Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-23 13:13:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fixes 5215: While using --controls options the control block was also getting evaluated as filtering of the control was happening after evaluating so added the filter logic in the control_eval_context. Also when we have describe block outside control block we are we

Browse source 
generating a control for them automatically and then execute due that also becomes a control and has to add same logic to filter the control in that mehtod

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
This commit is contained in:
Vasu1105 2021-03-18 21:37:48 +05:30
parent df8d589e25
commit a5932b7da7
3 changed files with 63 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
lib/inspec/control_eval_context.rb
View file

@ -53,13 +53,9 @@ module Inspec
def control(id, opts = {}, &block) def control(id, opts = {}, &block)
opts[:skip_only_if_eval] = @skip_only_if_eval opts[:skip_only_if_eval] = @skip_only_if_eval
if control_exist_in_controls_list?(id)
id_exist_in_list = @conf["profile"].include_controls_list.any? do |inclusion| register_control(Inspec::Rule.new(id, profile_id, resources_dsl, opts, &block))
# Try to see if the inclusion is a regex, and if it matches elsif control_list_empty?
inclusion == id || (inclusion.is_a?(Regexp) && inclusion =~ id)
end
if id_exist_in_list || @conf["profile"].include_controls_list.empty?
register_control(Inspec::Rule.new(id, profile_id, resources_dsl, opts, &block)) register_control(Inspec::Rule.new(id, profile_id, resources_dsl, opts, &block))
end end
end end
@ -75,11 +71,16 @@ module Inspec
id = "(generated from #{loc} #{SecureRandom.hex})" id = "(generated from #{loc} #{SecureRandom.hex})"
res = nil res = nil
rule = Inspec::Rule.new(id, profile_id, resources_dsl, {}) do rule = Inspec::Rule.new(id, profile_id, resources_dsl, {}) do
res = describe(*args, &block) res = describe(*args, &block)
end end
register_control(rule, &block)
if control_exist_in_controls_list?(id)
register_control(rule, &block)
elsif control_list_empty?
register_control(rule, &block)
end
res res
end end
@ -183,5 +184,23 @@ module Inspec
"#{File.basename(path)}:#{line}" "#{File.basename(path)}:#{line}"
end end
end end
def profile_config_exist?
!@conf.empty? && @conf.key?("profile") && !@conf["profile"].include_controls_list.empty?
end
def control_list_empty?
!@conf.empty? && @conf.key?("profile") && @conf["profile"].include_controls_list.empty? || @conf.empty?
end
def control_exist_in_controls_list?(id)
if profile_config_exist?
id_exist_in_list = @conf["profile"].include_controls_list.any? do |inclusion|
# Try to see if the inclusion is a regex, and if it matches
inclusion == id || (inclusion.is_a?(Regexp) && inclusion =~ id)
end
end
id_exist_in_list
end
end end
end end

36
test/fixtures/profiles/controls-option-test/controls/example.rb vendored
View file

@ -31,3 +31,39 @@ control "11_pass2" do
it { should cmp 'a thing' } it { should cmp 'a thing' }
end end
end end
describe 'a thing' do
it { should cmp 'a thing' }
end
describe.one do
describe 'ConfigurationA' do
it { should cmp 'a thing' }
end
describe 'ConfigurationB' do
it { should cmp 'a thing' }
end
end
title '/ profile'
# you add controls here
control 'tmp-1.0' do # A unique ID for this control
impact 0.7 # The criticality, if this control fails.
title 'Create / directory' # A human-readable title
desc 'An optional description...' # Describe why this is needed
desc 'label', 'An optional description with a label' # Pair a part of the description with a label
tag data: 'temp data' # A tag allows you to associate key information
tag 'security' # to the test
ref 'Document A-12', url: 'http://...' # Additional references
describe file('/') do # The actual test
it { should be_directory }
end
end
# you can also use plain tests
describe file('/') do
it { should be_directory }
end

1
test/functional/inspec_exec_test.rb
View file

@ -192,7 +192,6 @@ Test Summary: 0 successful, 0 failures, 0 skipped
inspec("exec " + File.join(profile_path, "controls-option-test") + " --no-create-lockfile --controls '/^11/'") inspec("exec " + File.join(profile_path, "controls-option-test") + " --no-create-lockfile --controls '/^11/'")
_(out.stdout).must_include "11_pass" _(out.stdout).must_include "11_pass"
_(out.stdout).must_include "11_pass2" _(out.stdout).must_include "11_pass2"
_(out.stdout).wont_include "foo"
_(out.stdout).wont_include "bar" _(out.stdout).wont_include "bar"
_(out.stdout).wont_include "baz" _(out.stdout).wont_include "baz"
_(stderr).must_equal "" _(stderr).must_equal ""