From 104864f50156ff38bcf1551a775a0f3f44307ea8 Mon Sep 17 00:00:00 2001
From: Tom Plant <tom@tplant.com.au>
Date: Sun, 27 Oct 2024 12:27:06 +1100
Subject: [PATCH 1/3] Use AMSI for archive malware scanning

* Remove `#include <pure.h>` and add necessary includes for AMSI in `src/AppInstallerCommonCore/Archive.cpp`
* Initialize AMSI, create a session, scan the file, and handle results in `ScanZipFile` function
* Add tests for new archive formats in `src/AppInstallerCLITests/Archive.cpp`
  - Add test cases for 7z, Rar, TarGz, and TarBz2 archive formats
  - Verify extraction and scanning of these new archive formats
---
 src/AppInstallerCLITests/Archive.cpp   | 169 ++++++++++++++++++-----
 src/AppInstallerCommonCore/Archive.cpp | 177 ++++++++++++++-----------
 2 files changed, 233 insertions(+), 113 deletions(-)

diff --git a/src/AppInstallerCLITests/Archive.cpp b/src/AppInstallerCLITests/Archive.cpp
index 4d415761f1..32d826314f 100644
--- a/src/AppInstallerCLITests/Archive.cpp
+++ b/src/AppInstallerCLITests/Archive.cpp
@@ -1,34 +1,135 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-#include "pch.h"
-#include "TestCommon.h"
-#include <winget/Archive.h>
-
-using namespace AppInstaller::Archive;
-using namespace TestCommon;
-
-constexpr std::string_view s_ZipFile = "TestZip.zip";
-
-TEST_CASE("Extract_ZipArchive", "[archive]")
-{
-    TestCommon::TempDirectory tempDirectory("TempDirectory");
-    TestDataFile testZip(s_ZipFile);
-
-    const auto& testZipPath = testZip.GetPath();
-    const auto& tempDirectoryPath = tempDirectory.GetPath();
-
-    HRESULT hr = TryExtractArchive(testZipPath, tempDirectoryPath);
-
-    std::filesystem::path expectedPath = tempDirectoryPath / "test.txt";
-    REQUIRE(SUCCEEDED(hr));
-    REQUIRE(std::filesystem::exists(expectedPath));
-}
-
-TEST_CASE("Scan_ZipArchive", "[archive]")
-{
-    TestDataFile testZip(s_ZipFile);
-
-    const auto& testZipPath = testZip.GetPath();
-    bool result = ScanZipFile(testZipPath);
-    REQUIRE(result);
-}
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+#include "pch.h"
+#include "TestCommon.h"
+#include <winget/Archive.h>
+
+using namespace AppInstaller::Archive;
+using namespace TestCommon;
+
+constexpr std::string_view s_ZipFile = "TestZip.zip";
+constexpr std::string_view s_7zFile = "Test7z.7z";
+constexpr std::string_view s_RarFile = "TestRar.rar";
+constexpr std::string_view s_TarGzFile = "TestTarGz.tar.gz";
+constexpr std::string_view s_TarBz2File = "TestTarBz2.tar.bz2";
+
+TEST_CASE("Extract_ZipArchive", "[archive]")
+{
+    TestCommon::TempDirectory tempDirectory("TempDirectory");
+    TestDataFile testZip(s_ZipFile);
+
+    const auto& testZipPath = testZip.GetPath();
+    const auto& tempDirectoryPath = tempDirectory.GetPath();
+
+    HRESULT hr = TryExtractArchive(testZipPath, tempDirectoryPath);
+
+    std::filesystem::path expectedPath = tempDirectoryPath / "test.txt";
+    REQUIRE(SUCCEEDED(hr));
+    REQUIRE(std::filesystem::exists(expectedPath));
+}
+
+TEST_CASE("Scan_ZipArchive", "[archive]")
+{
+    TestDataFile testZip(s_ZipFile);
+
+    const auto& testZipPath = testZip.GetPath();
+    bool result = ScanZipFile(testZipPath);
+    REQUIRE(result);
+}
+
+TEST_CASE("Extract_7zArchive", "[archive]")
+{
+    TestCommon::TempDirectory tempDirectory("TempDirectory");
+    TestDataFile test7z(s_7zFile);
+
+    const auto& test7zPath = test7z.GetPath();
+    const auto& tempDirectoryPath = tempDirectory.GetPath();
+
+    HRESULT hr = TryExtractArchive(test7zPath, tempDirectoryPath);
+
+    std::filesystem::path expectedPath = tempDirectoryPath / "test.txt";
+    REQUIRE(SUCCEEDED(hr));
+    REQUIRE(std::filesystem::exists(expectedPath));
+}
+
+TEST_CASE("Scan_7zArchive", "[archive]")
+{
+    TestDataFile test7z(s_7zFile);
+
+    const auto& test7zPath = test7z.GetPath();
+    bool result = ScanZipFile(test7zPath);
+    REQUIRE(result);
+}
+
+TEST_CASE("Extract_RarArchive", "[archive]")
+{
+    TestCommon::TempDirectory tempDirectory("TempDirectory");
+    TestDataFile testRar(s_RarFile);
+
+    const auto& testRarPath = testRar.GetPath();
+    const auto& tempDirectoryPath = tempDirectory.GetPath();
+
+    HRESULT hr = TryExtractArchive(testRarPath, tempDirectoryPath);
+
+    std::filesystem::path expectedPath = tempDirectoryPath / "test.txt";
+    REQUIRE(SUCCEEDED(hr));
+    REQUIRE(std::filesystem::exists(expectedPath));
+}
+
+TEST_CASE("Scan_RarArchive", "[archive]")
+{
+    TestDataFile testRar(s_RarFile);
+
+    const auto& testRarPath = testRar.GetPath();
+    bool result = ScanZipFile(testRarPath);
+    REQUIRE(result);
+}
+
+TEST_CASE("Extract_TarGzArchive", "[archive]")
+{
+    TestCommon::TempDirectory tempDirectory("TempDirectory");
+    TestDataFile testTarGz(s_TarGzFile);
+
+    const auto& testTarGzPath = testTarGz.GetPath();
+    const auto& tempDirectoryPath = tempDirectory.GetPath();
+
+    HRESULT hr = TryExtractArchive(testTarGzPath, tempDirectoryPath);
+
+    std::filesystem::path expectedPath = tempDirectoryPath / "test.txt";
+    REQUIRE(SUCCEEDED(hr));
+    REQUIRE(std::filesystem::exists(expectedPath));
+}
+
+TEST_CASE("Scan_TarGzArchive", "[archive]")
+{
+    TestDataFile testTarGz(s_TarGzFile);
+
+    const auto& testTarGzPath = testTarGz.GetPath();
+    bool result = ScanZipFile(testTarGzPath);
+    REQUIRE(result);
+}
+
+TEST_CASE("Extract_TarBz2Archive", "[archive]")
+{
+    TestCommon::TempDirectory tempDirectory("TempDirectory");
+    TestDataFile testTarBz2(s_TarBz2File);
+
+    const auto& testTarBz2Path = testTarBz2.GetPath();
+    const auto& tempDirectoryPath = tempDirectory.GetPath();
+
+    HRESULT hr = TryExtractArchive(testTarBz2Path, tempDirectoryPath);
+
+    std::filesystem::path expectedPath = tempDirectoryPath / "test.txt";
+    REQUIRE(SUCCEEDED(hr));
+    REQUIRE(std::filesystem::exists(expectedPath));
+}
+
+TEST_CASE("Scan_TarBz2Archive", "[archive]")
+{
+    TestDataFile testTarBz2(s_TarBz2File);
+
+    const auto& testTarBz2Path = testTarBz2.GetPath();
+    bool result = ScanZipFile(testTarBz2Path);
+    REQUIRE(result);
+}
+
diff --git a/src/AppInstallerCommonCore/Archive.cpp b/src/AppInstallerCommonCore/Archive.cpp
index 95766519e9..cbf19b142e 100644
--- a/src/AppInstallerCommonCore/Archive.cpp
+++ b/src/AppInstallerCommonCore/Archive.cpp
@@ -1,79 +1,98 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-#include "pch.h"
-#include "Public/winget/Archive.h"
-
-// TODO: Move include statement to pch.h and resolve build errors
-#pragma warning( push )
-#pragma warning ( disable : 4189 4244 26451 )
-#include <pure.h>
-#pragma warning ( pop )
-
-namespace AppInstaller::Archive
-{
-    using unique_pidlist_absolute = wil::unique_any<PIDLIST_ABSOLUTE, decltype(&::CoTaskMemFree), ::CoTaskMemFree>;
-    using unique_lpitemidlist = wil::unique_any<LPITEMIDLIST, decltype(&::CoTaskMemFree), ::CoTaskMemFree>;
-
-    HRESULT TryExtractArchive(const std::filesystem::path& archivePath, const std::filesystem::path& destPath)
-    {
-        wil::com_ptr<IFileOperation> pFileOperation;
-        RETURN_IF_FAILED(CoCreateInstance(CLSID_FileOperation, NULL, CLSCTX_ALL, IID_PPV_ARGS(&pFileOperation)));
-        RETURN_IF_FAILED(pFileOperation->SetOperationFlags(FOF_NO_UI));
-
-        wil::com_ptr<IShellItem> pShellItemTo;
-        RETURN_IF_FAILED(SHCreateItemFromParsingName(destPath.c_str(), NULL, IID_PPV_ARGS(&pShellItemTo)));
-
-        unique_pidlist_absolute pidlFull;
-        RETURN_IF_FAILED(SHParseDisplayName(archivePath.c_str(), NULL, &pidlFull, 0, NULL));
-
-        wil::com_ptr<IShellFolder> pArchiveShellFolder;
-        RETURN_IF_FAILED(SHBindToObject(NULL, pidlFull.get(), NULL, IID_PPV_ARGS(&pArchiveShellFolder)));
-
-        wil::com_ptr<IEnumIDList> pEnumIdList;
-        RETURN_IF_FAILED(pArchiveShellFolder->EnumObjects(nullptr, SHCONTF_FOLDERS | SHCONTF_NONFOLDERS, &pEnumIdList));
-
-        unique_lpitemidlist pidlChild;
-        ULONG nFetched;
-        while (pEnumIdList->Next(1, wil::out_param_ptr<LPITEMIDLIST*>(pidlChild), &nFetched) == S_OK && nFetched == 1)
-        {
-            wil::com_ptr<IShellItem> pShellItemFrom;
-            STRRET strFolderName;
-            WCHAR szFolderName[MAX_PATH];
-            RETURN_IF_FAILED(pArchiveShellFolder->GetDisplayNameOf(pidlChild.get(), SHGDN_INFOLDER | SHGDN_FORPARSING, &strFolderName));
-            RETURN_IF_FAILED(StrRetToBuf(&strFolderName, pidlChild.get(), szFolderName, MAX_PATH));
-            RETURN_IF_FAILED(SHCreateItemWithParent(pidlFull.get(), pArchiveShellFolder.get(), pidlChild.get(), IID_PPV_ARGS(&pShellItemFrom)));
-            RETURN_IF_FAILED(pFileOperation->CopyItem(pShellItemFrom.get(), pShellItemTo.get(), NULL, NULL));
-        }
-
-        RETURN_IF_FAILED(pFileOperation->PerformOperations());
-        return S_OK;
-    }
-
-#ifndef AICLI_DISABLE_TEST_HOOKS
-    static bool* s_ScanArchiveResult_TestHook_Override = nullptr;
-
-    void TestHook_SetScanArchiveResult_Override(bool* status)
-    {
-        s_ScanArchiveResult_TestHook_Override = status;
-    }
-#endif
-
-    bool ScanZipFile(const std::filesystem::path& zipPath)
-    {
-#ifndef AICLI_DISABLE_TEST_HOOKS
-        if (s_ScanArchiveResult_TestHook_Override)
-        {
-            return *s_ScanArchiveResult_TestHook_Override;
-        }
-#endif
-
-        std::ifstream instream{ zipPath, std::ios::in | std::ios::binary };
-        std::vector<uint8_t> data{ { std::istreambuf_iterator<char>{ instream } }, std::istreambuf_iterator<char>{} };
-
-        uint8_t* buffer = &data[0];
-        uint64_t flag = 0;
-        int scanResult = pure_zip(buffer, data.size(), flag);
-
-        return scanResult == 0;
-    }
-}
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+#include "pch.h"
+#include "Public/winget/Archive.h"
+
+#include <amsi.h>
+#include <comdef.h>
+#include <fstream>
+#include <vector>
+
+namespace AppInstaller::Archive
+{
+    using unique_pidlist_absolute = wil::unique_any<PIDLIST_ABSOLUTE, decltype(&::CoTaskMemFree), ::CoTaskMemFree>;
+    using unique_lpitemidlist = wil::unique_any<LPITEMIDLIST, decltype(&::CoTaskMemFree), ::CoTaskMemFree>;
+
+    HRESULT TryExtractArchive(const std::filesystem::path& archivePath, const std::filesystem::path& destPath)
