Fix pester test results.

T0pCyber · Dec 4, 2024 · d4c658a · d4c658a
1 parent cbb4611
commit d4c658a
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 27 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -12,15 +12,3 @@ repos:
           - Hawk/internal/scripts/pre_commit_hook_scripts/Invoke-PowerShellScriptAnalyzer.ps1
         language: system
         types: [powershell]
-      - id: pester-tests
-        name: Pester Tests
-        entry: pwsh
-        args:
-          - -NoProfile
-          - -ExecutionPolicy
-          - Bypass
-          - -File
-          - Hawk/tests/pester.ps1
-        language: system
-        pass_filenames: false
-        types: [powershell]
diff --git a/...ns/Tenant/Get-HawkTenantConsentGrants.ps1 → ...ons/Tenant/Get-HawkTenantConsentGrant.ps1 b/...ns/Tenant/Get-HawkTenantConsentGrants.ps1 → ...ons/Tenant/Get-HawkTenantConsentGrant.ps1
@@ -1,18 +1,27 @@
 Function Get-HawkTenantConsentGrant {
-    <#
-    .SYNOPSIS
-        Gathers application grants
-    .DESCRIPTION
-        Uses Microsoft Graph to gather information about application and delegate grants.
-        Attempts to detect high risk grants for review.
-    .OUTPUTS
-        File: Consent_Grants.csv
-        Path: \Tenant
-        Description: Output of all consent grants
-    .EXAMPLE
-        Get-HawkTenantConsentGrant
-        Gathers Grants
-    #>
+<#
+.SYNOPSIS
+    Gathers application grants using Microsoft Graph
+
+.DESCRIPTION
+    Uses Microsoft Graph to gather information about application and delegate grants.
+    Attempts to detect high risk grants for review. This function is used to identify
+    potentially risky application permissions and consent grants in your tenant.
+
+.EXAMPLE
+    Get-HawkTenantConsentGrant
+    Gathers and analyzes all OAuth grants in the tenant.
+
+.OUTPUTS
+    File: Consent_Grants.csv
+    Path: \Tenant
+    Description: Output of all consent grants with details about permissions and access
+
+.NOTES
+    This function requires the following Microsoft Graph permissions:
+    - Application.Read.All
+    - Directory.Read.All
+#>
         [CmdletBinding()]
         param()
 

diff --git a/Hawk/internal/functions/Get-AzureADPSPermission.ps1 b/Hawk/internal/functions/Get-AzureADPSPermission.ps1
@@ -1,12 +1,60 @@
 Function Get-AzureADPSPermission {
+<#
+.SYNOPSIS
+    Lists delegated permissions (OAuth2PermissionGrants) and application permissions (AppRoleAssignments).
+
+.DESCRIPTION
+    Lists delegated permissions (OAuth2PermissionGrants) and application permissions (AppRoleAssignments)
+    using Microsoft Graph API. This function retrieves and formats permission information for analysis
+    of application and delegated permissions in your tenant.
+
+.PARAMETER DelegatedPermissions
+    If set, will return delegated permissions. If neither this switch nor the ApplicationPermissions
+    switch is set, both application and delegated permissions will be returned.
+
+.PARAMETER ApplicationPermissions
+    If set, will return application permissions. If neither this switch nor the DelegatedPermissions
+    switch is set, both application and delegated permissions will be returned.
+
+.PARAMETER UserProperties
+    The list of properties of user objects to include in the output. Defaults to DisplayName only.
+
+.PARAMETER ServicePrincipalProperties
+    The list of properties of service principals (i.e. apps) to include in the output.
+    Defaults to DisplayName only.
+
+.PARAMETER ShowProgress
+    Whether or not to display a progress bar when retrieving application permissions (which could take some time).
+
+.PARAMETER PrecacheSize
+    The number of users to pre-load into a cache. For tenants with over a thousand users,
+    increasing this may improve performance of the script.
+
+.EXAMPLE
+    PS C:\> Get-AzureADPSPermission | Export-Csv -Path "permissions.csv" -NoTypeInformation
+    Generates a CSV report of all permissions granted to all apps.
+
+.EXAMPLE
+    PS C:\> Get-AzureADPSPermission -ApplicationPermissions -ShowProgress | Where-Object { $_.Permission -eq "Directory.Read.All" }
+    Get all apps which have application permissions for Directory.Read.All.
+
+.EXAMPLE
+    PS C:\> Get-AzureADPSPermission -UserProperties @("DisplayName", "UserPrincipalName", "Mail") -ServicePrincipalProperties @("DisplayName", "AppId")
+    Gets all permissions granted to all apps and includes additional properties for users and service principals.
+
+.NOTES
+    This function requires Microsoft.Graph PowerShell module and appropriate permissions:
+    - Application.Read.All
+    - Directory.Read.All
+#>
     [CmdletBinding()]
     param(
         [switch] $DelegatedPermissions,
         [switch] $ApplicationPermissions,
         [string[]] $UserProperties = @("DisplayName"),
         [string[]] $ServicePrincipalProperties = @("DisplayName"),
         [switch] $ShowProgress,
-        [int] $PrecacheSize = 999
+        [System.Int32] $PrecacheSize = 999
     )
 
     # Verify Graph connection