public void AssignNewDesktop() { // Arrange Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.WindowStation; prisonRules.PrisonHomePath = String.Format(@"c:\prison_tests\{0}", prison.ID); prison.Lockdown(prisonRules); // Act string exe = Utilities.CreateExeForPrison( string.Format(@" byte[] name = new byte[1024]; uint actualLength; GetUserObjectInformation(GetProcessWindowStation(), UOI_NAME, name, 1024, out actualLength); string workstationName = ASCIIEncoding.ASCII.GetString(name, 0, (int)actualLength - 1); if (workstationName != ""{0}"") {{ return 1; }} return 0; }} [DllImport(""user32.dll"", SetLastError = true)] public static extern bool GetUserObjectInformation(IntPtr hObj, int nIndex, [Out] byte[] pvInfo, uint nLength, out uint lpnLengthNeeded); [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] [DllImport(""user32"", CharSet = CharSet.Unicode, SetLastError = true)] internal static extern IntPtr GetProcessWindowStation(); public const int UOI_FLAGS = 1; public const int UOI_NAME = 2; public const int UOI_TYPE = 3; public const int UOI_USER_SID = 4; public const int UOI_HEAPSIZE = 5; //Windows Server 2003 and Windows XP/2000: This value is not supported. public const int UOI_IO = 6; private static int Dummy() {{ ", prison.User.Username), prison); Process process = prison.Execute(exe, "", false); process.WaitForExit(); prison.Destroy(); // Assert Assert.AreEqual(0, process.ExitCode); }
public void TestLockdown() { using (ShimsContext.Create()) { PrisonTestsHelper.PrisonLockdownFakes(); string createdUser = null; string userProfileDestination = null; bool saveWasInvoked = false; ShimWindowsUsersAndGroups.CreateUserStringString = (username, password) => { createdUser = username; return; }; ShimPrison.AllInstances.ChangeRegistryUserProfileString = (pris, destination) => { userProfileDestination = destination; return; }; ShimXmlObjectSerializer.AllInstances.WriteObjectStreamObject = (data, writeStream, fakePrison) => { saveWasInvoked = true; return; }; Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); Assert.AreEqual(createdUser, prison.User.Username); Assert.IsTrue(createdUser.Contains(prison.Tag)); // The user profile has to be moved in the prison home dir Assert.IsTrue(userProfileDestination.Contains(prisonRules.PrisonHomePath)); Assert.IsTrue(saveWasInvoked); } }
public void TestMultipleEcho() { // Arrange Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = CellType.None; prison.Lockdown(prisonRules); // Act Process process1 = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c echo test"); Process process2 = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c echo test"); // Assert Assert.AreNotEqual(0, process1.Id); Assert.AreNotEqual(0, process2.Id); }
public void DenyExcesiveMemory() { // Arrange Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.Memory; prisonRules.TotalPrivateMemoryLimitBytes = 50 * 1024 * 1024; prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome"; prison.Lockdown(prisonRules); // Act string exe = Utilities.CreateExeForPrison( @" byte[] memory = new byte[100 * 1024 * 1024]; Random rnd = new Random(); rnd.NextBytes(memory); ", prison); Process process = prison.Execute(exe); process.WaitForExit(); // Assert Assert.AreNotEqual(0, process.ExitCode); }
public void StopForkBombs() { Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.Memory; // prisonRules.CellType = RuleType.WindowStation; prisonRules.CPUPercentageLimit = 2; prisonRules.TotalPrivateMemoryLimitBytes = 50 * 1024 * 1024; prisonRules.PrisonHomePath = @"c:\prison_tests\p7"; prisonRules.ActiveProcessesLimit = 5; prison.Lockdown(prisonRules); Process process = prison.Execute("", "cmd /c for /L %n in (1,0,10) do ( start cmd /k echo 32 )"); // Wait for the bomb to explode while (true) { if (prison.JobObject.ActiveProcesses >= 4) { break; } Thread.Sleep(100); } Thread.Sleep(500); Assert.IsTrue(prison.JobObject.ActiveProcesses < 6); prison.Destroy(); }
public void TestMultipleEcho() { // Arrange Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.PrisonHomePath = String.Format(@"c:\prison_tests\{0}", prison.ID); prison.Lockdown(prisonRules); // Act Process process1 = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c echo test"); Process process2 = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c echo test"); // Assert Assert.AreNotEqual(0, process1.Id); Assert.AreNotEqual(0, process2.Id); prison.Destroy(); }
public void TestExitCode() { // Arrange Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.CellType |= RuleType.Filesystem; prisonRules.PrisonHomePath = String.Format(@"c:\prison_tests\{0}", prison.ID); prison.Lockdown(prisonRules); // Act Process process = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c exit 667"); process.WaitForExit(); prison.Destroy(); // Assert Assert.AreEqual(667, process.ExitCode); }
public void DenyExcesiveDiskUsage() { // Arrange Prison.Init(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.Disk; prisonRules.DiskQuotaBytes = 50 * 1024 * 1024; prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome"; prison.Lockdown(prisonRules); // Act string exe = Utilities.CreateExeForPrison( @" for (int size = 1; size < 100; size++) {{ byte[] content = new byte[1024 * 1024]; File.AppendAllText(Guid.NewGuid().ToString(""N""), ASCIIEncoding.ASCII.GetString(content)); }}", prison); Process process = prison.Execute(exe); process.WaitForExit(); // Assert Assert.AreNotEqual(0, process.ExitCode); }
public void StopForkBombs() { Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.Memory; // prisonRules.CellType = RuleType.WindowStation; prisonRules.CPUPercentageLimit = 2; prisonRules.TotalPrivateMemoryLimitBytes = 50 * 1024 * 1024; prisonRules.PrisonHomePath = @"c:\prison_tests\p7"; prisonRules.ActiveProcessesLimit = 5; prison.Lockdown(prisonRules); Process process = prison.Execute("", "cmd /c for /L %n in (1,0,10) do ( start cmd /k echo 32 )"); // Wait for the bomb to explode while (true) { if (prison.JobObject.ActiveProcesses >= 4) break; Thread.Sleep(100); } Thread.Sleep(500); Assert.IsTrue(prison.JobObject.ActiveProcesses < 6); prison.Destroy(); }
public void PrisonApplyNetworkAppTest() { using (ShimsContext.Create()) { PrisonTestsHelper.PrisonLockdownFakes(); PrisonTestsHelper.ApplyNetworkRuleFakes(); ManagementObject mobj = null; ShimManagementObject.AllInstances.Put = (@this) => { mobj = @this; return new ShimManagementPath(); }; Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.CellType |= RuleType.Network; prisonRules.UrlPortAccess = 56444; prisonRules.AppPortOutboundRateLimitBitsPerSecond = 500; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); Assert.AreEqual(mobj["ThrottleRateAction"].ToString(), 500.ToString()); Assert.IsTrue(mobj["URIMatchCondition"].ToString().Contains(56444.ToString())); } }
public void AllowAccessInHomeDir() { // Arrange Prison.Init(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = CellType.Filesystem; prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome"; prison.Lockdown(prisonRules); // Act string exe = Utilities.CreateExeForPrison( @" File.WriteAllText(Guid.NewGuid().ToString(""N""), Guid.NewGuid().ToString()); ", prison); Process process = prison.Execute(exe); process.WaitForExit(); // Assert Assert.AreEqual(0, process.ExitCode); }
public void DenyExcesiveMemory() { // Arrange Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = CellType.Memory; prisonRules.TotalPrivateMemoryLimitBytes = 50 * 1024 * 1024; prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome"; prison.Lockdown(prisonRules); // Act string exe = Utilities.CreateExeForPrison( @" byte[] memory = new byte[100 * 1024 * 1024]; Random rnd = new Random(); rnd.NextBytes(memory); ", prison); Process process = prison.Execute(exe); process.WaitForExit(); // Assert Assert.AreNotEqual(0, process.ExitCode); }
public void PrisonApplyNetworkAppTest() { using (ShimsContext.Create()) { PrisonTestsHelper.PrisonLockdownFakes(); PrisonTestsHelper.ApplyNetworkRuleFakes(); ManagementObject mobj = null; ShimManagementObject.AllInstances.Put = (@this) => { mobj = @this; return(new ShimManagementPath()); }; Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.CellType |= RuleType.Network; prisonRules.UrlPortAccess = 56444; prisonRules.AppPortOutboundRateLimitBitsPerSecond = 500; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); Assert.AreEqual(mobj["ThrottleRateAction"].ToString(), 500.ToString()); Assert.IsTrue(mobj["URIMatchCondition"].ToString().Contains(56444.ToString())); } }
public void DenyExcesiveDiskUsage() { // Arrange Prison.Init(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = CellType.Disk; prisonRules.DiskQuotaBytes = 50 * 1024 * 1024; prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome"; prison.Lockdown(prisonRules); // Act string exe = Utilities.CreateExeForPrison( @" for (int size = 1; size < 100; size++) {{ byte[] content = new byte[1024 * 1024]; File.AppendAllText(Guid.NewGuid().ToString(""N""), ASCIIEncoding.ASCII.GetString(content)); }}", prison); Process process = prison.Execute(exe); process.WaitForExit(); // Assert Assert.AreNotEqual(0, process.ExitCode); }
public void TestSimpleEcho() { using (ShimsContext.Create()) { // shim Prison.Lockdown PrisonTestsHelper.PrisonLockdownFakes(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); // shim Prison.Execute Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION { hProcess = new IntPtr(2400), hThread = new IntPtr(2416), dwProcessId = 5400, dwThreadId = 4544 }; PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo); ShimPrison.GetCurrentSessionId = () => { return(0); }; var shimedProcess = new ShimProcess(); shimedProcess.IdGet = () => { return(processInfo.dwProcessId); }; var raisingEventsChangedTo = false; shimedProcess.EnableRaisingEventsSetBoolean = (value) => { raisingEventsChangedTo = value; }; ShimProcess.GetProcessByIdInt32 = (id) => { return((Process)shimedProcess); }; Process procAddedToJob = null; ShimJobObject.AllInstances.AddProcessProcess = (jobObject, proc) => { procAddedToJob = proc; return; }; ShimPrison.AllInstances.AddProcessToGuardJobObjectProcess = (fakePrison, proc) => { return; }; var processIdResumed = 0; ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { processIdResumed = pProcess.Id; }; // Act Process process = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c echo test"); // Assert Assert.AreEqual(processInfo.dwProcessId, process.Id); Assert.AreEqual(processInfo.dwProcessId, processIdResumed); Assert.AreEqual(procAddedToJob.Id, process.Id); Assert.AreEqual(true, raisingEventsChangedTo); } }
public void TestSimpleEcho() { using (ShimsContext.Create()) { // shim Prison.Lockdown PrisonTestsHelper.PrisonLockdownFakes(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); // shim Prison.Execute Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION { hProcess = new IntPtr(2400), hThread = new IntPtr(2416), dwProcessId = 5400, dwThreadId = 4544 }; PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo); ShimPrison.GetCurrentSessionId = () => { return 0; }; var shimedProcess = new ShimProcess(); shimedProcess.IdGet = () => { return processInfo.dwProcessId; }; var raisingEventsChangedTo = false; shimedProcess.EnableRaisingEventsSetBoolean = (value) => { raisingEventsChangedTo = value; }; ShimProcess.GetProcessByIdInt32 = (id) => { return (Process)shimedProcess; }; Process procAddedToJob = null; ShimJobObject.AllInstances.AddProcessProcess = (jobObject, proc) => { procAddedToJob = proc; return; }; ShimPrison.AllInstances.AddProcessToGuardJobObjectProcess = (fakePrison, proc) => { return; }; var processIdResumed = 0; ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { processIdResumed = pProcess.Id; }; // Act Process process = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c echo test"); // Assert Assert.AreEqual(processInfo.dwProcessId, process.Id); Assert.AreEqual(processInfo.dwProcessId, processIdResumed); Assert.AreEqual(procAddedToJob.Id, process.Id); Assert.AreEqual(true, raisingEventsChangedTo); } }
public void PrisonApplyWindowStationTest() { using (ShimsContext.Create()) { int winStationPtr = 2658; PrisonTestsHelper.PrisonLockdownFakes(); PrisonTestsHelper.ApplyWindowStationRuleFakes(winStationPtr); string username = null; ShimWindowStation.NativeOpenWindowStationString = (user) => { username = user; return new IntPtr(winStationPtr); }; ShimWindowStation.NativeCreateWindowStationString = (user) => { username = user; return new IntPtr(winStationPtr); }; Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.CellType |= RuleType.WindowStation; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION { hProcess = new IntPtr(2400), hThread = new IntPtr(2416), dwProcessId = 5400, dwThreadId = 4544 }; PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo); ShimPrison.GetCurrentSessionId = () => { return 0; }; ShimProcess.GetProcessByIdInt32 = (id) => { return new Process(); }; ShimJobObject.AllInstances.AddProcessProcess = (jobObject, proc) => { return; }; ShimPrison.AllInstances.AddProcessToGuardJobObjectProcess = (fakePrison, proc) => { return; }; ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { }; Process process = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c echo test"); Assert.AreEqual(prison.desktopName, string.Format(@"{0}\Default", username)); } }
public void PrisonApplyWindowStationTest() { using (ShimsContext.Create()) { int winStationPtr = 2658; PrisonTestsHelper.PrisonLockdownFakes(); PrisonTestsHelper.ApplyWindowStationRuleFakes(winStationPtr); string username = null; ShimWindowStation.NativeOpenWindowStationString = (user) => { username = user; return(new IntPtr(winStationPtr)); }; ShimWindowStation.NativeCreateWindowStationString = (user) => { username = user; return(new IntPtr(winStationPtr)); }; Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.CellType |= RuleType.WindowStation; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION { hProcess = new IntPtr(2400), hThread = new IntPtr(2416), dwProcessId = 5400, dwThreadId = 4544 }; PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo); ShimPrison.GetCurrentSessionId = () => { return(0); }; ShimProcess.GetProcessByIdInt32 = (id) => { return(new Process()); }; ShimJobObject.AllInstances.AddProcessProcess = (jobObject, proc) => { return; }; ShimPrison.AllInstances.AddProcessToGuardJobObjectProcess = (fakePrison, proc) => { return; }; ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { }; Process process = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c echo test"); Assert.AreEqual(prison.desktopName, string.Format(@"{0}\Default", username)); } }
public void PrisonApplyFilesystemTest() { using (ShimsContext.Create()) { PrisonTestsHelper.PrisonLockdownFakes(); PrisonTestsHelper.ApplyFilesystemFakes(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.CellType |= RuleType.Filesystem; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); } }
public void PrisonApplyIISGroupTest() { using (ShimsContext.Create()) { PrisonTestsHelper.PrisonLockdownFakes(); PrisonTestsHelper.ApplyIISGroupFakes(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.CellType |= RuleType.IISGroup; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); } }
public void PrisonReattachFilesystemTest() { using (ShimsContext.Create()) { PrisonTestsHelper.PrisonLockdownFakes(); PrisonTestsHelper.ApplyFilesystemFakes(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.CellType |= RuleType.Filesystem; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); prison.Reattach(); } }
public void PrisonReattachWindowStationTest() { using (ShimsContext.Create()) { PrisonTestsHelper.PrisonLockdownFakes(); PrisonTestsHelper.ApplyWindowStationRuleFakes(2658); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.CellType |= RuleType.WindowStation; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); prison.Reattach(); } }
public void TestSimpleEcho() { // Arrange Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = CellType.None; prison.Lockdown(prisonRules); // Act Process process = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c echo test"); // Assert Assert.AreNotEqual(0, process.Id); }
public void TestDestroy() { using (ShimsContext.Create()) { PrisonTestsHelper.PrisonLockdownFakes(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); PrisonTestsHelper.PrisonDestroyFakes(); prison.Destroy(); } }
public void TestLoadPrisonAndAttach() { using (ShimsContext.Create()) { PrisonTestsHelper.PrisonLockdownFakes(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); PrisonTestsHelper.PrisonLoadFakes(prison.ID); Prison prisonLoaded = Prison.LoadPrisonAndAttach(prison.ID); Assert.IsTrue(prisonLoaded != null); Assert.IsTrue(prisonLoaded.ID == prison.ID); } }
public void PrisonApplyHttpsysTest() { using (ShimsContext.Create()) { PrisonTestsHelper.PrisonLockdownFakes(); PrisonTestsHelper.ApplyHttpsysFakes(); string addPortCommand = null; ShimCommand.ExecuteCommandString = (command) => { addPortCommand = command; return 0; }; Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.CellType |= RuleType.Httpsys; prisonRules.UrlPortAccess = 5400; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); Assert.IsTrue(addPortCommand.Contains(prisonRules.UrlPortAccess.ToString())); } }
public void PrisonDestroyNetworkTest() { using (ShimsContext.Create()) { PrisonTestsHelper.PrisonLockdownFakes(); PrisonTestsHelper.ApplyNetworkRuleFakes(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.CellType |= RuleType.Network; prisonRules.NetworkOutboundRateLimitBitsPerSecond = 500; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); PrisonTestsHelper.PrisonDestroyFakes(); ShimNetwork.RemoveOutboundThrottlePolicyString = (username) => { return; }; prison.Destroy(); } }
public void PrisonApplyHttpsysTest() { using (ShimsContext.Create()) { PrisonTestsHelper.PrisonLockdownFakes(); PrisonTestsHelper.ApplyHttpsysFakes(); string addPortCommand = null; ShimCommand.ExecuteCommandString = (command) => { addPortCommand = command; return(0); }; Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.CellType |= RuleType.Httpsys; prisonRules.UrlPortAccess = 5400; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); Assert.IsTrue(addPortCommand.Contains(prisonRules.UrlPortAccess.ToString())); } }
public void PrisonApplyDiskTest() { using (ShimsContext.Create()) { PrisonTestsHelper.PrisonLockdownFakes(); PrisonTestsHelper.ApplyDiskRuleFakes(); long quotaSetTo = 0; ShimDisk.ShimDiskQuotaManager.SetDiskQuotaLimitStringStringInt64 = (WindowsUsername, Path, DiskQuotaBytes) => { quotaSetTo = DiskQuotaBytes; return; }; Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.CellType |= RuleType.Disk; prisonRules.DiskQuotaBytes = 500; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); Assert.AreEqual(quotaSetTo, 500); } }
public void PrisonDestroyHttpsysTest() { using (ShimsContext.Create()) { PrisonTestsHelper.PrisonLockdownFakes(); PrisonTestsHelper.ApplyHttpsysFakes(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.CellType |= RuleType.Httpsys; prisonRules.UrlPortAccess = 5400; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); PrisonTestsHelper.PrisonDestroyFakes(); PrisonTestsHelper.HttpsysRemovePortAccessFakes(); prison.Destroy(); } }
public void TestSimpleEcho() { // Arrange Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.PrisonHomePath = @"c:\prison_tests\p9"; prison.Lockdown(prisonRules); // Act Process process = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c echo test"); // Assert Assert.AreNotEqual(0, process.Id); }
public void LoadPrison() { // Arrange Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.PrisonHomePath = @"c:\prison_tests\p1"; prisonRules.CellType = RuleType.WindowStation; prison.Lockdown(prisonRules); // Act var prisonLoaded = Prison.LoadPrisonAndAttach(prison.ID); Process process = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c exit 667"); process.WaitForExit(); // Assert Process process2 = prisonLoaded.Execute( @"c:\windows\system32\cmd.exe", @"/c exit 667"); process2.WaitForExit(); // Assert Assert.AreEqual(667, process.ExitCode); prison.Destroy(); }
public void TestLoad() { using (ShimsContext.Create()) { PrisonTestsHelper.PrisonLockdownFakes(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); PrisonTestsHelper.PrisonLoadFakes(prison.ID); Prison[] prisons = Prison.Load(); Assert.AreEqual(prisons.Length, 1); foreach (var prisonItem in prisons) { Assert.IsTrue(prisonItem.ID == prison.ID); } } }
// Currently not working public void LimitPagedPool() { Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); // prisonRules.CellType = RuleType.WindowStation; prisonRules.CellType = RuleType.Memory; prisonRules.TotalPrivateMemoryLimitBytes = 50 * 1024 * 1024; prisonRules.PrisonHomePath = @"c:\prison_tests\p9"; prisonRules.ActiveProcessesLimit = 5; prison.Lockdown(prisonRules); // Act string exe = Utilities.CreateExeForPrison( @" string MailslotName = @""\\.\mailslot\sterssmailslot""; var hMailslotA = CreateMailslot(MailslotName, 0, MAILSLOT_WAIT_FOREVER, IntPtr.Zero); var hMailslot = CreateFile(MailslotName, FileDesiredAccess.GENERIC_WRITE, FileShareMode.FILE_SHARE_READ, IntPtr.Zero, FileCreationDisposition.OPEN_EXISTING, 0, IntPtr.Zero); int cbBytesWritten; byte[] bMessage = Encoding.Unicode.GetBytes(""Hello mailslot! Still alive?""); while (true) { WriteFile(hMailslot, bMessage, bMessage.Length, out cbBytesWritten, IntPtr.Zero); } return 0; } [Flags] enum FileDesiredAccess : uint { GENERIC_READ = 0x80000000, GENERIC_WRITE = 0x40000000, GENERIC_EXECUTE = 0x20000000, GENERIC_ALL = 0x10000000 } [Flags] enum FileShareMode : uint { Zero = 0x00000000, // No sharing FILE_SHARE_DELETE = 0x00000004, FILE_SHARE_READ = 0x00000001, FILE_SHARE_WRITE = 0x00000002 } enum FileCreationDisposition : uint { CREATE_NEW = 1, CREATE_ALWAYS = 2, OPEN_EXISTING = 3, OPEN_ALWAYS = 4, TRUNCATE_EXISTING = 5 } const int MAILSLOT_WAIT_FOREVER = -1; const int MAILSLOT_NO_MESSAGE = -1; [DllImport(""kernel32.dll"", CharSet = CharSet.Auto, SetLastError = true)] static extern IntPtr CreateMailslot(string mailslotName, uint nMaxMessageSize, int lReadTimeout, IntPtr securityAttributes); [DllImport(""kernel32.dll"", CharSet = CharSet.Auto, SetLastError = true)] static extern IntPtr CreateFile(string fileName, FileDesiredAccess desiredAccess, FileShareMode shareMode, IntPtr securityAttributes, FileCreationDisposition creationDisposition, int flagsAndAttributes, IntPtr hTemplateFile); [DllImport(""kernel32.dll"", CharSet = CharSet.Auto, SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] static extern bool WriteFile(IntPtr handle, byte[] bytes, int numBytesToWrite, out int numBytesWritten, IntPtr overlapped); private static int Dummy() { ", prison); Process process = prison.Execute(exe); long lastVal = 0; // Wait for the bomb to explode while (prison.JobObject.PagedSystemMemory > lastVal) { lastVal = prison.JobObject.PagedSystemMemory; Assert.IsTrue(prison.JobObject.PagedSystemMemory < prisonRules.TotalPrivateMemoryLimitBytes); Thread.Sleep(300); } prison.Destroy(); }
public void AllowLargerUploadSpeedOnSecondPort() { // Arrange Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = CellType.Firewall | CellType.Network; prisonRules.NetworkOutboundRateLimitBitsPerSecond = 8 * 1024 * 100; prisonRules.AppPortOutboundRateLimitBitsPerSecond = 8 * 1024 * 200; prisonRules.UrlPortAccess = 56444; prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome"; prison.Lockdown(prisonRules); // Act string exe = Utilities.CreateExeForPrison( @" HttpListener actualServer = null; int port = 56444; int actualServerPort = port; actualServer = new HttpListener(); actualServer.Prefixes.Add(string.Format(""http://*:{0}/"", port)); actualServer.Start(); byte[] reply = new byte[1024 * 1024]; Random rnd = new Random(); rnd.NextBytes(reply); Console.WriteLine(""Done loading""); int requests = 0; while (requests < 2) { HttpListenerContext context = actualServer.GetContext(); context.Response.StatusCode = 200; if (requests == 0) { context.Response.OutputStream.Write(reply, 0, reply.Length); } context.Response.OutputStream.Close(); requests++; } if (actualServer != null) { actualServer.Stop(); } FtpWebRequest request = (FtpWebRequest)WebRequest.Create(""ftp://10.0.0.136/vladi/uploadtest.txt""); request.ConnectionGroupName = ""MyGroupName""; request.UseBinary = true; request.KeepAlive = true; request.Method = WebRequestMethods.Ftp.UploadFile; // This example assumes the FTP site uses anonymous logon. request.Credentials = new NetworkCredential(""jenkins"", ""uhuruservice1234!""); request.ContentLength = 1024 * 1024; Stream requestStream = request.GetRequestStream(); Stopwatch timer = Stopwatch.StartNew(); for (int i = 0; i < request.ContentLength / 256; i++) { timer.Stop(); byte[] data = new byte[256]; Random random = new Random(); random.NextBytes(data); timer.Start(); requestStream.Write(data, 0, data.Length); } requestStream.Close(); FtpWebResponse response = (FtpWebResponse)request.GetResponse(); response.Close(); timer.Stop(); if ((1024 / timer.Elapsed.TotalSeconds) > 110) { return 1; } ", prison); Process process = prison.Execute(exe); // Wait a bit for everything to be setup. Thread.Sleep(5000); Stopwatch timer = Stopwatch.StartNew(); WebClient client = new WebClient(); client.Proxy = new WebProxy("http://192.168.1.119:8080"); byte[] data = client.DownloadData("http://10.0.0.4:56444/"); timer.Stop(); Assert.IsTrue( ((1024 / timer.Elapsed.TotalSeconds) < 210) && ((1024 / timer.Elapsed.TotalSeconds) > 110), string.Format("Downloaded {0} bytes in {1} seconds, at a rate of {2} KB/s", data.Length, timer.Elapsed.TotalSeconds, 1024 / timer.Elapsed.TotalSeconds)); client.DownloadData("http://localhost:56444/"); process.WaitForExit(); // Assert Assert.AreEqual(0, process.ExitCode); }
public void AllowUnlimitedUploadSpeed() { // Arrange Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = CellType.None; prisonRules.NetworkOutboundRateLimitBitsPerSecond = 8 * 1024 * 100; prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome"; prison.Lockdown(prisonRules); // Wait a bit for the rule to take effect. Thread.Sleep(5000); // Act string exe = Utilities.CreateExeForPrison( @" FtpWebRequest request = (FtpWebRequest)WebRequest.Create(""ftp://10.0.0.136/vladi/uploadtest.txt""); request.ConnectionGroupName = ""MyGroupName""; request.UseBinary = true; request.KeepAlive = true; request.Method = WebRequestMethods.Ftp.UploadFile; // This example assumes the FTP site uses anonymous logon. request.Credentials = new NetworkCredential(""jenkins"", ""uhuruservice1234!""); request.ContentLength = 1024 * 1024; Stream requestStream = request.GetRequestStream(); Stopwatch timer = Stopwatch.StartNew(); for (int i = 0; i < request.ContentLength / 256; i++) { timer.Stop(); byte[] data = new byte[256]; Random random = new Random(); random.NextBytes(data); timer.Start(); requestStream.Write(data, 0, data.Length); } requestStream.Close(); FtpWebResponse response = (FtpWebResponse)request.GetResponse(); response.Close(); timer.Stop(); if ((1024 / timer.Elapsed.TotalSeconds) > 110) { return 1; } ", prison); Process process = prison.Execute(exe); process.WaitForExit(); // Assert Assert.AreNotEqual(0, process.ExitCode); }
