From 00b37ca6a5a9f190a54b5856bfffc71471bcc07e Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 9 Jun 2021 10:25:34 -0400 Subject: [PATCH] island: Test windows permissions set by create_secure_directory() --- .../cc/environment/test_utils.py | 27 +++++++++++++++ .../environment/test_windows_permissions.py | 34 ------------------- 2 files changed, 27 insertions(+), 34 deletions(-) delete mode 100644 monkey/tests/unit_tests/monkey_island/cc/environment/test_windows_permissions.py diff --git a/monkey/tests/unit_tests/monkey_island/cc/environment/test_utils.py b/monkey/tests/unit_tests/monkey_island/cc/environment/test_utils.py index fa2c4202b..3d9898d64 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/environment/test_utils.py +++ b/monkey/tests/unit_tests/monkey_island/cc/environment/test_utils.py @@ -50,3 +50,30 @@ def test_create_secure_directory__perm_linux(test_path_nested): create_secure_directory(test_path_nested, create_parent_dirs=True) st = os.stat(test_path_nested) return bool(st.st_mode & stat.S_IRWXU) + + +@pytest.mark.skipif(not is_windows_os(), reason="Tests Windows (not Posix) permissions.") +def test_create_secure_directory__perm_windows(test_path): + import win32api # noqa: E402 + import win32security # noqa: E402 + + FULL_CONTROL = 2032127 + ACE_TYPE_ALLOW = 0 + + create_secure_directory(test_path, create_parent_dirs=False) + + user_sid, _, _ = win32security.LookupAccountName("", win32api.GetUserName()) + security_descriptor = win32security.GetNamedSecurityInfo( + test_path, win32security.SE_FILE_OBJECT, win32security.DACL_SECURITY_INFORMATION + ) + acl = security_descriptor.GetSecurityDescriptorDacl() + + assert acl.GetAceCount() == 1 + + ace = acl.GetAce(0) + ace_type, _ = ace[0] # 0 for allow, 1 for deny + permissions = ace[1] + sid = ace[-1] + + assert sid == user_sid + assert permissions == FULL_CONTROL and ace_type == ACE_TYPE_ALLOW diff --git a/monkey/tests/unit_tests/monkey_island/cc/environment/test_windows_permissions.py b/monkey/tests/unit_tests/monkey_island/cc/environment/test_windows_permissions.py deleted file mode 100644 index 6ac17255e..000000000 --- a/monkey/tests/unit_tests/monkey_island/cc/environment/test_windows_permissions.py +++ /dev/null @@ -1,34 +0,0 @@ -import os - -import pytest - -from monkey_island.cc.environment.windows_permissions import set_perms_to_owner_only - - -@pytest.mark.skipif(os.name == "posix", reason="Tests Windows (not Posix) permissions.") -def test_set_perms_to_owner_only(tmpdir): - import win32api # noqa: E402 - import win32security # noqa: E402 - - folder = str(tmpdir) - - set_perms_to_owner_only(folder) - - FULL_CONTROL = 2032127 - ACE_TYPE_ALLOW = 0 - - user_sid, _, _ = win32security.LookupAccountName("", win32api.GetUserName()) - security_descriptor = win32security.GetNamedSecurityInfo( - folder, win32security.SE_FILE_OBJECT, win32security.DACL_SECURITY_INFORMATION - ) - acl = security_descriptor.GetSecurityDescriptorDacl() - - assert acl.GetAceCount() == 1 - - ace = acl.GetAce(0) - ace_type, _ = ace[0] # 0 for allow, 1 for deny - permissions = ace[1] - sid = ace[-1] - - assert sid == user_sid - assert permissions == FULL_CONTROL and ace_type == ACE_TYPE_ALLOW