You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
V-73391 performs excessive iterations as a result of two factors: describe.one blocks around each describe block, and acl_rule looping within each describe set. This results in each acl_rule being evaluated against every describe set causing multiple failures for each acl_rule.
describe.one do
acl_rules.each do |acl_rule|
describe "Audit rule property for principal: #{acl_rule['IdentityReference']}" do
subject { acl_rule }
its(['AuditFlags']) { should cmp "Fail" }
its(['IdentityReference']) { should cmp "Everyone" }
its(['ActiveDirectoryRights']) { should cmp "GenericAll" }
its(['InheritanceFlags']) { should cmp "None" }
its(['InheritanceType']) { should cmp "None" }
its(['PropagationFlags']) { should cmp "None" }
end
end
end
describe.one do
acl_rules.each do |acl_rule|
describe "Audit rule property for principal: #{acl_rule['IdentityReference']}" do
subject { acl_rule }
its(['AuditFlags']) { should cmp "Success" }
its(['IdentityReference']) { should cmp "Everyone" }
its(['ActiveDirectoryRights']) { should cmp "WriteProperty" }
its(['InheritanceFlags']) { should cmp "ContainerInherit" }
its(['InheritanceType']) { should cmp "All" }
its(['PropagationFlags']) { should cmp "None" }
end
end
end
describe.one do
acl_rules.each do |acl_rule|
describe "Audit rule property for principal: #{acl_rule['IdentityReference']}" do
Suggested resolution:
A single describe.one block should encapsulate all of the describe sets, and the acl_rules loop be moved outside the describe.one block. This would ensure each acl_rule matches one of the describe sets or fail.
The text was updated successfully, but these errors were encountered:
slipthebit
added a commit
to slipthebit/microsoft-windows-server-2016-stig-baseline
that referenced
this issue
Mar 18, 2021
V-73391 performs excessive iterations as a result of two factors:
describe.one
blocks around each describe block, and acl_rule looping within each describe set. This results in each acl_rule being evaluated against every describe set causing multiple failures for each acl_rule.https://docs.chef.io/inspec/dsl_inspec/#describeone-usage-notes
Suggested resolution:
A single
describe.one
block should encapsulate all of the describe sets, and theacl_rules
loop be moved outside thedescribe.one
block. This would ensure each acl_rule matches one of the describe sets or fail.The text was updated successfully, but these errors were encountered: