-
Notifications
You must be signed in to change notification settings - Fork 7.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invoke-Restmethod broken by tab character after the header parameter variable #15943
Comments
I just tried to reproduce this, but haven't been able to so far: Can you provide a hex dump or file attachment that reproduces the error? I'm wondering if rather than a tab, it's registering as something more exotic in unicode... For the record, the tokenizer reads whitespace here: PowerShell/src/System.Management.Automation/engine/parser/tokenizer.cs Lines 5083 to 5087 in 7d53fbb
That method is implemented here. |
I recall there was also an issue with some versions of PSReadLine eating certain unicode characters under some circumstances. @JamesLear92 what version of the PSReadLine module are you currently using? |
Yeah, I also wonder if this could be a console/PSReadLine thing rather than a direct PowerShell issue |
The Tab is removed without PSRL too on Windows. |
@rjmholt I made sure to test what character is present when raising the issue as I also thought it might be an exotic character. But it's definitely [char]9. The issue doesn't occur when running the script, only when pasting it into PowerShell. But I've confirmed that the character is [char]9 when pasting it into PowerShell |
@vexx32 |
Issue is also present when using Windows Terminal 1.9.1942.0 |
/cc @DHowett |
Yeah, it works fine when loading a file with the tab character... must be something with the console host, or something along those lines? |
But I don't see the issue in cmd.exe (neither standalone or Windows Terminal). |
Ok, issue is certainly the interaction between the terminal and powershell. Because tab is used for completing in PowerShell/Cmd, the tab is consumed as an autocomplete request rather than a character.
You will almost certainly get the text "Get-ProcessTest" The issue exists also in Windows Terminal, except Ctrl+V is handled by the Terminal rather than Powershell, so the problem also occurs there. Glad we know what the problem is. Who fixes it? |
Thinking about this, this could be a huge security problem. It allows for strings to escape and execute. You can test and manufacture this exploit with the following:
It will generate a string in your clipboard which will start a new powershell process and close your current window (without you ever pressing enter). |
The user still has to manually paste that string, but yes arguably it's a bit odd that those characters are not interpreted as literal characters when pasting. |
@vexx32 Yeah it doesn't seem too bad, but you could have any number of tabs, tabbing to a completely different code. Going from a script you're happy to paste as plane text, to a malicious self executing string which doesn't even wait for you to see what's pasted and press enter. You're right though that it does need to be right clicked into a powershell window. |
@daxian-dbw would have the most context here to offer suggestions. However, I suspect this might be by design due to the architecture of right click to paste (and is why PSRL encourages Ctrl+V usage); I don't think there's a way for PSRL to distinguish a user-provided interactive Tab from one delivered by a right click, so they must both do the same thing.
Once you have access to the clipboard and the ability to paste something to an arbitrary window, you're already well beyond standard security boundaries. Windows Terminal does have a defense in depth feature to try to help here: But ultimately this is the clipboard version of the email attachment problem and there's only so much that can be done to prevent users from pulling the trigger on themselves. Anyway, further security discussion is best had through our security process. As I say, I think this is an issue of right-click-to-paste being indistinguishable from direct user input, so Tab is doing exactly what it's configured to in PSRL here. |
This issue has not had any activity in 6 months, if this is a bug please try to reproduce on the latest version of PowerShell and reopen a new issue and reference this issue if this is still a blocker for you. |
2 similar comments
This issue has not had any activity in 6 months, if this is a bug please try to reproduce on the latest version of PowerShell and reopen a new issue and reference this issue if this is still a blocker for you. |
This issue has not had any activity in 6 months, if this is a bug please try to reproduce on the latest version of PowerShell and reopen a new issue and reference this issue if this is still a blocker for you. |
This issue has been marked as "No Activity" as there has been no activity for 6 months. It has been closed for housekeeping purposes. |
Prerequisites
Steps to reproduce
The Invoke-Restmethod command fails to cast the header parameter to System.Collections.IDictionary if the following scenarios are true:
You are storing your header as a hashtable variable
You have a tab character between the variable name of the hashtable, and the next parameter
With a space character between "-Headers $Headers" and "-ContentType 'application/json'" it works fine, but with a tab character, somewhere in Powershell it's removing the tab and messing up the cast.
Take the following code and run it. It should return fine. However, if you then copy this into VsCode, and remove the space after '-Headers $Headers' and instead put a tab in, then copy it into a powershell window and it will fail.
When copied into a new powershell window, it appears that the character between $headers and -ContentType is [char]9 which is the ascii code for a tab character.
The error message:
Shows to me, that the character is being removed, and somehow the next parameter is treated as if it's part of the type name of the header object type.
If you rearrange the parameters so that body is the parameter in front of $header with a tab between, then you get the error message:
Issue occurs in both PowerShell 5.1, and PowerShell 7.14. Issue does not occur when debugging in VSCode, likely because tabs are converted to spaces?
Expected behavior
Actual behavior
Error details
Environment data
Visuals
No response
The text was updated successfully, but these errors were encountered: