private static ReportedFileAccessData CreateReportedFileAccessData(ReportedFileAccess data, PathTable pathTable) { return(new ReportedFileAccessData { Path = string.IsNullOrWhiteSpace(data.Path) ? CreateString(data.ManifestPath, pathTable) : data.Path, RequestedAccess = CreateString(data.RequestedAccess), CreationDisposition = CreateString(data.CreationDisposition), DesiredAccess = CreateString(data.DesiredAccess), ShareMode = CreateString(data.ShareMode), Status = CreateString(data.Status), Operation = CreateString(data.Operation), FlagsAndAttributes = CreateString(data.FlagsAndAttributes), Error = data.Error, Usn = data.Usn.Value, ManifestPath = CreateString(data.ManifestPath, pathTable), Process = data.Process.ProcessId, ExplicitlyReported = data.ExplicitlyReported, EnumeratePattern = data.EnumeratePattern, IsOpenedHandleDirectory = data.IsOpenedHandleDirectory(), OpenedFileOrDirectoryAttributes = CreateString(data.OpenedFileOrDirectoryAttributes) }); }
public void ReportedFileAccessCreate() { var pathTable = new PathTable(); AbsolutePath file1 = AbsolutePath.Create(pathTable, A("t", "file1.txt")); var process = new ReportedProcess(0, string.Empty); ReportedFileAccess rfa1 = ReportedFileAccess.Create( ReportedFileOperation.CreateFile, process, RequestedAccess.Read, FileAccessStatus.Allowed, true, 0, ReportedFileAccess.NoUsn, DesiredAccess.GENERIC_READ, ShareMode.FILE_SHARE_NONE, CreationDisposition.OPEN_ALWAYS, FlagsAndAttributes.FILE_ATTRIBUTE_NORMAL, file1); XAssert.AreEqual(rfa1.Status, FileAccessStatus.Allowed); XAssert.AreEqual(rfa1.ManifestPath, file1); XAssert.AreEqual(rfa1.Path, null); XAssert.AreEqual(A("t", "file1.txt"), rfa1.GetPath(pathTable)); XAssert.AreEqual(rfa1.OpenedFileOrDirectoryAttributes, (FlagsAndAttributes)FlagsAndAttributesConstants.InvalidFileAttributes); XAssert.IsFalse(rfa1.IsOpenedHandleDirectory()); ReportedFileAccess rfa2 = ReportedFileAccess.Create( ReportedFileOperation.CreateFile, process, RequestedAccess.Read, FileAccessStatus.CannotDeterminePolicy, true, 0, new Usn(0), DesiredAccess.GENERIC_READ, ShareMode.FILE_SHARE_NONE, CreationDisposition.OPEN_ALWAYS, FlagsAndAttributes.FILE_ATTRIBUTE_NORMAL, FlagsAndAttributes.FILE_ATTRIBUTE_DIRECTORY, pathTable, A("t", "file1.txt")); XAssert.AreEqual(rfa2.Status, FileAccessStatus.CannotDeterminePolicy); XAssert.AreEqual(rfa2.ManifestPath, file1); XAssert.AreEqual(rfa2.Path, null); XAssert.AreEqual(A("t", "file1.txt"), rfa2.GetPath(pathTable)); XAssert.AreEqual(rfa2.OpenedFileOrDirectoryAttributes, FlagsAndAttributes.FILE_ATTRIBUTE_DIRECTORY); XAssert.IsTrue(rfa2.IsOpenedHandleDirectory()); ReportedFileAccess rfa3 = ReportedFileAccess.Create( ReportedFileOperation.CreateFile, process, RequestedAccess.Read, FileAccessStatus.Denied, true, 0, ReportedFileAccess.NoUsn, DesiredAccess.GENERIC_READ, ShareMode.FILE_SHARE_NONE, CreationDisposition.OPEN_ALWAYS, FlagsAndAttributes.FILE_ATTRIBUTE_NORMAL, FlagsAndAttributes.FILE_ATTRIBUTE_NORMAL, pathTable, A("t", "file2.txt")); XAssert.AreEqual(rfa3.Status, FileAccessStatus.Denied); XAssert.AreEqual(rfa3.ManifestPath, AbsolutePath.Invalid); XAssert.AreEqual(rfa3.Path, A("t", "file2.txt")); XAssert.AreEqual(A("t", "file2.txt"), rfa3.GetPath(pathTable)); XAssert.AreEqual(rfa3.OpenedFileOrDirectoryAttributes, FlagsAndAttributes.FILE_ATTRIBUTE_NORMAL); XAssert.IsFalse(rfa3.IsOpenedHandleDirectory()); }