From 9fd0fb242c8161287ccf21e5017b164e1e495c69 Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Wed, 4 Sep 2019 13:09:40 -0400 Subject: [PATCH] Store waiver information in control metadata and pass into report run_data Signed-off-by: Clinton Wolfe --- lib/inspec/formatters/base.rb | 1 + lib/inspec/rule.rb | 19 +++++++++++++------ lib/inspec/runner_rspec.rb | 1 + 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/lib/inspec/formatters/base.rb b/lib/inspec/formatters/base.rb index 436da5147..d3f2ecf92 100644 --- a/lib/inspec/formatters/base.rb +++ b/lib/inspec/formatters/base.rb @@ -158,6 +158,7 @@ module Inspec::Formatters start_time: example.execution_result.started_at.to_datetime.rfc3339.to_s, resource_title: example.metadata[:described_class] || example.metadata[:example_group][:description], expectation_message: format_expectation_message(example), + waiver_data: example.metadata[:waiver_data], } unless (pid = example.metadata[:profile_id]).nil? diff --git a/lib/inspec/rule.rb b/lib/inspec/rule.rb index a9f55f96c..19ba82b74 100644 --- a/lib/inspec/rule.rb +++ b/lib/inspec/rule.rb @@ -29,6 +29,7 @@ module Inspec @resource_dsl end + attr_reader :__waiver_data def initialize(id, profile_id, opts, &block) @impact = nil @title = nil @@ -292,22 +293,27 @@ module Inspec # over time. Its value can be set by many sources, and it keeps a # log of each "set" event so that when it is collapsed to a value, # it can determine the correct (highest priority) value. - waiver_info = input.value + # Store in an instance variable for.. later reading??? + @__waiver_data = input.value + __waiver_data["skipped_due_to_waiver"] = false + __waiver_data["message"] = "" # Waivers should have a hash value with keys possibly including skip and # expiration_date. We only care here if it has a skip key and it # is yes-like, since all non-skipped waiver operations are handled # during reporting phase. - return unless waiver_info.key?("skip") - return unless waiver_info["skip"].to_s.match(/y|yes|true/i) + return unless __waiver_data.key?("skip") && __waiver_data["skip"] # OK, the intent is to skip. Does it have an expiration date, and # if so, is it in the future? - expiry = waiver_info["expiration_date"] + expiry = __waiver_data["expiration_date"] if expiry if expiry.is_a?(Date) # It appears that yaml.rb automagically parses dates for us - return if expiry < Date.today # If the waiver expired, return - no skip applied + if expiry < Date.today # If the waiver expired, return - no skip applied + __waiver_data["message"] = "Waiver expired on #{expiry}, evaluating control normally" + end + return else ui = Inspec::UI.new ui.error("Unable to parse waiver expiration date '#{expiry}' for control #{@__rule_id}") @@ -318,7 +324,8 @@ module Inspec # OK, apply a skip. @__skip_rule[:result] = true @__skip_rule[:type] = :waiver - @__skip_rule[:message] = waiver_info["justification"] + @__skip_rule[:message] = __waiver_data["justification"] + __waiver_data["skipped_due_to_waiver"] = true end # diff --git a/lib/inspec/runner_rspec.rb b/lib/inspec/runner_rspec.rb index d136b99bf..ffa6963a1 100644 --- a/lib/inspec/runner_rspec.rb +++ b/lib/inspec/runner_rspec.rb @@ -171,6 +171,7 @@ module Inspec metadata[:descriptions] = rule.descriptions metadata[:code] = rule.instance_variable_get(:@__code) metadata[:source_location] = rule.instance_variable_get(:@__source_location) + metadata[:waiver_data] = rule.__waiver_data end end end