From 431ef0372ad2592f85dc6f3bd43cfef2519a818c Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Fri, 12 Jul 2019 12:11:45 -0700 Subject: [PATCH] Fix test password generation rule to meet Windows complexity requirements (#10143) --- .../Set-Service.Tests.ps1 | 3 +-- .../Modules/HelpersCommon/HelpersCommon.psd1 | 1 + .../Modules/HelpersCommon/HelpersCommon.psm1 | 19 +++++++++++++++++++ 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/test/powershell/Modules/Microsoft.PowerShell.Management/Set-Service.Tests.ps1 b/test/powershell/Modules/Microsoft.PowerShell.Management/Set-Service.Tests.ps1 index 98963a306..4e50c7b83 100644 --- a/test/powershell/Modules/Microsoft.PowerShell.Management/Set-Service.Tests.ps1 +++ b/test/powershell/Modules/Microsoft.PowerShell.Management/Set-Service.Tests.ps1 @@ -10,8 +10,7 @@ Describe "Set/New/Remove-Service cmdlet tests" -Tags "Feature", "RequireAdminOnW } if ($IsWindows) { $userName = "testuserservices" - $Password = ([char[]]([char]33..[char]95) + ([char[]]([char]97..[char]126)) + 0..9 | Sort-Object {Get-Random})[0..12] -join '' - $testPass = (New-Object -TypeName Net.NetworkCredential("", $Password)).SecurePassword + $testPass = [Net.NetworkCredential]::new("", (New-ComplexPassword)).SecurePassword $creds = [pscredential]::new(".\$userName", $testPass) $SecurityDescriptorSddl = 'D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;SU)' $WrongSecurityDescriptorSddl = 'D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BB)(A;;CCLCSWLOCRRC;;;SU)' diff --git a/test/tools/Modules/HelpersCommon/HelpersCommon.psd1 b/test/tools/Modules/HelpersCommon/HelpersCommon.psd1 index c217dc6e7..a72a77951 100644 --- a/test/tools/Modules/HelpersCommon/HelpersCommon.psd1 +++ b/test/tools/Modules/HelpersCommon/HelpersCommon.psd1 @@ -23,6 +23,7 @@ FunctionsToExport = @( 'Enable-Testhook' 'Get-RandomFileName' 'New-RandomHexString' + 'New-ComplexPassword' 'Send-VstsLogFile' 'Set-TesthookResult' 'Start-NativeExecution' diff --git a/test/tools/Modules/HelpersCommon/HelpersCommon.psm1 b/test/tools/Modules/HelpersCommon/HelpersCommon.psm1 index 319b0a074..53f543559 100644 --- a/test/tools/Modules/HelpersCommon/HelpersCommon.psm1 +++ b/test/tools/Modules/HelpersCommon/HelpersCommon.psm1 @@ -344,3 +344,22 @@ function Test-CanWriteToPsHome $script:CanWriteToPsHome } + +# Creates a password meeting Windows complexity rules +function New-ComplexPassword +{ + $numbers = "0123456789" + $lowercase = "abcdefghijklmnopqrstuvwxyz" + $uppercase = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + $symbols = "~!@#$%^&*_-+=``|\(){}[]:;`"'<>,.?/" + $password = [string]::Empty + # Windows password complexity rule requires minimum 8 characters and using at least 3 of the + # buckets above, so we just pick one from each bucket twice. + # https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements + 1..2 | ForEach-Object { + $Password += $numbers[(Get-Random $numbers.Length)] + $lowercase[(Get-Random $lowercase.Length)] + + $uppercase[(Get-Random $uppercase.Length)] + $symbols[(Get-Random $symbols.Length)] + } + + $password +}