Follow symlinks in the FileRegexMatch procedure (#1173)

Author: robertwoj-microsoft

src/modules/complianceengine/src/lib/procedures/FileRegexMatch.cpp

@@ -144,11 +144,28 @@ Result<Status> AuditFileRegexMatch(const AuditFileRegexMatchParams& params, Indi
     struct dirent* entry = nullptr;
     for (errno = 0, entry = readdir(dir); nullptr != entry; errno = 0, entry = readdir(dir))
     {
-        if (entry->d_type != DT_REG)
+        if (entry->d_type != DT_REG && entry->d_type != DT_LNK)
         {
             continue;
         }
 
+        if (entry->d_type == DT_LNK)
+        {
+            struct stat st;
+            if (0 != stat((params.path + "/" + entry->d_name).c_str(), &st))
+            {
+                const int status = errno;
+                OsConfigLogInfo(context.GetLogHandle(), "Failed to stat file '%s/%s': %s", params.path.c_str(), entry->d_name, strerror(status));
+                errorCount++;
+                continue;
+            }
+
+            if (!S_ISREG(st.st_mode))
+            {
+                continue;
+            }
+        }
+
         if (!regex_match(entry->d_name, params.filenamePattern))
         {
             OsConfigLogDebug(context.GetLogHandle(), "Ignoring file '%s' in directory '%s'", entry->d_name, params.path.c_str());

src/modules/complianceengine/tests/procedures/FileRegexMatchTest.cpp

@@ -527,3 +527,64 @@ TEST_F(FileRegexMatchTest, Audit_TestPattern)
     ASSERT_TRUE(result.HasValue());
     EXPECT_EQ(result.Value(), Status::Compliant);
 }
+
+TEST_F(FileRegexMatchTest, Audit_SymlinkFollow_1)
+{
+    MakeTempfile("test");
+    const auto targetFilename = mTempfiles.back();
+    const auto linkFilename = targetFilename + ".link";
+
+    AuditFileRegexMatchParams params;
+    params.path = mTempdir;
+    params.filenamePattern = regex(".*\\.link");
+    params.matchOperation = Operation::Match;
+    params.matchPattern = R"(^test$)";
+    params.behavior = Behavior::AtLeastOneExists;
+
+    ASSERT_EQ(0, symlink(targetFilename.c_str(), linkFilename.c_str()));
+    auto result = AuditFileRegexMatch(params, mIndicators, mContext);
+    EXPECT_EQ(0, unlink(linkFilename.c_str()));
+    ASSERT_TRUE(result.HasValue());
+    EXPECT_EQ(result.Value(), Status::Compliant);
+}
+
+TEST_F(FileRegexMatchTest, Audit_SymlinkFollow_2)
+{
+    MakeTempfile("test");
+    const auto targetFilename = mTempfiles.back();
+    const auto linkFilename = targetFilename + ".link";
+
+    AuditFileRegexMatchParams params;
+    params.path = mTempdir;
+    params.filenamePattern = regex(".*\\.link");
+    params.matchOperation = Operation::Match;
+    params.matchPattern = R"(^foo$)"; // pattern mismatch against 'test'
+    params.behavior = Behavior::AtLeastOneExists;
+
+    ASSERT_EQ(0, symlink(targetFilename.c_str(), linkFilename.c_str()));
+    auto result = AuditFileRegexMatch(params, mIndicators, mContext);
+    EXPECT_EQ(0, unlink(linkFilename.c_str()));
+    ASSERT_TRUE(result.HasValue());
+    EXPECT_EQ(result.Value(), Status::NonCompliant);
+}
+
+TEST_F(FileRegexMatchTest, Audit_SymlinkFollow_Directory)
+{
+    const auto targetDirectory = std::string(mTempdir) + "/Audit_SymlinkFollow_Directory";
+    const auto linkFilename = targetDirectory + ".link";
+
+    AuditFileRegexMatchParams params;
+    params.path = mTempdir;
+    params.filenamePattern = regex(".*\\.link");
+    params.matchOperation = Operation::Match;
+    params.matchPattern = R"(.*)";
+    params.behavior = Behavior::NoneExist;
+
+    ASSERT_EQ(0, mkdir(targetDirectory.c_str(), 0755));
+    EXPECT_EQ(0, symlink(targetDirectory.c_str(), linkFilename.c_str()));
+    auto result = AuditFileRegexMatch(params, mIndicators, mContext);
+    EXPECT_EQ(0, unlink(linkFilename.c_str()));
+    EXPECT_EQ(0, rmdir(targetDirectory.c_str()));
+    ASSERT_TRUE(result.HasValue());
+    EXPECT_EQ(result.Value(), Status::Compliant);
+}