44r0n7/privacy.sexy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

win: improve directory cleanup security

Browse Source 
This commit improves the security, reliability, and robustness of
directory cleanup operations on Windows.

The focus is shifted from deleting entire directories to purging their
contents, addressing potential unintended side effects. Previously,
numerous directories were removed, which could destabilize system
behavior.

This improvement has crucial security implications. The prior approach
involved changing ownership and assigning permissions to the directory
itself, leading to an altered and potentially less secure OS security
posture.

Directory removal improvements include:

- Output user-friendly messages.
- Improved ownership and permission handling for file deletion.
- Explicit shared functions for enhanced reliability/security.
- Centralized way to delete glob (wildcard) patterns in Windows.
Notable script improvements:

- 'Clear Steam dumps, logs, and traces':
  - Convert the script to a category to provide more granularity.
  - Improve cache cleaning, ensuring the entire cache directory is
    cleared, not just the log files.
- 'Clear "Temporary Internet Files" (browser cache)':
  - Add more documentation.
  - Grant necessary permissions to folders, fixing errors due to
    lack of permissions before.
- 'Clear Windows Update Medic Service logs':
  - Remove redundant permission grants, as they are unnecessary in
    recent Windows versions.
- 'Clear Server-initiated Healing Events system logs',
  'Clear Windows Update events logs':
  - Merge due to identical functionalities.
  - Add more documentation.
- 'Clear Defender scan (protection) history':
  - Remove the execution with `TrustedInstallerPrivileges`, uniformly
    using `grantPermissions` as with other scripts. This addresses the
    false-positive alerts from Microsoft Defender, as discussed in #264.
- 'Clear "Temporary Internet Files" (browser cache)':
  - Retain `INetCache` and `Temporary Internet Files` directories,
    purging only their contents. This approach aims to resolve the issue
    mentioned in #145, where the absence of these folders could prevent
    Microsoft Office applications from launching.
This commit is contained in:
undergroundwires
2023-10-21 17:41:37 +02:00
parent e40b9a3cf5
commit 060e789662
2 changed files with 513 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CONTRIBUTING.md
View File

@@ -43,6 +43,7 @@ You have two alternatives:
1. [Create an issue](https://github.com/undergroundwires/privacy.sexy/issues/new/choose) and ask for someone else to add the script for you. 1. [Create an issue](https://github.com/undergroundwires/privacy.sexy/issues/new/choose) and ask for someone else to add the script for you.
2. Or send a PR yourself. This would make it faster to get your code into the project. You need to add scripts to related OS in [collections](src/application/collections/) folder. Then you'd sent a pull request, see [pull request process](#pull-request-process). 2. Or send a PR yourself. This would make it faster to get your code into the project. You need to add scripts to related OS in [collections](src/application/collections/) folder. Then you'd sent a pull request, see [pull request process](#pull-request-process).
- 💡 You should use existing shared functions for most of the operations, like `DisableService` for disabling services, to maintain code consistency and efficiency.
- 📖 If you're unsure about the syntax, check [collection-files.md](docs/collection-files.md). - 📖 If you're unsure about the syntax, check [collection-files.md](docs/collection-files.md).
- 📖 If you wish to use templates, use [templating.md](./docs/templating.md). - 📖 If you wish to use templates, use [templating.md](./docs/templating.md).

633
src/application/collections/windows.yaml
View File

@@ -26,22 +26,48 @@ actions:
children: children:
- -
name: Clear Listary search index name: Clear Listary search index
code: del /f /s /q %appdata%\Listary\UserData > nul call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%APPDATA%\Listary\UserData'
- -
name: Clear Java cache name: Clear Java cache
recommend: strict recommend: strict
code: rd /s /q "%APPDATA%\Sun\Java\Deployment\cache" call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%APPDATA%\Sun\Java\Deployment\cache'
- -
name: Clear Flash Player traces name: Clear Flash Player traces
recommend: standard recommend: standard
code: rd /s /q "%APPDATA%\Macromedia\Flash Player" call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%APPDATA%\Macromedia\Flash Player'
- -
name: Clear Steam dumps, logs, and traces category: Clear Steam data
recommend: standard children:
code: |- -
del /f /q %ProgramFiles(x86)%\Steam\Dumps name: Clear Steam dumps
del /f /q %ProgramFiles(x86)%\Steam\Traces recommend: standard
del /f /q %ProgramFiles(x86)%\Steam\appcache\*.log call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%PROGRAMFILES(X86)%\Steam\Dumps'
-
name: Clear Steam traces
recommend: standard
call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%PROGRAMFILES(X86)%\Steam\Traces'
-
name: Clear Steam cache
recommend: standard
call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%ProgramFiles(x86)%\Steam\appcache'
- -
category: Clear Visual Studio usage data category: Clear Visual Studio usage data
docs: |- docs: |-
@@ -75,11 +101,23 @@ actions:
[1]: https://techshift.net/how-to-open-sqm-file/ "What is a .SQM File And How To Open It - Microsoft (Visual Guide) | TechShift.net" [1]: https://techshift.net/how-to-open-sqm-file/ "What is a .SQM File And How To Open It - Microsoft (Visual Guide) | TechShift.net"
[2]: https://stackoverflow.com/a/38862596 "Process monitor - Slow Visual Studio, related to SQMClient? | Stack Overflow" [2]: https://stackoverflow.com/a/38862596 "Process monitor - Slow Visual Studio, related to SQMClient? | Stack Overflow"
code: |- call:
rmdir /s /q %LOCALAPPDATA%\Microsoft\VSCommon\14.0\SQM -
rmdir /s /q %LOCALAPPDATA%\Microsoft\VSCommon\15.0\SQM function: ClearDirectoryContents
rmdir /s /q %LOCALAPPDATA%\Microsoft\VSCommon\16.0\SQM parameters:
rmdir /s /q %LOCALAPPDATA%\Microsoft\VSCommon\17.0\SQM directoryGlob: '%LOCALAPPDATA%\Microsoft\VSCommon\14.0\SQM'
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%LOCALAPPDATA%\Microsoft\VSCommon\15.0\SQM'
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%LOCALAPPDATA%\Microsoft\VSCommon\16.0\SQM'
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%LOCALAPPDATA%\Microsoft\VSCommon\17.0\SQM'
- -
name: Clear Visual Studio Application Insights logs name: Clear Visual Studio Application Insights logs
recommend: standard recommend: standard
@@ -91,10 +129,19 @@ actions:
[1]: https://azuredevopslabs.com/labs/vsts/monitor/ "Monitoring Applications using Application Insights | Azure DevOps Hands-on-Labs" [1]: https://azuredevopslabs.com/labs/vsts/monitor/ "Monitoring Applications using Application Insights | Azure DevOps Hands-on-Labs"
[2]: https://developercommunity.visualstudio.com/t/visual-studio-freezes-randomly/224181#T-N257722-N277241-N407607 "Visual Studio freezes randomly | Visual Studio Feedback" [2]: https://developercommunity.visualstudio.com/t/visual-studio-freezes-randomly/224181#T-N257722-N277241-N407607 "Visual Studio freezes randomly | Visual Studio Feedback"
[3]: https://stackoverflow.com/a/53754481 "Visual Studio 2017 (15.3.1) keeps hanging/freezing | Stack Overflow" [3]: https://stackoverflow.com/a/53754481 "Visual Studio 2017 (15.3.1) keeps hanging/freezing | Stack Overflow"
code: |- call:
rmdir /s /q "%LOCALAPPDATA%\Microsoft\VSApplicationInsights" 2>nul -
rmdir /s /q "%ProgramData%\Microsoft\VSApplicationInsights" 2>nul function: ClearDirectoryContents
rmdir /s /q "%Temp%\Microsoft\VSApplicationInsights" 2>nul parameters:
directoryGlob: '%LOCALAPPDATA%\Microsoft\VSApplicationInsights'
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%PROGRAMDATA%\Microsoft\VSApplicationInsights'
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%TEMP%\Microsoft\VSApplicationInsights'
- -
name: Clear Visual Studio telemetry data name: Clear Visual Studio telemetry data
recommend: standard recommend: standard
@@ -106,9 +153,15 @@ actions:
[1]: http://processchecker.com/file/VsHub.exe.html "What is VsHub.exe ? VsHub.exe info | Processchecker.com" [1]: http://processchecker.com/file/VsHub.exe.html "What is VsHub.exe ? VsHub.exe info | Processchecker.com"
[2]: https://herolab.usd.de/en/security-advisories/usd-2020-0030/ "usd-2020-0030 - usd HeroLab" [2]: https://herolab.usd.de/en/security-advisories/usd-2020-0030/ "usd-2020-0030 - usd HeroLab"
code: |- call:
rmdir /s /q "%AppData%\vstelemetry" 2>nul -
rmdir /s /q "%ProgramData%\vstelemetry" 2>nul function: ClearDirectoryContents
parameters:
directoryGlob: '%APPDATA%\vstelemetry'
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%PROGRAMDATA%\vstelemetry'
- -
name: Clear Visual Studio temporary telemetry and log data name: Clear Visual Studio temporary telemetry and log data
recommend: standard recommend: standard
@@ -131,15 +184,39 @@ actions:
[5]: https://stackoverflow.com/q/60974427 "Reduce log and other temporary file creation in Visual Studio 2019 | Stack Overflow" [5]: https://stackoverflow.com/q/60974427 "Reduce log and other temporary file creation in Visual Studio 2019 | Stack Overflow"
[6]: https://stackoverflow.com/q/72341126 "Visual Studio 2022 - Telemetry | Stack Overflow" [6]: https://stackoverflow.com/q/72341126 "Visual Studio 2022 - Telemetry | Stack Overflow"
[7]: https://social.msdn.microsoft.com/Forums/vstudio/en-US/5b2a0baa-748f-40e0-b504-f6dfad9b7b4d/vstelem-folder-24000-files-2064kb?forum=msbuild "VSTELEM folder 24000 files 2064Kb | MSDN Forums" [7]: https://social.msdn.microsoft.com/Forums/vstudio/en-US/5b2a0baa-748f-40e0-b504-f6dfad9b7b4d/vstelem-folder-24000-files-2064kb?forum=msbuild "VSTELEM folder 24000 files 2064Kb | MSDN Forums"
code: |- call:
rmdir /s /q "%Temp%\VSFaultInfo" 2>nul -
rmdir /s /q "%Temp%\VSFeedbackPerfWatsonData" 2>nul function: ClearDirectoryContents
rmdir /s /q "%Temp%\VSFeedbackVSRTCLogs" 2>nul parameters:
rmdir /s /q "%Temp%\VSFeedbackIntelliCodeLogs" 2>nul directoryGlob: '%TEMP%\VSFaultInfo'
rmdir /s /q "%Temp%\VSRemoteControl" 2>nul -
rmdir /s /q "%Temp%\Microsoft\VSFeedbackCollector" 2>nul function: ClearDirectoryContents
rmdir /s /q "%Temp%\VSTelem" 2>nul parameters:
rmdir /s /q "%Temp%\VSTelem.Out" 2>nul directoryGlob: '%TEMP%\VSFeedbackPerfWatsonData'
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%TEMP%\VSFeedbackVSRTCLogs'
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%TEMP%\VSFeedbackIntelliCodeLogs'
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%TEMP%\VSRemoteControl'
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%TEMP%\Microsoft\VSFeedbackCollector'
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%TEMP%\VSTelem'
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%TEMP%\VSTelem.Out'
- -
category: Clear Visual Studio licenses category: Clear Visual Studio licenses
docs: |- docs: |-
@@ -189,10 +266,16 @@ actions:
- -
