Skip to content

AMSI scan should be done outside the static lock #3919

Closed
Closed
AMSI scan should be done outside the static lock#3919
Assignees
PaulHigin
Labels
Issue-BugIssue has been identified as a bug in the productIssue-Code Cleanupthe issue is for cleaning up the code with no impact on functionalityResolution-No ActivityIssue has had no activity for 6 months or moreSize-DaysWG-Enginecore PowerShell engine, interpreter, and runtimeWG-Engine-Performancecore PowerShell engine, interpreter, and runtime performance
@PaulHigin

Description

@PaulHigin
PaulHigin
opened on Jun 2, 2017

Currently our AMSI code (https://github.com/PowerShell/PowerShell/blob/master/src/System.Management.Automation/security/SecuritySupport.cs#L1672) calls the AmsiScanString() method within a static lock.

This is unnecessary because the AMSI API is thread safe and designed to process multiple scan requests.

But this code also needs to be refactored because it is unnecessarily un-initializing and re-initializing AMSI when multiple runspaces are used. In addition it is not tracking pipeline sessions correctly for multiple runspaces.

So I see the work items as:

  1. Ensure AMSI is initialized and un-initialized only once (see related issue Transcription for the host stops, when ANY runspace in the host get closed #2334).
  2. Add concurrent dictionary to correctly track AMSI session per pipeline.
  3. Don't call AmsiScanString within the static lock.

Metadata

Metadata

Assignees

Labels

Issue-BugIssue has been identified as a bug in the productIssue-Code Cleanupthe issue is for cleaning up the code with no impact on functionalityResolution-No ActivityIssue has had no activity for 6 months or moreSize-DaysWG-Enginecore PowerShell engine, interpreter, and runtimeWG-Engine-Performancecore PowerShell engine, interpreter, and runtime performance

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions