Home > other >  Microsoft GRAPH query lists an unfamiliar format for detectionscripcontent using endpoint /deviceMan
Microsoft GRAPH query lists an unfamiliar format for detectionscripcontent using endpoint /deviceMan

Time:04-21

I will create a JWT token and place it in the header of the GET request to authenticate my tenant. Then I use

Invoke-RestMethod -Uri "https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts" -Method GET -Headers $headers  -ContentType 'application/json' -ErrorAction "continue"

This retrieves a proactive remediation script object. Just that I have no idea what format the actual code is. I should be looking at my PowerShell script but nope, just a lot of random characters. This is part of the JSON file.

"detectionScriptContent": "JGVudmlyb25lbW50YWxSZWdwYXRoID0gJ1JlZ2lzdHJ5OjpIS0VZX0xPQ0FMX01BQ0hJTkVcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XENvbnRyb2xcU2Vzc2lvbiBNYW5hZ2VyXEVudmlyb25tZW50Jw0KDQokZGVzaXJlZFByb3BlcnR5ID0gIkFSQ0dJU19MSUNFTlNFX0ZJTEUiDQokdmFsID0gIjI3MDA5QGF6ci1saWMtMDEiDQoNCiMgJGRlc2lyZWRQcm9wZXJ0eSA9ICJUTVAiDQojICR2YWwgPSAiQzpcV0lORE9XU1xURU1QIg0KDQoNCiMgVGVzdC1QYXRoIC1QYXRoICdIS0xNOlxTeXN0ZW1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXJcRW52aXJvbm1lbnRcUGF0aCcNCiRkZXNpcmVkUHJvcGVydHlFeGlzdHMgPSAoJG51bGwgLW5lIChHZXQtSXRlbVByb3BlcnR5IC1QYXRoICRlbnZpcm9uZW1udGFsUmVncGF0aCAtTmFtZSAkZGVzaXJlZFByb3BlcnR5IC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkNCg0KV3JpdGUtT3V0cHV0ICRkZXNpcmVkUHJvcGVydHlFeGlzdHMNCg0KaWYoJGRlc2lyZWRQcm9wZXJ0eUV4aXN0cyl7DQoNCiAgICBXcml0ZS1PdXRwdXQgIkRldGVjdGVkIFByb3BlcnR5ICRkZXNpcmVkUHJvcGVydHkgZXhpc3RzLiINCg0KfWVsc2V7IFdyaXRlLU91dHB1dCAiJGRlc2lyZWRQcm9wZXJ0eSBkb2VzIG5vdCBleGlzdC4gRXhpdCAxIjsgZXhpdCAxIH0NCg0KJGRlc2lyZWRQcm9wZXJ0eVZhbHVlID0gR2V0LUl0ZW1Qcm9wZXJ0eVZhbHVlIC1QYXRoICRlbnZpcm9uZW1udGFsUmVncGF0aCAtTmFtZSAkZGVzaXJlZFByb3BlcnR5IC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlDQoNCmlmKCRkZXNpcmVkUHJvcGVydHlWYWx1ZSAtZXEgJHZhbCl7DQoNCiAgICBXcml0ZS1PdXRwdXQgIiRkZXNpcmVkUHJvcGVydHkgdmFsdWUgbWF0Y2hlcyAkdmFsLiBFeGl0IDAiOyBFeGl0IDA7DQoNCn1lbHNleyBXcml0ZS1PdXRwdXQgIiRkZXNpcmVkUHJvcGVydHkgdmFsdWUgRE9FUyBOT1QgbWF0Y2hlcyAkdmFsLiBFeGl0IDEiOyBFeGl0IDE7IH0NCg==",
    "remediationScriptContent": "DQoNCiRlbnZpcm9uZW1udGFsUmVncGF0aCA9ICdIS0xNOlxTeXN0ZW1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXJcRW52aXJvbm1lbnQnDQoNCiRkZXNpcmVkUHJvcGVydHkgPSAiQVJDR0lTX0xJQ0VOU0VfRklMRSINCiR2YWwgPSAiMjcwMDlAYXpyLWxpYy0wMSINCg0KDQpmdW5jdGlvbiBjcmVhdGVSZWdpc3RyeVByb3BlcnR5ew0KDQogICAgJGcgPSBHZXQtSXRlbVByb3BlcnR5IC1QYXRoICRlbnZpcm9uZW1udGFsUmVncGF0aCAtTmFtZSAkZGVzaXJlZFByb3BlcnR5IC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlDQoNCiAgICBpZigkZyAtZXEgJG51bGwpew0KICAgICAgICBOZXctSXRlbVByb3BlcnR5IC1QYXRoICRlbnZpcm9uZW1udGFsUmVncGF0aCAtTmFtZSAkZGVzaXJlZFByb3BlcnR5IC1WYWx1ZSAkdmFsIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlIHwgb3V0LW51bGwNCiAgICB9ZWxzZXsNCiAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtUGF0aCAkZW52aXJvbmVtbnRhbFJlZ3BhdGggLU5hbWUgJGRlc2lyZWRQcm9wZXJ0eSAtVmFsdWUgJHZhbCAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZSB8IG91dC1udWxsDQogICAgfQ0KfQ0KDQpmdW5jdGlvbiBSZWdpc3RyeUl0ZW1QYXNzZXN7DQogICAgJHJlZ1Byb3BlcnR5T2JqZWN0ID0gR2V0LUl0ZW1Qcm9wZXJ0eSAtUGF0aCAkZW52aXJvbmVtbnRhbFJlZ3BhdGggLU5hbWUgJGRlc2lyZWRQcm9wZXJ0eSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQ0KICAgICRwcm9wRXhpc3RzID0gKCRudWxsIC1uZSAkcmVnUHJvcGVydHlPYmplY3QpDQoNCiAgICBpZigkcHJvcEV4aXN0cyAtZXEgJHRydWUpew0KDQogICAgICAgICRwcm9wVmFsdWUgPSBHZXQtSXRlbVByb3BlcnR5VmFsdWUgLVBhdGggJGVudmlyb25lbW50YWxSZWdwYXRoIC1OYW1lICRkZXNpcmVkUHJvcGVydHkgLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUgDQogICAgICAgIA0KICAgICAgICByZXR1cm4gKCRwcm9wRXhpc3RzIC1hbmQgKCRwcm9wVmFsdWUgLWVxICR2YWwpKQ0KICAgIH0NCiAgICAjaWYgaXQgYnlwc3NlcyB0aGUgY29uZGl0aW9uYWwgc2NvcGUsIHRoZW4gcHJvcEV4aXN0cyBtdXN0IGJlIGZhbHNlLg0KICAgIHJldHVybiAkcHJvcEV4aXN0cw0KfQ0KDQppZigoUmVnaXN0cnlJdGVtUGFzc2VzKSAtZXEgJGZhbHNlKXsNCg0KICAgIFdyaXRlLU91dHB1dCAiQ3JlYXRpbmcgdGhlIHByb3BlcnR5ICRkZXNpcmVkUHJvcGVydHkiDQogICAgY3JlYXRlUmVnaXN0cnlQcm9wZXJ0eQ0KfQ0KDQppZihSZWdpc3RyeUl0ZW1QYXNzZXMpew0KICAgIA0KICAgIFdyaXRlLU91dHB1dCAiUmVnaXN0ZXkgaXRlbSBhbiB2YWx1ZSBjaGVja3Mgb3V0LiBFeGl0IDAiOyBFeGl0IDA7DQoNCn1lbHNleyBXcml0ZS1PdXRwdXQgIlNvbWV0aGluZyB3ZW50IHdyb25nLkV4aXQgMSI7IGV4aXQgMTsgfQ0KDQoNCg==",

Microsoft Docs say its binary but that's not the case https://docs.microsoft.com/en-us/graph/api/intune-devices-devicehealthscript-update?view=graph-rest-beta

CodePudding user response:

Your property values are Base64-encoded bytes representing UTF-8-encoded strings.

  • If a given string is composed of seemingly random characters consisting predominantly of digits and uppercase and lowercase letters, optionally followed by one or two =, there is a good chance that it represents Base64-encoded data.

  • Base64 is capable of encoding any binary data (array of bytes), so there's no telling in the abstract what is being encoded:

    • However, given that the names of the properties in your case contain "ScriptContent", it is reasonable to assume that text is being encoded.
    • This then leaves the question what character encoding was used to create the binary data that was Base64-encoded. UTF-8 is a common character encoding, and it is indeed what was used in your case.

You can decode them (into plain-text .NET strings) as follows (using a simple sample input string):

$bytes = [Convert]::FromBase64String('SGkgdGhlcmUu')
[Text.Encoding]::Utf8.GetString($bytes) # -> 'Hi there.'

To encode:

$bytes = [Text.Encoding]::Utf8.GetBytes('Hi there.')
[Convert]::ToBase64String($bytes) # -> 'SGkgdGhlcmUu'

Page link:https//www.codepudding.com/other/380083.html

Prev:Convert timeseries pandas dataframe to nested JSON
Next:How do you use a FOR loop in a list to add items from a JSON file? Discord.py
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding