public void AssignNewDesktop()
{
// Arrange
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.WindowStation;
prisonRules.PrisonHomePath = String.Format(@"c:\prison_tests\{0}", prison.ID);
prison.Lockdown(prisonRules);
// Act
string exe = Utilities.CreateExeForPrison(
string.Format(@"
byte[] name = new byte[1024];
uint actualLength;
GetUserObjectInformation(GetProcessWindowStation(), UOI_NAME, name, 1024, out actualLength);
string workstationName = ASCIIEncoding.ASCII.GetString(name, 0, (int)actualLength - 1);
if (workstationName != ""{0}"")
{{
return 1;
}}
return 0;
}}
[DllImport(""user32.dll"", SetLastError = true)]
public static extern bool GetUserObjectInformation(IntPtr hObj, int nIndex,
[Out] byte[] pvInfo, uint nLength, out uint lpnLengthNeeded);
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
[DllImport(""user32"", CharSet = CharSet.Unicode, SetLastError = true)]
internal static extern IntPtr GetProcessWindowStation();
public const int UOI_FLAGS = 1;
public const int UOI_NAME = 2;
public const int UOI_TYPE = 3;
public const int UOI_USER_SID = 4;
public const int UOI_HEAPSIZE = 5; //Windows Server 2003 and Windows XP/2000: This value is not supported.
public const int UOI_IO = 6;
private static int Dummy()
{{
", prison.User.Username), prison);
Process process = prison.Execute(exe, "", false);
process.WaitForExit();
prison.Destroy();
// Assert
Assert.AreEqual(0, process.ExitCode);
}
public void TestLockdown()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
string createdUser = null;
string userProfileDestination = null;
bool saveWasInvoked = false;
ShimWindowsUsersAndGroups.CreateUserStringString = (username, password) => { createdUser = username; return; };
ShimPrison.AllInstances.ChangeRegistryUserProfileString = (pris, destination) => { userProfileDestination = destination; return; };
ShimXmlObjectSerializer.AllInstances.WriteObjectStreamObject = (data, writeStream, fakePrison) =>
{
saveWasInvoked = true;
return;
};
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
Assert.AreEqual(createdUser, prison.User.Username);
Assert.IsTrue(createdUser.Contains(prison.Tag));
// The user profile has to be moved in the prison home dir
Assert.IsTrue(userProfileDestination.Contains(prisonRules.PrisonHomePath));
Assert.IsTrue(saveWasInvoked);
}
}
public void TestMultipleEcho()
{
// Arrange
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = CellType.None;
prison.Lockdown(prisonRules);
// Act
Process process1 = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
Process process2 = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
// Assert
Assert.AreNotEqual(0, process1.Id);
Assert.AreNotEqual(0, process2.Id);
}
public void DenyExcesiveMemory()
{
// Arrange
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.Memory;
prisonRules.TotalPrivateMemoryLimitBytes = 50 * 1024 * 1024;
prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome";
prison.Lockdown(prisonRules);
// Act
string exe = Utilities.CreateExeForPrison(
@"
byte[] memory = new byte[100 * 1024 * 1024];
Random rnd = new Random();
rnd.NextBytes(memory);
", prison);
Process process = prison.Execute(exe);
process.WaitForExit();
// Assert
Assert.AreNotEqual(0, process.ExitCode);
}
public void TestLockdown()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
string createdUser = null;
string userProfileDestination = null;
bool saveWasInvoked = false;
ShimWindowsUsersAndGroups.CreateUserStringString = (username, password) => { createdUser = username; return; };
ShimPrison.AllInstances.ChangeRegistryUserProfileString = (pris, destination) => { userProfileDestination = destination; return; };
ShimXmlObjectSerializer.AllInstances.WriteObjectStreamObject = (data, writeStream, fakePrison) =>
{
saveWasInvoked = true;
return;
};
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
Assert.AreEqual(createdUser, prison.User.Username);
Assert.IsTrue(createdUser.Contains(prison.Tag));
// The user profile has to be moved in the prison home dir
Assert.IsTrue(userProfileDestination.Contains(prisonRules.PrisonHomePath));
Assert.IsTrue(saveWasInvoked);
}
}
public void StopForkBombs()
{
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.Memory;
// prisonRules.CellType = RuleType.WindowStation;
prisonRules.CPUPercentageLimit = 2;
prisonRules.TotalPrivateMemoryLimitBytes = 50 * 1024 * 1024;
prisonRules.PrisonHomePath = @"c:\prison_tests\p7";
prisonRules.ActiveProcessesLimit = 5;
prison.Lockdown(prisonRules);
Process process = prison.Execute("", "cmd /c for /L %n in (1,0,10) do ( start cmd /k echo 32 )");
// Wait for the bomb to explode
while (true)
{
if (prison.JobObject.ActiveProcesses >= 4)
{
break;
}
Thread.Sleep(100);
}
Thread.Sleep(500);
Assert.IsTrue(prison.JobObject.ActiveProcesses < 6);
prison.Destroy();
}
public void TestMultipleEcho()
{
// Arrange
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.PrisonHomePath = String.Format(@"c:\prison_tests\{0}", prison.ID);
prison.Lockdown(prisonRules);
// Act
Process process1 = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
Process process2 = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
// Assert
Assert.AreNotEqual(0, process1.Id);
Assert.AreNotEqual(0, process2.Id);
prison.Destroy();
}
public void TestExitCode()
{
// Arrange
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.Filesystem;
prisonRules.PrisonHomePath = String.Format(@"c:\prison_tests\{0}", prison.ID);
prison.Lockdown(prisonRules);
// Act
Process process = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c exit 667");
process.WaitForExit();
prison.Destroy();
// Assert
Assert.AreEqual(667, process.ExitCode);
}
public void TestMultipleEcho()
{
// Arrange
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.PrisonHomePath = String.Format(@"c:\prison_tests\{0}", prison.ID);
prison.Lockdown(prisonRules);
// Act
Process process1 = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
Process process2 = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
// Assert
Assert.AreNotEqual(0, process1.Id);
Assert.AreNotEqual(0, process2.Id);
prison.Destroy();
}
public void DenyExcesiveDiskUsage()
{
// Arrange
Prison.Init();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.Disk;
prisonRules.DiskQuotaBytes = 50 * 1024 * 1024;
prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome";
prison.Lockdown(prisonRules);
// Act
string exe = Utilities.CreateExeForPrison(
@"
for (int size = 1; size < 100; size++)
{{
byte[] content = new byte[1024 * 1024];
File.AppendAllText(Guid.NewGuid().ToString(""N""), ASCIIEncoding.ASCII.GetString(content));
}}", prison);
Process process = prison.Execute(exe);
process.WaitForExit();
// Assert
Assert.AreNotEqual(0, process.ExitCode);
}
public void StopForkBombs()
{
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.Memory;
// prisonRules.CellType = RuleType.WindowStation;
prisonRules.CPUPercentageLimit = 2;
prisonRules.TotalPrivateMemoryLimitBytes = 50 * 1024 * 1024;
prisonRules.PrisonHomePath = @"c:\prison_tests\p7";
prisonRules.ActiveProcessesLimit = 5;
prison.Lockdown(prisonRules);
Process process = prison.Execute("", "cmd /c for /L %n in (1,0,10) do ( start cmd /k echo 32 )");
// Wait for the bomb to explode
while (true)
{
if (prison.JobObject.ActiveProcesses >= 4) break;
Thread.Sleep(100);
}
Thread.Sleep(500);
Assert.IsTrue(prison.JobObject.ActiveProcesses < 6);
prison.Destroy();
}
public void PrisonApplyNetworkAppTest()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
PrisonTestsHelper.ApplyNetworkRuleFakes();
ManagementObject mobj = null;
ShimManagementObject.AllInstances.Put =
(@this) =>
{
mobj = @this;
return new ShimManagementPath();
};
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.Network;
prisonRules.UrlPortAccess = 56444;
prisonRules.AppPortOutboundRateLimitBitsPerSecond = 500;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
Assert.AreEqual(mobj["ThrottleRateAction"].ToString(), 500.ToString());
Assert.IsTrue(mobj["URIMatchCondition"].ToString().Contains(56444.ToString()));
}
}
public void TestExitCode()
{
// Arrange
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.Filesystem;
prisonRules.PrisonHomePath = String.Format(@"c:\prison_tests\{0}", prison.ID);
prison.Lockdown(prisonRules);
// Act
Process process = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c exit 667");
process.WaitForExit();
prison.Destroy();
// Assert
Assert.AreEqual(667, process.ExitCode);
}
public void AllowAccessInHomeDir()
{
// Arrange
Prison.Init();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = CellType.Filesystem;
prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome";
prison.Lockdown(prisonRules);
// Act
string exe = Utilities.CreateExeForPrison(
@"
File.WriteAllText(Guid.NewGuid().ToString(""N""), Guid.NewGuid().ToString());
", prison);
Process process = prison.Execute(exe);
process.WaitForExit();
// Assert
Assert.AreEqual(0, process.ExitCode);
}
public void AllowAccessInHomeDir()
{
// Arrange
Prison.Init();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = CellType.Filesystem;
prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome";
prison.Lockdown(prisonRules);
// Act
string exe = Utilities.CreateExeForPrison(
@"
File.WriteAllText(Guid.NewGuid().ToString(""N""), Guid.NewGuid().ToString());
", prison);
Process process = prison.Execute(exe);
process.WaitForExit();
// Assert
Assert.AreEqual(0, process.ExitCode);
}
public void DenyExcesiveMemory()
{
// Arrange
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = CellType.Memory;
prisonRules.TotalPrivateMemoryLimitBytes = 50 * 1024 * 1024;
prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome";
prison.Lockdown(prisonRules);
// Act
string exe = Utilities.CreateExeForPrison(
@"
byte[] memory = new byte[100 * 1024 * 1024];
Random rnd = new Random();
rnd.NextBytes(memory);
", prison);
Process process = prison.Execute(exe);
process.WaitForExit();
// Assert
Assert.AreNotEqual(0, process.ExitCode);
}
public void PrisonApplyNetworkAppTest()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
PrisonTestsHelper.ApplyNetworkRuleFakes();
ManagementObject mobj = null;
ShimManagementObject.AllInstances.Put =
(@this) =>
{
mobj = @this;
return(new ShimManagementPath());
};
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.Network;
prisonRules.UrlPortAccess = 56444;
prisonRules.AppPortOutboundRateLimitBitsPerSecond = 500;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
Assert.AreEqual(mobj["ThrottleRateAction"].ToString(), 500.ToString());
Assert.IsTrue(mobj["URIMatchCondition"].ToString().Contains(56444.ToString()));
}
}
public void DenyExcesiveDiskUsage()
{
// Arrange
Prison.Init();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = CellType.Disk;
prisonRules.DiskQuotaBytes = 50 * 1024 * 1024;
prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome";
prison.Lockdown(prisonRules);
// Act
string exe = Utilities.CreateExeForPrison(
@"
for (int size = 1; size < 100; size++)
{{
byte[] content = new byte[1024 * 1024];
File.AppendAllText(Guid.NewGuid().ToString(""N""), ASCIIEncoding.ASCII.GetString(content));
}}", prison);
Process process = prison.Execute(exe);
process.WaitForExit();
// Assert
Assert.AreNotEqual(0, process.ExitCode);
}
public void TestSimpleEcho()
{
using (ShimsContext.Create())
{
// shim Prison.Lockdown
PrisonTestsHelper.PrisonLockdownFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
// shim Prison.Execute
Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION
{
hProcess = new IntPtr(2400),
hThread = new IntPtr(2416),
dwProcessId = 5400,
dwThreadId = 4544
};
PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo);
ShimPrison.GetCurrentSessionId = () => { return(0); };
var shimedProcess = new ShimProcess();
shimedProcess.IdGet = () => { return(processInfo.dwProcessId); };
var raisingEventsChangedTo = false;
shimedProcess.EnableRaisingEventsSetBoolean = (value) => { raisingEventsChangedTo = value; };
ShimProcess.GetProcessByIdInt32 = (id) => { return((Process)shimedProcess); };
Process procAddedToJob = null;
ShimJobObject.AllInstances.AddProcessProcess = (jobObject, proc) => { procAddedToJob = proc; return; };
ShimPrison.AllInstances.AddProcessToGuardJobObjectProcess = (fakePrison, proc) => { return; };
var processIdResumed = 0;
ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { processIdResumed = pProcess.Id; };
// Act
Process process = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
// Assert
Assert.AreEqual(processInfo.dwProcessId, process.Id);
Assert.AreEqual(processInfo.dwProcessId, processIdResumed);
Assert.AreEqual(procAddedToJob.Id, process.Id);
Assert.AreEqual(true, raisingEventsChangedTo);
}
}
public void TestSimpleEcho()
{
using (ShimsContext.Create())
{
// shim Prison.Lockdown
PrisonTestsHelper.PrisonLockdownFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
// shim Prison.Execute
Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION
{
hProcess = new IntPtr(2400),
hThread = new IntPtr(2416),
dwProcessId = 5400,
dwThreadId = 4544
};
PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo);
ShimPrison.GetCurrentSessionId = () => { return 0; };
var shimedProcess = new ShimProcess();
shimedProcess.IdGet = () => { return processInfo.dwProcessId; };
var raisingEventsChangedTo = false;
shimedProcess.EnableRaisingEventsSetBoolean = (value) => { raisingEventsChangedTo = value; };
ShimProcess.GetProcessByIdInt32 = (id) => { return (Process)shimedProcess; };
Process procAddedToJob = null;
ShimJobObject.AllInstances.AddProcessProcess = (jobObject, proc) => { procAddedToJob = proc; return; };
ShimPrison.AllInstances.AddProcessToGuardJobObjectProcess = (fakePrison, proc) => { return; };
var processIdResumed = 0;
ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { processIdResumed = pProcess.Id; };
// Act
Process process = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
// Assert
Assert.AreEqual(processInfo.dwProcessId, process.Id);
Assert.AreEqual(processInfo.dwProcessId, processIdResumed);
Assert.AreEqual(procAddedToJob.Id, process.Id);
Assert.AreEqual(true, raisingEventsChangedTo);
}
}
public void PrisonApplyWindowStationTest()
{
using (ShimsContext.Create())
{
int winStationPtr = 2658;
PrisonTestsHelper.PrisonLockdownFakes();
PrisonTestsHelper.ApplyWindowStationRuleFakes(winStationPtr);
string username = null;
ShimWindowStation.NativeOpenWindowStationString = (user) => { username = user; return new IntPtr(winStationPtr); };
ShimWindowStation.NativeCreateWindowStationString = (user) => { username = user; return new IntPtr(winStationPtr); };
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.WindowStation;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION
{
hProcess = new IntPtr(2400),
hThread = new IntPtr(2416),
dwProcessId = 5400,
dwThreadId = 4544
};
PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo);
ShimPrison.GetCurrentSessionId = () => { return 0; };
ShimProcess.GetProcessByIdInt32 = (id) => { return new Process(); };
ShimJobObject.AllInstances.AddProcessProcess = (jobObject, proc) => { return; };
ShimPrison.AllInstances.AddProcessToGuardJobObjectProcess = (fakePrison, proc) => { return; };
ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { };
Process process = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
Assert.AreEqual(prison.desktopName, string.Format(@"{0}\Default", username));
}
}
public void PrisonApplyWindowStationTest()
{
using (ShimsContext.Create())
{
int winStationPtr = 2658;
PrisonTestsHelper.PrisonLockdownFakes();
PrisonTestsHelper.ApplyWindowStationRuleFakes(winStationPtr);
string username = null;
ShimWindowStation.NativeOpenWindowStationString = (user) => { username = user; return(new IntPtr(winStationPtr)); };
ShimWindowStation.NativeCreateWindowStationString = (user) => { username = user; return(new IntPtr(winStationPtr)); };
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.WindowStation;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION
{
hProcess = new IntPtr(2400),
hThread = new IntPtr(2416),
dwProcessId = 5400,
dwThreadId = 4544
};
PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo);
ShimPrison.GetCurrentSessionId = () => { return(0); };
ShimProcess.GetProcessByIdInt32 = (id) => { return(new Process()); };
ShimJobObject.AllInstances.AddProcessProcess = (jobObject, proc) => { return; };
ShimPrison.AllInstances.AddProcessToGuardJobObjectProcess = (fakePrison, proc) => { return; };
ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { };
Process process = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
Assert.AreEqual(prison.desktopName, string.Format(@"{0}\Default", username));
}
}
public void PrisonApplyFilesystemTest()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
PrisonTestsHelper.ApplyFilesystemFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.Filesystem;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
}
}
public void PrisonApplyIISGroupTest()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
PrisonTestsHelper.ApplyIISGroupFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.IISGroup;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
}
}
public void PrisonReattachFilesystemTest()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
PrisonTestsHelper.ApplyFilesystemFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.Filesystem;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
prison.Reattach();
}
}
public void PrisonReattachWindowStationTest()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
PrisonTestsHelper.ApplyWindowStationRuleFakes(2658);
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.WindowStation;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
prison.Reattach();
}
}
public void TestSimpleEcho()
{
// Arrange
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = CellType.None;
prison.Lockdown(prisonRules);
// Act
Process process = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
// Assert
Assert.AreNotEqual(0, process.Id);
}
public void TestDestroy()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
PrisonTestsHelper.PrisonDestroyFakes();
prison.Destroy();
}
}
public void TestDestroy()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
PrisonTestsHelper.PrisonDestroyFakes();
prison.Destroy();
}
}
public void TestLoadPrisonAndAttach()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
PrisonTestsHelper.PrisonLoadFakes(prison.ID);
Prison prisonLoaded = Prison.LoadPrisonAndAttach(prison.ID);
Assert.IsTrue(prisonLoaded != null);
Assert.IsTrue(prisonLoaded.ID == prison.ID);
}
}
public void PrisonApplyHttpsysTest()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
PrisonTestsHelper.ApplyHttpsysFakes();
string addPortCommand = null;
ShimCommand.ExecuteCommandString = (command) => { addPortCommand = command; return 0; };
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.Httpsys;
prisonRules.UrlPortAccess = 5400;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
Assert.IsTrue(addPortCommand.Contains(prisonRules.UrlPortAccess.ToString()));
}
}
public void PrisonDestroyNetworkTest()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
PrisonTestsHelper.ApplyNetworkRuleFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.Network;
prisonRules.NetworkOutboundRateLimitBitsPerSecond = 500;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
PrisonTestsHelper.PrisonDestroyFakes();
ShimNetwork.RemoveOutboundThrottlePolicyString = (username) => { return; };
prison.Destroy();
}
}
public void PrisonApplyHttpsysTest()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
PrisonTestsHelper.ApplyHttpsysFakes();
string addPortCommand = null;
ShimCommand.ExecuteCommandString = (command) => { addPortCommand = command; return(0); };
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.Httpsys;
prisonRules.UrlPortAccess = 5400;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
Assert.IsTrue(addPortCommand.Contains(prisonRules.UrlPortAccess.ToString()));
}
}
public void PrisonApplyDiskTest()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
PrisonTestsHelper.ApplyDiskRuleFakes();
long quotaSetTo = 0;
ShimDisk.ShimDiskQuotaManager.SetDiskQuotaLimitStringStringInt64 = (WindowsUsername, Path, DiskQuotaBytes) => { quotaSetTo = DiskQuotaBytes; return; };
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.Disk;
prisonRules.DiskQuotaBytes = 500;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
Assert.AreEqual(quotaSetTo, 500);
}
}
public void PrisonDestroyHttpsysTest()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
PrisonTestsHelper.ApplyHttpsysFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.Httpsys;
prisonRules.UrlPortAccess = 5400;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
PrisonTestsHelper.PrisonDestroyFakes();
PrisonTestsHelper.HttpsysRemovePortAccessFakes();
prison.Destroy();
}
}
public void TestSimpleEcho()
{
// Arrange
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.PrisonHomePath = @"c:\prison_tests\p9";
prison.Lockdown(prisonRules);
// Act
Process process = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
// Assert
Assert.AreNotEqual(0, process.Id);
}
public void PrisonApplyDiskTest()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
PrisonTestsHelper.ApplyDiskRuleFakes();
long quotaSetTo = 0;
ShimDisk.ShimDiskQuotaManager.SetDiskQuotaLimitStringStringInt64 = (WindowsUsername, Path, DiskQuotaBytes) => { quotaSetTo = DiskQuotaBytes; return; };
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.Disk;
prisonRules.DiskQuotaBytes = 500;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
Assert.AreEqual(quotaSetTo, 500);
}
}
public void PrisonDestroyHttpsysTest()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
PrisonTestsHelper.ApplyHttpsysFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.Httpsys;
prisonRules.UrlPortAccess = 5400;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
PrisonTestsHelper.PrisonDestroyFakes();
PrisonTestsHelper.HttpsysRemovePortAccessFakes();
prison.Destroy();
}
}
public void LoadPrison()
{
// Arrange
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.PrisonHomePath = @"c:\prison_tests\p1";
prisonRules.CellType = RuleType.WindowStation;
prison.Lockdown(prisonRules);
// Act
var prisonLoaded = Prison.LoadPrisonAndAttach(prison.ID);
Process process = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c exit 667");
process.WaitForExit();
// Assert
Process process2 = prisonLoaded.Execute(
@"c:\windows\system32\cmd.exe",
@"/c exit 667");
process2.WaitForExit();
// Assert
Assert.AreEqual(667, process.ExitCode);
prison.Destroy();
}
public void TestLoad()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
PrisonTestsHelper.PrisonLoadFakes(prison.ID);
Prison[] prisons = Prison.Load();
Assert.AreEqual(prisons.Length, 1);
foreach (var prisonItem in prisons)
{
Assert.IsTrue(prisonItem.ID == prison.ID);
}
}
}
public void LoadPrison()
{
// Arrange
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.PrisonHomePath = @"c:\prison_tests\p1";
prisonRules.CellType = RuleType.WindowStation;
prison.Lockdown(prisonRules);
// Act
var prisonLoaded = Prison.LoadPrisonAndAttach(prison.ID);
Process process = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c exit 667");
process.WaitForExit();
// Assert
Process process2 = prisonLoaded.Execute(
@"c:\windows\system32\cmd.exe",
@"/c exit 667");
process2.WaitForExit();
// Assert
Assert.AreEqual(667, process.ExitCode);
prison.Destroy();
}
public void TestLoad()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
PrisonTestsHelper.PrisonLoadFakes(prison.ID);
Prison[] prisons = Prison.Load();
Assert.AreEqual(prisons.Length, 1);
foreach (var prisonItem in prisons)
{
Assert.IsTrue(prisonItem.ID == prison.ID);
}
}
}
// Currently not working
public void LimitPagedPool()
{
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
// prisonRules.CellType = RuleType.WindowStation;
prisonRules.CellType = RuleType.Memory;
prisonRules.TotalPrivateMemoryLimitBytes = 50 * 1024 * 1024;
prisonRules.PrisonHomePath = @"c:\prison_tests\p9";
prisonRules.ActiveProcessesLimit = 5;
prison.Lockdown(prisonRules);
// Act
string exe = Utilities.CreateExeForPrison(
@"
string MailslotName = @""\\.\mailslot\sterssmailslot"";
var hMailslotA = CreateMailslot(MailslotName, 0, MAILSLOT_WAIT_FOREVER, IntPtr.Zero);
var hMailslot = CreateFile(MailslotName, FileDesiredAccess.GENERIC_WRITE, FileShareMode.FILE_SHARE_READ, IntPtr.Zero, FileCreationDisposition.OPEN_EXISTING, 0, IntPtr.Zero);
int cbBytesWritten;
byte[] bMessage = Encoding.Unicode.GetBytes(""Hello mailslot! Still alive?"");
while (true)
{
WriteFile(hMailslot, bMessage, bMessage.Length, out cbBytesWritten, IntPtr.Zero);
}
return 0;
}
[Flags]
enum FileDesiredAccess : uint
{
GENERIC_READ = 0x80000000,
GENERIC_WRITE = 0x40000000,
GENERIC_EXECUTE = 0x20000000,
GENERIC_ALL = 0x10000000
}
[Flags]
enum FileShareMode : uint
{
Zero = 0x00000000, // No sharing
FILE_SHARE_DELETE = 0x00000004,
FILE_SHARE_READ = 0x00000001,
FILE_SHARE_WRITE = 0x00000002
}
enum FileCreationDisposition : uint
{
CREATE_NEW = 1,
CREATE_ALWAYS = 2,
OPEN_EXISTING = 3,
OPEN_ALWAYS = 4,
TRUNCATE_EXISTING = 5
}
const int MAILSLOT_WAIT_FOREVER = -1;
const int MAILSLOT_NO_MESSAGE = -1;
[DllImport(""kernel32.dll"", CharSet = CharSet.Auto, SetLastError = true)]
static extern IntPtr CreateMailslot(string mailslotName,
uint nMaxMessageSize, int lReadTimeout,
IntPtr securityAttributes);
[DllImport(""kernel32.dll"", CharSet = CharSet.Auto, SetLastError = true)]
static extern IntPtr CreateFile(string fileName,
FileDesiredAccess desiredAccess, FileShareMode shareMode,
IntPtr securityAttributes,
FileCreationDisposition creationDisposition,
int flagsAndAttributes, IntPtr hTemplateFile);
[DllImport(""kernel32.dll"", CharSet = CharSet.Auto, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool WriteFile(IntPtr handle,
byte[] bytes, int numBytesToWrite, out int numBytesWritten,
IntPtr overlapped);
private static int Dummy()
{
", prison);
Process process = prison.Execute(exe);
long lastVal = 0;
// Wait for the bomb to explode
while (prison.JobObject.PagedSystemMemory > lastVal)
{
lastVal = prison.JobObject.PagedSystemMemory;
Assert.IsTrue(prison.JobObject.PagedSystemMemory < prisonRules.TotalPrivateMemoryLimitBytes);
Thread.Sleep(300);
}
prison.Destroy();
}
public void AllowLargerUploadSpeedOnSecondPort()
{
// Arrange
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = CellType.Firewall | CellType.Network;
prisonRules.NetworkOutboundRateLimitBitsPerSecond = 8 * 1024 * 100;
prisonRules.AppPortOutboundRateLimitBitsPerSecond = 8 * 1024 * 200;
prisonRules.UrlPortAccess = 56444;
prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome";
prison.Lockdown(prisonRules);
// Act
string exe = Utilities.CreateExeForPrison(
@"
HttpListener actualServer = null;
int port = 56444;
int actualServerPort = port;
actualServer = new HttpListener();
actualServer.Prefixes.Add(string.Format(""http://*:{0}/"", port));
actualServer.Start();
byte[] reply = new byte[1024 * 1024];
Random rnd = new Random();
rnd.NextBytes(reply);
Console.WriteLine(""Done loading"");
int requests = 0;
while (requests < 2)
{
HttpListenerContext context = actualServer.GetContext();
context.Response.StatusCode = 200;
if (requests == 0)
{
context.Response.OutputStream.Write(reply, 0, reply.Length);
}
context.Response.OutputStream.Close();
requests++;
}
if (actualServer != null)
{
actualServer.Stop();
}
FtpWebRequest request = (FtpWebRequest)WebRequest.Create(""ftp://10.0.0.136/vladi/uploadtest.txt"");
request.ConnectionGroupName = ""MyGroupName"";
request.UseBinary = true;
request.KeepAlive = true;
request.Method = WebRequestMethods.Ftp.UploadFile;
// This example assumes the FTP site uses anonymous logon.
request.Credentials = new NetworkCredential(""jenkins"", ""uhuruservice1234!"");
request.ContentLength = 1024 * 1024;
Stream requestStream = request.GetRequestStream();
Stopwatch timer = Stopwatch.StartNew();
for (int i = 0; i < request.ContentLength / 256; i++)
{
timer.Stop();
byte[] data = new byte[256];
Random random = new Random();
random.NextBytes(data);
timer.Start();
requestStream.Write(data, 0, data.Length);
}
requestStream.Close();
FtpWebResponse response = (FtpWebResponse)request.GetResponse();
response.Close();
timer.Stop();
if ((1024 / timer.Elapsed.TotalSeconds) > 110)
{
return 1;
}
", prison);
Process process = prison.Execute(exe);
// Wait a bit for everything to be setup.
Thread.Sleep(5000);
Stopwatch timer = Stopwatch.StartNew();
WebClient client = new WebClient();
client.Proxy = new WebProxy("http://192.168.1.119:8080");
byte[] data = client.DownloadData("http://10.0.0.4:56444/");
timer.Stop();
Assert.IsTrue(
((1024 / timer.Elapsed.TotalSeconds) < 210) &&
((1024 / timer.Elapsed.TotalSeconds) > 110),
string.Format("Downloaded {0} bytes in {1} seconds, at a rate of {2} KB/s", data.Length, timer.Elapsed.TotalSeconds, 1024 / timer.Elapsed.TotalSeconds));
client.DownloadData("http://localhost:56444/");
process.WaitForExit();
// Assert
Assert.AreEqual(0, process.ExitCode);
}
public void TestLoadPrisonAndAttach()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
PrisonTestsHelper.PrisonLoadFakes(prison.ID);
Prison prisonLoaded = Prison.LoadPrisonAndAttach(prison.ID);
Assert.IsTrue(prisonLoaded != null);
Assert.IsTrue(prisonLoaded.ID == prison.ID);
}
}
public void AllowUnlimitedUploadSpeed()
{
// Arrange
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = CellType.None;
prisonRules.NetworkOutboundRateLimitBitsPerSecond = 8 * 1024 * 100;
prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome";
prison.Lockdown(prisonRules);
// Wait a bit for the rule to take effect.
