public bool MatchesEvent(int currentProfile, string appPkgId, string svcName, string path, string target = "*", string remoteport = "*") { var friendlyPath = string.IsNullOrWhiteSpace(path) ? path : PathResolver.GetFriendlyPath(path); var ruleFriendlyPath = string.IsNullOrWhiteSpace(ApplicationName) ? ApplicationName : PathResolver.GetFriendlyPath(ApplicationName); var ret = Enabled && ((Profiles & currentProfile) != 0 || (Profiles & (int)NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_ALL) != 0) && (string.IsNullOrEmpty(ruleFriendlyPath) || ruleFriendlyPath.Equals(friendlyPath, StringComparison.OrdinalIgnoreCase)) && CheckRuleAddresses(RemoteAddresses, target) && CheckRulePorts(RemotePorts, remoteport) && (string.IsNullOrEmpty(AppPkgId) || AppPkgId == appPkgId) && (string.IsNullOrEmpty(ServiceName) || svcName.Any() && ServiceName == "*" || svcName.Equals(ServiceName, StringComparison.OrdinalIgnoreCase)) ; if (ret && LogHelper.IsDebugEnabled()) { LogHelper.Debug("Found enabled " + ActionStr + " " + DirectionStr + " Rule '" + Name + "'"); LogHelper.Debug("\t" + Profiles.ToString() + " <--> " + currentProfile.ToString() + " : " + ((Profiles & currentProfile) != 0 || (Profiles & (int)NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_ALL) != 0).ToString()); LogHelper.Debug("\t" + ruleFriendlyPath + " <--> " + friendlyPath + " : " + (string.IsNullOrEmpty(ruleFriendlyPath) || ruleFriendlyPath.Equals(friendlyPath, StringComparison.OrdinalIgnoreCase)).ToString()); LogHelper.Debug("\t" + RemoteAddresses + " <--> " + target + " : " + CheckRuleAddresses(RemoteAddresses, target).ToString()); LogHelper.Debug("\t" + RemotePorts + " <--> " + remoteport + " : " + CheckRulePorts(RemotePorts, remoteport).ToString()); LogHelper.Debug("\t" + AppPkgId + " <--> " + appPkgId + " : " + (string.IsNullOrEmpty(AppPkgId) || AppPkgId == appPkgId).ToString()); LogHelper.Debug("\t" + ServiceName + " <--> " + svcName + " : " + (string.IsNullOrEmpty(ServiceName) || svcName.Equals(ServiceName, StringComparison.OrdinalIgnoreCase)).ToString()); } return(ret); }
public void TestRuleMatchesEvent() { IEnumerable <Rule> ret = GetRules(AlsoGetInactive: false); string exePath = @"C:\Windows\System32\svchost.exe"; const int PROF_ALL = (int)NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_ALL; WriteDebugOutput($"{exePath}"); int cntMatch = 0; foreach (Rule rule in ret) { bool matches = rule.MatchesEvent(currentProfile: PROF_ALL, appPkgId: null, svcName: "*", path: exePath, target: "*", remoteport: "*"); if (matches) { string ruleFriendlyPath = String.IsNullOrWhiteSpace(rule.ApplicationName) ? rule.ApplicationName : PathResolver.GetFriendlyPath(rule.ApplicationName); Assert.True(String.IsNullOrWhiteSpace(ruleFriendlyPath) || exePath.Equals(ruleFriendlyPath, StringComparison.OrdinalIgnoreCase)); WriteDebugOutput($"match found={matches}, rule={rule.Name}"); cntMatch++; } } Assert.True(cntMatch > 0); }