5 files changed, 330 insertions, 1 deletions
diff --git a/src/burn/test/BurnUnitTest/ApprovedExeTest.cpp b/src/burn/test/BurnUnitTest/ApprovedExeTest.cpp
new file mode 100644
index 00000000..da51f1f8
--- /dev/null
+++ b/src/burn/test/BurnUnitTest/ApprovedExeTest.cpp
@@ -0,0 +1,312 @@
+// Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information.
+#include "precomp.h"
+namespace Microsoft
+{
+namespace Tools
+{
+namespace WindowsInstallerXml
+{
+namespace Test
+{
+namespace Bootstrapper
+{
+    using namespace System;
+    using namespace System::IO;
+    using namespace Xunit;
+    public ref class ApprovedExeTest : BurnUnitTest
+    {
+    public:
+        ApprovedExeTest(BurnTestFixture^ fixture) : BurnUnitTest(fixture)
+        {
+        }
+        [Fact]
+        void ApprovedExesVerifyPFilesTest()
+        {
+            HRESULT hr = S_OK;
+            BURN_CACHE cache = { };
+            BURN_ENGINE_COMMAND internalCommand = { };
+            BURN_VARIABLES variables = { };
+            LPWSTR scz = NULL;
+            LPWSTR scz2 = NULL;
+            try
+            {
+                hr = VariableInitialize(&variables);
+                NativeAssert::Succeeded(hr, L"Failed to initialize variables.");
+                hr = CacheInitialize(&cache, &internalCommand);
+                NativeAssert::Succeeded(hr, "Failed to initialize cache.");
+                hr = VariableGetString(&variables, L"ProgramFilesFolder", &scz);
+                NativeAssert::Succeeded(hr, "Failed to get variable ProgramFilesFolder.");
+                hr = PathConcat(scz, L"a.exe", &scz2);
+                NativeAssert::Succeeded(hr, "Failed to combine paths");
+                hr = ApprovedExesVerifySecureLocation(&cache, &variables, scz2, 0, NULL);
+                NativeAssert::Succeeded(hr, "Failed to test secure location under ProgramFilesFolder");
+                Assert::True((hr == S_OK), "Path under ProgramFilesFolder was expected to be safe");
+            }
+            finally
+            {
+                ReleaseStr(internalCommand.sczEngineWorkingDirectory);
+                ReleaseStr(scz);
+                ReleaseStr(scz2);
+                CacheUninitialize(&cache);
+                VariablesUninitialize(&variables);
+            }
+        }
+        [Fact]
+        void ApprovedExesVerifyPFilesWithRelativeTest()
+        {
+            HRESULT hr = S_OK;
+            BURN_CACHE cache = { };
+            BURN_ENGINE_COMMAND internalCommand = { };
+            BURN_VARIABLES variables = { };
+            LPWSTR scz = NULL;
+            LPWSTR scz2 = NULL;
+            try
+            {
+                hr = VariableInitialize(&variables);
+                NativeAssert::Succeeded(hr, L"Failed to initialize variables.");
+                hr = CacheInitialize(&cache, &internalCommand);
+                NativeAssert::Succeeded(hr, "Failed to initialize cache.");
+                cache.fPerMachineCacheRootVerified = TRUE;
+                cache.fOriginalPerMachineCacheRootVerified = TRUE;
+                hr = VariableGetString(&variables, L"ProgramFilesFolder", &scz);
+                NativeAssert::Succeeded(hr, "Failed to get variable ProgramFilesFolder.");
+                hr = PathConcat(scz, L"..\\a.exe", &scz2);
+                NativeAssert::Succeeded(hr, "Failed to combine paths");
+                hr = ApprovedExesVerifySecureLocation(&cache, &variables, scz2, 0, NULL);
+                NativeAssert::Succeeded(hr, "Failed to test secure location under ProgramFilesFolder");
+                Assert::True((hr == S_FALSE), "Path pretending to be under ProgramFilesFolder was expected to be unsafe");
+            }
+            finally
+            {
+                ReleaseStr(internalCommand.sczEngineWorkingDirectory);
+                ReleaseStr(scz);
+                ReleaseStr(scz2);
+                CacheUninitialize(&cache);
+                VariablesUninitialize(&variables);
+            }
+        }
+        [Fact]
+        void ApprovedExesVerifyPFiles64Test()
+        {
