You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
InSpec 1.0.0 and checked source in 8d740de, running on Windows 7 host against Win 2012r2 target.
The following is successful when it should fail:
describe registry_key('HKEY_LOCAL_MACHINE\SYSTEM\does\not\exist') do
it { should exist }
end
The cause is that the Powershell function InSpec-GetRegistryKey executed on the target does not check the return value of Get-Item for $null and return any sort of error. (It does return an empty properties object which causes the test to incorrectly succeed.)
This change to registry_key.rb fixes it for me but it seems kinda hackish:
diff --git a/lib/resources/registry_key.rb b/lib/resources/registry_key.rb
index b3f16ff..1455ee7 100644
--- a/lib/resources/registry_key.rb+++ b/lib/resources/registry_key.rb@@ -147,6 +147,9 @@ module Inspec::Resources
script = <<-EOH
Function InSpec-GetRegistryKey($path) {
$reg = Get-Item ('Registry::' + $path)
+ if ($reg -eq $null) {+ return New-Object -Type PSObject -Property @{ get_item_returned_null = 1 }+ }
$properties = New-Object -Type PSObject
$reg.Property | ForEach-Object {
$key = $_
@@ -168,10 +171,14 @@ module Inspec::Resources
# return nil if cmd.exit_status != 0, try to parse json
begin
@registry_cache = JSON.parse(cmd.stdout)
- # convert keys to lower case- @registry_cache = Hash[@registry_cache.map do |key, value|- [key.downcase, value]- end]+ if @registry_cache['get_item_returned_null'] == 1+ @registry_cache = nil+ else+ # convert keys to lower case+ @registry_cache = Hash[@registry_cache.map do |key, value|+ [key.downcase, value]+ end]+ end
rescue JSON::ParserError => _e
@registry_cache = nil
end
The text was updated successfully, but these errors were encountered:
InSpec 1.0.0 and checked source in 8d740de, running on Windows 7 host against Win 2012r2 target.
The following is successful when it should fail:
The cause is that the Powershell function
InSpec-GetRegistryKey
executed on the target does not check the return value ofGet-Item
for$null
and return any sort of error. (It does return an empty properties object which causes the test to incorrectly succeed.)This change to
registry_key.rb
fixes it for me but it seems kinda hackish:The text was updated successfully, but these errors were encountered: