Dev to Main for release update#166
Merged
Merged
Conversation
Better removal script
Docs for removal
…nt of Check extension
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Brian Simpson <50429915+bmsimp@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Brian Simpson <50429915+bmsimp@users.noreply.github.com>
…main-deployment.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Brian Simpson <50429915+bmsimp@users.noreply.github.com>
…main-deployment.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Brian Simpson <50429915+bmsimp@users.noreply.github.com>
…main-deployment.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Brian Simpson <50429915+bmsimp@users.noreply.github.com>
…une Step 2 - Setup script: mirror the Format-ArrayLiteral change for scalar replacements by adding Format-SingleQuoted and switching all string-valued scalar replacements to single-quoted output. Prevents \$ / backtick interpolation in user-provided URLs and branding fields when generated scripts run. - Docs: add the missing "Step 2: Create the Win32 App in Intune" between packaging and configuration, fixing the 1 -> 3 jump.
Deploy script previously only wrote the toolbar property when $forceToolbarPin = 1. Flipping the setting from 1 to 0 left a stale toolbar_pin=force_pinned / toolbar_state=force_shown on devices, which Detect couldn't reliably catch without causing an infinite redeploy loop. Deploy: always write the toolbar property -- pinned values when =1, default_unpinned / hidden when =0. Matches the CIPP Intune standard. Detect: add ToolbarPinnedValue / ToolbarUnpinnedValue to the $browsers array and always verify the toolbar property against the expected value based on $forceToolbarPin. Addresses Copilot review comment on toolbar pin drift.
Setup: Apply-Replacements now tracks which patterns were found and throws a detailed error listing any missing patterns. Previously a silent miss (e.g., upstream comment reworded) would produce an output script stuck on defaults. Callers now pass -TemplateName so the error identifies which template failed. Detect: convert all remaining bare Test-RegValue calls and bare exit 1 paths to use Test-RegValueWithDetails / Write-DetectionFailure so every failure mode emits a specific reason on stdout. Affects customBranding, genericWebhook, genericWebhook/events (incl. count mismatch and "unexpected events" branches), urlAllowlist (same), and ExtensionSettings. Admins running the script manually now see exactly which check failed. Addresses Copilot review comments on silent replacement failures and missing diagnostic output.
feat: Add Intune detection and setup scripts for Windows deployment
Introduce .github/workflows/validate-pr.yml to run automated PR checks on dev and main. The workflow includes jobs for linting (ESLint if config present), CodeQL security analysis, JSON manifest and config validation, Conventional Commits PR title validation, and verification reminders when key files (config/ or manifest) change. This centralizes PR gating and developer guidance for releases and security checks.
An example of some deployment methods. If more screenshots or more official language is needed I'd be happy to assist in any way I can! Signed-off-by: josh-ricketts-enable <91432846+josh-ricketts-enable@users.noreply.github.com>
Signed-off-by: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Update macos.md
The domain squatting result handler in scripts/content.js collapsed the block | warn | log action enum into block vs. everything-else. Because only the 'block' case was checked, the 'log' action fell through to the warning branch: it showed the orange warning banner and recorded every telemetry line (protection event, CIPP report, webhook) as 'warned'. The 'log' action was therefore functionally identical to 'warn'. Resolve the effective action as a real three-state value (block | warn | log) and derive a matching telemetry outcome (blocked | warned | logged). Preserve the semantics that warn logs telemetry and shows a banner, while log logs telemetry only and shows nothing to the user. Warn logs, log does not warn. The detector side (getActionForSeverity in domain-squatting-detector.js) already passed 'log' through intact and is unchanged. Fixes: #161
urlPatternToRegex appended a hard end-anchor to any non-wildcard pattern, so an allowlisted host or root URL only matched the bare root URL and never a real navigated deep link. An admin who allowlisted the exact host of a page (including the protocol-qualified form) still saw that page scanned or blocked, because the actual URL carries a path and the trailing anchor rejected it. Relax only the trailing anchoring: normalize a single trailing slash and tolerate an optional trailing path, query, or fragment. The tolerated remainder must begin with /, ?, or # so suffix tricks such as https://host.evil.com/ still do not match an entry for https://host/. Leading protocol and subdomain tolerance is intentionally out of scope, so bare-domain entries still require the documented https://.../ * form. The change is applied to both copies of urlPatternToRegex (scripts/content.js and options/options.js), which must stay in sync. Fixes: #162
…terns The deep-link matching added for the URL allowlist applied its tolerant trailing matcher to every non-wildcard pattern, which turned path-specific entries into prefix matches. For example an entry for https://host/safe also matched https://host/safe/anything, over-broadening a bypass allowlist entry beyond what the admin intended. Gate the tolerant trailing matcher on host or root URL patterns only (no path segment beyond an optional single trailing slash). A pattern that includes an explicit path now stays an exact match. Host and root URL patterns still match deep links, and suffix or prefix tricks such as https://host.evil.com/ still do not match. Applied to both copies of urlPatternToRegex in scripts/content.js and options/options.js, which must stay in sync. Addresses PR review feedback on BezaluLLC#2 (review comments on the urlPatternToRegex suffix handling).
Reflect the three-state detection action shipped in this branch. The log action is now documented as a distinct outcome: the detection is recorded in Activity Logs and sent to reporting and webhooks, but no warning banner and no block are shown to the user. This also corrects the earlier statement that a warning banner is shown regardless of the action setting when page blocking is disabled, which is no longer true for the log action, and updates the inline action comments from 'block or warn' to include 'log'. Refs: #161
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Signed-off-by: Logan Cook <2997336+MWG-Logan@users.noreply.github.com>
Signed-off-by: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Signed-off-by: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Signed-off-by: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the extension’s detection capabilities and enterprise deployment tooling, with a particular focus on (1) new phishing-kit detections/rule behaviors and (2) improved rules refresh behavior and enterprise configuration defaults (notably domain-squatting now defaulting to disabled).
Changes:
- Add new detection behaviors/rules (AitM origin validation, URL-only phishing indicators, updated allowlist regex anchoring, expanded ruleset content).
- Rework detection-rules fetching/caching (remote-only persistence, background refresh scheduling, callback hook to re-init dependent subsystems).
- Expand and modernize enterprise deployment/removal docs and scripts (new Windows setup + detection scripts, removal docs, updated policy defaults), plus a new PR-validation workflow.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| scripts/modules/domain-squatting-detector.js | Default domain-squatting enablement now off; runtime config governs enablement. |
| scripts/modules/detection-rules-manager.js | Adds background refresh scheduling, fallback semantics, and update callback wiring. |
| scripts/modules/config-manager.js | Updates default config to disable domain squatting by default. |
| scripts/content.js | Adds AitM blocking-rule type and URL-only indicator pre-check; tweaks allowlist anchoring and domain-squatting action semantics. |
| scripts/background.js | Wires rules-updated callback to reinitialize domain-squatting detector; triggers rules pull on config save. |
| rules/detection-rules.json | Updates rules version/date and adds/extends indicators + blocking rules; updates rogue-apps source URL. |
| options/options.js | Aligns UI and saved config with “enabled only when explicitly true”; keeps allowlist anchoring logic in sync with content script. |
| enterprise/Setup-Windows-Chrome-and-Edge.ps1 | New interactive generator for Intune deployment scripts. |
| enterprise/Remove-Windows-Chrome-and-Edge.ps1 | Simplifies removal by deleting extension-specific registry keys recursively. |
| enterprise/Detect-Windows-Chrome-and-Edge.ps1 | New Intune detection script validating registry state matches expected config. |
| enterprise/Deploy-Windows-Chrome-and-Edge.ps1 | Updates defaults and makes toolbar pin state always written for deterministic detection. |
| enterprise/Check-Extension-Policy.reg | Updates sample policy to reflect domain-squatting default disabled. |
| enterprise/admx/en-US/Check-Extension.adml | Updates policy text to reflect domain-squatting default disabled. |
| enterprise/macos-linux/README.md | Updates documented default for domain-squatting enablement. |
| enterprise/macos-linux/check-extension-config.mobileconfig | Updates sample profile to disable domain squatting by default. |
| enterprise/firefox/policies.json | Updates Firefox enterprise policy defaults for domain squatting. |
| docs/SUMMARY.md | Adds a new “Removal” docs section to the docs navigation. |
| docs/removal/README.md | New removal docs landing page. |
| docs/removal/windows/README.md | New Windows removal docs index. |
| docs/removal/windows/chrome-edge.md | New Chrome/Edge removal doc pointing to uninstall script. |
| docs/removal/windows/firefox.md | New Firefox removal guidance. |
| docs/features/domain-squatting-detection.md | Updates docs for new domain-squatting action semantics and defaults (but still needs alignment with runtime enablement). |
| docs/deployment/chrome-edge-deployment-instructions/windows/domain-deployment.md | Reworks Windows deployment guide to use Win32/Intune script approach + setup script. |
| docs/deployment/chrome-edge-deployment-instructions/macos.md | Expands macOS deployment guidance and includes example snippets (some snippet logic needs correction). |
| config/managed_schema.json | Updates managed-schema defaults and clarifies domain-squatting config/policy semantics. |
| .github/workflows/validate-pr.yml | New PR workflow: lint (if configured), CodeQL, JSON validation, conventional-title validation, and change reminders. |
Comments suppressed due to low confidence (1)
scripts/content.js:2775
indicator.confidence || 0.5treats a configured confidence of0as falsy and silently upgrades it to0.5, which inflates scores. Use nullish coalescing so onlynull/undefinedfall back to the default.
totalScore += scoreWeight * (indicator.confidence || 0.5);
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
JohnDuprey
approved these changes
Jul 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.