forked from PowerShell/PowerShell
/
ConstrainedLanguageDebugger.Tests.ps1
158 lines (132 loc) · 5.52 KB
/
ConstrainedLanguageDebugger.Tests.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License.
##
## ----------
## Test Note:
## ----------
## Since these tests change session and system state (constrained language and system lockdown)
## they will all use try/finally blocks instead of Pester AfterEach/AfterAll to ensure session
## and system state is restored.
## Pester AfterEach, AfterAll is not reliable when the session is constrained language or locked down.
##
Import-Module HelpersSecurity
try
{
$defaultParamValues = $PSDefaultParameterValues.Clone()
$PSDefaultParameterValues["it:Skip"] = !$IsWindows
Describe "Local script debugger is disabled in system lock down mode" -Tags 'CI','RequireAdminOnWindows' {
BeforeAll {
# Debugger test type definition
$debuggerTestTypeDef = @'
using System;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
namespace TestRunner
{
public class DebuggerTester
{
private Runspace _runspace;
public int DebuggerStopHitCount
{
private set;
get;
}
public DebuggerTester(Runspace runspace)
{
if (runspace.Debugger == null)
{
throw new PSArgumentException("The provided runspace script debugger cannot be null for test.");
}
_runspace = runspace;
_runspace.Debugger.DebuggerStop += (sender, args) =>
{
DebuggerStopHitCount += 1;
};
}
}
}
'@
$script = @'
"Hello"
Wait-Debugger
"Goodbye"
'@
$scriptFilePath = Join-Path $TestDrive TScript.ps1
$script > $scriptFilePath
# Define debugger test type
Add-Type -TypeDefinition $debuggerTestTypeDef
# Test cases
$TestCasesDisableDebugger = @(
@{
testName = 'Verifies that Set-PSBreakpoint Line is disabled on locked down system'
scriptText = 'Set-PSBreakpoint -Script {0} -Line 1' -f $scriptFilePath
},
@{
testName = 'Verifies that Set-PSBreakpoint Statement is disabled on locked down system'
scriptText = 'Set-PSBreakpoint -Script {0} -Line 1 -Column 1' -f $scriptFilePath
},
@{
testName = 'Verifies that Set-PSBreakpoint Command is disabled on locked down system'
scriptText = 'Set-PSBreakpoint -Command {0}' -f $scriptFilePath
},
@{
testName = 'Verifies that Set-PSBreakpoint Variable is disabled on locked down system'
scriptText = 'Set-PSBreakpoint -Variable HelloVar'
}
)
}
AfterAll {
if (($script:moduleDirectory -ne $null) -and (Test-Path $script:moduleDirectory))
{
try { Remove-Item -Path $moduleDirectory -Recurse -Force -ErrorAction SilentlyContinue } catch { }
}
}
It "<testName>" -TestCases $TestCasesDisableDebugger {
param ($scriptText)
try
{
Invoke-LanguageModeTestingSupportCmdlet -SetLockdownMode
# Run script in new runspace created within lock down mode.
[powershell] $ps = [powershell]::Create([System.Management.Automation.RunspaceMode]::NewRunspace);
$ps.AddScript($scriptText).Invoke()
$expectedError = $ps.Streams.Error[0]
}
finally
{
Invoke-LanguageModeTestingSupportCmdlet -RevertLockdownMode -EnableFullLanguageMode
if ($ps -ne $null) { $ps.Dispose() }
}
$expectedError.FullyQualifiedErrorId | Should Be 'NotSupported,Microsoft.PowerShell.Commands.SetPSBreakpointCommand'
}
It "Verifies that Wait-Debugger is disabled on locked down system" {
try
{
Invoke-LanguageModeTestingSupportCmdlet -SetLockdownMode
# Create test runspace
[runspace] $runspace = [runspacefactory]::CreateRunspace()
$runspace.Open()
# Attach TestRuner.DebuggerTester DebugStop event handler to runspace
$debuggerTester = [TestRunner.DebuggerTester]::new($runspace)
# Run $scriptFilePath script with 'Wait-Debugger' in locked down mode
[powershell] $ps = [powershell]::Create()
$ps.Runspace = $runspace
$null = $ps.AddScript('"Hello"; Wait-Debugger; "Goodbye"').Invoke()
}
finally
{
Invoke-LanguageModeTestingSupportCmdlet -RevertLockdownMode -EnableFullLanguageMode
if ($runspace -ne $null) { $runspace.Dispose() }
if ($ps -ne $null) { $ps.Dispose() }
}
# Debugger should not have been active in lockdown mode
$debuggerTester.DebuggerStopHitCount | Should Be 0
}
}
}
finally
{
if ($null -ne $defaultParamValues)
{
$Global:PSDefaultParameterValues = $defaultParamValues
}
}