Skip to content

Commit 3e47278

Browse files
author
Kathryn Baldauf
authored
Merge pull request #205 from katiewasnothere/gh_actions
Add CI github action for testing on push and PR
2 parents e98b56d + 085c1a9 commit 3e47278

2 files changed

Lines changed: 38 additions & 14 deletions

File tree

.github/workflows/ci.yml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
name: CI
2+
on:
3+
- push
4+
- pull_request
5+
6+
jobs:
7+
test:
8+
runs-on: 'windows-2019'
9+
steps:
10+
- uses: actions/checkout@v2
11+
- uses: actions/setup-go@v2
12+
- run: go test -gcflags=all=-d=checkptr -v ./...

pkg/security/grantvmgroupaccess_test.go

Lines changed: 26 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,11 @@ import (
1313
exec "golang.org/x/sys/execabs"
1414
)
1515

16+
const (
17+
vmAccountName = `NT VIRTUAL MACHINE\\Virtual Machines`
18+
vmAccountSID = "S-1-5-83-0"
19+
)
20+
1621
// TestGrantVmGroupAccess verifies for the three case of a file, a directory,
1722
// and a file in a directory that the appropriate ACEs are set, including
1823
// inheritance in the second two examples. These are the expected ACES. Is
@@ -59,9 +64,9 @@ func TestGrantVmGroupAccess(t *testing.T) {
5964
t.Fatal(err)
6065
}
6166

62-
verifyicacls(t,
67+
verifyVMAccountDACLs(t,
6368
f.Name(),
64-
[]string{`NT VIRTUAL MACHINE\\Virtual Machines:(R)`},
69+
[]string{`(R)`},
6570
)
6671

6772
// Two items here:
@@ -74,35 +79,42 @@ func TestGrantVmGroupAccess(t *testing.T) {
7479
//
7580
// In properties for the directory, advanced security settings, this will
7681
// show as a single line "Allow/Virtual Machines/Read/Inherited from none/This folder, subfolder and files
77-
verifyicacls(t,
82+
verifyVMAccountDACLs(t,
7883
d,
79-
[]string{`NT VIRTUAL MACHINE\\Virtual Machines:(R)`, `NT VIRTUAL MACHINE\\Virtual Machines:(OI)(CI)(IO)(GR)`},
84+
[]string{`(R)`, `(OI)(CI)(IO)(GR)`},
8085
)
8186

82-
verifyicacls(t,
87+
verifyVMAccountDACLs(t,
8388
find.Name(),
84-
[]string{`NT VIRTUAL MACHINE\\Virtual Machines:(I)(R)`},
89+
[]string{`(I)(R)`},
8590
)
8691

8792
}
8893

89-
func verifyicacls(t *testing.T, name string, aces []string) {
94+
func verifyVMAccountDACLs(t *testing.T, name string, permissions []string) {
9095
cmd := exec.Command("icacls", name)
9196
outb, err := cmd.CombinedOutput()
9297
if err != nil {
9398
t.Fatal(err)
9499
}
95100
out := string(outb)
96101

97-
for _, ace := range aces {
102+
for _, p := range permissions {
98103
// Avoid '(' and ')' being part of match groups
99-
ace = strings.Replace(ace, "(", "\\(", -1)
100-
ace = strings.Replace(ace, ")", "\\)", -1)
104+
p = strings.Replace(p, "(", "\\(", -1)
105+
p = strings.Replace(p, ")", "\\)", -1)
106+
107+
nameToCheck := vmAccountName + ":" + p
108+
sidToCheck := vmAccountSID + ":" + p
109+
110+
rxName := regexp.MustCompile(nameToCheck)
111+
rxSID := regexp.MustCompile(sidToCheck)
112+
113+
matchesName := rxName.FindAllStringIndex(out, -1)
114+
matchesSID := rxSID.FindAllStringIndex(out, -1)
101115

102-
rx := regexp.MustCompile(ace)
103-
matches := rx.FindAllStringIndex(out, -1)
104-
if len(matches) != 1 {
105-
t.Fatalf("expected one match for %s got %d\n%s", ace, len(matches), out)
116+
if len(matchesName) != 1 && len(matchesSID) != 1 {
117+
t.Fatalf("expected one match for %s or %s\n%s", nameToCheck, sidToCheck, out)
106118
}
107119
}
108120
}

0 commit comments

Comments
 (0)