From ef17b7f9c88fc3cbb1272ca09e2e48fe9b12414b Mon Sep 17 00:00:00 2001
From: shreyamalviya <shreya.malviya@gmail.com>
Date: Wed, 9 Jun 2021 16:31:27 +0530
Subject: [PATCH] Add unit tests for windows directory permission setting

---
 .../environment/test_windows_permissions.py   | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 monkey/tests/unit_tests/monkey_island/cc/environment/test_windows_permissions.py

diff --git a/monkey/tests/unit_tests/monkey_island/cc/environment/test_windows_permissions.py b/monkey/tests/unit_tests/monkey_island/cc/environment/test_windows_permissions.py
new file mode 100644
index 000000000..6ac17255e
--- /dev/null
+++ b/monkey/tests/unit_tests/monkey_island/cc/environment/test_windows_permissions.py
@@ -0,0 +1,34 @@
+import os
+
+import pytest
+
+from monkey_island.cc.environment.windows_permissions import set_perms_to_owner_only
+
+
+@pytest.mark.skipif(os.name == "posix", reason="Tests Windows (not Posix) permissions.")
+def test_set_perms_to_owner_only(tmpdir):
+    import win32api  # noqa: E402
+    import win32security  # noqa: E402
+
+    folder = str(tmpdir)
+
+    set_perms_to_owner_only(folder)
+
+    FULL_CONTROL = 2032127
+    ACE_TYPE_ALLOW = 0
+
+    user_sid, _, _ = win32security.LookupAccountName("", win32api.GetUserName())
+    security_descriptor = win32security.GetNamedSecurityInfo(
+        folder, win32security.SE_FILE_OBJECT, win32security.DACL_SECURITY_INFORMATION
+    )
+    acl = security_descriptor.GetSecurityDescriptorDacl()
+
+    assert acl.GetAceCount() == 1
+
+    ace = acl.GetAce(0)
+    ace_type, _ = ace[0]  # 0 for allow, 1 for deny
+    permissions = ace[1]
+    sid = ace[-1]
+
+    assert sid == user_sid
+    assert permissions == FULL_CONTROL and ace_type == ACE_TYPE_ALLOW