Andreas/noid-privacy
1
0
Fork 0
mirror of https://github.com/NexusOne23/noid-privacy.git synced 2026-02-16 00:08:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

v2.2.0 - Complete Security Hardening Framework (632 Settings)

Browse source
This commit is contained in:
NexusOne23 2025-12-08 10:32:49 +01:00
commit ba364813ed
195 changed files with 43788 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.github/FUNDING.yml vendored Normal file
View file

@ -0,0 +1,3 @@
# Support NoID Privacy development
buy_me_a_coffee: noidprivacy

79
.github/ISSUE_TEMPLATE/bug_report.md vendored Normal file
View file

@ -0,0 +1,79 @@
---
name: 🐛 Bug Report
about: Report a bug or unexpected behavior
title: '[BUG] '
labels: 'bug'
assignees: ''
---
## 🐛 Bug Description
A clear and concise description of what the bug is.
## 📋 Steps to Reproduce
1. Run command: `...`
2. Configure module: `...`
3. Execute script: `...`
4. See error
## ✅ Expected Behavior
A clear description of what you expected to happen.
## ❌ Actual Behavior
A clear description of what actually happened.
## 💻 System Information
- **OS**: Windows 11 [e.g., 25H2 Build 26200]
- **PowerShell Version**: [e.g., 5.1.26100.2161]
- **CPU**: [e.g., AMD Ryzen 7 9800X3D]
- **TPM**: [e.g., 2.0 Present]
- **Third-Party AV**: [e.g., None, Windows Defender only]
- **Script Version**: [e.g., v2.2.0]
- **Execution Mode**: [Interactive / Direct / DryRun]
**Get System Info:**
```powershell
# Run this to get system info
$PSVersionTable
Get-ComputerInfo | Select-Object OsName, OsVersion, OsBuildNumber
Get-Tpm | Select-Object TpmPresent, TpmReady
```
## 📝 Log Files
Please attach or paste the relevant portion of the log file:
**Location**: `Logs\NoIDPrivacy_YYYYMMDD_HHMMSS.log`
```
[Paste relevant log excerpt here]
```
## 📸 Screenshots
If applicable, add screenshots to help explain your problem.
## 🔍 Additional Context
Add any other context about the problem here:
- Was this a fresh installation or re-run?
- Did the script work previously?
- Any recent system changes?
- Running in VM or physical machine?
## ✔️ Checklist
- [ ] I have searched for similar issues
- [ ] I have verified this is reproducible
- [ ] I have included the log file
- [ ] I have provided complete system information
- [ ] I have tested on a clean Windows 11 25H2 installation (if possible)
## 🔒 Security Note
If this is a **security vulnerability**, please **DO NOT** create a public issue!
Instead, report it privately via: https://github.com/NexusOne23/noid-privacy/security/advisories

103
.github/ISSUE_TEMPLATE/feature_request.md vendored Normal file
View file

@ -0,0 +1,103 @@
---
name: ✨ Feature Request
about: Suggest a new feature or enhancement
title: '[FEATURE] '
labels: 'enhancement'
assignees: ''
---
## 🚀 Feature Request
**Note:** For questions or discussions, please use [GitHub Discussions](https://github.com/NexusOne23/noid-privacy/discussions) instead!
## 🔍 Problem Statement
**Is your feature request related to a problem?**
Describe the problem this feature would solve. Example: "I'm frustrated when [...]"
## 💡 Proposed Solution
Describe the solution you'd like to see implemented.
## 🔄 Alternatives Considered
Describe any alternative solutions or features you've considered.
## 📊 Impact Assessment
Please assess the potential impact of this feature:
### Security Impact
- [ ] Enhances security
- [ ] No security impact
- [ ] Potential security concerns (explain below)
**Details:**
### Privacy Impact
- [ ] Enhances privacy
- [ ] No privacy impact
- [ ] Potential privacy concerns (explain below)
**Details:**
### Compatibility Impact
- [ ] No breaking changes
- [ ] Minor breaking changes
- [ ] Major breaking changes (explain below)
**Details:**
### Usability Impact
- [ ] Improves usability
- [ ] No usability impact
- [ ] May affect usability (explain below)
**Details:**
## 📝 Additional Context
Add any other context, examples, or mockups about the feature request here.
## 🎯 Use Cases
Describe specific use cases where this feature would be beneficial:
1. **Use case 1**: [Description]
2. **Use case 2**: [Description]
3. **Use case 3**: [Description]
## 📚 References
Link to any relevant documentation, standards, or similar implementations:
- [Example: Microsoft documentation]
- [Example: CIS Benchmark requirement]
- [Example: Similar project implementation]
## 🏷️ Module Target
Which module would this feature belong to?
- [ ] SecurityBaseline (MS Baseline settings)
- [ ] ASR (Attack Surface Reduction)
- [ ] DNS (Secure DNS)
- [ ] Privacy (Telemetry, Bloatware)
- [ ] AntiAI (AI Features Lockdown)
- [ ] EdgeHardening (Microsoft Edge)
- [ ] AdvancedSecurity (Beyond MS Baseline)
- [ ] Core (Framework/Architecture)
- [ ] New Module (describe below)
## ✔️ Checklist
- [ ] I have searched for similar feature requests
- [ ] I have considered the impact on security and privacy
- [ ] I have described the problem and proposed solution clearly
- [ ] I have provided use cases and examples
- [ ] This is NOT a security vulnerability (use Security Advisory instead)
## 💼 Commercial Licensing
If this feature is critical for your organization and you need it prioritized, consider our [commercial licensing options](https://github.com/NexusOne23/noid-privacy/discussions) with dedicated support and custom development.

94
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View file

@ -0,0 +1,94 @@
# Pull Request
## 📝 Description
Please include a summary of the changes and the related issue. Explain the motivation and context.
Fixes #(issue number)
## 🎯 Type of Change
Please delete options that are not relevant:
- [ ] 🐛 Bug fix (non-breaking change which fixes an issue)
- [ ] ✨ New feature (non-breaking change which adds functionality)
- [ ] 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
- [ ] 📚 Documentation update
- [ ] 🔧 Code refactoring (no functional changes)
- [ ] ⚡ Performance improvement
- [ ] ✅ Test coverage improvement
## 🧪 Testing
Please describe the tests you ran to verify your changes:
- [ ] Tested on Windows 11 25H2
- [ ] Tested on Windows 11 24H2
- [ ] Tested in VM environment
- [ ] Tested on physical hardware
- [ ] Unit tests pass (`.\Tests\Run-Tests.ps1`)
- [ ] Integration tests pass
- [ ] Verification script passes (`.\Tools\Verify-Complete-Hardening.ps1`)
**Test Configuration:**
- **OS Version**: Windows 11 25H2 Build 26200
- **PowerShell Version**: 5.1.26100.xxxx
- **Test Environment**: VM / Physical
## 📋 Checklist
- [ ] My code follows the style guidelines of this project
- [ ] I have performed a self-review of my code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [ ] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my feature works
- [ ] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have been merged and published
- [ ] I have updated the CHANGELOG.md
- [ ] I have read and agree to the [Code of Conduct](../CODE_OF_CONDUCT.md)
## 🔒 Security Considerations
- [ ] This change does not introduce security vulnerabilities
- [ ] This change has been reviewed for security implications
- [ ] Sensitive data is handled properly (if applicable)
- [ ] No hardcoded credentials or secrets
**Security Impact Details:**
## 📚 Documentation
- [ ] README.md updated (if needed)
- [ ] CHANGELOG.md updated
- [ ] Docs/ folder updated (if needed)
- [ ] Code comments added/updated
## 🔄 Backwards Compatibility
- [ ] This change is backwards compatible
- [ ] This change includes migration path for existing users
- [ ] Breaking changes are documented
**Compatibility Details:**
## 🎨 Screenshots (if applicable)
Add screenshots to help explain your changes (e.g., UI changes, verification report).
## 📝 Additional Notes
Add any additional notes for reviewers here.
---
## For Maintainers
**Review Checklist:**
- [ ] Code quality meets project standards
- [ ] Tests are comprehensive
- [ ] Documentation is complete
- [ ] Security implications reviewed
- [ ] Backwards compatibility considered
- [ ] CHANGELOG updated
- [ ] Ready to merge

226
.github/workflows/ci.yml vendored Normal file
View file

@ -0,0 +1,226 @@
name: CI - PowerShell Quality Checks
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
permissions:
contents: read
checks: write
pull-requests: write
jobs:
psscriptanalyzer:
name: PSScriptAnalyzer
runs-on: windows-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Run PSScriptAnalyzer
shell: pwsh
run: |
Write-Host "Installing PSScriptAnalyzer..."
Install-Module -Name PSScriptAnalyzer -Force -Scope CurrentUser -SkipPublisherCheck -ErrorAction Stop
Write-Host ""
Write-Host "Running PSScriptAnalyzer (Errors only)..."
$results = Invoke-ScriptAnalyzer -Path . -Recurse -Severity Error
if ($results) {
Write-Host ""
Write-Host "=== PSScriptAnalyzer Errors Found ===" -ForegroundColor Red
$results | Format-Table -AutoSize
Write-Host ""
Write-Host "Error Count: $($results.Count)" -ForegroundColor Red
Write-Host "Failing CI due to errors" -ForegroundColor Red
exit 1
} else {
Write-Host ""
Write-Host "No errors found! (Warnings are ignored)" -ForegroundColor Green
}
test-powershell-51:
name: Test on PowerShell 5.1
runs-on: windows-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Test PowerShell Scripts (5.1)
shell: powershell
run: |
Write-Host "PowerShell Version: $($PSVersionTable.PSVersion)" -ForegroundColor Cyan
Write-Host "Testing script syntax..."
$ErrorActionPreference = 'Stop'
$failed = $false
Get-ChildItem -Path . -Filter "*.ps1" -Recurse -ErrorAction SilentlyContinue | ForEach-Object {
Write-Host "Checking: $($_.Name)"
try {
$errors = $null
$tokens = [System.Management.Automation.PSParser]::Tokenize((Get-Content $_.FullName -Raw), [ref]$errors)
if ($errors.Count -gt 0) {
Write-Host " [ERROR] $($errors[0].Message)" -ForegroundColor Red
$failed = $true
} else {
Write-Host " [OK]" -ForegroundColor Green
}
} catch {
Write-Host " [ERROR] $_" -ForegroundColor Red
$failed = $true
}
}
if ($failed) {
Write-Host ""
Write-Host "Syntax check FAILED" -ForegroundColor Red
exit 1
} else {
Write-Host ""
Write-Host "All scripts have valid syntax!" -ForegroundColor Green
}
test-powershell-7:
name: Test on PowerShell 7.4
runs-on: windows-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Test PowerShell Scripts (7.4)
shell: pwsh
run: |
Write-Host "PowerShell Version: $($PSVersionTable.PSVersion)" -ForegroundColor Cyan
Write-Host "Testing script syntax..."
$ErrorActionPreference = 'Stop'
$failed = $false
Get-ChildItem -Path . -Filter "*.ps1" -Recurse -ErrorAction SilentlyContinue | ForEach-Object {
Write-Host "Checking: $($_.Name)"
try {
$errors = $null
$tokens = $null
$ast = [System.Management.Automation.Language.Parser]::ParseFile($_.FullName, [ref]$tokens, [ref]$errors)
if ($errors.Count -gt 0) {
Write-Host " [ERROR] $($errors[0].Message)" -ForegroundColor Red
$failed = $true
} else {
Write-Host " [OK]" -ForegroundColor Green
}
} catch {
Write-Host " [ERROR] $_" -ForegroundColor Red
$failed = $true
}
}
if ($failed) {
Write-Host ""
Write-Host "Syntax check FAILED" -ForegroundColor Red
exit 1
} else {
Write-Host ""
Write-Host "All scripts have valid syntax!" -ForegroundColor Green
}
validate-structure:
name: Validate Project Structure
runs-on: windows-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Check Required Files
shell: pwsh
run: |
Write-Host "Checking project structure..." -ForegroundColor Cyan
$required = @(
"README.md",
"LICENSE",
"CHANGELOG.md",
"NoIDPrivacy-Interactive.ps1",
"Core/Framework.ps1",
"Modules",
"Tools"
)
$missing = @()
foreach ($item in $required) {
if (Test-Path $item) {
Write-Host "[OK] $item" -ForegroundColor Green
} else {
Write-Host "[MISSING] $item" -ForegroundColor Red
$missing += $item
}
}
if ($missing.Count -gt 0) {
Write-Host ""
Write-Host "Missing required files/folders!" -ForegroundColor Red
exit 1
} else {
Write-Host ""
Write-Host "All required files present!" -ForegroundColor Green
}
- name: Check Module Structure
shell: pwsh
run: |
Write-Host "`nValidating module structure..." -ForegroundColor Cyan
$modules = @(
"SecurityBaseline",
"ASR",
"DNS",
"Privacy",
"AntiAI",
"EdgeHardening",
"AdvancedSecurity"
)
$failed = $false
foreach ($module in $modules) {
$modulePath = "Modules/$module"
if (Test-Path $modulePath) {
Write-Host "[OK] Module: $module" -ForegroundColor Green
# Check for required module files
$moduleFile = "$modulePath/$module.psm1"
$manifestFile = "$modulePath/$module.psd1"
if (Test-Path $moduleFile) {
Write-Host " [OK] $module.psm1" -ForegroundColor Green
} else {
Write-Host " [MISSING] $module.psm1" -ForegroundColor Red
$failed = $true
}
if (Test-Path $manifestFile) {
Write-Host " [OK] $module.psd1" -ForegroundColor Green
} else {
Write-Host " [MISSING] $module.psd1" -ForegroundColor Red
$failed = $true
}
} else {
Write-Host "[MISSING] Module: $module" -ForegroundColor Red
$failed = $true
}
}
if ($failed) {
Write-Host ""
Write-Host "Module structure validation FAILED!" -ForegroundColor Red
exit 1
} else {
Write-Host ""
Write-Host "All modules are correctly structured!" -ForegroundColor Green
}

71
.github/workflows/pester-tests.yml vendored Normal file
View file

@ -0,0 +1,71 @@
name: Pester Tests
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
workflow_dispatch:
jobs:
test:
runs-on: windows-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Pester
shell: pwsh
run: |
Install-Module -Name Pester -Force -SkipPublisherCheck -Scope CurrentUser
Import-Module Pester
- name: Run Unit Tests
shell: pwsh
run: |
$config = New-PesterConfiguration
$config.Run.Path = "Tests/Unit"
$config.Run.PassThru = $true
$config.Output.Verbosity = 'Detailed'
$config.TestResult.Enabled = $true
$config.TestResult.OutputPath = "TestResults-Unit.xml"
$config.TestResult.OutputFormat = 'NUnitXml'
$results = Invoke-Pester -Configuration $config
if ($results.FailedCount -gt 0) {
Write-Error "Unit tests failed: $($results.FailedCount) failures"
exit 1
}
- name: Run Integration Tests (DryRun only)
shell: pwsh
run: |
$config = New-PesterConfiguration
$config.Run.Path = "Tests/Integration"
$config.Run.PassThru = $true
$config.Output.Verbosity = 'Detailed'
$config.TestResult.Enabled = $true
$config.TestResult.OutputPath = "TestResults-Integration.xml"
$config.TestResult.OutputFormat = 'NUnitXml'
$results = Invoke-Pester -Configuration $config
if ($results.FailedCount -gt 0) {
Write-Error "Integration tests failed: $($results.FailedCount) failures"
exit 1
}
- name: Upload Test Results
uses: actions/upload-artifact@v4
if: always()
with:
name: test-results
path: TestResults-*.xml
- name: Publish Test Results
uses: EnricoMi/publish-unit-test-result-action/windows@v2
if: always()
with:
files: TestResults-*.xml