registry_key ignores failed Get-Item, always "exists"

[kenmacleod]

InSpec 1.0.0 and checked source in 8d740de, running on Windows 7 host against Win 2012r2 target.

The following is successful when it should fail:

describe registry_key('HKEY_LOCAL_MACHINE\SYSTEM\does\not\exist') do
  it { should exist }
end

The cause is that the Powershell function InSpec-GetRegistryKey executed on the target does not check the return value of Get-Item for $null and return any sort of error. (It does return an empty properties object which causes the test to incorrectly succeed.)

This change to registry_key.rb fixes it for me but it seems kinda hackish:

diff --git a/lib/resources/registry_key.rb b/lib/resources/registry_key.rb
index b3f16ff..1455ee7 100644
--- a/lib/resources/registry_key.rb
+++ b/lib/resources/registry_key.rb
@@ -147,6 +147,9 @@ module Inspec::Resources
       script = <<-EOH
       Function InSpec-GetRegistryKey($path) {
         $reg = Get-Item ('Registry::' + $path)
+        if ($reg -eq $null) {
+          return New-Object -Type PSObject -Property @{ get_item_returned_null = 1 }
+        }
         $properties = New-Object -Type PSObject
         $reg.Property | ForEach-Object {
             $key = $_
@@ -168,10 +171,14 @@ module Inspec::Resources
       # return nil if cmd.exit_status != 0, try to parse json
       begin
         @registry_cache = JSON.parse(cmd.stdout)
-        # convert keys to lower case
-        @registry_cache = Hash[@registry_cache.map do |key, value|
-          [key.downcase, value]
-        end]
+        if @registry_cache['get_item_returned_null'] == 1
+          @registry_cache = nil
+        else
+          # convert keys to lower case
+          @registry_cache = Hash[@registry_cache.map do |key, value|
+            [key.downcase, value]
+          end]
+        end
       rescue JSON::ParserError => _e
         @registry_cache = nil
       end

[arlimus]

Thank you for detecting this issue @kenmacleod 😄