another slow control

Signed-off-by: wdower <57142072+wdower@users.noreply.github.com>
mitre · Jul 11, 2024 · f0c6338 · f0c6338
1 parent c8bb212
commit f0c6338
Showing 1 changed file with 14 additions and 6 deletions.
diff --git a/controls/SV-230319.rb b/controls/SV-230319.rb
@@ -35,14 +35,22 @@
   tag 'host'
   tag 'container'
 
-  partitions = etc_fstab.params.map { |partition| partition['mount_point'] }.uniq
 
-  cmd = "find #{partitions.join(' ')} -xdev -type d -perm -0002 -gid +999 -print"
-  failing_dirs = command(cmd).stdout.split("\n").uniq
+  if input('disable_slow_controls')
+    describe 'This control consistently takes a long to run and has been disabled using the disable_slow_controls attribute.' do
+      skip 'This control consistently takes a long to run and has been disabled using the disable_slow_controls attribute. You must enable this control for a full accredidation for production.'
+    end
+  else
+
+    partitions = etc_fstab.params.map { |partition| partition['mount_point'] }.uniq
+
+    cmd = "find #{partitions.join(' ')} -xdev -type d -perm -0002 -gid +999 -print"
+    failing_dirs = command(cmd).stdout.split("\n").uniq
 
-  describe 'Any world-writeable directories' do
-    it 'should be group-owned by system accounts' do
-      expect(failing_dirs).to be_empty, "Failing directories:\n\t- #{failing_dirs.join("\n\t- ")}"
+    describe 'Any world-writeable directories' do
+      it 'should be group-owned by system accounts' do
+        expect(failing_dirs).to be_empty, "Failing directories:\n\t- #{failing_dirs.join("\n\t- ")}"
+      end
     end
   end
 end