Invalid value for V-221588 in default Chrome organizational settings

Question

Invalid value for V-221588 in default Chrome organizational settings

jmetzger-novetta opened this issue 10 months ago · 1 comments

jmetzger-novetta commented 10 months ago

Describe the bug
The default organizational settings file for Chrome 2.7 and 2.8 contains an invalid value for V-221588. Valid values can be 1 or 2, but the default value is currently set to [*.]mil,[*.]gov. I believe PR #1267 incorrectly updated the ValueData for V-221588 instead of V-221596.

The incorrect values causes the following exception to be thrown:

VERBOSE: [HOSTNAME]: [[RegistryPolicyFile][V-221588][medium][SRG-APP-000089]::[Chrome]ChromeSettings] Adding policy with Key: Software\Policies\Google\Chrome, ValueName: DownloadRestrictions, ValueData: System.String[], ValueType: Dword. (RPF001)
Cannot convert value "[*.]mil,[*.]gov" to type "System.Int32". Error: "Input string was not in a correct format."
    + CategoryInfo          : InvalidArgument: (:) [], CimException
    + FullyQualifiedErrorId : InvalidCastFromStringToInteger
    + PSComputerName        : localhost

This failure also causes an exception with the subsequent rule, floods the console with a repeating exception message, and hangs DSC:

VERBOSE: [HOSTNAME]: [[RegistryPolicyFile][V-221590][medium][SRG-APP-000206]::[Chrome]ChromeSettings] Retrieving current for Key Software\Policies\Google\Chrome ValueName SafeBrowsingExtendedReportingEnabled. (RPF04)
Exception calling "IndexOf" with "2" argument(s): "Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: startIndex"
    + CategoryInfo          : NotSpecified: (:) [], CimException
    + FullyQualifiedErrorId : ArgumentOutOfRangeException
    + PSComputerName        : localhost

To Reproduce
Run the following script:

configuration DSCPowerStigConfig
{
	Import-DscResource -ModuleName PowerStig
	
	Node localhost
        {
		Chrome ChromeSettings
		{
			StigVersion = '2.8'
		}		
	}
}

DSCPowerStigConfig -Verbose
Start-DscConfiguration -Path '.\DSCPowerStigConfig' -Wait -Verbose -Force

Expected behavior
DSC applies the Chrome 2.8 STIG successfully.

Screenshots
N/A

Additional context
N/A

Answer 1 · 2024-02-28T17:44:05.000Z

Thanks for finding this bug should be a quick fix and will add to next release