Search code examples
powershellcsvwrite-host

Having an issue displaying a part of a string read in from a csv file


I have a table that contains 4 columns in csv format. I read in the rows and write them to a server by converting them to json and writing it.

The rows are built of:

  1. name
  2. Hash (in sha256 format)
  3. group
  4. a value of True or False

I have everything working exactly as it should except for one annoying possibly simple issue, where I am trying to display on the screen the specific value that was written and display what Hash and what display name were written to the server.

But I keep getting all the data despite trying to chose the relevant item to display by using @ebrobject.description or @ebrobject.sha256, both of these display the full string.

How can I display only the data field or the hash field and not everything ?

This is my code (certain items have been redacted).

   param (
  [string]
  $server = 'redacted server address',
  # Minerva Management user name
  # [Parameter(Mandatory = $true)]
  [string] 
  $user = "redacted",
  # CSV file path (or the file name if they are on the same folder), e.g "C:\Users\userName\Desktop\hashesToBlock.csv"
  [string] 
  $filePath = "hashesToBlock.csv"
)

function Read-Password() {
  $SecurePassword = Read-Host -Prompt "Enter $user password" -AsSecureString
  $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword)
  return [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
}

Try {
  $csv = Import-Csv -path $filePath
}
Catch {
  "Couldn't open file [$filePath]: ${$_.Exception.Message}"
  Break
}

$password = Read-Password
$loginUrl = "$redacted"
$loginPayload = @{
  username = $user
  password = $password
}

Try { 
  $res = Invoke-RestMethod -Method Post -SessionVariable session -Uri $loginUrl -Body (ConvertTo-Json $loginPayload -Depth 3) -ContentType "application/json"
  "Login successful."
}
Catch {
  $_.Exception.Message
  Break
}

# Mike made changes in this section
Write-Host "Are you sure those are the hashes you want to block?`n"  -ForegroundColor Yellow
# Write-Host "`nHashes details:`n" $csv
$Count = 0
foreach ($ebrDeatails in $csv)
    {
        Write-Host "$Count. $ebrDeatails`n" -ForegroundColor Yellow
        $Count = $Count + 1
    }
        
Write-Host "continue blocking $Count hashes"  -ForegroundColor Green
        $type=Read-Host "[Y] yes    [N] no
Please choose"
if ($type -ne 'Y' -or $type -ne 'y'){
    return
}

$successful = 0;

foreach ($ebrDeatails in $csv) {
  $addEBRUrl = "$server/api/ProcessRelationRules"

  if ($ebrDeatails.groupsIds -eq "") {
    $groupsIds = "All Groups"
  } else {
    $groupsIds = $ebrDeatails.groupsIds.Split(',');
  }

  $blockMode = "false"
  if ($ebrDeatails.blockMode -eq "True" -or $ebrDeatails.blockMode -eq "true"){
     $blockMode = "true"
  }

  $ebr = @{
    description = $ebrDeatails.description
    parentProcessType = "commandLine"
    parentProcess = "*"
    childProcessType = "sha256"
    childProcess = $ebrDeatails.sha256
    appliedGroupsIds = @($groupsIds)
    isBlockMode = $blockMode
    }

  Try {
    $res = Invoke-RestMethod -Method Post -WebSession $session -Uri $addEBRUrl -Body (ConvertTo-Json $ebr -Depth 3) -ContentType "application/json"
    $successful = $successful + 1
    Write-Host "`nWritten $ebrDeatails.description with Hash $ebrDeatails.sha256 to policy on web." -ForegroundColor Green
  }
  Catch {
    Write-Host "failed to create execution block rule: $ebrDeatails, Reason: $_" -ForegroundColor Red
  }
}

Write-Host "`nSuccessfully added $successful execution block rules to the web database" -ForegroundColor Green

This is the bit that is not working

Write-Host "`nWritten $ebrDeatails.description with Hash $ebrDeatails.sha256 to policy on web." -ForegroundColor Green

And this is the output that I get from that Write-Host

Written @{sha256=e702a572b514984deacaa54408059c6eac28e46111cb6f0f4190a3a6a72dd41d; description=Akira ransomware's Linux/ESXi variant; groupsIds=; blockMode=TRUE}.descript ion with Hash @{sha256=e702a572b514984deacaa54408059c6eac28e46111cb6f0f4190a3a6a72dd41d; description=Akira ransomware's Linux/ESXi variant; groupsIds=; blockMode=TRUE}.sh a256 to policy on web.

What I want is to get the following:

Written Akira ransomware's Linux/ESXi variant with Hash e702a572b514984deacaa54408059c6eac28e46111cb6f0f4190a3a6a72dd41d to policy on web.

Can anyone work out what I am doing wrong ?

Thanks,

Mike


Solution

  • Expandable string literals (string literals defined with double-quotes "...") only expand simple expressions - meaning that when PowerShell see's "... $variable.propertyName", it expands $variable on its own, and then ignores .propertyName.

    To force evaluation of the member access operation, enclose it in the sub-expression operator $(...), eg.:

    Write-Host "`nWritten $($ebrDeatails.description) with Hash $($ebrDeatails.sha256) to policy on web." -ForegroundColor Green
    

    PowerShell will now evaluate the expressions inside $(...) separately before interpolating them into the resulting string value.