name: Clear recently accessed files list name: Clear recently accessed files list
recommend: standard recommend: standard
code: del /f /q "%APPDATA%\Microsoft\Windows\Recent\AutomaticDestinations\*" call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%APPDATA%\Microsoft\Windows\Recent\AutomaticDestinations'
- -
name: Clear pinned items for the user name: Clear pinned items for the user
code: del /f /q "%APPDATA%\Microsoft\Windows\Recent\CustomDestinations\*" call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%APPDATA%\Microsoft\Windows\Recent\CustomDestinations'
- -
category: Clear Windows Registry usage data category: Clear Windows Registry usage data
docs: |- docs: |-
@@ -274,7 +357,10 @@ actions:
- -
name: Clear Dotnet CLI telemetry name: Clear Dotnet CLI telemetry
recommend: standard recommend: standard
code: rmdir /s /q "%USERPROFILE%\.dotnet\TelemetryStorageService" 2>nul call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%USERPROFILE%\.dotnet\TelemetryStorageService'
- -
category: Clear browser history category: Clear browser history
children: children:
@@ -290,9 +376,15 @@ actions:
- https://docs.microsoft.com/en-us/troubleshoot/browsers/apps-access-admin-web-cache - https://docs.microsoft.com/en-us/troubleshoot/browsers/apps-access-admin-web-cache
# WebCache # WebCache
- https://docs.microsoft.com/en-us/troubleshoot/browsers/apps-access-admin-web-cache - https://docs.microsoft.com/en-us/troubleshoot/browsers/apps-access-admin-web-cache
code: |- call:
del /f /q "%LOCALAPPDATA%\Microsoft\Windows\INetCache\IE\*" -
rd /s /q "%LOCALAPPDATA%\Microsoft\Windows\WebCache" function: ClearDirectoryContents
parameters:
directoryGlob: '%LOCALAPPDATA%\Microsoft\Windows\INetCache\IE'
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%LOCALAPPDATA%\Microsoft\Windows\WebCache'
- -
name: Clear Internet Explorer recent URLs name: Clear Internet Explorer recent URLs
recommend: strict recommend: strict
@@ -311,21 +403,41 @@ actions:
- https://en.wikipedia.org/wiki/Temporary_Internet_Files - https://en.wikipedia.org/wiki/Temporary_Internet_Files
- https://www.windows-commandline.com/delete-temporary-internet-files/ # %LOCALAPPDATA%\Temporary Internet Files - https://www.windows-commandline.com/delete-temporary-internet-files/ # %LOCALAPPDATA%\Temporary Internet Files
- https://www.thewindowsclub.com/temporary-internet-files-folder-location # %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files and INetCache - https://www.thewindowsclub.com/temporary-internet-files-folder-location # %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files and INetCache
code: |- call:
:: Windows XP -
rd /s /q %userprofile%\Local Settings\Temporary Internet Files function: ClearDirectoryContents
:: Windows 7 parameters:
rd /s /q "%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files" directoryGlob: '%USERPROFILE%\Local Settings\Temporary Internet Files'
takeown /f "%LOCALAPPDATA%\Temporary Internet Files" /r /d y grantPermissions: true # 🔒️ On Windows 10, this folder (Local Settings) is protected 🔓️ On Windows 11 it's not
icacls "%LOCALAPPDATA%\Temporary Internet Files" /grant administrators:F /t -
rd /s /q "%LOCALAPPDATA%\Temporary Internet Files" function: ClearDirectoryContents
:: Windows 8 and above parameters:
rd /s /q "%LOCALAPPDATA%\Microsoft\Windows\INetCache" directoryGlob: '%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files'
# This directory consists of 4 additional folders:
# - C:\Users\undergroundwires\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
# - C:\Users\undergroundwires\AppData\Local\Microsoft\Windows\Temporary Internet Files\IE
# - C:\Users\undergroundwires\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low
# - C:\Users\undergroundwires\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
# Since Windows 10 22H2 and Windows 11 22H2, data files are observed in this subdirectories but not on the parent.
# Especially in `IE` folder includes many files. These folders are protected and hidden by default.
grantPermissions: true # 🔒️ This folder is protected on both on Windows 10 and 11
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%LOCALAPPDATA%\Microsoft\Windows\INetCache'
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%LOCALAPPDATA%\Temporary Internet Files'
grantPermissions: true # 🔒️ This folder is protected on both on Windows 10 and 11
- -
name: Clear Internet Explorer feeds cache name: Clear Internet Explorer feeds cache
recommend: standard recommend: standard
docs: https://kb.digital-detective.net/display/BF/Location+of+Internet+Explorer+11+Data docs: https://kb.digital-detective.net/display/BF/Location+of+Internet+Explorer+11+Data
code: rd /s /q "%LOCALAPPDATA%\Microsoft\Feeds Cache" call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%LOCALAPPDATA%\Microsoft\Feeds Cache'
- -
name: Clear Internet Explorer cookies name: Clear Internet Explorer cookies
recommend: strict recommend: strict
@@ -333,16 +445,23 @@ actions:
- https://docs.microsoft.com/en-us/windows/win32/wininet/managing-cookies - https://docs.microsoft.com/en-us/windows/win32/wininet/managing-cookies
- https://docs.microsoft.com/en-us/internet-explorer/kb-support/ie-edge-faqs - https://docs.microsoft.com/en-us/internet-explorer/kb-support/ie-edge-faqs
- https://www.thewindowsclub.com/cookies-folder-location-windows - https://www.thewindowsclub.com/cookies-folder-location-windows
code: |- call:
:: Windows 7 browsers -
rd /s /q "%APPDATA%\Microsoft\Windows\Cookies" function: ClearDirectoryContents
:: Windows 8 and higher parameters: # Windows 7 browsers
rd /s /q "%LOCALAPPDATA%\Microsoft\Windows\INetCookies" directoryGlob: '%APPDATA%\Microsoft\Windows\Cookies'
-
function: ClearDirectoryContents
parameters: # Windows 8 and higher
directoryGlob: '%LOCALAPPDATA%\Microsoft\Windows\INetCookies'
- -
name: Clear Internet Explorer DOMStore name: Clear Internet Explorer DOMStore
recommend: standard recommend: standard
docs: https://web.archive.org/web/20100416135352/http://msdn.microsoft.com/en-us/library/cc197062(VS.85).aspx docs: https://web.archive.org/web/20100416135352/http://msdn.microsoft.com/en-us/library/cc197062(VS.85).aspx
code: rd /s /q "%LOCALAPPDATA%\Microsoft\InternetExplorer\DOMStore" call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%LOCALAPPDATA%\Microsoft\InternetExplorer\DOMStore'
- -
name: Clear Internet Explorer usage data name: Clear Internet Explorer usage data
docs: docs:
@@ -356,7 +475,10 @@ actions:
# EUPP\, EmieUserList\, EmieSiteList\, EmieBrowserModeList\ # EUPP\, EmieUserList\, EmieSiteList\, EmieBrowserModeList\
# Files: brndlog.txt, brndlog.bak, ie4uinit-ClearIconCache.log, ie4uinit-UserConfig.log, # Files: brndlog.txt, brndlog.bak, ie4uinit-ClearIconCache.log, ie4uinit-UserConfig.log,
# MSIMGSIZ.DAT # MSIMGSIZ.DAT
code: rd /s /q "%LOCALAPPDATA%\Microsoft\Internet Explorer" call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%LOCALAPPDATA%\Microsoft\Internet Explorer'
- -
category: Clear Chrome history category: Clear Chrome history
children: children:
@@ -364,9 +486,15 @@ actions:
name: Clear Chrome crash reports name: Clear Chrome crash reports
recommend: standard recommend: standard
docs: https://www.chromium.org/developers/crash-reports docs: https://www.chromium.org/developers/crash-reports
code: |- call:
rd /s /q "%LOCALAPPDATA%\Google\Chrome\User Data\Crashpad\reports\" -
rd /s /q "%LOCALAPPDATA%\Google\CrashReports\" function: ClearDirectoryContents
parameters:
directoryGlob: '%LOCALAPPDATA%\Google\Chrome\User Data\Crashpad\reports'
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%LOCALAPPDATA%\Google\CrashReports'
- -
name: Clear Software Reporter Tool logs name: Clear Software Reporter Tool logs
recommend: standard recommend: standard
@@ -375,11 +503,15 @@ actions:
- -
name: Clear Chrome user data name: Clear Chrome user data
docs: https://chromium.googlesource.com/chromium/src/+/HEAD/docs/user_data_dir.md docs: https://chromium.googlesource.com/chromium/src/+/HEAD/docs/user_data_dir.md
code: |- call:
:: Windows XP - # Windows XP
rd /s /q "%USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data" function: ClearDirectoryContents
:: Windows Vista and newer parameters:
rd /s /q "%LOCALAPPDATA%\Google\Chrome\User Data" directoryGlob: '%USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data'
- # Windows Vista and newer
function: ClearDirectoryContents
parameters:
directoryGlob: '%LOCALAPPDATA%\Google\Chrome\User Data'
- -
category: Clear Firefox history category: Clear Firefox history
children: children:
@@ -409,17 +541,30 @@ actions:
) )
- -
name: Clear Firefox user profiles, settings, and data name: Clear Firefox user profiles, settings, and data
code: |- call:
rd /s /q "%LOCALAPPDATA%\Mozilla\Firefox\Profiles" -
rd /s /q "%APPDATA%\Mozilla\Firefox\Profiles" function: ClearDirectoryContents
parameters:
directoryGlob: '%LOCALAPPDATA%\Mozilla\Firefox\Profiles'
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%APPDATA%\Mozilla\Firefox\Profiles'
- -
name: Clear Opera history (user profiles, settings, and data) name: Clear Opera history (user profiles, settings, and data)
code: |- call:
:: Windows XP - # Windows XP
rd /s /q "%USERPROFILE%\Local Settings\Application Data\Opera\Opera" function: ClearDirectoryContents
:: Windows Vista and newer parameters:
rd /s /q "%LOCALAPPDATA%\Opera\Opera" directoryGlob: '%USERPROFILE%\Local Settings\Application Data\Opera\Opera'
rd /s /q "%APPDATA%\Opera\Opera" - # Windows Vista and newer
function: ClearDirectoryContents
parameters:
directoryGlob: '%LOCALAPPDATA%\Opera\Opera'
- # Windows Vista and newer
function: ClearDirectoryContents
parameters:
directoryGlob: '%APPDATA%\Opera\Opera'
- -
category: Clear Safari history category: Clear Safari history
children: children:
@@ -456,11 +601,15 @@ actions:
- https://kb.digital-detective.net/display/BF/Location+of+Safari+Data - https://kb.digital-detective.net/display/BF/Location+of+Safari+Data
- https://forensicswiki.xyz/wiki/index.php?title=Apple_Safari - https://forensicswiki.xyz/wiki/index.php?title=Apple_Safari
- https://zerosecurity.org/2013/04/safari-forensic-tutorial - https://zerosecurity.org/2013/04/safari-forensic-tutorial
code: |- call:
:: Windows XP - # Windows XP
rd /s /q "%USERPROFILE%\Local Settings\Application Data\Apple Computer\Safari" function: ClearDirectoryContents
:: Windows Vista and newer parameters:
rd /s /q "%AppData%\Apple Computer\Safari" directoryGlob: '%USERPROFILE%\Local Settings\Application Data\Apple Computer\Safari'
- # Windows Vista and newer
function: ClearDirectoryContents
parameters:
directoryGlob: '%APPDATA%\Apple Computer\Safari'
- -
category: Clear temporary Windows files category: Clear temporary Windows files
docs: |- docs: |-
@@ -514,7 +663,10 @@ actions:
[10]: https://web.archive.org/web/20231001150233/https://learn.microsoft.com/en-us/exchange/troubleshoot/administration/unifiedcontent-folder-fills-up-drive "Exchange UnifiedContent folder fills up the drive - Exchange | Microsoft Learn" [10]: https://web.archive.org/web/20231001150233/https://learn.microsoft.com/en-us/exchange/troubleshoot/administration/unifiedcontent-folder-fills-up-drive "Exchange UnifiedContent folder fills up the drive - Exchange | Microsoft Learn"
[11]: https://github.com/undergroundwires/privacy.sexy/pull/176 "Do not delete temp dirs by iam-py-test · Pull Request #176 · undergroundwires/privacy.sexy" [11]: https://github.com/undergroundwires/privacy.sexy/pull/176 "Do not delete temp dirs by iam-py-test · Pull Request #176 · undergroundwires/privacy.sexy"
[12]: https://github.com/undergroundwires/privacy.sexy/issues/89 "Some installer failed to installer · Issue #89 · undergroundwires/privacy.sexy" [12]: https://github.com/undergroundwires/privacy.sexy/issues/89 "Some installer failed to installer · Issue #89 · undergroundwires/privacy.sexy"
code: del /s /f /q "%WINDIR%\Temp\*" call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%WINDIR%\Temp'
- -
name: Clear temporary user folder name: Clear temporary user folder
recommend: standard recommend: standard
@@ -543,7 +695,10 @@ actions:
[7]: https://web.archive.org/web/20231001150053/https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/bb776892%28v=vs.85%29 "About User Profiles (Windows) | Microsoft Learn" [7]: https://web.archive.org/web/20231001150053/https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/bb776892%28v=vs.85%29 "About User Profiles (Windows) | Microsoft Learn"
[8]: https://web.archive.org/save/https://learn.microsoft.com/en-us/troubleshoot/windows-server/shell-experience/temp-folder-with-logon-session-id-deleted "The %TEMP% folder with logon session ID is deleted - Windows Server | Microsoft Learn" [8]: https://web.archive.org/save/https://learn.microsoft.com/en-us/troubleshoot/windows-server/shell-experience/temp-folder-with-logon-session-id-deleted "The %TEMP% folder with logon session ID is deleted - Windows Server | Microsoft Learn"
[9]: https://web.archive.org/web/20231001145035/https://devblogs.microsoft.com/scripting/weekend-scripter-use-powershell-to-clean-out-temp-folders/ "Weekend Scripter: Use PowerShell to Clean Out Temp Folders - Scripting Blog | microsoft.com" [9]: https://web.archive.org/web/20231001145035/https://devblogs.microsoft.com/scripting/weekend-scripter-use-powershell-to-clean-out-temp-folders/ "Weekend Scripter: Use PowerShell to Clean Out Temp Folders - Scripting Blog | microsoft.com"
code: del /s /f /q "%TEMP%\*" call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%TEMP%'
- -
name: Clear prefetch folder name: Clear prefetch folder
recommend: standard recommend: standard
@@ -583,7 +738,10 @@ actions:
[4]: https://web.archive.org/web/20231001151107/https://ccsweb.lanl.gov/~kei/mypubbib/papers/TOS_13_diskseen.pdf "A Prefetching Scheme Exploiting both Data Layout and Access History on Disk | ccsweb.lanl.gov" [4]: https://web.archive.org/web/20231001151107/https://ccsweb.lanl.gov/~kei/mypubbib/papers/TOS_13_diskseen.pdf "A Prefetching Scheme Exploiting both Data Layout and Access History on Disk | ccsweb.lanl.gov"
[5]: https://web.archive.org/web/20231001151150/https://www.justice.gov/sites/default/files/usao/legacy/2008/02/04/usab5601.pdf "Computer Forensics | justice.gov" [5]: https://web.archive.org/web/20231001151150/https://www.justice.gov/sites/default/files/usao/legacy/2008/02/04/usab5601.pdf "Computer Forensics | justice.gov"
[6]: https://web.archive.org/web/20231001151207/https://par.nsf.gov/servlets/purl/10333089 "Malware Family Classification via Residual Prefetch Artifacts | par.nsf.gov" [6]: https://web.archive.org/web/20231001151207/https://par.nsf.gov/servlets/purl/10333089 "Malware Family Classification via Residual Prefetch Artifacts | par.nsf.gov"
code: del /s /f /q "%WINDIR%\Prefetch\*" call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%WINDIR%\Prefetch'
- -
category: Clear Windows log and caches category: Clear Windows log and caches
children: children:
@@ -598,17 +756,20 @@ actions:
children: children:
- -
name: Clear Windows update and SFC scan logs name: Clear Windows update and SFC scan logs
docs: https://answers.microsoft.com/en-us/windows/forum/all/cwindowslogscbs/fe4e359a-bcb9-4988-954d-563ef83bac1c
recommend: standard recommend: standard
code: del /f /q %SystemRoot%\Temp\CBS\* docs: https://answers.microsoft.com/en-us/windows/forum/all/cwindowslogscbs/fe4e359a-bcb9-4988-954d-563ef83bac1c
call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%SYSTEMROOT%\Temp\CBS'
- -
name: Clear Windows Update Medic Service logs name: Clear Windows Update Medic Service logs
recommend: standard recommend: standard
docs: https://answers.microsoft.com/en-us/windows/forum/all/what-is-this-waasmedic-and-why-it-required-to/e5e55a95-d5bb-4bf4-a7ce-4783df371de4 docs: https://answers.microsoft.com/en-us/windows/forum/all/what-is-this-waasmedic-and-why-it-required-to/e5e55a95-d5bb-4bf4-a7ce-4783df371de4
code: |- call:
takeown /f %SystemRoot%\Logs\waasmedic /r /d y function: ClearDirectoryContents
icacls %SystemRoot%\Logs\waasmedic /grant administrators:F /t parameters:
rd /s /q %SystemRoot%\Logs\waasmedic directoryGlob: '%SYSTEMROOT%\Logs\waasmedic'
- -
name: Clear Cryptographic Services diagnostic traces name: Clear Cryptographic Services diagnostic traces
recommend: standard recommend: standard
@@ -620,11 +781,36 @@ actions:
del /f /q %SystemRoot%\System32\catroot2.edb del /f /q %SystemRoot%\System32\catroot2.edb
del /f /q %SystemRoot%\System32\catroot2.chk del /f /q %SystemRoot%\System32\catroot2.chk
- -
name: Clear Windows Update events logs name: Clear Server-initiated Healing Events system logs
code: del /f /q "%SystemRoot%\Logs\SIH\*" docs: |-
These are logs related to Windows Update [1] [2].
It stores event trace log (ETL) files [3].
