Commit d5e0b898 authored by Bryan C. Mills's avatar Bryan C. Mills

cmd/go: convert TestACL to a script test

Change-Id: Id25db146a317f2c5f5425cfabf4c3ca84066d5c8
Reviewed-on: https://go-review.googlesource.com/c/go/+/165752
Run-TryBot: Bryan C. Mills <bcmills@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: default avatarIan Lance Taylor <iant@golang.org>
Reviewed-by: default avatarAlex Brainman <alex.brainman@gmail.com>
parent 9153a3ef
......@@ -5,7 +5,6 @@
package main
import (
"fmt"
"internal/testenv"
"io/ioutil"
"os"
......@@ -47,76 +46,3 @@ func TestAbsolutePath(t *testing.T) {
t.Fatalf("wrong output found: %v %v", err, string(output))
}
}
func runIcacls(t *testing.T, args ...string) string {
t.Helper()
out, err := exec.Command("icacls", args...).CombinedOutput()
if err != nil {
t.Fatalf("icacls failed: %v\n%v", err, string(out))
}
return string(out)
}
func runGetACL(t *testing.T, path string) string {
t.Helper()
cmd := fmt.Sprintf(`Get-Acl "%s" | Select -expand AccessToString`, path)
out, err := exec.Command("powershell", "-Command", cmd).CombinedOutput()
if err != nil {
t.Fatalf("Get-Acl failed: %v\n%v", err, string(out))
}
return string(out)
}
// For issue 22343: verify that executable file created by "go build" command
// has discretionary access control list (DACL) set as if the file
// was created in the destination directory.
func TestACL(t *testing.T) {
t.Parallel()
tmpdir, err := ioutil.TempDir("", "TestACL")
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(tmpdir)
newtmpdir := filepath.Join(tmpdir, "tmp")
err = os.Mkdir(newtmpdir, 0777)
if err != nil {
t.Fatal(err)
}
// When TestACL/tmp directory is created, it will have
// the same security attributes as TestACL.
// Add Guest account full access to TestACL/tmp - this
// will make all files created in TestACL/tmp have different
// security attributes to the files created in TestACL.
runIcacls(t, newtmpdir,
"/grant", "*S-1-5-32-546:(oi)(ci)f", // add Guests group to have full access
)
src := filepath.Join(tmpdir, "main.go")
err = ioutil.WriteFile(src, []byte("package main; func main() { }\n"), 0644)
if err == nil {
err = ioutil.WriteFile(filepath.Join(tmpdir, "go.mod"), []byte("module TestACL\n"), 0644)
}
if err != nil {
t.Fatal(err)
}
exe := filepath.Join(tmpdir, "main.exe")
cmd := exec.Command(testenv.GoToolPath(t), "build", "-o", exe, src)
cmd.Dir = tmpdir
cmd.Env = append(os.Environ(),
"TMP="+newtmpdir,
"TEMP="+newtmpdir,
)
out, err := cmd.CombinedOutput()
if err != nil {
t.Fatalf("go command failed: %v\n%v", err, string(out))
}
// exe file is expected to have the same security attributes as the src.
if got, expected := runGetACL(t, exe), runGetACL(t, src); got != expected {
t.Fatalf("expected Get-Acl output of \n%v\n, got \n%v\n", expected, got)
}
}
[!windows] stop
[!exec:icacls] skip
[!exec:powershell] skip
# Create $WORK\guest and give the Guests group full access.
# Files created within that directory will have different security attributes by default.
mkdir $WORK\guest
exec icacls $WORK\guest /grant '*S-1-5-32-546:(oi)(ci)f'
env TMP=$WORK\guest
env TEMP=$WORK\guest
# Build a binary using the guest directory as an intermediate
cd TestACL
go build -o main.exe main.go
# Build the same binary, but write it to the guest directory.
go build -o $TMP\main.exe main.go
# Read ACLs for the files.
exec powershell -Command 'Get-Acl main.exe | Select -expand AccessToString'
cp stdout $WORK\exe-acl.txt
exec powershell -Command 'Get-Acl main.go | Select -expand AccessToString'
cp stdout $WORK\src-acl.txt
cd $TMP
exec powershell -Command 'Get-Acl main.exe | Select -expand AccessToString'
cp stdout $WORK\guest-acl.txt
cd $WORK
# The executable written to the source directory should have the same ACL as the source file.
cmp $WORK\exe-acl.txt $WORK\src-acl.txt
# The file written to the guest-allowed directory should give Guests control.
grep 'BUILTIN\\Guests\s+Allow' $WORK\guest-acl.txt
# The file written to the ordinary directory should not.
! grep 'BUILTIN\\Guests\s+Allow' $WORK\exe-acl.txt
-- TestACL/go.mod --
module TestACL
-- TestACL/main.go --
package main
func main() {}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment