public void GetRequest_ReturnsCorrectRequest() { var expectedRequest = new ACCESS_REQUEST { MessageId = 1, AccessType = ACCESS_TYPE.REGISTRY, Operation = 133, Path = "SomePath", ProcessID = 10, ReplyLength = 11, RuleID = 122 }; fltLib.SetGetMessageReturn(0, expectedRequest); driver.Start(); var actualRequest = driver.GetRequest(); Assert.AreEqual(expectedRequest, actualRequest); }
public void GetMessage_Defaults() { var request = new ACCESS_REQUEST(); var hr = stub.FilterGetMessage(IntPtr.Zero, ref request, 0, IntPtr.Zero); Assert.AreEqual(0, hr); Assert.AreEqual((uint)0, request.ReplyLength); Assert.AreEqual((ulong)0, request.MessageId); Assert.AreEqual((uint)0, request.ProcessID); Assert.AreEqual(ACCESS_TYPE.FILESYSTEM, request.AccessType); Assert.AreEqual(0, request.RuleID); Assert.AreEqual(null, request.Path); }
public void WaitRequest_NoRule() { // Arrange var ExpectedRequest = new ACCESS_REQUEST { Path = "c:\\test.txt", MessageId = 123 }; fltLib.SetGetMessageReturn(0, ExpectedRequest); core.Start(ruleset, serviceInterface, null); // Act core.WaitRequest(); // Assert Assert.AreEqual((ulong)123, fltLib.LastAllowedMessageID); }
public void WaitRequest_WildcardRuleWorks() { // Arrange var ExpectedRequest = new ACCESS_REQUEST { Path = "c:\\test.txt", ProcessID = 4, MessageId = 123 }; fltLib.SetGetMessageReturn(0, ExpectedRequest); AddRule(ruleset, RuleAction.Block, "c:\\test.txt", "*"); // Wildcard rule. core.Start(ruleset, serviceInterface, null); // Act core.WaitRequest(); // Assert Assert.AreEqual(123ul, fltLib.LastBlockedMessageID); }
public void WaitRequest_PathAndProcessExists_RuleDoesnt() { // Arrange var ExpectedRequest = new ACCESS_REQUEST { Path = "c:\\test.txt", ProcessID = 4, MessageId = 123 }; fltLib.SetGetMessageReturn(0, ExpectedRequest); ruleset.Paths.AddPathsRow("c:\\test.txt"); ruleset.Processes.AddProcessesRow("System"); core.Start(ruleset, serviceInterface, null); // Act core.WaitRequest(); // Assert Assert.AreEqual((ulong)123, fltLib.LastAllowedMessageID); }
public void WaitRequest_BUG_WildcardRuleAndProcessAdded() { // Arrange var ExpectedPath = "c:\\test.txt"; var ExpectedRequest = new ACCESS_REQUEST { Path = ExpectedPath, MessageId = 123 }; fltLib.SetGetMessageReturn(0, ExpectedRequest); AddRule(ruleset, RuleAction.Block, "*"); ruleset.Processes.AddProcessesRow(ExpectedRequest.ProcessPath); core.Start(ruleset, serviceInterface, null); // Act core.WaitRequest(); // Assert Assert.AreEqual((ulong)123, fltLib.LastBlockedMessageID); }
private ACCESS_REQUEST ArrangeForCreateRuleTests(string processPath) { // User wants to create rule. serviceInterface = new ServiceInterface(ruleset); serviceInterface.AccessRequested += ((sender, e) => { e.CreateRule = true; e.Allow = true; }); // Request which will be thrown. var Request = new ACCESS_REQUEST { Path = "c:\\test.txt", ProcessID = 4, MessageId = 123 }; fltLib.SetGetMessageReturn(0, Request); // Add "wildcard" rule for which WaitRequest will create "specific" rule. AddRule(ruleset, RuleAction.Ask, Request.Path, processPath); core.Start(ruleset, serviceInterface, null); return(Request); }
public void GetMessage_SetGetMessageReturn() { var expectedData = new ACCESS_REQUEST(); expectedData.ReplyLength = (uint)Marshal.SizeOf(typeof(ACCESS_REQUEST)); expectedData.MessageId = 10; expectedData.ProcessID = 11; expectedData.AccessType = ACCESS_TYPE.REGISTRY; expectedData.RuleID = 144; expectedData.Path = "HKCU\\USER\\SOMEKEY"; stub.SetGetMessageReturn(-125, expectedData); var request = new ACCESS_REQUEST(); var hr = stub.FilterGetMessage(IntPtr.Zero, ref request, 0, IntPtr.Zero); Assert.AreNotSame(expectedData, request); Assert.AreEqual(-125, hr); Assert.AreEqual(expectedData.ReplyLength, request.ReplyLength); Assert.AreEqual(expectedData.MessageId, request.MessageId); Assert.AreEqual(expectedData.ProcessID, request.ProcessID); Assert.AreEqual(expectedData.AccessType, request.AccessType); Assert.AreEqual(expectedData.RuleID, request.RuleID); Assert.AreEqual(expectedData.Path, request.Path); }
public override int FilterGetMessage(IntPtr hPort, ref ACCESS_REQUEST lpMessageBuffer, int dwMessageBufferSize, IntPtr lpOverlapped) { lpMessageBuffer = getMessageRequest; return(getMessageReturn); }
public void SetGetMessageReturn(int returnCode, ACCESS_REQUEST request) { getMessageRequest = request; getMessageReturn = returnCode; }
private void ArrangeForTestCounters(ACCESS_REQUEST Request, RuleAction ruleAction) { core.Start(ruleset, serviceInterface, null); fltLib.SetGetMessageReturn(0, Request); AddRule(ruleset, ruleAction, "some path", "*"); }