auditd_rules resource: fix get_keys error on lines that have no keys (#2103)

* Added line to fix bug when no key in file rule and updated test to validate bug fix

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Updated to consider corner case

Signed-off-by: Jennifer Burns <jburns@mitre.org>

lib/resources/auditd_rules.rb

@@ -177,7 +177,7 @@ module Inspec::Resources
 
     # NB only in file lines
     def get_key(line)
-      line.match(/-k ([^ ]+)/)[1]
+      line.match(/-k ([^ ]+)/)[1] if line.include?('-k ')
     end
 
     # NOTE there are NO precautions wrt. filenames containing spaces in auditctl

test/unit/mock/cmd/auditctl

@@ -1,3 +1,5 @@
 -a always,exit -F arch=b64 -S open,openat -F exit=-EACCES -F key=access
 -a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=500 f24!=0 -F key=perm_mod
 -w /etc/ssh/sshd_config -p rwxa -k CFG_sshd_config
+-w /etc/sudoers -p wa
+-w /etc/private-keys -p x

test/unit/resources/auditd_rules_test.rb

@@ -12,6 +12,8 @@ describe 'Inspec::Resources::AuditDaemonRules' do
        '-a always,exit -F arch=b64 -S open,openat -F exit=-EACCES -F key=access',
        '-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=500 f24!=0 -F key=perm_mod',
        '-w /etc/ssh/sshd_config -p rwxa -k CFG_sshd_config',
+       '-w /etc/sudoers -p wa',
+       '-w /etc/private-keys -p x',
     ]
   end
 
@@ -56,6 +58,13 @@ describe 'Inspec::Resources::AuditDaemonRules' do
     ]
   end
 
+  it 'check auditd_rules file interface with no keys' do
+    resource = MockLoader.new(:centos7).load_resource('auditd_rules')
+    _(resource.send('file', '/etc/private-keys').send('rules')).must_equal [
+      { file: '/etc/private-keys', key: nil, permissions: 'x'},
+    ]
+  end
+
   it 'check auditd_rules status interface' do
     resource = MockLoader.new(:centos7).load_resource('auditd_rules')
     _(resource.send('status')).must_equal({