From 77aae53ba26d207eb94b1302e404c28f14b3bbe4 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 8 Jan 2026 20:10:43 +0000 Subject: [PATCH 1/6] Handle parameter escaping internally in cf-create-service.ps1 Co-authored-by: TimHess <3947063+TimHess@users.noreply.github.com> --- FileShares/README.md | 2 +- FileShares/scripts/cf-create-service.ps1 | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/FileShares/README.md b/FileShares/README.md index f8098e2a0..f28e24b2a 100644 --- a/FileShares/README.md +++ b/FileShares/README.md @@ -72,7 +72,7 @@ Before deploying the app, you must create an entry in CredHub to contain the cre ### Store credentials in CredHub 1. Run [cf-create-service.ps1](scripts/cf-create-service.ps1) to create a service instance in CredHub, using parameters to set the required values: - * `-NetworkAddress \\\\\\` - escaped UNC path of the fileshare + * `-NetworkAddress \\\` - UNC path of the fileshare * `-UserName ` - the username for accessing the fileshare * `-Password ` - the password for accessing the fileshare diff --git a/FileShares/scripts/cf-create-service.ps1 b/FileShares/scripts/cf-create-service.ps1 index ab6a61825..960c23fde 100644 --- a/FileShares/scripts/cf-create-service.ps1 +++ b/FileShares/scripts/cf-create-service.ps1 @@ -1,5 +1,5 @@ Param( - [Parameter(Mandatory = $true, HelpMessage = "Escaped UNC path. For example, if the path is '\\localhost\steeltoe_network_share', use '\\\\localhost\\steeltoe_network_share'.")][string]$NetworkAddress, + [Parameter(Mandatory = $true, HelpMessage = "UNC path to the network share. For example: '\\localhost\steeltoe_network_share'")][string]$NetworkAddress, [Parameter(Mandatory=$true)][string]$UserName, [Parameter(Mandatory=$true)][string]$Password, [string]$ServiceName = "credhub", @@ -8,7 +8,10 @@ Param( ) $ErrorActionPreference = "Stop" -$ParamJSON = [string]::Format('{{\"location\":\"{0}\",\"username\":\"{1}\",\"password\":\"{2}\"}}', $NetworkAddress, $UserName, $Password) +# Escape backslashes for JSON +$EscapedNetworkAddress = $NetworkAddress -replace '\\', '\\' + +$ParamJSON = [string]::Format('{{\"location\":\"{0}\",\"username\":\"{1}\",\"password\":\"{2}\"}}', $EscapedNetworkAddress, $UserName, $Password) Write-Host "cf create-service $ServiceName $ServicePlan $ServiceInstanceName -c $ParamJSON -t $ServiceInstanceName" From eb71b1b117b24b5fe01713a9a736c37d20d53121 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 8 Jan 2026 20:12:39 +0000 Subject: [PATCH 2/6] Improve comment clarity for backslash escaping logic Co-authored-by: TimHess <3947063+TimHess@users.noreply.github.com> --- FileShares/scripts/cf-create-service.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FileShares/scripts/cf-create-service.ps1 b/FileShares/scripts/cf-create-service.ps1 index 960c23fde..df8c55aeb 100644 --- a/FileShares/scripts/cf-create-service.ps1 +++ b/FileShares/scripts/cf-create-service.ps1 @@ -8,7 +8,7 @@ Param( ) $ErrorActionPreference = "Stop" -# Escape backslashes for JSON +# Escape backslashes for JSON format (each backslash becomes double backslash) $EscapedNetworkAddress = $NetworkAddress -replace '\\', '\\' $ParamJSON = [string]::Format('{{\"location\":\"{0}\",\"username\":\"{1}\",\"password\":\"{2}\"}}', $EscapedNetworkAddress, $UserName, $Password) From 42a1d87044db70d7d22b19da210f63c91ea191c0 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 8 Jan 2026 20:28:57 +0000 Subject: [PATCH 3/6] Use ConvertTo-Json for robust escaping of all parameters Co-authored-by: TimHess <3947063+TimHess@users.noreply.github.com> --- FileShares/README.md | 5 ++++- FileShares/scripts/cf-create-service.ps1 | 14 ++++++++++---- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/FileShares/README.md b/FileShares/README.md index f28e24b2a..91c35ba7f 100644 --- a/FileShares/README.md +++ b/FileShares/README.md @@ -71,9 +71,12 @@ Before deploying the app, you must create an entry in CredHub to contain the cre ### Store credentials in CredHub +> [!NOTE] +> The [cf-create-service.ps1](scripts/cf-create-service.ps1) script requires PowerShell 7 or later. + 1. Run [cf-create-service.ps1](scripts/cf-create-service.ps1) to create a service instance in CredHub, using parameters to set the required values: * `-NetworkAddress \\\` - UNC path of the fileshare - * `-UserName ` - the username for accessing the fileshare + * `-UserName ` - the username for accessing the fileshare (can include domain, e.g., `DOMAIN\username`) * `-Password ` - the password for accessing the fileshare ### Deploy the app diff --git a/FileShares/scripts/cf-create-service.ps1 b/FileShares/scripts/cf-create-service.ps1 index df8c55aeb..b60b6b2e1 100644 --- a/FileShares/scripts/cf-create-service.ps1 +++ b/FileShares/scripts/cf-create-service.ps1 @@ -1,3 +1,5 @@ +#Requires -Version 7.0 + Param( [Parameter(Mandatory = $true, HelpMessage = "UNC path to the network share. For example: '\\localhost\steeltoe_network_share'")][string]$NetworkAddress, [Parameter(Mandatory=$true)][string]$UserName, @@ -8,10 +10,14 @@ Param( ) $ErrorActionPreference = "Stop" -# Escape backslashes for JSON format (each backslash becomes double backslash) -$EscapedNetworkAddress = $NetworkAddress -replace '\\', '\\' - -$ParamJSON = [string]::Format('{{\"location\":\"{0}\",\"username\":\"{1}\",\"password\":\"{2}\"}}', $EscapedNetworkAddress, $UserName, $Password) +# Build parameter object and convert to JSON using PowerShell's built-in JSON serialization +# This automatically handles escaping of special characters including backslashes, quotes, etc. +$params = @{ + location = $NetworkAddress + username = $UserName + password = $Password +} +$ParamJSON = $params | ConvertTo-Json -Compress Write-Host "cf create-service $ServiceName $ServicePlan $ServiceInstanceName -c $ParamJSON -t $ServiceInstanceName" From edf73e19731f6c7e5915bf7abd475d0f583de575 Mon Sep 17 00:00:00 2001 From: Tim Hess Date: Tue, 13 Jan 2026 12:59:04 -0600 Subject: [PATCH 4/6] Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- FileShares/scripts/cf-create-service.ps1 | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/FileShares/scripts/cf-create-service.ps1 b/FileShares/scripts/cf-create-service.ps1 index b60b6b2e1..ce03ac490 100644 --- a/FileShares/scripts/cf-create-service.ps1 +++ b/FileShares/scripts/cf-create-service.ps1 @@ -2,8 +2,8 @@ Param( [Parameter(Mandatory = $true, HelpMessage = "UNC path to the network share. For example: '\\localhost\steeltoe_network_share'")][string]$NetworkAddress, - [Parameter(Mandatory=$true)][string]$UserName, - [Parameter(Mandatory=$true)][string]$Password, + [Parameter(Mandatory=$true)][string]$UserName, + [Parameter(Mandatory=$true)][string]$Password, [string]$ServiceName = "credhub", [string]$ServicePlan = "default", [string]$ServiceInstanceName = "sampleNetworkShare" @@ -19,6 +19,10 @@ $params = @{ } $ParamJSON = $params | ConvertTo-Json -Compress -Write-Host "cf create-service $ServiceName $ServicePlan $ServiceInstanceName -c $ParamJSON -t $ServiceInstanceName" +# Create a redacted copy of the parameters for logging so the password is not exposed +$redactedParams = $params.Clone() +$redactedParams['password'] = 'REDACTED' +$ParamJSONRedacted = $redactedParams | ConvertTo-Json -Compress +Write-Host "cf create-service $ServiceName $ServicePlan $ServiceInstanceName -c $ParamJSONRedacted -t $ServiceInstanceName" cf create-service $ServiceName $ServicePlan $ServiceInstanceName -c $ParamJSON -t $ServiceInstanceName From 88f5a7681f4eff81a94ae5747ea73b1ad1f7c130 Mon Sep 17 00:00:00 2001 From: Tim Hess Date: Fri, 16 Jan 2026 14:05:36 -0600 Subject: [PATCH 5/6] PascalParams, camelVariables, enhance consistency in readme & scripts --- FileShares/README.md | 9 ++++++--- FileShares/scripts/add-user-and-share.ps1 | 13 +++++++------ FileShares/scripts/cf-create-service.ps1 | 18 +++++++++--------- FileShares/scripts/remove-user-and-share.ps1 | 8 +++++--- 4 files changed, 27 insertions(+), 21 deletions(-) diff --git a/FileShares/README.md b/FileShares/README.md index 91c35ba7f..c30e9bf43 100644 --- a/FileShares/README.md +++ b/FileShares/README.md @@ -75,9 +75,12 @@ Before deploying the app, you must create an entry in CredHub to contain the cre > The [cf-create-service.ps1](scripts/cf-create-service.ps1) script requires PowerShell 7 or later. 1. Run [cf-create-service.ps1](scripts/cf-create-service.ps1) to create a service instance in CredHub, using parameters to set the required values: - * `-NetworkAddress \\\` - UNC path of the fileshare - * `-UserName ` - the username for accessing the fileshare (can include domain, e.g., `DOMAIN\username`) - * `-Password ` - the password for accessing the fileshare + * `-NetworkAddress \\\` - UNC path to the network share (required). For example: `\\localhost\steeltoe_network_share` + * `-UserName ` - the username for accessing the fileshare, can include domain (e.g., `DOMAIN\username`) (required) + * `-Password ` - the password for accessing the fileshare (required) + * `-ServiceName credhub` - the name of the service + * `-ServicePlan default` - the service plan + * `-ServiceInstanceName sampleNetworkShare` - the name of the service instance ### Deploy the app diff --git a/FileShares/scripts/add-user-and-share.ps1 b/FileShares/scripts/add-user-and-share.ps1 index 42d5cb765..c1e682ece 100644 --- a/FileShares/scripts/add-user-and-share.ps1 +++ b/FileShares/scripts/add-user-and-share.ps1 @@ -2,12 +2,13 @@ #Requires -Modules Microsoft.PowerShell.LocalAccounts, SmbShare Param( - [string]$ShareName = "steeltoe_network_share", - [string]$SharePath = "c:\steeltoe_network_share", - [string]$UserName = "shareWriteUser", - [string]$Password = "thisIs1Pass!" + [Parameter(Mandatory = $false)][string]$ShareName = "steeltoe_network_share", + [Parameter(Mandatory = $false)][string]$SharePath = "c:\steeltoe_network_share", + [Parameter(Mandatory = $false)][string]$UserName = "shareWriteUser", + [Parameter(Mandatory = $false)][string]$Password = "thisIs1Pass!" ) $ErrorActionPreference = "Stop" + if ($PSVersionTable.PSVersion.Major -lt 6) { Write-Output "Running in Windows PowerShell (version < 6)" @@ -18,7 +19,7 @@ else Add-Type -AssemblyName System.Management.Automation Import-Module Microsoft.PowerShell.LocalAccounts -SkipEditionCheck } -$SecurePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force +$securePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force if (Get-LocalUser -Name $UserName -ErrorAction SilentlyContinue) { @@ -28,7 +29,7 @@ else { Write-Host "Creating local user $UserName..." New-LocalUser $UserName ` - -Password $SecurePassword ` + -Password $securePassword ` -FullName "SMB ReadWrite" ` -Description "For write access to $ShareName" | Out-Null Write-Host "Done creating user." diff --git a/FileShares/scripts/cf-create-service.ps1 b/FileShares/scripts/cf-create-service.ps1 index ce03ac490..0c93c5ed1 100644 --- a/FileShares/scripts/cf-create-service.ps1 +++ b/FileShares/scripts/cf-create-service.ps1 @@ -2,11 +2,11 @@ Param( [Parameter(Mandatory = $true, HelpMessage = "UNC path to the network share. For example: '\\localhost\steeltoe_network_share'")][string]$NetworkAddress, - [Parameter(Mandatory=$true)][string]$UserName, - [Parameter(Mandatory=$true)][string]$Password, - [string]$ServiceName = "credhub", - [string]$ServicePlan = "default", - [string]$ServiceInstanceName = "sampleNetworkShare" + [Parameter(Mandatory = $true)][string]$UserName, + [Parameter(Mandatory = $true)][string]$Password, + [Parameter(Mandatory = $false)][string]$ServiceName = "credhub", + [Parameter(Mandatory = $false)][string]$ServicePlan = "default", + [Parameter(Mandatory = $false)][string]$ServiceInstanceName = "sampleNetworkShare" ) $ErrorActionPreference = "Stop" @@ -17,12 +17,12 @@ $params = @{ username = $UserName password = $Password } -$ParamJSON = $params | ConvertTo-Json -Compress +$jsonParams = $params | ConvertTo-Json -Compress # Create a redacted copy of the parameters for logging so the password is not exposed $redactedParams = $params.Clone() $redactedParams['password'] = 'REDACTED' -$ParamJSONRedacted = $redactedParams | ConvertTo-Json -Compress +$redactedJsonParams = $redactedParams | ConvertTo-Json -Compress -Write-Host "cf create-service $ServiceName $ServicePlan $ServiceInstanceName -c $ParamJSONRedacted -t $ServiceInstanceName" -cf create-service $ServiceName $ServicePlan $ServiceInstanceName -c $ParamJSON -t $ServiceInstanceName +Write-Host "cf create-service $ServiceName $ServicePlan $ServiceInstanceName -c $redactedJsonParams -t $ServiceInstanceName" +cf create-service $ServiceName $ServicePlan $ServiceInstanceName -c $jsonParams -t $ServiceInstanceName diff --git a/FileShares/scripts/remove-user-and-share.ps1 b/FileShares/scripts/remove-user-and-share.ps1 index b725ccb99..9de6960d0 100644 --- a/FileShares/scripts/remove-user-and-share.ps1 +++ b/FileShares/scripts/remove-user-and-share.ps1 @@ -2,11 +2,12 @@ #Requires -Modules Microsoft.PowerShell.LocalAccounts, SmbShare Param( - [string]$ShareName = "steeltoe_network_share", - [string]$SharePath = "c:\steeltoe_network_share", - [string]$UserName = "shareWriteUser" + [Parameter(Mandatory = $false)][string]$ShareName = "steeltoe_network_share", + [Parameter(Mandatory = $false)][string]$SharePath = "c:\steeltoe_network_share", + [Parameter(Mandatory = $false)][string]$UserName = "shareWriteUser" ) $ErrorActionPreference = "Stop" + if ($PSVersionTable.PSVersion.Major -lt 6) { Write-Output "Running in Windows PowerShell (version < 6)" @@ -17,6 +18,7 @@ else Add-Type -AssemblyName System.Management.Automation Import-Module Microsoft.PowerShell.LocalAccounts -SkipEditionCheck } + if (Get-SmbShare $ShareName -ErrorAction SilentlyContinue) { Remove-SmbShare -Name $ShareName From d62859824945d502e70e70d9ab8743356cdcb71b Mon Sep 17 00:00:00 2001 From: Tim Hess Date: Fri, 23 Jan 2026 17:19:19 -0600 Subject: [PATCH 6/6] sync readme and helpmessage on params --- FileShares/README.md | 9 ++++----- FileShares/scripts/add-user-and-share.ps1 | 8 ++++---- FileShares/scripts/cf-create-service.ps1 | 10 +++++----- FileShares/scripts/remove-user-and-share.ps1 | 6 +++--- 4 files changed, 16 insertions(+), 17 deletions(-) diff --git a/FileShares/README.md b/FileShares/README.md index c30e9bf43..d223a52e4 100644 --- a/FileShares/README.md +++ b/FileShares/README.md @@ -49,7 +49,6 @@ You can also delete files by clicking the "Delete file" button in the same row a > [!TIP] > The sample uses credentials different from those of your Windows user account. If you've opened the file share in Windows Explorer before running the sample, it fails because a file share can't be accessed by one user using multiple credentials. To recover, run `klist purge` to make Windows forget the connection from Windows Explorer. - ### Removing the local user account and file share > [!CAUTION] @@ -76,10 +75,10 @@ Before deploying the app, you must create an entry in CredHub to contain the cre 1. Run [cf-create-service.ps1](scripts/cf-create-service.ps1) to create a service instance in CredHub, using parameters to set the required values: * `-NetworkAddress \\\` - UNC path to the network share (required). For example: `\\localhost\steeltoe_network_share` - * `-UserName ` - the username for accessing the fileshare, can include domain (e.g., `DOMAIN\username`) (required) - * `-Password ` - the password for accessing the fileshare (required) - * `-ServiceName credhub` - the name of the service - * `-ServicePlan default` - the service plan + * `-UserName ` - the username for accessing the file share, can include domain (e.g., `DOMAIN\username`) (required) + * `-Password ` - the password for accessing the file share (required) + * `-ServiceName credhub` - the name of the service for storing credentials + * `-ServicePlan default` - the service plan to use * `-ServiceInstanceName sampleNetworkShare` - the name of the service instance ### Deploy the app diff --git a/FileShares/scripts/add-user-and-share.ps1 b/FileShares/scripts/add-user-and-share.ps1 index c1e682ece..08a3b679a 100644 --- a/FileShares/scripts/add-user-and-share.ps1 +++ b/FileShares/scripts/add-user-and-share.ps1 @@ -2,10 +2,10 @@ #Requires -Modules Microsoft.PowerShell.LocalAccounts, SmbShare Param( - [Parameter(Mandatory = $false)][string]$ShareName = "steeltoe_network_share", - [Parameter(Mandatory = $false)][string]$SharePath = "c:\steeltoe_network_share", - [Parameter(Mandatory = $false)][string]$UserName = "shareWriteUser", - [Parameter(Mandatory = $false)][string]$Password = "thisIs1Pass!" + [Parameter(Mandatory = $false, HelpMessage = "The name of the share")][string]$ShareName = "steeltoe_network_share", + [Parameter(Mandatory = $false, HelpMessage = "The path to the share. For example: 'c:\steeltoe_network_share'")][string]$SharePath = "c:\steeltoe_network_share", + [Parameter(Mandatory = $false, HelpMessage = "The name of the user")][string]$UserName = "shareWriteUser", + [Parameter(Mandatory = $false, HelpMessage = "The password for the user")][string]$Password = "thisIs1Pass!" ) $ErrorActionPreference = "Stop" diff --git a/FileShares/scripts/cf-create-service.ps1 b/FileShares/scripts/cf-create-service.ps1 index 0c93c5ed1..1145fce45 100644 --- a/FileShares/scripts/cf-create-service.ps1 +++ b/FileShares/scripts/cf-create-service.ps1 @@ -2,11 +2,11 @@ Param( [Parameter(Mandatory = $true, HelpMessage = "UNC path to the network share. For example: '\\localhost\steeltoe_network_share'")][string]$NetworkAddress, - [Parameter(Mandatory = $true)][string]$UserName, - [Parameter(Mandatory = $true)][string]$Password, - [Parameter(Mandatory = $false)][string]$ServiceName = "credhub", - [Parameter(Mandatory = $false)][string]$ServicePlan = "default", - [Parameter(Mandatory = $false)][string]$ServiceInstanceName = "sampleNetworkShare" + [Parameter(Mandatory = $true, HelpMessage = "The username for accessing the file share, can include domain. For example: 'DOMAIN\username'")][string]$UserName, + [Parameter(Mandatory = $true, HelpMessage = "The password for accessing the file share.")][string]$Password, + [Parameter(Mandatory = $false, HelpMessage = "The name of the service for storing credentials")][string]$ServiceName = "credhub", + [Parameter(Mandatory = $false, HelpMessage = "The service plan to use")][string]$ServicePlan = "default", + [Parameter(Mandatory = $false, HelpMessage = "The name of the service instance")][string]$ServiceInstanceName = "sampleNetworkShare" ) $ErrorActionPreference = "Stop" diff --git a/FileShares/scripts/remove-user-and-share.ps1 b/FileShares/scripts/remove-user-and-share.ps1 index 9de6960d0..8d5a0f420 100644 --- a/FileShares/scripts/remove-user-and-share.ps1 +++ b/FileShares/scripts/remove-user-and-share.ps1 @@ -2,9 +2,9 @@ #Requires -Modules Microsoft.PowerShell.LocalAccounts, SmbShare Param( - [Parameter(Mandatory = $false)][string]$ShareName = "steeltoe_network_share", - [Parameter(Mandatory = $false)][string]$SharePath = "c:\steeltoe_network_share", - [Parameter(Mandatory = $false)][string]$UserName = "shareWriteUser" + [Parameter(Mandatory = $false, HelpMessage = "The name of the share")][string]$ShareName = "steeltoe_network_share", + [Parameter(Mandatory = $false, HelpMessage = "The path to the share. For example: 'c:\steeltoe_network_share'")][string]$SharePath = "c:\steeltoe_network_share", + [Parameter(Mandatory = $false, HelpMessage = "The name of the user")][string]$UserName = "shareWriteUser" ) $ErrorActionPreference = "Stop"