Merge pull request #1213 from guardicore/win-set-perms-tests

Add unit tests for windows directory permission setting
This commit is contained in:
Mike Salvatore 2021-06-09 12:00:57 -04:00 committed by GitHub
commit 7c49934270
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 31 additions and 11 deletions

View File

@ -1,5 +1,4 @@
import os import os
import shutil
import stat import stat
import pytest import pytest
@ -11,22 +10,16 @@ from monkey_island.cc.environment.utils import create_secure_directory, is_windo
def test_path_nested(tmpdir): def test_path_nested(tmpdir):
nested_path = "test1/test2/test3" nested_path = "test1/test2/test3"
path = os.path.join(tmpdir, nested_path) path = os.path.join(tmpdir, nested_path)
yield path
try: return path
shutil.rmtree(os.path.join(tmpdir, "test1"))
except Exception:
pass
@pytest.fixture @pytest.fixture
def test_path(tmpdir): def test_path(tmpdir):
test_path = "test1" test_path = "test1"
path = os.path.join(tmpdir, test_path) path = os.path.join(tmpdir, test_path)
yield path
try: return path
shutil.rmtree(path)
except Exception:
pass
def test_create_secure_directory__parent_dirs(test_path_nested): def test_create_secure_directory__parent_dirs(test_path_nested):
@ -50,3 +43,30 @@ def test_create_secure_directory__perm_linux(test_path_nested):
create_secure_directory(test_path_nested, create_parent_dirs=True) create_secure_directory(test_path_nested, create_parent_dirs=True)
st = os.stat(test_path_nested) st = os.stat(test_path_nested)
return bool(st.st_mode & stat.S_IRWXU) return bool(st.st_mode & stat.S_IRWXU)
@pytest.mark.skipif(not is_windows_os(), reason="Tests Windows (not Posix) permissions.")
def test_create_secure_directory__perm_windows(test_path):
import win32api # noqa: E402
import win32security # noqa: E402
FULL_CONTROL = 2032127
ACE_TYPE_ALLOW = 0
create_secure_directory(test_path, create_parent_dirs=False)
user_sid, _, _ = win32security.LookupAccountName("", win32api.GetUserName())
security_descriptor = win32security.GetNamedSecurityInfo(
test_path, win32security.SE_FILE_OBJECT, win32security.DACL_SECURITY_INFORMATION
)
acl = security_descriptor.GetSecurityDescriptorDacl()
assert acl.GetAceCount() == 1
ace = acl.GetAce(0)
ace_type, _ = ace[0] # 0 for allow, 1 for deny
permissions = ace[1]
sid = ace[-1]
assert sid == user_sid
assert permissions == FULL_CONTROL and ace_type == ACE_TYPE_ALLOW