Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use parenthesis when passing regular expressions #1106

Merged
merged 1 commit into from
Sep 20, 2016
Merged

Use parenthesis when passing regular expressions #1106

merged 1 commit into from
Sep 20, 2016

Conversation

alexpop
Copy link
Contributor

@alexpop alexpop commented Sep 20, 2016

Before this change, some regular expressions would generate a control that's cannot be parses later on for check/exec:

$ be bin/inspec scap convert --profile 'Level 1' /tmp/CIS_Oracle_Solaris_11.2_Benchmark_v1.1.0_one_rule.xml
control "xccdf_org.cisecurity.benchmarks_rule_9.23_Find_Un-owned_Files_and_Directories" do
  title "Find Un-owned Files and Directories"
  desc  "Sometimes when administrators delete users from the password file they neglect to remove all files owned by those users from the system."
  impact 1.0
  describe bash("find / \\( -fstype nfs -o -fstype cachefs -o -fstype autofs -o -fstype ctfs -o -fstype mntfs -o -fstype objfs -o -fstype proc \\) -prune -o \\( -nouser -o -nogroup \\) -ls") do
    its("stdout") { should match / \/zones\// }
  end
end

Check error:

bundle exec inspec check cis/cis-oraclesolaris11.2-level1 --profiles-path .
/home/travis/build/chef/compliance-profiles/vendor/bundle/ruby/1.9.1/gems/inspec-0.35.0/lib/inspec/profile_context.rb:123:in `instance_eval': cis/cis-oraclesolaris11.2-level1/controls/translated-controls.rb:1145: syntax error, unexpected $undefined (SyntaxError)
    its("stdout") { should match / \/zones\// }
                                    ^
    from /home/travis/build/chef/compliance-profiles/vendor/bundle/ruby/1.9.1/gems/inspec-0.35.0/lib/inspec/profile_context.rb:123:in `load_with_context'
    from /home/travis/build/chef/compliance-profiles/vendor/bundle/ruby/1.9.1/gems/inspec-0.35.0/lib/inspec/profile_context.rb:107:in `load_control_file'

This PR changes how the regex is parsed to the matcher:

$ be bin/inspec scap convert --profile 'Level 1' /tmp/CIS_Oracle_Solaris_11.2_Benchmark_v1.1.0_one_rule.xml
control "xccdf_org.cisecurity.benchmarks_rule_9.23_Find_Un-owned_Files_and_Directories" do
  title "Find Un-owned Files and Directories"
  desc  "Sometimes when administrators delete users from the password file they neglect to remove all files owned by those users from the system."
  impact 1.0
  describe bash("find / \\( -fstype nfs -o -fstype cachefs -o -fstype autofs -o -fstype ctfs -o -fstype mntfs -o -fstype objfs -o -fstype proc \\) -prune -o \\( -nouser -o -nogroup \\) -ls") do
    its("stdout") { should match(/ \/zones\//) }
  end
end

@alexpop alexpop added the Type: Bug Feature not working as expected label Sep 20, 2016
@alexpop alexpop changed the title WIP: Use parenthesis when passing regular expressions Use parenthesis when passing regular expressions Sep 20, 2016
@alexpop
Copy link
Contributor Author

alexpop commented Sep 20, 2016

@chris-rock, lint fixed

@chris-rock
Copy link
Contributor

Thanks @alexpop this is a great improvement. Otherwise this may be interpreted by ruby as an argument.

@chris-rock chris-rock merged commit 181ff77 into master Sep 20, 2016
@chris-rock chris-rock deleted the ap/match-param branch September 20, 2016 23:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chris-rock chris-rock chris-rock approved these changes

Assignees
No one assigned
Labels
Type: Bug Feature not working as expected
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@alexpop @chris-rock @chef-supermarket