private static bool TryVerifySingleReport(
PathTable pathTable,
ReportedFileAccess actualReport,
Dictionary <AbsolutePath, ExpectedReport> pathsToExpectations,
out AbsolutePath actualReportedPath)
{
string actualReportedPathString = actualReport.GetPath(pathTable);
if (!AbsolutePath.TryCreate(pathTable, actualReportedPathString, out actualReportedPath))
{
return(false);
}
ExpectedReport expected;
if (!pathsToExpectations.TryGetValue(actualReportedPath, out expected))
{
return(false);
}
XAssert.AreEqual(
expected.Exists,
!actualReport.IsNonexistent,
"Bad assumption on file existence of {0}; this can break ACL decisions",
actualReportedPathString);
XAssert.AreEqual(expected.Status, actualReport.Status, "Incorrect ACL decision for ", actualReportedPathString);
XAssert.AreEqual(
expected.RequestedAccess,
actualReport.RequestedAccess,
"Wrong access level for {0}; this can break enumeration handling and violation analysis",
actualReportedPathString);
if ((expected.Operation == ReportedFileOperation.FindFirstFileEx || expected.Operation == ReportedFileOperation.FindNextFile) &&
expected.RequestedAccess == RequestedAccess.EnumerationProbe)
{
// We don't want to assume a particular enumeration order from the file system. So we make probes by FindFirstFile / FindNextFile interchangable.
XAssert.IsTrue(
actualReport.Operation == ReportedFileOperation.FindFirstFileEx || actualReport.Operation == ReportedFileOperation.FindNextFile,
"Wrong operation ({0:G}) for {1}. Expected FindFirstFile / FindNextFile as a Probe.",
actualReport.Operation,
actualReportedPathString);
}
else
{
XAssert.AreEqual(expected.Operation, actualReport.Operation, "Wrong operation for {0}", actualReportedPathString);
}
return(true);
}
private static bool TryVerifySingleReport(PathTable pathTable, ReportedFileAccess actualReport, AccessType access, Dictionary <AbsolutePath, ExpectedReportEntry> pathsToExpectations, out AbsolutePath actualReportedPath)
{
string actualReportedPathString = actualReport.GetPath(pathTable);
if (!AbsolutePath.TryCreate(pathTable, actualReportedPathString, out actualReportedPath))
{
return(false);
}
ExpectedReportEntry expected;
if (!pathsToExpectations.TryGetValue(actualReportedPath, out expected))
{
return(false);
}
XAssert.AreEqual(expected.Exists, !actualReport.IsNonexistent, "Bad assumption on file existence of {0}; this can break ACL decisions", actualReportedPathString);
XAssert.AreEqual(
expected.Allowed ? FileAccessStatus.Allowed : FileAccessStatus.Denied,
actualReport.Status,
"Incorrect ACL decision for " + actualReportedPathString);
// on MacOS we cannot distinguish Read vs. Probe for absent files so we always report Probe in those cases
var expectedAccess = OperatingSystemHelper.IsUnixOS && actualReport.IsNonexistent
? RequestedAccess.Probe
: access == AccessType.Read ? RequestedAccess.Read : RequestedAccess.Probe;
XAssert.AreEqual(
expectedAccess,
actualReport.RequestedAccess,
"Incorrect access type for path " + actualReportedPathString);
if (expectedAccess == RequestedAccess.Read)
{
var allowedOperations = !OperatingSystemHelper.IsUnixOS
? new[] { ReportedFileOperation.CreateFile }
: expected.Exists
? new[] { ReportedFileOperation.KAuthVNodeRead, ReportedFileOperation.KAuthReadFile }
: new[] { ReportedFileOperation.MacLookup };
XAssert.Contains(allowedOperations, actualReport.Operation);
}
return(true);
}
/// <summary>
/// Internal constructor
/// </summary>
/// <param name="pip">The pip that executed that process that reported the file access</param>
/// <param name="reportedFileAccesse">Reported file access descriptor</param>
/// <param name="pathTable">Path table used to expand path strings</param>
internal ReportedFileAccessDescriptor(PipDescriptor pip, ref ReportedFileAccess reportedFileAccess, BuildXL.Utilities.PathTable pathTable)
{
Pip = pip;
ReportedFileAccess = new ReportedFileAccess(
operation: reportedFileAccess.Operation,
process: reportedFileAccess.Process,
requestedAccess: reportedFileAccess.RequestedAccess,
status: reportedFileAccess.Status,
explicitlyReported: reportedFileAccess.ExplicitlyReported,
error: reportedFileAccess.Error,
usn: reportedFileAccess.Usn,
desiredAccess: reportedFileAccess.DesiredAccess,
shareMode: reportedFileAccess.ShareMode,
creationDisposition: reportedFileAccess.CreationDisposition,
flagsAndAttributes: reportedFileAccess.FlagsAndAttributes,
manifestPath: reportedFileAccess.ManifestPath,
path: reportedFileAccess.GetPath(pathTable),
enumeratePatttern: reportedFileAccess.EnumeratePattern);
}
private string RenderReport(ReportedFileAccess report)
{
return(m_options.Verbose
? $"Path = {report.GetPath(m_pathTable)}{Environment.NewLine}{report.Describe()}"
: report.ShortDescribe(m_pathTable));
}
public void ReportedFileAccessCreate()
{
var pathTable = new PathTable();
AbsolutePath file1 = AbsolutePath.Create(pathTable, A("t", "file1.txt"));
var process = new ReportedProcess(0, string.Empty);
ReportedFileAccess rfa1 = ReportedFileAccess.Create(
ReportedFileOperation.CreateFile,
process,
RequestedAccess.Read,
FileAccessStatus.Allowed,
true,
0,
ReportedFileAccess.NoUsn,
DesiredAccess.GENERIC_READ,
ShareMode.FILE_SHARE_NONE,
CreationDisposition.OPEN_ALWAYS,
FlagsAndAttributes.FILE_ATTRIBUTE_NORMAL,
file1);
XAssert.AreEqual(rfa1.Status, FileAccessStatus.Allowed);
XAssert.AreEqual(rfa1.ManifestPath, file1);
XAssert.AreEqual(rfa1.Path, null);
XAssert.AreEqual(A("t", "file1.txt"), rfa1.GetPath(pathTable));
ReportedFileAccess rfa2 = ReportedFileAccess.Create(
ReportedFileOperation.CreateFile,
process,
RequestedAccess.Read,
FileAccessStatus.CannotDeterminePolicy,
true,
0,
new Usn(0),
DesiredAccess.GENERIC_READ,
ShareMode.FILE_SHARE_NONE,
CreationDisposition.OPEN_ALWAYS,
FlagsAndAttributes.FILE_ATTRIBUTE_NORMAL,
pathTable,
A("t", "file1.txt"));
XAssert.AreEqual(rfa2.Status, FileAccessStatus.CannotDeterminePolicy);
XAssert.AreEqual(rfa2.ManifestPath, file1);
XAssert.AreEqual(rfa2.Path, null);
XAssert.AreEqual(A("t", "file1.txt"), rfa2.GetPath(pathTable));
ReportedFileAccess rfa3 = ReportedFileAccess.Create(
ReportedFileOperation.CreateFile,
process,
RequestedAccess.Read,
FileAccessStatus.Denied,
true,
0,
ReportedFileAccess.NoUsn,
DesiredAccess.GENERIC_READ,
ShareMode.FILE_SHARE_NONE,
CreationDisposition.OPEN_ALWAYS,
FlagsAndAttributes.FILE_ATTRIBUTE_NORMAL,
pathTable,
A("t", "file2.txt"));
XAssert.AreEqual(rfa3.Status, FileAccessStatus.Denied);
XAssert.AreEqual(rfa3.ManifestPath, AbsolutePath.Invalid);
XAssert.AreEqual(rfa3.Path, A("t", "file2.txt"));
XAssert.AreEqual(A("t", "file2.txt"), rfa3.GetPath(pathTable));
}
