· 5 years ago · Jan 29, 2021, 03:02 AM
1// C:\Users\XXXX\AppData\Local\Microsoft\Windows\Safety\shell\remote\script_278398892972832244028726085828040635216.rel.v2
2
3'use strict';
4class TimeSpan {
5 constructor(ticks) {
6 this.value = ticks;
7 }
8 ticks() {
9 return this.value;
10 }
11 milliseconds() {
12 return this.ticks() / 10000;
13 }
14 static fromTicks(t) {
15 return new TimeSpan(t);
16 }
17 static fromMilliseconds(t) {
18 return TimeSpan.fromTicks(t * 10000);
19 }
20 static fromSeconds(t) {
21 return TimeSpan.fromMilliseconds(t * 1000);
22 }
23 static fromMinutes(t) {
24 return TimeSpan.fromSeconds(t * 60);
25 }
26 static fromHours(t) {
27 return TimeSpan.fromMinutes(t * 60);
28 }
29}
30var $;
31(function ($) {
32 function createObject(k, v) {
33 const x = {};
34 x[k] = v;
35 return x;
36 }
37 $.createObject = createObject;
38 function each(x, f) {
39 if (x instanceof Array) {
40 for (let i = 0; i < x.length; ++i) {
41 if (f(x[i]) === false) {
42 return false;
43 }
44 }
45 }
46 else {
47 for (let field in x) {
48 if (x.hasOwnProperty(field)) {
49 if (f(field, x[field]) === false) {
50 return false;
51 }
52 }
53 }
54 }
55 return true;
56 }
57 $.each = each;
58 function any(obj, f) {
59 return !(each(obj, (k, v) => !f(k, v)));
60 }
61 $.any = any;
62 function collect(arr, f) {
63 return arr.map(f).reduce((result, y) => result.concat(y), []);
64 }
65 $.collect = collect;
66 function map(arr, f) {
67 return arr.map(f);
68 }
69 $.map = map;
70 function choose(arr, f) {
71 return collect(arr, (x) => {
72 const y = f(x);
73 if (y != null) {
74 return [y];
75 }
76 else {
77 return [];
78 }
79 });
80 }
81 $.choose = choose;
82 // Convert Array<Promise<T>> to Promise<Array<T>>.
83 function sequence(arr) {
84 function sequence(i, result) {
85 return (i < arr.length) ?
86 arr[i].then(x => sequence(i + 1, result.concat([x]))) :
87 Promise.resolve(result);
88 }
89 return sequence(0, []);
90 }
91 $.sequence = sequence;
92 // Combine the fields of two or more objects.
93 function extend(dest, ...extensions) {
94 for (let i = 0; i < extensions.length; ++i) {
95 each(extensions[i], (k, v) => {
96 dest[k] = v;
97 return true;
98 });
99 }
100 return dest;
101 }
102 $.extend = extend;
103 // Safely access nested properties. Returns default if they don't exist.
104 function get(object, property, defaultValue) {
105 return property.split('.').reduce((r, i) => (r == null) ? r : r[i], object)
106 || defaultValue;
107 }
108 $.get = get;
109 function serviceUriForGeoId(geoId) {
110 switch ((geoId || "").toLowerCase()) {
111 case "us": return "https://unitedstates.smartscreen.microsoft.com";
112 case "uk": return "https://unitedkingdom.smartscreen.microsoft.com";
113 case "eu": return "https://europe.smartscreen.microsoft.com";
114 case "ffl4": return "https://unitedstates1.ss.wd.microsoft.us"; // GCC-High
115 case "ffl4mod": return "https://unitedstates4.ss.wd.microsoft.us"; // GCC-Mod, aka GCC
116 //case "ffl5": return "https://unitedstates2.ss.wd.microsoft.us"; // DoD, service is not ready
117 default: return null;
118 }
119 }
120 $.serviceUriForGeoId = serviceUriForGeoId;
121})($ || ($ = {}));
122var Base64;
123(function (Base64) {
124 const key = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
125 function decodeToString(input) {
126 // Check if valid base64 string
127 if (!input.match(/(^$)|(^([A-Za-z0-9+\/]{4})*([A-Za-z0-9+\/]{4}|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{2}==))$/g)) {
128 throw `decodeToString: Invalid base64 string.`;
129 }
130 var bytes = new Uint8Array(input.length * 0.75);
131 let enc1, enc2, enc3, enc4;
132 let base64Index = 0, byteIndex = 0;
133 while (base64Index < input.length) {
134 // Process 4 characters at a time. Map to the 6-bit key value.
