nxService - Crashes when configuration refers to a service that does not exist

[eehret]

Details of the scenario you tried and the problem that is occurring

I just tested nxService again after https://github.com/Azure/nxtools/issues/25 got patched and closed. Unfortunately my testing shows this still does not work properly in all situations, and crashes during consistence check. However, I suspect that I've actually discovered a new bug. It isn't exactly the same as issue #25

It appears that the nxService implementation is not correctly handling the case where the nxService configuration is referring to a service that does not exist on the target system; the 'rhnsd' service does not exist on the Ubuntu system on which I ran the compliance check. Usually that service would only exist on RHEL systems. If I try a different configuration that refers to a service that does exist on the Ubuntu system, such as 'auditd', then the error stack does not get output during the consistency check.

Verbose logs showing the problem

Error: Failed to Run Consistency for 'RHEL7-CISv311-0_0_6' Error : Index operation failed; the array index evaluated to null. InvokeDscResource() failed. errorMessage:The PowerShell DSC resource with className:nxService moduleName:nxtools moduleVersion:1.2.0 threw an exception: System.Management.Automation.RuntimeException: Index operation failed; the array index evaluated to null. at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception) at System.Management.Automation.Interpreter.ActionCallInstruction2.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0) at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(ScriptBlockClauseToInvoke clauseToInvoke, Boolean createLocalScope, Dictionary2 functionsToDefine, List1 variablesToDefine, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, Pipe outputPipe, InvocationInfo invocationInfo, Object[] args) at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean createLocalScope, Dictionary2 functionsToDefine, List1 variablesToDefine, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, Pipe outputPipe, InvocationInfo invocationInfo, Object[] args) at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean useLocalScope, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, Pipe outputPipe, InvocationInfo invocationInfo, Boolean propagateAllExceptionsToTop, List1 variablesToDefine, Dictionary2 functionsToDefine, Object[] args) at System.Management.Automation.ScriptBlock.InvokeAsMemberFunctionT[T](Object instance, Object[] args) at System.Management.Automation.Internal.ScriptBlockMemberMethodWrapper.InvokeHelperT[T](Object instance, Object sessionStateInternal, Object[] args) at CallSite.Target(Closure , CallSite , Object , Object ) at System.Dynamic.UpdateDelegates.UpdateAndExecute2[T0,T1,TRet](CallSite site, T0 arg0, T1 arg1) at System.Management.Automation.Interpreter.DynamicInstruction3.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame), while running the Get-DscResource functionality The PowerShell DSC resource with className:nxService moduleName:nxtools moduleVersion:1.2.0 threw an exception: System.Management.Automation.RuntimeException: Index operation failed; the array index evaluated to null. at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception) at System.Management.Automation.Interpreter.ActionCallInstruction2.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0) at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(ScriptBlockClauseToInvoke clauseToInvoke, Boolean createLocalScope, Dictionary2 functionsToDefine, List1 variablesToDefine, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, Pipe outputPipe, InvocationInfo invocationInfo, Object[] args) at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean createLocalScope, Dictionary2 functionsToDefine, List1 variablesToDefine, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, Pipe outputPipe, InvocationInfo invocationInfo, Object[] args) at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean useLocalScope, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, Pipe outputPipe, InvocationInfo invocationInfo, Boolean propagateAllExceptionsToTop, List1 variablesToDefine, Dictionary2 functionsToDefine, Object[] args) at System.Management.Automation.ScriptBlock.InvokeAsMemberFunctionT[T](Object instance, Object[] args) at System.Management.Automation.Internal.ScriptBlockMemberMethodWrapper.InvokeHelperT[T](Object instance, Object sessionStateInternal, Object[] args) at CallSite.Target(Closure , CallSite , Object , Object ) at System.Dynamic.UpdateDelegates.UpdateAndExecute2[T0,T1,TRet](CallSite site, T0 arg0, T1 arg1) at System.Management.Automation.Interpreter.DynamicInstruction3.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame), while running the Get-DscResource functionality

Name Path

---

RHEL7-CISv311-0_0_6 /home/azops.eric.ehret/azam/RHEL7/Packages/RHEL7-CISv311-0_0_6.zip Write-Error: Job e1f68492-6185-4c28-9d59-44e62bab7aa8 : MIResult: 1 Error Message: Index operation failed; the array index evaluated to null. Message ID: OMI:MI_Result:1 Error Category: 0 Error Code: 1 Error Type: Write-Error: Job e1f68492-6185-4c28-9d59-44e62bab7aa8 : MIResult: 1 Error Message: InvokeDscResource() failed. errorMessage:The PowerShell DSC resource with className:nxService moduleName:nxtools moduleVersion:1.2.0 threw an exception: System.Management.Automation.RuntimeException: Index operation failed; the array index evaluated to null. at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception) at System.Management.Automation.Interpreter.ActionCallInstruction2.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0) at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(ScriptBlockClauseTo Write-Error: Job e1f68492-6185-4c28-9d59-44e62bab7aa8 : MIResult: 1 Error Message: The PowerShell DSC resource with className:nxService moduleName:nxtools moduleVersion:1.2.0 threw an exception: System.Management.Automation.RuntimeException: Index operation failed; the array index evaluated to null. at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception) at System.Management.Automation.Interpreter.ActionCallInstruction2.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0) at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(ScriptBlockClauseToInvoke clauseToInvoke, Boolean createLoca @{additionalProperties=System.Object[]; assignmentName=RHEL7-CISv311-0_0_6; complianceStatus=False; endTime=09/09/2023 23:42:17; jobId=e1f68492-6185-4c28-9d59-44e62bab7aa8; operationtype=Consistency; resources=System.Object[]; startTime=09/09/2023 23:42:17}

Suggested solution to the issue

I suspect that the correct thing to do in all cases where the named service does not exist would be to return reasons indicating that the service does not exist. Less clear to me is whether this condition should always be considered 'non compliant'.
Maybe it could be argued that if the service is supposed to be disabled then non-existence might be considered compliant as well. I leave that to others to debate. But I strongly believe it should not just crash without returning some kind of compliance result.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

    nxService rhnsd_disabled
    {
        Name = "rhnsd"
        Enabled = $false
        State = "Stopped"
    }

The operating system the target node is running

Crash occurred on Ubuntu 18 system that is being used to author the configurations.

Version and build of PowerShell the target node is running

7.3.6

Version of the DSC module that was used

1.2.0

[eehret]

I just confirmed that this happens both when running a local test of the guest configuration package, as well as when invoked from a live policy that includes an affected nxService.

The failure is quite severe - NONE of the configuration items included in the configuration are able to show compliance status in Guest Assignments, the exception causes the entire thing to fail.