From 6c73db295f7184641f8a7b99f674d72f5a14039a Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Mon, 29 Oct 2018 17:45:34 -0400 Subject: [PATCH 01/16] Failing functional test for duplicate controls Signed-off-by: Clinton Wolfe --- test/functional/helper.rb | 1 + test/functional/inspec_check_test.rb | 14 ++++++++++- .../dupe-controls/controls/duplicates.rb | 23 +++++++++++++++++++ .../mock/profiles/dupe-controls/inspec.yml | 10 ++++++++ 4 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 test/unit/mock/profiles/dupe-controls/controls/duplicates.rb create mode 100644 test/unit/mock/profiles/dupe-controls/inspec.yml diff --git a/test/functional/helper.rb b/test/functional/helper.rb index 2c3c3a9c6e..3a571e2253 100644 --- a/test/functional/helper.rb +++ b/test/functional/helper.rb @@ -4,6 +4,7 @@ require 'helper' require 'rbconfig' +require 'byebug' require 'minitest/hell' class Minitest::Test diff --git a/test/functional/inspec_check_test.rb b/test/functional/inspec_check_test.rb index c219d54bd7..8a159a1e7c 100644 --- a/test/functional/inspec_check_test.rb +++ b/test/functional/inspec_check_test.rb @@ -88,6 +88,18 @@ out.exit_status.must_equal 1 out.stdout.must_include 'inspec.yml and inspec.lock are out-of-sync. Please re-vendor with `inspec vendor`.' out.stdout.must_include 'Cannot find linux-baseline in lockfile. Please re-vendor with `inspec vendor`.' - end + end + end + + describe 'inspec check should catch a duplicate control' do + let(:dupe_profile) { File.join(profile_path, 'dupe-controls') } + it 'can detect a duplicate control' do + run_result = inspec('check ' + dupe_profile + ' --format json') + run_result.exit_status.must_equal 0 + json_result = JSON.parse(run_result.stdout) + # Must detect exactly one error + json_result['errors'].must_equal 1 + + end end end diff --git a/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb b/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb new file mode 100644 index 0000000000..b010bcc0f1 --- /dev/null +++ b/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb @@ -0,0 +1,23 @@ +control 'dupe-01' do + impact 1 + title 'dupe-01-title-one' + desc 'default-one' + description 'collision', 'one' + description 'uniq-one', 'one' + + describe true do + it { should eq true } + end +end + +control 'dupe-01' do + impact 0 + title 'dupe-01-title-two' + desc 'default-two' + description 'collision', 'two' + description 'uniq-two', 'two' + + describe true do + it { should eq false } + end +end \ No newline at end of file diff --git a/test/unit/mock/profiles/dupe-controls/inspec.yml b/test/unit/mock/profiles/dupe-controls/inspec.yml new file mode 100644 index 0000000000..39d35ef114 --- /dev/null +++ b/test/unit/mock/profiles/dupe-controls/inspec.yml @@ -0,0 +1,10 @@ +name: dupe-controls +title: A profile containing duplicated controls, refs github issue 822 +maintainer: The Authors +copyright: The Authors +copyright_email: you@example.com +license: Apache-2.0 +summary: An InSpec Compliance Profile +version: 0.1.0 +supports: + platform: os \ No newline at end of file From 81283702daad649a8525253de225ab1c4ad16b56 Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Mon, 29 Oct 2018 19:58:21 -0400 Subject: [PATCH 02/16] inspec check will now error on duplicate IDs Signed-off-by: Clinton Wolfe --- lib/inspec/profile.rb | 25 ++++++++++++++----- lib/inspec/rule.rb | 6 ++++- test/functional/inspec_check_test.rb | 10 ++++++-- .../dupe-controls/controls/duplicates.rb | 10 +++----- 4 files changed, 36 insertions(+), 15 deletions(-) diff --git a/lib/inspec/profile.rb b/lib/inspec/profile.rb index 76a238a8a7..be7c6c6625 100644 --- a/lib/inspec/profile.rb +++ b/lib/inspec/profile.rb @@ -325,10 +325,9 @@ def info(res = params.dup) # rubocop:disable Metrics/CyclomaticComplexity, Metri res end - # Check if the profile is internally well-structured. The logger will be - # used to print information on errors and warnings which are found. + # Sanity check the profile. This is the core of `inspec check` # - # @return [Boolean] true if no errors were found, false otherwise + # @return [Hash] check results. See below for structure. def check # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/MethodLength # initial values for response object result = { @@ -411,8 +410,8 @@ def check # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metri @logger.info("Found #{count} controls.") end - # iterate over hash of groups - params[:controls].each { |id, control| + # iterate over hash of controls + params[:controls].each do |id, control| sfile = control[:source_location][:ref] sline = control[:source_location][:line] error.call(sfile, sline, nil, id, 'Avoid controls with empty IDs') if id.nil? or id.empty? @@ -422,7 +421,19 @@ def check # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metri warn.call(sfile, sline, nil, id, "Control #{id} has impact > 1.0") if control[:impact].to_f > 1.0 warn.call(sfile, sline, nil, id, "Control #{id} has impact < 0.0") if control[:impact].to_f < 0.0 warn.call(sfile, sline, nil, id, "Control #{id} has no tests defined") if control[:checks].nil? or control[:checks].empty? - } + + # Check for duplicate IDs within the same profile + rule = control[:rule_obj] + if Inspec::Rule.merge_count(rule) > 0 + profile_id = Inspec::Rule.profile_id(rule) + Inspec::Rule.merge_changes(rule).select { |merge_location| merge_location[:profile_id] == profile_id }.each do |location| + cfile = location[:ref] + cline = location[:line] + msg = "Control #{id} is duplicated in profile #{profile_id} - clobbered by #{cfile}:#{cline}" + error.call(sfile, sline, nil, id, msg) + end + end + end # profile is valid if we could not find any error result[:summary][:valid] = result[:errors].empty? @@ -607,6 +618,7 @@ def load_rule_filepath(prefix, rule) def load_rule(rule, file, controls, groups) id = Inspec::Rule.rule_id(rule) location = rule.instance_variable_get(:@__source_location) + # TODO: why are we constructiong this thing, when the rule object already has this info? controls[id] = { title: rule.title, desc: rule.desc, @@ -617,6 +629,7 @@ def load_rule(rule, file, controls, groups) checks: Inspec::Rule.checks(rule), code: Inspec::MethodSource.code_at(location, source_reader), source_location: location, + rule_obj: rule, # We need the actual object to interrogate merge history } # try and grab code text from merge locations diff --git a/lib/inspec/rule.rb b/lib/inspec/rule.rb index 8b66c96ea4..8794dd7733 100644 --- a/lib/inspec/rule.rb +++ b/lib/inspec/rule.rb @@ -39,7 +39,7 @@ def initialize(id, profile_id, opts, &block) # not changeable by the user: @__code = nil @__block = block - @__source_location = __get_block_source_location(&block) + @__source_location = __get_block_source_location(&block).merge(profile_id: profile_id) @__rule_id = id @__profile_id = profile_id @__checks = [] @@ -178,6 +178,10 @@ def self.set_rule_id(rule, value) rule.instance_variable_set(:@__rule_id, value) end + def self.source_location(rule) + rule.instance_variable_get(:@__source_location) + end + def self.profile_id(rule) rule.instance_variable_get(:@__profile_id) end diff --git a/test/functional/inspec_check_test.rb b/test/functional/inspec_check_test.rb index 8a159a1e7c..1aa5ea988f 100644 --- a/test/functional/inspec_check_test.rb +++ b/test/functional/inspec_check_test.rb @@ -95,10 +95,16 @@ let(:dupe_profile) { File.join(profile_path, 'dupe-controls') } it 'can detect a duplicate control' do run_result = inspec('check ' + dupe_profile + ' --format json') - run_result.exit_status.must_equal 0 + run_result.exit_status.must_equal 1 json_result = JSON.parse(run_result.stdout) + # Must detect exactly one error - json_result['errors'].must_equal 1 + json_result['errors'].count.must_equal 1 + + json_result['errors'][0]['control_id'].must_equal 'dupe-01' # Find the right control + json_result['errors'][0]['msg'].must_include 'is duplicated in profile dupe-controls' # The kernel of the error message + json_result['errors'][0]['msg'].must_include 'clobbered by' # And we tell you that is was overwritten + json_result['errors'][0]['msg'].must_include 'duplicates.rb:12' # And we tell you what overwrote it end end diff --git a/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb b/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb index b010bcc0f1..276851fc47 100644 --- a/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb +++ b/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb @@ -1,9 +1,8 @@ control 'dupe-01' do impact 1 title 'dupe-01-title-one' - desc 'default-one' - description 'collision', 'one' - description 'uniq-one', 'one' + desc 'collision', 'one' + desc 'uniq-one', 'one' describe true do it { should eq true } @@ -13,9 +12,8 @@ control 'dupe-01' do impact 0 title 'dupe-01-title-two' - desc 'default-two' - description 'collision', 'two' - description 'uniq-two', 'two' + desc 'collision', 'two' + desc 'uniq-two', 'two' describe true do it { should eq false } From 5ff3b8fc88c4d55e7e4686e61b18ff8ca97a8485 Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Mon, 29 Oct 2018 20:25:27 -0400 Subject: [PATCH 03/16] Add a warning to inspec exec Signed-off-by: Clinton Wolfe --- lib/inspec/runner.rb | 13 +++++++++++++ test/functional/inspec_check_test.rb | 2 +- test/functional/inspec_exec_test.rb | 15 +++++++++++++++ .../profiles/dupe-controls/controls/duplicates.rb | 4 ++-- 4 files changed, 31 insertions(+), 3 deletions(-) diff --git a/lib/inspec/runner.rb b/lib/inspec/runner.rb index 36e042f0d6..f104c1d1a0 100644 --- a/lib/inspec/runner.rb +++ b/lib/inspec/runner.rb @@ -102,6 +102,19 @@ def load all_controls.each do |rule| register_rule(rule) unless rule.nil? + # Check for duplicate controls and warn + if Inspec::Rule.merge_count(rule) > 0 + profile_id = Inspec::Rule.profile_id(rule) + Inspec::Rule.merge_changes(rule).select { |merge_location| merge_location[:profile_id] == profile_id }.each do |location| + sfile = Inspec::Rule.source_location(rule)[:ref] + sline = Inspec::Rule.source_location(rule)[:line] + cfile = location[:ref] + cline = location[:line] + id = Inspec::Rule.rule_id(rule) + msg = "Control #{id} at #{sfile}:#{sline} is duplicated within the same profile '#{profile_id}' - clobbered by #{cfile}:#{cline}" + Inspec::Log.warn(msg) + end + end end end diff --git a/test/functional/inspec_check_test.rb b/test/functional/inspec_check_test.rb index 1aa5ea988f..42415feeab 100644 --- a/test/functional/inspec_check_test.rb +++ b/test/functional/inspec_check_test.rb @@ -92,8 +92,8 @@ end describe 'inspec check should catch a duplicate control' do - let(:dupe_profile) { File.join(profile_path, 'dupe-controls') } it 'can detect a duplicate control' do + dupe_profile = File.join(profile_path, 'dupe-controls') run_result = inspec('check ' + dupe_profile + ' --format json') run_result.exit_status.must_equal 1 json_result = JSON.parse(run_result.stdout) diff --git a/test/functional/inspec_exec_test.rb b/test/functional/inspec_exec_test.rb index 8818397213..e3c497a08b 100644 --- a/test/functional/inspec_exec_test.rb +++ b/test/functional/inspec_exec_test.rb @@ -524,4 +524,19 @@ run_result.stdout.wont_include('1 deprecation warning total') end end + + describe 'when using a profile that contains duplicate controls' do + it 'merges the controls and emits a warning' do + dupe_profile = File.join(profile_path, 'dupe-controls') + run_result = inspec('exec ' + dupe_profile) + run_result.exit_status.must_equal 0 + + warning = run_result.stdout.split("\n").grep(/WARN.+duplicate/).first + warning.wont_be_nil + warning.must_include 'dupe-01' # Which control + warning.must_include "is duplicated within the same profile 'dupe-controls'" + warning.must_include 'duplicates.rb:1' # the original location + warning.must_include 'duplicates.rb:12' # the duplicate location + end + end end diff --git a/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb b/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb index 276851fc47..6008e5a6d4 100644 --- a/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb +++ b/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb @@ -5,7 +5,7 @@ desc 'uniq-one', 'one' describe true do - it { should eq true } + it { should eq false } end end @@ -16,6 +16,6 @@ desc 'uniq-two', 'two' describe true do - it { should eq false } + it { should eq true } end end \ No newline at end of file From dfcd57223a25f3f8d0bde10c9d67b070f02b41a4 Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Mon, 29 Oct 2018 20:38:29 -0400 Subject: [PATCH 04/16] linting Signed-off-by: Clinton Wolfe --- lib/inspec/profile.rb | 15 +++++++-------- lib/inspec/runner.rb | 23 +++++++++++------------ 2 files changed, 18 insertions(+), 20 deletions(-) diff --git a/lib/inspec/profile.rb b/lib/inspec/profile.rb index be7c6c6625..6969f9cc6e 100644 --- a/lib/inspec/profile.rb +++ b/lib/inspec/profile.rb @@ -424,14 +424,13 @@ def check # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metri # Check for duplicate IDs within the same profile rule = control[:rule_obj] - if Inspec::Rule.merge_count(rule) > 0 - profile_id = Inspec::Rule.profile_id(rule) - Inspec::Rule.merge_changes(rule).select { |merge_location| merge_location[:profile_id] == profile_id }.each do |location| - cfile = location[:ref] - cline = location[:line] - msg = "Control #{id} is duplicated in profile #{profile_id} - clobbered by #{cfile}:#{cline}" - error.call(sfile, sline, nil, id, msg) - end + next unless Inspec::Rule.merge_count(rule) > 0 + profile_id = Inspec::Rule.profile_id(rule) + Inspec::Rule.merge_changes(rule).select { |merge_location| merge_location[:profile_id] == profile_id }.each do |location| + cfile = location[:ref] + cline = location[:line] + msg = "Control #{id} is duplicated in profile #{profile_id} - clobbered by #{cfile}:#{cline}" + error.call(sfile, sline, nil, id, msg) end end diff --git a/lib/inspec/runner.rb b/lib/inspec/runner.rb index f104c1d1a0..6351c6d4b5 100644 --- a/lib/inspec/runner.rb +++ b/lib/inspec/runner.rb @@ -75,7 +75,7 @@ def reset @rules = [] end - def load + def load # rubocop: disable Metrics/AbcSize all_controls = [] @target_profiles.each do |profile| @@ -103,17 +103,16 @@ def load all_controls.each do |rule| register_rule(rule) unless rule.nil? # Check for duplicate controls and warn - if Inspec::Rule.merge_count(rule) > 0 - profile_id = Inspec::Rule.profile_id(rule) - Inspec::Rule.merge_changes(rule).select { |merge_location| merge_location[:profile_id] == profile_id }.each do |location| - sfile = Inspec::Rule.source_location(rule)[:ref] - sline = Inspec::Rule.source_location(rule)[:line] - cfile = location[:ref] - cline = location[:line] - id = Inspec::Rule.rule_id(rule) - msg = "Control #{id} at #{sfile}:#{sline} is duplicated within the same profile '#{profile_id}' - clobbered by #{cfile}:#{cline}" - Inspec::Log.warn(msg) - end + next unless Inspec::Rule.merge_count(rule) > 0 + profile_id = Inspec::Rule.profile_id(rule) + Inspec::Rule.merge_changes(rule).select { |merge_location| merge_location[:profile_id] == profile_id }.each do |location| + sfile = Inspec::Rule.source_location(rule)[:ref] + sline = Inspec::Rule.source_location(rule)[:line] + cfile = location[:ref] + cline = location[:line] + id = Inspec::Rule.rule_id(rule) + msg = "Control #{id} at #{sfile}:#{sline} is duplicated within the same profile '#{profile_id}' - clobbered by #{cfile}:#{cline}" + Inspec::Log.warn(msg) end end end From 152d31db7f794a6487ba68b2c459d997407e9a0e Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Tue, 30 Oct 2018 12:33:58 -0400 Subject: [PATCH 05/16] Fix unit tests for policy Signed-off-by: Clinton Wolfe --- test/unit/profiles/profile_test.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/test/unit/profiles/profile_test.rb b/test/unit/profiles/profile_test.rb index b1f42b6a2e..953d09b3c6 100644 --- a/test/unit/profiles/profile_test.rb +++ b/test/unit/profiles/profile_test.rb @@ -49,26 +49,26 @@ end describe 'code info' do - let(:profile_id) { 'complete-profile' } + let(:profile_path) { 'complete-profile' } # Id is 'complete' let(:code) { "control 'test01' do\n impact 0.5\n title 'Catchy title'\n desc '\n example.com should always exist.\n '\n describe host('example.com') do\n it { should be_resolvable }\n end\nend\n" } - let(:loc) { {:ref=>"controls/host_spec.rb", :line=>6} } + let(:loc) { {:ref=>"controls/host_spec.rb", :line=>6, :profile_id => 'complete' } } it 'gets code from an uncompressed profile' do - info = MockLoader.load_profile(profile_id).info + info = MockLoader.load_profile(profile_path).info info[:controls][0][:code].must_equal code - loc[:ref] = File.join(MockLoader.profile_path(profile_id), loc[:ref]) + loc[:ref] = File.join(MockLoader.profile_path(profile_path), loc[:ref]) info[:controls][0][:source_location].must_equal loc end it 'gets code on zip profiles' do - path = MockLoader.profile_zip(profile_id) + path = MockLoader.profile_zip(profile_path) info = MockLoader.load_profile(path).info info[:controls][0][:code].must_equal code info[:controls][0][:source_location].must_equal loc end it 'gets code on tgz profiles' do - path = MockLoader.profile_tgz(profile_id) + path = MockLoader.profile_tgz(profile_path) info = MockLoader.load_profile(path).info info[:controls][0][:code].must_equal code info[:controls][0][:source_location].must_equal loc From ace4476cc55d6a6608ae807bbf0a1e8d068a1f87 Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Wed, 31 Oct 2018 18:49:54 -0400 Subject: [PATCH 06/16] Get functional tests passing; ensure inheritance does not trip duplicate warning Signed-off-by: Clinton Wolfe --- lib/inspec/profile.rb | 8 +++- lib/inspec/rule.rb | 15 +++++- lib/inspec/runner.rb | 9 +++- test/functional/inspec_check_test.rb | 47 ++++++++++++++----- test/functional/inspec_exec_test.rb | 44 +++++++++++++---- .../dupe-controls/child/controls/child.rb | 6 +++ .../profiles/dupe-controls/child/inspec.yml | 10 ++++ .../{ => simple}/controls/duplicates.rb | 0 .../dupe-controls/{ => simple}/inspec.yml | 0 .../wrapper-block-include/controls/include.rb | 12 +++++ .../wrapper-block-include/inspec.yml | 13 +++++ .../controls/include.rb | 8 ++++ .../wrapper-simple-include/inspec.yml | 13 +++++ 13 files changed, 161 insertions(+), 24 deletions(-) create mode 100644 test/unit/mock/profiles/dupe-controls/child/controls/child.rb create mode 100644 test/unit/mock/profiles/dupe-controls/child/inspec.yml rename test/unit/mock/profiles/dupe-controls/{ => simple}/controls/duplicates.rb (100%) rename test/unit/mock/profiles/dupe-controls/{ => simple}/inspec.yml (100%) create mode 100644 test/unit/mock/profiles/dupe-controls/wrapper-block-include/controls/include.rb create mode 100644 test/unit/mock/profiles/dupe-controls/wrapper-block-include/inspec.yml create mode 100644 test/unit/mock/profiles/dupe-controls/wrapper-simple-include/controls/include.rb create mode 100644 test/unit/mock/profiles/dupe-controls/wrapper-simple-include/inspec.yml diff --git a/lib/inspec/profile.rb b/lib/inspec/profile.rb index 6969f9cc6e..5d19159c7e 100644 --- a/lib/inspec/profile.rb +++ b/lib/inspec/profile.rb @@ -426,7 +426,13 @@ def check # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metri rule = control[:rule_obj] next unless Inspec::Rule.merge_count(rule) > 0 profile_id = Inspec::Rule.profile_id(rule) - Inspec::Rule.merge_changes(rule).select { |merge_location| merge_location[:profile_id] == profile_id }.each do |location| + merges = Inspec::Rule.merge_changes(rule) + merges = merges.select do |merge_location| + # Look for rules that had a merge within the same profile... + merge_location[:profile_id] == profile_id && + !merge_location[:in_include] # and the merge did not happen in an include/require_controls + end + merges.each do |location| cfile = location[:ref] cline = location[:line] msg = "Control #{id} is duplicated in profile #{profile_id} - clobbered by #{cfile}:#{cline}" diff --git a/lib/inspec/rule.rb b/lib/inspec/rule.rb index 8794dd7733..745d724536 100644 --- a/lib/inspec/rule.rb +++ b/lib/inspec/rule.rb @@ -39,7 +39,7 @@ def initialize(id, profile_id, opts, &block) # not changeable by the user: @__code = nil @__block = block - @__source_location = __get_block_source_location(&block).merge(profile_id: profile_id) + @__source_location = __get_block_source_location(&block).merge(profile_id: profile_id, in_include: __check_for_include) @__rule_id = id @__profile_id = profile_id @__checks = [] @@ -316,5 +316,18 @@ def __get_block_source_location(&block) rescue MethodSource::SourceNotFoundError {} end + + # For duplicate control detection (github 822), + # we must only warn on a control being duplicated when + # it is *not* being overridden. Overrides happen within + # include_control / require control blocks. + # HACK: detect that using the call stack. + def __check_for_include + # A require_contols / include_controls call will be at least 8 frames back; + # the 6 is just a guess for an upper limit. We don't want to look too far + # back - each level of dependency adds about 12 frames. + frames = caller_locations(8, 6).map(&:base_label) + frames.include?('include_controls') || frames.include?('require_controls') + end end end diff --git a/lib/inspec/runner.rb b/lib/inspec/runner.rb index 6351c6d4b5..7d86afb4ba 100644 --- a/lib/inspec/runner.rb +++ b/lib/inspec/runner.rb @@ -103,9 +103,16 @@ def load # rubocop: disable Metrics/AbcSize all_controls.each do |rule| register_rule(rule) unless rule.nil? # Check for duplicate controls and warn + next if Inspec::Rule.merge_count(rule).nil? next unless Inspec::Rule.merge_count(rule) > 0 profile_id = Inspec::Rule.profile_id(rule) - Inspec::Rule.merge_changes(rule).select { |merge_location| merge_location[:profile_id] == profile_id }.each do |location| + merges = Inspec::Rule.merge_changes(rule) + merges = merges.select do |merge_location| + # Look for rules that had a merge within the same profile... + merge_location[:profile_id] == profile_id && + !merge_location[:in_include] # and the merge did not happen in an include/require_controls + end + merges.each do |location| sfile = Inspec::Rule.source_location(rule)[:ref] sline = Inspec::Rule.source_location(rule)[:line] cfile = location[:ref] diff --git a/test/functional/inspec_check_test.rb b/test/functional/inspec_check_test.rb index 42415feeab..11d256206c 100644 --- a/test/functional/inspec_check_test.rb +++ b/test/functional/inspec_check_test.rb @@ -92,20 +92,45 @@ end describe 'inspec check should catch a duplicate control' do - it 'can detect a duplicate control' do - dupe_profile = File.join(profile_path, 'dupe-controls') - run_result = inspec('check ' + dupe_profile + ' --format json') - run_result.exit_status.must_equal 1 - json_result = JSON.parse(run_result.stdout) + describe 'when a simple profile has duplicates' do + it 'can detect a duplicate control' do + dupe_profile = File.join(profile_path, 'dupe-controls', 'simple') + run_result = inspec('check ' + dupe_profile + ' --format json') + run_result.exit_status.must_equal 1 + json_result = JSON.parse(run_result.stdout) + + # Must detect exactly one error + json_result['errors'].count.must_equal 1 + + json_result['errors'][0]['control_id'].must_equal 'dupe-01' # Find the right control + json_result['errors'][0]['msg'].must_include 'is duplicated in profile dupe-controls' # The kernel of the error message + json_result['errors'][0]['msg'].must_include 'clobbered by' # And we tell you that is was overwritten + json_result['errors'][0]['msg'].must_include 'duplicates.rb:12' # And we tell you what overwrote it + end + end + + describe 'when a profile uses include_controls without a block' do + it 'should not detect a duplicate control' do + dupe_profile = File.join(profile_path, 'dupe-controls', 'wrapper-simple-include') + run_result = inspec('check ' + dupe_profile + ' --format json') + run_result.exit_status.must_equal 0 + json_result = JSON.parse(run_result.stdout) - # Must detect exactly one error - json_result['errors'].count.must_equal 1 + # Must detect no errors + json_result['errors'].count.must_equal 0 + end + end - json_result['errors'][0]['control_id'].must_equal 'dupe-01' # Find the right control - json_result['errors'][0]['msg'].must_include 'is duplicated in profile dupe-controls' # The kernel of the error message - json_result['errors'][0]['msg'].must_include 'clobbered by' # And we tell you that is was overwritten - json_result['errors'][0]['msg'].must_include 'duplicates.rb:12' # And we tell you what overwrote it + describe 'when a profile uses include_controls with a block to modify a control' do + it 'should not detect a duplicate control' do + dupe_profile = File.join(profile_path, 'dupe-controls', 'wrapper-block-include') + run_result = inspec('check ' + dupe_profile + ' --format json') + run_result.exit_status.must_equal 0 + json_result = JSON.parse(run_result.stdout) + # Must detect no errors + json_result['errors'].count.must_equal 0 + end end end end diff --git a/test/functional/inspec_exec_test.rb b/test/functional/inspec_exec_test.rb index e3c497a08b..5a8e3ae1f0 100644 --- a/test/functional/inspec_exec_test.rb +++ b/test/functional/inspec_exec_test.rb @@ -526,17 +526,41 @@ end describe 'when using a profile that contains duplicate controls' do - it 'merges the controls and emits a warning' do - dupe_profile = File.join(profile_path, 'dupe-controls') - run_result = inspec('exec ' + dupe_profile) - run_result.exit_status.must_equal 0 + describe 'when it is a simple profile' do + it 'merges the controls and emits a warning' do + dupe_profile = File.join(profile_path, 'dupe-controls', 'simple') + run_result = inspec('exec ' + dupe_profile) + run_result.exit_status.must_equal 0 + + warning = run_result.stdout.split("\n").grep(/WARN.+duplicate/).first + warning.wont_be_nil + warning.must_include 'dupe-01' # Which control + warning.must_include "is duplicated within the same profile 'dupe-controls'" + warning.must_include 'duplicates.rb:1' # the original location + warning.must_include 'duplicates.rb:12' # the duplicate location + end + end - warning = run_result.stdout.split("\n").grep(/WARN.+duplicate/).first - warning.wont_be_nil - warning.must_include 'dupe-01' # Which control - warning.must_include "is duplicated within the same profile 'dupe-controls'" - warning.must_include 'duplicates.rb:1' # the original location - warning.must_include 'duplicates.rb:12' # the duplicate location + describe 'when it is a wrapper profile with a simple include' do + it 'no duplicate is detected' do + dupe_profile = File.join(profile_path, 'dupe-controls', 'wrapper-simple-include') + run_result = inspec('exec ' + dupe_profile) + run_result.exit_status.must_equal 0 + + warning = run_result.stdout.split("\n").grep(/WARN.+duplicate/).first + warning.must_be_nil + end + end + + describe 'when it is a wrapper profile with a block include modifying an inherited control' do + it 'no duplicate is detected' do + dupe_profile = File.join(profile_path, 'dupe-controls', 'wrapper-block-include') + run_result = inspec('exec ' + dupe_profile) + run_result.exit_status.must_equal 0 + + warning = run_result.stdout.split("\n").grep(/WARN.+duplicate/).first + warning.must_be_nil + end end end end diff --git a/test/unit/mock/profiles/dupe-controls/child/controls/child.rb b/test/unit/mock/profiles/dupe-controls/child/controls/child.rb new file mode 100644 index 0000000000..7ee0bffe92 --- /dev/null +++ b/test/unit/mock/profiles/dupe-controls/child/controls/child.rb @@ -0,0 +1,6 @@ +control 'control-01' do + title 'the title set in child' + describe 'describe-01' do + it { should include '01' } + end +end \ No newline at end of file diff --git a/test/unit/mock/profiles/dupe-controls/child/inspec.yml b/test/unit/mock/profiles/dupe-controls/child/inspec.yml new file mode 100644 index 0000000000..89f938e874 --- /dev/null +++ b/test/unit/mock/profiles/dupe-controls/child/inspec.yml @@ -0,0 +1,10 @@ +name: child +title: A simple profile to test inheritance with duplicate control ids +maintainer: The Authors +copyright: The Authors +copyright_email: you@example.com +license: Apache-2.0 +summary: An InSpec Compliance Profile +version: 0.1.0 +supports: + platform: os \ No newline at end of file diff --git a/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb b/test/unit/mock/profiles/dupe-controls/simple/controls/duplicates.rb similarity index 100% rename from test/unit/mock/profiles/dupe-controls/controls/duplicates.rb rename to test/unit/mock/profiles/dupe-controls/simple/controls/duplicates.rb diff --git a/test/unit/mock/profiles/dupe-controls/inspec.yml b/test/unit/mock/profiles/dupe-controls/simple/inspec.yml similarity index 100% rename from test/unit/mock/profiles/dupe-controls/inspec.yml rename to test/unit/mock/profiles/dupe-controls/simple/inspec.yml diff --git a/test/unit/mock/profiles/dupe-controls/wrapper-block-include/controls/include.rb b/test/unit/mock/profiles/dupe-controls/wrapper-block-include/controls/include.rb new file mode 100644 index 0000000000..0363f5f64b --- /dev/null +++ b/test/unit/mock/profiles/dupe-controls/wrapper-block-include/controls/include.rb @@ -0,0 +1,12 @@ +include_controls 'child' do + control 'control-01' do + title 'title set in wrapper-block-include, inside the block' + end +end + +control 'control-01' do + title 'the title set in wrapper-block-include, outside the block' + describe 'describe-01' do + it { should include '01' } + end +end \ No newline at end of file diff --git a/test/unit/mock/profiles/dupe-controls/wrapper-block-include/inspec.yml b/test/unit/mock/profiles/dupe-controls/wrapper-block-include/inspec.yml new file mode 100644 index 0000000000..1a752836c7 --- /dev/null +++ b/test/unit/mock/profiles/dupe-controls/wrapper-block-include/inspec.yml @@ -0,0 +1,13 @@ +name: wrapper-simple-include +title: A simple InSpec Profile to test inheritance with duplicate control IDs with an include block +maintainer: The Authors +copyright: The Authors +copyright_email: you@example.com +license: Apache-2.0 +summary: An InSpec Compliance Profile +version: 0.1.0 +supports: + platform: os +depends: + - name: child + path: ../child \ No newline at end of file diff --git a/test/unit/mock/profiles/dupe-controls/wrapper-simple-include/controls/include.rb b/test/unit/mock/profiles/dupe-controls/wrapper-simple-include/controls/include.rb new file mode 100644 index 0000000000..39a1a4ae58 --- /dev/null +++ b/test/unit/mock/profiles/dupe-controls/wrapper-simple-include/controls/include.rb @@ -0,0 +1,8 @@ +include_controls 'child' + +control 'control-01' do + title 'the title set in wrapper-simple-include' + describe 'describe-01' do + it { should include '01' } + end +end \ No newline at end of file diff --git a/test/unit/mock/profiles/dupe-controls/wrapper-simple-include/inspec.yml b/test/unit/mock/profiles/dupe-controls/wrapper-simple-include/inspec.yml new file mode 100644 index 0000000000..eb78604fa8 --- /dev/null +++ b/test/unit/mock/profiles/dupe-controls/wrapper-simple-include/inspec.yml @@ -0,0 +1,13 @@ +name: wrapper-simple-include +title: A simple InSpec Profile to test inheritance with duplicate control IDs with a bare include +maintainer: The Authors +copyright: The Authors +copyright_email: you@example.com +license: Apache-2.0 +summary: An InSpec Compliance Profile +version: 0.1.0 +supports: + platform: os +depends: + - name: child + path: ../child \ No newline at end of file From 9c7897a9a6e99d1d8e2f8efb01dc35729487decc Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Thu, 1 Nov 2018 22:46:39 -0400 Subject: [PATCH 07/16] Fix unit tests again, now to include in_include flag Signed-off-by: Clinton Wolfe --- test/unit/profiles/profile_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/unit/profiles/profile_test.rb b/test/unit/profiles/profile_test.rb index 953d09b3c6..47dd70a85e 100644 --- a/test/unit/profiles/profile_test.rb +++ b/test/unit/profiles/profile_test.rb @@ -51,7 +51,7 @@ describe 'code info' do let(:profile_path) { 'complete-profile' } # Id is 'complete' let(:code) { "control 'test01' do\n impact 0.5\n title 'Catchy title'\n desc '\n example.com should always exist.\n '\n describe host('example.com') do\n it { should be_resolvable }\n end\nend\n" } - let(:loc) { {:ref=>"controls/host_spec.rb", :line=>6, :profile_id => 'complete' } } + let(:loc) { {:ref=>"controls/host_spec.rb", :line=>6, :profile_id => 'complete', :in_include => false } } it 'gets code from an uncompressed profile' do info = MockLoader.load_profile(profile_path).info From 6697281d6a02e28eb47e9bf9173a8745a6e959a4 Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Thu, 1 Nov 2018 23:06:34 -0400 Subject: [PATCH 08/16] Adjust test to get more helpful output in travisci Signed-off-by: Clinton Wolfe --- test/functional/inspec_check_test.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/functional/inspec_check_test.rb b/test/functional/inspec_check_test.rb index 11d256206c..74e5f39f37 100644 --- a/test/functional/inspec_check_test.rb +++ b/test/functional/inspec_check_test.rb @@ -125,8 +125,9 @@ it 'should not detect a duplicate control' do dupe_profile = File.join(profile_path, 'dupe-controls', 'wrapper-block-include') run_result = inspec('check ' + dupe_profile + ' --format json') - run_result.exit_status.must_equal 0 + run_result.stderr.must_be_empty json_result = JSON.parse(run_result.stdout) + run_result.exit_status.must_equal 0 # Must detect no errors json_result['errors'].count.must_equal 0 From 19dedbc5bbc89be3e04b65629438226182ed4dbc Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Thu, 1 Nov 2018 23:27:30 -0400 Subject: [PATCH 09/16] Adjust test to get more helpful output in travisci Signed-off-by: Clinton Wolfe --- test/functional/inspec_check_test.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/test/functional/inspec_check_test.rb b/test/functional/inspec_check_test.rb index 74e5f39f37..5e4f1dc771 100644 --- a/test/functional/inspec_check_test.rb +++ b/test/functional/inspec_check_test.rb @@ -126,6 +126,7 @@ dupe_profile = File.join(profile_path, 'dupe-controls', 'wrapper-block-include') run_result = inspec('check ' + dupe_profile + ' --format json') run_result.stderr.must_be_empty + run_result.stdout.must_be_empty # only in place to trigger output in travisci json_result = JSON.parse(run_result.stdout) run_result.exit_status.must_equal 0 From 32c1a1088bdf9b661db16e176decbe22a9976cf4 Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Fri, 2 Nov 2018 00:07:09 -0400 Subject: [PATCH 10/16] Adjust test to get more helpful output in travisci Signed-off-by: Clinton Wolfe --- test/functional/inspec_check_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/functional/inspec_check_test.rb b/test/functional/inspec_check_test.rb index 5e4f1dc771..badcb392b0 100644 --- a/test/functional/inspec_check_test.rb +++ b/test/functional/inspec_check_test.rb @@ -114,6 +114,8 @@ dupe_profile = File.join(profile_path, 'dupe-controls', 'wrapper-simple-include') run_result = inspec('check ' + dupe_profile + ' --format json') run_result.exit_status.must_equal 0 + run_result.stderr.must_be_empty + run_result.stdout.must_be_empty # only in place to trigger output in travisci json_result = JSON.parse(run_result.stdout) # Must detect no errors @@ -125,8 +127,6 @@ it 'should not detect a duplicate control' do dupe_profile = File.join(profile_path, 'dupe-controls', 'wrapper-block-include') run_result = inspec('check ' + dupe_profile + ' --format json') - run_result.stderr.must_be_empty - run_result.stdout.must_be_empty # only in place to trigger output in travisci json_result = JSON.parse(run_result.stdout) run_result.exit_status.must_equal 0 From dd7ca9839aab65d5e3f91646f93a945e1030f5fb Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Fri, 2 Nov 2018 12:51:38 -0400 Subject: [PATCH 11/16] Add descriptions, perhaps that was triggering the failure Signed-off-by: Clinton Wolfe --- test/functional/inspec_check_test.rb | 3 +-- test/unit/mock/profiles/dupe-controls/child/controls/child.rb | 1 + .../mock/profiles/dupe-controls/simple/controls/duplicates.rb | 4 ++++ .../dupe-controls/wrapper-block-include/controls/include.rb | 2 ++ .../dupe-controls/wrapper-simple-include/controls/include.rb | 1 + 5 files changed, 9 insertions(+), 2 deletions(-) diff --git a/test/functional/inspec_check_test.rb b/test/functional/inspec_check_test.rb index badcb392b0..131b596220 100644 --- a/test/functional/inspec_check_test.rb +++ b/test/functional/inspec_check_test.rb @@ -105,7 +105,7 @@ json_result['errors'][0]['control_id'].must_equal 'dupe-01' # Find the right control json_result['errors'][0]['msg'].must_include 'is duplicated in profile dupe-controls' # The kernel of the error message json_result['errors'][0]['msg'].must_include 'clobbered by' # And we tell you that is was overwritten - json_result['errors'][0]['msg'].must_include 'duplicates.rb:12' # And we tell you what overwrote it + json_result['errors'][0]['msg'].must_include 'duplicates.rb:14' # And we tell you what overwrote it end end @@ -115,7 +115,6 @@ run_result = inspec('check ' + dupe_profile + ' --format json') run_result.exit_status.must_equal 0 run_result.stderr.must_be_empty - run_result.stdout.must_be_empty # only in place to trigger output in travisci json_result = JSON.parse(run_result.stdout) # Must detect no errors diff --git a/test/unit/mock/profiles/dupe-controls/child/controls/child.rb b/test/unit/mock/profiles/dupe-controls/child/controls/child.rb index 7ee0bffe92..f9667f2157 100644 --- a/test/unit/mock/profiles/dupe-controls/child/controls/child.rb +++ b/test/unit/mock/profiles/dupe-controls/child/controls/child.rb @@ -1,5 +1,6 @@ control 'control-01' do title 'the title set in child' + description 'something' describe 'describe-01' do it { should include '01' } end diff --git a/test/unit/mock/profiles/dupe-controls/simple/controls/duplicates.rb b/test/unit/mock/profiles/dupe-controls/simple/controls/duplicates.rb index 6008e5a6d4..d4ae64933f 100644 --- a/test/unit/mock/profiles/dupe-controls/simple/controls/duplicates.rb +++ b/test/unit/mock/profiles/dupe-controls/simple/controls/duplicates.rb @@ -1,6 +1,8 @@ control 'dupe-01' do impact 1 title 'dupe-01-title-one' + description 'something' + desc 'collision', 'one' desc 'uniq-one', 'one' @@ -12,6 +14,8 @@ control 'dupe-01' do impact 0 title 'dupe-01-title-two' + description 'something' + desc 'collision', 'two' desc 'uniq-two', 'two' diff --git a/test/unit/mock/profiles/dupe-controls/wrapper-block-include/controls/include.rb b/test/unit/mock/profiles/dupe-controls/wrapper-block-include/controls/include.rb index 0363f5f64b..6771aea3df 100644 --- a/test/unit/mock/profiles/dupe-controls/wrapper-block-include/controls/include.rb +++ b/test/unit/mock/profiles/dupe-controls/wrapper-block-include/controls/include.rb @@ -1,11 +1,13 @@ include_controls 'child' do control 'control-01' do title 'title set in wrapper-block-include, inside the block' + description 'something' end end control 'control-01' do title 'the title set in wrapper-block-include, outside the block' + description 'something' describe 'describe-01' do it { should include '01' } end diff --git a/test/unit/mock/profiles/dupe-controls/wrapper-simple-include/controls/include.rb b/test/unit/mock/profiles/dupe-controls/wrapper-simple-include/controls/include.rb index 39a1a4ae58..3a70c34095 100644 --- a/test/unit/mock/profiles/dupe-controls/wrapper-simple-include/controls/include.rb +++ b/test/unit/mock/profiles/dupe-controls/wrapper-simple-include/controls/include.rb @@ -2,6 +2,7 @@ control 'control-01' do title 'the title set in wrapper-simple-include' + description 'something' describe 'describe-01' do it { should include '01' } end From fd05aa80a17614c03fe14c0abbb0ae8c645a1c8b Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Mon, 29 Oct 2018 17:45:34 -0400 Subject: [PATCH 12/16] Failing functional test for duplicate controls Signed-off-by: Clinton Wolfe --- .../dupe-controls/controls/duplicates.rb | 23 +++++++++++++++++++ .../mock/profiles/dupe-controls/inspec.yml | 10 ++++++++ 2 files changed, 33 insertions(+) create mode 100644 test/unit/mock/profiles/dupe-controls/controls/duplicates.rb create mode 100644 test/unit/mock/profiles/dupe-controls/inspec.yml diff --git a/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb b/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb new file mode 100644 index 0000000000..b010bcc0f1 --- /dev/null +++ b/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb @@ -0,0 +1,23 @@ +control 'dupe-01' do + impact 1 + title 'dupe-01-title-one' + desc 'default-one' + description 'collision', 'one' + description 'uniq-one', 'one' + + describe true do + it { should eq true } + end +end + +control 'dupe-01' do + impact 0 + title 'dupe-01-title-two' + desc 'default-two' + description 'collision', 'two' + description 'uniq-two', 'two' + + describe true do + it { should eq false } + end +end \ No newline at end of file diff --git a/test/unit/mock/profiles/dupe-controls/inspec.yml b/test/unit/mock/profiles/dupe-controls/inspec.yml new file mode 100644 index 0000000000..39d35ef114 --- /dev/null +++ b/test/unit/mock/profiles/dupe-controls/inspec.yml @@ -0,0 +1,10 @@ +name: dupe-controls +title: A profile containing duplicated controls, refs github issue 822 +maintainer: The Authors +copyright: The Authors +copyright_email: you@example.com +license: Apache-2.0 +summary: An InSpec Compliance Profile +version: 0.1.0 +supports: + platform: os \ No newline at end of file From 112edbb0d9f98836f8c0de8a10ec58271aea355a Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Mon, 29 Oct 2018 19:58:21 -0400 Subject: [PATCH 13/16] inspec check will now error on duplicate IDs Signed-off-by: Clinton Wolfe --- .../mock/profiles/dupe-controls/controls/duplicates.rb | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb b/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb index b010bcc0f1..276851fc47 100644 --- a/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb +++ b/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb @@ -1,9 +1,8 @@ control 'dupe-01' do impact 1 title 'dupe-01-title-one' - desc 'default-one' - description 'collision', 'one' - description 'uniq-one', 'one' + desc 'collision', 'one' + desc 'uniq-one', 'one' describe true do it { should eq true } @@ -13,9 +12,8 @@ control 'dupe-01' do impact 0 title 'dupe-01-title-two' - desc 'default-two' - description 'collision', 'two' - description 'uniq-two', 'two' + desc 'collision', 'two' + desc 'uniq-two', 'two' describe true do it { should eq false } From 19e46957a3781433e967e47938217f49dbb87621 Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Mon, 29 Oct 2018 20:25:27 -0400 Subject: [PATCH 14/16] Add a warning to inspec exec Signed-off-by: Clinton Wolfe --- test/unit/mock/profiles/dupe-controls/controls/duplicates.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb b/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb index 276851fc47..6008e5a6d4 100644 --- a/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb +++ b/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb @@ -5,7 +5,7 @@ desc 'uniq-one', 'one' describe true do - it { should eq true } + it { should eq false } end end @@ -16,6 +16,6 @@ desc 'uniq-two', 'two' describe true do - it { should eq false } + it { should eq true } end end \ No newline at end of file From 58332dee6a61c6fee13ee6f2cd12c7f9234db2dc Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Wed, 31 Oct 2018 18:49:54 -0400 Subject: [PATCH 15/16] Get functional tests passing; ensure inheritance does not trip duplicate warning Signed-off-by: Clinton Wolfe --- .../dupe-controls/child/controls/child.rb | 3 +++ .../dupe-controls/controls/duplicates.rb | 21 ------------------- .../mock/profiles/dupe-controls/inspec.yml | 10 --------- .../simple/controls/duplicates.rb | 4 ---- .../wrapper-block-include/controls/include.rb | 6 ++++++ .../controls/include.rb | 3 +++ 6 files changed, 12 insertions(+), 35 deletions(-) delete mode 100644 test/unit/mock/profiles/dupe-controls/controls/duplicates.rb delete mode 100644 test/unit/mock/profiles/dupe-controls/inspec.yml diff --git a/test/unit/mock/profiles/dupe-controls/child/controls/child.rb b/test/unit/mock/profiles/dupe-controls/child/controls/child.rb index f9667f2157..9bdbf5f197 100644 --- a/test/unit/mock/profiles/dupe-controls/child/controls/child.rb +++ b/test/unit/mock/profiles/dupe-controls/child/controls/child.rb @@ -1,6 +1,9 @@ control 'control-01' do title 'the title set in child' +<<<<<<< HEAD description 'something' +======= +>>>>>>> Get functional tests passing; ensure inheritance does not trip duplicate warning describe 'describe-01' do it { should include '01' } end diff --git a/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb b/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb deleted file mode 100644 index 6008e5a6d4..0000000000 --- a/test/unit/mock/profiles/dupe-controls/controls/duplicates.rb +++ /dev/null @@ -1,21 +0,0 @@ -control 'dupe-01' do - impact 1 - title 'dupe-01-title-one' - desc 'collision', 'one' - desc 'uniq-one', 