update 140, 174

mitre · May 7, 2024 · 2816aff · 2816aff
1 parent 2c569b9
commit 2816aff
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 9 deletions.
diff --git a/spec/ansible/roles/mongo-stig/tasks/cat2.yml b/spec/ansible/roles/mongo-stig/tasks/cat2.yml
@@ -765,13 +765,6 @@
     - enterprise
     - manual
 
-# - name: "MEDIUM | SV-252174 | MongoDB must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status."
-#   command: true
-#   ignore_errors: true
-#   tags:
-#     - cat2
-#     - medium
-#     - SV-252174
 - name: "MEDIUM | SV-252174 | MongoDB must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status."
   vars:
     reg_mongo_users_174: []

diff --git a/spec/mongo-inspec-profile/controls/SV-252140.rb b/spec/mongo-inspec-profile/controls/SV-252140.rb
@@ -67,7 +67,7 @@
 
   get_system_users = "EJSON.stringify(db.system.users.find().toArray())"
 
-  run_get_system_users = "mongosh \"mongodb://#{input('mongo_dba')}:#{input('mongo_dba_password')}@#{input('mongo_host')}:#{input('mongo_port')}/#{input'mongo_auth_source'}?authSource=#{input'mongo_auth_source'}&tls=true&tlsCAFile=#{input('ca_file')}&tlsCertificateKeyFile=#{input('certificate_key_file')}\" --quiet --eval \"#{get_system_users}\""
+  run_get_system_users = "mongosh \"mongodb://#{input('mongo_dba')}:#{input('mongo_dba_password')}@#{input('mongo_host')}:#{input('mongo_port')}/admin?authSource=#{input'mongo_auth_source'}&tls=true&tlsCAFile=#{input('ca_file')}&tlsCertificateKeyFile=#{input('certificate_key_file')}\" --quiet --eval \"#{get_system_users}\""
 
   system_users = json({command: run_get_system_users}).params
 

diff --git a/spec/mongo-inspec-profile/controls/SV-252174.rb b/spec/mongo-inspec-profile/controls/SV-252174.rb
@@ -89,7 +89,7 @@
 
         describe "Role '#{role}' of user #{user['_id']} does not have privileges for 'createCollection' and 'changeStream', and" do
           subject { all_actions }
-          it { should_not be_in ["createCollection", "changeStream"] }
+          it { should_not be_in input('inappropriate_mongo_privileges') }
         end
       end
     end