Merge pull request #5601 from inspec/nm/bug-apache-conf

Fix apache_conf issue when Server Root is not present in configuration
This commit is contained in:
Clinton Wolfe 2021-08-17 21:00:38 -04:00 committed by GitHub
commit dcf49ad510
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 41 additions and 8 deletions

View file

@ -19,6 +19,10 @@ Use the `apache_conf` Chef InSpec audit resource to test the configuration setti
This resource is distributed along with Chef InSpec itself. You can use it automatically. This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Requirements
`ServerRoot` should be included in a apache conf file. If not present the included configs will not be accessible to the resource.
### Version ### Version
This resource first became available in v1.0.0 of InSpec. This resource first became available in v1.0.0 of InSpec.

View file

@ -101,12 +101,14 @@ module Inspec::Resources
include_files_optional = params["IncludeOptional"] || [] include_files_optional = params["IncludeOptional"] || []
includes = [] includes = []
(include_files + include_files_optional).each do |f| unless conf_dir.nil?
id = Pathname.new(f).absolute? ? f : File.join(conf_dir, f) (include_files + include_files_optional).each do |f|
files = find_files(id, depth: 1, type: "file") id = Pathname.new(f).absolute? ? f : File.join(conf_dir, f)
files += find_files(id, depth: 1, type: "link") files = find_files(id, depth: 1, type: "file")
files += find_files(id, depth: 1, type: "link")
includes.push(files) if files includes.push(files) if files
end
end end
# [].flatten! == nil # [].flatten! == nil

View file

@ -0,0 +1,4 @@
# This is the modified Apache server configuration file. It contains comments.
# ServerRoot "/etc/apache2" --> This is commented to test non configuration of serverRoot.
ServerAlias inspec.test www.inspec.test io.inspec.test
Include ports.conf

View file

@ -88,7 +88,7 @@ class MockLoader
mockfile.call("emptyfile") mockfile.call("emptyfile")
} }
mock.files = { mock_files = {
"/proc/net/bonding/bond0" => mockfile.call("bond0"), "/proc/net/bonding/bond0" => mockfile.call("bond0"),
"/etc/ssh/ssh_config" => mockfile.call("ssh_config"), "/etc/ssh/ssh_config" => mockfile.call("ssh_config"),
"/etc/ssh/sshd_config" => mockfile.call("sshd_config"), "/etc/ssh/sshd_config" => mockfile.call("sshd_config"),
@ -118,7 +118,6 @@ class MockLoader
"nonexistent.json" => mockfile.call("nonexistent.json"), "nonexistent.json" => mockfile.call("nonexistent.json"),
"/sys/class/net/br0/bridge" => mockdir.call(true), "/sys/class/net/br0/bridge" => mockdir.call(true),
"rootwrap.conf" => mockfile.call("rootwrap.conf"), "rootwrap.conf" => mockfile.call("rootwrap.conf"),
"/etc/apache2/apache2.conf" => mockfile.call("apache2.conf"),
"/etc/apache2/ports.conf" => mockfile.call("ports.conf"), "/etc/apache2/ports.conf" => mockfile.call("ports.conf"),
"/etc/httpd/conf/httpd.conf" => mockfile.call("httpd.conf"), "/etc/httpd/conf/httpd.conf" => mockfile.call("httpd.conf"),
"/etc/httpd/conf.d/ssl.conf" => mockfile.call("ssl.conf"), "/etc/httpd/conf.d/ssl.conf" => mockfile.call("ssl.conf"),
@ -175,6 +174,21 @@ class MockLoader
"/etc/selinux/selinux_conf" => mockfile.call("selinux_conf"), "/etc/selinux/selinux_conf" => mockfile.call("selinux_conf"),
} }
if @platform
if @platform[:name] == "ubuntu" && @platform[:release] == "18.04"
mock_files.merge!(
"/etc/apache2/apache2.conf" => mockfile.call("apache2.conf")
)
elsif @platform[:name] == "ubuntu" && @platform[:release] == "15.04"
# using this ubuntu version to test apache_conf with non configured server root in conf file
mock_files.merge!(
"/etc/apache2/apache2.conf" => mockfile.call("apache2_server_root_void.conf")
)
end
end
mock.files = mock_files
# create all mock commands # create all mock commands
cmd = lambda { |x| cmd = lambda { |x|
stdout = ::File.read(::File.join(scriptpath, "/fixtures/cmd/" + x)) stdout = ::File.read(::File.join(scriptpath, "/fixtures/cmd/" + x))

View file

@ -6,7 +6,7 @@ require "hashie"
describe "Inspec::Resources::ApacheConf" do describe "Inspec::Resources::ApacheConf" do
# debian style apache2 # debian style apache2
it "reads values in apache2.conf and from Include, IncludeOptional params" do it "reads values in apache2.conf and from Include, IncludeOptional params" do
resource = MockLoader.new(:ubuntu1404).load_resource("apache_conf", resource = MockLoader.new(:ubuntu1804).load_resource("apache_conf",
"/etc/apache2/apache2.conf") "/etc/apache2/apache2.conf")
_(resource.params).must_be_kind_of Hash _(resource.params).must_be_kind_of Hash
_(resource.content).must_be_kind_of String _(resource.content).must_be_kind_of String
@ -21,6 +21,15 @@ describe "Inspec::Resources::ApacheConf" do
ENABLE_USR_LIB_CGI_BIN} ENABLE_USR_LIB_CGI_BIN}
end end
it "reads values successfully from apache2.conf and ignores Include, IncludeOptional params when server root is not configured" do
resource = MockLoader.new(:ubuntu1504).load_resource("apache_conf", "/etc/apache2/apache2.conf")
_(resource.params).must_be_kind_of Hash
_(resource.content).must_be_kind_of String
_(resource.params("ServerAlias")).must_equal ["inspec.test www.inspec.test io.inspec.test"]
assert_nil(resource.params("ServerRoot"))
assert_nil(resource.params("Listen"))
end
# non debian style httpd # non debian style httpd
it "reads values in httpd.conf and from Include, IncludeOptional params" do it "reads values in httpd.conf and from Include, IncludeOptional params" do
resource = MockLoader.new(:centos6).load_resource("apache_conf", resource = MockLoader.new(:centos6).load_resource("apache_conf",