Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[chef-compliance] Scan Report Calculations #1491

Closed
username-is-already-taken2 opened this issue Feb 15, 2017 · 2 comments
Closed

[chef-compliance] Scan Report Calculations #1491

username-is-already-taken2 opened this issue Feb 15, 2017 · 2 comments

Comments

@username-is-already-taken2
Copy link
Contributor

Description

I've noticed within the scan report that skipped controls (due to using an only_if statement) are being counted as critical's

control 'nagios-1.1' do
  impact 1.0
  only_if { os.family == 'redhat' }
  ....

image

InSpec and Platform Version

Chef Compliance 1.7.7

Possible Solutions

At the moment we are having to patch the results (ie subtract skipped from critial) to display the true number of critial issues found becuase at first glance people get scared ;)
@chris-rock
Copy link
Contributor

Just tried to identify where the issue is located

control 'a' do
  impact 1.0
  describe 1 do
    it { should cmp 2 }
  end
  only_if { 1 == 2 }
end

The following result is generated by inspec exec trials/count.rb --format=json | jq .

{
  "version": "1.11.0",
  "controls": [
    {
      "status": "skipped",
      "code_desc": "Operating System Detection",
      "skip_message": "Skipped control due to only_if condition.",
      "resource": "Operating System Detection",
      "run_time": 1.2e-05,
      "start_time": "2017-02-15 13:23:13 +0100"
    }
  ],
  "other_checks": [],
  "profiles": [
    {
      "supports": [],
      "controls": [
        {
          "title": null,
          "desc": null,
          "impact": 1,
          "refs": [],
          "tags": {},
          "code": "control 'a' do\n  impact 1.0\n  describe 1 do\n    it { should cmp 2 }\n  end\n  only_if { 1 == 2 }\nend\n",
          "source_location": {
            "ref": "trials/count.rb",
            "line": 1
          },
          "id": "a",
          "results": [
            {
              "status": "skipped",
              "code_desc": "Operating System Detection",
              "skip_message": "Skipped control due to only_if condition.",
              "resource": "Operating System Detection",
              "run_time": 1.2e-05,
              "start_time": "2017-02-15 13:23:13 +0100"
            }
          ]
        }
      ],
      "groups": [
        {
          "title": null,
          "controls": [
            "a"
          ],
          "id": "count.rb"
        }
      ],
      "attributes": []
    }
  ],
  "statistics": {
    "duration": 0.000469
  }
}

Therefore the counting is done incorrectly in Chef Compliance instead of InSpec.

@chris-rock
Copy link
Contributor

This is an official ticket for our support now. Next steps will be tracked in https://getchef.zendesk.com/agent/tickets/13766

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chris-rock @username-is-already-taken2