forked from p15670423/monkey
Merge pull request #1213 from guardicore/win-set-perms-tests
Add unit tests for windows directory permission setting
This commit is contained in:
commit
7c49934270
|
@ -1,5 +1,4 @@
|
||||||
import os
|
import os
|
||||||
import shutil
|
|
||||||
import stat
|
import stat
|
||||||
|
|
||||||
import pytest
|
import pytest
|
||||||
|
@ -11,22 +10,16 @@ from monkey_island.cc.environment.utils import create_secure_directory, is_windo
|
||||||
def test_path_nested(tmpdir):
|
def test_path_nested(tmpdir):
|
||||||
nested_path = "test1/test2/test3"
|
nested_path = "test1/test2/test3"
|
||||||
path = os.path.join(tmpdir, nested_path)
|
path = os.path.join(tmpdir, nested_path)
|
||||||
yield path
|
|
||||||
try:
|
return path
|
||||||
shutil.rmtree(os.path.join(tmpdir, "test1"))
|
|
||||||
except Exception:
|
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def test_path(tmpdir):
|
def test_path(tmpdir):
|
||||||
test_path = "test1"
|
test_path = "test1"
|
||||||
path = os.path.join(tmpdir, test_path)
|
path = os.path.join(tmpdir, test_path)
|
||||||
yield path
|
|
||||||
try:
|
return path
|
||||||
shutil.rmtree(path)
|
|
||||||
except Exception:
|
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
def test_create_secure_directory__parent_dirs(test_path_nested):
|
def test_create_secure_directory__parent_dirs(test_path_nested):
|
||||||
|
@ -50,3 +43,30 @@ def test_create_secure_directory__perm_linux(test_path_nested):
|
||||||
create_secure_directory(test_path_nested, create_parent_dirs=True)
|
create_secure_directory(test_path_nested, create_parent_dirs=True)
|
||||||
st = os.stat(test_path_nested)
|
st = os.stat(test_path_nested)
|
||||||
return bool(st.st_mode & stat.S_IRWXU)
|
return bool(st.st_mode & stat.S_IRWXU)
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.skipif(not is_windows_os(), reason="Tests Windows (not Posix) permissions.")
|
||||||
|
def test_create_secure_directory__perm_windows(test_path):
|
||||||
|
import win32api # noqa: E402
|
||||||
|
import win32security # noqa: E402
|
||||||
|
|
||||||
|
FULL_CONTROL = 2032127
|
||||||
|
ACE_TYPE_ALLOW = 0
|
||||||
|
|
||||||
|
create_secure_directory(test_path, create_parent_dirs=False)
|
||||||
|
|
||||||
|
user_sid, _, _ = win32security.LookupAccountName("", win32api.GetUserName())
|
||||||
|
security_descriptor = win32security.GetNamedSecurityInfo(
|
||||||
|
test_path, win32security.SE_FILE_OBJECT, win32security.DACL_SECURITY_INFORMATION
|
||||||
|
)
|
||||||
|
acl = security_descriptor.GetSecurityDescriptorDacl()
|
||||||
|
|
||||||
|
assert acl.GetAceCount() == 1
|
||||||
|
|
||||||
|
ace = acl.GetAce(0)
|
||||||
|
ace_type, _ = ace[0] # 0 for allow, 1 for deny
|
||||||
|
permissions = ace[1]
|
||||||
|
sid = ace[-1]
|
||||||
|
|
||||||
|
assert sid == user_sid
|
||||||
|
assert permissions == FULL_CONTROL and ace_type == ACE_TYPE_ALLOW
|
||||||
|
|
Loading…
Reference in New Issue