island: Test windows permissions set by create_secure_directory()

2021-06-09 10:25:34 -04:00 · 2021-06-09 10:25:34 -04:00 · 00b37ca6a5
parent ef17b7f9c8
commit 00b37ca6a5
2 changed files with 27 additions and 34 deletions
--- a/monkey/tests/unit_tests/monkey_island/cc/environment/test_utils.py
+++ b/monkey/tests/unit_tests/monkey_island/cc/environment/test_utils.py
@ -50,3 +50,30 @@ def test_create_secure_directory__perm_linux(test_path_nested):
    create_secure_directory(test_path_nested, create_parent_dirs=True)
    st = os.stat(test_path_nested)
    return bool(st.st_mode & stat.S_IRWXU)
+
+
+@pytest.mark.skipif(not is_windows_os(), reason="Tests Windows (not Posix) permissions.")
+def test_create_secure_directory__perm_windows(test_path):
+    import win32api  # noqa: E402
+    import win32security  # noqa: E402
+
+    FULL_CONTROL = 2032127
+    ACE_TYPE_ALLOW = 0
+
+    create_secure_directory(test_path, create_parent_dirs=False)
+
+    user_sid, _, _ = win32security.LookupAccountName("", win32api.GetUserName())
+    security_descriptor = win32security.GetNamedSecurityInfo(
+        test_path, win32security.SE_FILE_OBJECT, win32security.DACL_SECURITY_INFORMATION
+    )
+    acl = security_descriptor.GetSecurityDescriptorDacl()
+
+    assert acl.GetAceCount() == 1
+
+    ace = acl.GetAce(0)
+    ace_type, _ = ace[0]  # 0 for allow, 1 for deny
+    permissions = ace[1]
+    sid = ace[-1]
+
+    assert sid == user_sid
+    assert permissions == FULL_CONTROL and ace_type == ACE_TYPE_ALLOW
--- a/monkey/tests/unit_tests/monkey_island/cc/environment/test_windows_permissions.py
+++ b/monkey/tests/unit_tests/monkey_island/cc/environment/test_windows_permissions.py
@ -1,34 +0,0 @@
-import os
-
-import pytest
-
-from monkey_island.cc.environment.windows_permissions import set_perms_to_owner_only
-
-
-@pytest.mark.skipif(os.name == "posix", reason="Tests Windows (not Posix) permissions.")
-def test_set_perms_to_owner_only(tmpdir):
-    import win32api  # noqa: E402
-    import win32security  # noqa: E402
-
-    folder = str(tmpdir)
-
-    set_perms_to_owner_only(folder)
-
-    FULL_CONTROL = 2032127
-    ACE_TYPE_ALLOW = 0
-
-    user_sid, _, _ = win32security.LookupAccountName("", win32api.GetUserName())
-    security_descriptor = win32security.GetNamedSecurityInfo(
-        folder, win32security.SE_FILE_OBJECT, win32security.DACL_SECURITY_INFORMATION
-    )
-    acl = security_descriptor.GetSecurityDescriptorDacl()
-
-    assert acl.GetAceCount() == 1
-
-    ace = acl.GetAce(0)
-    ace_type, _ = ace[0]  # 0 for allow, 1 for deny
-    permissions = ace[1]
-    sid = ace[-1]
-
-    assert sid == user_sid
-    assert permissions == FULL_CONTROL and ace_type == ACE_TYPE_ALLOW