posh-git icon indicating copy to clipboard operation
posh-git copied to clipboard

Published 20 hours ago verified publisher icon dahlbyk

Antivirus flags AnsiUtils.ps1 for "reflective code loading"

Open rdnlsmith opened this issue 1 year ago • 0 comments

System Details

  • posh-git version/path: 1.1.0 (and older)
  • PowerShell version: 7.2.6
  • Git version: 2.37.2.windows.2
  • Operating system name and version: Windows 10 Pro 19044.2006

Issue Description

Certain (perhaps overzealous) antivirus software flags the line

[Reflection.Assembly]::LoadWithPartialName('System.Drawing') > $null

as malicious, because "reflective code loading" can be used to execute a payload while avoiding some forms of malware detection.

I was able to work around this for myself by removing this line and replacing references to the $ColorType and $ColorTranslator variables with [System.Drawing.Color] and [System.Drawing.ColorTranslator]. See commit ed72492 in my fork. However, this solution fails 18 tests with messages like Unable to find type [System.Drawing.Color], presumably because the System.Drawing assembly is not part of .NET Core/5/6 except via NuGet packages.

It would be nice to get something like this upstreamed, so that I can install future updates without having to modify them. I am not sure whether it is possible (or desirable) to have a NuGet dependency that would allow this to work, or whether there might be another solution that would work better.

rdnlsmith avatar Oct 14 '22 18:10 rdnlsmith