Thread.Sleep(5000);
// Act
string exe = Utilities.CreateExeForPrison(
@"
FtpWebRequest request = (FtpWebRequest)WebRequest.Create(""ftp://10.0.0.136/vladi/uploadtest.txt"");
request.ConnectionGroupName = ""MyGroupName"";
request.UseBinary = true;
request.KeepAlive = true;
request.Method = WebRequestMethods.Ftp.UploadFile;
// This example assumes the FTP site uses anonymous logon.
request.Credentials = new NetworkCredential(""jenkins"", ""uhuruservice1234!"");
request.ContentLength = 1024 * 1024;
Stream requestStream = request.GetRequestStream();
Stopwatch timer = Stopwatch.StartNew();
for (int i = 0; i < request.ContentLength / 256; i++)
{
timer.Stop();
byte[] data = new byte[256];
Random random = new Random();
random.NextBytes(data);
timer.Start();
requestStream.Write(data, 0, data.Length);
}
requestStream.Close();
FtpWebResponse response = (FtpWebResponse)request.GetResponse();
response.Close();
timer.Stop();
if ((1024 / timer.Elapsed.TotalSeconds) > 110)
{
return 1;
}
", prison);
Process process = prison.Execute(exe);
process.WaitForExit();
// Assert
Assert.AreNotEqual(0, process.ExitCode);
}
public void TestSimpleEchoChangedSession()
{
using (ShimsContext.Create())
{
// shim Prison.Lockdown
PrisonTestsHelper.PrisonLockdownFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
// shim Prison.Execute
Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION
{
hProcess = new IntPtr(2400),
hThread = new IntPtr(2416),
dwProcessId = 5400,
dwThreadId = 4544
};
PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo);
ShimPrison.GetCurrentSessionId = () => { return 12; };
ShimPrison.InitChangeSessionServiceString = (tempSeriviceId) => { return; };
StubIExecutor exec = new StubIExecutor();
ShimChannelFactory<IExecutor>.AllInstances.CreateChannel = (executor) => { return exec; };
exec.ExecuteProcessPrisonStringStringDictionaryOfStringString =
(fakePrison, filename, arguments, extraEnvironmentVariables) =>
{
return processInfo.dwProcessId;
};
var shimedProcess = new ShimProcess();
shimedProcess.IdGet = () => { return processInfo.dwProcessId; };
var raisingEventsChangedTo = false;
shimedProcess.EnableRaisingEventsSetBoolean = (value) => { raisingEventsChangedTo = value; };
ShimProcess.GetProcessByIdInt32 = (id) => { return (Process)shimedProcess; };
ShimPrison.AllInstances.CloseRemoteSessionIExecutor = (fakePrison, executor) => { return; };
var processIdResumed = 0;
ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { processIdResumed = pProcess.Id; };
ShimPrison.RemoveChangeSessionServiceString = (sessionId) => { return; };
// Act
Process process = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
// Assert
Assert.AreEqual(processInfo.dwProcessId, process.Id);
Assert.AreEqual(processInfo.dwProcessId, processIdResumed);
Assert.AreEqual(true, raisingEventsChangedTo);
}
}
// Currently not working
public void LimitPagedPool()
{
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
// prisonRules.CellType = RuleType.WindowStation;
prisonRules.CellType = RuleType.Memory;
prisonRules.TotalPrivateMemoryLimitBytes = 50 * 1024 * 1024;
prisonRules.PrisonHomePath = @"c:\prison_tests\p9";
prisonRules.ActiveProcessesLimit = 5;
prison.Lockdown(prisonRules);
// Act
string exe = Utilities.CreateExeForPrison(
@"
string MailslotName = @""\\.\mailslot\sterssmailslot"";
var hMailslotA = CreateMailslot(MailslotName, 0, MAILSLOT_WAIT_FOREVER, IntPtr.Zero);
var hMailslot = CreateFile(MailslotName, FileDesiredAccess.GENERIC_WRITE, FileShareMode.FILE_SHARE_READ, IntPtr.Zero, FileCreationDisposition.OPEN_EXISTING, 0, IntPtr.Zero);
int cbBytesWritten;
byte[] bMessage = Encoding.Unicode.GetBytes(""Hello mailslot! Still alive?"");
while (true)
{
WriteFile(hMailslot, bMessage, bMessage.Length, out cbBytesWritten, IntPtr.Zero);
}
return 0;
}
[Flags]
enum FileDesiredAccess : uint
{
GENERIC_READ = 0x80000000,
GENERIC_WRITE = 0x40000000,
GENERIC_EXECUTE = 0x20000000,
GENERIC_ALL = 0x10000000
}
[Flags]
enum FileShareMode : uint
{
Zero = 0x00000000, // No sharing
FILE_SHARE_DELETE = 0x00000004,
FILE_SHARE_READ = 0x00000001,
FILE_SHARE_WRITE = 0x00000002
}
enum FileCreationDisposition : uint
{
CREATE_NEW = 1,
CREATE_ALWAYS = 2,
OPEN_EXISTING = 3,
OPEN_ALWAYS = 4,
TRUNCATE_EXISTING = 5
}
const int MAILSLOT_WAIT_FOREVER = -1;
const int MAILSLOT_NO_MESSAGE = -1;
[DllImport(""kernel32.dll"", CharSet = CharSet.Auto, SetLastError = true)]
static extern IntPtr CreateMailslot(string mailslotName,
uint nMaxMessageSize, int lReadTimeout,
IntPtr securityAttributes);
[DllImport(""kernel32.dll"", CharSet = CharSet.Auto, SetLastError = true)]
static extern IntPtr CreateFile(string fileName,
FileDesiredAccess desiredAccess, FileShareMode shareMode,
IntPtr securityAttributes,
FileCreationDisposition creationDisposition,
int flagsAndAttributes, IntPtr hTemplateFile);
[DllImport(""kernel32.dll"", CharSet = CharSet.Auto, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool WriteFile(IntPtr handle,
byte[] bytes, int numBytesToWrite, out int numBytesWritten,
IntPtr overlapped);
private static int Dummy()
{
", prison);
Process process = prison.Execute(exe);
long lastVal = 0;
// Wait for the bomb to explode
while (prison.JobObject.PagedSystemMemory > lastVal)
{
lastVal = prison.JobObject.PagedSystemMemory;
Assert.IsTrue(prison.JobObject.PagedSystemMemory < prisonRules.TotalPrivateMemoryLimitBytes);
Thread.Sleep(300);
}
prison.Destroy();
