Handle waiver expiration dates being YAML strings

This is technically incorrect YAML, but if you transcode YAML between several tools you may end up with a date/time value being an explicit string. It would be helpful if InSpec supported any string value that easily translates to a Time. Signed-off-by: James Stocks <jstocks@chef.io>
2024-11-10 15:14:23 +00:00 · 2020-05-20 14:46:09 +01:00 · 2020-05-20 14:46:09 +01:00 · 350c0bfe8f
commit 350c0bfe8f
parent 35e36ad40a
4 changed files with 37 additions and 3 deletions
--- a/lib/inspec/rule.rb
+++ b/lib/inspec/rule.rb
@ -353,9 +353,12 @@ module Inspec
      # if so, is it in the future?
      expiry = __waiver_data["expiration_date"]
      if expiry
-        # YAML will automagically give us a Date or a Time
-        if [Date, Time].include?(expiry.class)
+        # YAML will automagically give us a Date or a Time.
+        # If transcoding YAML between languages (e.g. Go) the date might have also ended up as a String.
+        # A string that does not represent a valid time results in the date 0000-01-01.
+        if [Date, Time].include?(expiry.class) || (expiry.is_a?(String) && Time.new(expiry).year != 0)
          expiry = expiry.to_time if expiry.is_a? Date
+          expiry = Time.new(expiry) if expiry.is_a? String
          if expiry < Time.now # If the waiver expired, return - no skip applied
            __waiver_data["message"] = "Waiver expired on #{expiry}, evaluating control normally"
            return
--- a/test/fixtures/profiles/waivers/basic/controls/basic.rb
+++ b/test/fixtures/profiles/waivers/basic/controls/basic.rb
@ -52,4 +52,17 @@ end

 control "14_waivered_expiry_in_future_z_not_ran" do
  describe(true) { it { should eq true } }
+end
+
+# If transcoding YAML between languages, a date might end up as an explicit string in YAML
+control "15_waivered_expiry_in_future_string_ran_passes" do
+  describe(true) { it { should eq true } }
+end
+
+control "16_waivered_expiry_in_future_string_ran_fails" do
+  describe(true) { it { should eq false } }
+end
+
+control "17_waivered_expiry_in_future_string_not_ran" do
+  describe(true) { it { should eq true } }
 end
--- a/test/fixtures/profiles/waivers/basic/files/waivers.yaml
+++ b/test/fixtures/profiles/waivers/basic/files/waivers.yaml
@ -53,4 +53,19 @@
 14_waivered_expiry_in_future_z_not_ran:
  expiration_date: 2077-11-10T00:00:00Z
  justification: Lack of imagination
-  run: false  
+  run: false
+
+15_waivered_expiry_in_future_string_ran_passes:
+  expiration_date: "2077-06-01"
+  justification: Handwaving
+  run: true
+
+16_waivered_expiry_in_future_string_ran_fails:
+  expiration_date: "2077-06-01"
+  justification: Didn't feel like it
+  run: true
+
+17_waivered_expiry_in_future_string_not_ran:
+  expiration_date: "2077-06-01"
+  justification: Lack of imagination
+  run: false  
--- a/test/functional/waivers_test.rb
+++ b/test/functional/waivers_test.rb
@ -95,6 +95,9 @@ describe "waivers" do
      "12_waivered_expiry_in_future_z_ran_passes"       => "passed",
      "13_waivered_expiry_in_future_z_ran_fails"        => "failed",
      "14_waivered_expiry_in_future_z_not_ran"          => "skipped",
+      "15_waivered_expiry_in_future_string_ran_passes"  => "passed",
+      "16_waivered_expiry_in_future_string_ran_fails"   => "failed",
+      "17_waivered_expiry_in_future_string_not_ran"     => "skipped",
    }.each do |control_id, expected|
      it "has all of the expected outcomes #{control_id}" do
        assert_test_outcome expected, control_id