RubyGems - inspec-core - Versions diffs - 2.1.67 - Mend

inspec-core 2.1.67

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (412) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +3136 -0
data/Gemfile +56 -0
data/LICENSE +14 -0
data/MAINTAINERS.md +33 -0
data/MAINTAINERS.toml +52 -0
data/README.md +453 -0
data/bin/inspec +12 -0
data/docs/.gitignore +2 -0
data/docs/README.md +40 -0
data/docs/dev/control-eval.md +62 -0
data/docs/dsl_inspec.md +258 -0
data/docs/dsl_resource.md +100 -0
data/docs/glossary.md +99 -0
data/docs/habitat.md +192 -0
data/docs/inspec_and_friends.md +114 -0
data/docs/matchers.md +169 -0
data/docs/migration.md +293 -0
data/docs/platforms.md +119 -0
data/docs/plugin_kitchen_inspec.md +50 -0
data/docs/profiles.md +378 -0
data/docs/reporters.md +105 -0
data/docs/resources/aide_conf.md.erb +76 -0
data/docs/resources/apache.md.erb +67 -0
data/docs/resources/apache_conf.md.erb +68 -0
data/docs/resources/apt.md.erb +71 -0
data/docs/resources/audit_policy.md.erb +47 -0
data/docs/resources/auditd.md.erb +79 -0
data/docs/resources/auditd_conf.md.erb +68 -0
data/docs/resources/bash.md.erb +75 -0
data/docs/resources/bond.md.erb +90 -0
data/docs/resources/bridge.md.erb +57 -0
data/docs/resources/bsd_service.md.erb +67 -0
data/docs/resources/chocolatey_package.md.erb +58 -0
data/docs/resources/command.md.erb +138 -0
data/docs/resources/cpan.md.erb +79 -0
data/docs/resources/cran.md.erb +64 -0
data/docs/resources/crontab.md.erb +89 -0
data/docs/resources/csv.md.erb +54 -0
data/docs/resources/dh_params.md.erb +205 -0
data/docs/resources/directory.md.erb +30 -0
data/docs/resources/docker.md.erb +219 -0
data/docs/resources/docker_container.md.erb +103 -0
data/docs/resources/docker_image.md.erb +94 -0
data/docs/resources/docker_service.md.erb +114 -0
data/docs/resources/elasticsearch.md.erb +242 -0
data/docs/resources/etc_fstab.md.erb +125 -0
data/docs/resources/etc_group.md.erb +75 -0
data/docs/resources/etc_hosts.md.erb +78 -0
data/docs/resources/etc_hosts_allow.md.erb +74 -0
data/docs/resources/etc_hosts_deny.md.erb +74 -0
data/docs/resources/file.md.erb +526 -0
data/docs/resources/filesystem.md.erb +41 -0
data/docs/resources/firewalld.md.erb +107 -0
data/docs/resources/gem.md.erb +79 -0
data/docs/resources/group.md.erb +61 -0
data/docs/resources/grub_conf.md.erb +101 -0
data/docs/resources/host.md.erb +86 -0
data/docs/resources/http.md.erb +197 -0
data/docs/resources/iis_app.md.erb +122 -0
data/docs/resources/iis_site.md.erb +135 -0
data/docs/resources/inetd_conf.md.erb +94 -0
data/docs/resources/ini.md.erb +76 -0
data/docs/resources/interface.md.erb +58 -0
data/docs/resources/iptables.md.erb +64 -0
data/docs/resources/json.md.erb +63 -0
data/docs/resources/kernel_module.md.erb +120 -0
data/docs/resources/kernel_parameter.md.erb +53 -0
data/docs/resources/key_rsa.md.erb +85 -0
data/docs/resources/launchd_service.md.erb +57 -0
data/docs/resources/limits_conf.md.erb +75 -0
data/docs/resources/login_defs.md.erb +71 -0
data/docs/resources/mount.md.erb +69 -0
data/docs/resources/mssql_session.md.erb +60 -0
data/docs/resources/mysql_conf.md.erb +99 -0
data/docs/resources/mysql_session.md.erb +74 -0
data/docs/resources/nginx.md.erb +79 -0
data/docs/resources/nginx_conf.md.erb +138 -0
data/docs/resources/npm.md.erb +60 -0
data/docs/resources/ntp_conf.md.erb +60 -0
data/docs/resources/oneget.md.erb +53 -0
data/docs/resources/oracledb_session.md.erb +52 -0
data/docs/resources/os.md.erb +141 -0
data/docs/resources/os_env.md.erb +91 -0
data/docs/resources/package.md.erb +120 -0
data/docs/resources/packages.md.erb +67 -0
data/docs/resources/parse_config.md.erb +103 -0
data/docs/resources/parse_config_file.md.erb +138 -0
data/docs/resources/passwd.md.erb +141 -0
data/docs/resources/pip.md.erb +67 -0
data/docs/resources/port.md.erb +137 -0
data/docs/resources/postgres_conf.md.erb +79 -0
data/docs/resources/postgres_hba_conf.md.erb +93 -0
data/docs/resources/postgres_ident_conf.md.erb +76 -0
data/docs/resources/postgres_session.md.erb +69 -0
data/docs/resources/powershell.md.erb +102 -0
data/docs/resources/processes.md.erb +109 -0
data/docs/resources/rabbitmq_config.md.erb +41 -0
data/docs/resources/registry_key.md.erb +158 -0
data/docs/resources/runit_service.md.erb +57 -0
data/docs/resources/security_policy.md.erb +47 -0
data/docs/resources/service.md.erb +121 -0
data/docs/resources/shadow.md.erb +146 -0
data/docs/resources/ssh_config.md.erb +73 -0
data/docs/resources/sshd_config.md.erb +83 -0
data/docs/resources/ssl.md.erb +119 -0
data/docs/resources/sys_info.md.erb +42 -0
data/docs/resources/systemd_service.md.erb +57 -0
data/docs/resources/sysv_service.md.erb +57 -0
data/docs/resources/upstart_service.md.erb +57 -0
data/docs/resources/user.md.erb +140 -0
data/docs/resources/users.md.erb +127 -0
data/docs/resources/vbscript.md.erb +55 -0
data/docs/resources/virtualization.md.erb +57 -0
data/docs/resources/windows_feature.md.erb +47 -0
data/docs/resources/windows_hotfix.md.erb +53 -0
data/docs/resources/windows_task.md.erb +95 -0
data/docs/resources/wmi.md.erb +81 -0
data/docs/resources/x509_certificate.md.erb +151 -0
data/docs/resources/xinetd_conf.md.erb +156 -0
data/docs/resources/xml.md.erb +85 -0
data/docs/resources/yaml.md.erb +69 -0
data/docs/resources/yum.md.erb +98 -0
data/docs/resources/zfs_dataset.md.erb +53 -0
data/docs/resources/zfs_pool.md.erb +47 -0
data/docs/ruby_usage.md +203 -0
data/docs/shared/matcher_be.md.erb +1 -0
data/docs/shared/matcher_cmp.md.erb +43 -0
data/docs/shared/matcher_eq.md.erb +3 -0
data/docs/shared/matcher_include.md.erb +1 -0
data/docs/shared/matcher_match.md.erb +1 -0
data/docs/shell.md +217 -0
data/examples/README.md +8 -0
data/examples/inheritance/README.md +65 -0
data/examples/inheritance/controls/example.rb +14 -0
data/examples/inheritance/inspec.yml +15 -0
data/examples/kitchen-ansible/.kitchen.yml +25 -0
data/examples/kitchen-ansible/Gemfile +19 -0
data/examples/kitchen-ansible/README.md +53 -0
data/examples/kitchen-ansible/files/nginx.repo +6 -0
data/examples/kitchen-ansible/tasks/main.yml +16 -0
data/examples/kitchen-ansible/test/integration/default/default.yml +5 -0
data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -0
data/examples/kitchen-chef/.kitchen.yml +20 -0
data/examples/kitchen-chef/Berksfile +3 -0
data/examples/kitchen-chef/Gemfile +19 -0
data/examples/kitchen-chef/README.md +27 -0
data/examples/kitchen-chef/metadata.rb +7 -0
data/examples/kitchen-chef/recipes/default.rb +6 -0
data/examples/kitchen-chef/recipes/nginx.rb +30 -0
data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -0
data/examples/kitchen-puppet/.kitchen.yml +23 -0
data/examples/kitchen-puppet/Gemfile +20 -0
data/examples/kitchen-puppet/Puppetfile +25 -0
data/examples/kitchen-puppet/README.md +53 -0
data/examples/kitchen-puppet/manifests/site.pp +33 -0
data/examples/kitchen-puppet/metadata.json +11 -0
data/examples/kitchen-puppet/modules/.gitkeep +0 -0
data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -0
data/examples/meta-profile/README.md +37 -0
data/examples/meta-profile/controls/example.rb +13 -0
data/examples/meta-profile/inspec.yml +13 -0
data/examples/profile-attribute.yml +2 -0
data/examples/profile-attribute/README.md +14 -0
data/examples/profile-attribute/controls/example.rb +11 -0
data/examples/profile-attribute/inspec.yml +8 -0
data/examples/profile-sensitive/README.md +29 -0
data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -0
data/examples/profile-sensitive/controls/sensitive.rb +9 -0
data/examples/profile-sensitive/inspec.yml +8 -0
data/examples/profile/README.md +48 -0
data/examples/profile/controls/example.rb +23 -0
data/examples/profile/controls/gordon.rb +36 -0
data/examples/profile/controls/meta.rb +34 -0
data/examples/profile/inspec.yml +10 -0
data/examples/profile/libraries/gordon_config.rb +59 -0
data/inspec-core.gemspec +43 -0
data/lib/bundles/README.md +3 -0
data/lib/bundles/inspec-artifact.rb +7 -0
data/lib/bundles/inspec-artifact/README.md +1 -0
data/lib/bundles/inspec-artifact/cli.rb +277 -0
data/lib/bundles/inspec-compliance.rb +16 -0
data/lib/bundles/inspec-compliance/.kitchen.yml +20 -0
data/lib/bundles/inspec-compliance/README.md +193 -0
data/lib/bundles/inspec-compliance/api.rb +360 -0
data/lib/bundles/inspec-compliance/api/login.rb +193 -0
data/lib/bundles/inspec-compliance/bootstrap.sh +41 -0
data/lib/bundles/inspec-compliance/cli.rb +260 -0
data/lib/bundles/inspec-compliance/configuration.rb +103 -0
data/lib/bundles/inspec-compliance/http.rb +125 -0
data/lib/bundles/inspec-compliance/images/cc-token.png +0 -0
data/lib/bundles/inspec-compliance/support.rb +36 -0
data/lib/bundles/inspec-compliance/target.rb +106 -0
data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -0
data/lib/bundles/inspec-habitat.rb +12 -0
data/lib/bundles/inspec-habitat/cli.rb +36 -0
data/lib/bundles/inspec-habitat/log.rb +10 -0
data/lib/bundles/inspec-habitat/profile.rb +391 -0
data/lib/bundles/inspec-init.rb +8 -0
data/lib/bundles/inspec-init/README.md +31 -0
data/lib/bundles/inspec-init/cli.rb +97 -0
data/lib/bundles/inspec-init/templates/profile/README.md +3 -0
data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -0
data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -0
data/lib/bundles/inspec-init/templates/profile/libraries/.gitkeep +0 -0
data/lib/bundles/inspec-supermarket.rb +13 -0
data/lib/bundles/inspec-supermarket/README.md +45 -0
data/lib/bundles/inspec-supermarket/api.rb +84 -0
data/lib/bundles/inspec-supermarket/cli.rb +73 -0
data/lib/bundles/inspec-supermarket/target.rb +34 -0
data/lib/fetchers/git.rb +163 -0
data/lib/fetchers/local.rb +74 -0
data/lib/fetchers/mock.rb +35 -0
data/lib/fetchers/url.rb +247 -0
data/lib/inspec.rb +24 -0
data/lib/inspec/archive/tar.rb +29 -0
data/lib/inspec/archive/zip.rb +19 -0
data/lib/inspec/backend.rb +93 -0
data/lib/inspec/base_cli.rb +368 -0
data/lib/inspec/cached_fetcher.rb +66 -0
data/lib/inspec/cli.rb +292 -0
data/lib/inspec/completions/bash.sh.erb +45 -0
data/lib/inspec/completions/fish.sh.erb +34 -0
data/lib/inspec/completions/zsh.sh.erb +61 -0
data/lib/inspec/control_eval_context.rb +179 -0
data/lib/inspec/dependencies/cache.rb +72 -0
data/lib/inspec/dependencies/dependency_set.rb +92 -0
data/lib/inspec/dependencies/lockfile.rb +115 -0
data/lib/inspec/dependencies/requirement.rb +123 -0
data/lib/inspec/dependencies/resolver.rb +86 -0
data/lib/inspec/describe.rb +27 -0
data/lib/inspec/dsl.rb +66 -0
data/lib/inspec/dsl_shared.rb +33 -0
data/lib/inspec/env_printer.rb +157 -0
data/lib/inspec/errors.rb +14 -0
data/lib/inspec/exceptions.rb +12 -0
data/lib/inspec/expect.rb +45 -0
data/lib/inspec/fetcher.rb +45 -0
data/lib/inspec/file_provider.rb +275 -0
data/lib/inspec/formatters.rb +3 -0
data/lib/inspec/formatters/base.rb +259 -0
data/lib/inspec/formatters/json_rspec.rb +20 -0
data/lib/inspec/formatters/show_progress.rb +12 -0
data/lib/inspec/library_eval_context.rb +58 -0
data/lib/inspec/log.rb +11 -0
data/lib/inspec/metadata.rb +247 -0
data/lib/inspec/method_source.rb +24 -0
data/lib/inspec/objects.rb +14 -0
data/lib/inspec/objects/attribute.rb +75 -0
data/lib/inspec/objects/control.rb +61 -0
data/lib/inspec/objects/describe.rb +92 -0
data/lib/inspec/objects/each_loop.rb +36 -0
data/lib/inspec/objects/list.rb +15 -0
data/lib/inspec/objects/or_test.rb +40 -0
data/lib/inspec/objects/ruby_helper.rb +15 -0
data/lib/inspec/objects/tag.rb +27 -0
data/lib/inspec/objects/test.rb +87 -0
data/lib/inspec/objects/value.rb +27 -0
data/lib/inspec/plugins.rb +60 -0
data/lib/inspec/plugins/cli.rb +24 -0
data/lib/inspec/plugins/fetcher.rb +86 -0
data/lib/inspec/plugins/resource.rb +135 -0
data/lib/inspec/plugins/secret.rb +15 -0
data/lib/inspec/plugins/source_reader.rb +40 -0
data/lib/inspec/polyfill.rb +12 -0
data/lib/inspec/profile.rb +513 -0
data/lib/inspec/profile_context.rb +208 -0
data/lib/inspec/profile_vendor.rb +66 -0
data/lib/inspec/reporters.rb +60 -0
data/lib/inspec/reporters/automate.rb +76 -0
data/lib/inspec/reporters/base.rb +25 -0
data/lib/inspec/reporters/cli.rb +356 -0
data/lib/inspec/reporters/json.rb +116 -0
data/lib/inspec/reporters/json_min.rb +48 -0
data/lib/inspec/reporters/junit.rb +78 -0
data/lib/inspec/require_loader.rb +33 -0
data/lib/inspec/resource.rb +190 -0
data/lib/inspec/rule.rb +280 -0
data/lib/inspec/runner.rb +345 -0
data/lib/inspec/runner_mock.rb +41 -0
data/lib/inspec/runner_rspec.rb +175 -0
data/lib/inspec/runtime_profile.rb +26 -0
data/lib/inspec/schema.rb +213 -0
data/lib/inspec/secrets.rb +19 -0
data/lib/inspec/secrets/yaml.rb +30 -0
data/lib/inspec/shell.rb +220 -0
data/lib/inspec/shell_detector.rb +90 -0
data/lib/inspec/source_reader.rb +29 -0
data/lib/inspec/version.rb +8 -0
data/lib/matchers/matchers.rb +339 -0
data/lib/resources/aide_conf.rb +151 -0
data/lib/resources/apache.rb +48 -0
data/lib/resources/apache_conf.rb +149 -0
data/lib/resources/apt.rb +149 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd.rb +231 -0
data/lib/resources/auditd_conf.rb +46 -0
data/lib/resources/bash.rb +35 -0
data/lib/resources/bond.rb +69 -0
data/lib/resources/bridge.rb +122 -0
data/lib/resources/chocolatey_package.rb +78 -0
data/lib/resources/command.rb +73 -0
data/lib/resources/cpan.rb +58 -0
data/lib/resources/cran.rb +64 -0
data/lib/resources/crontab.rb +169 -0
data/lib/resources/csv.rb +56 -0
data/lib/resources/dh_params.rb +77 -0
data/lib/resources/directory.rb +25 -0
data/lib/resources/docker.rb +236 -0
data/lib/resources/docker_container.rb +89 -0
data/lib/resources/docker_image.rb +83 -0
data/lib/resources/docker_object.rb +57 -0
data/lib/resources/docker_service.rb +90 -0
data/lib/resources/elasticsearch.rb +169 -0
data/lib/resources/etc_fstab.rb +94 -0
data/lib/resources/etc_group.rb +154 -0
data/lib/resources/etc_hosts.rb +66 -0
data/lib/resources/etc_hosts_allow_deny.rb +112 -0
data/lib/resources/file.rb +298 -0
data/lib/resources/filesystem.rb +31 -0
data/lib/resources/firewalld.rb +143 -0
data/lib/resources/gem.rb +70 -0
data/lib/resources/groups.rb +215 -0
data/lib/resources/grub_conf.rb +227 -0
data/lib/resources/host.rb +306 -0
data/lib/resources/http.rb +253 -0
data/lib/resources/iis_app.rb +101 -0
data/lib/resources/iis_site.rb +148 -0
data/lib/resources/inetd_conf.rb +54 -0
data/lib/resources/ini.rb +29 -0
data/lib/resources/interface.rb +129 -0
data/lib/resources/iptables.rb +80 -0
data/lib/resources/json.rb +111 -0
data/lib/resources/kernel_module.rb +107 -0
data/lib/resources/kernel_parameter.rb +58 -0
data/lib/resources/key_rsa.rb +63 -0
data/lib/resources/limits_conf.rb +46 -0
data/lib/resources/login_def.rb +57 -0
data/lib/resources/mount.rb +88 -0
data/lib/resources/mssql_session.rb +101 -0
data/lib/resources/mysql.rb +82 -0
data/lib/resources/mysql_conf.rb +127 -0
data/lib/resources/mysql_session.rb +85 -0
data/lib/resources/nginx.rb +96 -0
data/lib/resources/nginx_conf.rb +226 -0
data/lib/resources/npm.rb +48 -0
data/lib/resources/ntp_conf.rb +51 -0
data/lib/resources/oneget.rb +71 -0
data/lib/resources/oracledb_session.rb +139 -0
data/lib/resources/os.rb +36 -0
data/lib/resources/os_env.rb +86 -0
data/lib/resources/package.rb +370 -0
data/lib/resources/packages.rb +111 -0
data/lib/resources/parse_config.rb +112 -0
data/lib/resources/passwd.rb +76 -0
data/lib/resources/pip.rb +130 -0
data/lib/resources/platform.rb +109 -0
data/lib/resources/port.rb +771 -0
data/lib/resources/postgres.rb +131 -0
data/lib/resources/postgres_conf.rb +114 -0
data/lib/resources/postgres_hba_conf.rb +90 -0
data/lib/resources/postgres_ident_conf.rb +79 -0
data/lib/resources/postgres_session.rb +71 -0
data/lib/resources/powershell.rb +67 -0
data/lib/resources/processes.rb +204 -0
data/lib/resources/rabbitmq_conf.rb +51 -0
data/lib/resources/registry_key.rb +297 -0
data/lib/resources/security_policy.rb +180 -0
data/lib/resources/service.rb +794 -0
data/lib/resources/shadow.rb +159 -0
data/lib/resources/ssh_conf.rb +97 -0
data/lib/resources/ssl.rb +99 -0
data/lib/resources/sys_info.rb +28 -0
data/lib/resources/toml.rb +32 -0
data/lib/resources/users.rb +654 -0
data/lib/resources/vbscript.rb +68 -0
data/lib/resources/virtualization.rb +247 -0
data/lib/resources/windows_feature.rb +84 -0
data/lib/resources/windows_hotfix.rb +35 -0
data/lib/resources/windows_task.rb +102 -0
data/lib/resources/wmi.rb +110 -0
data/lib/resources/x509_certificate.rb +137 -0
data/lib/resources/xinetd.rb +106 -0
data/lib/resources/xml.rb +46 -0
data/lib/resources/yaml.rb +43 -0
data/lib/resources/yum.rb +180 -0
data/lib/resources/zfs_dataset.rb +60 -0
data/lib/resources/zfs_pool.rb +49 -0
data/lib/source_readers/flat.rb +39 -0
data/lib/source_readers/inspec.rb +75 -0
data/lib/utils/command_wrapper.rb +27 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/database_helpers.rb +77 -0
data/lib/utils/enumerable_delegation.rb +9 -0
data/lib/utils/erlang_parser.rb +192 -0
data/lib/utils/file_reader.rb +25 -0
data/lib/utils/filter.rb +273 -0
data/lib/utils/filter_array.rb +27 -0
data/lib/utils/find_files.rb +47 -0
data/lib/utils/hash.rb +41 -0
data/lib/utils/json_log.rb +18 -0
data/lib/utils/latest_version.rb +22 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/nginx_parser.rb +105 -0
data/lib/utils/object_traversal.rb +49 -0
data/lib/utils/parser.rb +274 -0
data/lib/utils/pkey_reader.rb +15 -0
data/lib/utils/plugin_registry.rb +93 -0
data/lib/utils/simpleconfig.rb +120 -0
data/lib/utils/spdx.rb +13 -0
data/lib/utils/spdx.txt +344 -0
metadata +713 -0

data/lib/inspec/base_cli.rb ADDED

@@ -0,0 +1,368 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+require 'thor'
+require 'inspec/log'
+require 'inspec/profile_vendor'
+module Inspec
+  class BaseCLI < Thor
+    # https://github.com/erikhuda/thor/issues/244
+    def self.exit_on_failure?
+      true
+    end
+    def self.target_options
+      option :target, aliases: :t, type: :string,
+        desc: 'Simple targeting option using URIs, e.g. ssh://user:pass@host:port'
+      option :backend, aliases: :b, type: :string,
+        desc: 'Choose a backend: local, ssh, winrm, docker.'
