From b942ed3f0bb63763c3d6a7e6a64d2b8aa6b1843f Mon Sep 17 00:00:00 2001
From: Devendra Turkar <devendra.turkar@iiitb.org>
Date: Thu, 2 Feb 2023 14:02:27 +0530
Subject: [PATCH] bugfix: false negative when audit_config is defined along
 with audit and config file not found (#1367)

Suppress the file not found error only when we have audit or auditEnv is defined and they have valid output captured.
As, we already have output from audit command. So we can proceed for our tests even though we didnt find config file.
file not found error: `failed to run: "/test/config.yaml", output: "/bin/sh: line 1: /test/config.yaml: No such file or directory\n", error: exit status 127`

Resolve: #1364
---
 check/check.go      | 12 ++++++++++--
 check/check_test.go | 25 +++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/check/check.go b/check/check.go
index 06fac05..cec1079 100644
--- a/check/check.go
+++ b/check/check.go
@@ -208,6 +208,14 @@ func (c *Check) runAuditCommands() (lastCommand string, err error) {
 	}
 
 	c.AuditConfigOutput, err = runAudit(c.AuditConfig)
+	// when file not found then error comes as exit status 127
+	if err != nil && strings.Contains(err.Error(), "exit status 127") &&
+		(c.AuditEnvOutput != "" || c.AuditOutput != "") {
+		// suppress file not found error when there is Audit OR auditEnv output present
+		glog.V(3).Info(err)
+		err = nil
+		c.AuditConfigOutput = ""
+	}
 	return c.AuditConfig, err
 }
 
@@ -227,8 +235,8 @@ func (c *Check) execute() (finalOutput *testOutput, err error) {
 		t.auditUsed = AuditCommand
 		result := *(t.execute(c.AuditOutput))
 
-		// Check for AuditConfigOutput only if AuditConfig is set
-		if !result.flagFound && c.AuditConfig != "" {
+		// Check for AuditConfigOutput only if AuditConfig is set and auditConfigOutput is not empty
+		if !result.flagFound && c.AuditConfig != "" && c.AuditConfigOutput != "" {
 			// t.isConfigSetting = true
 			t.auditUsed = AuditConfig
 			result = *(t.execute(c.AuditConfigOutput))
diff --git a/check/check_test.go b/check/check_test.go
index 79eb046..124e6f9 100644
--- a/check/check_test.go
+++ b/check/check_test.go
@@ -69,6 +69,31 @@ func TestCheck_Run(t *testing.T) {
 			},
 			Expected: PASS,
 		},
+		{
+			name: "Scored checks that pass should PASS when config file is not present",
+			check: Check{
+				Scored:      true,
+				Audit:       "echo hello",
+				AuditConfig: "/test/config.yaml",
+				Tests: &tests{TestItems: []*testItem{{
+					Flag: "hello",
+					Set:  true,
+				}}},
+			},
+			Expected: PASS,
+		},
+		{
+			name: "Scored checks that pass should FAIL when config file is not present",
+			check: Check{
+				Scored:      true,
+				AuditConfig: "/test/config.yaml",
+				Tests: &tests{TestItems: []*testItem{{
+					Flag: "hello",
+					Set:  true,
+				}}},
+			},
+			Expected: FAIL,
+		},
 	}
 
 	for _, testCase := range testCases {