From 6d9417edbdc9ef3ee4eece564dc938524abd5ffe Mon Sep 17 00:00:00 2001
From: Lukas Sassl <lusassl@microsoft.com>
Date: Fri, 21 Apr 2023 15:32:25 +0200
Subject: [PATCH] Improved advanced logging for web requests

---
 Security/src/CVE-2023-23397/CVE-2023-23397.ps1            | 5 ++++-
 Shared/AzureFunctions/Invoke-GraphApiRequest.ps1          | 5 ++++-
 Shared/ScriptUpdateFunctions/Confirm-ProxyServer.ps1      | 5 +++++
 .../Invoke-WebRequestWithProxyDetection.ps1               | 8 +++++++-
 4 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/Security/src/CVE-2023-23397/CVE-2023-23397.ps1 b/Security/src/CVE-2023-23397/CVE-2023-23397.ps1
index 9917817e95..d5759a3e65 100644
--- a/Security/src/CVE-2023-23397/CVE-2023-23397.ps1
+++ b/Security/src/CVE-2023-23397/CVE-2023-23397.ps1
@@ -724,6 +724,8 @@ begin {
             }
         }
 
+        # Specify secret expiration time which must be in ISO 8601 format and is always in UTC time
+        $pwdEndDateTime = ([DateTime]::UtcNow).AddDays(7).ToString("o")
         # Graph API call to create a new application password
         $newAadApplicationPasswordParams = @{
             Query       = "applications/$($getAadApplicationResponse.value.id)/addPassword"
@@ -731,7 +733,7 @@ begin {
             Body        = @{
                 "passwordCredential" = @{
                     "displayName" = "AppAccessKey"
-                    "endDateTime" = (Get-Date).AddDays(7).ToString("yyyy-MM-ddTHH:mm:ssZ")
+                    "endDateTime" = $pwdEndDateTime
                 }
             } | ConvertTo-Json
             Method      = "POST"
@@ -914,6 +916,7 @@ begin {
     }
 } end {
     Write-Host ("CVE-2023-23397 script version $($BuildVersion)") -ForegroundColor Green
+    Write-Verbose "PowerShell version: $($PSVersionTable.PSVersion)"
 
     # Using either of these switches implies -UseSearchFolders
     if ($SearchFolderCleanup -or $SkipSearchFolderCreation) {
diff --git a/Shared/AzureFunctions/Invoke-GraphApiRequest.ps1 b/Shared/AzureFunctions/Invoke-GraphApiRequest.ps1
index 470b4308e4..2108e38af2 100644
--- a/Shared/AzureFunctions/Invoke-GraphApiRequest.ps1
+++ b/Shared/AzureFunctions/Invoke-GraphApiRequest.ps1
@@ -58,16 +58,19 @@ function Invoke-GraphApiRequest {
         }
 
         if (-not([System.String]::IsNullOrEmpty($Body))) {
+            Write-Verbose "Body: $Body"
             $graphApiRequestParams.Add("Body", $Body)
         }
 
+        Write-Verbose "Graph API uri called: $($graphApiRequestParams.Uri)"
+        Write-Verbose "Method: $($graphApiRequestParams.Method) ContentType: $($graphApiRequestParams.ContentType)"
         $graphApiResponse = Invoke-WebRequestWithProxyDetection -ParametersObject $graphApiRequestParams
 
         if (($null -eq $graphApiResponse) -or
             ([System.String]::IsNullOrEmpty($graphApiResponse.StatusCode))) {
             Write-Verbose "Graph API request failed - no response"
         } elseif ($graphApiResponse.StatusCode -ne $ExpectedStatusCode) {
-            Write-Verbose "Graph API status code $($graphApiResponse.StatusCode) does not match expected status code $ExpectedStatusCode"
+            Write-Verbose "Graph API status code: $($graphApiResponse.StatusCode) does not match expected status code: $ExpectedStatusCode"
         } else {
             Write-Verbose "Graph API request successful"
             $successful = $true
diff --git a/Shared/ScriptUpdateFunctions/Confirm-ProxyServer.ps1 b/Shared/ScriptUpdateFunctions/Confirm-ProxyServer.ps1
index f75eacb50d..ef622c7577 100644
--- a/Shared/ScriptUpdateFunctions/Confirm-ProxyServer.ps1
+++ b/Shared/ScriptUpdateFunctions/Confirm-ProxyServer.ps1
@@ -10,14 +10,19 @@ function Confirm-ProxyServer {
         $TargetUri
     )
 
+    Write-Verbose "Calling $($MyInvocation.MyCommand)"
     try {
         $proxyObject = ([System.Net.WebRequest]::GetSystemWebProxy()).GetProxy($TargetUri)
         if ($TargetUri -ne $proxyObject.OriginalString) {
+            Write-Verbose "Proxy server configuration detected"
+            Write-Verbose $proxyObject.OriginalString
             return $true
         } else {
+            Write-Verbose "No proxy server configuration detected"
             return $false
         }
     } catch {
+        Write-Verbose "Unable to check for proxy server configuration"
         return $false
     }
 }
diff --git a/Shared/ScriptUpdateFunctions/Invoke-WebRequestWithProxyDetection.ps1 b/Shared/ScriptUpdateFunctions/Invoke-WebRequestWithProxyDetection.ps1
index 5f44fd5860..0a68b3ac52 100644
--- a/Shared/ScriptUpdateFunctions/Invoke-WebRequestWithProxyDetection.ps1
+++ b/Shared/ScriptUpdateFunctions/Invoke-WebRequestWithProxyDetection.ps1
@@ -2,6 +2,7 @@
 # Licensed under the MIT License.
 
 . $PSScriptRoot\Confirm-ProxyServer.ps1
+. $PSScriptRoot\..\Write-ErrorInformation.ps1
 
 function Invoke-WebRequestWithProxyDetection {
     [CmdletBinding(DefaultParameterSetName = "Default")]
@@ -23,6 +24,7 @@ function Invoke-WebRequestWithProxyDetection {
         $OutFile
     )
 
+    Write-Verbose "Calling $($MyInvocation.MyCommand)"
     if ([System.String]::IsNullOrEmpty($Uri)) {
         $Uri = $ParametersObject.Uri
     }
@@ -47,5 +49,9 @@ function Invoke-WebRequestWithProxyDetection {
         $params = $ParametersObject
     }
 
-    Invoke-WebRequest @params
+    try {
+        Invoke-WebRequest @params
+    } catch {
+        Write-VerboseErrorInformation
+    }
 }