+      option :host, type: :string,
+        desc: 'Specify a remote host which is tested.'
+      option :port, aliases: :p, type: :numeric,
+        desc: 'Specify the login port for a remote scan.'
+      option :user, type: :string,
+        desc: 'The login user for a remote scan.'
+      option :password, type: :string, lazy_default: -1,
+        desc: 'Login password for a remote scan, if required.'
+      option :enable_password, type: :string, lazy_default: -1,
+        desc: 'Password for enable mode on Cisco IOS devices.'
+      option :key_files, aliases: :i, type: :array,
+        desc: 'Login key or certificate file for a remote scan.'
+      option :path, type: :string,
+        desc: 'Login path to use when connecting to the target (WinRM).'
+      option :sudo, type: :boolean,
+        desc: 'Run scans with sudo. Only activates on Unix and non-root user.'
+      option :sudo_password, type: :string, lazy_default: -1,
+        desc: 'Specify a sudo password, if it is required.'
+      option :sudo_options, type: :string,
+        desc: 'Additional sudo options for a remote scan.'
+      option :sudo_command, type: :string,
+        desc: 'Alternate command for sudo.'
+      option :shell, type: :boolean,
+        desc: 'Run scans in a subshell. Only activates on Unix.'
+      option :shell_options, type: :string,
+        desc: 'Additional shell options.'
+      option :shell_command, type: :string,
+        desc: 'Specify a particular shell to use.'
+      option :ssl, type: :boolean,
+        desc: 'Use SSL for transport layer encryption (WinRM).'
+      option :self_signed, type: :boolean,
+        desc: 'Allow remote scans with self-signed certificates (WinRM).'
+      option :json_config, type: :string,
+        desc: 'Read configuration from JSON file (`-` reads from stdin).'
+      option :proxy_command, type: :string,
+        desc: 'Specifies the command to use to connect to the server'
+    end
+    def self.profile_options
+      option :profiles_path, type: :string,
+        desc: 'Folder which contains referenced profiles.'
+    end
+    def self.exec_options
+      target_options
+      profile_options
+      option :controls, type: :array,
+        desc: 'A list of controls to run. Ignore all other tests.'
+      option :format, type: :string,
+        desc: '[DEPRECATED] Please use --reporter - this will be removed in InSpec 3.0'
+      option :reporter, type: :array,
+        banner: 'one two:/output/file/path',
+        desc: 'Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit'
+      option :color, type: :boolean,
+        desc: 'Use colors in output.'
+      option :attrs, type: :array,
+        desc: 'Load attributes file (experimental)'
+      option :vendor_cache, type: :string,
+        desc: 'Use the given path for caching dependencies. (default: ~/.inspec/cache)'
+      option :create_lockfile, type: :boolean,
+        desc: 'Write out a lockfile based on this execution (unless one already exists)'
+      option :backend_cache, type: :boolean,
+        desc: 'Allow caching for backend command output. (default: true)'
+      option :show_progress, type: :boolean,
+        desc: 'Show progress while executing tests.'
+    end
+    def self.default_options
+      {
+        exec: {
+          'reporter' => ['cli'],
+          'show_progress' => false,
+          'color' => true,
+          'create_lockfile' => true,
+          'backend_cache' => true,
+        },
+        shell: {
+          'reporter' => ['cli'],
+        },
+      }
+    end
+    def self.parse_reporters(opts) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+      # merge in any legacy formats as reporter
+      # this method will only be used for ad-hoc runners
+      if !opts['format'].nil? && opts['reporter'].nil?
+        warn '[DEPRECATED] The option --format is being deprecated and will be removed in inspec 3.0. Please use --reporter'
+        # see if we are using the legacy output to write to files
+        if opts['output']
+          warn '[DEPRECATED] The option \'output\' is being deprecated and will be removed in inspec 3.0. Please use --reporter name:path'
+          opts['format'] = "#{opts['format']}:#{opts['output']}"
+          opts.delete('output')
+        end
+        opts['reporter'] = Array(opts['format'])
+        opts.delete('format')
+      end
+      # default to cli report for ad-hoc runners
+      opts['reporter'] = ['cli'] if opts['reporter'].nil?
+      # parse out cli to proper report format
+      if opts['reporter'].is_a?(Array)
+        reports = {}
+        opts['reporter'].each do |report|
+          reporter_name, target = report.split(':')
+          if target.nil? || target.strip == '-'
+            reports[reporter_name] = { 'stdout' => true }
+          else
+            reports[reporter_name] = {
+              'file' => target,
+              'stdout' => false,
+            }
+          end
+        end
+        opts['reporter'] = reports
+      end
+      # add in stdout if not specified
+      if opts['reporter'].is_a?(Hash)
+        opts['reporter'].each do |reporter_name, config|
+          opts['reporter'][reporter_name] = {} if config.nil?
+          opts['reporter'][reporter_name]['stdout'] = true if opts['reporter'][reporter_name].empty?
+        end
+      end
+      validate_reporters(opts['reporter'])
+      opts
+    end
+    def self.validate_reporters(reporters)
+      return if reporters.nil?
+      valid_types = [
+        'automate',
+        'cli',
+        'documentation',
+        'html',
+        'json',
+        'json-min',
+        'json-rspec',
+        'junit',
+        'progress',
+      ]
+      reporters.each do |k, v|
+        raise NotImplementedError, "'#{k}' is not a valid reporter type." unless valid_types.include?(k)
+        next unless k == 'automate'
+        %w{token url}.each do |option|
+          raise Inspec::ReporterError, "You must specify a automate #{option} via the json-config." if v[option].nil?
+        end
+      end
+      # check to make sure we are only reporting one type to stdout
+      stdout = 0
+      reporters.each_value do |v|
+        stdout += 1 if v['stdout'] == true
+      end
+      raise ArgumentError, 'The option --reporter can only have a single report outputting to stdout.' if stdout > 1
+    end
+    def self.detect(params: {}, indent: 0, color: 39)
+      str = ''
+      params.each { |item, info|
+        data = info
+        # Format Array for better output if applicable
+        data = data.join(', ') if data.is_a?(Array)
+        # Do not output fields of data is missing ('unknown' is fine)
+        next if data.nil?
+        data = "\e[1m\e[#{color}m#{data}\e[0m"
+        str << format("#{' ' * indent}%-10s %s\n", item.to_s.capitalize + ':', data)
+      }
+      str
+    end
+    private
+    def suppress_log_output?(opts)
+      return false if opts['reporter'].nil?
+      match = %w{json json-min json-rspec junit html} & opts['reporter'].keys
+      unless match.empty?
+        match.each do |m|
+          # check to see if we are outputting to stdout
+          return true if opts['reporter'][m]['stdout'] == true
+        end
+      end
+      false
+    end
+    def diagnose(opts)
+      return unless opts['diagnose']
+      puts "InSpec version: #{Inspec::VERSION}"
+      puts "Train version: #{Train::VERSION}"
+      puts 'Command line configuration:'
+      pp options
+      puts 'JSON configuration file:'
+      pp options_json
+      puts 'Merged configuration:'
+      pp opts
+      puts
+    end
+    def opts(type = nil)
+      o = merged_opts(type)
+      # Due to limitations in Thor it is not possible to set an argument to be
+      # both optional and its value to be mandatory. E.g. the user supplying
+      # the --password argument is optional and not always required, but
+      # whenever it is used, it requires a value. Handle options that were
+      # defined above and require a value here:
+      %w{password sudo-password}.each do |v|
+        id = v.tr('-', '_').to_sym
+        next unless o[id] == -1
+        raise ArgumentError, "Please provide a value for --#{v}. For example: --#{v}=hello."
+      end
+      # check for compliance settings
+      Compliance::API.login(o['compliance']) if o['compliance']
+      o
+    end
+    def merged_opts(type = nil)
+      opts = {}
+      # start with default options if we have any
+      opts = BaseCLI.default_options[type] unless type.nil? || BaseCLI.default_options[type].nil?
+      opts['type'] = type unless type.nil?
+      # merge in any options from json-config
+      json_config = options_json
+      opts.merge!(json_config)
+      # remove the default reporter if we are setting a legacy format on the cli
+      # or via json-config
+      opts.delete('reporter') if options['format'] || json_config['format']
+      # merge in any options defined via thor
+      opts.merge!(options)
+      # parse reporter options
+      opts = BaseCLI.parse_reporters(opts) if %i(exec shell).include?(type)
+      Thor::CoreExt::HashWithIndifferentAccess.new(opts)
+    end
+    def options_json
+      conffile = options['json_config']
+      @json ||= conffile ? read_config(conffile) : {}
+    end
+    def read_config(file)
+      if file == '-'
+        puts 'WARN: reading JSON config from standard input' if STDIN.tty?
+        config = STDIN.read
+      else
+        config = File.read(file)
+      end
+      JSON.parse(config)
+    rescue JSON::ParserError => e
+      puts "Failed to load JSON configuration: #{e}\nConfig was: #{config.inspect}"
+      exit 1
+    end
+    # get the log level
+    # DEBUG < INFO < WARN < ERROR < FATAL < UNKNOWN
+    def get_log_level(level)
+      valid = %w{debug info warn error fatal}
+      if valid.include?(level)
+        l = level
+      else
+        l = 'info'
+      end
+      Logger.const_get(l.upcase)
+    end
+    def pretty_handle_exception(exception)
+      case exception
+      when Inspec::Error
+        $stderr.puts exception.message
+        exit(1)
+      else
+        raise exception
+      end
+    end
+    def vendor_deps(path, opts)
+      profile_path = path || Dir.pwd
+      profile_vendor = Inspec::ProfileVendor.new(profile_path)
+      if (profile_vendor.cache_path.exist? || profile_vendor.lockfile.exist?) && !opts[:overwrite]
+        puts 'Profile is already vendored. Use --overwrite.'
+        return false
+      end
+      profile_vendor.vendor!
+      puts "Dependencies for profile #{profile_path} successfully vendored to #{profile_vendor.cache_path}"
+    rescue StandardError => e
+      pretty_handle_exception(e)
+    end
+    def configure_logger(o)
+      #
+      # TODO(ssd): This is a big gross, but this configures the
+      # logging singleton Inspec::Log. Eventually it would be nice to
+      # move internal debug logging to use this logging singleton.
+      #
+      loc = if o.log_location
+              o.log_location
+            elsif suppress_log_output?(o)
+              STDERR
+            else
+              STDOUT
+            end
+      Inspec::Log.init(loc)
+      Inspec::Log.level = get_log_level(o.log_level)
+      o[:logger] = Logger.new(loc)
+      # output json if we have activated the json formatter
+      if o['log-format'] == 'json'
+        o[:logger].formatter = Logger::JSONFormatter.new
+      end
+      o[:logger].level = get_log_level(o.log_level)
+    end
+    def mark_text(text)
+      "\e[0;36m#{text}\e[0m"
+    end
+    def headline(title)
+      puts "\n== #{title}\n\n"
+    end
+    def li(entry)
+      puts " #{mark_text('*')} #{entry}"
+    end
+  end
+end

data/lib/inspec/cached_fetcher.rb ADDED

@@ -0,0 +1,66 @@
+# encoding: utf-8
+require 'inspec/fetcher'
+require 'forwardable'
+module Inspec
+  class CachedFetcher
+    extend Forwardable
+    attr_reader :cache, :target, :fetcher
+    def initialize(target, cache)
+      @target = target
+      @fetcher = Inspec::Fetcher.resolve(target)
+      if @fetcher.nil?
+        raise("Could not fetch inspec profile in #{target.inspect}.")
+      end
+      @cache = cache
+    end
+    def resolved_source
+      fetch
+      @fetcher.resolved_source
+    end
+    def cache_key
+      k = if target.is_a?(Hash)
+            target[:sha256] || target[:ref]
+          end
+      if k.nil?
+        fetcher.cache_key
+      else
+        k
+      end
+    end
+    def fetch
+      if cache.exists?(cache_key)
+        Inspec::Log.debug "Using cached dependency for #{target}"
+        [cache.prefered_entry_for(cache_key), false]
+      else
+        Inspec::Log.debug "Dependency does not exist in the cache #{target}"
+        fetcher.fetch(cache.base_path_for(fetcher.cache_key))
+        assert_cache_sanity!
+        [fetcher.archive_path, fetcher.writable?]
+      end
+    end
+    def assert_cache_sanity!
+      return unless target.respond_to?(:key?) && target.key?(:sha256)
+      exception_message = <<~EOF
+        The remote source #{fetcher} no longer has the requested content:
+        Request Content Hash: #{target[:sha256]}
+        Actual Content Hash: #{fetcher.resolved_source[:sha256]}
+        For URL, supermarket, compliance, and other sources that do not
+        provide versioned artifacts, this likely means that the remote source
+        has changed since your lockfile was generated.
+      EOF
+      raise exception_message if fetcher.resolved_source[:sha256] != target[:sha256]
+    end
+  end
+end

data/lib/inspec/cli.rb ADDED

@@ -0,0 +1,292 @@
+# encoding: utf-8
+# Copyright 2015 Dominik Richter
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'logger'
+require 'thor'
+require 'json'
+require 'pp'
+require 'utils/json_log'
+require 'utils/latest_version'
+require 'inspec/base_cli'
+require 'inspec/plugins'
+require 'inspec/runner_mock'
+require 'inspec/env_printer'
+require 'inspec/schema'
+class Inspec::InspecCLI < Inspec::BaseCLI
+  class_option :log_level, aliases: :l, type: :string,
+               desc: 'Set the log level: info (default), debug, warn, error'
+  class_option :log_location, type: :string,
+               desc: 'Location to send diagnostic log messages to. (default: STDOUT or STDERR)'
+  class_option :diagnose, type: :boolean,
+    desc: 'Show diagnostics (versions, configurations)'
+  desc 'json PATH', 'read all tests in PATH and generate a JSON summary'
+  option :output, aliases: :o, type: :string,
+    desc: 'Save the created profile to a path'
+  option :controls, type: :array,
+    desc: 'A list of controls to include. Ignore all other tests.'
+  profile_options
+  def json(target)
+    o = opts.dup
+    diagnose(o)
+    o[:ignore_supports] = true
+    o[:backend] = Inspec::Backend.create(target: 'mock://')
+    o[:check_mode] = true
+    profile = Inspec::Profile.for_target(target, o)
+    info = profile.info
+    # add in inspec version
+    info[:generator] = {
+      name: 'inspec',
+      version: Inspec::VERSION,
+    }
+    dst = o[:output].to_s
+    if dst.empty?
+      puts JSON.dump(info)
+    else
+      if File.exist? dst
+        puts "----> updating #{dst}"
+      else
+        puts "----> creating #{dst}"
+      end
+      fdst = File.expand_path(dst)
+      File.write(fdst, JSON.dump(info))
+    end
+  rescue StandardError => e
+    pretty_handle_exception(e)
+  end
+  desc 'check PATH', 'verify all tests at the specified PATH'
+  option :format, type: :string
+  profile_options
+  def check(path) # rubocop:disable Metrics/AbcSize
+    o = opts.dup
+    diagnose(o)
+    o[:ignore_supports] = true # we check for integrity only
+    o[:backend] = Inspec::Backend.create(target: 'mock://')
+    o[:check_mode] = true
+    # run check
+    profile = Inspec::Profile.for_target(path, o)
+    result = profile.check
+    if o['format'] == 'json'
+      puts JSON.generate(result)
+    else
+      %w{location profile controls timestamp valid}.each do |item|
+        puts format('%-12s %s', item.to_s.capitalize + ':',
+                    mark_text(result[:summary][item.to_sym]))
+      end
+      puts
+      if result[:errors].empty? and result[:warnings].empty?
+        puts 'No errors or warnings'
+      else
+        red    = "\033[31m"
+        yellow = "\033[33m"
+        rst    = "\033[0m"
+        item_msg = lambda { |item|
+          pos = [item[:file], item[:line], item[:column]].compact.join(':')
+          pos.empty? ? item[:msg] : pos + ': ' + item[:msg]
+        }
+        result[:errors].each do |item|
+          puts "#{red}  ✖  #{item_msg.call(item)}#{rst}"
+        end
+        result[:warnings].each do |item|
+          puts "#{yellow}  !  #{item_msg.call(item)}#{rst}"
+        end
+        puts
+        puts format('Summary:     %s%d errors%s, %s%d warnings%s',
+                    red, result[:errors].length, rst,
+                    yellow, result[:warnings].length, rst)
+      end
+    end
+    exit 1 unless result[:summary][:valid]
+  rescue StandardError => e
+    pretty_handle_exception(e)
+  end
+  desc 'vendor PATH', 'Download all dependencies and generate a lockfile in a `vendor` directory'
+  option :overwrite, type: :boolean, default: false,
+    desc: 'Overwrite existing vendored dependencies and lockfile.'
+  def vendor(path = nil)
+    o = opts.dup
+    vendor_deps(path, o)
+  end
+  desc 'archive PATH', 'archive a profile to tar.gz (default) or zip'
+  profile_options
+  option :output, aliases: :o, type: :string,
+    desc: 'Save the archive to a path'
+  option :zip, type: :boolean, default: false,
+    desc: 'Generates a zip archive.'
+  option :tar, type: :boolean, default: false,
+    desc: 'Generates a tar.gz archive.'
+  option :overwrite, type: :boolean, default: false,
+    desc: 'Overwrite existing archive.'
+  option :ignore_errors, type: :boolean, default: false,
+    desc: 'Ignore profile warnings.'
+  def archive(path)
+    o = opts.dup
+    diagnose(o)
+    o[:logger] = Logger.new(STDOUT)
+    o[:logger].level = get_log_level(o.log_level)
+    o[:backend] = Inspec::Backend.create(target: 'mock://')
+    profile = Inspec::Profile.for_target(path, o)
+    result = profile.check
+    if result && !o[:ignore_errors] == false
+      o[:logger].info 'Profile check failed. Please fix the profile before generating an archive.'
+      return exit 1
+    end
+    # generate archive
+    exit 1 unless profile.archive(o)
+  rescue StandardError => e
+    pretty_handle_exception(e)
+  end
+  desc 'exec PATHS', 'run all test files at the specified PATH.'
+  exec_options
+  def exec(*targets)
+    o = opts(:exec).dup
+    diagnose(o)
+    configure_logger(o)
+    runner = Inspec::Runner.new(o)
+    targets.each { |target| runner.add_target(target) }
+    exit runner.run
+  rescue ArgumentError, RuntimeError, Train::UserError => e
+    $stderr.puts e.message
+    exit 1
+  rescue StandardError => e
+    pretty_handle_exception(e)
+  end
+  desc 'detect', 'detect the target OS'
+  target_options
+  option :format, type: :string
+  def detect
+    o = opts(:detect).dup
+    o[:command] = 'platform.params'
+    (_, res) = run_command(o)
+    if o['format'] == 'json'
+      puts res.to_json
+    else
+      headline('Platform Details')
+      puts Inspec::BaseCLI.detect(params: res, indent: 0, color: 36)
+    end
+  rescue ArgumentError, RuntimeError, Train::UserError => e
+    $stderr.puts e.message
+    exit 1
+  rescue StandardError => e
+    pretty_handle_exception(e)
+  end
+  desc 'shell', 'open an interactive debugging shell'
+  target_options
+  option :command, aliases: :c,
+    desc: 'A single command string to run instead of launching the shell'
+  option :format, type: :string, default: nil, hide: true,
+    desc: '[DEPRECATED] Please use --reporter - this will be removed in InSpec 3.0'
+  option :reporter, type: :array,
+    banner: 'one two:/output/file/path',
+    desc: 'Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit'
+  option :depends, type: :array, default: [],
+    desc: 'A space-delimited list of local folders containing profiles whose libraries and resources will be loaded into the new shell'
+  def shell_func
+    o = opts(:shell).dup
+    diagnose(o)
+    o[:debug_shell] = true
+    log_device = suppress_log_output?(o) ? nil : STDOUT
+    o[:logger] = Logger.new(log_device)
+    o[:logger].level = get_log_level(o.log_level)
+    if o[:command].nil?
+      runner = Inspec::Runner.new(o)
+      return Inspec::Shell.new(runner).start
+    end
+    run_type, res = run_command(o)
+    exit res unless run_type == :ruby_eval
+    # No InSpec tests - just print evaluation output.
+    res = (res.respond_to?(:to_json) ? res.to_json : JSON.dump(res)) if o['reporter']&.keys&.include?('json')
+    puts res
+    exit 0
+  rescue RuntimeError, Train::UserError => e
+    $stderr.puts e.message
+  rescue StandardError => e
+    pretty_handle_exception(e)
+  end
+  desc 'env', 'Output shell-appropriate completion configuration'
+  def env(shell = nil)
+    p = Inspec::EnvPrinter.new(self.class, shell)
+    p.print_and_exit!
+  rescue StandardError => e
+    pretty_handle_exception(e)
+  end
+  desc 'schema NAME', 'print the JSON schema', hide: true
+  def schema(name)
+    puts Inspec::Schema.json(name)
+  rescue StandardError => e
+    puts e
+    puts "Valid schemas are #{Inspec::Schema.names.join(', ')}"
+  end
+  desc 'version', 'prints the version of this tool'
+  option :format, type: :string
+  def version
+    if opts['format'] == 'json'
+      v = { version: Inspec::VERSION }
+      puts v.to_json
+    else
+      puts Inspec::VERSION
+      # display outdated version
+      latest = LatestInSpecVersion.new.latest
+      if Gem::Version.new(Inspec::VERSION) < Gem::Version.new(latest)
+        puts "\nYour version of InSpec is out of date! The latest version is #{latest}."
+      end
+    end
+  end
+  map %w{-v --version} => :version
+  private
+  def run_command(opts)
+    runner = Inspec::Runner.new(opts)
+    res = runner.eval_with_virtual_profile(opts[:command])
+    runner.load
+    return :ruby_eval, res if runner.all_rules.empty?
+    return :rspec_run, runner.run_tests # rubocop:disable Style/RedundantReturn
+  end
+end
+# Load all plugins on startup
+ctl = Inspec::PluginCtl.new
+ctl.list.each { |x| ctl.load(x) }
+# load CLI plugins before the Inspec CLI has been started
+Inspec::Plugins::CLI.subcommands.each { |_subcommand, params|
+  Inspec::InspecCLI.register(
+    params[:klass],
+    params[:subcommand_name],
+    params[:usage],
+    params[:description],
+    params[:options],
+  )
+}