Esempio n. 1
0
        public void GetRequest_ReturnsCorrectRequest()
        {
            var expectedRequest = new ACCESS_REQUEST {
                MessageId = 1, AccessType = ACCESS_TYPE.REGISTRY, Operation = 133, Path = "SomePath", ProcessID = 10, ReplyLength = 11, RuleID = 122
            };

            fltLib.SetGetMessageReturn(0, expectedRequest);
            driver.Start();

            var actualRequest = driver.GetRequest();

            Assert.AreEqual(expectedRequest, actualRequest);
        }
Esempio n. 2
0
        public void GetMessage_Defaults()
        {
            var request = new ACCESS_REQUEST();

            var hr = stub.FilterGetMessage(IntPtr.Zero, ref request, 0, IntPtr.Zero);

            Assert.AreEqual(0, hr);
            Assert.AreEqual((uint)0, request.ReplyLength);
            Assert.AreEqual((ulong)0, request.MessageId);
            Assert.AreEqual((uint)0, request.ProcessID);
            Assert.AreEqual(ACCESS_TYPE.FILESYSTEM, request.AccessType);
            Assert.AreEqual(0, request.RuleID);
            Assert.AreEqual(null, request.Path);
        }
Esempio n. 3
0
        public void WaitRequest_NoRule()
        {
            // Arrange
            var ExpectedRequest = new ACCESS_REQUEST {
                Path = "c:\\test.txt", MessageId = 123
            };

            fltLib.SetGetMessageReturn(0, ExpectedRequest);
            core.Start(ruleset, serviceInterface, null);

            // Act
            core.WaitRequest();

            // Assert
            Assert.AreEqual((ulong)123, fltLib.LastAllowedMessageID);
        }
Esempio n. 4
0
        public void WaitRequest_WildcardRuleWorks()
        {
            // Arrange
            var ExpectedRequest = new ACCESS_REQUEST {
                Path = "c:\\test.txt", ProcessID = 4, MessageId = 123
            };

            fltLib.SetGetMessageReturn(0, ExpectedRequest);
            AddRule(ruleset, RuleAction.Block, "c:\\test.txt", "*"); // Wildcard rule.
            core.Start(ruleset, serviceInterface, null);

            // Act
            core.WaitRequest();

            // Assert
            Assert.AreEqual(123ul, fltLib.LastBlockedMessageID);
        }
Esempio n. 5
0
        public void WaitRequest_PathAndProcessExists_RuleDoesnt()
        {
            // Arrange
            var ExpectedRequest = new ACCESS_REQUEST {
                Path = "c:\\test.txt", ProcessID = 4, MessageId = 123
            };

            fltLib.SetGetMessageReturn(0, ExpectedRequest);
            ruleset.Paths.AddPathsRow("c:\\test.txt");
            ruleset.Processes.AddProcessesRow("System");
            core.Start(ruleset, serviceInterface, null);

            // Act
            core.WaitRequest();

            // Assert
            Assert.AreEqual((ulong)123, fltLib.LastAllowedMessageID);
        }
Esempio n. 6
0
        public void WaitRequest_BUG_WildcardRuleAndProcessAdded()
        {
            // Arrange
            var ExpectedPath    = "c:\\test.txt";
            var ExpectedRequest = new ACCESS_REQUEST {
                Path = ExpectedPath, MessageId = 123
            };

            fltLib.SetGetMessageReturn(0, ExpectedRequest);
            AddRule(ruleset, RuleAction.Block, "*");
            ruleset.Processes.AddProcessesRow(ExpectedRequest.ProcessPath);
            core.Start(ruleset, serviceInterface, null);

            // Act
            core.WaitRequest();

            // Assert
            Assert.AreEqual((ulong)123, fltLib.LastBlockedMessageID);
        }
Esempio n. 7
0
        private ACCESS_REQUEST ArrangeForCreateRuleTests(string processPath)
        {
            // User wants to create rule.
            serviceInterface = new ServiceInterface(ruleset);

            serviceInterface.AccessRequested += ((sender, e) =>
            {
                e.CreateRule = true;
                e.Allow = true;
            });
            // Request which will be thrown.
            var Request = new ACCESS_REQUEST {
                Path = "c:\\test.txt", ProcessID = 4, MessageId = 123
            };

            fltLib.SetGetMessageReturn(0, Request);
            // Add "wildcard" rule for which WaitRequest will create "specific" rule.
            AddRule(ruleset, RuleAction.Ask, Request.Path, processPath);
            core.Start(ruleset, serviceInterface, null);
            return(Request);
        }
Esempio n. 8
0
        public void GetMessage_SetGetMessageReturn()
        {
            var expectedData = new ACCESS_REQUEST();

            expectedData.ReplyLength = (uint)Marshal.SizeOf(typeof(ACCESS_REQUEST));
            expectedData.MessageId   = 10;
            expectedData.ProcessID   = 11;
            expectedData.AccessType  = ACCESS_TYPE.REGISTRY;
            expectedData.RuleID      = 144;
            expectedData.Path        = "HKCU\\USER\\SOMEKEY";
            stub.SetGetMessageReturn(-125, expectedData);

            var request = new ACCESS_REQUEST();
            var hr      = stub.FilterGetMessage(IntPtr.Zero, ref request, 0, IntPtr.Zero);

            Assert.AreNotSame(expectedData, request);
            Assert.AreEqual(-125, hr);
            Assert.AreEqual(expectedData.ReplyLength, request.ReplyLength);
            Assert.AreEqual(expectedData.MessageId, request.MessageId);
            Assert.AreEqual(expectedData.ProcessID, request.ProcessID);
            Assert.AreEqual(expectedData.AccessType, request.AccessType);
            Assert.AreEqual(expectedData.RuleID, request.RuleID);
            Assert.AreEqual(expectedData.Path, request.Path);
        }
Esempio n. 9
0
 public override int FilterGetMessage(IntPtr hPort, ref ACCESS_REQUEST lpMessageBuffer, int dwMessageBufferSize, IntPtr lpOverlapped)
 {
     lpMessageBuffer = getMessageRequest;
     return(getMessageReturn);
 }
Esempio n. 10
0
 public void SetGetMessageReturn(int returnCode, ACCESS_REQUEST request)
 {
     getMessageRequest = request;
     getMessageReturn  = returnCode;
 }
Esempio n. 11
0
 private void ArrangeForTestCounters(ACCESS_REQUEST Request, RuleAction ruleAction)
 {
     core.Start(ruleset, serviceInterface, null);
     fltLib.SetGetMessageReturn(0, Request);
     AddRule(ruleset, ruleAction, "some path", "*");
 }