d21a0dd1048..5f70c9f629f 100644
--- a/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx
+++ b/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx
@@ -159,7 +159,7 @@
Path '{0}' resolves to a directory. Specify a path including a file name, and then retry the command.
- The provided JSON includes a property whose name is an empty string, this is only supported using the -AsHashTable switch.
+ The provided JSON includes a property whose name is an empty string, this is only supported using the -AsHashTable switch.
Cannot convert the JSON string because a dictionary that was converted from the string contains the duplicated key '{0}'.
From 9f61d36c3c0c0ad1f1bcb2c4c5e296aa153b09a2 Mon Sep 17 00:00:00 2001
From: CarloToso <105941898+CarloToso@users.noreply.github.com>
Date: Tue, 15 Nov 2022 01:48:02 +0100
Subject: [PATCH 10/11] Fix comment
---
.../utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
index 43fd85e8548..d579c40cae0 100644
--- a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
+++ b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
@@ -200,7 +200,6 @@ public abstract partial class WebRequestPSCmdlet : PSCmdlet
///
/// Gets or sets the AllowInsecureRedirect property used to follow HTTP redirects from HTTPS.
- /// AllowInsecureRedirect does not work with MaximumRedirection.
///
[Parameter]
public virtual SwitchParameter AllowInsecureRedirect { get; set; }
From 287bc61b87d99fdc0233d84dfa178a288359e656 Mon Sep 17 00:00:00 2001
From: CarloToso <105941898+CarloToso@users.noreply.github.com>
Date: Tue, 15 Nov 2022 09:37:13 +0100
Subject: [PATCH 11/11] Remove commented error message
---
.../utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs | 8 --------
.../resources/WebCmdletStrings.resx | 5 -----
2 files changed, 13 deletions(-)
diff --git a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
index d579c40cae0..505faaa7def 100644
--- a/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
+++ b/src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
@@ -466,14 +466,6 @@ internal virtual void ValidateParameters()
ThrowTerminatingError(error);
}
- // HTTPS to HTTP redirect
- /*if (AllowInsecureRedirect && (MaximumRedirection != -1))
- {
- ErrorRecord error = GetValidationError(WebCmdletStrings.AllowInsecureRedirectMaximumRedirectionConflict,
- "WebCmdletAllowInsecureRedirectMaximumRedirectionConflictException");
- ThrowTerminatingError(error);
- }*/
-
// credentials
if (UseDefaultCredentials && (Credential != null))
{
diff --git a/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx b/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx
index 5f70c9f629f..bea0ae7d28a 100644
--- a/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx
+++ b/src/Microsoft.PowerShell.Commands.Utility/resources/WebCmdletStrings.resx
@@ -120,11 +120,6 @@
Access to the path '{0}' is denied.
-
The cmdlet cannot protect plain text secrets sent over unencrypted connections. To suppress this warning and send plain text secrets over unencrypted networks, reissue the command specifying the AllowUnencryptedAuthentication parameter.