Skip to content

Commit

Permalink
Issue #380
Browse files Browse the repository at this point in the history 
Reapplying some bug fixes that were implemented for properly evaluating `FirewallGroup` and accidentally removed in a later commit
  • Loading branch information
@bk-cs
bk-cs committed May 21, 2024
1 parent e27f3c7 commit 436359c
Showing 1 changed file with 63 additions and 48 deletions.
111 changes: 63 additions & 48 deletions public/psf-config.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,46 +252,56 @@ https://github.com/crowdstrike/psfalcon/wiki/Import-FalconConfig
}
function Compare-ImportData ([string]$Item) {
if ($Config.$Item.Cid) {
# Determine if platform is defined for item
$Platform = @{}
$Property = @('platform','platform_name').foreach{ if ($Config.$Item.Cid.$_) { $_ } }
@($Config.$Item.Cid.$Property | Select-Object -Unique).foreach{ $Platform[$_] = @{} }
@('platform','platform_name').foreach{
if ($Config.$Item.Cid.$_) {
@($Config.$Item.Cid.$_ | Select-Object -Unique).foreach{ $Platform[$_] = @{} }
}
}
if ($Platform.Count -gt 0) {
foreach ($Key in $Platform.Keys) {
# Define properties for comparison between imported and existing items (by platform)
@('Cid','Import').foreach{
$Platform.$Key[$_] = @($Config.$Item.$_).Where({ $_.$Property -eq $Key })
$Platform.$Key[$_] = @($Config.$Item.$_).Where({
$_.platform -eq $Key -or $_.platform_name -eq $Key
})
}
[string[]]$Available = ($Platform.$Key.Cid | Get-Member -MemberType NoteProperty |
Select-Object -Unique).Name
[string[]]$Compare = @('name','type','value').Where({ $Available -contains $_ })
Write-Log 'Import-FalconConfig' "Evaluating $Key $Item using '$($Compare -join ',')'"
$FilterScript = [scriptblock]::Create((@($Compare).foreach{ "`$_.$_ -eq `$i.$_" }) -join ' -and ')
foreach ($i in $Platform.$Key.Import) {
if (!@($Platform.$Key.Cid).Where({ $FilterScript })) {
# Capture import that doesn't exist
Write-Log 'Import-FalconConfig' "Selecting '$(
if ($i.value) {
if ($i.type) { $i.type,$i.value -join ':' } else { $i.value }
} elseif ($i.precedence -and $Item -eq 'FileVantageRule') {
$i.precedence
} else {
$i.name
}
)' for import"
$i
} elseif (@($Platform.$Key.Cid).Where({ $FilterScript }) -and $ModifyExisting -contains $Item) {
# Capture modification when 'ModifyExisting' is defined
$FilterScript = [scriptblock]::Create(
(@($Compare).foreach{ "`$Platform.`$Key.Cid.$_ -notcontains `$_.$_" }) -join ' -and '
)
@($Platform.$Key.Import | Where-Object -FilterScript $FilterScript).foreach{
# Capture items for import (by platform)
Write-Log 'Import-FalconConfig' "Selecting '$(
if ($_.value) {
if ($_.type) { $_.type,$_.value -join ':' } else { $_.value }
} elseif ($_.precedence -and $Item -eq 'FileVantageRule') {
$_.precedence
} else {
$_.name
}
)' for import"
$_
}
if ($ModifyExisting -contains $Item) {
# Capture (non-policy) items to modify
$FilterScript = [scriptblock]::Create(
(@($Compare).foreach{ "`$Platform.`$Key.Cid.$_ -eq `$_.$_" }) -join ' -and '
)
@($Platform.$Key.Import | Where-Object -FilterScript $FilterScript).foreach{
Write-Log 'Import-FalconConfig' "Selecting '$(
if ($i.value) {
if ($i.type) { $i.type,$i.value -join ':' } else { $i.value }
} elseif ($i.precedence -and $Item -eq 'FileVantageRule') {
$i.precedence
if ($_.value) {
if ($_.type) { $_.type,$_.value -join ':' } else { $_.value }
} elseif ($_.precedence -and $Item -eq 'FileVantageRule') {
$_.precedence
} else {
$i.name
$_.name
}
)' for modification"
$Config.$Item.Modify.Add($i)
$Config.$Item.Modify.Add($_)
}
}
}
Expand All @@ -301,32 +311,37 @@ https://github.com/crowdstrike/psfalcon/wiki/Import-FalconConfig
Select-Object -Unique).Name
[string[]]$Compare = @('name','type','value').Where({ $Available -contains $_ })
Write-Log 'Import-FalconConfig' "Evaluating $Item using '$($Compare -join ',')'"
$FilterScript = [scriptblock]::Create((@($Compare).foreach{ "`$_.$_ -eq `$i.$_" }) -join ' -and ')
foreach ($i in $Config.$Item.Import) {
if (!@($Config.$Item.Cid).Where({ $FilterScript })) {
# Capture import that doesn't exist
Write-Log 'Import-FalconConfig' "Selecting '$(
if ($i.value) {
if ($i.type) { $i.type,$i.value -join ':' } else { $i.value }
} elseif ($i.precedence -and $Item -eq 'FileVantageRule') {
$i.precedence
} else {
$i.name
}
)' for import"
$i
} elseif (@($Config.$Item.Cid).Where({ $FilterScript }) -and $ModifyExisting -contains $Item) {
# Capture modification when 'ModifyExisting' is defined
$FilterScript = [scriptblock]::Create(
(@($Compare).foreach{ "`$Config.$Item.Cid.$_ -notcontains `$_.$_" }) -join ' -and '
)
@($Config.$Item.Import | Where-Object -FilterScript $FilterScript).foreach{
# Capture items for import
Write-Log 'Import-FalconConfig' "Selecting '$(
if ($_.value) {
if ($_.type) { $_.type,$_.value -join ':' } else { $_.value }
} elseif ($_.precedence -and $Item -eq 'FileVantageRule') {
$_.precedence
} else {
$_.name
}
)' for import"
$_
}
if ($ModifyExisting -contains $Item) {
# Capture (non-policy) items to modify
$FilterScript = [scriptblock]::Create((@($Compare).foreach{
"`$Config.$Item.Cid.$_ -eq `$_.$_" }) -join ' -and ')
@($Config.$Item.Import | Where-Object -FilterScript $FilterScript).foreach{
Write-Log 'Import-FalconConfig' "Selecting '$(
if ($i.value) {
if ($i.type) { $i.type,$i.value -join ':' } else { $i.value }
} elseif ($i.precedence -and $Item -eq 'FileVantageRule') {
$i.precedence
if ($_.value) {
if ($_.type) { $_.type,$_.value -join ':' } else { $_.value }
} elseif ($_.precedence -and $Item -eq 'FileVantageRule') {
$_.precedence
} else {
$i.name
$_.name
}
)' for modification"
$Config.$Item.Modify.Add($i)
$Config.$Item.Modify.Add($_)
}
}
}
Expand Down

0 comments on commit 436359c

Please sign in to comment.