diff options
| author | Aaron Klotz <aaron@tailscale.com> | 2023-09-19 14:16:15 -0600 |
|---|---|---|
| committer | Aaron Klotz <aaron@tailscale.com> | 2023-09-19 14:18:20 -0600 |
| commit | a82dfe7f99a2b9a25b490023fc63dd2ba493bf30 (patch) | |
| tree | bd4d114e5c4cd9f049a664eb94d0740d3b5deef9 /util/winutil/testdata/testprocessattributes | |
| parent | 19a9d9037f9770adb2cc4b812aeb1f1ff02da5af (diff) | |
| download | tailscale-aaron/win_process_mitigations.tar.xz tailscale-aaron/win_process_mitigations.zip | |
start testingaaron/win_process_mitigations
Signed-off-by: Aaron Klotz <aaron@tailscale.com>
Diffstat (limited to 'util/winutil/testdata/testprocessattributes')
| -rw-r--r-- | util/winutil/testdata/testprocessattributes/main_windows.go | 40 | ||||
| -rw-r--r-- | util/winutil/testdata/testprocessattributes/tests_windows.go | 57 |
2 files changed, 97 insertions, 0 deletions
diff --git a/util/winutil/testdata/testprocessattributes/main_windows.go b/util/winutil/testdata/testprocessattributes/main_windows.go new file mode 100644 index 000000000..0a83af630 --- /dev/null +++ b/util/winutil/testdata/testprocessattributes/main_windows.go @@ -0,0 +1,40 @@ +// Copyright 2015 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build windows + +package main + +import "os" + +var ( + cmds = map[string]func(){} + err error +) + +func register(name string, f func()) { + if cmds[name] != nil { + panic("duplicate registration: " + name) + } + cmds[name] = f +} + +func registerInit(name string, f func()) { + if len(os.Args) >= 2 && os.Args[1] == name { + f() + } +} + +func main() { + if len(os.Args) < 2 { + println("usage: " + os.Args[0] + " name-of-test") + return + } + f := cmds[os.Args[1]] + if f == nil { + println("unknown function: " + os.Args[1]) + return + } + f() +} diff --git a/util/winutil/testdata/testprocessattributes/tests_windows.go b/util/winutil/testdata/testprocessattributes/tests_windows.go new file mode 100644 index 000000000..93f543988 --- /dev/null +++ b/util/winutil/testdata/testprocessattributes/tests_windows.go @@ -0,0 +1,57 @@ +// Copyright (c) Tailscale Inc & AUTHORS +// SPDX-License-Identifier: BSD-3-Clause + +package main + +import ( + "fmt" + + "tailscale.com/util/winutil" +) + +func init() { + // registerInit("Foo", FooInit) + // register("Foo", Foo) + register("MitigateSelf", MitigateSelf) +} + +func MitigateSelf() { + var zero winutil.ProcessMitigationPolicies + initialPolicies, err := winutil.CurrentProcessMitigationPolicies() + if err != nil { + fmt.Printf("error: CurrentProcessMitigationPolicies: %v\n", err) + return + } + + if initialPolicies != zero { + fmt.Println("error: initialPolicies not zero value") + return + } + + setTo := winutil.ProcessMitigationPolicies{ + DisableExtensionPoints: true, + PreferSystem32Images: true, + ProhibitDynamicCode: true, + ProhibitLowMandatoryLabelImages: true, + ProhibitNonMicrosoftSignedDLLs: true, + ProhibitRemoteImages: true, + } + + if err := setTo.SetOnCurrentProcess(); err != nil { + fmt.Printf("error: SetOnCurrentProcess: %v\n", err) + return + } + + checkPolicies, err := winutil.CurrentProcessMitigationPolicies() + if err != nil { + fmt.Printf("error: CurrentProcessMitigationPolicies: %v\n", err) + return + } + + if checkPolicies != setTo { + fmt.Printf("error: checkPolicies got %#v, want %#v\n", checkPolicies, setTo) + return + } + + fmt.Println("OK") +} |