From 4ac982a3ddfc07643f06be4c16c880e1e24f1bb0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Damian=20B=C3=BCchel?= <damian.buechel@let.ethz.ch>
Date: Wed, 1 Nov 2023 09:23:37 +0100
Subject: [PATCH] SEBWIN-772: Added user-specific cursor path to verification.

---
 .../Operations/SessionIntegrityOperation.cs           | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/SafeExamBrowser.Runtime/Operations/SessionIntegrityOperation.cs b/SafeExamBrowser.Runtime/Operations/SessionIntegrityOperation.cs
index 30224b7f..74fd9600 100644
--- a/SafeExamBrowser.Runtime/Operations/SessionIntegrityOperation.cs
+++ b/SafeExamBrowser.Runtime/Operations/SessionIntegrityOperation.cs
@@ -18,6 +18,9 @@ namespace SafeExamBrowser.Runtime.Operations
 {
 	internal class SessionIntegrityOperation : SessionOperation
 	{
+		private static readonly string USER_PATH = $@"{Environment.ExpandEnvironmentVariables("%LocalAppData%")}\Microsoft\Windows\Cursors\";
+		private static readonly string SYSTEM_PATH = $@"{Environment.ExpandEnvironmentVariables("%SystemRoot%")}\Cursors\";
+
 		private readonly ILogger logger;
 		private readonly IRegistry registry;
 
@@ -66,7 +69,6 @@ namespace SafeExamBrowser.Runtime.Operations
 		private bool VerifyCursorConfiguration()
 		{
 			var success = true;
-			var systemPath = $@"{Environment.ExpandEnvironmentVariables("%SystemRoot%")}\Cursors\";
 
 			logger.Info($"Attempting to verify cursor configuration...");
 
@@ -75,7 +77,7 @@ namespace SafeExamBrowser.Runtime.Operations
 				foreach (var cursor in cursors.Where(c => !string.IsNullOrWhiteSpace(c)))
 				{
 					success &= registry.TryRead(RegistryValue.UserHive.Cursors_Key, cursor, out var value);
-					success &= value == default || !(value is string) || (value is string path && (string.IsNullOrWhiteSpace(path) || path.StartsWith(systemPath, StringComparison.OrdinalIgnoreCase)));
+					success &= value == default || !(value is string) || (value is string path && (string.IsNullOrWhiteSpace(path) || IsValidCursorPath(path)));
 
 					if (!success)
 					{
@@ -98,6 +100,11 @@ namespace SafeExamBrowser.Runtime.Operations
 			return success;
 		}
 
+		private bool IsValidCursorPath(string path)
+		{
+			return path.StartsWith(USER_PATH, StringComparison.OrdinalIgnoreCase) || path.StartsWith(SYSTEM_PATH, StringComparison.OrdinalIgnoreCase);
+		}
+
 		private bool VerifyEaseOfAccessConfiguration()
 		{
 			var success = false;