From 248d57789f3a963bbf8ac5be9abcba3b27c7763e Mon Sep 17 00:00:00 2001
From: Shreya <shreya.malviya@gmail.com>
Date: Mon, 14 Jun 2021 17:50:40 +0530
Subject: [PATCH] tests: Add unit tests for securly creating a file

---
 .../cc/environment/test_utils.py              | 51 ++++++++++++++++++-
 1 file changed, 50 insertions(+), 1 deletion(-)

diff --git a/monkey/tests/unit_tests/monkey_island/cc/environment/test_utils.py b/monkey/tests/unit_tests/monkey_island/cc/environment/test_utils.py
index 4d933af76..b04b180e5 100644
--- a/monkey/tests/unit_tests/monkey_island/cc/environment/test_utils.py
+++ b/monkey/tests/unit_tests/monkey_island/cc/environment/test_utils.py
@@ -3,7 +3,11 @@ import stat
 
 import pytest
 
-from monkey_island.cc.environment.utils import create_secure_directory, is_windows_os
+from monkey_island.cc.environment.utils import (
+    create_secure_directory,
+    create_secure_file,
+    is_windows_os,
+)
 
 
 @pytest.fixture
@@ -63,3 +67,48 @@ def test_create_secure_directory__perm_windows(test_path):
 
     assert sid == user_sid
     assert permissions == FULL_CONTROL and ace_type == ACE_TYPE_ALLOW
+
+
+def test_create_secure_file__already_created(test_path):
+    os.close(os.open(test_path, os.O_CREAT, 0o700))
+    assert os.path.isfile(test_path)
+    create_secure_file(test_path)
+
+
+def test_create_secure_file__no_parent_dir(test_path_nested):
+    with pytest.raises(Exception):
+        create_secure_file(test_path_nested)
+
+
+@pytest.mark.skipif(is_windows_os(), reason="Tests Posix (not Windows) permissions.")
+def test_create_secure_file__perm_linux(test_path):
+    create_secure_file(test_path)
+    st = os.stat(test_path)
+    assert (st.st_mode & 0o777) == stat.S_IRWXU
+
+
+@pytest.mark.skipif(not is_windows_os(), reason="Tests Windows (not Posix) permissions.")
+def test_create_secure_file__perm_windows(test_path):
+    import win32api
+    import win32security
+
+    FULL_CONTROL = 2032127
+    ACE_TYPE_ALLOW = 0
+
+    create_secure_file(test_path)
+
+    user_sid, _, _ = win32security.LookupAccountName("", win32api.GetUserName())
+    security_descriptor = win32security.GetNamedSecurityInfo(
+        test_path, win32security.SE_FILE_OBJECT, win32security.DACL_SECURITY_INFORMATION
+    )
+    acl = security_descriptor.GetSecurityDescriptorDacl()
+
+    assert acl.GetAceCount() == 1
+
+    ace = acl.GetAce(0)
+    ace_type, _ = ace[0]  # 0 for allow, 1 for deny
+    permissions = ace[1]
+    sid = ace[-1]
+
+    assert sid == user_sid
+    assert permissions == FULL_CONTROL and ace_type == ACE_TYPE_ALLOW