}
public void TestSimpleEchoChangedSession()
{
using (ShimsContext.Create())
{
// shim Prison.Lockdown
PrisonTestsHelper.PrisonLockdownFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
// shim Prison.Execute
Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION
{
hProcess = new IntPtr(2400),
hThread = new IntPtr(2416),
dwProcessId = 5400,
dwThreadId = 4544
};
PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo);
ShimPrison.GetCurrentSessionId = () => { return(12); };
ShimPrison.InitChangeSessionServiceString = (tempSeriviceId) => { return; };
StubIExecutor exec = new StubIExecutor();
ShimChannelFactory <IExecutor> .AllInstances.CreateChannel = (executor) => { return(exec); };
exec.ExecuteProcessPrisonStringStringDictionaryOfStringString =
(fakePrison, filename, arguments, extraEnvironmentVariables) =>
{
return(processInfo.dwProcessId);
};
var shimedProcess = new ShimProcess();
shimedProcess.IdGet = () => { return(processInfo.dwProcessId); };
var raisingEventsChangedTo = false;
shimedProcess.EnableRaisingEventsSetBoolean = (value) => { raisingEventsChangedTo = value; };
ShimProcess.GetProcessByIdInt32 = (id) => { return((Process)shimedProcess); };
ShimPrison.AllInstances.CloseRemoteSessionIExecutor = (fakePrison, executor) => { return; };
var processIdResumed = 0;
ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { processIdResumed = pProcess.Id; };
ShimPrison.RemoveChangeSessionServiceString = (sessionId) => { return; };
// Act
Process process = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
// Assert
Assert.AreEqual(processInfo.dwProcessId, process.Id);
Assert.AreEqual(processInfo.dwProcessId, processIdResumed);
Assert.AreEqual(true, raisingEventsChangedTo);
}
}
public void AssignNewDesktop()
{
// Arrange
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.WindowStation;
prisonRules.PrisonHomePath = String.Format(@"c:\prison_tests\{0}", prison.ID);
prison.Lockdown(prisonRules);
// Act
string exe = Utilities.CreateExeForPrison(
string.Format(@"
byte[] name = new byte[1024];
uint actualLength;
GetUserObjectInformation(GetProcessWindowStation(), UOI_NAME, name, 1024, out actualLength);
string workstationName = ASCIIEncoding.ASCII.GetString(name, 0, (int)actualLength - 1);
if (workstationName != ""{0}"")
{{
return 1;
}}
return 0;
}}
[DllImport(""user32.dll"", SetLastError = true)]
public static extern bool GetUserObjectInformation(IntPtr hObj, int nIndex,
[Out] byte[] pvInfo, uint nLength, out uint lpnLengthNeeded);
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
[DllImport(""user32"", CharSet = CharSet.Unicode, SetLastError = true)]
internal static extern IntPtr GetProcessWindowStation();
public const int UOI_FLAGS = 1;
public const int UOI_NAME = 2;
public const int UOI_TYPE = 3;
public const int UOI_USER_SID = 4;
public const int UOI_HEAPSIZE = 5; //Windows Server 2003 and Windows XP/2000: This value is not supported.
public const int UOI_IO = 6;
private static int Dummy()
{{
", prison.User.Username), prison);
Process process = prison.Execute(exe, "", false);
process.WaitForExit();
prison.Destroy();
// Assert
Assert.AreEqual(0, process.ExitCode);
}
public void DisallowAccessEverywhereElse()
{
// Arrange
Prison.Init();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = CellType.Filesystem;
prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome";
prison.Lockdown(prisonRules);
// Act
string exe = Utilities.CreateExeForPrison(
@"
return WalkDirectoryTree(new DirectoryInfo(@""c:\""));
}
static int WalkDirectoryTree(System.IO.DirectoryInfo root)
{
System.IO.DirectoryInfo[] subDirs = null;
// First, process all the files directly under this folder
try
{
string adir = Guid.NewGuid().ToString(""N"");
Directory.CreateDirectory(Path.Combine(root.FullName, adir));
Directory.Delete(Path.Combine(root.FullName, adir));
return 1;
}
catch { }
try
{
string adir = Guid.NewGuid().ToString(""N"");
File.WriteAllText(Path.Combine(root.FullName, adir), ""test"");
File.Delete(Path.Combine(root.FullName, adir));
return 1;
}
catch { }
try
{
subDirs = root.GetDirectories();
foreach (System.IO.DirectoryInfo dirInfo in subDirs)
{
// Resursive call for each subdirectory.
return WalkDirectoryTree(dirInfo);
}
}
catch { }
return 0;
}
static int Dummy()
{
", prison);
Process process = prison.Execute(exe);
process.WaitForExit();
// Assert
Assert.AreEqual(0, process.ExitCode);
}
public void DisallowAccessEverywhereElse()
{
// Arrange
Prison.Init();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = CellType.Filesystem;
prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome";
prison.Lockdown(prisonRules);
// Act
string exe = Utilities.CreateExeForPrison(
@"
return WalkDirectoryTree(new DirectoryInfo(@""c:\""));
}
static int WalkDirectoryTree(System.IO.DirectoryInfo root)
{
System.IO.DirectoryInfo[] subDirs = null;
// First, process all the files directly under this folder
try
{
string adir = Guid.NewGuid().ToString(""N"");
Directory.CreateDirectory(Path.Combine(root.FullName, adir));
Directory.Delete(Path.Combine(root.FullName, adir));
return 1;
}
catch { }
try
{
string adir = Guid.NewGuid().ToString(""N"");
File.WriteAllText(Path.Combine(root.FullName, adir), ""test"");
File.Delete(Path.Combine(root.FullName, adir));
return 1;
}
catch { }
try
{
subDirs = root.GetDirectories();
foreach (System.IO.DirectoryInfo dirInfo in subDirs)
{
// Resursive call for each subdirectory.
return WalkDirectoryTree(dirInfo);
}
}
catch { }
return 0;
}
static int Dummy()
{
", prison);
Process process = prison.Execute(exe);
process.WaitForExit();
// Assert
Assert.AreEqual(0, process.ExitCode);
}
public void AllowLargerUploadSpeedOnSecondPort()
{
// Arrange
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.Httpsys | RuleType.Network;
prisonRules.NetworkOutboundRateLimitBitsPerSecond = 8 * 1024 * 100;
prisonRules.AppPortOutboundRateLimitBitsPerSecond = 8 * 1024 * 200;
prisonRules.UrlPortAccess = 56444;
prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome";
prison.Lockdown(prisonRules);
// Act
string exe = Utilities.CreateExeForPrison(
@"
HttpListener actualServer = null;
int port = 56444;
int actualServerPort = port;
actualServer = new HttpListener();
actualServer.Prefixes.Add(string.Format(""http://*:{0}/"", port));
actualServer.Start();
byte[] reply = new byte[1024 * 1024];
Random rnd = new Random();
rnd.NextBytes(reply);
Console.WriteLine(""Done loading"");
int requests = 0;
while (requests < 2)
{
HttpListenerContext context = actualServer.GetContext();
context.Response.StatusCode = 200;
if (requests == 0)
{
context.Response.OutputStream.Write(reply, 0, reply.Length);
}
context.Response.OutputStream.Close();
requests++;
}
if (actualServer != null)
{
actualServer.Stop();
}
FtpWebRequest request = (FtpWebRequest)WebRequest.Create(""ftp://10.0.0.136/vladi/uploadtest.txt"");
request.ConnectionGroupName = ""MyGroupName"";
request.UseBinary = true;
request.KeepAlive = true;
request.Method = WebRequestMethods.Ftp.UploadFile;
// This example assumes the FTP site uses anonymous logon.
request.Credentials = new NetworkCredential(""jenkins"", ""uhuruservice1234!"");
request.ContentLength = 1024 * 1024;
Stream requestStream = request.GetRequestStream();
Stopwatch timer = Stopwatch.StartNew();
for (int i = 0; i < request.ContentLength / 256; i++)
{
timer.Stop();
byte[] data = new byte[256];
Random random = new Random();
random.NextBytes(data);
timer.Start();
requestStream.Write(data, 0, data.Length);
}
requestStream.Close();
FtpWebResponse response = (FtpWebResponse)request.GetResponse();
response.Close();
timer.Stop();
if ((1024 / timer.Elapsed.TotalSeconds) > 110)
{
return 1;
}
", prison);
Process process = prison.Execute(exe);
// Wait a bit for everything to be setup.
Thread.Sleep(5000);
Stopwatch timer = Stopwatch.StartNew();
WebClient client = new WebClient();
client.Proxy = new WebProxy("http://192.168.1.119:8080");
byte[] data = client.DownloadData("http://10.0.0.10:56444/");
timer.Stop();
Assert.IsTrue(
((1024 / timer.Elapsed.TotalSeconds) < 210) &&
((1024 / timer.Elapsed.TotalSeconds) > 110),
string.Format("Downloaded {0} bytes in {1} seconds, at a rate of {2} KB/s", data.Length, timer.Elapsed.TotalSeconds, 1024 / timer.Elapsed.TotalSeconds));
client.DownloadData("http://localhost:56444/");
process.WaitForExit();
// Assert
Assert.AreEqual(0, process.ExitCode);
}
public void PrisonDestroyNetworkTest()
{
using (ShimsContext.Create())
{
PrisonTestsHelper.PrisonLockdownFakes();
PrisonTestsHelper.ApplyNetworkRuleFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.Network;
prisonRules.NetworkOutboundRateLimitBitsPerSecond = 500;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
PrisonTestsHelper.PrisonDestroyFakes();
ShimNetwork.RemoveOutboundThrottlePolicyString = (username) => { return; };
prison.Destroy();
}
}
public void AllowUnlimitedUploadSpeed()
{
// Arrange
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.NetworkOutboundRateLimitBitsPerSecond = 8 * 1024 * 100;
prisonRules.PrisonHomePath = @"C:\Workspace\dea_security\PrisonHome";
prison.Lockdown(prisonRules);
// Wait a bit for the rule to take effect.
Thread.Sleep(5000);
// Act
string exe = Utilities.CreateExeForPrison(
@"
FtpWebRequest request = (FtpWebRequest)WebRequest.Create(""ftp://10.0.0.136/vladi/uploadtest.txt"");
request.ConnectionGroupName = ""MyGroupName"";
request.UseBinary = true;
request.KeepAlive = true;
request.Method = WebRequestMethods.Ftp.UploadFile;
// This example assumes the FTP site uses anonymous logon.
request.Credentials = new NetworkCredential(""jenkins"", ""uhuruservice1234!"");
request.ContentLength = 1024 * 1024;
Stream requestStream = request.GetRequestStream();
Stopwatch timer = Stopwatch.StartNew();
for (int i = 0; i < request.ContentLength / 256; i++)
{
timer.Stop();
byte[] data = new byte[256];
Random random = new Random();
random.NextBytes(data);
timer.Start();
requestStream.Write(data, 0, data.Length);
}
requestStream.Close();
FtpWebResponse response = (FtpWebResponse)request.GetResponse();
response.Close();
timer.Stop();
if ((1024 / timer.Elapsed.TotalSeconds) > 110)
{
return 1;
}
", prison);
Process process = prison.Execute(exe);
process.WaitForExit();
// Assert
Assert.AreNotEqual(0, process.ExitCode);
}
