From 7ab41f7b88a6f01ca197fa38efdd8ae003feb677 Mon Sep 17 00:00:00 2001
From: Thibault Ayanides <thibault.ayanides@ovhcloud.com>
Date: Mon, 26 Oct 2020 12:52:29 +0100
Subject: [PATCH] IMP(6.2.1): add purposely failing tests

---
 .../6.2.1_remove_empty_password_field.sh      | 21 ++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/tests/hardening/6.2.1_remove_empty_password_field.sh b/tests/hardening/6.2.1_remove_empty_password_field.sh
index b333419..8dc5891 100644
--- a/tests/hardening/6.2.1_remove_empty_password_field.sh
+++ b/tests/hardening/6.2.1_remove_empty_password_field.sh
@@ -6,5 +6,24 @@ test_audit() {
     # shellcheck disable=2154
     run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
-    # TODO fill comprehensive tests
+    local test_user="testemptypassworduser"
+
+    describe Tests purposely failing
+    useradd $test_user
+    sed -i "s/$test_user:\!/$test_user:/" /etc/shadow
+    register_test retvalshouldbe 1
+    register_test contain "Some accounts have an empty password"
+    run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+    describe correcting situation
+    sed  -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
+
+    describe Checking resolved state
+    register_test retvalshouldbe 0
+    register_test contain "All accounts have a password"
+    run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+    # cleanup
+    userdel $test_user
 }