public void TestSimpleEchoChangedSession() { using (ShimsContext.Create()) { // shim Prison.Lockdown PrisonTestsHelper.PrisonLockdownFakes(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); // shim Prison.Execute Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION { hProcess = new IntPtr(2400), hThread = new IntPtr(2416), dwProcessId = 5400, dwThreadId = 4544 }; PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo); ShimPrison.GetCurrentSessionId = () => { return 12; }; ShimPrison.InitChangeSessionServiceString = (tempSeriviceId) => { return; }; StubIExecutor exec = new StubIExecutor(); ShimChannelFactory<IExecutor>.AllInstances.CreateChannel = (executor) => { return exec; }; exec.ExecuteProcessPrisonStringStringDictionaryOfStringString = (fakePrison, filename, arguments, extraEnvironmentVariables) => { return processInfo.dwProcessId; }; var shimedProcess = new ShimProcess(); shimedProcess.IdGet = () => { return processInfo.dwProcessId; }; var raisingEventsChangedTo = false; shimedProcess.EnableRaisingEventsSetBoolean = (value) => { raisingEventsChangedTo = value; }; ShimProcess.GetProcessByIdInt32 = (id) => { return (Process)shimedProcess; }; ShimPrison.AllInstances.CloseRemoteSessionIExecutor = (fakePrison, executor) => { return; }; var processIdResumed = 0; ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { processIdResumed = pProcess.Id; }; ShimPrison.RemoveChangeSessionServiceString = (sessionId) => { return; }; // Act Process process = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c echo test"); // Assert Assert.AreEqual(processInfo.dwProcessId, process.Id); Assert.AreEqual(processInfo.dwProcessId, processIdResumed); Assert.AreEqual(true, raisingEventsChangedTo); } }
public void TestSimpleEchoChangedSession() { using (ShimsContext.Create()) { // shim Prison.Lockdown PrisonTestsHelper.PrisonLockdownFakes(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); // shim Prison.Execute Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION { hProcess = new IntPtr(2400), hThread = new IntPtr(2416), dwProcessId = 5400, dwThreadId = 4544 }; PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo); ShimPrison.GetCurrentSessionId = () => { return(12); }; ShimPrison.InitChangeSessionServiceString = (tempSeriviceId) => { return; }; StubIExecutor exec = new StubIExecutor(); ShimChannelFactory <IExecutor> .AllInstances.CreateChannel = (executor) => { return(exec); }; exec.ExecuteProcessPrisonStringStringDictionaryOfStringString = (fakePrison, filename, arguments, extraEnvironmentVariables) => { return(processInfo.dwProcessId); }; var shimedProcess = new ShimProcess(); shimedProcess.IdGet = () => { return(processInfo.dwProcessId); }; var raisingEventsChangedTo = false; shimedProcess.EnableRaisingEventsSetBoolean = (value) => { raisingEventsChangedTo = value; }; ShimProcess.GetProcessByIdInt32 = (id) => { return((Process)shimedProcess); }; ShimPrison.AllInstances.CloseRemoteSessionIExecutor = (fakePrison, executor) => { return; }; var processIdResumed = 0; ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { processIdResumed = pProcess.Id; }; ShimPrison.RemoveChangeSessionServiceString = (sessionId) => { return; }; // Act Process process = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c echo test"); // Assert Assert.AreEqual(processInfo.dwProcessId, process.Id); Assert.AreEqual(processInfo.dwProcessId, processIdResumed); Assert.AreEqual(true, raisingEventsChangedTo); } }
public void DisallowAccessEverywhereElse() { // Arrange Prison.Init(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = CellType.Filesystem; prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome"; prison.Lockdown(prisonRules); // Act string exe = Utilities.CreateExeForPrison( @" return WalkDirectoryTree(new DirectoryInfo(@""c:\"")); } static int WalkDirectoryTree(System.IO.DirectoryInfo root) { System.IO.DirectoryInfo[] subDirs = null; // First, process all the files directly under this folder try { string adir = Guid.NewGuid().ToString(""N""); Directory.CreateDirectory(Path.Combine(root.FullName, adir)); Directory.Delete(Path.Combine(root.FullName, adir)); return 1; } catch { } try { string adir = Guid.NewGuid().ToString(""N""); File.WriteAllText(Path.Combine(root.FullName, adir), ""test""); File.Delete(Path.Combine(root.FullName, adir)); return 1; } catch { } try { subDirs = root.GetDirectories(); foreach (System.IO.DirectoryInfo dirInfo in subDirs) { // Resursive call for each subdirectory. return WalkDirectoryTree(dirInfo); } } catch { } return 0; } static int Dummy() { ", prison); Process process = prison.Execute(exe); process.WaitForExit(); // Assert Assert.AreEqual(0, process.ExitCode); }
public void AllowLargerUploadSpeedOnSecondPort() { // Arrange Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.Httpsys | RuleType.Network; prisonRules.NetworkOutboundRateLimitBitsPerSecond = 8 * 1024 * 100; prisonRules.AppPortOutboundRateLimitBitsPerSecond = 8 * 1024 * 200; prisonRules.UrlPortAccess = 56444; prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome"; prison.Lockdown(prisonRules); // Act string exe = Utilities.CreateExeForPrison( @" HttpListener actualServer = null; int port = 56444; int actualServerPort = port; actualServer = new HttpListener(); actualServer.Prefixes.Add(string.Format(""http://*:{0}/"", port)); actualServer.Start(); byte[] reply = new byte[1024 * 1024]; Random rnd = new Random(); rnd.NextBytes(reply); Console.WriteLine(""Done loading""); int requests = 0; while (requests < 2) { HttpListenerContext context = actualServer.GetContext(); context.Response.StatusCode = 200; if (requests == 0) { context.Response.OutputStream.Write(reply, 0, reply.Length); } context.Response.OutputStream.Close(); requests++; } if (actualServer != null) { actualServer.Stop(); } FtpWebRequest request = (FtpWebRequest)WebRequest.Create(""ftp://10.0.0.136/vladi/uploadtest.txt""); request.ConnectionGroupName = ""MyGroupName""; request.UseBinary = true; request.KeepAlive = true; request.Method = WebRequestMethods.Ftp.UploadFile; // This example assumes the FTP site uses anonymous logon. request.Credentials = new NetworkCredential(""jenkins"", ""uhuruservice1234!""); request.ContentLength = 1024 * 1024; Stream requestStream = request.GetRequestStream(); Stopwatch timer = Stopwatch.StartNew(); for (int i = 0; i < request.ContentLength / 256; i++) { timer.Stop(); byte[] data = new byte[256]; Random random = new Random(); random.NextBytes(data); timer.Start(); requestStream.Write(data, 0, data.Length); } requestStream.Close(); FtpWebResponse response = (FtpWebResponse)request.GetResponse(); response.Close(); timer.Stop(); if ((1024 / timer.Elapsed.TotalSeconds) > 110) { return 1; } ", prison); Process process = prison.Execute(exe); // Wait a bit for everything to be setup. Thread.Sleep(5000); Stopwatch timer = Stopwatch.StartNew(); WebClient client = new WebClient(); client.Proxy = new WebProxy("http://192.168.1.119:8080"); byte[] data = client.DownloadData("http://10.0.0.10:56444/"); timer.Stop(); Assert.IsTrue( ((1024 / timer.Elapsed.TotalSeconds) < 210) && ((1024 / timer.Elapsed.TotalSeconds) > 110), string.Format("Downloaded {0} bytes in {1} seconds, at a rate of {2} KB/s", data.Length, timer.Elapsed.TotalSeconds, 1024 / timer.Elapsed.TotalSeconds)); client.DownloadData("http://localhost:56444/"); process.WaitForExit(); // Assert Assert.AreEqual(0, process.ExitCode); }
public void AllowUnlimitedUploadSpeed() { // Arrange Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.NetworkOutboundRateLimitBitsPerSecond = 8 * 1024 * 100; prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome"; prison.Lockdown(prisonRules); // Wait a bit for the rule to take effect. Thread.Sleep(5000); // Act string exe = Utilities.CreateExeForPrison( @" FtpWebRequest request = (FtpWebRequest)WebRequest.Create(""ftp://10.0.0.136/vladi/uploadtest.txt""); request.ConnectionGroupName = ""MyGroupName""; request.UseBinary = true; request.KeepAlive = true; request.Method = WebRequestMethods.Ftp.UploadFile; // This example assumes the FTP site uses anonymous logon. request.Credentials = new NetworkCredential(""jenkins"", ""uhuruservice1234!""); request.ContentLength = 1024 * 1024; Stream requestStream = request.GetRequestStream(); Stopwatch timer = Stopwatch.StartNew(); for (int i = 0; i < request.ContentLength / 256; i++) { timer.Stop(); byte[] data = new byte[256]; Random random = new Random(); random.NextBytes(data); timer.Start(); requestStream.Write(data, 0, data.Length); } requestStream.Close(); FtpWebResponse response = (FtpWebResponse)request.GetResponse(); response.Close(); timer.Stop(); if ((1024 / timer.Elapsed.TotalSeconds) > 110) { return 1; } ", prison); Process process = prison.Execute(exe); process.WaitForExit(); // Assert Assert.AreNotEqual(0, process.ExitCode); }