Merge pull request #4353 from SteveL-MSFT/deviceguard-startprocess
Fix DeviceGuard data being returned from Get-ComputerInfo and Start-Process test failure
This commit is contained in:
commit
06d416b954
|
@ -436,8 +436,14 @@ namespace Microsoft.PowerShell.Commands
|
|||
var wmiGuard = session.GetFirst<WmiDeviceGuard>(CIMHelper.DeviceGuardNamespace,
|
||||
CIMHelper.ClassNames.DeviceGuard);
|
||||
|
||||
if (wmiGuard != null)
|
||||
if (wmiGuard != null) {
|
||||
var smartStatus = EnumConverter<DeviceGuardSmartStatus>.Convert((int?)wmiGuard.VirtualizationBasedSecurityStatus ?? 0);
|
||||
if (smartStatus != null)
|
||||
{
|
||||
status = (DeviceGuardSmartStatus)smartStatus;
|
||||
}
|
||||
guard = wmiGuard.AsOutputType;
|
||||
}
|
||||
}
|
||||
|
||||
return new DeviceGuardInfo
|
||||
|
|
|
@ -23,6 +23,23 @@ function Get-ComputerInfoForTest
|
|||
}
|
||||
}
|
||||
|
||||
function Get-StringValuesFromValueMap
|
||||
{
|
||||
param([string[]] $values, [hashtable] $valuemap)
|
||||
|
||||
[string] $stringValues = [string]::Empty
|
||||
|
||||
foreach ($value in $values)
|
||||
{
|
||||
if ($stringValues -ne [string]::Empty)
|
||||
{
|
||||
$stringValues += ","
|
||||
}
|
||||
$stringValues += $valuemap[$value]
|
||||
}
|
||||
$stringValues
|
||||
}
|
||||
|
||||
function Get-PropertyNamesForComputerInfoTest
|
||||
{
|
||||
$propertyNames = @()
|
||||
|
@ -1346,11 +1363,46 @@ try {
|
|||
else
|
||||
{
|
||||
$deviceGuard = Get-DeviceGuard
|
||||
$observed.DeviceGuardSmartStatus | Should Be $deviceGuard.SmartStatus
|
||||
$observed.DeviceGuardRequiredSecurityProperties | Should Be $deviceGuard.RequiredSecurityProperties
|
||||
# can't get amended qualifiers using cim cmdlets so we define them here
|
||||
$requiredSecurityPropertiesValues = @{
|
||||
"1" = "BaseVirtualizationSupport"
|
||||
"2" = "SecureBoot"
|
||||
"3" = "DMAProtection"
|
||||
"4" = "SecureMemoryOverwrite"
|
||||
"5" = "UEFICodeReadonly"
|
||||
"6" = "SMMSecurityMitigations1.0"
|
||||
}
|
||||
$smartStatusValues = @{
|
||||
"0" = "Off"
|
||||
"1" = "Enabled"
|
||||
"2" = "Running"
|
||||
}
|
||||
$securityServicesRunningValues = @{
|
||||
"0" = "0"
|
||||
"1" = "CredentialGuard"
|
||||
"2" = "HypervisorEnforcedCodeIntegrity"
|
||||
}
|
||||
$observed.DeviceGuardSmartStatus | Should Be (Get-StringValuesFromValueMap -valuemap $smartStatusValues -values $deviceGuard.SmartStatus)
|
||||
if ($deviceGuard.RequiredSecurityProperties -eq $null)
|
||||
{
|
||||
$observed.DeviceGuardRequiredSecurityProperties | Should BeNullOrEmpty
|
||||
}
|
||||
else
|
||||
{
|
||||
$observed.DeviceGuardRequiredSecurityProperties | Should Not BeNullOrEmpty
|
||||
[string]::Join(",", $observed.DeviceGuardRequiredSecurityProperties) | Should Be (Get-StringValuesFromValueMap -valuemap $requiredSecurityPropertiesValues -values $deviceGuard.RequiredSecurityProperties)
|
||||
}
|
||||
$observed.DeviceGuardAvailableSecurityProperties | Should Be $deviceGuard.AvailableSecurityProperties
|
||||
$observed.DeviceGuardSecurityServicesConfigured | Should Be $deviceGuard.SecurityServicesConfigured
|
||||
$observed.DeviceGuardSecurityServicesRunning | Should Be $deviceGuard.SecurityServicesRunning
|
||||
if ($deviceGuard.SecurityServicesRunning -eq $null)
|
||||
{
|
||||
$observed.DeviceGuardSecurityServicesRunning | Should BeNullOrEmpty
|
||||
}
|
||||
else
|
||||
{
|
||||
$observed.DeviceGuardSecurityServicesRunning | Should Not BeNullOrEmpty
|
||||
[string]::Join(",", $observed.DeviceGuardSecurityServicesRunning) | Should Be (Get-StringValuesFromValueMap -valuemap $securityServicesRunningValues -values $deviceGuard.SecurityServicesRunning)
|
||||
}
|
||||
$observed.DeviceGuardCodeIntegrityPolicyEnforcementStatus | Should Be $deviceGuard.CodeIntegrityPolicyEnforcementStatus
|
||||
$observed.DeviceGuardUserModeCodeIntegrityPolicyEnforcementStatus | Should Be $deviceGuard.UserModeCodeIntegrityPolicyEnforcementStatus
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
Describe "Start-Process" -Tags @("CI","SLOW") {
|
||||
Describe "Start-Process" -Tags @("Feature") {
|
||||
|
||||
BeforeAll {
|
||||
$isNanoServer = [System.Management.Automation.Platform]::IsNanoServer
|
||||
|
@ -10,7 +10,7 @@ Describe "Start-Process" -Tags @("CI","SLOW") {
|
|||
$tempFile = Join-Path -Path $TestDrive -ChildPath PSTest
|
||||
$assetsFile = Join-Path -Path (Join-Path -Path $PSScriptRoot -ChildPath assets) -ChildPath SortTest.txt
|
||||
if ($IsWindows) {
|
||||
$pingParam = "-n 2 localhost"
|
||||
$pingParam = "-n 2 localhost"
|
||||
}
|
||||
elseif ($IsLinux -Or $IsOSX) {
|
||||
$pingParam = "-c 2 localhost"
|
||||
|
@ -104,15 +104,31 @@ Describe "Start-Process" -Tags @("CI","SLOW") {
|
|||
$process.Name | Should Be "notepad"
|
||||
$process | Stop-Process
|
||||
}
|
||||
}
|
||||
|
||||
It "Should open the application that associates with extension '.txt'" -Skip:(!$isFullWin) {
|
||||
$txtFile = Join-Path $TestDrive "TxtTest.txt"
|
||||
New-Item $txtFile -ItemType File -Force
|
||||
$process = Start-Process $txtFile -PassThru -WindowStyle Normal
|
||||
$process.Name | Should Not BeNullOrEmpty
|
||||
$process.Id | Should BeGreaterThan 1
|
||||
$process | Stop-Process
|
||||
Describe "Start-Process tests requiring admin" -Tags "Feature","RequireAdminOnWindows" {
|
||||
|
||||
BeforeEach {
|
||||
cmd /c assoc .foo=foofile
|
||||
cmd /c ftype foofile=cmd /c echo %1^> $testdrive\foo.txt
|
||||
Remove-Item $testdrive\foo.txt -Force -ErrorAction SilentlyContinue
|
||||
}
|
||||
|
||||
Remove-Item -Path $tempFile -Force
|
||||
AfterEach {
|
||||
cmd /c assoc .foo=
|
||||
cmd /c ftype foofile=
|
||||
}
|
||||
|
||||
It "Should open the application that is associated a file" -Skip:(!$isFullWin) {
|
||||
$fooFile = Join-Path $TestDrive "FooTest.foo"
|
||||
New-Item $fooFile -ItemType File -Force
|
||||
Start-Process $fooFile
|
||||
$startTime = Get-Date
|
||||
while (((Get-Date) - $startTime).TotalSeconds -lt 10 -and (!(Test-Path $testdrive\foo.txt)))
|
||||
{
|
||||
Start-Sleep -Milliseconds 100
|
||||
}
|
||||
"$testdrive\foo.txt" | Should Exist
|
||||
Get-Content $testdrive\foo.txt | Should BeExactly $fooFile
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue