Skip to content

Commit 73c69f7

Browse files
afiuneafiune
authored
fix(install.ps1): modify User $Path correctly (#869)
* fix(install.ps1): modify User $Path correctly When an non-admin Windows user would install the Lacework CLI, we were modifying the User's $Path environment variable incorrectly. In fact, we were overriding the entire $Path to be the System's $Path (at the Machine) This change is fixing this issue by properly updating the Users' or System wide $Path environment variable. Jira: - https://lacework.atlassian.net/browse/LINK-812 - https://lacework.atlassian.net/browse/ALLY-1103 Extra: fix(install.ps1): avoid modifying PATH in any way Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
1 parent 1112f55 commit 73c69f7

File tree

2 files changed

+37
-20
lines changed

2 files changed

+37
-20
lines changed

cli/install.ps1

+14-6
Original file line numberDiff line numberDiff line change
@@ -96,20 +96,29 @@ Function Install-Lacework-CLI {
9696
$laceworkPath = Join-Path $env:ProgramData Lacework
9797
if (-not (Test-Path $laceworkPath)) { New-Item $laceworkPath -ItemType Directory | Out-Null }
9898
$exe = (Get-ChildItem (Join-Path ($workdir) "bin"))
99-
Copy-Item "$($exe.FullName)" $laceworkPath -Force
10099
$env:PATH = New-PathString -StartingPath $env:PATH -Path $laceworkPath
101-
$machinePath = [System.Environment]::GetEnvironmentVariable("PATH", "Machine")
102-
$machinePath = New-PathString -StartingPath $machinePath -Path $laceworkPath
100+
101+
try {
102+
Copy-Item "$($exe.FullName)" $laceworkPath -Force
103+
}
104+
catch {
105+
$exeOwner = Get-Acl (Join-Path $laceworkPath "lacework.exe") | Select-Object Owner
106+
Write-Error "Unable to install the Lacework CLI. The executable is owned by $exeOwner"
107+
}
103108

104109
$isAdmin = $false
105110
try {
106111
$currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
107112
$isAdmin = $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
108113
} finally {
109114
if ($isAdmin) {
115+
$machinePath = [System.Environment]::GetEnvironmentVariable("PATH", "Machine")
116+
$machinePath = New-PathString -StartingPath $machinePath -Path $laceworkPath
110117
[System.Environment]::SetEnvironmentVariable("PATH", $machinePath, "Machine")
111118
} else {
112-
[System.Environment]::SetEnvironmentVariable("PATH", $machinePath, "User")
119+
$userPath = [System.Environment]::GetEnvironmentVariable("PATH", "User")
120+
$userPath = New-PathString -StartingPath $userPath -Path $laceworkPath
121+
[System.Environment]::SetEnvironmentVariable("PATH", $userPath, "User")
113122
}
114123
}
115124
}
@@ -120,8 +129,7 @@ Function New-PathString([string]$StartingPath, [string]$Path) {
120129
[string[]]$PathCollection = "$path;$StartingPath" -split ';'
121130
$Path = ($PathCollection |
122131
Select-Object -Unique |
123-
Where-Object {-not [string]::IsNullOrEmpty($_.trim())} |
124-
Where-Object {Test-Path "$_"}
132+
Where-Object {-not [string]::IsNullOrEmpty($_.trim())}
125133
) -join ';'
126134
}
127135
$path

scripts/chocolatey/build/tools/chocolateyinstall.ps1

+23-14
Original file line numberDiff line numberDiff line change
@@ -109,16 +109,19 @@ Function Assert-Shasum($archive)
109109
Function Install-Lacework-CLI
110110
{
111111
$laceworkPath = Join-Path $env:ProgramData Lacework
112-
if (Test-Path $laceworkPath)
113-
{
114-
Remove-Item $laceworkPath -Recurse -Force
115-
}
116-
New-Item $laceworkPath -ItemType Directory | Out-Null
112+
if (-not (Test-Path $laceworkPath)) { New-Item $laceworkPath -ItemType Directory | Out-Null }
117113
$exe = (Get-ChildItem (Join-Path ($workdir) "bin"))
118-
Copy-Item "$( $exe.FullName )" $laceworkPath
119114
$env:PATH = New-PathString -StartingPath $env:PATH -Path $laceworkPath
120-
$machinePath = [System.Environment]::GetEnvironmentVariable("PATH", "Machine")
121-
$machinePath = New-PathString -StartingPath $machinePath -Path $laceworkPath
115+
116+
try
117+
{
118+
Copy-Item "$($exe.FullName)" $laceworkPath -Force
119+
}
120+
catch
121+
{
122+
$exeOwner = Get-Acl (Join-Path $laceworkPath "lacework.exe") | Select-Object Owner
123+
Write-Error "Unable to install the Lacework CLI. The executable is owned by $exeOwner"
124+
}
122125

123126
$isAdmin = $false
124127
try
@@ -130,16 +133,23 @@ Function Install-Lacework-CLI
130133
{
131134
if ($isAdmin)
132135
{
136+
$machinePath = [System.Environment]::GetEnvironmentVariable("PATH", "Machine")
137+
$machinePath = New-PathString -StartingPath $machinePath -Path $laceworkPath
133138
[System.Environment]::SetEnvironmentVariable("PATH", $machinePath, "Machine")
139+
140+
## Set Chocolatey environment variable
141+
[System.Environment]::SetEnvironmentVariable("LW_CHOCOLATEY_INSTALL", 1, "Machine")
134142
}
135143
else
136144
{
137-
[System.Environment]::SetEnvironmentVariable("PATH", $machinePath, "User")
145+
$userPath = [System.Environment]::GetEnvironmentVariable("PATH", "User")
146+
$userPath = New-PathString -StartingPath $userPath -Path $laceworkPath
147+
[System.Environment]::SetEnvironmentVariable("PATH", $userPath, "User")
148+
149+
## Set Chocolatey environment variable
150+
[System.Environment]::SetEnvironmentVariable("LW_CHOCOLATEY_INSTALL", 1, "Machine")
138151
}
139152
}
140-
141-
## set Chocolatey env var
142-
[System.Environment]::SetEnvironmentVariable("LW_CHOCOLATEY_INSTALL", 1, "Machine")
143153
}
144154

145155
Function New-PathString([string]$StartingPath, [string]$Path)
@@ -151,8 +161,7 @@ Function New-PathString([string]$StartingPath, [string]$Path)
151161
[string[]]$PathCollection = "$path;$StartingPath" -split ';'
152162
$Path = ($PathCollection |
153163
Select-Object -Unique |
154-
Where-Object { -not [string]::IsNullOrEmpty($_.trim()) } |
155-
Where-Object { Test-Path "$_" }
164+
Where-Object { -not [string]::IsNullOrEmpty($_.trim()) }
156165
) -join ';'
157166
}
158167
$path

0 commit comments

Comments
 (0)