THIS NEEDS TO GO TO THE PARENT
(cherry picked from commit b499d44d4baf21c279dbb9f3a766bc9c37528b62)
This commit is contained in:
parent
97d11d1bd3
commit
bad27a97ba
|
@ -43,7 +43,8 @@
|
||||||
<ClCompile Include="CommandlineTest.cpp" />
|
<ClCompile Include="CommandlineTest.cpp" />
|
||||||
<ClCompile Include="SettingsTests.cpp" />
|
<ClCompile Include="SettingsTests.cpp" />
|
||||||
<ClCompile Include="TabTests.cpp" />
|
<ClCompile Include="TabTests.cpp" />
|
||||||
<ClCompile Include="FilteredCommandTests.cpp" />
|
<ClCompile Include="TrustCommandlineTests.cpp" />
|
||||||
|
<ClCompile Include="FilteredCommandTests.cpp" />
|
||||||
<ClCompile Include="pch.cpp">
|
<ClCompile Include="pch.cpp">
|
||||||
<PrecompiledHeader>Create</PrecompiledHeader>
|
<PrecompiledHeader>Create</PrecompiledHeader>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
|
|
|
@ -0,0 +1,81 @@
|
||||||
|
// Copyright (c) Microsoft Corporation.
|
||||||
|
// Licensed under the MIT license.
|
||||||
|
|
||||||
|
#include "pch.h"
|
||||||
|
|
||||||
|
#include "../TerminalApp/TerminalPage.h"
|
||||||
|
|
||||||
|
using namespace Microsoft::Console;
|
||||||
|
using namespace TerminalApp;
|
||||||
|
using namespace winrt::TerminalApp;
|
||||||
|
using namespace winrt::Microsoft::Terminal::Settings::Model;
|
||||||
|
|
||||||
|
using namespace WEX::Logging;
|
||||||
|
using namespace WEX::TestExecution;
|
||||||
|
using namespace WEX::Common;
|
||||||
|
|
||||||
|
using namespace winrt::Windows::ApplicationModel::DataTransfer;
|
||||||
|
using namespace winrt::Windows::Foundation::Collections;
|
||||||
|
using namespace winrt::Windows::System;
|
||||||
|
using namespace winrt::Windows::UI::Xaml;
|
||||||
|
using namespace winrt::Windows::UI::Xaml::Controls;
|
||||||
|
using namespace winrt::Windows::UI::Core;
|
||||||
|
using namespace winrt::Windows::UI::Text;
|
||||||
|
|
||||||
|
namespace winrt
|
||||||
|
{
|
||||||
|
namespace MUX = Microsoft::UI::Xaml;
|
||||||
|
namespace WUX = Windows::UI::Xaml;
|
||||||
|
using IInspectable = Windows::Foundation::IInspectable;
|
||||||
|
}
|
||||||
|
|
||||||
|
namespace TerminalAppLocalTests
|
||||||
|
{
|
||||||
|
class TrustCommandlineTests
|
||||||
|
{
|
||||||
|
BEGIN_TEST_CLASS(TrustCommandlineTests)
|
||||||
|
END_TEST_CLASS()
|
||||||
|
|
||||||
|
TEST_METHOD(SimpleTests);
|
||||||
|
TEST_METHOD(TestCommandlineWithArgs);
|
||||||
|
TEST_METHOD(TestCommandlineWithSpaces);
|
||||||
|
TEST_METHOD(WslTests);
|
||||||
|
TEST_METHOD(TestPwshLocation);
|
||||||
|
|
||||||
|
bool trust(std::wstring_view cmdline);
|
||||||
|
};
|
||||||
|
|
||||||
|
bool TrustCommandlineTests::trust(std::wstring_view cmdline)
|
||||||
|
{
|
||||||
|
return implementation::TerminalPage::_isTrustedCommandline(cmdline);
|
||||||
|
}
|
||||||
|
|
||||||
|
void TrustCommandlineTests::SimpleTests()
|
||||||
|
{
|
||||||
|
VERIFY_IS_TRUE(trust(L"C:\\Windows\\System32\\cmd.exe"));
|
||||||
|
VERIFY_IS_TRUE(trust(L"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"));
|
||||||
|
VERIFY_IS_FALSE(trust(L"C:\\Windows\\System32\\i-definitely-don't-exist.exe"));
|
||||||
|
|
||||||
|
VERIFY_IS_FALSE(trust(L"cmd.exe"));
|
||||||
|
VERIFY_IS_FALSE(trust(L"powershell.exe"));
|
||||||
|
}
|
||||||
|
|
||||||
|
void TrustCommandlineTests::TestCommandlineWithArgs()
|
||||||
|
{
|
||||||
|
VERIFY_IS_FALSE(trust(L"C:\\Windows\\System32\\cmd.exe /k echo Boo!"));
|
||||||
|
VERIFY_IS_FALSE(trust(L"C:\\Windows\\System32\\cmd.exe /k echo Boo! & cmd.exe"));
|
||||||
|
}
|
||||||
|
|
||||||
|
void TrustCommandlineTests::TestCommandlineWithSpaces()
|
||||||
|
{
|
||||||
|
VERIFY_IS_TRUE(false, L"TODO! implement me.");
|
||||||
|
}
|
||||||
|
void TrustCommandlineTests::WslTests()
|
||||||
|
{
|
||||||
|
VERIFY_IS_TRUE(false, L"TODO! implement me.");
|
||||||
|
}
|
||||||
|
void TrustCommandlineTests::TestPwshLocation()
|
||||||
|
{
|
||||||
|
VERIFY_IS_TRUE(false, L"TODO! implement me.");
|
||||||
|
}
|
||||||
|
}
|
|
@ -1506,7 +1506,7 @@ namespace winrt::TerminalApp::implementation
|
||||||
// - C:\windows\system32\cmd.exe /k echo sneaky sneak -> returns false
|
// - C:\windows\system32\cmd.exe /k echo sneaky sneak -> returns false
|
||||||
// - %SystemRoot%\System32\cmd.exe -> returns true
|
// - %SystemRoot%\System32\cmd.exe -> returns true
|
||||||
// - %SystemRoot%\System32\wsl.exe -d <distro name> -> returns true
|
// - %SystemRoot%\System32\wsl.exe -d <distro name> -> returns true
|
||||||
static bool _isTrustedCommandline(std::wstring_view commandLine)
|
bool TerminalPage::_isTrustedCommandline(std::wstring_view commandLine)
|
||||||
{
|
{
|
||||||
// use C++11 magic statics to make sure we only do this once.
|
// use C++11 magic statics to make sure we only do this once.
|
||||||
static std::wstring systemDirectory = []() -> std::wstring {
|
static std::wstring systemDirectory = []() -> std::wstring {
|
||||||
|
@ -1544,6 +1544,13 @@ namespace winrt::TerminalApp::implementation
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO! Remove the WSL allowing. it's trivial to insert some malicious
|
||||||
|
// stuff into WSL, via .bash_profile, so we're not giving them the (y)
|
||||||
|
|
||||||
|
// TODO! CommandlineToArgv to get the executable from the commandline.
|
||||||
|
// If there's one argc, and it's parent path is %ProgramFiles%, and it
|
||||||
|
// ends in pwsh.exe, then it's fine.
|
||||||
|
|
||||||
// Also, if the path is literally
|
// Also, if the path is literally
|
||||||
// %SystemRoot%\System32\wsl.exe -d <distro name>
|
// %SystemRoot%\System32\wsl.exe -d <distro name>
|
||||||
// then allow it.
|
// then allow it.
|
||||||
|
@ -1601,27 +1608,33 @@ namespace winrt::TerminalApp::implementation
|
||||||
else if (executableFilename == L"pwsh" || executableFilename == L"pwsh.exe")
|
else if (executableFilename == L"pwsh" || executableFilename == L"pwsh.exe")
|
||||||
{
|
{
|
||||||
// is does executablePath start with %ProgramFiles%\\PowerShell?
|
// is does executablePath start with %ProgramFiles%\\PowerShell?
|
||||||
const std::filesystem::path powershellCoreRoot
|
const std::vector<std::filesystem::path> powershellCoreRoots
|
||||||
{
|
{
|
||||||
wil::ExpandEnvironmentStringsW<std::wstring>(
|
// Always look in "%ProgramFiles%
|
||||||
|
{ wil::ExpandEnvironmentStringsW<std::wstring>(L"%ProgramFiles%\\PowerShell") },
|
||||||
|
|
||||||
#if defined(_M_AMD64) || defined(_M_ARM64) // No point in looking for WOW if we're not somewhere it exists
|
#if defined(_M_AMD64) || defined(_M_ARM64) // No point in looking for WOW if we're not somewhere it exists
|
||||||
L"%ProgramFiles(x86)%\\PowerShell"
|
{ wil::ExpandEnvironmentStringsW<std::wstring>(L"%ProgramFiles(x86)%\\PowerShell") },
|
||||||
#elif defined(_M_ARM64) // same with ARM
|
#endif
|
||||||
L"%ProgramFiles(Arm)%\\PowerShell"
|
|
||||||
#else
|
#if defined(_M_ARM64) // same with ARM
|
||||||
L"%ProgramFiles%\\PowerShell"
|
{
|
||||||
|
wil::ExpandEnvironmentStringsW<std::wstring>(L"%ProgramFiles(Arm)%\\PowerShell")
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
)
|
|
||||||
};
|
};
|
||||||
|
|
||||||
// Is the path to the commandline actually exactly one of the
|
for (const auto& pwshRoot : powershellCoreRoots)
|
||||||
// versions that exists in this directory?
|
|
||||||
for (const auto& versionedDir : std::filesystem::directory_iterator(powershellCoreRoot))
|
|
||||||
{
|
{
|
||||||
const auto versionedPath = versionedDir.path();
|
// Is the path to the commandline actually exactly one of the
|
||||||
if (executablePath.parent_path() == versionedPath)
|
// versions that exists in this directory?
|
||||||
|
for (const auto& versionedDir : std::filesystem::directory_iterator(pwshRoot))
|
||||||
{
|
{
|
||||||
return true;
|
const auto versionedPath = versionedDir.path();
|
||||||
|
if (executablePath.parent_path() == versionedPath)
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,6 +19,7 @@ namespace TerminalAppLocalTests
|
||||||
{
|
{
|
||||||
class TabTests;
|
class TabTests;
|
||||||
class SettingsTests;
|
class SettingsTests;
|
||||||
|
class TrustCommandlineTests;
|
||||||
};
|
};
|
||||||
|
|
||||||
namespace winrt::TerminalApp::implementation
|
namespace winrt::TerminalApp::implementation
|
||||||
|
@ -417,6 +418,7 @@ namespace winrt::TerminalApp::implementation
|
||||||
void _SetAsDefaultOpenSettingsHandler(const winrt::Windows::Foundation::IInspectable& sender, const winrt::Windows::Foundation::IInspectable& args);
|
void _SetAsDefaultOpenSettingsHandler(const winrt::Windows::Foundation::IInspectable& sender, const winrt::Windows::Foundation::IInspectable& args);
|
||||||
static bool _IsMessageDismissed(const winrt::Microsoft::Terminal::Settings::Model::InfoBarMessage& message);
|
static bool _IsMessageDismissed(const winrt::Microsoft::Terminal::Settings::Model::InfoBarMessage& message);
|
||||||
static void _DismissMessage(const winrt::Microsoft::Terminal::Settings::Model::InfoBarMessage& message);
|
static void _DismissMessage(const winrt::Microsoft::Terminal::Settings::Model::InfoBarMessage& message);
|
||||||
|
static bool _isTrustedCommandline(std::wstring_view commandLine);
|
||||||
|
|
||||||
#pragma region ActionHandlers
|
#pragma region ActionHandlers
|
||||||
// These are all defined in AppActionHandlers.cpp
|
// These are all defined in AppActionHandlers.cpp
|
||||||
|
@ -427,6 +429,7 @@ namespace winrt::TerminalApp::implementation
|
||||||
|
|
||||||
friend class TerminalAppLocalTests::TabTests;
|
friend class TerminalAppLocalTests::TabTests;
|
||||||
friend class TerminalAppLocalTests::SettingsTests;
|
friend class TerminalAppLocalTests::SettingsTests;
|
||||||
|
friend class TerminalAppLocalTests::TrustCommandlineTests;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue