Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix Get-Acl -LiteralPath "HKLM:Software\Classes\*" behaviour (#13107)
* Fix #11566 bug Add pester test for Get-Acl cmdlet * Replace -pending parameter with -skip * Fix test failing in Linux and MacOS
- Loading branch information
1 parent
4597b41
commit 9ceee3e
Showing
2 changed files
with
80 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
94 changes: 79 additions & 15 deletions
94
test/powershell/Modules/Microsoft.PowerShell.Security/AclCmdlets.Tests.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,20 +1,84 @@ | ||
# Copyright (c) Microsoft Corporation. | ||
# Licensed under the MIT License. | ||
Describe "Acl cmdlets are available and operate properly" -Tag CI { | ||
It "Get-Acl returns an ACL object" -Pending:(!$IsWindows) { | ||
$ACL = Get-Acl $TESTDRIVE | ||
$ACL | Should -BeOfType System.Security.AccessControl.DirectorySecurity | ||
} | ||
It "Set-Acl can set the ACL of a directory" -Pending { | ||
Setup -d testdir | ||
$directory = "$TESTDRIVE/testdir" | ||
$acl = Get-Acl $directory | ||
$accessRule = [System.Security.AccessControl.FileSystemAccessRule]::New("Everyone","FullControl","ContainerInherit,ObjectInherit","None","Allow") | ||
$acl.AddAccessRule($accessRule) | ||
{ $acl | Set-Acl $directory } | Should -Not -Throw | ||
|
||
$newacl = Get-Acl $directory | ||
$newrule = $newacl.Access | Where-Object { $accessrule.FileSystemRights -eq $_.FileSystemRights -and $accessrule.AccessControlType -eq $_.AccessControlType -and $accessrule.IdentityReference -eq $_.IdentityReference } | ||
$newrule | Should -Not -BeNullOrEmpty | ||
Context "Windows ACL test" { | ||
BeforeAll { | ||
$PSDefaultParameterValues["It:Skip"] = -not $IsWindows | ||
} | ||
|
||
It "Get-Acl returns an ACL DirectorySecurity object" { | ||
$ACL = Get-Acl $TESTDRIVE | ||
$ACL | Should -BeOfType System.Security.AccessControl.DirectorySecurity | ||
} | ||
|
||
It "Get-Acl -LiteralPath HKLM:Software\Classes\*" { | ||
$ACL = Get-Acl -LiteralPath HKLM:Software\Classes\* | ||
$ACL | Should -BeOfType System.Security.AccessControl.RegistrySecurity | ||
} | ||
|
||
It "Get-Acl -LiteralPath .\Software\Classes\*" { | ||
$currentPath = Get-Location | ||
Set-Location -LiteralPath HKLM:\ | ||
$ACL = Get-Acl -LiteralPath .\Software\Classes\* | ||
$ACL | Should -BeOfType System.Security.AccessControl.RegistrySecurity | ||
$currentPath | Set-Location | ||
} | ||
|
||
It "Get-Acl -LiteralPath ." { | ||
$currentPath = Get-Location | ||
Set-Location -LiteralPath $TESTDRIVE | ||
$ACL = Get-Acl -LiteralPath . | ||
$ACL | Should -BeOfType System.Security.AccessControl.DirectorySecurity | ||
$currentPath | Set-Location | ||
} | ||
|
||
It "Get-Acl -LiteralPath .." { | ||
$currentPath = Get-Location | ||
Set-Location -LiteralPath $TESTDRIVE | ||
$ACL = Get-Acl -LiteralPath .. | ||
$ACL | Should -BeOfType System.Security.AccessControl.DirectorySecurity | ||
$currentPath | Set-Location | ||
} | ||
|
||
It "Get-Acl -Path .\Software\Classes\" { | ||
$currentPath = Get-Location | ||
Set-Location -LiteralPath HKLM:\ | ||
$ACL = Get-Acl -Path .\Software\Classes\ | ||
$ACL | Should -BeOfType System.Security.AccessControl.RegistrySecurity | ||
$currentPath | Set-Location | ||
} | ||
|
||
It "Get-Acl -Path ." { | ||
$currentPath = Get-Location | ||
Set-Location -LiteralPath $TESTDRIVE | ||
$ACL = Get-Acl -Path . | ||
$ACL | Should -BeOfType System.Security.AccessControl.DirectorySecurity | ||
$currentPath | Set-Location | ||
} | ||
|
||
It "Get-Acl -Path .." { | ||
$currentPath = Get-Location | ||
Set-Location -LiteralPath $TESTDRIVE | ||
$ACL = Get-Acl -Path .. | ||
$ACL | Should -BeOfType System.Security.AccessControl.DirectorySecurity | ||
$currentPath | Set-Location | ||
} | ||
|
||
It "Set-Acl can set the ACL of a directory" { | ||
Setup -d testdir | ||
$directory = "$TESTDRIVE/testdir" | ||
$acl = Get-Acl $directory | ||
$accessRule = [System.Security.AccessControl.FileSystemAccessRule]::New("Everyone","FullControl","ContainerInherit,ObjectInherit","None","Allow") | ||
$acl.AddAccessRule($accessRule) | ||
{ $acl | Set-Acl $directory } | Should -Not -Throw | ||
|
||
$newacl = Get-Acl $directory | ||
$newrule = $newacl.Access | Where-Object { $accessrule.FileSystemRights -eq $_.FileSystemRights -and $accessrule.AccessControlType -eq $_.AccessControlType -and $accessrule.IdentityReference -eq $_.IdentityReference } | ||
$newrule | Should -Not -BeNullOrEmpty | ||
} | ||
|
||
AfterAll { | ||
$PSDefaultParameterValues.Remove("It:Skip") | ||
} | ||
} | ||
} |