Merged PR 787205: Revert "Merged PR 784626: Allowlist rules should not be affected by '\\?\' pa...

Potentially causing incident 507986920 Revert "Merged PR 784626: Allowlist rules should not be affected by '\\?\' path prefix" This reverts commit c581dcee03. Related work items: #2165593
2024-05-29 16:49:41 +00:00 · 2024-05-29 16:49:41 +00:00 · 99a7993181
--- a/Public/Src/Engine/ProcessPipExecutor/FileAccessAllowlist.cs
+++ b/Public/Src/Engine/ProcessPipExecutor/FileAccessAllowlist.cs
@ -9,12 +9,11 @@ using System.Diagnostics.ContractsLight;
 using System.Linq;
 using System.Text.RegularExpressions;
 using System.Threading.Tasks;
-using BuildXL.Native.IO.Windows;
 using BuildXL.Pips.Operations;
 using BuildXL.Processes;
+using BuildXL.Utilities.Core;
 using BuildXL.Utilities.Collections;
 using BuildXL.Utilities.Configuration;
-using BuildXL.Utilities.Core;
 using BuildXL.Utilities.Instrumentation.Common;

 namespace BuildXL.ProcessPipExecutor
@ -453,7 +452,7 @@ namespace BuildXL.ProcessPipExecutor
        /// Match a given access-rule fragment against a ReportedFileAccess.
        /// </summary>
        /// <remarks>
-        /// Case insensitive since our first target is Windows, which has case-insensitive filesystem semantics. That decision
+        /// Case insensitive since our first target is Windows, which has case-insensitive filesystem semantics.  That decision
        /// might need to be revisited in the future.
        /// </remarks>
        internal static bool PathFilterMatches(
@ -465,27 +464,7 @@ namespace BuildXL.ProcessPipExecutor
            Contract.Requires((pathRegex.Options & RegexOptions.IgnoreCase) != 0);
            Contract.Requires((pathRegex.Options & RegexOptions.CultureInvariant) != 0);

-            // A file access might start with a known prefix. Such prefixes are not common, so some users might not be aware of them.
-            // We "normalize" the path (by setting the proper start index) here to avoid erroneous regex mismatch. 
-            var reportedFileAccessPath = reportedFileAccess.GetPath(pathTable);
-            int prefixLength = 0;
-            if (OperatingSystemHelper.IsWindowsOS)
-            {
-                if (reportedFileAccessPath.StartsWith(FileSystemWin.LongPathPrefix))
-                {
-                    prefixLength = FileSystemWin.LongPathPrefix.Length;
-                }
-                else if (reportedFileAccessPath.StartsWith(FileSystemWin.NtPathPrefix))
-                {
-                    prefixLength = FileSystemWin.NtPathPrefix.Length;
-                }
-            }
-
-#if NET8_0_OR_GREATER
-            return pathRegex.IsMatch(reportedFileAccessPath.AsSpan(prefixLength));
-#else
-            return prefixLength > 0 ? pathRegex.IsMatch(reportedFileAccessPath.Substring(prefixLength)) : pathRegex.IsMatch(reportedFileAccessPath);
-#endif
+            return pathRegex.IsMatch(reportedFileAccess.GetPath(pathTable));
        }

        internal static MatchType Match(bool matches, bool entryAllowsCaching)
--- a/Public/Src/Engine/UnitTests/Processes/FileAccessAllowlistTests.cs
+++ b/Public/Src/Engine/UnitTests/Processes/FileAccessAllowlistTests.cs
@ -2,15 +2,14 @@
 // Licensed under the MIT License.

 using System.IO;
-using System.Linq;
 using System.Threading.Tasks;
-using BuildXL.Native.IO;
 using BuildXL.Processes;
 using BuildXL.ProcessPipExecutor;
 using BuildXL.Utilities.Core;
 using BuildXL.Utilities.Configuration;
 using Test.BuildXL.TestUtilities.Xunit;
 using Xunit;
+using System.Linq;

 namespace Test.BuildXL.Processes
 {
@ -114,50 +113,5 @@ namespace Test.BuildXL.Processes
                XAssert.AreEqual(executableEntry5.PathRegex.ToString(), deserialized.ExecutableNoToolPathEntries.FirstOrDefault(e => e.Name == executableEntry5.Name).PathRegex.ToString());
            }
        }
-
-        /// <summary>
-        /// Validates that known pathPrefix index is correctly captured in file access paths on Windows.
-        /// </summary>
-        [TheoryIfSupported(requiresWindowsBasedOperatingSystem: true)]
-        [InlineData(@"^c:\\foo\\.*", @"\\?\c:\foo\\bar.txt", true)]
-        [InlineData(@"c:\\foo\\.*", @"\\?\c:\foo\bar.txt", true)]
-        [InlineData(@"c:\\baz\\.*", @"\\?\c:\foo\baz.txt", false)]
-        [InlineData(@"c:\\foo.*", @"\\?\c:\foo.txt", true)]
-        [InlineData(@"c:\\foo.*", @"c:\foo.txt", true)]
-        [InlineData(@"c:\\baz\\.*", @"\\?\c:\foo\baz.txt", false)]
-        public void ValidatePathPrefixRemoval(string pattern, string fileAccessPath, bool isMatch)
-        {
-            var context = BuildXLContext.CreateInstanceForTesting();
-            var pathTable = context.PathTable;
-            XAssert.AreEqual(
-                FileAccessAllowlist.PathFilterMatches(
-                    FileAccessAllowlist.RegexWithProperties(pattern).Regex,
-                    CreateReportedFileAccessPath(fileAccessPath),
-                    pathTable),
-                isMatch);
-        }
-
-        /// <summary>
-        /// Helper method to create ReportedFileAccessPath.
-        /// </summary>
-        private ReportedFileAccess CreateReportedFileAccessPath(string path)
-        {
-            var process = new ReportedProcess(1000, "/usr/bin/touch");
-
-            return new ReportedFileAccess(ReportedFileOperation.GetFileAttributes,
-                process,
-                RequestedAccess.Read,
-                FileAccessStatus.Allowed,
-                true,
-                0,
-                Usn.Zero,
-                DesiredAccess.GENERIC_READ,
-                ShareMode.FILE_SHARE_READ,
-                CreationDisposition.OPEN_EXISTING,
-                FlagsAndAttributes.FILE_ATTRIBUTE_NORMAL,
-                AbsolutePath.Invalid,
-                path,
-                "*");
-        }
    }
 }