From 90ce40c3373de82d37ce72aa4fc3863ac86b634a Mon Sep 17 00:00:00 2001 From: Mikhail Date: Wed, 21 Aug 2024 23:24:35 +0300 Subject: [PATCH] Add two more checks for PATH env variable Signed-off-by: Mikhail Aseev --- controls/os_spec.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/controls/os_spec.rb b/controls/os_spec.rb index f6902ed..5f507c0 100644 --- a/controls/os_spec.rb +++ b/controls/os_spec.rb @@ -145,10 +145,12 @@ control 'os-04' do impact 1.0 title 'Dot in PATH variable' - desc 'Do not include the current working directory in PATH variable. This makes it easier for an attacker to gain extensive rights by executing a Trojan program' + desc 'Do not include the current working directory as well as its parent one in PATH variable. This makes it easier for an attacker to gain extensive rights by executing a Trojan program' describe os_env('PATH') do its('split') { should_not include('') } + its('split') { should_not include(' ') } its('split') { should_not include('.') } + its('split') { should_not include('..') } end end