Merge pull request #5601 from inspec/nm/bug-apache-conf

Fix apache_conf issue when Server Root is not present in configuration
This commit is contained in:
Clinton Wolfe 2021-08-17 21:00:38 -04:00 committed by GitHub
commit dcf49ad510
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 41 additions and 8 deletions

View file

@ -19,6 +19,10 @@ Use the `apache_conf` Chef InSpec audit resource to test the configuration setti
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Requirements
`ServerRoot` should be included in a apache conf file. If not present the included configs will not be accessible to the resource.
### Version
This resource first became available in v1.0.0 of InSpec.

View file

@ -101,6 +101,7 @@ module Inspec::Resources
include_files_optional = params["IncludeOptional"] || []
includes = []
unless conf_dir.nil?
(include_files + include_files_optional).each do |f|
id = Pathname.new(f).absolute? ? f : File.join(conf_dir, f)
files = find_files(id, depth: 1, type: "file")
@ -108,6 +109,7 @@ module Inspec::Resources
includes.push(files) if files
end
end
# [].flatten! == nil
includes.flatten! || []

View file

@ -0,0 +1,4 @@
# This is the modified Apache server configuration file. It contains comments.
# ServerRoot "/etc/apache2" --> This is commented to test non configuration of serverRoot.
ServerAlias inspec.test www.inspec.test io.inspec.test
Include ports.conf

View file

@ -88,7 +88,7 @@ class MockLoader
mockfile.call("emptyfile")
}
mock.files = {
mock_files = {
"/proc/net/bonding/bond0" => mockfile.call("bond0"),
"/etc/ssh/ssh_config" => mockfile.call("ssh_config"),
"/etc/ssh/sshd_config" => mockfile.call("sshd_config"),
@ -118,7 +118,6 @@ class MockLoader
"nonexistent.json" => mockfile.call("nonexistent.json"),
"/sys/class/net/br0/bridge" => mockdir.call(true),
"rootwrap.conf" => mockfile.call("rootwrap.conf"),
"/etc/apache2/apache2.conf" => mockfile.call("apache2.conf"),
"/etc/apache2/ports.conf" => mockfile.call("ports.conf"),
"/etc/httpd/conf/httpd.conf" => mockfile.call("httpd.conf"),
"/etc/httpd/conf.d/ssl.conf" => mockfile.call("ssl.conf"),
@ -175,6 +174,21 @@ class MockLoader
"/etc/selinux/selinux_conf" => mockfile.call("selinux_conf"),
}
if @platform
if @platform[:name] == "ubuntu" && @platform[:release] == "18.04"
mock_files.merge!(
"/etc/apache2/apache2.conf" => mockfile.call("apache2.conf")
)
elsif @platform[:name] == "ubuntu" && @platform[:release] == "15.04"
# using this ubuntu version to test apache_conf with non configured server root in conf file
mock_files.merge!(
"/etc/apache2/apache2.conf" => mockfile.call("apache2_server_root_void.conf")
)
end
end
mock.files = mock_files
# create all mock commands
cmd = lambda { |x|
stdout = ::File.read(::File.join(scriptpath, "/fixtures/cmd/" + x))

View file

@ -6,7 +6,7 @@ require "hashie"
describe "Inspec::Resources::ApacheConf" do
# debian style apache2
it "reads values in apache2.conf and from Include, IncludeOptional params" do
resource = MockLoader.new(:ubuntu1404).load_resource("apache_conf",
resource = MockLoader.new(:ubuntu1804).load_resource("apache_conf",
"/etc/apache2/apache2.conf")
_(resource.params).must_be_kind_of Hash
_(resource.content).must_be_kind_of String
@ -21,6 +21,15 @@ describe "Inspec::Resources::ApacheConf" do
ENABLE_USR_LIB_CGI_BIN}
end
it "reads values successfully from apache2.conf and ignores Include, IncludeOptional params when server root is not configured" do
resource = MockLoader.new(:ubuntu1504).load_resource("apache_conf", "/etc/apache2/apache2.conf")
_(resource.params).must_be_kind_of Hash
_(resource.content).must_be_kind_of String
_(resource.params("ServerAlias")).must_equal ["inspec.test www.inspec.test io.inspec.test"]
assert_nil(resource.params("ServerRoot"))
assert_nil(resource.params("Listen"))
end
# non debian style httpd
it "reads values in httpd.conf and from Include, IncludeOptional params" do
resource = MockLoader.new(:centos6).load_resource("apache_conf",