Fix Get-Acl -LiteralPath "HKLM:Software\Classes\*" behaviour (#13107)

* Fix #11566 bug Add pester test for Get-Acl cmdlet * Replace -pending parameter with -skip * Fix test failing in Linux and MacOS
PowerShell · Jul 31, 2020 · 9ceee3e · 9ceee3e
1 parent 4597b41
commit 9ceee3e
Show file tree

Hide file tree

Showing 2 changed files with 80 additions and 16 deletions.
diff --git a/src/Microsoft.PowerShell.Security/security/AclCommands.cs b/src/Microsoft.PowerShell.Security/security/AclCommands.cs
@@ -825,7 +825,7 @@ protected override void ProcessRecord()
                     {
                         if (_isLiteralPath)
                         {
-                            pathsToProcess.Add(SessionState.Path.GetUnresolvedProviderPathFromPSPath(p));
+                            pathsToProcess.Add(p);
                         }
                         else
                         {

diff --git a/test/powershell/Modules/Microsoft.PowerShell.Security/AclCmdlets.Tests.ps1 b/test/powershell/Modules/Microsoft.PowerShell.Security/AclCmdlets.Tests.ps1
@@ -1,20 +1,84 @@
 # Copyright (c) Microsoft Corporation.
 # Licensed under the MIT License.
 Describe "Acl cmdlets are available and operate properly" -Tag CI {
-    It "Get-Acl returns an ACL object" -Pending:(!$IsWindows) {
-        $ACL = Get-Acl $TESTDRIVE
-        $ACL | Should -BeOfType System.Security.AccessControl.DirectorySecurity
-    }
-    It "Set-Acl can set the ACL of a directory" -Pending {
-        Setup -d testdir
-        $directory = "$TESTDRIVE/testdir"
-        $acl = Get-Acl $directory
-        $accessRule = [System.Security.AccessControl.FileSystemAccessRule]::New("Everyone","FullControl","ContainerInherit,ObjectInherit","None","Allow")
-        $acl.AddAccessRule($accessRule)
-        { $acl | Set-Acl $directory } | Should -Not -Throw
-
-        $newacl = Get-Acl $directory
-        $newrule = $newacl.Access | Where-Object { $accessrule.FileSystemRights -eq $_.FileSystemRights -and $accessrule.AccessControlType -eq $_.AccessControlType -and $accessrule.IdentityReference -eq $_.IdentityReference }
-        $newrule | Should -Not -BeNullOrEmpty
+    Context "Windows ACL test" {
+        BeforeAll {
+            $PSDefaultParameterValues["It:Skip"] = -not $IsWindows
+        }
+
+        It "Get-Acl returns an ACL DirectorySecurity object"  {
+            $ACL = Get-Acl $TESTDRIVE
+            $ACL | Should -BeOfType System.Security.AccessControl.DirectorySecurity
+        }
+
+        It "Get-Acl -LiteralPath HKLM:Software\Classes\*"  {
+            $ACL = Get-Acl -LiteralPath HKLM:Software\Classes\*
+            $ACL | Should -BeOfType System.Security.AccessControl.RegistrySecurity
+        }
+
+        It "Get-Acl -LiteralPath .\Software\Classes\*"  {
+            $currentPath = Get-Location
+            Set-Location -LiteralPath HKLM:\
+            $ACL = Get-Acl -LiteralPath .\Software\Classes\*
+            $ACL | Should -BeOfType System.Security.AccessControl.RegistrySecurity
+            $currentPath | Set-Location
+        }
+
+        It "Get-Acl -LiteralPath ."  {
+            $currentPath = Get-Location
+            Set-Location -LiteralPath $TESTDRIVE
+            $ACL = Get-Acl -LiteralPath .
+            $ACL | Should -BeOfType System.Security.AccessControl.DirectorySecurity
+            $currentPath | Set-Location
+        }
+
+        It "Get-Acl -LiteralPath .."  {
+            $currentPath = Get-Location
+            Set-Location -LiteralPath $TESTDRIVE
+            $ACL = Get-Acl -LiteralPath ..
+            $ACL | Should -BeOfType System.Security.AccessControl.DirectorySecurity
+            $currentPath | Set-Location
+        }
+
+        It "Get-Acl -Path .\Software\Classes\"  {
+            $currentPath = Get-Location
+            Set-Location -LiteralPath HKLM:\
+            $ACL = Get-Acl -Path .\Software\Classes\
+            $ACL | Should -BeOfType System.Security.AccessControl.RegistrySecurity
+            $currentPath | Set-Location
+        }
+
+        It "Get-Acl -Path ."  {
+            $currentPath = Get-Location
+            Set-Location -LiteralPath $TESTDRIVE
+            $ACL = Get-Acl -Path .
+            $ACL | Should -BeOfType System.Security.AccessControl.DirectorySecurity
+            $currentPath | Set-Location
+        }
+
+        It "Get-Acl -Path .."  {
+            $currentPath = Get-Location
+            Set-Location -LiteralPath $TESTDRIVE
+            $ACL = Get-Acl -Path ..
+            $ACL | Should -BeOfType System.Security.AccessControl.DirectorySecurity
+            $currentPath | Set-Location
+        }
+
+        It "Set-Acl can set the ACL of a directory" {
+            Setup -d testdir
+            $directory = "$TESTDRIVE/testdir"
+            $acl = Get-Acl $directory
+            $accessRule = [System.Security.AccessControl.FileSystemAccessRule]::New("Everyone","FullControl","ContainerInherit,ObjectInherit","None","Allow")
+            $acl.AddAccessRule($accessRule)
+            { $acl | Set-Acl $directory } | Should -Not -Throw
+
+            $newacl = Get-Acl $directory
+            $newrule = $newacl.Access | Where-Object { $accessrule.FileSystemRights -eq $_.FileSystemRights -and $accessrule.AccessControlType -eq $_.AccessControlType -and $accessrule.IdentityReference -eq $_.IdentityReference }
+            $newrule | Should -Not -BeNullOrEmpty
+        }
+
+        AfterAll {
+            $PSDefaultParameterValues.Remove("It:Skip")
+        }
     }
 }