private static bool TryVerifySingleReport( PathTable pathTable, ReportedFileAccess actualReport, Dictionary <AbsolutePath, ExpectedReport> pathsToExpectations, out AbsolutePath actualReportedPath) { string actualReportedPathString = actualReport.GetPath(pathTable); if (!AbsolutePath.TryCreate(pathTable, actualReportedPathString, out actualReportedPath)) { return(false); } ExpectedReport expected; if (!pathsToExpectations.TryGetValue(actualReportedPath, out expected)) { return(false); } XAssert.AreEqual( expected.Exists, !actualReport.IsNonexistent, "Bad assumption on file existence of {0}; this can break ACL decisions", actualReportedPathString); XAssert.AreEqual(expected.Status, actualReport.Status, "Incorrect ACL decision for ", actualReportedPathString); XAssert.AreEqual( expected.RequestedAccess, actualReport.RequestedAccess, "Wrong access level for {0}; this can break enumeration handling and violation analysis", actualReportedPathString); if ((expected.Operation == ReportedFileOperation.FindFirstFileEx || expected.Operation == ReportedFileOperation.FindNextFile) && expected.RequestedAccess == RequestedAccess.EnumerationProbe) { // We don't want to assume a particular enumeration order from the file system. So we make probes by FindFirstFile / FindNextFile interchangable. XAssert.IsTrue( actualReport.Operation == ReportedFileOperation.FindFirstFileEx || actualReport.Operation == ReportedFileOperation.FindNextFile, "Wrong operation ({0:G}) for {1}. Expected FindFirstFile / FindNextFile as a Probe.", actualReport.Operation, actualReportedPathString); } else { XAssert.AreEqual(expected.Operation, actualReport.Operation, "Wrong operation for {0}", actualReportedPathString); } return(true); }
private static bool TryVerifySingleReport(PathTable pathTable, ReportedFileAccess actualReport, AccessType access, Dictionary <AbsolutePath, ExpectedReportEntry> pathsToExpectations, out AbsolutePath actualReportedPath) { string actualReportedPathString = actualReport.GetPath(pathTable); if (!AbsolutePath.TryCreate(pathTable, actualReportedPathString, out actualReportedPath)) { return(false); } ExpectedReportEntry expected; if (!pathsToExpectations.TryGetValue(actualReportedPath, out expected)) { return(false); } XAssert.AreEqual(expected.Exists, !actualReport.IsNonexistent, "Bad assumption on file existence of {0}; this can break ACL decisions", actualReportedPathString); XAssert.AreEqual( expected.Allowed ? FileAccessStatus.Allowed : FileAccessStatus.Denied, actualReport.Status, "Incorrect ACL decision for " + actualReportedPathString); // on MacOS we cannot distinguish Read vs. Probe for absent files so we always report Probe in those cases var expectedAccess = OperatingSystemHelper.IsUnixOS && actualReport.IsNonexistent ? RequestedAccess.Probe : access == AccessType.Read ? RequestedAccess.Read : RequestedAccess.Probe; XAssert.AreEqual( expectedAccess, actualReport.RequestedAccess, "Incorrect access type for path " + actualReportedPathString); if (expectedAccess == RequestedAccess.Read) { var allowedOperations = !OperatingSystemHelper.IsUnixOS ? new[] { ReportedFileOperation.CreateFile } : expected.Exists ? new[] { ReportedFileOperation.KAuthVNodeRead, ReportedFileOperation.KAuthReadFile } : new[] { ReportedFileOperation.MacLookup }; XAssert.Contains(allowedOperations, actualReport.Operation); } return(true); }
/// <summary> /// Internal constructor /// </summary> /// <param name="pip">The pip that executed that process that reported the file access</param> /// <param name="reportedFileAccesse">Reported file access descriptor</param> /// <param name="pathTable">Path table used to expand path strings</param> internal ReportedFileAccessDescriptor(PipDescriptor pip, ref ReportedFileAccess reportedFileAccess, BuildXL.Utilities.PathTable pathTable) { Pip = pip; ReportedFileAccess = new ReportedFileAccess( operation: reportedFileAccess.Operation, process: reportedFileAccess.Process, requestedAccess: reportedFileAccess.RequestedAccess, status: reportedFileAccess.Status, explicitlyReported: reportedFileAccess.ExplicitlyReported, error: reportedFileAccess.Error, usn: reportedFileAccess.Usn, desiredAccess: reportedFileAccess.DesiredAccess, shareMode: reportedFileAccess.ShareMode, creationDisposition: reportedFileAccess.CreationDisposition, flagsAndAttributes: reportedFileAccess.FlagsAndAttributes, manifestPath: reportedFileAccess.ManifestPath, path: reportedFileAccess.GetPath(pathTable), enumeratePatttern: reportedFileAccess.EnumeratePattern); }
private string RenderReport(ReportedFileAccess report) { return(m_options.Verbose ? $"Path = {report.GetPath(m_pathTable)}{Environment.NewLine}{report.Describe()}" : report.ShortDescribe(m_pathTable)); }
public void ReportedFileAccessCreate() { var pathTable = new PathTable(); AbsolutePath file1 = AbsolutePath.Create(pathTable, A("t", "file1.txt")); var process = new ReportedProcess(0, string.Empty); ReportedFileAccess rfa1 = ReportedFileAccess.Create( ReportedFileOperation.CreateFile, process, RequestedAccess.Read, FileAccessStatus.Allowed, true, 0, ReportedFileAccess.NoUsn, DesiredAccess.GENERIC_READ, ShareMode.FILE_SHARE_NONE, CreationDisposition.OPEN_ALWAYS, FlagsAndAttributes.FILE_ATTRIBUTE_NORMAL, file1); XAssert.AreEqual(rfa1.Status, FileAccessStatus.Allowed); XAssert.AreEqual(rfa1.ManifestPath, file1); XAssert.AreEqual(rfa1.Path, null); XAssert.AreEqual(A("t", "file1.txt"), rfa1.GetPath(pathTable)); ReportedFileAccess rfa2 = ReportedFileAccess.Create( ReportedFileOperation.CreateFile, process, RequestedAccess.Read, FileAccessStatus.CannotDeterminePolicy, true, 0, new Usn(0), DesiredAccess.GENERIC_READ, ShareMode.FILE_SHARE_NONE, CreationDisposition.OPEN_ALWAYS, FlagsAndAttributes.FILE_ATTRIBUTE_NORMAL, pathTable, A("t", "file1.txt")); XAssert.AreEqual(rfa2.Status, FileAccessStatus.CannotDeterminePolicy); XAssert.AreEqual(rfa2.ManifestPath, file1); XAssert.AreEqual(rfa2.Path, null); XAssert.AreEqual(A("t", "file1.txt"), rfa2.GetPath(pathTable)); ReportedFileAccess rfa3 = ReportedFileAccess.Create( ReportedFileOperation.CreateFile, process, RequestedAccess.Read, FileAccessStatus.Denied, true, 0, ReportedFileAccess.NoUsn, DesiredAccess.GENERIC_READ, ShareMode.FILE_SHARE_NONE, CreationDisposition.OPEN_ALWAYS, FlagsAndAttributes.FILE_ATTRIBUTE_NORMAL, pathTable, A("t", "file2.txt")); XAssert.AreEqual(rfa3.Status, FileAccessStatus.Denied); XAssert.AreEqual(rfa3.ManifestPath, AbsolutePath.Invalid); XAssert.AreEqual(rfa3.Path, A("t", "file2.txt")); XAssert.AreEqual(A("t", "file2.txt"), rfa3.GetPath(pathTable)); }