String resource

microsoft · Oct 14, 2024 · 5ed92b6 · 5ed92b6
1 parent 0ac0ab4
commit 5ed92b6
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 8 deletions.
diff --git a/src/AppInstallerCLICore/Resources.h b/src/AppInstallerCLICore/Resources.h
@@ -683,6 +683,8 @@ namespace AppInstaller::CLI::Resource
         WINGET_DEFINE_RESOURCE_STRINGID(UpgradeRequireExplicitCount);
         WINGET_DEFINE_RESOURCE_STRINGID(UpgradeUnknownVersionCount);
         WINGET_DEFINE_RESOURCE_STRINGID(UpgradeUnknownVersionExplanation);
+        WINGET_DEFINE_RESOURCE_STRINGID(UriBlockedBySmartScreen);
+        WINGET_DEFINE_RESOURCE_STRINGID(UriZoneBlockedByPolicy);
         WINGET_DEFINE_RESOURCE_STRINGID(UriNotWellFormed);
         WINGET_DEFINE_RESOURCE_STRINGID(UriSchemeNotSupported);
         WINGET_DEFINE_RESOURCE_STRINGID(Usage);

diff --git a/src/AppInstallerCLICore/Workflows/SmartScreenFlow.cpp b/src/AppInstallerCLICore/Workflows/SmartScreenFlow.cpp
@@ -7,20 +7,22 @@
 
 namespace AppInstaller::CLI::Workflow
 {
+    // Check if smart screen is required for a given zone.
     bool IsSmartScreenRequired(Settings::SecurityZoneOptions zone)
     {
         return zone == Settings::SecurityZoneOptions::Internet
             || zone == Settings::SecurityZoneOptions::UntrustedSites;
     }
 
-    // Validate smart screen for a given url.
-    bool IsBlockedBySmartScreen(Execution::Context& context, const std::string& url)
+    // Check if the given uri is blocked by smart screen.
+    bool IsBlockedBySmartScreen(Execution::Context& context, const std::string& uri)
     {
-        auto response = AppInstaller::UriValidation::ValidateUri(url);
+        auto response = AppInstaller::UriValidation::ValidateUri(uri);
         switch (response.Decision())
         {
         case AppInstaller::UriValidation::UriValidationDecision::Block:
-            context.Reporter.Error() << std::endl << "Blocked by smart screen" << std::endl << "Feedback: " << response.Feedback() << std::endl;
+            AICLI_LOG(Config, Error, << "URI '" << uri << "' was blocked by smart screen. Feedback URL: " << response.Feedback());
+            context.Reporter.Error() << Resource::String::UriBlockedBySmartScreen << std::endl;
             return true;
         case AppInstaller::UriValidation::UriValidationDecision::Allow:
         default:
@@ -33,7 +35,13 @@ namespace AppInstaller::CLI::Workflow
     {
         DWORD dwZone;
         auto pInternetSecurityManager = winrt::create_instance<IInternetSecurityManager>(CLSID_InternetSecurityManager, CLSCTX_ALL);
-        pInternetSecurityManager->MapUrlToZone(AppInstaller::Utility::ConvertToUTF16(uri).c_str(), &dwZone, 0);
+        auto mapResult = pInternetSecurityManager->MapUrlToZone(AppInstaller::Utility::ConvertToUTF16(uri).c_str(), &dwZone, 0);
+
+        // Treat invalid uri argument as local machine
+        if (mapResult == E_INVALIDARG)
+        {
+            return Settings::SecurityZoneOptions::LocalMachine;
+        }
 
         // Treat all zones higher than untrusted as untrusted
         if (dwZone > static_cast<DWORD>(Settings::SecurityZoneOptions::UntrustedSites))
@@ -63,14 +71,15 @@ namespace AppInstaller::CLI::Workflow
         auto isAllowed = configurationPolicies->at(zone);
         if(!isAllowed)
         {
-            context.Reporter.Error() << "Configuration is disabled for Zone: " << zone << std::endl;
+            context.Reporter.Error() << Resource::String::UriZoneBlockedByPolicy << std::endl;
             return true;
         }
 
         AICLI_LOG(Config, Info, << "Configuration is configured in zone " << zone << " with value " << (isAllowed ? "allowed" : "blocked"));
         return false;
     }
 
+    // Evaluate the given uri for group policy and smart screen.
     HRESULT EvaluateUri(Execution::Context& context, const std::string& uri)
     {
         auto zone = GetUriZone(uri);
@@ -87,6 +96,7 @@ namespace AppInstaller::CLI::Workflow
         return S_OK;
     }
 
+    // Evaluate the configuration uri for group policy and smart screen.
     HRESULT EvaluateConfigurationUri(Execution::Context& context)
     {
         std::string argPath{ context.Args.GetArg(Execution::Args::Type::ConfigurationFile) };
@@ -101,20 +111,22 @@ namespace AppInstaller::CLI::Workflow
         return S_OK;
     }
 
+    // Evaluate the download uri for group policy and smart screen.
     HRESULT EvaluateDownloadUri(Execution::Context& context)
     {
         const auto packageVersion = context.Get<Execution::Data::PackageVersion>();
         const auto source = packageVersion->GetSource();
         const auto isTrusted = WI_IsFlagSet(source.GetDetails().TrustLevel, Repository::SourceTrustLevel::Trusted);
         if (!isTrusted)
         {
-            const auto installer = context.Get<Execution::Data::Installer>();
+            auto installer = context.Get<Execution::Data::Installer>();
             return EvaluateUri(context, installer->Url);
         }
 
         return S_OK;
     }
 
+    // Execute the smart screen flow.
     void ExecuteSmartScreen::operator()(Execution::Context& context) const
     {
         if (m_isConfigurationFlow)

diff --git a/src/AppInstallerCLIPackage/Shared/Strings/en-us/winget.resw b/src/AppInstallerCLIPackage/Shared/Strings/en-us/winget.resw
@@ -2685,6 +2685,14 @@ Please specify one of them using the --source option to proceed.</value>
     <value>Uri not well formed: {0}</value>
     <comment>{Locked="{0}"} Error message displayed when the provided uri is not well formed. {0} is a placeholder replaced by the provided uri.</comment>
   </data>
+  <data name="UriBlockedBySmartScreen" xml:space="preserve">
+    <value>This operation was blocked as unsafe by Microsoft Defender SmartScreen.</value>
+    <comment>Error message displayed when an operation is using a URI that was blocked by Microsoft Defender SmartScreen.</comment>
+  </data>
+  <data name="UriZoneBlockedByPolicy" xml:space="preserve">
+    <value>The operation you are attempting to apply has been blocked by your administrator.></value>
+    <comment>Error message displayed when an operation is using a URI zone that was blocked by group policy.</comment>
+  </data>
   <data name="WinGetResourceUnitEmptyContent" xml:space="preserve">
     <value>Failed to parse {0} configuration unit settings content or settings content is empty.</value>
     <comment>{Locked="{0}"} {0} is a placeholder replaced by the input winget configure resource unit type.</comment>
@@ -3139,4 +3147,4 @@ Please specify one of them using the --source option to proceed.</value>
   <data name="InstallerZeroByteFile" xml:space="preserve">
     <value>Downloaded zero byte installer; ensure that your network connection is working properly.</value>
   </data>
-</root>
+</root>