135 enc1 = key.indexOf(input[base64Index++]);
136 enc2 = key.indexOf(input[base64Index++]);
137 enc3 = key.indexOf(input[base64Index++]);
138 enc4 = key.indexOf(input[base64Index++]);
139 // Transform 6-bit to 8-bit
140 // eg. Converts 111111-000000-111111-000000 => 11111100-00001111-11000000
141 bytes[byteIndex++] += ((enc1 << 2) | (enc2 >> 4));
142 if (enc3 != 64) {
143 bytes[byteIndex++] += (((enc2 & 15) << 4) | (enc3 >> 2));
144 }
145 if (enc4 != 64) {
146 bytes[byteIndex++] += (((enc3 & 3) << 6) | enc4);
147 }
148 }
149 return utf8ToString(bytes);
150 }
151 Base64.decodeToString = decodeToString;
152 // Decode UTF-8 to javascript string
153 function utf8ToString(bytes) {
154 var result = "";
155 let i = 0;
156 let c1 = 0, c2 = 0, c3 = 0, c4 = 0;
157 while (i < bytes.length) {
158 c1 = bytes[i++];
159 // Code Points 0x80 and above are pushed to binary and encoded as bytes.
160 if (c1 > 127) {
161 if ((c1 > 191) && (c1 < 224)) {
162 if (i >= bytes.length) {
163 throw 'utf8ToString: Invalid 2-byte sequence.';
164 }
165 c2 = bytes[i++];
166 c1 = ((c1 & 31) << 6) | (c2 & 63);
167 }
168 else if (c1 > 223 && c1 < 240) {
169 if (i + 1 >= bytes.length) {
170 throw 'utf8ToString: Invalid 3-byte sequence.';
171 }
172 c2 = bytes[i++];
173 c3 = bytes[i++];
174 c1 = ((c1 & 15) << 12) | ((c2 & 63) << 6) | (c3 & 63);
175 }
176 else if (c1 > 239 && c1 < 248) {
177 if (i + 2 >= bytes.length) {
178 throw 'utf8ToString: Invalid 4-byte sequence.';
179 }
180 c2 = bytes[i++];
181 c3 = bytes[i++];
182 c4 = bytes[i++];
183 c1 = (c1 & 7) << 18 | (c2 & 63) << 12 | (c3 & 63) << 6 | c4 & 63;
184 }
185 else {
186 throw 'utf8ToString: Unknown multibyte sequence';
187 }
188 }
189 if (c1 <= 0xffff) {
190 result += String.fromCharCode(c1);
191 }
192 else if (c1 <= 0x10ffff) {
193 c1 -= 0x10000;
194 result += String.fromCharCode(c1 >> 10 | 0xd800);
195 result += String.fromCharCode(c1 & 0x3FF | 0xdc00);
196 }
197 else {
198 throw 'utf8ToString: Largest UTF8 Code point reached.';
199 }
200 }
201 return result;
202 }
203})(Base64 || (Base64 = {}));
204class LoggingChannel {
205 constructor(project) {
206 project("Windows.Foundation.Diagnostics");
207 this.loggingChannel = new Windows.Foundation.Diagnostics.LoggingChannel("Microsoft.Windows.SmartScreen", new Windows.Foundation.Diagnostics.LoggingChannelOptions("4f50731a-89cf-4782-b3e0-dce8c90476ba"), "39bd9805-3945-4878-aecc-096a23369f68");
208 }
209 logException(exception, context) {
210 let fields = new Windows.Foundation.Diagnostics.LoggingFields();
211 fields.addString("name", $.get(exception, "name", ""));
212 fields.addString("message", $.get(exception, "message", ""));
213 fields.addString("stack", $.get(exception, "stack", ""));
214 fields.addString("context", context ? context : "");
