Add AMSI method invocation logging as experimental feature by PaulHigin · Pull Request #16496 · PowerShell/PowerShell

PaulHigin · 2021-11-19T19:40:59Z

PR Summary

This PR adds a new experimental feature that adds new AMSI logging of .NET method invocations.

PR Context

This uses a new AMSI notification API to log .NET method invocations.

PR Checklist

ghost · 2021-11-27T02:00:41Z

This pull request has been automatically marked as Review Needed because it has been there has not been any activity for 7 days.
Maintainer, please provide feedback and/or mark it as Waiting on Author

pull-request-quantifier-deprecated · 2021-11-30T19:31:31Z

This PR has 142 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

Quantification details

Label      : Medium
Size       : +127 -15
Percentile : 48.4%

Total files changed: 5

Change summary by file extension:
.cs : +127 -15

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

Fast and predictable releases to production:
- Optimal size changes are more likely to be reviewed faster with fewer
  iterations.
- Similarity in low PR complexity drives similar review times.
Review quality is likely higher as complexity is lower:
- Bugs are more likely to be detected.
- Code inconsistencies are more likely to be detetcted.
Knowledge sharing is improved within the participants:
- Small portions can be assimilated better.
Better engineering practices are exercised:
- Solving big problems by dividing them in well contained, smaller problems.
- Exercising separation of concerns within the code changes.

What can I do to optimize my changes

Use the PullRequestQuantifier to quantify your PR accurately
- Create a context profile for your repo using the context generator
- Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
- Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
- Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
Change your engineering behaviors
- For PRs that fall outside of the desired spectrum, review the details and check if:
  - Your PR could be split in smaller, self-contained PRs instead
  - Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

One line was added: +1 -0
One line was deleted: +0 -1
One line was modified: +1 -1 (git diff doesn't know about modified, it will
interpret that line like one addition plus one deletion)
Change percentiles: Change characteristics (addition, deletion, modification)
of this PR in relation to all other PRs within the repository.

Was this comment helpful? 👍 :ok_hand: :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.

PaulHigin · 2021-11-30T20:41:24Z

@daxian-dbw Can you please review?

PaulHigin · 2021-11-30T21:29:36Z

/azp run

azure-pipelines · 2021-11-30T21:30:20Z

Azure Pipelines successfully started running 6 pipeline(s).

daxian-dbw

LGTM.

daxian-dbw

Would it be better that we special handle PowerShell class intances in LogMemberInvoaction? For example, if we found it's an instance of a PowerShell class, we just log its type name instead of calling its ToString method.

src/System.Management.Automation/engine/runtime/Operations/MiscOps.cs

ghost · 2021-12-16T02:00:40Z

This pull request has been automatically marked as Review Needed because it has been there has not been any activity for 7 days.
Maintainer, please provide feedback and/or mark it as Waiting on Author

PaulHigin · 2021-12-16T16:06:57Z

@anmenaga Can you please merge?

ghost · 2021-12-24T02:00:51Z

This pull request has been automatically marked as Review Needed because it has been there has not been any activity for 7 days.
Maintainer, please provide feedback and/or mark it as Waiting on Author

PaulHigin · 2022-01-03T18:08:27Z

@anmenaga gentle ping

…l#16496) * Add AMSI method invocation logging as experimental feature * Add fix for value type errors in logging expression * Fix recursion error

ghost · 2022-02-24T23:33:16Z

🎉v7.3.0-preview.2 has been released which incorporates this pull request.:tada:

Handy links:

Release Notes

Add AMSI method invocation logging as experimental feature

b0561fe

PaulHigin requested a review from daxian-dbw as a code owner November 19, 2021 19:40

ghost assigned anmenaga Nov 19, 2021

pull-request-quantifier-deprecated bot added the Medium label Nov 19, 2021

ghost added the Review - Needed The PR is being reviewed label Nov 27, 2021

PaulHigin added 2 commits November 29, 2021 16:18

Add fix for value type errors in logging expression

5b01236

Fix recursion error

bb46ce3

ghost removed the Review - Needed The PR is being reviewed label Nov 30, 2021

daxian-dbw approved these changes Dec 6, 2021

View reviewed changes

daxian-dbw reviewed Dec 8, 2021

View reviewed changes

src/System.Management.Automation/engine/runtime/Operations/MiscOps.cs Show resolved Hide resolved

ghost added the Review - Needed The PR is being reviewed label Dec 16, 2021

ghost removed the Review - Needed The PR is being reviewed label Dec 16, 2021

iSazonov added the CL-General Indicates that a PR should be marked as a general cmdlet change in the Change Log label Dec 16, 2021

ghost added the Review - Needed The PR is being reviewed label Dec 24, 2021

ghost removed the Review - Needed The PR is being reviewed label Jan 3, 2022

PaulHigin merged commit 0834c65 into PowerShell:master Jan 4, 2022

PaulHigin deleted the new-amsi-notify branch January 4, 2022 16:30

sdwheeler mentioned this pull request Mar 3, 2022

Add AMSI method invocation logging as experimental feature MicrosoftDocs/PowerShell-Docs#8619

Closed

2 tasks

User1785604260 mentioned this pull request Apr 4, 2023

Windows Defender has started to slowdown method calls in PowerShell dramatically #19431

Closed

5 tasks

KalleOlaviNiemitalo mentioned this pull request Apr 17, 2024

[System.Convert]::FromBase64String causes memory leak with large strings #21473

Open

5 tasks

Conversation

PaulHigin commented Nov 19, 2021

PR Summary

PR Context

PR Checklist

Uh oh!

ghost commented Nov 27, 2021

Uh oh!

pull-request-quantifier-deprecated bot commented Nov 30, 2021

What can I do to optimize my changes

How to interpret the change counts in git diff output

Uh oh!

PaulHigin commented Nov 30, 2021

Uh oh!

PaulHigin commented Nov 30, 2021

Uh oh!

azure-pipelines bot commented Nov 30, 2021

Uh oh!

daxian-dbw left a comment

Choose a reason for hiding this comment

Uh oh!

daxian-dbw left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

ghost commented Dec 16, 2021

Uh oh!

PaulHigin commented Dec 16, 2021

Uh oh!

ghost commented Dec 24, 2021

Uh oh!

PaulHigin commented Jan 3, 2022

Uh oh!

ghost commented Feb 24, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants