CRWD-HBFW v2.0.0 — Remove NtObjectManager dependency
Summary
This release makes crwd-hbfw fully self-contained by replacing the NtObjectManager dependency with direct native WFP API access via C# P/Invoke to Fwpuclnt.dll.
Breaking Changes
NtObjectManager is no longer required. Remove it from any install scripts or prerequisites documentation. The module now ships with its own native WFP bindings.
What's New
Core
- Native FwpmFilterEnum0 API call via P/Invoke — no external modules needed
- Built-in GUID-to-name resolution for 130+ FWPM_CONDITION_* identifiers (Windows SDK sourced)
- Protocol name resolution (6 → Tcp, 17 → Udp, 58 → IcmpV6)
- Type-aware value formatting: IPv4/IPv6 with CIDR, MAC addresses, Unicode strings, ranges
Testing
- Pester v5 unit test suite (crwd-hbfw.Tests.ps1) — mocked, cross-platform, no elevation needed
- Integration test suite (crwd-hbfw.Integration.Tests.ps1) — auto-skips when Windows/elevation/Falcon sensor are absent
- TESTING.md added with full run instructions and coverage notes
CI Workflows (workflows)
- unit-tests.yml — Pester unit tests on Ubuntu, Windows, macOS
- psscriptanalyzer.yml — PSScriptAnalyzer static analysis with SARIF upload
- devskim.yml — DevSkim security scan with SARIF upload to GitHub Security tab
Unchanged
- Public API is fully backwards compatible:
Testing
# Unit tests (cross-platform, no elevation required)
Invoke-Pester -Path .\tests\crwd-hbfw.Tests.ps1 -Output Detailed
# Integration tests (Windows + Administrator + Falcon sensor)
Invoke-Pester -Path .\tests\crwd-hbfw.Integration.Tests.ps1 -Tag Integration -Output Detailed