Last active
August 29, 2015 14:04
-
-
Save vors/528faab6411db74869d4 to your computer and use it in GitHub Desktop.
This is a demo of unsecure and secure usage of PowerShell.AddScript()
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
namespace testSandbox | |
{ | |
using System.Collections.Generic; | |
using System.IO; | |
using System.Linq; | |
using System.Management.Automation; | |
using System; | |
using Microsoft.VisualStudio.TestTools.UnitTesting; | |
public class LsHelper | |
{ | |
public class LsResult | |
{ | |
public IEnumerable<string> Files { get; set; } | |
public ErrorRecord[] Errors { get; set; } | |
} | |
public static LsResult CallLsWithoutScript(string path) | |
{ | |
using (PowerShell ps = PowerShell.Create()) | |
{ | |
ps.AddCommand("ls").AddParameter("Path", path).AddCommand("Foreach-Object").AddParameter("MemberName", "FullName"); | |
var res = ps.Invoke(); | |
return new LsResult() | |
{ | |
Errors = ps.Streams.Error.ToArray(), | |
Files = res.Where(x => x != null).Select(x => x.BaseObject).OfType<string>(), | |
}; | |
} | |
} | |
public static LsResult CallLs(string path) | |
{ | |
using (PowerShell ps = PowerShell.Create()) | |
{ | |
string script = String.Format("(ls {0}).FullName", path); | |
ps.AddScript(script); | |
var res = ps.Invoke(); | |
return new LsResult() | |
{ | |
Errors = ps.Streams.Error.ToArray(), | |
Files = res.Where(x => x != null).Select(x => x.BaseObject).OfType<string>(), | |
}; | |
} | |
} | |
public static LsResult CallLsSecure(string path) | |
{ | |
using (PowerShell ps = PowerShell.Create()) | |
{ | |
const string script = @"function CallLs($path) {return (ls $path).FullName}"; | |
ps.AddScript(script); | |
ps.Invoke(); | |
ps.Commands.Clear(); | |
ps.AddCommand("CallLs").AddParameter("path", path); | |
var res = ps.Invoke(); | |
return new LsResult() | |
{ | |
Errors = ps.Streams.Error.ToArray(), | |
Files = res.Where(x => x != null).Select(x => x.BaseObject).OfType<string>(), | |
}; | |
} | |
} | |
} | |
[TestClass] | |
public class PowerShellScriptInjectionTests | |
{ | |
private string tempFolder = @"D:\test"; | |
[TestInitialize] | |
public void Init() | |
{ | |
if (Directory.Exists(tempFolder)) | |
{ | |
using (PowerShell ps = PowerShell.Create()) | |
{ | |
ps.AddScript("rm -rec " + tempFolder); | |
ps.Invoke(); | |
} | |
} | |
Directory.CreateDirectory(tempFolder); | |
File.Create(Path.Combine(tempFolder, "1.txt")); | |
File.Create(Path.Combine(tempFolder, "2.txt")); | |
} | |
[TestMethod] | |
public void TestCallLs() | |
{ | |
var lsResult = LsHelper.CallLs(tempFolder); | |
var files = lsResult.Files; | |
Assert.AreEqual(2, files.Count()); | |
Assert.AreEqual(0, lsResult.Errors.Count()); | |
} | |
[TestMethod] | |
public void TestCallLsSecure() | |
{ | |
var lsResult = LsHelper.CallLsSecure(tempFolder); | |
var files = lsResult.Files; | |
Assert.AreEqual(2, files.Count()); | |
Assert.AreEqual(0, lsResult.Errors.Count()); | |
} | |
[TestMethod] | |
public void TestCallLsCommand() | |
{ | |
var lsResult = LsHelper.CallLsWithoutScript(tempFolder); | |
var files = lsResult.Files; | |
Assert.AreEqual(2, files.Count()); | |
Assert.AreEqual(0, lsResult.Errors.Count()); | |
} | |
[TestMethod] | |
public void TestCallLsBadThingHappen() | |
{ | |
var lsResult = LsHelper.CallLs("| Out-Null); mkdir " + tempFolder + @"\powned | Out-Null; (ls " + tempFolder); | |
var files = lsResult.Files; | |
Assert.AreEqual(3, files.Count()); | |
Assert.AreEqual(0, lsResult.Errors.Count()); | |
} | |
[TestMethod] | |
public void TestCallLsSecureBadThingHappen() | |
{ | |
var lsResult = LsHelper.CallLsSecure("| Out-Null); mkdir " + tempFolder + @"\powned | Out-Null; (ls " + tempFolder); | |
var files = lsResult.Files; | |
Assert.AreEqual(0, files.Count()); | |
Assert.AreEqual(1, lsResult.Errors.Count()); | |
Assert.AreEqual(@"Cannot find drive. A drive with the name '| Out-Null); mkdir D' does not exist.", lsResult.Errors[0].ToString()); | |
} | |
[TestMethod] | |
public void TestCallLsCommandBadThingHappen() | |
{ | |
var lsResult = LsHelper.CallLsWithoutScript("| Out-Null); mkdir " + tempFolder + @"\powned | Out-Null; (ls " + tempFolder); | |
var files = lsResult.Files; | |
Assert.AreEqual(0, files.Count()); | |
Assert.AreEqual(1, lsResult.Errors.Count()); | |
Assert.AreEqual(@"Cannot find drive. A drive with the name '| Out-Null); mkdir D' does not exist.", lsResult.Errors[0].ToString()); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment