Comments (7)
So I guess what we need to consider is if we're unable to determine the state of a control, it definitely shouldn't be passed. :-)
from inspec.
So does that make sense to everyone if the requirement is not able to be bucketed into one of the four known states it defaults to an error state. And since we use metadata - backtrace waiver etc - or the test status data in the results array to determine that state when we don't have the metadata or the results we of course are in the unknown error state, and the only thing we do know is no results were produced by this control. And therefore that's all we can report error and there are no test results. Please review your control to ensure proper logic and function.
from inspec.
@Nik08 what do you think?
from inspec.
I agree that from a point of style guide, it could be part of error.
But I also think this could be an add-on to the not reviewed condition - if the results are empty since that control has been skipped entirely.
from inspec.
Just tried this out, if there are multiple controls, where some are within conditions and some not.
Then in that case, determining a conditionalised control (with condition returning false), from results
is not possible. Since the data for that control is not appended in results
. So handling such a conditionalised control (with condition returning false) in case of multiple controls does not seem very straightforward to me.
And the case when results are nil (In case if control file is empty or condition is false around control), we by default return passed
status, which could be improved. Here base.rb#L126
from inspec.
I think what I'm pointing out here is that the state should be defaulted to, at best, not reviewed, but in my opinion error, if the function that's supposed to determine the status of the control in any of our defined known states doesn't return with a result. In reality, we should never get to that else clause and if we do, it's because there's a problem.
As you pointed out in the line with in the base class.
If the control does not have any describe blocks it's usually because they are not evaluated due to the conditional. I'm not sure the default behavior should be to pass that control because we don't have any data one way or the other other if we are in a passing state. We are in an undetermined state and most likely in a state where we didn't properly capture the logic that would make sure we are always in a state of passing failing not reviewed or not applicable.
Most times this happens when the control is a loop and the appropriate only if or not applicable if condition was left out or in the case when you're iterating over some expected list, you're in the case when nothing was returned by that list and so you should be properly capturing whether that means the control ends up in a state of not reviewed or not applicable.
from inspec.
Remember, in the compliance world it's "fail first ask questions later. " 🧐
from inspec.
Related Issues (20)
- Inspec SSH fails to connect to server with KEX error HOT 1
- Issues connecting to remote Windows Host HOT 2
- `windows_task` is not portable on different locales
- Missing Dictionary of Valid Values for the `platform-family` and the `platform-name` `inspec.yml` Entries HOT 2
- License Check issue on 6.6.0 HOT 12
- inspec `check` on 6.6.0 having issues, v5.22.36 has no issues HOT 11
- only_applicable_if incorrectly records failures when triggered HOT 3
- inspec reports static systemd services as enabled
- Unexpected Behavior When Controls in an overlay Profile are Created as Multiple Files
- Having issue running inspec exec with packer shell-local HOT 2
- Apple M1 Clang targeting x86
- [Collection for Review] InSpec AST Parser
- I am trying to run an Inspec profile locally and running into the AWS resource pack deprecation error. HOT 2
- inspec check does not run correctly with overlays in 6.6.0
- Replication rules for s3
- inspec 5.22.36 uses wrong tests from github HOT 1
- Resource is failed due to Failed to open TCP connection to management.azure.com:443
- Incorrect usage of value instead of values in InSpec AST helper method
- uninitialized constant Parser::AST::Processor::Mixin with parser 3.3.1.0 HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from inspec.