mirror of
https://github.com/golang/go
synced 2024-10-14 11:53:56 +00:00
cmd/go: convert TestACL to a script test
Change-Id: Id25db146a317f2c5f5425cfabf4c3ca84066d5c8 Reviewed-on: https://go-review.googlesource.com/c/go/+/165752 Run-TryBot: Bryan C. Mills <bcmills@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
This commit is contained in:
Bryan C. Mills
parent
9153a3ef05
commit
d5e0b898a5
|
|
@ -5,7 +5,6 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"internal/testenv"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
|
|
@ -47,76 +46,3 @@ func TestAbsolutePath(t *testing.T) {
|
|||
t.Fatalf("wrong output found: %v %v", err, string(output))
|
||||
}
|
||||
}
|
||||
|
||||
func runIcacls(t *testing.T, args ...string) string {
|
||||
t.Helper()
|
||||
out, err := exec.Command("icacls", args...).CombinedOutput()
|
||||
if err != nil {
|
||||
t.Fatalf("icacls failed: %v\n%v", err, string(out))
|
||||
}
|
||||
return string(out)
|
||||
}
|
||||
|
||||
func runGetACL(t *testing.T, path string) string {
|
||||
t.Helper()
|
||||
cmd := fmt.Sprintf(`Get-Acl "%s" | Select -expand AccessToString`, path)
|
||||
out, err := exec.Command("powershell", "-Command", cmd).CombinedOutput()
|
||||
if err != nil {
|
||||
t.Fatalf("Get-Acl failed: %v\n%v", err, string(out))
|
||||
}
|
||||
return string(out)
|
||||
}
|
||||
|
||||
// For issue 22343: verify that executable file created by "go build" command
|
||||
// has discretionary access control list (DACL) set as if the file
|
||||
// was created in the destination directory.
|
||||
func TestACL(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
tmpdir, err := ioutil.TempDir("", "TestACL")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
defer os.RemoveAll(tmpdir)
|
||||
|
||||
newtmpdir := filepath.Join(tmpdir, "tmp")
|
||||
err = os.Mkdir(newtmpdir, 0777)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// When TestACL/tmp directory is created, it will have
|
||||
// the same security attributes as TestACL.
|
||||
// Add Guest account full access to TestACL/tmp - this
|
||||
// will make all files created in TestACL/tmp have different
|
||||
// security attributes to the files created in TestACL.
|
||||
runIcacls(t, newtmpdir,
|
||||
"/grant", "*S-1-5-32-546:(oi)(ci)f", // add Guests group to have full access
|
||||
)
|
||||
|
||||
src := filepath.Join(tmpdir, "main.go")
|
||||
err = ioutil.WriteFile(src, []byte("package main; func main() { }\n"), 0644)
|
||||
if err == nil {
|
||||
err = ioutil.WriteFile(filepath.Join(tmpdir, "go.mod"), []byte("module TestACL\n"), 0644)
|
||||
}
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
exe := filepath.Join(tmpdir, "main.exe")
|
||||
cmd := exec.Command(testenv.GoToolPath(t), "build", "-o", exe, src)
|
||||
cmd.Dir = tmpdir
|
||||
cmd.Env = append(os.Environ(),
|
||||
"TMP="+newtmpdir,
|
||||
"TEMP="+newtmpdir,
|
||||
)
|
||||
out, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
t.Fatalf("go command failed: %v\n%v", err, string(out))
|
||||
}
|
||||
|
||||
// exe file is expected to have the same security attributes as the src.
|
||||
if got, expected := runGetACL(t, exe), runGetACL(t, src); got != expected {
|
||||
t.Fatalf("expected Get-Acl output of \n%v\n, got \n%v\n", expected, got)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
44
src/cmd/go/testdata/script/build_acl_windows.txt
vendored
Normal file
44
src/cmd/go/testdata/script/build_acl_windows.txt
vendored
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
[!windows] stop
|
||||
[!exec:icacls] skip
|
||||
[!exec:powershell] skip
|
||||
|
||||
# Create $WORK\guest and give the Guests group full access.
|
||||
# Files created within that directory will have different security attributes by default.
|
||||
mkdir $WORK\guest
|
||||
exec icacls $WORK\guest /grant '*S-1-5-32-546:(oi)(ci)f'
|
||||
|
||||
env TMP=$WORK\guest
|
||||
env TEMP=$WORK\guest
|
||||
|
||||
# Build a binary using the guest directory as an intermediate
|
||||
cd TestACL
|
||||
go build -o main.exe main.go
|
||||
# Build the same binary, but write it to the guest directory.
|
||||
go build -o $TMP\main.exe main.go
|
||||
|
||||
# Read ACLs for the files.
|
||||
exec powershell -Command 'Get-Acl main.exe | Select -expand AccessToString'
|
||||
cp stdout $WORK\exe-acl.txt
|
||||
exec powershell -Command 'Get-Acl main.go | Select -expand AccessToString'
|
||||
cp stdout $WORK\src-acl.txt
|
||||
cd $TMP
|
||||
exec powershell -Command 'Get-Acl main.exe | Select -expand AccessToString'
|
||||
cp stdout $WORK\guest-acl.txt
|
||||
|
||||
cd $WORK
|
||||
|
||||
# The executable written to the source directory should have the same ACL as the source file.
|
||||
cmp $WORK\exe-acl.txt $WORK\src-acl.txt
|
||||
|
||||
# The file written to the guest-allowed directory should give Guests control.
|
||||
grep 'BUILTIN\\Guests\s+Allow' $WORK\guest-acl.txt
|
||||
|
||||
# The file written to the ordinary directory should not.
|
||||
! grep 'BUILTIN\\Guests\s+Allow' $WORK\exe-acl.txt
|
||||
|
||||
|
||||
-- TestACL/go.mod --
|
||||
module TestACL
|
||||
-- TestACL/main.go --
|
||||
package main
|
||||
func main() {}
|
||||
Loading…
Reference in a new issue