2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2025-02-22 00:48:41 +00:00

Merge pull request from inspec/vasundhara/fix_for_security_policy_resource

Fix for security_policy resource does not return array for local groups
This commit is contained in:
Clinton Wolfe 2021-08-30 17:17:16 -04:00 committed by GitHub
commit 83fcc7fec4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 3 deletions
lib/inspec/resources
test
fixtures/cmd
unit/resources

View file

@ -147,7 +147,7 @@ module Inspec::Resources
# extracts the values, this methods detects:
# numbers and SIDs and optimizes them for further usage
def extract_value(val)
def extract_value(key, val)
if val =~ /^\d+$/
val.to_i
# special handling for SID array
@ -166,14 +166,15 @@ module Inspec::Resources
elsif !(m = /^\"(.*)\"$/.match(val)).nil?
m[1]
else
val
# When there is Registry Values we are not spliting the value for backward compatibility
key.include?("\\") ? val : val.split(",")
end
end
def convert_hash(hash)
new_hash = {}
hash.each do |k, v|
v.is_a?(Hash) ? value = convert_hash(v) : value = extract_value(v)
v.is_a?(Hash) ? value = convert_hash(v) : value = extract_value(k, v)
new_hash[k.strip] = value
end
new_hash

View file

@ -5,3 +5,4 @@ MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\Secur
[Privilege Rights]
SeUndockPrivilege = *S-1-5-32-544
SeRemoteInteractiveLogonRight = *S-1-5-32-544,*S-1-5-32-555
SeServiceLogonRight = DB2ADMNS,db2admin

View file

@ -11,6 +11,7 @@ describe "Inspec::Resources::SecurityPolicy" do
_(resource.send('MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel')).must_equal "4,0"
_(resource.SeUndockPrivilege).must_equal ["S-1-5-32-544"]
_(resource.SeRemoteInteractiveLogonRight).must_equal ["S-1-5-32-544", "S-1-5-32-555"]
_(resource.SeServiceLogonRight).must_equal %w{ DB2ADMNS db2admin }
end
it "parse empty policy file" do
@ -33,5 +34,6 @@ describe "Inspec::Resources::SecurityPolicy" do
_(resource.send('MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel')).must_equal "4,0"
_(resource.SeUndockPrivilege).must_equal ["BUILTIN\\Administrators"]
_(resource.SeRemoteInteractiveLogonRight).must_equal ["BUILTIN\\Administrators", "S-1-5-32-555"]
_(resource.SeServiceLogonRight).must_equal %w{ DB2ADMNS db2admin }
end
end