inspec-core 2.1.67

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (412) hide show
  1. checksums.yaml +7 -0
  2. data/CHANGELOG.md +3136 -0
  3. data/Gemfile +56 -0
  4. data/LICENSE +14 -0
  5. data/MAINTAINERS.md +33 -0
  6. data/MAINTAINERS.toml +52 -0
  7. data/README.md +453 -0
  8. data/bin/inspec +12 -0
  9. data/docs/.gitignore +2 -0
  10. data/docs/README.md +40 -0
  11. data/docs/dev/control-eval.md +62 -0
  12. data/docs/dsl_inspec.md +258 -0
  13. data/docs/dsl_resource.md +100 -0
  14. data/docs/glossary.md +99 -0
  15. data/docs/habitat.md +192 -0
  16. data/docs/inspec_and_friends.md +114 -0
  17. data/docs/matchers.md +169 -0
  18. data/docs/migration.md +293 -0
  19. data/docs/platforms.md +119 -0
  20. data/docs/plugin_kitchen_inspec.md +50 -0
  21. data/docs/profiles.md +378 -0
  22. data/docs/reporters.md +105 -0
  23. data/docs/resources/aide_conf.md.erb +76 -0
  24. data/docs/resources/apache.md.erb +67 -0
  25. data/docs/resources/apache_conf.md.erb +68 -0
  26. data/docs/resources/apt.md.erb +71 -0
  27. data/docs/resources/audit_policy.md.erb +47 -0
  28. data/docs/resources/auditd.md.erb +79 -0
  29. data/docs/resources/auditd_conf.md.erb +68 -0
  30. data/docs/resources/bash.md.erb +75 -0
  31. data/docs/resources/bond.md.erb +90 -0
  32. data/docs/resources/bridge.md.erb +57 -0
  33. data/docs/resources/bsd_service.md.erb +67 -0
  34. data/docs/resources/chocolatey_package.md.erb +58 -0
  35. data/docs/resources/command.md.erb +138 -0
  36. data/docs/resources/cpan.md.erb +79 -0
  37. data/docs/resources/cran.md.erb +64 -0
  38. data/docs/resources/crontab.md.erb +89 -0
  39. data/docs/resources/csv.md.erb +54 -0
  40. data/docs/resources/dh_params.md.erb +205 -0
  41. data/docs/resources/directory.md.erb +30 -0
  42. data/docs/resources/docker.md.erb +219 -0
  43. data/docs/resources/docker_container.md.erb +103 -0
  44. data/docs/resources/docker_image.md.erb +94 -0
  45. data/docs/resources/docker_service.md.erb +114 -0
  46. data/docs/resources/elasticsearch.md.erb +242 -0
  47. data/docs/resources/etc_fstab.md.erb +125 -0
  48. data/docs/resources/etc_group.md.erb +75 -0
  49. data/docs/resources/etc_hosts.md.erb +78 -0
  50. data/docs/resources/etc_hosts_allow.md.erb +74 -0
  51. data/docs/resources/etc_hosts_deny.md.erb +74 -0
  52. data/docs/resources/file.md.erb +526 -0
  53. data/docs/resources/filesystem.md.erb +41 -0
  54. data/docs/resources/firewalld.md.erb +107 -0
  55. data/docs/resources/gem.md.erb +79 -0
  56. data/docs/resources/group.md.erb +61 -0
  57. data/docs/resources/grub_conf.md.erb +101 -0
  58. data/docs/resources/host.md.erb +86 -0
  59. data/docs/resources/http.md.erb +197 -0
  60. data/docs/resources/iis_app.md.erb +122 -0
  61. data/docs/resources/iis_site.md.erb +135 -0
  62. data/docs/resources/inetd_conf.md.erb +94 -0
  63. data/docs/resources/ini.md.erb +76 -0
  64. data/docs/resources/interface.md.erb +58 -0
  65. data/docs/resources/iptables.md.erb +64 -0
  66. data/docs/resources/json.md.erb +63 -0
  67. data/docs/resources/kernel_module.md.erb +120 -0
  68. data/docs/resources/kernel_parameter.md.erb +53 -0
  69. data/docs/resources/key_rsa.md.erb +85 -0
  70. data/docs/resources/launchd_service.md.erb +57 -0
  71. data/docs/resources/limits_conf.md.erb +75 -0
  72. data/docs/resources/login_defs.md.erb +71 -0
  73. data/docs/resources/mount.md.erb +69 -0
  74. data/docs/resources/mssql_session.md.erb +60 -0
  75. data/docs/resources/mysql_conf.md.erb +99 -0
  76. data/docs/resources/mysql_session.md.erb +74 -0
  77. data/docs/resources/nginx.md.erb +79 -0
  78. data/docs/resources/nginx_conf.md.erb +138 -0
  79. data/docs/resources/npm.md.erb +60 -0
  80. data/docs/resources/ntp_conf.md.erb +60 -0
  81. data/docs/resources/oneget.md.erb +53 -0
  82. data/docs/resources/oracledb_session.md.erb +52 -0
  83. data/docs/resources/os.md.erb +141 -0
  84. data/docs/resources/os_env.md.erb +91 -0
  85. data/docs/resources/package.md.erb +120 -0
  86. data/docs/resources/packages.md.erb +67 -0
  87. data/docs/resources/parse_config.md.erb +103 -0
  88. data/docs/resources/parse_config_file.md.erb +138 -0
  89. data/docs/resources/passwd.md.erb +141 -0
  90. data/docs/resources/pip.md.erb +67 -0
  91. data/docs/resources/port.md.erb +137 -0
  92. data/docs/resources/postgres_conf.md.erb +79 -0
  93. data/docs/resources/postgres_hba_conf.md.erb +93 -0
  94. data/docs/resources/postgres_ident_conf.md.erb +76 -0
  95. data/docs/resources/postgres_session.md.erb +69 -0
  96. data/docs/resources/powershell.md.erb +102 -0
  97. data/docs/resources/processes.md.erb +109 -0
  98. data/docs/resources/rabbitmq_config.md.erb +41 -0
  99. data/docs/resources/registry_key.md.erb +158 -0
  100. data/docs/resources/runit_service.md.erb +57 -0
  101. data/docs/resources/security_policy.md.erb +47 -0
  102. data/docs/resources/service.md.erb +121 -0
  103. data/docs/resources/shadow.md.erb +146 -0
  104. data/docs/resources/ssh_config.md.erb +73 -0
  105. data/docs/resources/sshd_config.md.erb +83 -0
  106. data/docs/resources/ssl.md.erb +119 -0
  107. data/docs/resources/sys_info.md.erb +42 -0
  108. data/docs/resources/systemd_service.md.erb +57 -0
  109. data/docs/resources/sysv_service.md.erb +57 -0
  110. data/docs/resources/upstart_service.md.erb +57 -0
  111. data/docs/resources/user.md.erb +140 -0
  112. data/docs/resources/users.md.erb +127 -0
  113. data/docs/resources/vbscript.md.erb +55 -0
  114. data/docs/resources/virtualization.md.erb +57 -0
  115. data/docs/resources/windows_feature.md.erb +47 -0
  116. data/docs/resources/windows_hotfix.md.erb +53 -0
  117. data/docs/resources/windows_task.md.erb +95 -0
  118. data/docs/resources/wmi.md.erb +81 -0
  119. data/docs/resources/x509_certificate.md.erb +151 -0
  120. data/docs/resources/xinetd_conf.md.erb +156 -0
  121. data/docs/resources/xml.md.erb +85 -0
  122. data/docs/resources/yaml.md.erb +69 -0
  123. data/docs/resources/yum.md.erb +98 -0
  124. data/docs/resources/zfs_dataset.md.erb +53 -0
  125. data/docs/resources/zfs_pool.md.erb +47 -0
  126. data/docs/ruby_usage.md +203 -0
  127. data/docs/shared/matcher_be.md.erb +1 -0
  128. data/docs/shared/matcher_cmp.md.erb +43 -0
  129. data/docs/shared/matcher_eq.md.erb +3 -0
  130. data/docs/shared/matcher_include.md.erb +1 -0
  131. data/docs/shared/matcher_match.md.erb +1 -0
  132. data/docs/shell.md +217 -0
  133. data/examples/README.md +8 -0
  134. data/examples/inheritance/README.md +65 -0
  135. data/examples/inheritance/controls/example.rb +14 -0
  136. data/examples/inheritance/inspec.yml +15 -0
  137. data/examples/kitchen-ansible/.kitchen.yml +25 -0
  138. data/examples/kitchen-ansible/Gemfile +19 -0
  139. data/examples/kitchen-ansible/README.md +53 -0
  140. data/examples/kitchen-ansible/files/nginx.repo +6 -0
  141. data/examples/kitchen-ansible/tasks/main.yml +16 -0
  142. data/examples/kitchen-ansible/test/integration/default/default.yml +5 -0
  143. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -0
  144. data/examples/kitchen-chef/.kitchen.yml +20 -0
  145. data/examples/kitchen-chef/Berksfile +3 -0
  146. data/examples/kitchen-chef/Gemfile +19 -0
  147. data/examples/kitchen-chef/README.md +27 -0
  148. data/examples/kitchen-chef/metadata.rb +7 -0
  149. data/examples/kitchen-chef/recipes/default.rb +6 -0
  150. data/examples/kitchen-chef/recipes/nginx.rb +30 -0
  151. data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -0
  152. data/examples/kitchen-puppet/.kitchen.yml +23 -0
  153. data/examples/kitchen-puppet/Gemfile +20 -0
  154. data/examples/kitchen-puppet/Puppetfile +25 -0
  155. data/examples/kitchen-puppet/README.md +53 -0
  156. data/examples/kitchen-puppet/manifests/site.pp +33 -0
  157. data/examples/kitchen-puppet/metadata.json +11 -0
  158. data/examples/kitchen-puppet/modules/.gitkeep +0 -0
  159. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -0
  160. data/examples/meta-profile/README.md +37 -0
  161. data/examples/meta-profile/controls/example.rb +13 -0
  162. data/examples/meta-profile/inspec.yml +13 -0
  163. data/examples/profile-attribute.yml +2 -0
  164. data/examples/profile-attribute/README.md +14 -0
  165. data/examples/profile-attribute/controls/example.rb +11 -0
  166. data/examples/profile-attribute/inspec.yml +8 -0
  167. data/examples/profile-sensitive/README.md +29 -0
  168. data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -0
  169. data/examples/profile-sensitive/controls/sensitive.rb +9 -0
  170. data/examples/profile-sensitive/inspec.yml +8 -0
  171. data/examples/profile/README.md +48 -0
  172. data/examples/profile/controls/example.rb +23 -0
  173. data/examples/profile/controls/gordon.rb +36 -0
  174. data/examples/profile/controls/meta.rb +34 -0
  175. data/examples/profile/inspec.yml +10 -0
  176. data/examples/profile/libraries/gordon_config.rb +59 -0
  177. data/inspec-core.gemspec +43 -0
  178. data/lib/bundles/README.md +3 -0
  179. data/lib/bundles/inspec-artifact.rb +7 -0
  180. data/lib/bundles/inspec-artifact/README.md +1 -0
  181. data/lib/bundles/inspec-artifact/cli.rb +277 -0
  182. data/lib/bundles/inspec-compliance.rb +16 -0
  183. data/lib/bundles/inspec-compliance/.kitchen.yml +20 -0
  184. data/lib/bundles/inspec-compliance/README.md +193 -0
  185. data/lib/bundles/inspec-compliance/api.rb +360 -0
  186. data/lib/bundles/inspec-compliance/api/login.rb +193 -0
  187. data/lib/bundles/inspec-compliance/bootstrap.sh +41 -0
  188. data/lib/bundles/inspec-compliance/cli.rb +260 -0
  189. data/lib/bundles/inspec-compliance/configuration.rb +103 -0
  190. data/lib/bundles/inspec-compliance/http.rb +125 -0
  191. data/lib/bundles/inspec-compliance/images/cc-token.png +0 -0
  192. data/lib/bundles/inspec-compliance/support.rb +36 -0
  193. data/lib/bundles/inspec-compliance/target.rb +106 -0
  194. data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -0
  195. data/lib/bundles/inspec-habitat.rb +12 -0
  196. data/lib/bundles/inspec-habitat/cli.rb +36 -0
  197. data/lib/bundles/inspec-habitat/log.rb +10 -0
  198. data/lib/bundles/inspec-habitat/profile.rb +391 -0
  199. data/lib/bundles/inspec-init.rb +8 -0
  200. data/lib/bundles/inspec-init/README.md +31 -0
  201. data/lib/bundles/inspec-init/cli.rb +97 -0
  202. data/lib/bundles/inspec-init/templates/profile/README.md +3 -0
  203. data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -0
  204. data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -0
  205. data/lib/bundles/inspec-init/templates/profile/libraries/.gitkeep +0 -0
  206. data/lib/bundles/inspec-supermarket.rb +13 -0
  207. data/lib/bundles/inspec-supermarket/README.md +45 -0
  208. data/lib/bundles/inspec-supermarket/api.rb +84 -0
  209. data/lib/bundles/inspec-supermarket/cli.rb +73 -0
  210. data/lib/bundles/inspec-supermarket/target.rb +34 -0
  211. data/lib/fetchers/git.rb +163 -0
  212. data/lib/fetchers/local.rb +74 -0
  213. data/lib/fetchers/mock.rb +35 -0
  214. data/lib/fetchers/url.rb +247 -0
  215. data/lib/inspec.rb +24 -0
  216. data/lib/inspec/archive/tar.rb +29 -0
  217. data/lib/inspec/archive/zip.rb +19 -0
  218. data/lib/inspec/backend.rb +93 -0
  219. data/lib/inspec/base_cli.rb +368 -0
  220. data/lib/inspec/cached_fetcher.rb +66 -0
  221. data/lib/inspec/cli.rb +292 -0
  222. data/lib/inspec/completions/bash.sh.erb +45 -0
  223. data/lib/inspec/completions/fish.sh.erb +34 -0
  224. data/lib/inspec/completions/zsh.sh.erb +61 -0
  225. data/lib/inspec/control_eval_context.rb +179 -0
  226. data/lib/inspec/dependencies/cache.rb +72 -0
  227. data/lib/inspec/dependencies/dependency_set.rb +92 -0
  228. data/lib/inspec/dependencies/lockfile.rb +115 -0
  229. data/lib/inspec/dependencies/requirement.rb +123 -0
  230. data/lib/inspec/dependencies/resolver.rb +86 -0
  231. data/lib/inspec/describe.rb +27 -0
  232. data/lib/inspec/dsl.rb +66 -0
  233. data/lib/inspec/dsl_shared.rb +33 -0
  234. data/lib/inspec/env_printer.rb +157 -0
  235. data/lib/inspec/errors.rb +14 -0
  236. data/lib/inspec/exceptions.rb +12 -0
  237. data/lib/inspec/expect.rb +45 -0
  238. data/lib/inspec/fetcher.rb +45 -0
  239. data/lib/inspec/file_provider.rb +275 -0
  240. data/lib/inspec/formatters.rb +3 -0
  241. data/lib/inspec/formatters/base.rb +259 -0
  242. data/lib/inspec/formatters/json_rspec.rb +20 -0
  243. data/lib/inspec/formatters/show_progress.rb +12 -0
  244. data/lib/inspec/library_eval_context.rb +58 -0
  245. data/lib/inspec/log.rb +11 -0
  246. data/lib/inspec/metadata.rb +247 -0
  247. data/lib/inspec/method_source.rb +24 -0
  248. data/lib/inspec/objects.rb +14 -0
  249. data/lib/inspec/objects/attribute.rb +75 -0
  250. data/lib/inspec/objects/control.rb +61 -0
  251. data/lib/inspec/objects/describe.rb +92 -0
  252. data/lib/inspec/objects/each_loop.rb +36 -0
  253. data/lib/inspec/objects/list.rb +15 -0
  254. data/lib/inspec/objects/or_test.rb +40 -0
  255. data/lib/inspec/objects/ruby_helper.rb +15 -0
  256. data/lib/inspec/objects/tag.rb +27 -0
  257. data/lib/inspec/objects/test.rb +87 -0
  258. data/lib/inspec/objects/value.rb +27 -0
  259. data/lib/inspec/plugins.rb +60 -0
  260. data/lib/inspec/plugins/cli.rb +24 -0
  261. data/lib/inspec/plugins/fetcher.rb +86 -0
  262. data/lib/inspec/plugins/resource.rb +135 -0
  263. data/lib/inspec/plugins/secret.rb +15 -0
  264. data/lib/inspec/plugins/source_reader.rb +40 -0
  265. data/lib/inspec/polyfill.rb +12 -0
  266. data/lib/inspec/profile.rb +513 -0
  267. data/lib/inspec/profile_context.rb +208 -0
  268. data/lib/inspec/profile_vendor.rb +66 -0
  269. data/lib/inspec/reporters.rb +60 -0
  270. data/lib/inspec/reporters/automate.rb +76 -0
  271. data/lib/inspec/reporters/base.rb +25 -0
  272. data/lib/inspec/reporters/cli.rb +356 -0
  273. data/lib/inspec/reporters/json.rb +116 -0
  274. data/lib/inspec/reporters/json_min.rb +48 -0
  275. data/lib/inspec/reporters/junit.rb +78 -0
  276. data/lib/inspec/require_loader.rb +33 -0
  277. data/lib/inspec/resource.rb +190 -0
  278. data/lib/inspec/rule.rb +280 -0
  279. data/lib/inspec/runner.rb +345 -0
  280. data/lib/inspec/runner_mock.rb +41 -0
  281. data/lib/inspec/runner_rspec.rb +175 -0
  282. data/lib/inspec/runtime_profile.rb +26 -0
  283. data/lib/inspec/schema.rb +213 -0
  284. data/lib/inspec/secrets.rb +19 -0
  285. data/lib/inspec/secrets/yaml.rb +30 -0
  286. data/lib/inspec/shell.rb +220 -0
  287. data/lib/inspec/shell_detector.rb +90 -0
  288. data/lib/inspec/source_reader.rb +29 -0
  289. data/lib/inspec/version.rb +8 -0
  290. data/lib/matchers/matchers.rb +339 -0
  291. data/lib/resources/aide_conf.rb +151 -0
  292. data/lib/resources/apache.rb +48 -0
  293. data/lib/resources/apache_conf.rb +149 -0
  294. data/lib/resources/apt.rb +149 -0
  295. data/lib/resources/audit_policy.rb +63 -0
  296. data/lib/resources/auditd.rb +231 -0
  297. data/lib/resources/auditd_conf.rb +46 -0
  298. data/lib/resources/bash.rb +35 -0
  299. data/lib/resources/bond.rb +69 -0
  300. data/lib/resources/bridge.rb +122 -0
  301. data/lib/resources/chocolatey_package.rb +78 -0
  302. data/lib/resources/command.rb +73 -0
  303. data/lib/resources/cpan.rb +58 -0
  304. data/lib/resources/cran.rb +64 -0
  305. data/lib/resources/crontab.rb +169 -0
  306. data/lib/resources/csv.rb +56 -0
  307. data/lib/resources/dh_params.rb +77 -0
  308. data/lib/resources/directory.rb +25 -0
  309. data/lib/resources/docker.rb +236 -0
  310. data/lib/resources/docker_container.rb +89 -0
  311. data/lib/resources/docker_image.rb +83 -0
  312. data/lib/resources/docker_object.rb +57 -0
  313. data/lib/resources/docker_service.rb +90 -0
  314. data/lib/resources/elasticsearch.rb +169 -0
  315. data/lib/resources/etc_fstab.rb +94 -0
  316. data/lib/resources/etc_group.rb +154 -0
  317. data/lib/resources/etc_hosts.rb +66 -0
  318. data/lib/resources/etc_hosts_allow_deny.rb +112 -0
  319. data/lib/resources/file.rb +298 -0
  320. data/lib/resources/filesystem.rb +31 -0
  321. data/lib/resources/firewalld.rb +143 -0
  322. data/lib/resources/gem.rb +70 -0
  323. data/lib/resources/groups.rb +215 -0
  324. data/lib/resources/grub_conf.rb +227 -0
  325. data/lib/resources/host.rb +306 -0
  326. data/lib/resources/http.rb +253 -0
  327. data/lib/resources/iis_app.rb +101 -0
  328. data/lib/resources/iis_site.rb +148 -0
  329. data/lib/resources/inetd_conf.rb +54 -0
  330. data/lib/resources/ini.rb +29 -0
  331. data/lib/resources/interface.rb +129 -0
  332. data/lib/resources/iptables.rb +80 -0
  333. data/lib/resources/json.rb +111 -0
  334. data/lib/resources/kernel_module.rb +107 -0
  335. data/lib/resources/kernel_parameter.rb +58 -0
  336. data/lib/resources/key_rsa.rb +63 -0
  337. data/lib/resources/limits_conf.rb +46 -0
  338. data/lib/resources/login_def.rb +57 -0
  339. data/lib/resources/mount.rb +88 -0
  340. data/lib/resources/mssql_session.rb +101 -0
  341. data/lib/resources/mysql.rb +82 -0
  342. data/lib/resources/mysql_conf.rb +127 -0
  343. data/lib/resources/mysql_session.rb +85 -0
  344. data/lib/resources/nginx.rb +96 -0
  345. data/lib/resources/nginx_conf.rb +226 -0
  346. data/lib/resources/npm.rb +48 -0
  347. data/lib/resources/ntp_conf.rb +51 -0
  348. data/lib/resources/oneget.rb +71 -0
  349. data/lib/resources/oracledb_session.rb +139 -0
  350. data/lib/resources/os.rb +36 -0
  351. data/lib/resources/os_env.rb +86 -0
  352. data/lib/resources/package.rb +370 -0
  353. data/lib/resources/packages.rb +111 -0
  354. data/lib/resources/parse_config.rb +112 -0
  355. data/lib/resources/passwd.rb +76 -0
  356. data/lib/resources/pip.rb +130 -0
  357. data/lib/resources/platform.rb +109 -0
  358. data/lib/resources/port.rb +771 -0
  359. data/lib/resources/postgres.rb +131 -0
  360. data/lib/resources/postgres_conf.rb +114 -0
  361. data/lib/resources/postgres_hba_conf.rb +90 -0
  362. data/lib/resources/postgres_ident_conf.rb +79 -0
  363. data/lib/resources/postgres_session.rb +71 -0
  364. data/lib/resources/powershell.rb +67 -0
  365. data/lib/resources/processes.rb +204 -0
  366. data/lib/resources/rabbitmq_conf.rb +51 -0
  367. data/lib/resources/registry_key.rb +297 -0
  368. data/lib/resources/security_policy.rb +180 -0
  369. data/lib/resources/service.rb +794 -0
  370. data/lib/resources/shadow.rb +159 -0
  371. data/lib/resources/ssh_conf.rb +97 -0
  372. data/lib/resources/ssl.rb +99 -0
  373. data/lib/resources/sys_info.rb +28 -0
  374. data/lib/resources/toml.rb +32 -0
  375. data/lib/resources/users.rb +654 -0
  376. data/lib/resources/vbscript.rb +68 -0
  377. data/lib/resources/virtualization.rb +247 -0
  378. data/lib/resources/windows_feature.rb +84 -0
  379. data/lib/resources/windows_hotfix.rb +35 -0
  380. data/lib/resources/windows_task.rb +102 -0
  381. data/lib/resources/wmi.rb +110 -0
  382. data/lib/resources/x509_certificate.rb +137 -0
  383. data/lib/resources/xinetd.rb +106 -0
  384. data/lib/resources/xml.rb +46 -0
  385. data/lib/resources/yaml.rb +43 -0
  386. data/lib/resources/yum.rb +180 -0
  387. data/lib/resources/zfs_dataset.rb +60 -0
  388. data/lib/resources/zfs_pool.rb +49 -0
  389. data/lib/source_readers/flat.rb +39 -0
  390. data/lib/source_readers/inspec.rb +75 -0
  391. data/lib/utils/command_wrapper.rb +27 -0
  392. data/lib/utils/convert.rb +12 -0
  393. data/lib/utils/database_helpers.rb +77 -0
  394. data/lib/utils/enumerable_delegation.rb +9 -0
  395. data/lib/utils/erlang_parser.rb +192 -0
  396. data/lib/utils/file_reader.rb +25 -0
  397. data/lib/utils/filter.rb +273 -0
  398. data/lib/utils/filter_array.rb +27 -0
  399. data/lib/utils/find_files.rb +47 -0
  400. data/lib/utils/hash.rb +41 -0
  401. data/lib/utils/json_log.rb +18 -0
  402. data/lib/utils/latest_version.rb +22 -0
  403. data/lib/utils/modulator.rb +12 -0
  404. data/lib/utils/nginx_parser.rb +105 -0
  405. data/lib/utils/object_traversal.rb +49 -0
  406. data/lib/utils/parser.rb +274 -0
  407. data/lib/utils/pkey_reader.rb +15 -0
  408. data/lib/utils/plugin_registry.rb +93 -0
  409. data/lib/utils/simpleconfig.rb +120 -0
  410. data/lib/utils/spdx.rb +13 -0
  411. data/lib/utils/spdx.txt +344 -0
  412. metadata +713 -0
data/lib/resources/chocolatey_package.rb ADDED
@@ -0,0 +1,78 @@
1
+ # encoding: utf-8
2
+ # frozen_string_literal: true
3
+
4
+ # Check for Chocolatey packages to be installed
5
+ module Inspec::Resources
6
+ class ChocoPkg < Inspec.resource(1)
7
+ name 'chocolatey_package'
8
+ supports platform: 'windows'
9
+ desc 'Use the chocolatey_package Inspec audit resource to test if the named package and/or package version is installed on the system.'
10
+ example <<-EOH
11
+ describe chocolatey_package('git') do
12
+ it { should be_installed }
13
+ its('version') { should eq '2.15.1' }
14
+ end
15
+ EOH
16
+
17
+ attr_reader :package_name
18
+
19
+ def initialize(package_name, _opts = {})
20
+ raise 'Chocolatey is not installed' unless inspec.command('choco').exist?
21
+ @package_name = package_name
22
+ @cache = base_data.update(generate_cache)
23
+ end
24
+
25
+ def installed?
26
+ @cache[:installed]
27
+ end
28
+
29
+ def info
30
+ @cache.dup
31
+ end
32
+
33
+ def respond_to_missing?(method_name, *)
34
+ @cache.key?(method_name) || super
35
+ end
36
+
37
+ def method_missing(method_name, *args, &block)
38
+ if @cache.key?(method_name)
39
+ @cache.fetch(method_name)
40
+ else
41
+ super
42
+ end
43
+ end
44
+
45
+ def to_s
46
+ "Chocolatey package #{package_name}"
47
+ end
48
+
49
+ private
50
+
51
+ def base_data
52
+ {
53
+ name: package_name,
54
+ version: nil,
55
+ installed: false,
56
+ type: 'chocolatey',
57
+ }
58
+ end
59
+
60
+ def generate_cache
61
+ command = <<-EOH
62
+ (choco list --local-only --exact --include-programs --limit-output '#{package_name.gsub("'", "\`'")}') -Replace "\\|", "=" | ConvertFrom-StringData | ConvertTo-JSON
63
+ EOH
64
+
65
+ cmd = inspec.powershell(command.strip)
66
+
67
+ return {} if cmd.exit_status != 0 || cmd.stdout.strip.empty?
68
+ out = JSON.parse(cmd.stdout)
69
+
70
+ return {
71
+ version: out.fetch(package_name),
72
+ installed: true,
73
+ }
74
+ rescue JSON::ParserError, KeyError
75
+ return {}
76
+ end
77
+ end
78
+ end
data/lib/resources/command.rb ADDED
@@ -0,0 +1,73 @@
1
+ # encoding: utf-8
2
+ # copyright: 2015, Vulcano Security GmbH
3
+
4
+ module Inspec::Resources
5
+ class Cmd < Inspec.resource(1)
6
+ name 'command'
7
+ supports platform: 'unix'
8
+ supports platform: 'windows'
9
+ desc 'Use the command InSpec audit resource to test an arbitrary command that is run on the system.'
