Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

In RestrictedLanguage mode, an instance of a given type cannot be created with a cast, but can be created with New-Object

See original GitHub issue

Note: I may have a misconception here, but the difference in behavior strikes me as unusual.

Steps to reproduce

try {

  $ps = [powershell]::Create()
  $ps.Runspace.SessionStateProxy.LanguageMode = 'Restricted'

  try {
    $ps.AddScript('[regex] "."').Invoke()
    $ps.Streams.Error | Write-Warning
  }
  catch { Write-Warning $_ }

  $ps.Commands.Clear(); $ps.Streams.ClearStreams()

  try {
    $ps.AddScript('New-Object regex "."').Invoke()
    $ps.Streams.Error | Write-Warning
  }
  catch { Write-Warning $_ }

}
finally { $ps.Dispose() }

Expected behavior

Both attempts to create a [regex] instance should fail, because it appears that [regex] is not on an apparent, but undocumented whitelist of permitted types (the whitelist is only documented for ConstrainedLanguage); by contrast, a type such as [int] can be constructed successfully with either method ([int] 0 and New-Object int).

Actual behavior

The cast method fails, whereas the New-Object method succeeds:

WARNING: Exception calling "Invoke" with "0" argument(s): "At line:1 char:1
+ [regex] "."
+ ~~~~~~
+ The type regex is not allowed in restricted language mode or a Data section."

Options RightToLeft MatchTimeout
------- ----------- ------------
   None       False -00:00:00.0010000

Environment data

PowerShell Core 7.1.0

Issue Analytics

State:
Created 3 years ago
Reactions:3
Comments:23 (15 by maintainers)

Top GitHub Comments

4reactions

mklement0commented, Mar 8, 2021

@TravisEz13

This is not a security issue because restricted language mode does not make a security promise

Aren’t language modes all about security? If not, what purpose do they serve? Are only some modes security-relevant? If so, which? The linked about_Language_Modes conceptual help topic doesn’t provide any clues.

This is a bug because new-object will allow you to create a type but a cast will not allow the same time.

So what is the resolution here?

if you cannot cast to a type, don’t allow New-Object to instantiate it either?
if New-Object allows you to in instantiate a type, casts should allow it too?
What is the list of approved types in RestrictedLanguage mode, given that the error message The type regex is not allowed in restricted language mode or a Data section. implies that there is one?

4reactions

iSazonovcommented, Nov 13, 2020

I set Issue-Bug and WG-Security until team triages this.