Allow for waiver time as well as date

Fixes #5037 The YAML parser may parse a waiver timestamp as a Time rather than a Date. Even when the user doesn't care about time, they may be using a tool that outputs YAML with trailing zeroes for hour, minutes, seconds etc. Signed-off-by: James Stocks <jstocks@chef.io>
2024-11-23 05:03:07 +00:00 · 2020-05-20 12:06:30 +01:00 · 2020-05-20 12:06:30 +01:00 · 35e36ad40a
commit 35e36ad40a
parent 5cf742055b
4 changed files with 34 additions and 3 deletions
--- a/lib/inspec/rule.rb
+++ b/lib/inspec/rule.rb
@ -353,9 +353,10 @@ module Inspec
      # if so, is it in the future?
      expiry = __waiver_data["expiration_date"]
      if expiry
-        if expiry.is_a?(Date)
-          # It appears that yaml.rb automagically parses dates for us
-          if expiry < Date.today # If the waiver expired, return - no skip applied
+        # YAML will automagically give us a Date or a Time
+        if [Date, Time].include?(expiry.class)
+          expiry = expiry.to_time if expiry.is_a? Date
+          if expiry < Time.now # If the waiver expired, return - no skip applied
            __waiver_data["message"] = "Waiver expired on #{expiry}, evaluating control normally"
            return
          end
--- a/test/fixtures/profiles/waivers/basic/controls/basic.rb
+++ b/test/fixtures/profiles/waivers/basic/controls/basic.rb
@ -41,3 +41,15 @@ end
 control "11_waivered_expiry_in_future_not_ran" do
  describe(true) { it { should eq true } }
 end
+
+control "12_waivered_expiry_in_future_z_ran_passes" do
+  describe(true) { it { should eq true } }
+end
+
+control "13_waivered_expiry_in_future_z_ran_fails" do
+  describe(true) { it { should eq false } }
+end
+
+control "14_waivered_expiry_in_future_z_not_ran" do
+  describe(true) { it { should eq true } }
+end
--- a/test/fixtures/profiles/waivers/basic/files/waivers.yaml
+++ b/test/fixtures/profiles/waivers/basic/files/waivers.yaml
@ -39,3 +39,18 @@
  expiration_date: 2077-06-01
  justification: Lack of imagination
  run: false
+
+12_waivered_expiry_in_future_z_ran_passes:
+  expiration_date: 2077-11-10T00:00:00Z
+  justification: Handwaving
+  run: true
+
+13_waivered_expiry_in_future_z_ran_fails:
+  expiration_date: 2077-11-10T00:00:00Z
+  justification: Didn't feel like it
+  run: true
+
+14_waivered_expiry_in_future_z_not_ran:
+  expiration_date: 2077-11-10T00:00:00Z
+  justification: Lack of imagination
+  run: false  
--- a/test/functional/waivers_test.rb
+++ b/test/functional/waivers_test.rb
@ -92,6 +92,9 @@ describe "waivers" do
      "09_waivered_expiry_in_future_ran_passes"         => "passed",
      "10_waivered_expiry_in_future_ran_fails"          => "failed",
      "11_waivered_expiry_in_future_not_ran"            => "skipped",
+      "12_waivered_expiry_in_future_z_ran_passes"       => "passed",
+      "13_waivered_expiry_in_future_z_ran_fails"        => "failed",
+      "14_waivered_expiry_in_future_z_not_ran"          => "skipped",
    }.each do |control_id, expected|
      it "has all of the expected outcomes #{control_id}" do
        assert_test_outcome expected, control_id