'one' - - describe true do - it { should eq false } - end -end - -control 'dupe-01' do - impact 0 - title 'dupe-01-title-two' - desc 'collision', 'two' - desc 'uniq-two', 'two' - - describe true do - it { should eq true } - end -end \ No newline at end of file diff --git a/test/unit/mock/profiles/dupe-controls/inspec.yml b/test/unit/mock/profiles/dupe-controls/inspec.yml deleted file mode 100644 index 39d35ef114..0000000000 --- a/test/unit/mock/profiles/dupe-controls/inspec.yml +++ /dev/null @@ -1,10 +0,0 @@ -name: dupe-controls -title: A profile containing duplicated controls, refs github issue 822 -maintainer: The Authors -copyright: The Authors -copyright_email: you@example.com -license: Apache-2.0 -summary: An InSpec Compliance Profile -version: 0.1.0 -supports: - platform: os \ No newline at end of file diff --git a/test/unit/mock/profiles/dupe-controls/simple/controls/duplicates.rb b/test/unit/mock/profiles/dupe-controls/simple/controls/duplicates.rb index d4ae64933f..6008e5a6d4 100644 --- a/test/unit/mock/profiles/dupe-controls/simple/controls/duplicates.rb +++ b/test/unit/mock/profiles/dupe-controls/simple/controls/duplicates.rb @@ -1,8 +1,6 @@ control 'dupe-01' do impact 1 title 'dupe-01-title-one' - description 'something' - desc 'collision', 'one' desc 'uniq-one', 'one' @@ -14,8 +12,6 @@ control 'dupe-01' do impact 0 title 'dupe-01-title-two' - description 'something' - desc 'collision', 'two' desc 'uniq-two', 'two' diff --git a/test/unit/mock/profiles/dupe-controls/wrapper-block-include/controls/include.rb b/test/unit/mock/profiles/dupe-controls/wrapper-block-include/controls/include.rb index 6771aea3df..9bae4e35da 100644 --- a/test/unit/mock/profiles/dupe-controls/wrapper-block-include/controls/include.rb +++ b/test/unit/mock/profiles/dupe-controls/wrapper-block-include/controls/include.rb @@ -1,13 +1,19 @@ include_controls 'child' do control 'control-01' do title 'title set in wrapper-block-include, inside the block' +<<<<<<< HEAD description 'something' +======= +>>>>>>> Get functional tests passing; ensure inheritance does not trip duplicate warning end end control 'control-01' do title 'the title set in wrapper-block-include, outside the block' +<<<<<<< HEAD description 'something' +======= +>>>>>>> Get functional tests passing; ensure inheritance does not trip duplicate warning describe 'describe-01' do it { should include '01' } end diff --git a/test/unit/mock/profiles/dupe-controls/wrapper-simple-include/controls/include.rb b/test/unit/mock/profiles/dupe-controls/wrapper-simple-include/controls/include.rb index 3a70c34095..a35db8d024 100644 --- a/test/unit/mock/profiles/dupe-controls/wrapper-simple-include/controls/include.rb +++ b/test/unit/mock/profiles/dupe-controls/wrapper-simple-include/controls/include.rb @@ -2,7 +2,10 @@ control 'control-01' do title 'the title set in wrapper-simple-include' +<<<<<<< HEAD description 'something' +======= +>>>>>>> Get functional tests passing; ensure inheritance does not trip duplicate warning describe 'describe-01' do it { should include '01' } end From 1cadfb8d5e37ef7880fc873181e1eae8d01abbba Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Fri, 2 Nov 2018 12:51:38 -0400 Subject: [PATCH 16/16] Add descriptions, perhaps that was triggering the failure Signed-off-by: Clinton Wolfe --- .../mock/profiles/dupe-controls/child/controls/child.rb | 3 --- .../profiles/dupe-controls/simple/controls/duplicates.rb | 4 ++++ .../dupe-controls/wrapper-block-include/controls/include.rb | 6 ------ .../wrapper-simple-include/controls/include.rb | 3 --- 4 files changed, 4 insertions(+), 12 deletions(-) diff --git a/test/unit/mock/profiles/dupe-controls/child/controls/child.rb b/test/unit/mock/profiles/dupe-controls/child/controls/child.rb index 9bdbf5f197..f9667f2157 100644 --- a/test/unit/mock/profiles/dupe-controls/child/controls/child.rb +++ b/test/unit/mock/profiles/dupe-controls/child/controls/child.rb @@ -1,9 +1,6 @@ control 'control-01' do title 'the title set in child' -<<<<<<< HEAD description 'something' -======= ->>>>>>> Get functional tests passing; ensure inheritance does not trip duplicate warning describe 'describe-01' do it { should include '01' } end diff --git a/test/unit/mock/profiles/dupe-controls/simple/controls/duplicates.rb b/test/unit/mock/profiles/dupe-controls/simple/controls/duplicates.rb index 6008e5a6d4..d4ae64933f 100644 --- a/test/unit/mock/profiles/dupe-controls/simple/controls/duplicates.rb +++ b/test/unit/mock/profiles/dupe-controls/simple/controls/duplicates.rb @@ -1,6 +1,8 @@ control 'dupe-01' do impact 1 title 'dupe-01-title-one' + description 'something' + desc 'collision', 'one' desc 'uniq-one', 'one' @@ -12,6 +14,8 @@ control 'dupe-01' do impact 0 title 'dupe-01-title-two' + description 'something' + desc 'collision', 'two' desc 'uniq-two', 'two' diff --git a/test/unit/mock/profiles/dupe-controls/wrapper-block-include/controls/include.rb b/test/unit/mock/profiles/dupe-controls/wrapper-block-include/controls/include.rb index 9bae4e35da..6771aea3df 100644 --- a/test/unit/mock/profiles/dupe-controls/wrapper-block-include/controls/include.rb +++ b/test/unit/mock/profiles/dupe-controls/wrapper-block-include/controls/include.rb @@ -1,19 +1,13 @@ include_controls 'child' do control 'control-01' do title 'title set in wrapper-block-include, inside the block' -<<<<<<< HEAD description 'something' -======= ->>>>>>> Get functional tests passing; ensure inheritance does not trip duplicate warning end end control 'control-01' do title 'the title set in wrapper-block-include, outside the block' -<<<<<<< HEAD description 'something' -======= ->>>>>>> Get functional tests passing; ensure inheritance does not trip duplicate warning describe 'describe-01' do it { should include '01' } end diff --git a/test/unit/mock/profiles/dupe-controls/wrapper-simple-include/controls/include.rb b/test/unit/mock/profiles/dupe-controls/wrapper-simple-include/controls/include.rb index a35db8d024..3a70c34095 100644 --- a/test/unit/mock/profiles/dupe-controls/wrapper-simple-include/controls/include.rb +++ b/test/unit/mock/profiles/dupe-controls/wrapper-simple-include/controls/include.rb @@ -2,10 +2,7 @@ control 'control-01' do title 'the title set in wrapper-simple-include' -<<<<<<< HEAD description 'something' -======= ->>>>>>> Get functional tests passing; ensure inheritance does not trip duplicate warning describe 'describe-01' do it { should include '01' } end