Add Windows tests for island_config_options_validator.py

This commit is contained in:
shreyamalviya 2021-06-09 21:52:07 +05:30
parent 91aad66e16
commit 8a321f0290
1 changed files with 95 additions and 17 deletions

View File

@ -1,4 +1,5 @@
import os import os
import subprocess
import pytest import pytest
@ -7,15 +8,19 @@ from monkey_island.cc.setup.island_config_options import IslandConfigOptions
from monkey_island.cc.setup.island_config_options_validator import raise_on_invalid_options from monkey_island.cc.setup.island_config_options_validator import raise_on_invalid_options
LINUX_READ_ONLY_BY_USER = 0o400
LINUX_RWX_BY_ALL = 0o777
@pytest.fixture @pytest.fixture
def island_config_options(tmpdir, create_empty_file): def linux_island_config_options(tmpdir, create_empty_file):
crt_file = os.path.join(tmpdir, "test.crt") crt_file = os.path.join(tmpdir, "test.crt")
create_empty_file(crt_file) create_empty_file(crt_file)
os.chmod(crt_file, 0o400) os.chmod(crt_file, LINUX_READ_ONLY_BY_USER)
key_file = os.path.join(tmpdir, "test.key") key_file = os.path.join(tmpdir, "test.key")
create_empty_file(key_file) create_empty_file(key_file)
os.chmod(key_file, 0o400) os.chmod(key_file, LINUX_READ_ONLY_BY_USER)
return IslandConfigOptions( return IslandConfigOptions(
{ {
"ssl_certificate": { "ssl_certificate": {
@ -27,41 +32,114 @@ def island_config_options(tmpdir, create_empty_file):
@pytest.mark.skipif(os.name != "posix", reason="Tests Posix (not Windows) permissions.") @pytest.mark.skipif(os.name != "posix", reason="Tests Posix (not Windows) permissions.")
def test_valid_crt_and_key_paths(island_config_options): def test_linux_valid_crt_and_key_paths(linux_island_config_options):
try: try:
raise_on_invalid_options(island_config_options) raise_on_invalid_options(linux_island_config_options)
except Exception as ex: except Exception as ex:
print(ex) print(ex)
assert False assert False
@pytest.mark.skipif(os.name != "posix", reason="Tests Posix (not Windows) permissions.") @pytest.mark.skipif(os.name != "posix", reason="Tests Posix (not Windows) permissions.")
def test_crt_path_does_not_exist(island_config_options): def test_linux_crt_path_does_not_exist(linux_island_config_options):
os.remove(island_config_options.crt_path) os.remove(linux_island_config_options.crt_path)
with pytest.raises(FileNotFoundError): with pytest.raises(FileNotFoundError):
raise_on_invalid_options(island_config_options) raise_on_invalid_options(linux_island_config_options)
@pytest.mark.skipif(os.name != "posix", reason="Tests Posix (not Windows) permissions.") @pytest.mark.skipif(os.name != "posix", reason="Tests Posix (not Windows) permissions.")
def test_crt_path_insecure_permissions(island_config_options): def test_linux_crt_path_insecure_permissions(linux_island_config_options):
os.chmod(island_config_options.crt_path, 0o777) os.chmod(linux_island_config_options.crt_path, LINUX_RWX_BY_ALL)
with pytest.raises(InsecurePermissionsError): with pytest.raises(InsecurePermissionsError):
raise_on_invalid_options(island_config_options) raise_on_invalid_options(linux_island_config_options)
@pytest.mark.skipif(os.name != "posix", reason="Tests Posix (not Windows) permissions.") @pytest.mark.skipif(os.name != "posix", reason="Tests Posix (not Windows) permissions.")
def test_key_path_does_not_exist(island_config_options): def test_linux_key_path_does_not_exist(linux_island_config_options):
os.remove(island_config_options.key_path) os.remove(linux_island_config_options.key_path)
with pytest.raises(FileNotFoundError): with pytest.raises(FileNotFoundError):
raise_on_invalid_options(island_config_options) raise_on_invalid_options(linux_island_config_options)
@pytest.mark.skipif(os.name != "posix", reason="Tests Posix (not Windows) permissions.") @pytest.mark.skipif(os.name != "posix", reason="Tests Posix (not Windows) permissions.")
def test_key_path_insecure_permissions(island_config_options): def test_linux_key_path_insecure_permissions(linux_island_config_options):
os.chmod(island_config_options.key_path, 0o777) os.chmod(linux_island_config_options.key_path, LINUX_RWX_BY_ALL)
with pytest.raises(InsecurePermissionsError): with pytest.raises(InsecurePermissionsError):
raise_on_invalid_options(island_config_options) raise_on_invalid_options(linux_island_config_options)
@pytest.fixture
def windows_island_config_options(tmpdir, create_empty_file):
crt_file = os.path.join(tmpdir, "test.crt")
create_empty_file(crt_file)
cmd_to_change_permissions = get_windows_cmd_to_change_permissions(crt_file, 'R')
subprocess.run(cmd_to_change_permissions, shell=True)
key_file = os.path.join(tmpdir, "test.key")
create_empty_file(key_file)
cmd_to_change_permissions = get_windows_cmd_to_change_permissions(key_file, 'R')
subprocess.run(cmd_to_change_permissions, shell=True)
return IslandConfigOptions(
{
"ssl_certificate": {
"ssl_certificate_file": crt_file,
"ssl_certificate_key_file": key_file,
}
}
)
def get_windows_cmd_to_change_permissions(file_name, permissions):
"""
:param file_name: name of file
:param permissions: can be: N (None), R (Read), W (Write), C (Change (write)), F (Full control)
"""
return f"echo y| cacls {file_name} /p %USERNAME%:{permissions}"
@pytest.mark.skipif(os.name == "posix", reason="Tests Windows (not Posix) permissions.")
def test_windows_valid_crt_and_key_paths(windows_island_config_options):
try:
raise_on_invalid_options(windows_island_config_options)
except Exception as ex:
print(ex)
assert False
@pytest.mark.skipif(os.name == "posix", reason="Tests Windows (not Posix) permissions.")
def test_windows_crt_path_does_not_exist(windows_island_config_options):
os.remove(windows_island_config_options.crt_path)
with pytest.raises(FileNotFoundError):
raise_on_invalid_options(windows_island_config_options)
@pytest.mark.skipif(os.name == "posix", reason="Tests Windows (not Posix) permissions.")
def test_windows_crt_path_insecure_permissions(windows_island_config_options):
cmd_to_change_permissions = get_windows_cmd_to_change_permissions(windows_island_config_options.crt_path, 'W')
subprocess.run(cmd_to_change_permissions, shell=True)
with pytest.raises(InsecurePermissionsError):
raise_on_invalid_options(windows_island_config_options)
@pytest.mark.skipif(os.name == "posix", reason="Tests Windows (not Posix) permissions.")
def test_windows_key_path_does_not_exist(windows_island_config_options):
os.remove(windows_island_config_options.key_path)
with pytest.raises(FileNotFoundError):
raise_on_invalid_options(windows_island_config_options)
@pytest.mark.skipif(os.name == "posix", reason="Tests Windows (not Posix) permissions.")
def test_windows_key_path_insecure_permissions(windows_island_config_options):
cmd_to_change_permissions = get_windows_cmd_to_change_permissions(windows_island_config_options.key_path, 'W')
subprocess.run(cmd_to_change_permissions, shell=True)
with pytest.raises(InsecurePermissionsError):
raise_on_invalid_options(windows_island_config_options)