From c85f49d0d83d65c0b5d2a9a32f090c3e6e08cdd6 Mon Sep 17 00:00:00 2001 From: Nikita Mathur Date: Tue, 31 Aug 2021 18:14:57 +0530 Subject: [PATCH] Change to filter tags on both key and value basis of hashmap style tags Signed-off-by: Nikita Mathur --- docs-chef-io/content/inspec/cli.md | 2 +- lib/inspec/control_eval_context.rb | 4 +++- test/fixtures/profiles/control-tags/controls/example.rb | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/docs-chef-io/content/inspec/cli.md b/docs-chef-io/content/inspec/cli.md index 43bfe77eb..4e8185ccf 100644 --- a/docs-chef-io/content/inspec/cli.md +++ b/docs-chef-io/content/inspec/cli.md @@ -337,7 +337,7 @@ This subcommand has additional options: * ``--target-id=TARGET_ID`` Provide a ID which will be included on reports * ``--tags=one two three`` - A list of tags, a list of regular expressions that match tags, or a hash map where each value is a tag. `exec` will run controls referenced by the listed or matching tags. + A list of tags, a list of regular expressions that match tags. `exec` will run controls referenced by the listed or matching tags. * ``--user=USER`` The login user for a remote scan. * ``--vendor-cache=VENDOR_CACHE`` diff --git a/lib/inspec/control_eval_context.rb b/lib/inspec/control_eval_context.rb index aa287cad8..5ad3f885f 100644 --- a/lib/inspec/control_eval_context.rb +++ b/lib/inspec/control_eval_context.rb @@ -57,6 +57,7 @@ module Inspec register_control(Inspec::Rule.new(id, profile_id, resources_dsl, opts, &block)) elsif !tags_list_empty? # Inside elsif rule is initialised before registering it because it enables fetching of control tags + # This condition is only true when --tags option is used inspec_rule = Inspec::Rule.new(id, profile_id, resources_dsl, opts, &block) tag_ids = control_tags(inspec_rule) register_control(inspec_rule) if tag_exist_in_control_tags?(tag_ids) @@ -68,7 +69,8 @@ module Inspec def control_tags(inspec_rule) all_tags = [] inspec_rule.tag.each do |key, value| - value.nil? ? all_tags.push(key) : all_tags.push(value) + all_tags.push(key) + all_tags.push(value) unless value.nil? end all_tags.flatten.compact.uniq.map(&:to_s) rescue diff --git a/test/fixtures/profiles/control-tags/controls/example.rb b/test/fixtures/profiles/control-tags/controls/example.rb index a91f27aa8..9c140017d 100644 --- a/test/fixtures/profiles/control-tags/controls/example.rb +++ b/test/fixtures/profiles/control-tags/controls/example.rb @@ -1,6 +1,6 @@ control "basic" do tag "tag1" - tag :special, :special1 + tag :symbol_key1, :symbol_key2 tag severity: nil tag data: "tag2" tag data_arr: ["tag3", "tag4"]