fix: applied updated ESC1 detection logic to other template-based ESCs #264
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR updates certificate template-based ESC (Escalation) detection logic by improving Extended Rights validation and making performance optimizations. The changes enhance security validation by adding ObjectType checks for Extended Rights and reduce network timeout values for faster execution.
- Enhanced Extended Rights validation by adding ObjectType GUID checks across multiple ESC detection functions
- Reduced HTTP request timeout from 1000ms to 100ms for improved performance
- Fixed a minor text inconsistency in error messages
Reviewed Changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| Private/Set-AdditionalCAProperty.ps1 | Reduced request timeout and removed commented code |
| Private/Find-ESC9.ps1 | Updated conditional logic to include ObjectType validation for Extended Rights |
| Private/Find-ESC3C2.ps1 | Applied same Enhanced Extended Rights validation pattern |
| Private/Find-ESC3C1.ps1 | Applied same Enhanced Extended Rights validation pattern |
| Private/Find-ESC2.ps1 | Applied same Enhanced Extended Rights validation pattern |
| Private/Find-ESC16.ps1 | Fixed text from "CA" to "template" in error message |
| Private/Find-ESC15.ps1 | Applied same Enhanced Extended Rights validation pattern |
| Private/Find-ESC13.ps1 | Applied Enhanced Extended Rights validation and fixed operator casing |
| Invoke-Locksmith.ps1 | Consolidated all changes from individual files into main script |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
⌘+C, ⌘+V will never lead me astray.