cleanup for the tests"
This commit is contained in:
parent
2445cedb92
commit
25947c2f40
|
@ -1,5 +1,10 @@
|
|||
// Copyright (c) Microsoft Corporation.
|
||||
// Licensed under the MIT license.
|
||||
//
|
||||
// A series of tests for the TerminalPage::_isTrustedCommandline function.
|
||||
// That's a heuristac function for deciding if we should automatically trust
|
||||
// certain commandlines by default. The logic in there is weird and there are
|
||||
// lots of edge cases, so it's easier to just write a unit test.
|
||||
|
||||
#include "pch.h"
|
||||
|
||||
|
@ -57,19 +62,24 @@ namespace TerminalAppLocalTests
|
|||
VERIFY_IS_TRUE(trust(L"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"));
|
||||
VERIFY_IS_FALSE(trust(L"C:\\Windows\\System32\\i-definitely-don't-exist.exe"));
|
||||
|
||||
Log::Comment(L"These are not fully qualified, and _shouldn't_ be trusted");
|
||||
VERIFY_IS_FALSE(trust(L"cmd.exe"));
|
||||
VERIFY_IS_FALSE(trust(L"powershell.exe"));
|
||||
}
|
||||
|
||||
void TrustCommandlineTests::TestCommandlineWithArgs()
|
||||
{
|
||||
Log::Comment(L"These are sneaky things that _shouldn't_ be trusted");
|
||||
VERIFY_IS_FALSE(trust(L"C:\\Windows\\System32\\cmd.exe /k echo Boo!"));
|
||||
VERIFY_IS_FALSE(trust(L"C:\\Windows\\System32\\cmd.exe /k echo Boo! & cmd.exe"));
|
||||
}
|
||||
|
||||
void TrustCommandlineTests::TestCommandlineWithSpaces()
|
||||
{
|
||||
Log::Comment(L"This is a valid place for powershell to live, and the space can be tricky");
|
||||
VERIFY_IS_TRUE(trust(L"C:\\Program Files\\PowerShell\\7\\pwsh.exe"));
|
||||
|
||||
Log::Comment(L"These are sneaky things that _shouldn't_ be trusted");
|
||||
VERIFY_IS_FALSE(trust(L"C:\\Windows\\System 32\\cmd.exe"));
|
||||
VERIFY_IS_FALSE(trust(L"C:\\Windows\\System32\\ cmd.exe"));
|
||||
VERIFY_IS_FALSE(trust(L"C:\\Windows\\System32\\cmd.exe /c cmd.exe"));
|
||||
|
@ -77,6 +87,8 @@ namespace TerminalAppLocalTests
|
|||
|
||||
void TrustCommandlineTests::TestCommandlineWithEnvVars()
|
||||
{
|
||||
Log::Comment(L"Make sure we auto-expand environment variables");
|
||||
|
||||
VERIFY_IS_TRUE(trust(L"%WINDIR%\\system32\\cmd.exe"));
|
||||
VERIFY_IS_TRUE(trust(L"%WINDIR%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe"));
|
||||
VERIFY_IS_TRUE(trust(L"%ProgramFiles%\\PowerShell\\7\\pwsh.exe"));
|
||||
|
@ -96,10 +108,16 @@ namespace TerminalAppLocalTests
|
|||
|
||||
void TrustCommandlineTests::TestPwshLocation()
|
||||
{
|
||||
Log::Comment(L"Test various locations that pwsh.exe can be in");
|
||||
|
||||
VERIFY_IS_TRUE(trust(L"%ProgramFiles%\\PowerShell\\7\\pwsh.exe"));
|
||||
VERIFY_IS_TRUE(trust(L"%LOCALAPPDATA%\\Microsoft\\WindowsApps\\pwsh.exe"));
|
||||
VERIFY_IS_TRUE(trust(L"%ProgramFiles%\\PowerShell\\10\\pwsh.exe"));
|
||||
VERIFY_IS_TRUE(trust(L"%ProgramFiles%\\PowerShell\\7.1.5\\pwsh.exe"));
|
||||
|
||||
Log::Comment(L"These are sneaky things that _shouldn't_ be trusted");
|
||||
VERIFY_IS_FALSE(trust(L"%ProgramFiles%\\PowerShell\\7\\pwsh.exe bad-stuff pwsh.exe"));
|
||||
VERIFY_IS_FALSE(trust(L"%ProgramFiles%\\PowerShell\\7\\pwsh.exe bad-stuff c:\\pwsh.exe"));
|
||||
VERIFY_IS_FALSE(trust(L"%ProgramFiles%\\PowerShell\\7\\pwsh.exe bad-stuff c:\\ %ProgramFiles%\\PowerShell\\7\\pwsh.exe"));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1544,11 +1544,12 @@ namespace winrt::TerminalApp::implementation
|
|||
}
|
||||
}
|
||||
|
||||
// TODO! Remove the WSL allowing. it's trivial to insert some malicious
|
||||
// stuff into WSL, via .bash_profile, so we're not giving them the (y)
|
||||
// We're explicitly not auto-allowing wsl.exe -d <distroname>. It's
|
||||
// trivial to insert some malicious stuff into WSL, via .bash_profile,
|
||||
// so we're not giving them the (y)
|
||||
|
||||
// is does executablePath start with %ProgramFiles%\\PowerShell, and end
|
||||
// with `pwsh.exe`?
|
||||
// But we do want to allow `pwsh.exe` profiles in the expected place to
|
||||
// work.
|
||||
const std::vector<std::filesystem::path> powershellCoreRoots
|
||||
{
|
||||
// Always look in "%LOCALAPPDATA%\Microsoft\WindowsApps", which is
|
||||
|
@ -1569,52 +1570,32 @@ namespace winrt::TerminalApp::implementation
|
|||
#endif
|
||||
};
|
||||
|
||||
// TODO! CommandlineToArgv to get the executable from the commandline.
|
||||
// If there's one argc, and it's parent path is %ProgramFiles%, and it
|
||||
// ends in pwsh.exe, then it's fine.
|
||||
|
||||
// const auto terminator{ commandLine.find_first_of(LR"(" )", 1) }; // look past the first character in case it starts with "
|
||||
// const auto start{ til::at(commandLine, 0) == L'"' ? 1 : 0 };
|
||||
// const std::filesystem::path executablePath{ commandLine.substr(start, terminator - start) };
|
||||
// const auto executableFilename{ executablePath.filename().wstring() };
|
||||
|
||||
// Is the filename for this commandline `pwsh.exe`?
|
||||
const std::filesystem::path exePath{ fullCommandline };
|
||||
exePath;
|
||||
const auto endsWithPwsh{ exePath.filename() == L"pwsh.exe" };
|
||||
// We'll also need to check the parent path, so make sure it has one here.
|
||||
|
||||
for (const auto& pwshRoot : powershellCoreRoots)
|
||||
if (endsWithPwsh && exePath.has_parent_path())
|
||||
{
|
||||
// Is the commandline's length (root.length + 8 + 3) characters long?
|
||||
// * root.length: Length of the parent directory
|
||||
// * 8: pwsh.exe
|
||||
// * 3: `/7/` (or some other version number)
|
||||
//
|
||||
// NO
|
||||
|
||||
// Does the commandline start with this root, and end with pwsh.exe?
|
||||
const auto startsWithRoot{ til::starts_with(fullCommandline, pwshRoot.c_str()) };
|
||||
// const auto endsWithPwsh{ til::ends_with(fullCommandline, L"pwsh.exe") };
|
||||
const auto endsWithPwsh{ exePath.filename() == L"pwsh.exe" };
|
||||
// Is the filename of the exe `pwsh.exe`
|
||||
if (startsWithRoot && endsWithPwsh)
|
||||
const auto parentPath{ exePath.parent_path() };
|
||||
for (const auto& pwshRoot : powershellCoreRoots)
|
||||
{
|
||||
return true;
|
||||
// Does the commandline start with this root, and end with pwsh.exe?
|
||||
const auto startsWithRoot{ til::starts_with(fullCommandline, pwshRoot.c_str()) };
|
||||
|
||||
// Is either the immediate parent, or the grandparent, this root exactly?
|
||||
//
|
||||
// We need to check the grandparent for the
|
||||
// `%ProgramFiles%\\PowerShell\\7\\pwsh.exe` case.
|
||||
const auto parentIsCorrect = (parentPath == pwshRoot) ||
|
||||
(parentPath.has_parent_path() && parentPath.parent_path() == pwshRoot);
|
||||
|
||||
if (startsWithRoot && parentIsCorrect)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// if (executableFilename == L"pwsh" || executableFilename == L"pwsh.exe")
|
||||
// {
|
||||
// // Is the path to the commandline actually exactly one of the
|
||||
// // versions that exists in this directory?
|
||||
// for (const auto& versionedDir : std::filesystem::directory_iterator(pwshRoot))
|
||||
// {
|
||||
// const auto versionedPath = versionedDir.path();
|
||||
// if (executablePath.parent_path() == versionedPath)
|
||||
// {
|
||||
// return true;
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue