CFINSPEC-580 Dependent profiles fix for any scheme of version used in profiles (#6410)

* Dependent profiles fix for any scheme of version used in profiles

Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>

* Dependent profile fix when version is blank in dependent profiles

Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>

---------

Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>

lib/inspec/dependencies/dependency_set.rb

@@ -26,7 +26,7 @@ module Inspec
       dep_list = {}
       dependencies.each do |d|
         # if depedent profile does not have a source version then only name is used in dependency hash
-        key_name = (d.source_version ? "#{d.name}-#{d.source_version}" : "#{d.name}") rescue "#{d.name}"
+        key_name = (d.source_version.blank? ? "#{d.name}" : "#{d.name}-#{d.source_version}") rescue "#{d.name}"
         dep_list[key_name] = d
       end
       new(cwd, cache, dep_list, backend)
@@ -42,7 +42,7 @@ module Inspec
       dep_list = {}
       dep_tree.each do |d|
         # if depedent profile does not have a source version then only name is used in dependency hash
-        key_name = (d.source_version ? "#{d.name}-#{d.source_version}" : "#{d.name}") rescue d.name
+        key_name = (d.source_version.blank? ? "#{d.name}" : "#{d.name}-#{d.source_version}") rescue "#{d.name}"
         dep_list[key_name] = d
         dep_list.merge!(flatten_dep_tree(d.dependencies))
       end

lib/inspec/dsl.rb

@@ -91,14 +91,12 @@ module Inspec::DSL
     if profile_version
       new_profile_id = "#{profile_id}-#{profile_version}"
     else
-      # This scary regex is used to match version following semantic Versioning (SemVer). Thanks to https://ihateregex.io/expr/semver/
-      regex_for_semver = /(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?/
-      dependencies.list.keys.each do |key|
+      dependencies.list.each do |key, value|
         # 1. Fetching VERSION from a profile dependency name which is in a format NAME-VERSION.
         # 2. Matching original profile dependency name with profile name used with include or require control DSL.
-        fetching_semver = key.match(regex_for_semver).to_s
-        unless fetching_semver.nil? || fetching_semver.empty?
-          profile_id_key = key.split("-#{fetching_semver}")[0]
+        source_version = value.source_version
+        unless source_version.blank?
+          profile_id_key = key.split("-#{source_version}")[0]
           new_profile_id = key if profile_id_key == profile_id
         end
       end

test/fixtures/profiles/git-fetcher/inheritance-windows/child-profile-2/inspec.yml

@@ -5,7 +5,7 @@ copyright: The Authors
 copyright_email: you@example.com
 license: Apache-2.0
 summary: An InSpec Compliance Profile
-version: 0.1.0
+version: 0.1.0 Release Inspec 5 NotASemverVersion 1
 supports:
   platform: os
 depends:

test/fixtures/profiles/git-fetcher/inheritance/child-profile-2/inspec.yml

@@ -5,7 +5,7 @@ copyright: The Authors
 copyright_email: you@example.com
 license: Apache-2.0
 summary: An InSpec Compliance Profile
-version: 0.1.0
+version: 0.1.0 Release Inspec 5 NotASemverVersion 1
 supports:
   platform: os
 depends:

test/fixtures/profiles/git-fetcher/inheritance/child-profile-4/controls/example.rb

@@ -0,0 +1 @@
+include_controls "child-profile-5"

test/fixtures/profiles/git-fetcher/inheritance/child-profile-4/inspec.yml

@@ -0,0 +1,13 @@
+name: child-profile-4
+title: InSpec Profile
+maintainer: The Authors
+copyright: The Authors
+copyright_email: you@example.com
+license: Apache-2.0
+summary: An InSpec Compliance Profile
+version: 0.1.0
+supports:
+  platform: os
+depends:
+  - name: child-profile-5
+    path: ../child-profile-5

test/fixtures/profiles/git-fetcher/inheritance/child-profile-5/controls/example.rb

@@ -0,0 +1,3 @@
+require_controls "ssh" do
+  control "sshd-01"
+end

test/fixtures/profiles/git-fetcher/inheritance/child-profile-5/inspec.yml

@@ -0,0 +1,13 @@
+name: child-profile-5
+title: InSpec Profile
+maintainer: The Authors
+copyright: The Authors
+copyright_email: you@example.com
+license: Apache-2.0
+summary: An InSpec Compliance Profile
+supports:
+  platform: os
+depends:
+  - name: ssh
+    git: https://github.com/dev-sec/ssh-baseline.git
+    tag: 2.6.0

test/functional/inspec_exec_test.rb

@@ -1317,10 +1317,12 @@ EOT
         _(run_result.stdout).must_include "2.6.0"
         _(run_result.stdout).must_include "sshd-01"
         _(run_result.stdout).must_include "sshd-50"
+        # Test with version which is not following semver scheme.
+        _(run_result.stdout).must_include "0.1.0 Release Inspec 5 NotASemverVersion 1"
       end
     end
 
-    describe "DSL with version: when profiles are dependent on different versions of same profile" do
+    describe "Using require control with version: when profiles are dependent on different versions of same profile" do
       let(:profile) { "#{profile_path}/git-fetcher/inheritance/child-profile-3" }
       let(:run_result) { run_inspec_process("exec #{profile}") }
       it "should evaluate all test controls of all versions correctly" do
@@ -1330,6 +1332,15 @@ EOT
         _(run_result.stdout).must_include "sshd-01"
       end
     end
+
+    describe "When profiles are dependent on a profile with no version" do
+      let(:profile) { "#{profile_path}/git-fetcher/inheritance/child-profile-4" }
+      let(:run_result) { run_inspec_process("exec #{profile}") }
+      it "should evaluate all test controls of all versions correctly" do
+        skip_windows!
+        _(run_result.stderr).must_be_empty
+      end
+    end
   end
 
   if windows?
@@ -1339,6 +1350,8 @@ EOT
       it "should evaluate all test controls of all versions correctly" do
         _(run_result.stdout).must_include "1.1.2"
         _(run_result.stdout).must_include "1.1.0"
+        # Test with version which is not following semver scheme.
+        _(run_result.stdout).must_include "0.1.0 Release Inspec 5 NotASemverVersion 1"
       end
     end
   end