Merge pull request #5001 from inspec/ns/investigate_waivers_and_namespace_clashing

Allows input and control to have the same name

lib/inspec/rule.rb

@@ -332,7 +332,7 @@ module Inspec
       input_name = @__rule_id # TODO: control ID slugging
       registry = Inspec::InputRegistry.instance
       input = registry.inputs_by_profile.dig(__profile_id, input_name)
-      return unless input
+      return unless input && input.has_value? && input.value.is_a?(Hash)
 
       # An InSpec Input is a datastructure that tracks a profile parameter
       # over time. Its value can be set by many sources, and it keeps a

test/fixtures/profiles/waivers/namespace-clash/controls/namespace_clash.rb

@@ -0,0 +1,7 @@
+# This fixture tests for a regression found here: https://github.com/inspec/inspec/issues/4936
+control '01_my_control' do
+only_if { input('01_my_control', value: 'false') == 'false' }
+  describe true do
+    it { should eq true }
+  end
+end

test/fixtures/profiles/waivers/namespace-clash/inspec.yml

@@ -0,0 +1,5 @@
+name: namespace-clash
+summary: Verifies input and control namespace can safely clash
+version: 0.1.0
+supports:
+  platform: os

test/functional/inspec_exec_json_test.rb

@@ -176,8 +176,8 @@ describe "inspec exec with json formatter" do
         "summary" => "Demonstrates the use of InSpec Compliance Profile",
         "version" => "1.0.0",
         "supports" => [{ "platform-family" => "unix" }, { "platform-family" => "windows" }],
-        "status" => "loaded",
         "attributes" => [],
+        "status" => "loaded",
       })
 
       _(groups.sort_by { |x| x["id"] }).must_equal([

test/functional/inspec_exec_junit_test.rb

@@ -42,11 +42,11 @@ describe "inspec exec with junit formatter" do
     describe "the test suite" do
       let(:suite) { doc.elements.to_a("//testsuites/testsuite").first }
 
-      it "must have 6 testcase children" do
+      it "must have 4 testcase children" do
         _(suite.elements.to_a("//testcase").length).must_equal 4
       end
 
-      it "has the tests attribute with 5 total tests" do
+      it "has the tests attribute with 4 total tests" do
         _(suite.attribute("tests").value).must_equal "4"
       end
 

test/functional/waivers_test.rb

@@ -10,6 +10,23 @@ describe "waivers" do
   let(:controls_by_id)        { run_result; @json.dig("profiles", 0, "controls").map { |c| [c["id"], c] }.to_h }
   let(:cmd)                   { "exec #{waivers_profiles_path}/#{profile_name} --input-file #{waivers_profiles_path}/#{profile_name}/files/#{waiver_file}" }
 
+  attr_accessor :out
+
+  def inspec(commandline, prefix = nil)
+    @stdout = @stderr = nil
+    self.out = super
+  end
+
+  def stdout
+    @stdout ||= out.stdout
+      .force_encoding(Encoding::UTF_8)
+  end
+
+  def stderr
+    @stderr ||= out.stderr
+      .force_encoding(Encoding::UTF_8)
+  end
+
   def assert_test_outcome(expected, control_id)
     assert_equal expected, controls_by_id.dig(control_id, "results", 0, "status")
   end
@@ -88,6 +105,19 @@ describe "waivers" do
     end
   end
 
+  describe "an input and control with the same name" do
+    # This is a test for a regression articulated here:
+    # https://github.com/inspec/inspec/issues/4936
+    it "can execute when control namespace clashes with input" do
+      inspec("exec " + "#{waivers_profiles_path}/namespace-clash" + " --no-create-lockfile" + " --no-color")
+
+      _(stdout).wont_include("Control Source Code Error")
+      _(stdout).must_include "\nProfile Summary: 1 successful control, 0 control failures, 0 controls skipped\n"
+      _(stderr).must_equal ""
+      assert_exit_code 0, out
+    end
+  end
+
   describe "an inherited profile" do
     let(:profile_name) { "waiver-wrapper" }
     let(:waiver_file) { "waivers.yaml" }