force_ssl disable the check for SSL (#28)

micheelengronne · web-flow · commit 5b12e737fbd1 · 2020-03-12T11:07:30.000+01:00
* force_ssl disable the check for SSL

This new attribute enforce SSL tests on every listed ports. It assumes SSL is enabled on all of them and do not check if it is.

Signed-off-by: Michée Lengronne &lt;michee.lengronne@coppint.com&gt;

* rubocop formatting

Signed-off-by: Michée Lengronne &lt;michee.lengronne@coppint.com&gt;
diff --git a/controls/ssl_test.rb b/controls/ssl_test.rb
@@ -40,6 +40,12 @@
   description: 'Target hostname to check'
 )
 
+force_ssl = attribute(
+  'force_ssl',
+  default: false,
+  description: 'The profile should not check if SSL is enabled on every port and assume it is'
+)
+
 # Find all TCP ports on the system, IPv4 and IPv6
 # Eliminate duplicate ports for cleaner reporting and faster scans and sort the
 # array by port number.
@@ -56,7 +62,7 @@
 
 # Filter out ports that don't respond to any version of SSL
 sslports = tcpports.find_all do |tcpport|
-  !exclude_ports.include?(tcpport[:port]) && ssl(tcpport).enabled?
+  !exclude_ports.include?(tcpport[:port]) && (ssl(tcpport).enabled? unless force_ssl)
 end
 
 # Troubleshooting control to show InSpec version and list
