From 7bb7767dae8d3ffd061f575b3a0c89c009d3b0b5 Mon Sep 17 00:00:00 2001
From: Jared Quick <quick.jared@gmail.com>
Date: Fri, 6 Oct 2017 09:41:48 -0400
Subject: [PATCH] Add nil check for sshd config file (#2217)

* Add nil check for sshd config file

This fixes #1778. There was a issue where if the user did not have read
permissions on /etc/ssh/sshd_config it would error out on the empty?
check. The fix here is to also look for nil on the file content. Along
with this I refactored the inspec file empty? check as it does not exist
and was also erroring during my testing.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add emptyfile test object and refactor tests

Signed-off-by: Jared Quick <jquick@chef.io>
---
 lib/resources/ssh_conf.rb            |  2 +-
 test/helper.rb                       |  5 +++++
 test/unit/mock/files/emptyfile       |  0
 test/unit/resources/ssh_conf_test.rb | 13 +++++++++++++
 4 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 test/unit/mock/files/emptyfile

diff --git a/lib/resources/ssh_conf.rb b/lib/resources/ssh_conf.rb
index 257692249..e22abd895 100644
--- a/lib/resources/ssh_conf.rb
+++ b/lib/resources/ssh_conf.rb
@@ -63,7 +63,7 @@ module Inspec::Resources
       end
 
       @content = file.content
-      if @content.empty? && !file.empty?
+      if @content.nil? || (@content.empty? && !file.size.zero?)
         return skip_resource "Can't read file \"#{@conf_path}\""
       end
 
diff --git a/test/helper.rb b/test/helper.rb
index bcff25ae3..760bf9462 100644
--- a/test/helper.rb
+++ b/test/helper.rb
@@ -104,11 +104,16 @@ class MockLoader
       end
       md
     }
+    emptyfile = lambda {
+      mockfile.call('emptyfile')
+    }
 
     mock.files = {
       '/proc/net/bonding/bond0' => mockfile.call('bond0'),
       '/etc/ssh/ssh_config' => mockfile.call('ssh_config'),
       '/etc/ssh/sshd_config' => mockfile.call('sshd_config'),
+      '/etc/ssh/sshd_config_does_not_exist' => mockfile.call('sshd_config_does_not_exist'),
+      '/etc/ssh/sshd_config_empty' => emptyfile.call,
       '/etc/passwd' => mockfile.call('passwd'),
       '/etc/shadow' => mockfile.call('shadow'),
       '/etc/ntp.conf' => mockfile.call('ntp.conf'),
diff --git a/test/unit/mock/files/emptyfile b/test/unit/mock/files/emptyfile
new file mode 100644
index 000000000..e69de29bb
diff --git a/test/unit/resources/ssh_conf_test.rb b/test/unit/resources/ssh_conf_test.rb
index 8385aefa8..01319cfec 100644
--- a/test/unit/resources/ssh_conf_test.rb
+++ b/test/unit/resources/ssh_conf_test.rb
@@ -35,5 +35,18 @@ describe 'Inspec::Resources::SshConf' do
         '/etc/ssh/ssh_host_ecdsa_key',
       ]
     end
+
+    it 'check bad path' do
+      resource = load_resource('sshd_config', '/etc/ssh/sshd_config_does_not_exist')
+      _(resource.send(:read_content)).must_equal "Can't find file \"/etc/ssh/sshd_config_does_not_exist\""
+      _(resource.Protocol).must_be_nil
+    end
+
+    it 'check cannot read' do
+      Inspec::Resources::FileResource.any_instance.stubs(:size).at_least_once.returns(5)
+      resource = load_resource('sshd_config', '/etc/ssh/sshd_config_empty')
+      _(resource.send(:read_content)).must_equal "Can't read file \"/etc/ssh/sshd_config_empty\""
+      _(resource.Protocol).must_be_nil
+    end
   end
 end