Add two more checks for PATH env variable

Signed-off-by: Mikhail Aseev <[email protected]>

Author: MikhailAseev

controls/os_spec.rb

@@ -145,10 +145,12 @@
 control 'os-04' do
   impact 1.0
   title 'Dot in PATH variable'
-  desc 'Do not include the current working directory in PATH variable. This makes it easier for an attacker to gain extensive rights by executing a Trojan program'
+  desc 'Do not include the current working directory as well as its parent one in PATH variable. This makes it easier for an attacker to gain extensive rights by executing a Trojan program'
   describe os_env('PATH') do
     its('split') { should_not include('') }
+    its('split') { should_not include(' ') }
     its('split') { should_not include('.') }
+    its('split') { should_not include('..') }
   end
 end