fixed 154, updated 140

mitre · May 7, 2024 · bf8259b · bf8259b
1 parent f98b612
commit bf8259b
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/spec/mongo-inspec-profile/controls/SV-252140.rb b/spec/mongo-inspec-profile/controls/SV-252140.rb
@@ -67,7 +67,7 @@
 
   get_system_users = "EJSON.stringify(db.system.users.find().toArray())"
 
-  run_get_system_users = "mongosh \"mongodb://#{input('mongo_dba')}:#{input('mongo_dba_password')}@#{input('mongo_host')}:#{input('mongo_port')}/admin?authSource=#{input'mongo_auth_source'}&tls=true&tlsCAFile=#{input('ca_file')}&tlsCertificateKeyFile=#{input('certificate_key_file')}\" --quiet --eval \"#{get_system_users}\""
+  run_get_system_users = "mongosh \"mongodb://#{input('mongo_dba')}:#{input('mongo_dba_password')}@#{input('mongo_host')}:#{input('mongo_port')}/#{input'mongo_auth_source'}?authSource=#{input'mongo_auth_source'}&tls=true&tlsCAFile=#{input('ca_file')}&tlsCertificateKeyFile=#{input('certificate_key_file')}\" --quiet --eval \"#{get_system_users}\""
 
   system_users = json({command: run_get_system_users}).params
 

diff --git a/spec/mongo-inspec-profile/controls/SV-252154.rb b/spec/mongo-inspec-profile/controls/SV-252154.rb
@@ -36,15 +36,15 @@
 
   get_dbs = "EJSON.stringify(db.adminCommand('listDatabases'))"
 
-  run_get_dbs = "mongosh \"mongodb://#{input('mongo_dba')}:#{input('mongo_dba_password')}@#{input('mongo_host')}:#{input('mongo_port')}/?tls=true&tlsCAFile=#{input('ca_file')}&tlsCertificateKeyFile=#{input('certificate_key_file')}\" --quiet --eval \"#{get_dbs}\""
+  run_get_dbs = "mongosh \"mongodb://#{input('mongo_dba')}:#{input('mongo_dba_password')}@#{input('mongo_host')}:#{input('mongo_port')}/?authSource=#{input'mongo_auth_source'}&tls=true&tlsCAFile=#{input('ca_file')}&tlsCertificateKeyFile=#{input('certificate_key_file')}\" --quiet --eval \"#{get_dbs}\""
 
   dbs_output = json({command: run_get_dbs}).params
 
   # extract just the names of the databases
   db_names = dbs_output["databases"].map { |db| db["name"] }
 
   db_names.each do |db_name|
-    run_get_users = "mongosh \"mongodb://#{input('mongo_dba')}:#{input('mongo_dba_password')}@#{input('mongo_host')}:#{input('mongo_port')}/#{db_name}?tls=true&tlsCAFile=#{input('ca_file')}&tlsCertificateKeyFile=#{input('certificate_key_file')}\" --quiet --eval \"#{get_users}\""
+    run_get_users = "mongosh \"mongodb://#{input('mongo_dba')}:#{input('mongo_dba_password')}@#{input('mongo_host')}:#{input('mongo_port')}/#{db_name}?authSource=#{input'mongo_auth_source'}&tls=true&tlsCAFile=#{input('ca_file')}&tlsCertificateKeyFile=#{input('certificate_key_file')}\" --quiet --eval \"#{get_users}\""
 
     # run the command and parse the output as json
     users_output = json({command: run_get_users}).params

diff --git a/spec/mongo-inspec-profile/inspec.yml b/spec/mongo-inspec-profile/inspec.yml
@@ -70,7 +70,7 @@ inputs:
     required: true
     sensitive: true
 
-  # SV-252140, SV-252155, SV-252157, SV-252163, SV-252174
+  # SV-252140,SV-252154, SV-252155, SV-252157, SV-252163, SV-252174
   - name: mongo_auth_source
     description: "The database used to authorize users"
     type: string
@@ -174,7 +174,7 @@ inputs:
   - name: ca_file_dest
     description: "The path to the mongo CA file"
     type: string
-    value: "/etc/ssl/caToValidateClientCertificates.pem"
+    value: "/etc/ssl/CA_bundle.pem"
     required: true
 
   # SV-252142