Windows Audit Mode Chef or ChefDK Issues

Sean Horn -

There are two issues happening right now with running audit cookbooks like the following under Windows with recent Chef and ChefDK (0.5.1+) releases

  • convert_regexp windows-specific specinfra method was eating forward slashes found in URLs and anywhere else in the patterns
  • backslashes Backslashes must be escaped for them to make it into the attempted Powershell match
  1. Change the SpecInfra convert_regexp method's substitution section to look like this in the embedded ruby under c:/opscode/chefdk or c:/opscode/chef. I'm using ChefDK 0.5.1 and found the file at C:\opscode\chefdk\embedded\lib\ruby\gems\2.1.0\gems\specinfra-2.30.2\lib\specinfra\backend\powershell\command.rb . I believe you are using v2.36.9 of SpecInfra, and it still looks the same

     def convert_regexp(target)
        case target
        when Regexp
          #target.to_s.gsub '/', ''
          target.to_s.gsub '(^\/|\/$)', ''
  2. Whenever there are literal backslashes in a token, like E:Inetpub\GLS\docdrop\", you must send that string to chef-audit like this, with three backslashes, to escape the backslash, which is a special character. E:\\\Inetpub\\\SSS\\\docdrop\\\".


The following examples work with the above patch, and not without it.

I had to add the two extra backslashes that would not otherwise be found in the patterns, and the patch above allows URLs and other patterns with forward slashes to be passed unmodified.

  1. control_group "Verify deployment" do

    control 'tokens' do
    it 'should handle dots and forward slashes and angle brackets' do
    expect(file(web_config_file)).to contain '<endpoint address="net.msmq://something.example.local/private/COMET.Enterprise.Trace.Messaging.Service/thingstoseenow.svc" binding="netMsmqBinding" bindingConfiguration="NetMsmqBinding" contract="COMET.Enterprise.Trace.Contracts.Service.ASomethingService" name="Watching"/>'

    it 'should handle lots of backslashes' do
    expect(file(web_config_file)).to contain '<add key="filebin" value="E:\\\Inetpub\\\SSS\\\docdrop\\\"/>'

    it 'should handle URLS and tags' do
    expect(file(web_config_file)).to contain '<value></value>'

The ChefDK ticket for the convert_regexp method issue can be found at

Have more questions? Submit a request


Powered by Zendesk