bugfix: false negative when audit_config is defined along with audit and config file not found (#1367)

Suppress the file not found error only when we have audit or auditEnv is defined and they have valid output captured. As, we already have output from audit command. So we can proceed for our tests even though we didnt find config file. file not found error: `failed to run: "/test/config.yaml", output: "/bin/sh: line 1: /test/config.yaml: No such file or directory\n", error: exit status 127` Resolve: #1364
1 year ago · b942ed3f0b
parent e1d1053358
commit b942ed3f0b
2 changed files with 35 additions and 2 deletions
--- a/check/check.go
+++ b/check/check.go
@ -208,6 +208,14 @@ func (c *Check) runAuditCommands() (lastCommand string, err error) {
 	}

 	c.AuditConfigOutput, err = runAudit(c.AuditConfig)
+	// when file not found then error comes as exit status 127
+	if err != nil && strings.Contains(err.Error(), "exit status 127") &&
+		(c.AuditEnvOutput != "" || c.AuditOutput != "") {
+		// suppress file not found error when there is Audit OR auditEnv output present
+		glog.V(3).Info(err)
+		err = nil
+		c.AuditConfigOutput = ""
+	}
 	return c.AuditConfig, err
 }

@ -227,8 +235,8 @@ func (c *Check) execute() (finalOutput *testOutput, err error) {
 		t.auditUsed = AuditCommand
 		result := *(t.execute(c.AuditOutput))

-		// Check for AuditConfigOutput only if AuditConfig is set
-		if !result.flagFound && c.AuditConfig != "" {
+		// Check for AuditConfigOutput only if AuditConfig is set and auditConfigOutput is not empty
+		if !result.flagFound && c.AuditConfig != "" && c.AuditConfigOutput != "" {
 			// t.isConfigSetting = true
 			t.auditUsed = AuditConfig
 			result = *(t.execute(c.AuditConfigOutput))
--- a/check/check_test.go
+++ b/check/check_test.go
@ -69,6 +69,31 @@ func TestCheck_Run(t *testing.T) {
 			},
 			Expected: PASS,
 		},
+		{
+			name: "Scored checks that pass should PASS when config file is not present",
+			check: Check{
+				Scored:      true,
+				Audit:       "echo hello",
+				AuditConfig: "/test/config.yaml",
+				Tests: &tests{TestItems: []*testItem{{
+					Flag: "hello",
+					Set:  true,
+				}}},
+			},
+			Expected: PASS,
+		},
+		{
+			name: "Scored checks that pass should FAIL when config file is not present",
+			check: Check{
+				Scored:      true,
+				AuditConfig: "/test/config.yaml",
+				Tests: &tests{TestItems: []*testItem{{
+					Flag: "hello",
+					Set:  true,
+				}}},
+			},
+			Expected: FAIL,
+		},
 	}

 	for _, testCase := range testCases {