10
+ example "
11
+ describe command('ls -al /') do
12
+ its('stdout') { should match /bin/ }
13
+ its('stderr') { should eq '' }
14
+ its('exit_status') { should eq 0 }
15
+ end
16
+
17
+ command('ls -al /').exist? will return false. Existence of command should be checked this way.
18
+ describe command('ls') do
19
+ it { should exist }
20
+ end
21
+ "
22
+
23
+ attr_reader :command
24
+
25
+ def initialize(cmd)
26
+ if cmd.nil?
27
+ raise 'InSpec `command` was called with `nil` as the argument. This is not supported. Please provide a valid command instead.'
28
+ end
29
+ @command = cmd
30
+ end
31
+
32
+ def result
33
+ @result ||= inspec.backend.run_command(@command)
34
+ end
35
+
36
+ def stdout
37
+ result.stdout
38
+ end
39
+
40
+ def stderr
41
+ result.stderr
42
+ end
43
+
44
+ def exit_status
45
+ result.exit_status.to_i
46
+ end
47
+
48
+ def exist? # rubocop:disable Metrics/AbcSize
49
+ # silent for mock resources
50
+ return false if inspec.os.name.nil? || inspec.os.name == 'mock'
51
+
52
+ if inspec.os.linux?
53
+ res = if inspec.platform.name == 'alpine'
54
+ inspec.backend.run_command("which \"#{@command}\"")
55
+ else
56
+ inspec.backend.run_command("bash -c 'type \"#{@command}\"'")
57
+ end
58
+ elsif inspec.os.windows?
59
+ res = inspec.backend.run_command("Get-Command \"#{@command}\"")
60
+ elsif inspec.os.unix?
61
+ res = inspec.backend.run_command("type \"#{@command}\"")
62
+ else
63
+ warn "`command(#{@command}).exist?` is not supported on your OS: #{inspec.os[:name]}"
64
+ return false
65
+ end
66
+ res.exit_status.to_i == 0
67
+ end
68
+
69
+ def to_s
70
+ "Command #{@command}"
71
+ end
72
+ end
73
+ end
data/lib/resources/cpan.rb ADDED
@@ -0,0 +1,58 @@
1
+ # encoding: utf-8
2
+
3
+ # Usage:
4
+ # describe cpan('DBD::Pg') do
5
+ # it { should be_installed }
6
+ # end
7
+ #
8
+
9
+ module Inspec::Resources
10
+ class CpanPackage < Inspec.resource(1)
11
+ name 'cpan'
12
+ supports platform: 'unix'
13
+ desc 'Use the `cpan` InSpec audit resource to test Perl modules that are installed by system packages or the CPAN installer.'
14
+ example "
15
+ describe cpan('DBD::Pg') do
16
+ it { should be_installed }
17
+ end
18
+ "
19
+
20
+ def initialize(package_name, perl_lib_path = nil)
21
+ @package_name = package_name
22
+ @perl_lib_path = perl_lib_path
23
+ @perl_cmd = 'perl'
24
+
25
+ # this resource is not supported on Windows
26
+ return skip_resource 'The `cpan` resource is not supported on your OS yet.' if inspec.os.windows?
27
+ return skip_resource 'perl not found' unless inspec.command(@perl_cmd).exist?
28
+ end
29
+
30
+ def info
31
+ return @info if defined?(@info)
32
+
33
+ @info = {}
34
+ @info[:type] = 'cpan'
35
+ @info[:name] = @package_name
36
+ # set PERL5LIB environment variable if a custom lib path is given
37
+ lib_path = @perl_lib_path.nil? ? '' : "PERL5LIB=#{@perl_lib_path} "
38
+ cmd = inspec.command("#{lib_path+@perl_cmd} -le 'eval \"require $ARGV[0]\" and print $ARGV[0]->VERSION or exit 1' #{@package_name}")
39
+ @info[:installed] = cmd.exit_status.zero?
40
+ return @info unless cmd.exit_status.zero?
41
+
42
+ @info[:version] = cmd.stdout.strip
43
+ @info
44
+ end
45
+
46
+ def installed?
47
+ info[:installed] == true
48
+ end
49
+
50
+ def version
51
+ info[:version]
52
+ end
53
+
54
+ def to_s
55
+ "Perl Module #{@package_name}"
56
+ end
57
+ end
58
+ end
data/lib/resources/cran.rb ADDED
@@ -0,0 +1,64 @@
1
+ # encoding: utf-8
2
+
3
+ # Usage:
4
+ # describe cran('DBI') do
5
+ # it { should be_installed }
6
+ # end
7
+ #
8
+
9
+ module Inspec::Resources
10
+ class CranPackage < Inspec.resource(1)
11
+ name 'cran'
12
+ supports platform: 'unix'
13
+ desc 'Use the `cran` InSpec audit resource to test R modules that are installed from CRAN package repository.'
14
+ example "
15
+ describe cran('DBI') do
16
+ it { should be_installed }
17
+ end
18
+ "
19
+
20
+ def initialize(package_name)
21
+ @package_name = package_name
22
+ @r_cmd = 'Rscript'
23
+
24
+ # this resource is not supported on Windows
25
+ return skip_resource 'The `cran` resource is not supported on your OS yet.' if inspec.os.windows?
26
+ return skip_resource 'Rscript not found' unless inspec.command(@r_cmd).exist?
27
+ end
28
+
29
+ def info
30
+ return @info if defined?(@info)
31
+
32
+ @info = {}
33
+ @info[:type] = 'cran'
34
+ @info[:name] = @package_name
35
+ cmd = inspec.command("#{@r_cmd} -e 'packageVersion(\"#{@package_name}\")'")
36
+ return @info unless cmd.exit_status.zero?
37
+
38
+ # Extract package version from Rscript output
39
+ # Output includes unicode punctuation (backticks) characters like so:
40
+ # [1] '0.5.1'
41
+ #
42
+ # So make sure command output is converted to unicode, as it returns ASCII-8BIT by default
43
+ utf8_stdout = cmd.stdout.chomp.force_encoding(Encoding::UTF_8)
44
+ params = /^\[\d+\]\s+(?:\p{Initial_Punctuation})(.+)(?:\p{Final_Punctuation})$/.match(utf8_stdout)
45
+ @info[:installed] = !params.nil?
46
+ return @info unless @info[:installed]
47
+
48
+ @info[:version] = params[1]
49
+ @info
50
+ end
51
+
52
+ def installed?
53
+ info[:installed] == true
54
+ end
55
+
56
+ def version
57
+ info[:version]
58
+ end
59
+
60
+ def to_s
61
+ "R Module #{@package_name}"
62
+ end
63
+ end
64
+ end
data/lib/resources/crontab.rb ADDED
@@ -0,0 +1,169 @@
1
+ # encoding: utf-8
2
+
3
+ require 'utils/parser'
4
+ require 'utils/filter'
5
+
6
+ module Inspec::Resources
7
+ class Crontab < Inspec.resource(1)
8
+ name 'crontab'
9
+ supports platform: 'unix'
10
+ desc 'Use the crontab InSpec audit resource to test the contents of the crontab for a given user which contains information about scheduled tasks owned by that user.'
11
+ example "
12
+ describe crontab(user: 'root') do
13
+ its('commands') { should include '/path/to/some/script' }
14
+ end
15
+
16
+ describe crontab('myuser').commands('/home/myuser/build.sh') do
17
+ its('hours') { should cmp '*' }
18
+ its('minutes') { should cmp '*' }
19
+ end
20
+
21
+ describe crontab.where({'hour' => '*', 'minute' => '*'}) do
22
+ its('entries.length') { should cmp '0' }
23
+ end
24
+
25
+ describe crontab.where { command =~ /a partial command string/ } do
26
+ its('entries.length') { should cmp 1 }
27
+ end
28
+
29
+ describe crontab(path: '/etc/cron.d/some_crontab') do
30
+ its('commands') { should include '/path/to/some/script' }
31
+ end
32
+ "
33
+
34
+ attr_reader :params
35
+
36
+ include CommentParser
37
+
38
+ def initialize(opts = nil)
39
+ if opts.respond_to?(:fetch)
40
+ Hash[opts.map { |k, v| [k.to_sym, v] }]
41
+ @user = opts.fetch(:user, nil)
42
+ @path = opts.fetch(:path, nil)
43
+ raise Inspec::Exceptions::ResourceFailed, 'A user or path must be supplied.' if @user.nil? && @path.nil?
44
+ else
45
+ @user = opts
46
+ @path = nil
47
+ end
48
+ @params = read_crontab
49
+ end
50
+
51
+ def read_crontab
52
+ ct = is_system_crontab? ? inspec.file(@path).content : inspec.command(crontab_cmd).stdout
53
+ ct.lines.map { |l| parse_crontab_line(l) }.compact
54
+ end
55
+
56
+ def parse_crontab_line(l)
57
+ data, = parse_comment_line(l, comment_char: '#', standalone_comments: false)
58
+ return nil if data.nil? || data.empty?
59
+
60
+ is_system_crontab? ? parse_system_crontab(data) : parse_user_crontab(data)
61
+ end
62
+
63
+ def crontab_cmd
64
+ @user.nil? ? 'crontab -l' : "crontab -l -u #{@user}"
65
+ end
66
+
67
+ filter = FilterTable.create
68
+ filter.add_accessor(:where)
69
+ .add_accessor(:entries)
70
+ .add(:minutes, field: 'minute')
71
+ .add(:hours, field: 'hour')
72
+ .add(:days, field: 'day')
73
+ .add(:months, field: 'month')
74
+ .add(:weekdays, field: 'weekday')
75
+ .add(:user, field: 'user')
76
+ .add(:commands, field: 'command')
77
+
78
+ # rebuild the crontab line from raw content
79
+ filter.add(:content) { |t, _|
80
+ t.entries.map do |e|
81
+ [e.minute, e.hour, e.day, e.month, e.weekday, e.user, e.command].compact.join(' ')
82
+ end.join("\n")
83
+ }
84
+
85
+ filter.connect(self, :params)
86
+
87
+ def to_s
88
+ if is_system_crontab?
89
+ "crontab for path #{@path}"
90
+ elsif is_user_crontab?
91
+ "crontab for user #{@user}"
92
+ else
93
+ 'crontab for current user'
94
+ end
95
+ end
96
+
97
+ private
98
+
99
+ def is_system_crontab?
100
+ !@path.nil?
101
+ end
102
+
103
+ def is_user_crontab?
104
+ !@user.nil?
