Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

win_get_url: ignore defender false positive in tests #56812

Merged
merged 3 commits into from May 23, 2019
Merged

win_get_url: ignore defender false positive in tests #56812

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
3190ae9
win_get_url: add retry to service step
jborean93 May 22, 2019
90275db
Use defender exclusion rule instead
jborean93 May 22, 2019
6a4fb93
Expand the exclusion for defender for temp downloaded files
jborean93 May 22, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
40 changes: 40 additions & 0 deletions test/integration/targets/win_get_url/library/win_defender_exclusion.ps1
View file
Open in desktop
@@ -0,0 +1,40 @@
#!powershell

# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

#Requires -Module Ansible.ModuleUtils.Legacy

$params = Parse-Args $args -supports_check_mode $true

$path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true
$state = Get-AnsibleParam -obj $params -name "state" -type "str" -default "present" -validateset "absent", "present"

$result = @{
changed = $false
}

# This is a test module, just skip instead of erroring out if we cannot set the rule
if ($null -eq (Get-Command -Name Get-MpPreference -ErrorAction SilentlyContinue)) {
$result.skipped = $true
$result.msg = "Skip as cannot set exclusion rule"
Exit-Json -obj $result
}

$exclusions = (Get-MpPreference).ExclusionPath
if ($null -eq $exclusions) {
$exclusions = @()
}

if ($state -eq "absent") {
if ($path -in $exclusions) {
Remove-MpPreference -ExclusionPath $path
$result.changed = $true
}
} else {
if ($path -notin $exclusions) {
Add-MpPreference -ExclusionPath $path
$result.changed = $true
}
}

Exit-Json -obj $result
12 changes: 12 additions & 0 deletions test/integration/targets/win_get_url/tasks/main.yml
View file
Open in desktop
Expand Up @@ -13,6 +13,13 @@
src: files/
dest: '{{ testing_dir }}'

# False positive in Windows Defender is flagging the file as a virus and removing it. We need to add an exclusion so
# the tests continue to work
- name: add exclusion for the SlimFTPd binary
win_defender_exclusion:
path: '{{ remote_tmp_dir | win_dirname }}'
state: present

- name: download SlimFTPd binary
win_get_url:
url: https://ansible-ci-files.s3.amazonaws.com/test/integration/roles/test_win_get_url/SlimFTPd.exe
Expand Down Expand Up @@ -59,3 +66,8 @@
win_file:
path: '{{ slimftpd_link }}'
state: absent

- name: remove exclusion for the SlimFTPd binary
win_defender_exclusion:
path: '{{ remote_tmp_dir | win_dirname }}'
state: absent