2018-11-14 01:16:29 +01:00
|
|
|
|
# Copyright (c) Microsoft Corporation. All rights reserved.
|
|
|
|
|
# Licensed under the MIT License.
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
## ----------
|
|
|
|
|
## Test Note:
|
|
|
|
|
## ----------
|
|
|
|
|
## Since these tests change session and system state (constrained language and system lockdown)
|
|
|
|
|
## they will all use try/finally blocks instead of Pester AfterEach/AfterAll to ensure session
|
|
|
|
|
## and system state is restored.
|
|
|
|
|
## Pester AfterEach, AfterAll is not reliable when the session is constrained language or locked down.
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
Import-Module HelpersSecurity
|
|
|
|
|
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
$defaultParamValues = $PSDefaultParameterValues.Clone()
|
|
|
|
|
$PSDefaultParameterValues["it:Skip"] = !$IsWindows
|
|
|
|
|
|
2019-05-23 00:19:23 +02:00
|
|
|
|
Describe "Local script debugger is disabled in system lock down mode" -Tags 'CI','RequireAdminOnWindows' {
|
2018-11-14 01:16:29 +01:00
|
|
|
|
|
|
|
|
|
BeforeAll {
|
|
|
|
|
|
|
|
|
|
# Debugger test type definition
|
|
|
|
|
$debuggerTestTypeDef = @'
|
|
|
|
|
using System;
|
|
|
|
|
using System.Management.Automation;
|
|
|
|
|
using System.Management.Automation.Runspaces;
|
|
|
|
|
|
|
|
|
|
namespace TestRunner
|
|
|
|
|
{
|
|
|
|
|
public class DebuggerTester
|
|
|
|
|
{
|
|
|
|
|
private Runspace _runspace;
|
|
|
|
|
|
2019-05-23 00:19:23 +02:00
|
|
|
|
public int DebuggerStopHitCount
|
2018-11-14 01:16:29 +01:00
|
|
|
|
{
|
|
|
|
|
private set;
|
|
|
|
|
get;
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-23 00:19:23 +02:00
|
|
|
|
public DebuggerTester(Runspace runspace)
|
2018-11-14 01:16:29 +01:00
|
|
|
|
{
|
|
|
|
|
if (runspace.Debugger == null)
|
|
|
|
|
{
|
|
|
|
|
throw new PSArgumentException("The provided runspace script debugger cannot be null for test.");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_runspace = runspace;
|
|
|
|
|
_runspace.Debugger.DebuggerStop += (sender, args) =>
|
|
|
|
|
{
|
2019-05-23 00:19:23 +02:00
|
|
|
|
DebuggerStopHitCount += 1;
|
2018-11-14 01:16:29 +01:00
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
'@
|
|
|
|
|
|
2019-05-23 00:19:23 +02:00
|
|
|
|
$script = @'
|
|
|
|
|
"Hello"
|
|
|
|
|
Wait-Debugger
|
|
|
|
|
"Goodbye"
|
|
|
|
|
'@
|
|
|
|
|
$scriptFilePath = Join-Path $TestDrive TScript.ps1
|
|
|
|
|
$script > $scriptFilePath
|
2018-11-14 01:16:29 +01:00
|
|
|
|
|
2019-05-23 00:19:23 +02:00
|
|
|
|
# Define debugger test type
|
2018-11-14 01:16:29 +01:00
|
|
|
|
Add-Type -TypeDefinition $debuggerTestTypeDef
|
2019-08-05 22:27:49 +02:00
|
|
|
|
|
|
|
|
|
# Test cases
|
|
|
|
|
$TestCasesDisableDebugger = @(
|
|
|
|
|
@{
|
|
|
|
|
testName = 'Verifies that Set-PSBreakpoint Line is disabled on locked down system'
|
|
|
|
|
scriptText = 'Set-PSBreakpoint -Script {0} -Line 1' -f $scriptFilePath
|
|
|
|
|
},
|
|
|
|
|
@{
|
|
|
|
|
testName = 'Verifies that Set-PSBreakpoint Statement is disabled on locked down system'
|
|
|
|
|
scriptText = 'Set-PSBreakpoint -Script {0} -Line 1 -Column 1' -f $scriptFilePath
|
|
|
|
|
},
|
|
|
|
|
@{
|
|
|
|
|
testName = 'Verifies that Set-PSBreakpoint Command is disabled on locked down system'
|
|
|
|
|
scriptText = 'Set-PSBreakpoint -Command {0}' -f $scriptFilePath
|
|
|
|
|
},
|
|
|
|
|
@{
|
|
|
|
|
testName = 'Verifies that Set-PSBreakpoint Variable is disabled on locked down system'
|
|
|
|
|
scriptText = 'Set-PSBreakpoint -Variable HelloVar'
|
|
|
|
|
}
|
|
|
|
|
)
|
2018-11-14 01:16:29 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
AfterAll {
|
|
|
|
|
|
2019-05-23 00:19:23 +02:00
|
|
|
|
if (($script:moduleDirectory -ne $null) -and (Test-Path $script:moduleDirectory))
|
|
|
|
|
{
|
|
|
|
|
try { Remove-Item -Path $moduleDirectory -Recurse -Force -ErrorAction SilentlyContinue } catch { }
|
|
|
|
|
}
|
2018-11-14 01:16:29 +01:00
|
|
|
|
}
|
|
|
|
|
|
2019-08-05 22:27:49 +02:00
|
|
|
|
It "<testName>" -TestCases $TestCasesDisableDebugger {
|
2018-11-14 01:16:29 +01:00
|
|
|
|
|
2019-08-05 22:27:49 +02:00
|
|
|
|
param ($scriptText)
|
2018-11-14 01:16:29 +01:00
|
|
|
|
|
2019-08-05 22:27:49 +02:00
|
|
|
|
try
|
2019-05-23 00:19:23 +02:00
|
|
|
|
{
|
|
|
|
|
Invoke-LanguageModeTestingSupportCmdlet -SetLockdownMode
|
2018-11-14 01:16:29 +01:00
|
|
|
|
|
2019-08-05 22:27:49 +02:00
|
|
|
|
# Run script in new runspace created within lock down mode.
|
|
|
|
|
[powershell] $ps = [powershell]::Create([System.Management.Automation.RunspaceMode]::NewRunspace);
|
|
|
|
|
$ps.AddScript($scriptText).Invoke()
|
|
|
|
|
$expectedError = $ps.Streams.Error[0]
|
2019-05-23 00:19:23 +02:00
|
|
|
|
}
|
|
|
|
|
finally
|
|
|
|
|
{
|
2019-08-05 22:27:49 +02:00
|
|
|
|
Invoke-LanguageModeTestingSupportCmdlet -RevertLockdownMode -EnableFullLanguageMode
|
|
|
|
|
if ($ps -ne $null) { $ps.Dispose() }
|
2019-05-23 00:19:23 +02:00
|
|
|
|
}
|
2018-11-14 01:16:29 +01:00
|
|
|
|
|
2019-05-23 00:19:23 +02:00
|
|
|
|
$expectedError.FullyQualifiedErrorId | Should Be 'NotSupported,Microsoft.PowerShell.Commands.SetPSBreakpointCommand'
|
2018-11-14 01:16:29 +01:00
|
|
|
|
}
|
|
|
|
|
|
2019-05-23 00:19:23 +02:00
|
|
|
|
It "Verifies that Wait-Debugger is disabled on locked down system" {
|
2018-11-14 01:16:29 +01:00
|
|
|
|
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
Invoke-LanguageModeTestingSupportCmdlet -SetLockdownMode
|
|
|
|
|
|
2019-05-23 00:19:23 +02:00
|
|
|
|
# Create test runspace
|
|
|
|
|
[runspace] $runspace = [runspacefactory]::CreateRunspace()
|
|
|
|
|
$runspace.Open()
|
|
|
|
|
|
|
|
|
|
# Attach TestRuner.DebuggerTester DebugStop event handler to runspace
|
|
|
|
|
$debuggerTester = [TestRunner.DebuggerTester]::new($runspace)
|
2018-11-14 01:16:29 +01:00
|
|
|
|
|
2019-05-23 00:19:23 +02:00
|
|
|
|
# Run $scriptFilePath script with 'Wait-Debugger' in locked down mode
|
|
|
|
|
[powershell] $ps = [powershell]::Create()
|
|
|
|
|
$ps.Runspace = $runspace
|
|
|
|
|
$null = $ps.AddScript('"Hello"; Wait-Debugger; "Goodbye"').Invoke()
|
2018-11-14 01:16:29 +01:00
|
|
|
|
}
|
|
|
|
|
finally
|
|
|
|
|
{
|
|
|
|
|
Invoke-LanguageModeTestingSupportCmdlet -RevertLockdownMode -EnableFullLanguageMode
|
2019-05-23 00:19:23 +02:00
|
|
|
|
if ($runspace -ne $null) { $runspace.Dispose() }
|
|
|
|
|
if ($ps -ne $null) { $ps.Dispose() }
|
2018-11-14 01:16:29 +01:00
|
|
|
|
}
|
|
|
|
|
|
2019-05-23 00:19:23 +02:00
|
|
|
|
# Debugger should not have been active in lockdown mode
|
|
|
|
|
$debuggerTester.DebuggerStopHitCount | Should Be 0
|
2018-11-14 01:16:29 +01:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
finally
|
|
|
|
|
{
|
2019-05-23 00:19:23 +02:00
|
|
|
|
if ($null -ne $defaultParamValues)
|
2018-11-14 01:16:29 +01:00
|
|
|
|
{
|
|
|
|
|
$Global:PSDefaultParameterValues = $defaultParamValues
|
|
|
|
|
}
|
|
|
|
|
}
|