+    {
+        wil::com_ptr<IFileOperation> pFileOperation;
+        RETURN_IF_FAILED(CoCreateInstance(CLSID_FileOperation, NULL, CLSCTX_ALL, IID_PPV_ARGS(&pFileOperation)));
+        RETURN_IF_FAILED(pFileOperation->SetOperationFlags(FOF_NO_UI));
+
+        wil::com_ptr<IShellItem> pShellItemTo;
+        RETURN_IF_FAILED(SHCreateItemFromParsingName(destPath.c_str(), NULL, IID_PPV_ARGS(&pShellItemTo)));
+
+        unique_pidlist_absolute pidlFull;
+        RETURN_IF_FAILED(SHParseDisplayName(archivePath.c_str(), NULL, &pidlFull, 0, NULL));
+
+        wil::com_ptr<IShellFolder> pArchiveShellFolder;
+        RETURN_IF_FAILED(SHBindToObject(NULL, pidlFull.get(), NULL, IID_PPV_ARGS(&pArchiveShellFolder)));
+
+        wil::com_ptr<IEnumIDList> pEnumIdList;
+        RETURN_IF_FAILED(pArchiveShellFolder->EnumObjects(nullptr, SHCONTF_FOLDERS | SHCONTF_NONFOLDERS, &pEnumIdList));
+
+        unique_lpitemidlist pidlChild;
+        ULONG nFetched;
+        while (pEnumIdList->Next(1, wil::out_param_ptr<LPITEMIDLIST*>(pidlChild), &nFetched) == S_OK && nFetched == 1)
+        {
+            wil::com_ptr<IShellItem> pShellItemFrom;
+            STRRET strFolderName;
+            WCHAR szFolderName[MAX_PATH];
+            RETURN_IF_FAILED(pArchiveShellFolder->GetDisplayNameOf(pidlChild.get(), SHGDN_INFOLDER | SHGDN_FORPARSING, &strFolderName));
+            RETURN_IF_FAILED(StrRetToBuf(&strFolderName, pidlChild.get(), szFolderName, MAX_PATH));
+            RETURN_IF_FAILED(SHCreateItemWithParent(pidlFull.get(), pArchiveShellFolder.get(), pidlChild.get(), IID_PPV_ARGS(&pShellItemFrom)));
+            RETURN_IF_FAILED(pFileOperation->CopyItem(pShellItemFrom.get(), pShellItemTo.get(), NULL, NULL));
+        }
+
+        RETURN_IF_FAILED(pFileOperation->PerformOperations());
+        return S_OK;
+    }
+
+#ifndef AICLI_DISABLE_TEST_HOOKS
+    static bool* s_ScanArchiveResult_TestHook_Override = nullptr;
+
+    void TestHook_SetScanArchiveResult_Override(bool* status)
+    {
+        s_ScanArchiveResult_TestHook_Override = status;
+    }
+#endif
+
+    bool ScanZipFile(const std::filesystem::path& zipPath)
+    {
+#ifndef AICLI_DISABLE_TEST_HOOKS
+        if (s_ScanArchiveResult_TestHook_Override)
+        {
+            return *s_ScanArchiveResult_TestHook_Override;
+        }
+#endif
+
+        HRESULT hr = S_OK;
+        wil::com_ptr_nothrow<IUnknown> amsiContext;
+        wil::com_ptr_nothrow<IUnknown> amsiSession;
+
+        hr = AmsiInitialize(L"WinGet", &amsiContext);
+        if (FAILED(hr))
+        {
+            return false;
+        }
+
+        hr = AmsiOpenSession(amsiContext.get(), &amsiSession);
+        if (FAILED(hr))
+        {
+            AmsiUninitialize(amsiContext.get());
+            return false;
+        }
+
+        std::ifstream instream{ zipPath, std::ios::in | std::ios::binary };
+        std::vector<uint8_t> data{ { std::istreambuf_iterator<char>{ instream } }, std::istreambuf_iterator<char>{} };
+
+        AMSI_RESULT result = AMSI_RESULT_CLEAN;
+        hr = AmsiScanBuffer(amsiContext.get(), data.data(), data.size(), zipPath.filename().c_str(), amsiSession.get(), &result);
+
+        AmsiCloseSession(amsiContext.get(), amsiSession.get());
+        AmsiUninitialize(amsiContext.get());
+
+        return SUCCEEDED(hr) && (result == AMSI_RESULT_CLEAN || result == AMSI_RESULT_NOT_DETECTED);
+    }
+}
+

From ed21c90785bac2f28c8770ccc344c112e6afa716 Mon Sep 17 00:00:00 2001
From: Tom Plant <tom@tplant.com.au>
Date: Sun, 27 Oct 2024 12:31:58 +0000
Subject: [PATCH 2/3] Fix archive scanner and implement tests

---
 .../AppInstallerCLITests.vcxproj              |   3 +
 .../AppInstallerCLITests.vcxproj.filters      |   3 +
 src/AppInstallerCLITests/Archive.cpp          |  99 ++++--------------
 .../TestData/TestTarGz.tar.gz                 | Bin 0 -> 105 bytes
 .../AppInstallerCommonCore.vcxproj            |  48 +++++++++
 src/AppInstallerCommonCore/Archive.cpp        |  19 ++--
 src/AppInstallerCommonCore/pch.h              |   1 +
 7 files changed, 85 insertions(+), 88 deletions(-)
 create mode 100644 src/AppInstallerCLITests/TestData/TestTarGz.tar.gz

diff --git a/src/AppInstallerCLITests/AppInstallerCLITests.vcxproj b/src/AppInstallerCLITests/AppInstallerCLITests.vcxproj
index 043eab3f5a..19ae2652ce 100644
--- a/src/AppInstallerCLITests/AppInstallerCLITests.vcxproj
+++ b/src/AppInstallerCLITests/AppInstallerCLITests.vcxproj
@@ -506,6 +506,9 @@
     <CopyFileToFolders Include="TestData\TestZip.zip">
       <DeploymentContent>true</DeploymentContent>
     </CopyFileToFolders>
+    <CopyFileToFolders Include="TestData\TestTarGz.tar.gz">
+      <DeploymentContent>true</DeploymentContent>
+    </CopyFileToFolders>
     <None Include="Run-TestsInPackage.ps1" />
     <CopyFileToFolders Include="TestData\Manifest-Bad-ArchInvalid.yaml">
       <DeploymentContent>true</DeploymentContent>
diff --git a/src/AppInstallerCLITests/AppInstallerCLITests.vcxproj.filters b/src/AppInstallerCLITests/AppInstallerCLITests.vcxproj.filters
index a24784a802..13cbc13fb2 100644
--- a/src/AppInstallerCLITests/AppInstallerCLITests.vcxproj.filters
+++ b/src/AppInstallerCLITests/AppInstallerCLITests.vcxproj.filters
@@ -633,6 +633,9 @@
     <CopyFileToFolders Include="TestData\TestZip.zip">
       <Filter>TestData</Filter>
     </CopyFileToFolders>
+    <CopyFileToFolders Include="TestData\TestTarGz.tar.gz">
+      <Filter>TestData</Filter>
+    </CopyFileToFolders>
     <CopyFileToFolders Include="TestData\DownloadFlowTest_DownloadCommandProhibited.yaml">
       <Filter>TestData</Filter>
     </CopyFileToFolders>
diff --git a/src/AppInstallerCLITests/Archive.cpp b/src/AppInstallerCLITests/Archive.cpp
index 32d826314f..238d640d87 100644
--- a/src/AppInstallerCLITests/Archive.cpp
+++ b/src/AppInstallerCLITests/Archive.cpp
@@ -2,16 +2,18 @@
 // Licensed under the MIT License.
 #include "pch.h"
 #include "TestCommon.h"
+#include "WorkflowCommon.h"
 #include <winget/Archive.h>
+#include <Workflows/ShellExecuteInstallerHandler.h>
 
 using namespace AppInstaller::Archive;
+using namespace AppInstaller::CLI::Workflow;
+using namespace AppInstaller::Settings;
 using namespace TestCommon;
 
 constexpr std::string_view s_ZipFile = "TestZip.zip";
-constexpr std::string_view s_7zFile = "Test7z.7z";
-constexpr std::string_view s_RarFile = "TestRar.rar";
 constexpr std::string_view s_TarGzFile = "TestTarGz.tar.gz";
-constexpr std::string_view s_TarBz2File = "TestTarBz2.tar.bz2";
+constexpr std::string_view s_Large7zFile = "TestLarge7z.7z";
 
 TEST_CASE("Extract_ZipArchive", "[archive]")
 {
@@ -37,67 +39,27 @@ TEST_CASE("Scan_ZipArchive", "[archive]")
     REQUIRE(result);
 }
 
-TEST_CASE("Extract_7zArchive", "[archive]")
-{
-    TestCommon::TempDirectory tempDirectory("TempDirectory");
-    TestDataFile test7z(s_7zFile);
-
-    const auto& test7zPath = test7z.GetPath();
-    const auto& tempDirectoryPath = tempDirectory.GetPath();
-
-    HRESULT hr = TryExtractArchive(test7zPath, tempDirectoryPath);
-
-    std::filesystem::path expectedPath = tempDirectoryPath / "test.txt";
-    REQUIRE(SUCCEEDED(hr));
-    REQUIRE(std::filesystem::exists(expectedPath));
-}
-
-TEST_CASE("Scan_7zArchive", "[archive]")
-{
-    TestDataFile test7z(s_7zFile);
-
-    const auto& test7zPath = test7z.GetPath();
-    bool result = ScanZipFile(test7zPath);
-    REQUIRE(result);
-}
-
-TEST_CASE("Extract_RarArchive", "[archive]")
-{
-    TestCommon::TempDirectory tempDirectory("TempDirectory");
-    TestDataFile testRar(s_RarFile);
-
-    const auto& testRarPath = testRar.GetPath();
-    const auto& tempDirectoryPath = tempDirectory.GetPath();
-
-    HRESULT hr = TryExtractArchive(testRarPath, tempDirectoryPath);
-
-    std::filesystem::path expectedPath = tempDirectoryPath / "test.txt";
-    REQUIRE(SUCCEEDED(hr));
-    REQUIRE(std::filesystem::exists(expectedPath));
-}
-
-TEST_CASE("Scan_RarArchive", "[archive]")
-{
-    TestDataFile testRar(s_RarFile);
-
-    const auto& testRarPath = testRar.GetPath();
-    bool result = ScanZipFile(testRarPath);
-    REQUIRE(result);
-}
-
 TEST_CASE("Extract_TarGzArchive", "[archive]")
 {
     TestCommon::TempDirectory tempDirectory("TempDirectory");
     TestDataFile testTarGz(s_TarGzFile);
 
+    TestCommon::TestUserSettings testSettings;
+    testSettings.Set<Setting::ArchiveExtractionMethod>(AppInstaller::Archive::ExtractionMethod::Tar);
+
     const auto& testTarGzPath = testTarGz.GetPath();
     const auto& tempDirectoryPath = tempDirectory.GetPath();
 
-    HRESULT hr = TryExtractArchive(testTarGzPath, tempDirectoryPath);
+    ShellExecuteExtractArchive(testTarGzPath, tempDirectoryPath);
+
+    std::ostringstream extractOutput;
+    TestContext context{ extractOutput, std::cin };
+    context << ShellExecuteExtractArchive(testTarGzPath, tempDirectoryPath);
 
     std::filesystem::path expectedPath = tempDirectoryPath / "test.txt";
-    REQUIRE(SUCCEEDED(hr));
+    REQUIRE(SUCCEEDED(context.GetTerminationHR()));
     REQUIRE(std::filesystem::exists(expectedPath));
+    INFO(extractOutput.str());
 }
 
 TEST_CASE("Scan_TarGzArchive", "[archive]")
@@ -109,27 +71,12 @@ TEST_CASE("Scan_TarGzArchive", "[archive]")
     REQUIRE(result);
 }
 
-TEST_CASE("Extract_TarBz2Archive", "[archive]")
-{
-    TestCommon::TempDirectory tempDirectory("TempDirectory");
-    TestDataFile testTarBz2(s_TarBz2File);
-
-    const auto& testTarBz2Path = testTarBz2.GetPath();
-    const auto& tempDirectoryPath = tempDirectory.GetPath();
-
-    HRESULT hr = TryExtractArchive(testTarBz2Path, tempDirectoryPath);
-
-    std::filesystem::path expectedPath = tempDirectoryPath / "test.txt";
-    REQUIRE(SUCCEEDED(hr));
-    REQUIRE(std::filesystem::exists(expectedPath));
-}
-
-TEST_CASE("Scan_TarBz2Archive", "[archive]")
-{
-    TestDataFile testTarBz2(s_TarBz2File);
-
-    const auto& testTarBz2Path = testTarBz2.GetPath();
-    bool result = ScanZipFile(testTarBz2Path);
-    REQUIRE(result);
-}
+//TEST_CASE("Scan_Large7zArchive", "[archive]")
+//{
+//    TestDataFile testLarge7z(s_Large7zFile);
+//
+//    const auto& testTarGzPath = testLarge7z.GetPath();
+//    bool result = ScanZipFile(testTarGzPath);
+//    REQUIRE(result);
+//}
 
diff --git a/src/AppInstallerCLITests/TestData/TestTarGz.tar.gz b/src/AppInstallerCLITests/TestData/TestTarGz.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..0a127aac9bdfcdc01a0c927bfc49a0a59bc4cebe
GIT binary patch
literal 105
zcmV-v0G9tBiwFp27anH>090jjbW~w-M|v)FVR8WN%&`rCFbo91jN%E94Z%MT1q+Zz
zVtlNWG-;qgzUD3K_1qgLUMwHd0H9}hX1}e@E8I*Mk3Xt=5giS`;cVOvkx?zBl>X)h
LLwWq<00sa6Aap7w

literal 0
HcmV?d00001

diff --git a/src/AppInstallerCommonCore/AppInstallerCommonCore.vcxproj b/src/AppInstallerCommonCore/AppInstallerCommonCore.vcxproj
index d57fcfc5e6..75676ded8f 100644
--- a/src/AppInstallerCommonCore/AppInstallerCommonCore.vcxproj
+++ b/src/AppInstallerCommonCore/AppInstallerCommonCore.vcxproj
@@ -274,6 +274,21 @@
       <SubSystem Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">Windows</SubSystem>
       <SubSystem Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Windows</SubSystem>
     </Link>
+    <Lib>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">amsi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Lib>
+    <Lib>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">amsi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Lib>
+    <Lib>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">amsi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Lib>
+    <Lib>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">amsi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Lib>
+    <Lib>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">amsi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Lib>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Platform)'=='Win32'">
     <ClCompile>
@@ -287,6 +302,9 @@
     <Link>
       <SubSystem Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Windows</SubSystem>
     </Link>
+    <Lib>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">amsi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Lib>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)'=='Release'">
     <ClCompile>
@@ -324,6 +342,18 @@
       <SubSystem Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Windows</SubSystem>
       <SubSystem Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Windows</SubSystem>
     </Link>
+    <Lib>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">amsi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Lib>
+    <Lib>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">amsi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Lib>
+    <Lib>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">amsi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Lib>
+    <Lib>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">amsi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Lib>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)'=='ReleaseStatic'">
     <ClCompile>
@@ -365,6 +395,18 @@
       <SubSystem Condition="'$(Configuration)|$(Platform)'=='ReleaseStatic|Win32'">Windows</SubSystem>
       <SubSystem Condition="'$(Configuration)|$(Platform)'=='ReleaseStatic|x64'">Windows</SubSystem>
     </Link>
+    <Lib>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='ReleaseStatic|ARM'">amsi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Lib>
+    <Lib>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='ReleaseStatic|ARM64'">amsi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Lib>
+    <Lib>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='ReleaseStatic|Win32'">amsi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Lib>
+    <Lib>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='ReleaseStatic|x64'">amsi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Lib>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)'=='Fuzzing'">
     <ClCompile>
@@ -385,6 +427,12 @@
       <GenerateWindowsMetadata>false</GenerateWindowsMetadata>
       <SubSystem>Windows</SubSystem>
     </Link>
+    <Lib>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Fuzzing|Win32'">amsi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Lib>
+    <Lib>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Fuzzing|x64'">amsi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Lib>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(WingetDisableTestHooks)'=='true'">
     <ClCompile>
diff --git a/src/AppInstallerCommonCore/Archive.cpp b/src/AppInstallerCommonCore/Archive.cpp
index cbf19b142e..af1a432d0d 100644
--- a/src/AppInstallerCommonCore/Archive.cpp
+++ b/src/AppInstallerCommonCore/Archive.cpp
@@ -3,11 +3,6 @@
 #include "pch.h"
 #include "Public/winget/Archive.h"
 
-#include <amsi.h>
-#include <comdef.h>
-#include <fstream>
-#include <vector>
-
 namespace AppInstaller::Archive
 {
     using unique_pidlist_absolute = wil::unique_any<PIDLIST_ABSOLUTE, decltype(&::CoTaskMemFree), ::CoTaskMemFree>;
@@ -67,8 +62,8 @@ namespace AppInstaller::Archive
 #endif
 
         HRESULT hr = S_OK;
-        wil::com_ptr_nothrow<IUnknown> amsiContext;
-        wil::com_ptr_nothrow<IUnknown> amsiSession;
+        HAMSICONTEXT amsiContext;
+        HAMSISESSION amsiSession;
 
         hr = AmsiInitialize(L"WinGet", &amsiContext);
         if (FAILED(hr))
@@ -76,10 +71,10 @@ namespace AppInstaller::Archive
             return false;
         }
 
-        hr = AmsiOpenSession(amsiContext.get(), &amsiSession);
+        hr = AmsiOpenSession(amsiContext, &amsiSession);
         if (FAILED(hr))
         {
-            AmsiUninitialize(amsiContext.get());
+            AmsiUninitialize(amsiContext);
             return false;
         }
 
@@ -87,10 +82,10 @@ namespace AppInstaller::Archive
         std::vector<uint8_t> data{ { std::istreambuf_iterator<char>{ instream } }, std::istreambuf_iterator<char>{} };
 
         AMSI_RESULT result = AMSI_RESULT_CLEAN;
-        hr = AmsiScanBuffer(amsiContext.get(), data.data(), data.size(), zipPath.filename().c_str(), amsiSession.get(), &result);
+        hr = AmsiScanBuffer(amsiContext, data.data(), static_cast<ULONG>(data.size()), zipPath.filename().c_str(), amsiSession, &result);
 
-        AmsiCloseSession(amsiContext.get(), amsiSession.get());
-        AmsiUninitialize(amsiContext.get());
+        AmsiCloseSession(amsiContext, amsiSession);
+        AmsiUninitialize(amsiContext);
 
         return SUCCEEDED(hr) && (result == AMSI_RESULT_CLEAN || result == AMSI_RESULT_NOT_DETECTED);
     }
diff --git a/src/AppInstallerCommonCore/pch.h b/src/AppInstallerCommonCore/pch.h
index 2825b5ff5c..e75482a35e 100644
--- a/src/AppInstallerCommonCore/pch.h
+++ b/src/AppInstallerCommonCore/pch.h
@@ -18,6 +18,7 @@
 #include <wincrypt.h>
 #include <deliveryoptimization.h>
 #include <deliveryoptimizationerrors.h>
+#include <amsi.h>
 
 #include "TraceLogging.h"
 

From f9bc73ecbf792c366ed543516dea84c1c6b86d39 Mon Sep 17 00:00:00 2001
From: Tom Plant <tom@tplant.com.au>
Date: Sun, 27 Oct 2024 23:47:49 +1100
Subject: [PATCH 3/3] Add AMSI to spellcheck

---
 .github/actions/spelling/expect.txt | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt
index f063332bb8..67acd6b889 100644
--- a/.github/actions/spelling/expect.txt
+++ b/.github/actions/spelling/expect.txt
@@ -18,6 +18,7 @@ alreadyinstalled
 AMap
 Amd
 amrutha
+amsi
 ansistring
 APARTMENTTHREADED
 apfn
@@ -209,6 +210,8 @@ gwgso
 gwgus
 gwgv
 Hackathon
+HAMSICONTEXT
+HAMSISESSION
 hashtables
 helplib
 helplibrary