Use inspec.input to load the attribute (#168)

* Use inspec.input to load the attribute Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com> * valid hostkeys directly in the sshd_spec.rb Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com> * code in control Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>
dev-sec · May 20, 2020 · 3849c52 · 3849c52
1 parent bcf6a77
commit 3849c52
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 12 deletions.
diff --git a/controls/sshd_spec.rb b/controls/sshd_spec.rb
@@ -184,8 +184,12 @@
   impact 1.0
   title 'Server: Specify SSH HostKeys'
   desc 'Specify HostKey for protection against Man-In-The-Middle Attacks'
+
+  sshd_valid_hostkeys = ssh_crypto.valid_algorithms.map { |alg| "#{sshd_custom_path}/ssh_host_#{alg}_key" }
+  sshd_valid_hostkeys = sshd_valid_hostkeys[0] if sshd_valid_hostkeys.length == 1
+
   describe sshd_config(sshd_custom_path + '/sshd_config') do
-    its('HostKey') { should cmp ssh_crypto.valid_hostkeys }
+    its('HostKey') { should cmp sshd_valid_hostkeys }
   end
 end
 

diff --git a/libraries/ssh_crypto.rb b/libraries/ssh_crypto.rb
@@ -253,15 +253,4 @@ def valid_algorithms # rubocop:disable Metrics/CyclomaticComplexity
 
     alg
   end
-
-  # returns the hostkeys value based on valid_algorithms
-  def valid_hostkeys
-    hostkeys = valid_algorithms.map { |alg| "#{sshd_custom_path}/ssh_host_#{alg}_key" }
-    # its('HostKey') provides a string for a single-element value.
-    # we have to return a string if we have a single-element
-    # https://github.com/chef/inspec/issues/1434
-    return hostkeys[0] if hostkeys.length == 1
-
-    hostkeys
-  end
 end