Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
readonly lazyCertInfo = new Lazy(async () => {
const cscInfo = await this.cscInfo.value
if (cscInfo == null) {
return null
}
if ("subject" in cscInfo) {
const bloodyMicrosoftSubjectDn = (cscInfo as CertificateFromStoreInfo).subject
return {
commonName: parseDn(bloodyMicrosoftSubjectDn).get("CN")!!,
bloodyMicrosoftSubjectDn,
}
}
const cscFile = (cscInfo as FileCodeSigningInfo).file
if (cscFile == null) {
return null
}
return await getCertInfo(cscFile, (cscInfo as FileCodeSigningInfo).password || "")
})
}, (error, stdout, stderr) => {
try {
if (error != null || stderr) {
handleError(logger, error, stderr)
resolve(null)
return
}
const data = parseOut(stdout)
if (data.Status === 0) {
const name = parseDn(data.SignerCertificate.Subject).get("CN")!
if (publisherNames.includes(name)) {
resolve(null)
return
}
}
const result = `publisherNames: ${publisherNames.join(" | ")}, raw info: ` + JSON.stringify(data, (name, value) => name === "RawData" ? undefined : value, 2)
logger.warn(`Sign verification failed, installer signed with incorrect certificate: ${result}`)
resolve(result)
}
catch (e) {
logger.warn(`Cannot execute Get-AuthenticodeSignature: ${error}. Ignoring signature validation due to unknown error.`)
resolve(null)
return
}
})