PowerStig
PowerStig copied to clipboard
microsoft
ResourceID contains invalid characters
Describe the bug Generated ResourceID's contain '[' and ']' as in "[SecurityOption][V-63625][medium][WN10-SO-000025]::[WindowsClient]WindowsClientSettings".
This prevents use of dependencies for non PowerSTIG configuration. For example DSC MOF file generation will fail if the configuration contains this:
Script DoSomethingWithGuest {
GetScript = { @{ Result = (Get-LocalUser RenamedGuest).Description} }
TestScript = { (Get-LocalUser RenamedGuest).Description -eq 'Guests are not welcome here' }
SetScript = { Set-LocalUser RenamedGuest -Description 'Guests are not welcome here' }
DependsOn = "[SecurityOption][V-63625][medium][WN10-SO-000025]::[WindowsClient]WindowsClientSettings" #The PowerSTIG resource that renames the Guest account
}
running the configuration will result in this error:
Test-DependsOn : The format of the resource reference '[SecurityOption][V-63625][medium][WN10-SO-000025]::[WindowsClient]WindowsClientSettings' in the Requires list for resource '[Script]DoSomethingWithGuest' is not valid. A required resource name should be in the format '[<typename>]<name>', with alphanumeric characters, spaces, '_', '-', '.' and '\'.
To Reproduce
- Create a new configuration that includes the WindowsClient resource.
- Create a resource that has a dependency on any WindowsClient resource (such as in the example above).
- Execute the configuration
Expected behavior The configuration should generate a MOF file.
Additional context Admittedly this is a contrived example. I am building a handful of resources that set configuration that is not currently handled by PowerSTIG. For reporting consistency, I am naming the resources using the same format. However in a couple of cases, I am forced to replace or omit the invalid '[' and ']' characters.
If changing this format, it would be nice to prefix the resource ID to indicate that it is generated by PowerSTIG. Perhaps something like this? "PowerSTIG\$($Rule.Id)\$($Rule.severity)\$($Rule.title)"