Merge pull request #4353 from SteveL-MSFT/deviceguard-startprocess
Fix DeviceGuard data being returned from Get-ComputerInfo and Start-Process test failure
This commit is contained in:
commit
06d416b954
|
@ -436,8 +436,14 @@ namespace Microsoft.PowerShell.Commands
|
||||||
var wmiGuard = session.GetFirst<WmiDeviceGuard>(CIMHelper.DeviceGuardNamespace,
|
var wmiGuard = session.GetFirst<WmiDeviceGuard>(CIMHelper.DeviceGuardNamespace,
|
||||||
CIMHelper.ClassNames.DeviceGuard);
|
CIMHelper.ClassNames.DeviceGuard);
|
||||||
|
|
||||||
if (wmiGuard != null)
|
if (wmiGuard != null) {
|
||||||
|
var smartStatus = EnumConverter<DeviceGuardSmartStatus>.Convert((int?)wmiGuard.VirtualizationBasedSecurityStatus ?? 0);
|
||||||
|
if (smartStatus != null)
|
||||||
|
{
|
||||||
|
status = (DeviceGuardSmartStatus)smartStatus;
|
||||||
|
}
|
||||||
guard = wmiGuard.AsOutputType;
|
guard = wmiGuard.AsOutputType;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return new DeviceGuardInfo
|
return new DeviceGuardInfo
|
||||||
|
|
|
@ -23,6 +23,23 @@ function Get-ComputerInfoForTest
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function Get-StringValuesFromValueMap
|
||||||
|
{
|
||||||
|
param([string[]] $values, [hashtable] $valuemap)
|
||||||
|
|
||||||
|
[string] $stringValues = [string]::Empty
|
||||||
|
|
||||||
|
foreach ($value in $values)
|
||||||
|
{
|
||||||
|
if ($stringValues -ne [string]::Empty)
|
||||||
|
{
|
||||||
|
$stringValues += ","
|
||||||
|
}
|
||||||
|
$stringValues += $valuemap[$value]
|
||||||
|
}
|
||||||
|
$stringValues
|
||||||
|
}
|
||||||
|
|
||||||
function Get-PropertyNamesForComputerInfoTest
|
function Get-PropertyNamesForComputerInfoTest
|
||||||
{
|
{
|
||||||
$propertyNames = @()
|
$propertyNames = @()
|
||||||
|
@ -1346,11 +1363,46 @@ try {
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$deviceGuard = Get-DeviceGuard
|
$deviceGuard = Get-DeviceGuard
|
||||||
$observed.DeviceGuardSmartStatus | Should Be $deviceGuard.SmartStatus
|
# can't get amended qualifiers using cim cmdlets so we define them here
|
||||||
$observed.DeviceGuardRequiredSecurityProperties | Should Be $deviceGuard.RequiredSecurityProperties
|
$requiredSecurityPropertiesValues = @{
|
||||||
|
"1" = "BaseVirtualizationSupport"
|
||||||
|
"2" = "SecureBoot"
|
||||||
|
"3" = "DMAProtection"
|
||||||
|
"4" = "SecureMemoryOverwrite"
|
||||||
|
"5" = "UEFICodeReadonly"
|
||||||
|
"6" = "SMMSecurityMitigations1.0"
|
||||||
|
}
|
||||||
|
$smartStatusValues = @{
|
||||||
|
"0" = "Off"
|
||||||
|
"1" = "Enabled"
|
||||||
|
"2" = "Running"
|
||||||
|
}
|
||||||
|
$securityServicesRunningValues = @{
|
||||||
|
"0" = "0"
|
||||||
|
"1" = "CredentialGuard"
|
||||||
|
"2" = "HypervisorEnforcedCodeIntegrity"
|
||||||
|
}
|
||||||
|
$observed.DeviceGuardSmartStatus | Should Be (Get-StringValuesFromValueMap -valuemap $smartStatusValues -values $deviceGuard.SmartStatus)
|
||||||
|
if ($deviceGuard.RequiredSecurityProperties -eq $null)
|
||||||
|
{
|
||||||
|
$observed.DeviceGuardRequiredSecurityProperties | Should BeNullOrEmpty
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$observed.DeviceGuardRequiredSecurityProperties | Should Not BeNullOrEmpty
|
||||||
|
[string]::Join(",", $observed.DeviceGuardRequiredSecurityProperties) | Should Be (Get-StringValuesFromValueMap -valuemap $requiredSecurityPropertiesValues -values $deviceGuard.RequiredSecurityProperties)
|
||||||
|
}
|
||||||
$observed.DeviceGuardAvailableSecurityProperties | Should Be $deviceGuard.AvailableSecurityProperties
|
$observed.DeviceGuardAvailableSecurityProperties | Should Be $deviceGuard.AvailableSecurityProperties
|
||||||
$observed.DeviceGuardSecurityServicesConfigured | Should Be $deviceGuard.SecurityServicesConfigured
|
$observed.DeviceGuardSecurityServicesConfigured | Should Be $deviceGuard.SecurityServicesConfigured
|
||||||