+            HRESULT hr = S_OK;
+            BURN_CACHE cache = { };
+            BURN_ENGINE_COMMAND internalCommand = { };
+            BURN_VARIABLES variables = { };
+            LPWSTR scz = NULL;
+            LPWSTR scz2 = NULL;
+            try
+            {
+                hr = VariableInitialize(&variables);
+                NativeAssert::Succeeded(hr, L"Failed to initialize variables.");
+                hr = CacheInitialize(&cache, &internalCommand);
+                NativeAssert::Succeeded(hr, "Failed to initialize cache.");
+                hr = VariableGetString(&variables, L"ProgramFiles64Folder", &scz);
+                NativeAssert::Succeeded(hr, "Failed to get variable ProgramFiles64Folder.");
+                hr = PathConcat(scz, L"a.exe", &scz2);
+                NativeAssert::Succeeded(hr, "Failed to combine paths");
+                hr = ApprovedExesVerifySecureLocation(&cache, &variables, scz2, 0, NULL);
+                NativeAssert::Succeeded(hr, "Failed to test secure location under ProgramFiles64Folder");
+                Assert::True((hr == S_OK), "Path under ProgramFiles64Folder was expected to be safe");
+            }
+            finally
+            {
+                ReleaseStr(internalCommand.sczEngineWorkingDirectory);
+                ReleaseStr(scz);
+                ReleaseStr(scz2);
+                CacheUninitialize(&cache);
+                VariablesUninitialize(&variables);
+            }
+        }
+        [Fact]
+        void ApprovedExesVerifySys64FolderTest()
+        {
+            HRESULT hr = S_OK;
+            BURN_CACHE cache = { };
+            BURN_ENGINE_COMMAND internalCommand = { };
+            BURN_VARIABLES variables = { };
+            LPWSTR scz = NULL;
+            LPWSTR scz2 = NULL;
+            try
+            {
+                hr = VariableInitialize(&variables);
+                NativeAssert::Succeeded(hr, L"Failed to initialize variables.");
+                hr = CacheInitialize(&cache, &internalCommand);
+                NativeAssert::Succeeded(hr, "Failed to initialize cache.");
+                cache.fPerMachineCacheRootVerified = TRUE;
+                cache.fOriginalPerMachineCacheRootVerified = TRUE;
+                hr = VariableGetString(&variables, L"System64Folder", &scz);
+                NativeAssert::Succeeded(hr, "Failed to get variable System64Folder.");
+                hr = PathConcat(scz, L"a.exe", &scz2);
+                NativeAssert::Succeeded(hr, "Failed to combine paths");
+                hr = ApprovedExesVerifySecureLocation(&cache, &variables, scz2, 0, NULL);
+                NativeAssert::Succeeded(hr, "Failed to test secure location under System64Folder");
+                Assert::True((hr == S_FALSE), "Path under System64Folder was expected to be unsafe");
+            }
+            finally
+            {
+                ReleaseStr(internalCommand.sczEngineWorkingDirectory);
+                ReleaseStr(scz);
+                ReleaseStr(scz2);
+                CacheUninitialize(&cache);
+                VariablesUninitialize(&variables);
+            }
+        }
+        [Fact]
+        void ApprovedExesVerifySys64Rundll32UnsafeTest()
+        {
+            HRESULT hr = S_OK;
+            BURN_CACHE cache = { };
+            BURN_ENGINE_COMMAND internalCommand = { };
+            BURN_VARIABLES variables = { };
+            LPWSTR scz = NULL;
+            LPWSTR scz2 = NULL;
+            LPWSTR szArgs = NULL;
+            try
+            {
+                hr = VariableInitialize(&variables);
+                NativeAssert::Succeeded(hr, L"Failed to initialize variables.");
+                hr = CacheInitialize(&cache, &internalCommand);
+                NativeAssert::Succeeded(hr, "Failed to initialize cache.");
+                cache.fPerMachineCacheRootVerified = TRUE;
+                cache.fOriginalPerMachineCacheRootVerified = TRUE;
+                hr = VariableGetString(&variables, L"System64Folder", &scz);
+                NativeAssert::Succeeded(hr, "Failed to get variable System64Folder.");
