From ef17b7f9c88fc3cbb1272ca09e2e48fe9b12414b Mon Sep 17 00:00:00 2001 From: shreyamalviya Date: Wed, 9 Jun 2021 16:31:27 +0530 Subject: [PATCH 1/3] Add unit tests for windows directory permission setting --- .../environment/test_windows_permissions.py | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 monkey/tests/unit_tests/monkey_island/cc/environment/test_windows_permissions.py diff --git a/monkey/tests/unit_tests/monkey_island/cc/environment/test_windows_permissions.py b/monkey/tests/unit_tests/monkey_island/cc/environment/test_windows_permissions.py new file mode 100644 index 000000000..6ac17255e --- /dev/null +++ b/monkey/tests/unit_tests/monkey_island/cc/environment/test_windows_permissions.py @@ -0,0 +1,34 @@ +import os + +import pytest + +from monkey_island.cc.environment.windows_permissions import set_perms_to_owner_only + + +@pytest.mark.skipif(os.name == "posix", reason="Tests Windows (not Posix) permissions.") +def test_set_perms_to_owner_only(tmpdir): + import win32api # noqa: E402 + import win32security # noqa: E402 + + folder = str(tmpdir) + + set_perms_to_owner_only(folder) + + FULL_CONTROL = 2032127 + ACE_TYPE_ALLOW = 0 + + user_sid, _, _ = win32security.LookupAccountName("", win32api.GetUserName()) + security_descriptor = win32security.GetNamedSecurityInfo( + folder, win32security.SE_FILE_OBJECT, win32security.DACL_SECURITY_INFORMATION + ) + acl = security_descriptor.GetSecurityDescriptorDacl() + + assert acl.GetAceCount() == 1 + + ace = acl.GetAce(0) + ace_type, _ = ace[0] # 0 for allow, 1 for deny + permissions = ace[1] + sid = ace[-1] + + assert sid == user_sid + assert permissions == FULL_CONTROL and ace_type == ACE_TYPE_ALLOW From 00b37ca6a5a9f190a54b5856bfffc71471bcc07e Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 9 Jun 2021 10:25:34 -0400 Subject: [PATCH 2/3] island: Test windows permissions set by create_secure_directory() --- .../cc/environment/test_utils.py | 27 +++++++++++++++ .../environment/test_windows_permissions.py | 34 ------------------- 2 files changed, 27 insertions(+), 34 deletions(-) delete mode 100644 monkey/tests/unit_tests/monkey_island/cc/environment/test_windows_permissions.py diff --git a/monkey/tests/unit_tests/monkey_island/cc/environment/test_utils.py b/monkey/tests/unit_tests/monkey_island/cc/environment/test_utils.py index fa2c4202b..3d9898d64 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/environment/test_utils.py +++ b/monkey/tests/unit_tests/monkey_island/cc/environment/test_utils.py @@ -50,3 +50,30 @@ def test_create_secure_directory__perm_linux(test_path_nested): create_secure_directory(test_path_nested, create_parent_dirs=True) st = os.stat(test_path_nested) return bool(st.st_mode & stat.S_IRWXU) + + +@pytest.mark.skipif(not is_windows_os(), reason="Tests Windows (not Posix) permissions.") +def test_create_secure_directory__perm_windows(test_path): + import win32api # noqa: E402 + import win32security # noqa: E402 + + FULL_CONTROL = 2032127 + ACE_TYPE_ALLOW = 0 + + create_secure_directory(test_path, create_parent_dirs=False) + + user_sid, _, _ = win32security.LookupAccountName("", win32api.GetUserName()) + security_descriptor = win32security.GetNamedSecurityInfo( + test_path, win32security.SE_FILE_OBJECT, win32security.DACL_SECURITY_INFORMATION + ) + acl = security_descriptor.GetSecurityDescriptorDacl() + + assert acl.GetAceCount() == 1 + + ace = acl.GetAce(0) + ace_type, _ = ace[0] # 0 for allow, 1 for deny + permissions = ace[1] + sid = ace[-1] + + assert sid == user_sid + assert permissions == FULL_CONTROL and ace_type == ACE_TYPE_ALLOW diff --git a/monkey/tests/unit_tests/monkey_island/cc/environment/test_windows_permissions.py b/monkey/tests/unit_tests/monkey_island/cc/environment/test_windows_permissions.py deleted file mode 100644 index 6ac17255e..000000000 --- a/monkey/tests/unit_tests/monkey_island/cc/environment/test_windows_permissions.py +++ /dev/null @@ -1,34 +0,0 @@ -import os - -import pytest - -from monkey_island.cc.environment.windows_permissions import set_perms_to_owner_only - - -@pytest.mark.skipif(os.name == "posix", reason="Tests Windows (not Posix) permissions.") -def test_set_perms_to_owner_only(tmpdir): - import win32api # noqa: E402 - import win32security # noqa: E402 - - folder = str(tmpdir) - - set_perms_to_owner_only(folder) - - FULL_CONTROL = 2032127 - ACE_TYPE_ALLOW = 0 - - user_sid, _, _ = win32security.LookupAccountName("", win32api.GetUserName()) - security_descriptor = win32security.GetNamedSecurityInfo( - folder, win32security.SE_FILE_OBJECT, win32security.DACL_SECURITY_INFORMATION - ) - acl = security_descriptor.GetSecurityDescriptorDacl() - - assert acl.GetAceCount() == 1 - - ace = acl.GetAce(0) - ace_type, _ = ace[0] # 0 for allow, 1 for deny - permissions = ace[1] - sid = ace[-1] - - assert sid == user_sid - assert permissions == FULL_CONTROL and ace_type == ACE_TYPE_ALLOW From b98ebc8a693f790d09fd1aa1bf764ac6a31f08d4 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 9 Jun 2021 10:36:37 -0400 Subject: [PATCH 3/3] island: Remove tmpdir cleanup code from test_utils.py Pytest automatically cleans up tmpdir fixtures older than 3 runs. See https://docs.pytest.org/en/6.2.x/tmpdir.html#the-default-base-temporary-directory Windows10 and Linux will automatically clean their temp directories. --- .../monkey_island/cc/environment/test_utils.py | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/monkey/tests/unit_tests/monkey_island/cc/environment/test_utils.py b/monkey/tests/unit_tests/monkey_island/cc/environment/test_utils.py index 3d9898d64..c373bc84a 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/environment/test_utils.py +++ b/monkey/tests/unit_tests/monkey_island/cc/environment/test_utils.py @@ -1,5 +1,4 @@ import os -import shutil import stat import pytest @@ -11,22 +10,16 @@ from monkey_island.cc.environment.utils import create_secure_directory, is_windo def test_path_nested(tmpdir): nested_path = "test1/test2/test3" path = os.path.join(tmpdir, nested_path) - yield path - try: - shutil.rmtree(os.path.join(tmpdir, "test1")) - except Exception: - pass + + return path @pytest.fixture def test_path(tmpdir): test_path = "test1" path = os.path.join(tmpdir, test_path) - yield path - try: - shutil.rmtree(path) - except Exception: - pass + + return path def test_create_secure_directory__parent_dirs(test_path_nested):