215 this.loggingChannel.logEvent("Exception", fields, Windows.Foundation.Diagnostics.LoggingLevel.Error, new Windows.Foundation.Diagnostics.LoggingOptions(0x400000000000));
216 }
217 logInfo(event) {
218 this.loggingChannel.logEvent(event.name, event.fields, Windows.Foundation.Diagnostics.LoggingLevel.Information, new Windows.Foundation.Diagnostics.LoggingOptions(0x400000000000));
219 }
220}
221class ApiBase {
222 constructor(project, defaultSamplingRate = 0.01, errorSamplingRate = 1.0) {
223 this.defaultSamplingRate = defaultSamplingRate;
224 this.errorSamplingRate = errorSamplingRate;
225 this.loggingChannel = new LoggingChannel(project);
226 }
227 sendRequestTimeout(uri) {
228 return null;
229 }
230 shouldSendRequest(uri, request) {
231 return true;
232 }
233 transformRequest(uri, request) {
234 function trimStrings(val, length) {
235 if (!val) {
236 return val;
237 }
238 switch (typeof val) {
239 case "object":
240 var newObj = {};
241 if (val.constructor === Array) {
242 newObj = $.map(val, (e) => trimStrings(e, length));
243 }
244 else {
245 $.each(val, (elem, x) => {
246 newObj[elem] = trimStrings(x, length);
247 });
248 }
249 return newObj;
250 case "string":
251 return val.length > length ? val.slice(0, length - 3) + "..." : val;
252 default:
253 return val;
254 }
255 }
256 const maxStringLength = 5000;
257 if (request.body) {
258 request.body = trimStrings(request.body, maxStringLength);
259 }
260 // Remove SID if it is being sent. The service was already dropping this field.
261 if ($.get(request, "body.identity.caller.process.owner")) {
262 delete request.body.identity.caller.process.owner;
263 }
264 // Remove TPM Device ID if it is being sent. The service was already dropping this field
265 if ($.get(request, "body.identity.device.id")) {
266 delete request.body.identity.device.id;
267 }
268 // Change Full file path to file name
269 if ($.get(request, "body.path.fileName")) {
270 var split = request.body.path.fileName.split("\\");
271 request.body.path.fileName = split.pop();
272 }
273 return request;
274 }
275 transformResponse(uri, request, response) {
276 return response;
277 }
278 logSendRequest(uri, request, response) {
279 }
280 getSamplingRates(events) {
281 return events.reduce((samplingRates, event) => {
282 const rate = this.getSamplingRate(event, events);
283 if (rate === null) {
284 switch (event.$type) {
285 case "error": return $.extend(samplingRates, { error: this.errorSamplingRate });
286 default: return $.extend(samplingRates, { none: this.defaultSamplingRate });
287 }
288 }
289 else if (rate === 0) {
290 return samplingRates;
291 }
292 else {
293 return $.extend(samplingRates, rate);
294 }
295 }, {});
296 }
297 // Retrieve an event object containing information about of a `Windows.Foundation.Diagnostics.LoggingChannel` event if an event should be sent to a diagnostic service (such as Asimov)
298 // or `null` if the event should not be sent.
299 getDiagnosticEvent(event, data) {
300 return null;
301 }
302 logFilterEvents(events, data) {
303 $.each($.choose(events, (event) => this.getDiagnosticEvent(event, data)), x => this.loggingChannel.logInfo(x));
304 }
305 transformFinalizedEvent(event) {
306 return [event];
307 }
308 getPreFinalizedSamplingRate(event) {
309 return null;
310 }
311 serviceUriForGeoId(geoId) {
312 return $.serviceUriForGeoId(geoId);
313 }
314 scriptHostTimeout() {
315 return TimeSpan.fromSeconds(5).ticks();
316 }
317 sendRequest(uri, request, sendRequest) {
318 if (this.shouldSendRequest(uri, request)) {
319 const transformedRequest = this.transformRequest(uri, request);
320 const result = Promise.race([
321 sendRequest(uri, transformedRequest),
322 new Promise((resolve, reject) => {
323 const timeout = this.sendRequestTimeout(uri);
324 if (timeout != null) {
325 setTimeout(() => { resolve({ headers: [], body: null, statusCode: 504 }); }, timeout.milliseconds());
326 }
327 })
328 ])
329 .then(x => this.transformResponse(uri, transformedRequest, x));
330 result.then(x => this.logSendRequest(uri, transformedRequest, x))
331 .catch((e) => this.loggingChannel.logException(e));
332 return result;
333 }
334 else {
335 return Promise.resolve({
336 headers: [],
337 body: null,
338 statusCode: 429
339 });
340 }
341 }
342 filterEvents(events, getDeferredData, random, data) {
343 return new Promise(resolve => {
344 function finalizeDeferredEvent(event) {
345 if (event.hasOwnProperty('$id')) {
346 return getDeferredData(event['$id'])
347 .then(x => $.extend(event, x))
348 .catch(e => $.extend(event, { "$error": e.message }))
349 .then(event => delete event.$id ? event : event); // ajaxmin bug: ".then({ delete event.$id; return event; })" is minified to ".then(n=>delete n$.id,n)" instead of ".then((n=>delete n.$id,n))."
350 }
351 else {
352 return Promise.resolve(event);
353 }
354 }
355 // Collect and upload diagnostic events.
356 this.logFilterEvents(events, data);
357 const eventsToPreSample = events.reduce((samplingRates, event) => {
358 const rate = this.getPreFinalizedSamplingRate(event);
359 if (rate != null) {
360 return $.extend(samplingRates, rate);
361 }
362 else {
363 return samplingRates;
364 }
365 }, {});
366 return resolve($.sequence(events.map(event => {
367 if (eventsToPreSample[event.$type] != null && random <= eventsToPreSample[event.$type]) {
368 return finalizeDeferredEvent(event).then(x => this.transformFinalizedEvent(x));
369 }
370 else {
371 return Promise.resolve(event);
372 }
373 }))
374 .then(events => $.collect(events, x => x))
375 .then(events => {
376 const samplingRates = this.getSamplingRates(events);
377 if ($.any(samplingRates, (k, samplingRate) => random <= samplingRate)) {
378 return $.sequence($.map(events, x => finalizeDeferredEvent(x)))
379 .then(events => $.collect(events, (event) => {
380 try {
381 return this.transformFinalizedEvent(event);
382 }
383 catch (e) {
384 return $.extend(event, { "$error": e.message });
385 }
386 }))
387 .then(events => ({
388 events: events,
389 samplingRates: samplingRates,
390 random: random
391 }));
392 }
393 else {
394 return Promise.resolve(null);
395 }
396 }));
397 });
398 }
399}
400//# sourceMappingURL=script-original.rs2.js.map//// Defines callbacks for shell scenarios
401/// <reference path="../../../Shared/v2/Original/script-original.rs2.ts" />
402var V1;
403(function (V1) {
404 class Api extends ApiBase {
405 constructor(project) {
406 super(project, 0.001);
407 }
408 serviceUri(geoId) {
409 return super.serviceUriForGeoId(geoId) || "https://checkappexec.microsoft.com";
410 }
411 sendRequestTimeout(uri) {
412 return (uri.indexOf("service") != -1) ?