$observed.DeviceGuardSecurityServicesRunning | Should Be $deviceGuard.SecurityServicesRunning
|
if ($deviceGuard.SecurityServicesRunning -eq $null)
|
||||||
|
{
|
||||||
|
$observed.DeviceGuardSecurityServicesRunning | Should BeNullOrEmpty
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$observed.DeviceGuardSecurityServicesRunning | Should Not BeNullOrEmpty
|
||||||
|
[string]::Join(",", $observed.DeviceGuardSecurityServicesRunning) | Should Be (Get-StringValuesFromValueMap -valuemap $securityServicesRunningValues -values $deviceGuard.SecurityServicesRunning)
|
||||||
|
}
|
||||||
$observed.DeviceGuardCodeIntegrityPolicyEnforcementStatus | Should Be $deviceGuard.CodeIntegrityPolicyEnforcementStatus
|
$observed.DeviceGuardCodeIntegrityPolicyEnforcementStatus | Should Be $deviceGuard.CodeIntegrityPolicyEnforcementStatus
|
||||||
$observed.DeviceGuardUserModeCodeIntegrityPolicyEnforcementStatus | Should Be $deviceGuard.UserModeCodeIntegrityPolicyEnforcementStatus
|
$observed.DeviceGuardUserModeCodeIntegrityPolicyEnforcementStatus | Should Be $deviceGuard.UserModeCodeIntegrityPolicyEnforcementStatus
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
Describe "Start-Process" -Tags @("CI","SLOW") {
|
Describe "Start-Process" -Tags @("Feature") {
|
||||||
|
|
||||||
BeforeAll {
|
BeforeAll {
|
||||||
$isNanoServer = [System.Management.Automation.Platform]::IsNanoServer
|
$isNanoServer = [System.Management.Automation.Platform]::IsNanoServer
|
||||||
|
@ -10,7 +10,7 @@ Describe "Start-Process" -Tags @("CI","SLOW") {
|
||||||
$tempFile = Join-Path -Path $TestDrive -ChildPath PSTest
|
$tempFile = Join-Path -Path $TestDrive -ChildPath PSTest
|
||||||
$assetsFile = Join-Path -Path (Join-Path -Path $PSScriptRoot -ChildPath assets) -ChildPath SortTest.txt
|
$assetsFile = Join-Path -Path (Join-Path -Path $PSScriptRoot -ChildPath assets) -ChildPath SortTest.txt
|
||||||
if ($IsWindows) {
|
if ($IsWindows) {
|
||||||
$pingParam = "-n 2 localhost"
|
$pingParam = "-n 2 localhost"
|
||||||
}
|
}
|
||||||
elseif ($IsLinux -Or $IsOSX) {
|
elseif ($IsLinux -Or $IsOSX) {
|
||||||
$pingParam = "-c 2 localhost"
|
$pingParam = "-c 2 localhost"
|
||||||
|
@ -104,15 +104,31 @@ Describe "Start-Process" -Tags @("CI","SLOW") {
|
||||||
$process.Name | Should Be "notepad"
|
$process.Name | Should Be "notepad"
|
||||||
$process | Stop-Process
|
$process | Stop-Process
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
It "Should open the application that associates with extension '.txt'" -Skip:(!$isFullWin) {
|
Describe "Start-Process tests requiring admin" -Tags "Feature","RequireAdminOnWindows" {
|
||||||
$txtFile = Join-Path $TestDrive "TxtTest.txt"
|
|
||||||
New-Item $txtFile -ItemType File -Force
|
BeforeEach {
|
||||||
$process = Start-Process $txtFile -PassThru -WindowStyle Normal
|
cmd /c assoc .foo=foofile
|
||||||
$process.Name | Should Not BeNullOrEmpty
|
cmd /c ftype foofile=cmd /c echo %1^> $testdrive\foo.txt
|
||||||
$process.Id | Should BeGreaterThan 1
|
Remove-Item $testdrive\foo.txt -Force -ErrorAction SilentlyContinue
|
||||||
$process | Stop-Process
|
|
||||||
}
|
}
|
||||||
|
|
||||||
Remove-Item -Path $tempFile -Force
|
AfterEach {
|
||||||
|
cmd /c assoc .foo=
|
||||||
|
cmd /c ftype foofile=
|
||||||
|
}
|
||||||
|
|
||||||
|
It "Should open the application that is associated a file" -Skip:(!$isFullWin) {
|
||||||
|
$fooFile = Join-Path $TestDrive "FooTest.foo"
|
||||||
|
New-Item $fooFile -ItemType File -Force
|
||||||
|
Start-Process $fooFile
|
||||||
|
$startTime = Get-Date
|
||||||
|
while (((Get-Date) - $startTime).TotalSeconds -lt 10 -and (!(Test-Path $testdrive\foo.txt)))
|
||||||
|
{
|
||||||
|
Start-Sleep -Milliseconds 100
|
||||||
|
}
|
||||||
|
"$testdrive\foo.txt" | Should Exist
|
||||||
|
Get-Content $testdrive\foo.txt | Should BeExactly $fooFile
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue