Merge policies updates #527#530
Open
chlaplan wants to merge 9 commits into
Open
Conversation
• FolderHashScanForm.cs — New dialog for folder-based hash file scanning with browse, subfolder toggle, file checklist, and hash type selection Modified Files CustomRuleConditionsPanel.cs • Added hash mode panel with Single File, Multiple Files radio buttons and Folder Scan... button • "Folder Scan..." button directly opens FolderHashScanForm dialog • Multi-file and folder scan modes batch files into a single FolderScan-type rule using New-CIPolicy -ScanPath (instead of one PowerShell call per file) • Selected files are copied to a temp folder preserving subfolder structure from the source • Stores SourceFolderPath and HashTypesToKeep on the rule for downstream processing FolderHashScanForm.cs • Browse folder with optional Include subfolders checkbox • Scan Folder button enumerates files by common PE/script extensions • Select All / Deselect All for the file checklist • Hash type checkboxes: Hash SHA1, Hash SHA256, Hash Page SHA1, Hash Page SHA256, and All (toggle) • Exposes SelectedFiles, SelectedHashTypes, SourceFolderPath, IncludeSubfolders, AllFilesSelected • Dark mode support SigningRules_Control.cs • Added AddRuleToTableWithoutClosing() method to support batch rule insertion without closing the custom rules panel Policy.cs (PolicyCustomRules class) • Added HashTypesToKeep property (HashSet<string>) — hash types to retain when filtering generated policy XML • Added SourceFolderPath property (string) — original folder path for FriendlyName correction MainForm.cs • Added using System.Linq • FriendlyName fix: after scan, replaces temp folder path in each rule's FriendlyName with the original source folder path (preserving subfolders) • Hash type filtering: removes unwanted hash types (Hash SHA1, Hash Page SHA256, etc.) from generated policy based on user's checkbox selections • Progress bar improvements: • ProcessCustomValueRules(BackgroundWorker, SiPolicy) now reports incremental progress 0–25% per rule • ProcessSignerRules(BackgroundWorker, SiPolicy) shows "Processing rule X of Y ..." with accurate counts • FolderScan shows phased status: "Scanning folder: ...", "Scan complete. Applying hash type filters ...", "Filtered: kept X of Y hash rules.", "Merging scanned policy rules ..." • ProgressChanged handler respects custom UserState messages
This reverts commit 162dd88.
• Added -NoLogo -NonInteractive flags to PowerShell invocation to reduce startup overhead • Fixed potential deadlock: moved StandardOutput.ReadToEnd() and StandardError.ReadToEnd() before WaitForExit() to prevent buffer-full hang MainForm.cs • Fixed progress bar stalling at 25% during Folder Scan by reporting progress after skipping non-applicable rules • Added mid-scan progress report (~55%) before CreateScannedPolicyFromPS(PolicyCustomRules, string, string) so UI shows activity during long scans • Updated progress status text: "Scanning and processing rules (this may take a few minutes) ..." for the 25-80% range
518 update file scan UI process
This reverts commit e7f6333.
…cy GUID, and deduplicate rules (signers and file rules with identical content but different IDs). 2. Re-serialize.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
#527
This pull request adds robust post-processing to the policy merge workflow, ensuring that the resulting merged policy is cleaner and less error-prone. The main enhancement is a new deduplication step that removes duplicate rules and references across merged policies, and resets the policy GUID as a best practice. This helps prevent redundant or conflicting rules and keeps the policy consistent.
Policy merge post-processing improvements:
MergePolicies_MergeControlby deserializing the merged policy, applying deduplication, resetting the GUID, and serializing it back.Deduplication logic (in
PolicyHelper):DeduplicateRulesmethod, which removes duplicateSigners,FileRules(includingAllow,Deny,FileAttrib), andEKUsby comparing their content (excluding IDs). It also remaps references to point to surviving rules and drops duplicate references.FileRuleRef,AllowedSigner,DeniedSigner,CiSigner, etc., ensuring all references are unique after merging.System.Linq, required for deduplication logic.