+                hr = PathConcat(scz, L"rundll32.exe", &scz2);
+                NativeAssert::Succeeded(hr, "Failed to combine paths");
+                hr = ApprovedExesVerifySecureLocation(&cache, &variables, scz2, 1, const_cast<LPCWSTR*>(&scz2));
+                NativeAssert::Succeeded(hr, "Failed to test secure location under System64Folder");
+                Assert::True((hr == S_FALSE), "Path under System64Folder was expected to be unsafe for rundll32 target");
+            }
+            finally
+            {
+                ReleaseStr(internalCommand.sczEngineWorkingDirectory);
+                ReleaseStr(scz);
+                ReleaseStr(scz2);
+                ReleaseStr(szArgs);
+                CacheUninitialize(&cache);
+                VariablesUninitialize(&variables);
+            }
+        }
+        [Fact]
+        void ApprovedExesVerifySys64Rundll32SafeTest()
+        {
+            HRESULT hr = S_OK;
+            BURN_CACHE cache = { };
+            BURN_ENGINE_COMMAND internalCommand = { };
+            BURN_VARIABLES variables = { };
+            LPWSTR scz = NULL;
+            LPWSTR scz2 = NULL;
+            LPWSTR scz3 = NULL;
+            try
+            {
+                hr = VariableInitialize(&variables);
+                NativeAssert::Succeeded(hr, L"Failed to initialize variables.");
+                hr = CacheInitialize(&cache, &internalCommand);
+                NativeAssert::Succeeded(hr, "Failed to initialize cache.");
+                cache.fPerMachineCacheRootVerified = TRUE;
+                cache.fOriginalPerMachineCacheRootVerified = TRUE;
+                // System64Folder
+                hr = VariableGetString(&variables, L"System64Folder", &scz);
+                NativeAssert::Succeeded(hr, "Failed to get variable System64Folder.");
+                hr = PathConcat(scz, L"rundll32.exe", &scz2);
+                NativeAssert::Succeeded(hr, "Failed to combine paths");
+                hr = VariableGetString(&variables, L"ProgramFiles64Folder", &scz);
+                NativeAssert::Succeeded(hr, "Failed to get variable ProgramFiles64Folder.");
+                hr = PathConcat(scz, L"a.dll", &scz3);
+                NativeAssert::Succeeded(hr, "Failed to combine paths");
+                hr = ApprovedExesVerifySecureLocation(&cache, &variables, scz2, 1, const_cast<LPCWSTR*>(&scz3));
+                NativeAssert::Succeeded(hr, "Failed to test secure location under ProgramFiles64Folder for System64Folder/rundll32 target");
+                Assert::True((hr == S_OK), "Path under ProgramFiles64Folder was expected to be safe for System64Folder/rundll32 target");
+                hr = PathConcat(scz, L"a.dll,somthing else", &scz3);
+                NativeAssert::Succeeded(hr, "Failed to combine paths");
+                hr = ApprovedExesVerifySecureLocation(&cache, &variables, scz2, 1, const_cast<LPCWSTR*>(&scz3));
+                NativeAssert::Succeeded(hr, "Failed to test secure location under ProgramFiles64Folder for rundll32 target");
+                Assert::True((hr == S_OK), "Path under ProgramFiles64Folder was expected to be safe for System64Folder/rundll32 target");
+                // SystemFolder
+                hr = VariableGetString(&variables, L"SystemFolder", &scz);
+                NativeAssert::Succeeded(hr, "Failed to get variable System64Folder.");
+                hr = PathConcat(scz, L"rundll32.exe", &scz2);
+                NativeAssert::Succeeded(hr, "Failed to combine paths");
+                hr = ApprovedExesVerifySecureLocation(&cache, &variables, scz2, 1, const_cast<LPCWSTR*>(&scz3));
+                NativeAssert::Succeeded(hr, "Failed to test secure location under ProgramFiles64Folder for SystemFolder/rundll32 target");
+                Assert::True((hr == S_OK), "Path under ProgramFiles64Folder was expected to be safe for SystemFolder/rundll32 target");
+                // Sysnative
+                hr = PathSystemWindowsSubdirectory(L"SysNative\\", &scz);
+                NativeAssert::Succeeded(hr, "Failed to get SysNative Folder.");
+                hr = PathConcat(scz, L"rundll32.exe", &scz2);
+                NativeAssert::Succeeded(hr, "Failed to combine paths");
+                hr = ApprovedExesVerifySecureLocation(&cache, &variables, scz2, 1, const_cast<LPCWSTR*>(&scz3));
+                NativeAssert::Succeeded(hr, "Failed to test secure location under ProgramFiles64Folder for Sysnative/rundll32 target");
+                Assert::True((hr == S_OK), "Path under ProgramFiles64Folder was expected to be safe for Sysnative/rundll32 target");
+            }
+            finally
+            {
+                ReleaseStr(internalCommand.sczEngineWorkingDirectory);
+                ReleaseStr(scz);
+                ReleaseStr(scz2);
+                ReleaseStr(scz3);
+                CacheUninitialize(&cache);
+                VariablesUninitialize(&variables);
+            }
+        }
+    };
+}
+}
+}
+}
+}
diff --git a/src/burn/test/BurnUnitTest/BurnUnitTest.vcxproj b/src/burn/test/BurnUnitTest/BurnUnitTest.vcxproj
index 331d237b..63d089e4 100644
--- a/src/burn/test/BurnUnitTest/BurnUnitTest.vcxproj
+++ b/src/burn/test/BurnUnitTest/BurnUnitTest.vcxproj
@@ -45,6 +45,7 @@
  <ItemGroup>
    <ClCompile Include="AssemblyInfo.cpp" />
+    <ClCompile Include="ApprovedExeTest.cpp" />
    <ClCompile Include="CacheTest.cpp" />
    <ClCompile Include="ElevationTest.cpp" />
    <ClCompile Include="EmbeddedTest.cpp" />
diff --git a/src/burn/test/BurnUnitTest/BurnUnitTest.vcxproj.filters b/src/burn/test/BurnUnitTest/BurnUnitTest.vcxproj.filters
index 82725436..59aea6e9 100644
--- a/src/burn/test/BurnUnitTest/BurnUnitTest.vcxproj.filters
+++ b/src/burn/test/BurnUnitTest/BurnUnitTest.vcxproj.filters
@@ -66,6 +66,9 @@
    <ClCompile Include="VariantTest.cpp">
      <Filter>Source Files</Filter>
    </ClCompile>
+    <ClCompile Include="ApprovedExeTest.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
  </ItemGroup>
  <ItemGroup>
    <ClInclude Include="BurnTestException.h">
@@ -95,4 +98,4 @@
      <Filter>Resource Files</Filter>
    </ResourceCompile>
  </ItemGroup>
-</Project>
-\ No newline at end of file
+</Project>
diff --git a/src/burn/test/BurnUnitTest/PlanTest.cpp b/src/burn/test/BurnUnitTest/PlanTest.cpp
index e426cb09..25a0cb35 100644
--- a/src/burn/test/BurnUnitTest/PlanTest.cpp
+++ b/src/burn/test/BurnUnitTest/PlanTest.cpp
@@ -2990,6 +2990,18 @@ namespace Bootstrapper
            ValidateNonPermanentPackageExpectedStates(&pEngineState->packages.rgPackages[1], L"PackageA", BURN_PACKAGE_REGISTRATION_STATE_PRESENT, BURN_PACKAGE_REGISTRATION_STATE_PRESENT);
        }
+        [Fact]
+        void ValidateCacheVariables()
+        {
+            BURN_ENGINE_STATE engineState = { };
+            BURN_ENGINE_STATE* pEngineState = &engineState;
+            InitializeEngineStateForCorePlan(wzSlipstreamModifiedManifestFileName, pEngineState);
+            Assert::EndsWith(gcnew String(L".exe"), VariableGetStringHelper(&pEngineState->variables, BURN_BUNDLE_SOURCE_PROCESS_PATH));
+            Assert::EndsWith(gcnew String(L"\\"), VariableGetStringHelper(&pEngineState->variables, BURN_BUNDLE_SOURCE_PROCESS_FOLDER));
+        }
    private:
        // This doesn't initialize everything, just enough for CorePlan to work.
        void InitializeEngineStateForCorePlan(LPCWSTR wzManifestFileName, BURN_ENGINE_STATE* pEngineState)
diff --git a/src/burn/test/BurnUnitTest/precomp.h b/src/burn/test/BurnUnitTest/precomp.h
index f07f5968..ec6fb7d1 100644
--- a/src/burn/test/BurnUnitTest/precomp.h
+++ b/src/burn/test/BurnUnitTest/precomp.h
@@ -74,6 +74,7 @@
 #include "splashscreen.h"
 #include "detect.h"
 #include "externalengine.h"
+#include "approvedexe.h"
 #include "engine.version.h"

diff --git a/src/burn/test/BurnUnitTest/ApprovedExeTest.cpp b/src/burn/test/BurnUnitTest/ApprovedExeTest.cpp new file mode 100644 index 00000000..da51f1f8 --- /dev/null +++ b/src/burn/test/BurnUnitTest/ApprovedExeTest.cpp
@@ -0,0 +1,312 @@
		1	// Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information.
		2
		3	#include "precomp.h"
		4
		5	namespace Microsoft
		6	{
		7	namespace Tools
		8	{
		9	namespace WindowsInstallerXml
		10	{
		11	namespace Test
		12	{
		13	namespace Bootstrapper
		14	{
		15	using namespace System;
		16	using namespace System::IO;
		17	using namespace Xunit;
		18
		19	public ref class ApprovedExeTest : BurnUnitTest
		20	{
		21	public:
		22	ApprovedExeTest(BurnTestFixture^ fixture) : BurnUnitTest(fixture)
		23	{
		24	}
		25
		26	[Fact]
		27	void ApprovedExesVerifyPFilesTest()
		28	{
		29	HRESULT hr = S_OK;
		30	BURN_CACHE cache = { };
		31	BURN_ENGINE_COMMAND internalCommand = { };
		32	BURN_VARIABLES variables = { };
		33	LPWSTR scz = NULL;
		34	LPWSTR scz2 = NULL;
		35
		36	try
		37	{
		38	hr = VariableInitialize(&variables);
		39	NativeAssert::Succeeded(hr, L"Failed to initialize variables.");
		40
		41	hr = CacheInitialize(&cache, &internalCommand);
		42	NativeAssert::Succeeded(hr, "Failed to initialize cache.");
		43
		44	hr = VariableGetString(&variables, L"ProgramFilesFolder", &scz);
		45	NativeAssert::Succeeded(hr, "Failed to get variable ProgramFilesFolder.");
		46
		47	hr = PathConcat(scz, L"a.exe", &scz2);
		48	NativeAssert::Succeeded(hr, "Failed to combine paths");
		49
		50	hr = ApprovedExesVerifySecureLocation(&cache, &variables, scz2, 0, NULL);
		51	NativeAssert::Succeeded(hr, "Failed to test secure location under ProgramFilesFolder");
		52	Assert::True((hr == S_OK), "Path under ProgramFilesFolder was expected to be safe");
		53	}
		54	finally
		55	{
		56	ReleaseStr(internalCommand.sczEngineWorkingDirectory);
		57	ReleaseStr(scz);
		58	ReleaseStr(scz2);
		59
		60	CacheUninitialize(&cache);
		61	VariablesUninitialize(&variables);
		62	}
		63	}
		64
		65	[Fact]
		66	void ApprovedExesVerifyPFilesWithRelativeTest()
		67	{
		68	HRESULT hr = S_OK;
		69	BURN_CACHE cache = { };
		70	BURN_ENGINE_COMMAND internalCommand = { };
		71	BURN_VARIABLES variables = { };
		72	LPWSTR scz = NULL;
		73	LPWSTR scz2 = NULL;
		74
		75	try
		76	{
		77	hr = VariableInitialize(&variables);
		78	NativeAssert::Succeeded(hr, L"Failed to initialize variables.");
		79
		80	hr = CacheInitialize(&cache, &internalCommand);
		81	NativeAssert::Succeeded(hr, "Failed to initialize cache.");
		82	cache.fPerMachineCacheRootVerified = TRUE;
		83	cache.fOriginalPerMachineCacheRootVerified = TRUE;
		84
		85	hr = VariableGetString(&variables, L"ProgramFilesFolder", &scz);
		86	NativeAssert::Succeeded(hr, "Failed to get variable ProgramFilesFolder.");
		87
		88	hr = PathConcat(scz, L"..\\a.exe", &scz2);
		89	NativeAssert::Succeeded(hr, "Failed to combine paths");
		90
		91	hr = ApprovedExesVerifySecureLocation(&cache, &variables, scz2, 0, NULL);
		92	NativeAssert::Succeeded(hr, "Failed to test secure location under ProgramFilesFolder");
		93	Assert::True((hr == S_FALSE), "Path pretending to be under ProgramFilesFolder was expected to be unsafe");
		94	}
		95	finally
		96	{
		97	ReleaseStr(internalCommand.sczEngineWorkingDirectory);
		98	ReleaseStr(scz);
		99	ReleaseStr(scz2);
		100
		101	CacheUninitialize(&cache);
		102	VariablesUninitialize(&variables);
		103	}
		104	}
		105
		106	[Fact]
		107	void ApprovedExesVerifyPFiles64Test()
		108	{
		109	HRESULT hr = S_OK;
		110	BURN_CACHE cache = { };
		111	BURN_ENGINE_COMMAND internalCommand = { };
		112	BURN_VARIABLES variables = { };
		113	LPWSTR scz = NULL;
		114	LPWSTR scz2 = NULL;
		115
		116	try
		117	{
		118	hr = VariableInitialize(&variables);
		119	NativeAssert::Succeeded(hr, L"Failed to initialize variables.");
		120
		121	hr = CacheInitialize(&cache, &internalCommand);
		122	NativeAssert::Succeeded(hr, "Failed to initialize cache.");
		123
		124	hr = VariableGetString(&variables, L"ProgramFiles64Folder", &scz);
		125	NativeAssert::Succeeded(hr, "Failed to get variable ProgramFiles64Folder.");
		126
		127	hr = PathConcat(scz, L"a.exe", &scz2);
		128	NativeAssert::Succeeded(hr, "Failed to combine paths");
		129
		130	hr = ApprovedExesVerifySecureLocation(&cache, &variables, scz2, 0, NULL);
		131	NativeAssert::Succeeded(hr, "Failed to test secure location under ProgramFiles64Folder");
		132	Assert::True((hr == S_OK), "Path under ProgramFiles64Folder was expected to be safe");
		133	}
		134	finally
		135	{
		136	ReleaseStr(internalCommand.sczEngineWorkingDirectory);
		137	ReleaseStr(scz);
		138	ReleaseStr(scz2);
		139
		140	CacheUninitialize(&cache);
		141	VariablesUninitialize(&variables);
		142	}
		143	}
		144
		145	[Fact]
		146	void ApprovedExesVerifySys64FolderTest()
		147	{
		148	HRESULT hr = S_OK;
		149	BURN_CACHE cache = { };
		150	BURN_ENGINE_COMMAND internalCommand = { };
		151	BURN_VARIABLES variables = { };
		152	LPWSTR scz = NULL;
		153	LPWSTR scz2 = NULL;
		154
		155	try
		156	{
		157	hr = VariableInitialize(&variables);
		158	NativeAssert::Succeeded(hr, L"Failed to initialize variables.");
		159
		160	hr = CacheInitialize(&cache, &internalCommand);
		161	NativeAssert::Succeeded(hr, "Failed to initialize cache.");
		162	cache.fPerMachineCacheRootVerified = TRUE;
		163	cache.fOriginalPerMachineCacheRootVerified = TRUE;
		164
		165	hr = VariableGetString(&variables, L"System64Folder", &scz);
		166	NativeAssert::Succeeded(hr, "Failed to get variable System64Folder.");
		167
		168	hr = PathConcat(scz, L"a.exe", &scz2);
		169	NativeAssert::Succeeded(hr, "Failed to combine paths");
		170
		171	hr = ApprovedExesVerifySecureLocation(&cache, &variables, scz2, 0, NULL);
		172	NativeAssert::Succeeded(hr, "Failed to test secure location under System64Folder");
		173	Assert::True((hr == S_FALSE), "Path under System64Folder was expected to be unsafe");
		174	}
		175	finally
		176	{
		177	ReleaseStr(internalCommand.sczEngineWorkingDirectory);
		178	ReleaseStr(scz);
		179	ReleaseStr(scz2);
		180
		181	CacheUninitialize(&cache);
		182	VariablesUninitialize(&variables);
		183	}
		184	}
		185
		186	[Fact]
		187	void ApprovedExesVerifySys64Rundll32UnsafeTest()
		188	{
		189	HRESULT hr = S_OK;
		190	BURN_CACHE cache = { };
		191	BURN_ENGINE_COMMAND internalCommand = { };
		192	BURN_VARIABLES variables = { };
		193	LPWSTR scz = NULL;
		194	LPWSTR scz2 = NULL;
		195	LPWSTR szArgs = NULL;
		196
		197	try
		198	{
		199	hr = VariableInitialize(&variables);
		200	NativeAssert::Succeeded(hr, L"Failed to initialize variables.");
		201
		202	hr = CacheInitialize(&cache, &internalCommand);
		203	NativeAssert::Succeeded(hr, "Failed to initialize cache.");
		204	cache.fPerMachineCacheRootVerified = TRUE;
		205	cache.fOriginalPerMachineCacheRootVerified = TRUE;
		206
		207	hr = VariableGetString(&variables, L"System64Folder", &scz);
		208	NativeAssert::Succeeded(hr, "Failed to get variable System64Folder.");
		209
		210	hr = PathConcat(scz, L"rundll32.exe", &scz2);
		211	NativeAssert::Succeeded(hr, "Failed to combine paths");
		212
		213	hr = ApprovedExesVerifySecureLocation(&cache, &variables, scz2, 1, const_cast<LPCWSTR*>(&scz2));
		214	NativeAssert::Succeeded(hr, "Failed to test secure location under System64Folder");
		215	Assert::True((hr == S_FALSE), "Path under System64Folder was expected to be unsafe for rundll32 target");
		216	}
		217	finally
		218	{
		219	ReleaseStr(internalCommand.sczEngineWorkingDirectory);
		220	ReleaseStr(scz);
		221	ReleaseStr(scz2);
		222	ReleaseStr(szArgs);
		223
		224	CacheUninitialize(&cache);
		225	VariablesUninitialize(&variables);
		226	}
		227	}
		228
		229	[Fact]
		230	void ApprovedExesVerifySys64Rundll32SafeTest()
		231	{
		232	HRESULT hr = S_OK;
		233	BURN_CACHE cache = { };
		234	BURN_ENGINE_COMMAND internalCommand = { };
		235	BURN_VARIABLES variables = { };
		236	LPWSTR scz = NULL;
		237	LPWSTR scz2 = NULL;
		238	LPWSTR scz3 = NULL;
		239
		240	try
		241	{
		242	hr = VariableInitialize(&variables);
		243	NativeAssert::Succeeded(hr, L"Failed to initialize variables.");
		244
		245	hr = CacheInitialize(&cache, &internalCommand);
		246	NativeAssert::Succeeded(hr, "Failed to initialize cache.");
		247	cache.fPerMachineCacheRootVerified = TRUE;
		248	cache.fOriginalPerMachineCacheRootVerified = TRUE;
		249
		250	// System64Folder
		251	hr = VariableGetString(&variables, L"System64Folder", &scz);
		252	NativeAssert::Succeeded(hr, "Failed to get variable System64Folder.");
		253
		254	hr = PathConcat(scz, L"rundll32.exe", &scz2);
		255	NativeAssert::Succeeded(hr, "Failed to combine paths");
		256
		257	hr = VariableGetString(&variables, L"ProgramFiles64Folder", &scz);
		258	NativeAssert::Succeeded(hr, "Failed to get variable ProgramFiles64Folder.");
		259
		260	hr = PathConcat(scz, L"a.dll", &scz3);
		261	NativeAssert::Succeeded(hr, "Failed to combine paths");
		262
		263	hr = ApprovedExesVerifySecureLocation(&cache, &variables, scz2, 1, const_cast<LPCWSTR*>(&scz3));
		264	NativeAssert::Succeeded(hr, "Failed to test secure location under ProgramFiles64Folder for System64Folder/rundll32 target");
		265	Assert::True((hr == S_OK), "Path under ProgramFiles64Folder was expected to be safe for System64Folder/rundll32 target");
		266
		267	hr = PathConcat(scz, L"a.dll,somthing else", &scz3);
		268	NativeAssert::Succeeded(hr, "Failed to combine paths");
		269
		270	hr = ApprovedExesVerifySecureLocation(&cache, &variables, scz2, 1, const_cast<LPCWSTR*>(&scz3));
		271	NativeAssert::Succeeded(hr, "Failed to test secure location under ProgramFiles64Folder for rundll32 target");
		272	Assert::True((hr == S_OK), "Path under ProgramFiles64Folder was expected to be safe for System64Folder/rundll32 target");
		273
		274	// SystemFolder
		275	hr = VariableGetString(&variables, L"SystemFolder", &scz);
		276	NativeAssert::Succeeded(hr, "Failed to get variable System64Folder.");
		277
		278	hr = PathConcat(scz, L"rundll32.exe", &scz2);
		279	NativeAssert::Succeeded(hr, "Failed to combine paths");
		280
		281	hr = ApprovedExesVerifySecureLocation(&cache, &variables, scz2, 1, const_cast<LPCWSTR*>(&scz3));
		282	NativeAssert::Succeeded(hr, "Failed to test secure location under ProgramFiles64Folder for SystemFolder/rundll32 target");
		283	Assert::True((hr == S_OK), "Path under ProgramFiles64Folder was expected to be safe for SystemFolder/rundll32 target");
		284
		285	// Sysnative
		286	hr = PathSystemWindowsSubdirectory(L"SysNative\\", &scz);
		287	NativeAssert::Succeeded(hr, "Failed to get SysNative Folder.");
		288
		289	hr = PathConcat(scz, L"rundll32.exe", &scz2);
		290	NativeAssert::Succeeded(hr, "Failed to combine paths");
		291
		292	hr = ApprovedExesVerifySecureLocation(&cache, &variables, scz2, 1, const_cast<LPCWSTR*>(&scz3));
		293	NativeAssert::Succeeded(hr, "Failed to test secure location under ProgramFiles64Folder for Sysnative/rundll32 target");
		294	Assert::True((hr == S_OK), "Path under ProgramFiles64Folder was expected to be safe for Sysnative/rundll32 target");
		295	}
		296	finally
		297	{
		298	ReleaseStr(internalCommand.sczEngineWorkingDirectory);
		299	ReleaseStr(scz);
		300	ReleaseStr(scz2);
		301	ReleaseStr(scz3);
		302
		303	CacheUninitialize(&cache);
		304	VariablesUninitialize(&variables);
		305	}
		306	}
		307	};
		308	}
		309	}
		310	}
		311	}
		312	}


diff --git a/src/burn/test/BurnUnitTest/BurnUnitTest.vcxproj b/src/burn/test/BurnUnitTest/BurnUnitTest.vcxproj index 331d237b..63d089e4 100644 --- a/src/burn/test/BurnUnitTest/BurnUnitTest.vcxproj +++ b/src/burn/test/BurnUnitTest/BurnUnitTest.vcxproj
@@ -45,6 +45,7 @@
45		45
46	<ItemGroup>	46	<ItemGroup>
47	<ClCompile Include="AssemblyInfo.cpp" />	47	<ClCompile Include="AssemblyInfo.cpp" />
		48	<ClCompile Include="ApprovedExeTest.cpp" />
48	<ClCompile Include="CacheTest.cpp" />	49	<ClCompile Include="CacheTest.cpp" />
49	<ClCompile Include="ElevationTest.cpp" />	50	<ClCompile Include="ElevationTest.cpp" />
50	<ClCompile Include="EmbeddedTest.cpp" />	51	<ClCompile Include="EmbeddedTest.cpp" />


diff --git a/src/burn/test/BurnUnitTest/BurnUnitTest.vcxproj.filters b/src/burn/test/BurnUnitTest/BurnUnitTest.vcxproj.filters index 82725436..59aea6e9 100644 --- a/src/burn/test/BurnUnitTest/BurnUnitTest.vcxproj.filters +++ b/src/burn/test/BurnUnitTest/BurnUnitTest.vcxproj.filters
@@ -66,6 +66,9 @@
66	<ClCompile Include="VariantTest.cpp">	66	<ClCompile Include="VariantTest.cpp">
67	<Filter>Source Files</Filter>	67	<Filter>Source Files</Filter>
68	</ClCompile>	68	</ClCompile>
		69	<ClCompile Include="ApprovedExeTest.cpp">
		70	<Filter>Source Files</Filter>
		71	</ClCompile>
69	</ItemGroup>	72	</ItemGroup>
70	<ItemGroup>	73	<ItemGroup>
71	<ClInclude Include="BurnTestException.h">	74	<ClInclude Include="BurnTestException.h">
@@ -95,4 +98,4 @@
95	<Filter>Resource Files</Filter>	98	<Filter>Resource Files</Filter>
96	</ResourceCompile>	99	</ResourceCompile>
97	</ItemGroup>	100	</ItemGroup>
98	</Project> \ No newline at end of file	101	</Project>


diff --git a/src/burn/test/BurnUnitTest/PlanTest.cpp b/src/burn/test/BurnUnitTest/PlanTest.cpp index e426cb09..25a0cb35 100644 --- a/src/burn/test/BurnUnitTest/PlanTest.cpp +++ b/src/burn/test/BurnUnitTest/PlanTest.cpp
@@ -2990,6 +2990,18 @@ namespace Bootstrapper
2990	ValidateNonPermanentPackageExpectedStates(&pEngineState->packages.rgPackages[1], L"PackageA", BURN_PACKAGE_REGISTRATION_STATE_PRESENT, BURN_PACKAGE_REGISTRATION_STATE_PRESENT);	2990	ValidateNonPermanentPackageExpectedStates(&pEngineState->packages.rgPackages[1], L"PackageA", BURN_PACKAGE_REGISTRATION_STATE_PRESENT, BURN_PACKAGE_REGISTRATION_STATE_PRESENT);
2991	}	2991	}
2992		2992
		2993	[Fact]
		2994	void ValidateCacheVariables()
		2995	{
		2996	BURN_ENGINE_STATE engineState = { };
		2997	BURN_ENGINE_STATE* pEngineState = &engineState;
		2998
		2999	InitializeEngineStateForCorePlan(wzSlipstreamModifiedManifestFileName, pEngineState);
		3000
		3001	Assert::EndsWith(gcnew String(L".exe"), VariableGetStringHelper(&pEngineState->variables, BURN_BUNDLE_SOURCE_PROCESS_PATH));
		3002	Assert::EndsWith(gcnew String(L"\\"), VariableGetStringHelper(&pEngineState->variables, BURN_BUNDLE_SOURCE_PROCESS_FOLDER));
		3003	}
		3004
2993	private:	3005	private:
2994	// This doesn't initialize everything, just enough for CorePlan to work.	3006	// This doesn't initialize everything, just enough for CorePlan to work.
2995	void InitializeEngineStateForCorePlan(LPCWSTR wzManifestFileName, BURN_ENGINE_STATE* pEngineState)	3007	void InitializeEngineStateForCorePlan(LPCWSTR wzManifestFileName, BURN_ENGINE_STATE* pEngineState)


diff --git a/src/burn/test/BurnUnitTest/precomp.h b/src/burn/test/BurnUnitTest/precomp.h index f07f5968..ec6fb7d1 100644 --- a/src/burn/test/BurnUnitTest/precomp.h +++ b/src/burn/test/BurnUnitTest/precomp.h
@@ -74,6 +74,7 @@
74	#include "splashscreen.h"	74	#include "splashscreen.h"
75	#include "detect.h"	75	#include "detect.h"
76	#include "externalengine.h"	76	#include "externalengine.h"
		77	#include "approvedexe.h"
77		78
78	#include "engine.version.h"	79	#include "engine.version.h"
79		80