While the logs are largely technical, like many diagnostic logs, there's a potential for some data that could be considered personally identifiable information
(PII), such as usernames or machine names, to be included.
From a forensic standpoint, they offer valuable data for reconstructing system events related to software updates [3] :
- **Update History**: The logs can provide a history of updates, including those that failed and required remediation. This could be used to establish a timeline of events on a system.
- **System Integrity**: In forensic scenarios where the integrity of the system is in question, the SIH logs could be used to determine if there were any issues with updates, including
any that were automatically remediated.
- **Behavior Analysis**: While the primary purpose of the logs is not to capture user behavior, they can be part of a broader set of logs and data used in behavioral analysis, especially
when reconstructing events leading up to a particular system state or incident.
[1]: https://web.archive.org/web/20231020011710/https://raw.githubusercontent.com/Azure/azure-diskinspect-service/master/docs/manifest_by_file.md "Official Microsoft Documentation | azure-diskinspect-service/docs/manifest_by_file.md at master · Azure/azure-diskinspect-service | github.com"
[2]: https://web.archive.org/web/20231020012236/https://answers.microsoft.com/es-es/windows/forum/all/windows-10-carpeta-y-archivos-sih/4d318121-fed6-4202-8b92-d4dc236b468e "Windows 10 | Carpeta y archivos SIH - Microsoft Community"
[3]: https://tzworks.com/prototypes/tela/tela.users.guide.pdf "TZWorks Shim Database Parser (shims) Users Guide"
call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%SYSTEMROOT%\Logs\SIH'
- -
name: Clear Windows Update logs name: Clear Windows Update logs
code: del /f /q "%SystemRoot%\Traces\WindowsUpdate\*" call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%SYSTEMROOT%\Traces\WindowsUpdate'
- -
name: Clear Optional Component Manager and COM+ components logs name: Clear Optional Component Manager and COM+ components logs
recommend: standard recommend: standard
@@ -656,15 +842,22 @@ actions:
del /f /q %SystemRoot%\setupact.log del /f /q %SystemRoot%\setupact.log
del /f /q %SystemRoot%\setuperr.log del /f /q %SystemRoot%\setuperr.log
- -
name: Clear Windows setup Logs name: Clear Windows setup logs
recommend: standard recommend: standard
docs: https://support.microsoft.com/en-gb/help/927521/windows-vista-windows-7-windows-server-2008-r2-windows-8-1-and-windows docs: https://support.microsoft.com/en-gb/help/927521/windows-vista-windows-7-windows-server-2008-r2-windows-8-1-and-windows
code: |- call:
del /f /q %SystemRoot%\setupapi.log -
del /f /q %SystemRoot%\Panther\* function: RunInlineCode
del /f /q %SystemRoot%\inf\setupapi.app.log parameters:
del /f /q %SystemRoot%\inf\setupapi.dev.log code: |-
del /f /q %SystemRoot%\inf\setupapi.offline.log del /f /q %SYSTEMROOT%\setupapi.log
del /f /q %SYSTEMROOT%\inf\setupapi.app.log
del /f /q %SYSTEMROOT%\inf\setupapi.dev.log
del /f /q %SYSTEMROOT%\inf\setupapi.offline.log
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%SYSTEMROOT%\Panther'
- -
name: Clear "Windows System Assessment Tool (`WinSAT`)" logs name: Clear "Windows System Assessment Tool (`WinSAT`)" logs
recommend: standard recommend: standard
@@ -678,11 +871,17 @@ actions:
name: Clear user web cache database name: Clear user web cache database
recommend: standard recommend: standard
docs: https://support.microsoft.com/en-gb/help/4056823/performance-issue-with-custom-default-user-profile docs: https://support.microsoft.com/en-gb/help/4056823/performance-issue-with-custom-default-user-profile
code: del /f /q %LOCALAPPDATA%\Microsoft\Windows\WebCache\*.* call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%LOCALAPPDATA%\Microsoft\Windows\WebCache'
- -
name: Clear system temp folder when not logged in name: Clear system temp folder when not logged in
recommend: standard recommend: standard
code: del /f /q %SystemRoot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%SYSTEMROOT%\ServiceProfiles\LocalService\AppData\Local\Temp'
- -
name: Clear DISM (Deployment Image Servicing and Management) system logs name: Clear DISM (Deployment Image Servicing and Management) system logs
recommend: standard recommend: standard
@@ -700,24 +899,30 @@ actions:
SET /A wuau_service_running=1 SET /A wuau_service_running=1
net stop wuauserv net stop wuauserv
) )
del /q /s /f "%SystemRoot%\SoftwareDistribution" del /q /s /f "%SYSTEMROOT%\SoftwareDistribution\*"
IF !wuau_service_running! == 1 ( IF !wuau_service_running! == 1 (
net start wuauserv net start wuauserv
) )
endlocal endlocal
-
name: Clear Server-initiated Healing Events system logs
code: del /f /q "%SystemRoot%\Logs\SIH\*"
- -
name: Clear Common Language Runtime system logs name: Clear Common Language Runtime system logs
recommend: standard recommend: standard
code: |- call:
del /f /q "%LOCALAPPDATA%\Microsoft\CLR_v4.0\UsageTraces\*" -
del /f /q "%LOCALAPPDATA%\Microsoft\CLR_v4.0_32\UsageTraces\*" function: ClearDirectoryContents
parameters:
directoryGlob: '%LOCALAPPDATA%\Microsoft\CLR_v4.0\UsageTraces'
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%LOCALAPPDATA%\Microsoft\CLR_v4.0_32\UsageTraces'
- -
name: Clear Network Setup Service Events system logs name: Clear Network Setup Service Events system logs
recommend: standard recommend: standard
code: del /f /q "%SystemRoot%\Logs\NetSetup\*" call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%SYSTEMROOT%\Logs\NetSetup'
- -
name: Clear logs generated by Disk Cleanup Tool (`cleanmgr.exe`) name: Clear logs generated by Disk Cleanup Tool (`cleanmgr.exe`)
docs: |- docs: |-
@@ -730,7 +935,10 @@ actions:
[1]: https://web.archive.org/web/20230806192546/https://ss64.com/nt/cleanmgr.html "Cleanmgr - Delete Junk and Temp files - Windows CMD - SS64.com" [1]: https://web.archive.org/web/20230806192546/https://ss64.com/nt/cleanmgr.html "Cleanmgr - Delete Junk and Temp files - Windows CMD - SS64.com"
[2]: https://web.archive.org/web/20230806192800/https://www.hexacorn.com/blog/2018/09/02/beyond-good-ol-run-key-part-86/ "Beyond good ol Run key, Part 86 | Hexacorn" [2]: https://web.archive.org/web/20230806192800/https://www.hexacorn.com/blog/2018/09/02/beyond-good-ol-run-key-part-86/ "Beyond good ol Run key, Part 86 | Hexacorn"
code: del /f /q "%SystemRoot%\System32\LogFiles\setupcln\*" call:
function: ClearDirectoryContents
parameters:
directoryGlob: '%SYSTEMROOT%\System32\LogFiles\setupcln'
- -
name: Clear primary Windows telemetry file name: Clear primary Windows telemetry file
recommend: standard recommend: standard
@@ -791,9 +999,10 @@ actions:
[3]: https://web.archive.org/web/20230829144957/https://learn.microsoft.com/en-us/previous-versions/windows/desktop/defender/msft-mpthreatdetection "MSFT\_MpThreatDetection class | Microsoft Learn" [3]: https://web.archive.org/web/20230829144957/https://learn.microsoft.com/en-us/previous-versions/windows/desktop/defender/msft-mpthreatdetection "MSFT\_MpThreatDetection class | Microsoft Learn"
[4]: https://web.archive.org/web/20230829144434/https://forensafe.com/blogs/windows_defender.html "Windows Defender | Forensafe" [4]: https://web.archive.org/web/20230829144434/https://forensafe.com/blogs/windows_defender.html "Windows Defender | Forensafe"
call: call:
function: RunInlineCodeAsTrustedInstaller # Otherwise it cannot access/delete files under `Scans\History`, see https://github.com/undergroundwires/privacy.sexy/issues/246 function: ClearDirectoryContents # Otherwise it cannot access/delete files under `Scans\History`, see https://github.com/undergroundwires/privacy.sexy/issues/246
parameters: parameters:
code: del "%ProgramData%\Microsoft\Windows Defender\Scans\History" /s /f /q directoryGlob: '%ProgramData%\Microsoft\Windows Defender\Scans\History'
grantPermissions: true # Running as TrustedInstaller is not needed, and causes Defender to alarm https://github.com/undergroundwires/privacy.sexy/issues/264
- -
name: Clear credentials in Windows Credential Manager name: Clear credentials in Windows Credential Manager
code: |- code: |-
@@ -924,15 +1133,11 @@ actions:
} }
- -
name: Clear previous Windows installations name: Clear previous Windows installations
code: |- call:
if exist "%SystemDrive%\Windows.old" ( function: DeleteDirectory
takeown /f "%SystemDrive%\Windows.old" /a /r /d y parameters:
icacls "%SystemDrive%\Windows.old" /grant administrators:F /t directoryGlob: '%SYSTEMDRIVE%\Windows.old'
rd /s /q "%SystemDrive%\Windows.old" grantPermissions: true
echo Deleted previous installation from "%SystemDrive%\Windows.old\"
) else (
echo No previous Windows installation has been found
)
- -
category: Disable OS data collection category: Disable OS data collection
children: children:
@@ -2823,10 +3028,19 @@ actions:
- -
name: Clear Nvidia residual telemetry files name: Clear Nvidia residual telemetry files
recommend: standard recommend: standard
code: |- call:
del /s %SystemRoot%\System32\DriverStore\FileRepository\NvTelemetry*.dll -
rmdir /s /q "%ProgramFiles(x86)%\NVIDIA Corporation\NvTelemetry" 2>nul function: RunInlineCode
rmdir /s /q "%ProgramFiles%\NVIDIA Corporation\NvTelemetry" 2>nul parameters:
code: del /s %SystemRoot%\System32\DriverStore\FileRepository\NvTelemetry*.dll
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%PROGRAMFILES(X86)%\NVIDIA Corporation\NvTelemetry'
-
function: ClearDirectoryContents
parameters:
directoryGlob: '%PROGRAMFILES%\NVIDIA Corporation\NvTelemetry'
- -
name: Disable participation in Nvidia telemetry name: Disable participation in Nvidia telemetry
recommend: standard recommend: standard
@@ -10810,3 +11024,180 @@ functions:
Write-Error "An error occurred while creating the shortcut at `"$($shortcut.Path)`"." Write-Error "An error occurred while creating the shortcut at `"$($shortcut.Path)`"."
} }
} }
-
name: CommentCode
# 💡 Purpose:
# Adds a comment in the executed code for better readability and debugging.
# This function does not affect the execution flow but helps in understanding the purpose of subsequent code.
parameters:
- name: comment
call:
function: RunInlineCode
parameters:
code: ':: {{ $comment }}'
-
name: DeleteGlob
# Behavior:
# Deletes files and directories on Windows using Unix-style glob patterns.
# Primarily supports the `*` wildcard; compatibility with other patterns is not tested.
# 💡 Usage:
# This is a low-level function. Favor higher-level functions like `ClearDirectoryContents` and `DeleteDirectory`
# for clearer intent and enhanced security when applicable.
parameters:
- name: pathGlob
- name: grantPermissions
optional: true
call:
function: RunPowerShell
parameters:
code: |-
$pathGlobPattern = "{{ $pathGlob }}"
$expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern)
Write-Host "Searching for items matching pattern: `"$($expandedPath)`"."
$parentDirectory = Split-Path -Path $expandedPath -Parent
{{ with $grantPermissions }} # Not using `Get-Acl`/`Set-Acl` to avoid adjusting token privileges
$grantPermissions=$true
if ($parentDirectory -like '*[*?]*') {
throw "Unable to grant permissions to glob paths: `"$parentDirectory`", not supported by ``takeown`` and ``icacls``."
} else {
Write-Host "Taking ownership of `"$expandedPath`"."
$cmdPath = $expandedPath
if ($cmdPath.EndsWith('\')) {
$cmdPath += '\' # Escape trailing backslash for correct handling in batch commands
}
$takeOwnershipCommand = "takeown /f `"$cmdPath`" /a" # `icacls /setowner` does not succeed, so use `takeown` instead.
if (-not (Test-Path -Path "$expandedPath" -PathType Leaf)) {
$takeOwnershipCommand += ' /r /d y'
}
cmd /c "$takeOwnershipCommand"
if ($LASTEXITCODE -eq 0) {
Write-Host "Successfully took ownership of `"$expandedPath`" (using ``$takeOwnershipCommand``)."
} else {
Write-Host "Failed to obtain ownership for `"$expandedPath`" using ``$takeOwnershipCommand``, status code: $LASTEXITCODE."
# Do not write as error or warning, because this can be due to missing path, it's handled for next command.
# `takeown` exits with status code `1`, making it hard to handle missing path here in .
}
Write-Host "Granting permissions for `"$expandedPath`"."
$adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'
$adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount])
$adminAccountName = $adminAccount.Value
$grantPermissionsCommand = "icacls `"$cmdPath`" /grant `"$($adminAccountName):F`" /t"
cmd /c "$grantPermissionsCommand"
if ($LASTEXITCODE -eq 0) {
Write-Host "Successfully granted permissions for `"$expandedPath`" (using ``$grantPermissionsCommand``)."
} elseif ($LASTEXITCODE -eq 3) {
Write-Host "Skipping, no items available for deletion according to: ``$grantPermissionsCommand``."
exit 0
} else {
Write-Warning "Failed to assign permissions for `"$expandedPath`" using ``$grantPermissionsCommand``, status code: $LASTEXITCODE."
}
}
{{ end }}
$getChildItemParams = @{ Force = $true; }
$filter = Split-Path -Path $expandedPath -Leaf
$getChildItemParams['Filter'] = $filter
if ($filter -like '*[*?]*') {
# Recurse only on parent if filter contains glob pattern, otherwise it will unnecessarily try to match
# every folder/file in parent, potentially leading to permission errors
# Without recursion `Get-ChildItem` does not find subdirectories.
$getChildItemParams['Recurse'] = $true
# Append a backslash to the parent path during recursion. Without it, recursion will unintentionally
# operate on the parent's parent directory.
if (!$parentDirectory.EndsWith('/')) {
$parentDirectory += '\'
}
}
$getChildItemParams['Path'] = $parentDirectory
try {
$itemsToDelete = @(Get-ChildItem @getChildItemParams -ErrorAction Stop)
} catch [System.Management.Automation.ItemNotFoundException] { # Not run `Test-Path` before, it's unreliable for globs requiring extra permissions
$itemsToDelete = @()
}
if (!$itemsToDelete) {
$formattedParams = ($getChildItemParams.GetEnumerator() | ForEach-Object { "$($_.Key): `"$($_.Value)`"" }) -Join ', '
Write-Host "Skipping, no items available for deletion with search parameters: $($formattedParams)."
exit 0
}
Write-Host "Initiating deletion of $($itemsToDelete.Count) items from `"$expandedPath`"."
$deletedCount = 0
$failedCount = 0
foreach ($item in $itemsToDelete) {
if (-not (Test-Path $item.FullName)) { # Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories).
Write-Host "Successfully deleted: $($item.FullName) (already deleted)."
$deletedCount++
continue
}
try {
Remove-Item -Path $item.FullName -Force -Recurse -ErrorAction Stop
$deletedCount++
Write-Host "Successfully deleted: $($item.FullName)"
}
catch {
$failedCount++
Write-Warning "Unable to delete $($item.FullName): $_"
}
}
Write-Host "Successfully deleted $($deletedCount) items."
if ($failedCount -gt 0) {
Write-Warning "Failed to delete $($failedCount) items."
}
-
name: ClearDirectoryContents
# 💡 Purpose:
# Specifically designed to empty the contents of a directory while preserving the directory itself.
# This is beneficial when other applications depend on the existence of the directory.
# For directory deletion, use `DeleteDirectory`.
# 🤓 Implementation:
# - Formats the provided glob pattern to ensure only contents are targeted, then delegates to `DeleteGlob`.
# - Provides a user-friendly comment in code.
parameters:
- name: directoryGlob
- name: grantPermissions
optional: true
call:
-
function: CommentCode
parameters:
comment: >-
Clear directory contents
{{ with $grantPermissions }}(with additional permissions){{ end }}
: "{{ $directoryGlob }}"
-
function: DeleteGlob
parameters:
# Ensure path ends with '\*':
# - 'C:\' becomes 'C:\*'
# - 'C:' becomes 'C:\*'
# - 'C:\*' remains 'C:\*'
pathGlob: >-
$($directoryGlob = '{{ $directoryGlob }}'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "$($directoryGlob)*" } else { "$($directoryGlob)\*" } )
grantPermissions: '{{ with $grantPermissions }}true{{ end }}'
-
name: DeleteDirectory
# 💡 Purpose:
# Deletes an entire directory, including its contents.
# ❗️ Use with caution; if you intend to preserve the directory and delete only its contents, use `ClearDirectoryContents`.
# 🤓 Implementation:
# Formats the provided glob pattern to target the directory, then delegates to `DeleteGlob`.
# - Provides a user-friendly comment in code.
parameters:
- name: directoryGlob
- name: grantPermissions
optional: true
call:
-
function: CommentCode
parameters:
comment: >-
Delete directory
{{ with $grantPermissions }}(with additional permissions){{ end }}
: "{{ $directoryGlob }}"
-
function: DeleteGlob
parameters:
# Ensure path ends with '\':
# - 'C:\' remains 'C:\'
# - 'C:' becomes 'C:\'
pathGlob: >-
$($directoryGlob = '{{ $directoryGlob }}'; if (-Not $directoryGlob.EndsWith('\')) { $directoryGlob += '\' }; $directoryGlob )
grantPermissions: '{{ with $grantPermissions }}true{{ end }}'