413 TimeSpan.fromSeconds(5) :
414 null;
415 }
416 getSamplingRate(event) {
417 switch (event.$type) {
418 case "block": return { block: 1.0 };
419 case "userAction": return { userAction: 1.0 };
420 case "offline": return { offline: 1.0 };
421 case "unsupported": return { unsupported: 0.01 };
422 case "onAllowedZoneCheck":
423 if (this.isFileSupported(event['name'])) {
424 return { onAllowedZoneCheck: 0.0005 };
425 }
426 else {
427 return 0;
428 }
429 default: return null;
430 }
431 }
432 getDiagnosticEvent(event, data) {
433 let fields = new Windows.Foundation.Diagnostics.LoggingFields();
434 fields.addString("CorrelationId", $.get(data, "correlationId", "")); // CorrelationId will only be available for RS3.
435 switch (event.$type) {
436 case "userAction":
437 fields.addString("Action", event['action']);
438 return { name: "AppRepUserAction", fields: fields };
439 case "offline": return { name: "AppRepOfflineExperience", fields: fields };
440 default: return null;
441 }
442 }
443 logFilterEvents(events, data) { }
444 isFileSupported(filePath, fileSize) {
445 switch (filePath.substr(filePath.lastIndexOf(".") + 1).toLowerCase()) {
446 case 'appref-ms':
447 case 'appx':
448 case 'appxbundle':
449 case 'bat':
450 case 'chm':
451 case 'cmd':
452 case 'com':
453 case 'cpl':
454 case 'dll':
455 case 'drv':
456 case 'exe':
457 case 'gadget':
458 case 'hta':
459 case 'iso':
460 case 'js':
461 case 'jse':
462 case 'lnk':
463 case 'msc':
464 case 'msi':
465 case 'msp':
466 case 'msu':
467 case 'ocx':
468 case 'pif':
469 case 'ppkg':
470 case 'printerexport':
471 case 'ps1':
472 case 'scf':
473 case 'scr':
474 case 'settingcontent-ms':
475 case 'sys':
476 case 'url':
477 case 'vb':
478 case 'vbe':
479 case 'vbs':
480 case 'vhd':
481 case 'vhdx':
482 case 'vxd':
483 case 'website':
484 case 'wsf':
485 return true;
486 default:
487 return false;
488 }
489 }
490 }
491 V1.Api = Api;
492})(V1 || (V1 = {}));
493//# sourceMappingURL=shell-original.rs2.js.map//// Defines callbacks for shell scenarios
494/// <reference path="../../../Shared/v2/Original/script-original.rs2.ts" />
495/// <reference path="shell-original.rs2.ts" />
496var V2;
497(function (V2) {
498 class Api extends V1.Api {
499 constructor(project) {
500 super(project);
501 }
502 logFilterEvents(events, data) {
503 $.each(events, x => {
504 if (x.$type == "userAction") {
505 windows.smartScreen.events.logDecision(x['action'], ""); // remove correlationId for ISO compliance
506 }
507 });
508 }
509 logSendRequest(uri, request, response) {
510 if ((uri.toLowerCase().indexOf("beforeexecute") != -1) && response && response.body) {
511 var responseBody = this.parseResponseBody(response);
512 if (responseBody.$type === "block") {
513 windows.smartScreen.events.logAppLookup(request.body.path.fileName, $.get(request, "body.hash", ""), $.get(request, "body.authenticode.hash", ""), $.get(request, "body.authenticode.hashAlgo", ""), request.body.motw ? JSON.stringify(request.body.motw) : "", $.get(request, "body.identity.caller.process.id", 0), $.get(request, "body.identity.caller.process.creationTime", 0), $.get(request, "body.identity.caller.process.owner", ""), "", // remove correlationId for ISO compliance
514 $.get(request, "body.config.device.appReputation.level", "") + ($.get(request, "body.config.device.appReputation.enforcedByPolicy", false) ? "ByPolicy" : ""), $.get(responseBody, "responseCategory", ""));
515 }
516 }
517 }
518 isFileSupported(filePath, fileSize) {
519 switch (filePath.substr(filePath.lastIndexOf(".") + 1).toLowerCase()) {
520 case 'appx':
521 case 'appxbundle':
522 return false;
523 default:
524 return super.isFileSupported(filePath, fileSize);
525 }
526 }
527 sendRequest(uri, request, sendRequest) {
528 return super.sendRequest(uri, request, sendRequest);
529 }
530 parseResponseBody(response) {
531 return JSON.parse(Base64.decodeToString(response.body));
532 }
533 }
534 V2.Api = Api;
535})(V2 || (V2 = {}));
536var V3;
537(function (V3) {
538 class Api extends V2.Api {
539 constructor(project) {
540 super(project);
541 project("Windows.Services.Store");
542 }
543 sendRequest(uri, request, sendRequest) {
544 if (uri.toLowerCase().indexOf("beforeexecute") != -1) {
545 return super.sendRequest(uri, request, (uri, request) => {
546 const allowResponse = {
547 headers: [],
548 body: { $type: "unsupported" },
549 statusCode: 200
550 };
551 let wait;
552 const cancelationToken = new Promise((resolve, reject) => {
553 wait = setTimeout(() => resolve(allowResponse), 3000); // cancel after 3 sec
554 });
555 const recommendationRequest = (() => {
556 try {
557 return ($.get(request, "body.config.device.appControl.level", "") != "anywhere") ?
558 (Windows.Services.Store.StoreRequestHelper.sendRequestAsync(Windows.Services.Store.StoreContext.getDefault(), 23, // Lookup recommendation.
559 JSON.stringify({ data: JSON.stringify(request.body) }))
560 .then((result) => {
561 return ((result.httpStatusCode == Windows.Web.Http.HttpStatusCode.ok) && result.response) ? {
562 headers: [],
563 body: { $type: "recommend", arguments: result.response },
564 statusCode: 200
565 } :
566 allowResponse;
567 })) :
568 Promise.resolve(allowResponse);
569 }
570 catch (e) {
571 return Promise.reject(e);
572 }
573 })();
574 const timedRecommendationRequest = Promise
575 .race([cancelationToken, recommendationRequest])
576 .then((result) => {
577 clearTimeout(wait);
578 return result;
579 }, (error) => {
580 clearTimeout(wait);
581 return error;
582 }); // finally not supported
583 const reputationRequest = ($.get(request, "body.config.device.appReputation.level", "") != "off") ?
584 sendRequest(uri, request) :
585 Promise.resolve(allowResponse);
586 return reputationRequest
587 .then((reputationResponse) => {
588 if ((reputationResponse.statusCode != 200) || (reputationResponse.body.$type == "block")) {
589 return reputationRequest;
590 }
591 else {
592 return timedRecommendationRequest
593 .then((recommendationResponse) => {
594 if (recommendationResponse.body.$type == "recommend") {
595 return timedRecommendationRequest;
596 }
597 else {
598 return reputationRequest;
599 }
600 });
601 }
602 })
603 .then(null, _ => reputationRequest);
604 });
605 }
606 else {
607 return super.sendRequest(uri, request, sendRequest);
608 }
609 }
610 //! Display the recommendation UX.
611 displayRecommendation(recommendation, storeContext) {
612 return Windows.Services.Store.StoreRequestHelper.sendRequestAsync(storeContext, 24, // Display UX.
613 recommendation)
614 .then((result) => {
615 const status = result.response ? JSON.parse(result.response).status : null;
616 return (status && (status != "success")) ?
617 "cancel" :
618 "runonce";
619 });
620 }
621 parseResponseBody(response) {
622 return response.body;
623 }
624 }
625 V3.Api = Api;
626})(V3 || (V3 = {}));
627//# sourceMappingURL=shell-original.rs3.js.map