From af0eadc792db314478cda46be1ba3a10da8d0f07 Mon Sep 17 00:00:00 2001
From: Liz Rice <liz@lizrice.com>
Date: Tue, 15 Aug 2017 18:34:07 +0100
Subject: [PATCH] Add a couple more tests for file permission checks

---
 check/data         | 22 ++++++++++++++++++++++
 check/test_test.go |  8 ++++++++
 2 files changed, 30 insertions(+)

diff --git a/check/data b/check/data
index 73575b3..1e88841 100644
--- a/check/data
+++ b/check/data
@@ -94,3 +94,25 @@ groups:
             op: eq
             value: "644"
           set: true
+
+    - id: 9
+      text: "test permissions"
+      audit: "/bin/sh -c 'if test -e $config; then stat -c %a $config; fi'"
+      tests:
+        bin_op: or
+        test_items:
+        - flag: "644"
+          compare:
+            op: eq
+            value: "644"
+          set: true
+        - flag: "640"
+          compare:
+            op: eq
+            value: "640"
+          set: true
+        - flag: "600"
+          compare:
+            op: eq
+            value: "600"
+          set: true
diff --git a/check/test_test.go b/check/test_test.go
index f605309..a0228c2 100644
--- a/check/test_test.go
+++ b/check/test_test.go
@@ -86,6 +86,14 @@ func TestTestExecute(t *testing.T) {
 			controls.Groups[0].Checks[8],
 			"644",
 		},
+		{
+			controls.Groups[0].Checks[9],
+			"640",
+		},
+		{
+			controls.Groups[0].Checks[9],
+			"600",
+		},
 	}
 
 	for _, c := range cases {