105
+ end
106
+
107
+ def parse_system_crontab(data)
108
+ case data
109
+ when /@hourly .*/
110
+ elements = data.split(/\s+/, 3)
111
+ { 'minute' => '0', 'hour' => '*', 'day' => '*', 'month' => '*', 'weekday' => '*', 'user' => elements.at(1), 'command' => elements.at(2) }
112
+ when /@(midnight|daily) .*/
113
+ elements = data.split(/\s+/, 3)
114
+ { 'minute' => '0', 'hour' => '0', 'day' => '*', 'month' => '*', 'weekday' => '*', 'user' => elements.at(1), 'command' => elements.at(2) }
115
+ when /@weekly .*/
116
+ elements = data.split(/\s+/, 3)
117
+ { 'minute' => '0', 'hour' => '0', 'day' => '*', 'month' => '*', 'weekday' => '0', 'user' => elements.at(1), 'command' => elements.at(2) }
118
+ when /@monthly ./
119
+ elements = data.split(/\s+/, 3)
120
+ { 'minute' => '0', 'hour' => '0', 'day' => '1', 'month' => '*', 'weekday' => '*', 'user' => elements.at(1), 'command' => elements.at(2) }
121
+ when /@(annually|yearly) .*/
122
+ elements = data.split(/\s+/, 3)
123
+ { 'minute' => '0', 'hour' => '0', 'day' => '1', 'month' => '1', 'weekday' => '*', 'user' => elements.at(1), 'command' => elements.at(2) }
124
+ when /@reboot .*/
125
+ elements = data.split(/\s+/, 3)
126
+ { 'minute' => '-1', 'hour' => '-1', 'day' => '-1', 'month' => '-1', 'weekday' => '-1', 'user' => elements.at(1), 'command' => elements.at(2) }
127
+ else
128
+ elements = data.split(/\s+/, 7)
129
+ {
130
+ 'minute' => elements.at(0),
131
+ 'hour' => elements.at(1),
132
+ 'day' => elements.at(2),
133
+ 'month' => elements.at(3),
134
+ 'weekday' => elements.at(4),
135
+ 'user' => elements.at(5),
136
+ 'command' => elements.at(6),
137
+ }
138
+ end
139
+ end
140
+
141
+ def parse_user_crontab(data)
142
+ case data
143
+ when /@hourly .*/
144
+ { 'minute' => '0', 'hour' => '*', 'day' => '*', 'month' => '*', 'weekday' => '*', 'user' => @user, 'command' => data.split(/\s+/, 2).at(1) }
145
+ when /@(midnight|daily) .*/
146
+ { 'minute' => '0', 'hour' => '0', 'day' => '*', 'month' => '*', 'weekday' => '*', 'user' => @user, 'command' => data.split(/\s+/, 2).at(1) }
147
+ when /@weekly .*/
148
+ { 'minute' => '0', 'hour' => '0', 'day' => '*', 'month' => '*', 'weekday' => '0', 'user' => @user, 'command' => data.split(/\s+/, 2).at(1) }
149
+ when /@monthly ./
150
+ { 'minute' => '0', 'hour' => '0', 'day' => '1', 'month' => '*', 'weekday' => '*', 'user' => @user, 'command' => data.split(/\s+/, 2).at(1) }
151
+ when /@(annually|yearly) .*/
152
+ { 'minute' => '0', 'hour' => '0', 'day' => '1', 'month' => '1', 'weekday' => '*', 'user' => @user, 'command' => data.split(/\s+/, 2).at(1) }
153
+ when /@reboot .*/
154
+ { 'minute' => '-1', 'hour' => '-1', 'day' => '-1', 'month' => '-1', 'weekday' => '-1', 'user' => @user, 'command' => data.split(/\s+/, 2).at(1) }
155
+ else
156
+ elements = data.split(/\s+/, 6)
157
+ {
158
+ 'minute' => elements.at(0),
159
+ 'hour' => elements.at(1),
160
+ 'day' => elements.at(2),
161
+ 'month' => elements.at(3),
162
+ 'weekday' => elements.at(4),
163
+ 'user' => @user,
164
+ 'command' => elements.at(5),
165
+ }
166
+ end
167
+ end
168
+ end
169
+ end
data/lib/resources/csv.rb ADDED
@@ -0,0 +1,56 @@
1
+ # encoding: utf-8
2
+
3
+ # Parses a csv document
4
+ # This implementation was inspired by a blog post
5
+ # @see http://technicalpickles.com/posts/parsing-csv-with-ruby
6
+ module Inspec::Resources
7
+ class CsvConfig < JsonConfig
8
+ name 'csv'
9
+ desc 'Use the csv InSpec audit resource to test configuration data in a CSV file.'
10
+ example "
11
+ describe csv('example.csv') do
12
+ its('name') { should eq(['John', 'Alice']) }
13
+ end
14
+ "
15
+
16
+ # override the parse method from JsonConfig
17
+ # Assuming a header row of name,col1,col2, it will output an array of hashes like so:
18
+ # [
19
+ # { 'name' => 'row1', 'col1' => 'value1', 'col2' => 'value2' },
20
+ # { 'name' => 'row2', 'col1' => 'value3', 'col2' => 'value4' }
21
+ # ]
22
+ def parse(content)
23
+ require 'csv'
24
+
25
+ # convert empty field to nil
26
+ CSV::Converters[:blank_to_nil] = lambda do |field|
27
+ field && field.empty? ? nil : field
28
+ end
29
+
30
+ # implicit conversion of values
31
+ csv = CSV.new(content, headers: true, converters: [:all, :blank_to_nil])
32
+
33
+ # convert to hash
34
+ csv.to_a.map(&:to_hash)
35
+ rescue => e
36
+ raise Inspec::Exceptions::ResourceFailed, "Unable to parse CSV: #{e.message}"
37
+ end
38
+
39
+ # override the value method from JsonConfig
40
+ # The format of the CSV hash as created by #parse is very different
41
+ # than what the YAML, JSON, and INI resources create, so using the
42
+ # #value method from JsonConfig (which uses ObjectTraverser.extract_value)
43
+ # doesn't make sense here.
44
+ def value(key)
45
+ @params.map { |x| x[key.first.to_s] }.compact
46
+ end
47
+
48
+ private
49
+
50
+ # used by JsonConfig to build up a full to_s method
51
+ # based on whether a file path, content, or command was supplied.
52
+ def resource_base_name
53
+ 'CSV'
54
+ end
55
+ end
56
+ end