Skip to content

Call out broken web.config files for Cve-2022-41040#1277

Merged
dpaulson45 merged 1 commit into
mainfrom
dpaul-HcCveUpdate
Oct 6, 2022
Merged

Call out broken web.config files for Cve-2022-41040#1277
dpaulson45 merged 1 commit into
mainfrom
dpaul-HcCveUpdate

Conversation

@dpaulson45

@dpaulson45 dpaulson45 commented Oct 6, 2022

Copy link
Copy Markdown
Member

Issue:

Customer reporting the following error

Errors that occurred that wasn't handled
Error Index: 0
 : Cannot convert value "System.Object[]" to type "System.Xml.XmlDocument". Error: "The specified node cannot be inserted as the valid child of this node, because the specified node is the wrong type."
Inner Exception:    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception)
   at <ScriptBlock>(Closure , FunctionContext )
   at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(ScriptBlockClauseToInvoke clauseToInvoke, Boolean createLocalScope, Dictionary`2 functionsToDefine, List`1 variablesToDefine, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, Pipe outputPipe, InvocationInfo invocationInfo, Object[] args)
   at System.Management.Automation.ScriptBlock.<>c__DisplayClass57_0.<InvokeWithPipe>b__0()
   at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(Action action)
   at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean useLocalScope, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, Pipe outputPipe, InvocationInfo invocationInfo, Boolean propagateAllExceptionsToTop, List`1 variablesToDefine, Dictionary`2 functionsToDefine, Object[] args)
   at System.Management.Automation.ScriptBlock.DoInvokeReturnAsIs(Boolean useLocalScope, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, Object[] args)
   at Microsoft.PowerShell.Commands.WhereObjectCommand.ProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
Script Stack: at <ScriptBlock>, C:\Scripts\HealthChecker.ps1: line 4301
at Invoke-AnalyzerSecurityCve-2022-41040, C:\Scripts\HealthChecker.ps1: line 4300
at Invoke-AnalyzerSecurityCveCheck, C:\Scripts\HealthChecker.ps1: line 5149
at Invoke-AnalyzerSecurityVulnerability, C:\Scripts\HealthChecker.ps1: line 5174
at Invoke-AnalyzerEngine, C:\Scripts\HealthChecker.ps1: line 5285
at Main, C:\Scripts\HealthChecker.ps1: line 12045
at <ScriptBlock>, C:\Scripts\HealthChecker.ps1: line 12077
at <ScriptBlock>, <No file>: line 1
-----------------------------------

Fix:
Placed initial casting of content of the web.config to xml in a try catch block and notify that this CVE status is unknown.

Validation:
Lab tested
Resolved #1273

@dpaulson45 dpaulson45 requested a review from a team as a code owner October 6, 2022 14:23
@dpaulson45 dpaulson45 merged commit 77388ac into main Oct 6, 2022
@dpaulson45 dpaulson45 deleted the dpaul-HcCveUpdate branch October 6, 2022 15:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bill-long bill-long bill-long approved these changes

Assignees

No one assigned

Labels

Health Checker Issue

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Issue] - Health Checker fails when web.config contains invalid XML

2 participants

@dpaulson45 @bill-long