RubyGems - inspec-core - Versions diffs - 2.1.67 - Mend

inspec-core 2.1.67

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (412) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +3136 -0
data/Gemfile +56 -0
data/LICENSE +14 -0
data/MAINTAINERS.md +33 -0
data/MAINTAINERS.toml +52 -0
data/README.md +453 -0
data/bin/inspec +12 -0
data/docs/.gitignore +2 -0
data/docs/README.md +40 -0
data/docs/dev/control-eval.md +62 -0
data/docs/dsl_inspec.md +258 -0
data/docs/dsl_resource.md +100 -0
data/docs/glossary.md +99 -0
data/docs/habitat.md +192 -0
data/docs/inspec_and_friends.md +114 -0
data/docs/matchers.md +169 -0
data/docs/migration.md +293 -0
data/docs/platforms.md +119 -0
data/docs/plugin_kitchen_inspec.md +50 -0
data/docs/profiles.md +378 -0
data/docs/reporters.md +105 -0
data/docs/resources/aide_conf.md.erb +76 -0
data/docs/resources/apache.md.erb +67 -0
data/docs/resources/apache_conf.md.erb +68 -0
data/docs/resources/apt.md.erb +71 -0
data/docs/resources/audit_policy.md.erb +47 -0
data/docs/resources/auditd.md.erb +79 -0
data/docs/resources/auditd_conf.md.erb +68 -0
data/docs/resources/bash.md.erb +75 -0
data/docs/resources/bond.md.erb +90 -0
data/docs/resources/bridge.md.erb +57 -0
data/docs/resources/bsd_service.md.erb +67 -0
data/docs/resources/chocolatey_package.md.erb +58 -0
data/docs/resources/command.md.erb +138 -0
data/docs/resources/cpan.md.erb +79 -0
data/docs/resources/cran.md.erb +64 -0
data/docs/resources/crontab.md.erb +89 -0
data/docs/resources/csv.md.erb +54 -0
data/docs/resources/dh_params.md.erb +205 -0
data/docs/resources/directory.md.erb +30 -0
data/docs/resources/docker.md.erb +219 -0
data/docs/resources/docker_container.md.erb +103 -0
data/docs/resources/docker_image.md.erb +94 -0
data/docs/resources/docker_service.md.erb +114 -0
data/docs/resources/elasticsearch.md.erb +242 -0
data/docs/resources/etc_fstab.md.erb +125 -0
data/docs/resources/etc_group.md.erb +75 -0
data/docs/resources/etc_hosts.md.erb +78 -0
data/docs/resources/etc_hosts_allow.md.erb +74 -0
data/docs/resources/etc_hosts_deny.md.erb +74 -0
data/docs/resources/file.md.erb +526 -0
data/docs/resources/filesystem.md.erb +41 -0
data/docs/resources/firewalld.md.erb +107 -0
data/docs/resources/gem.md.erb +79 -0
data/docs/resources/group.md.erb +61 -0
data/docs/resources/grub_conf.md.erb +101 -0
data/docs/resources/host.md.erb +86 -0
data/docs/resources/http.md.erb +197 -0
data/docs/resources/iis_app.md.erb +122 -0
data/docs/resources/iis_site.md.erb +135 -0
data/docs/resources/inetd_conf.md.erb +94 -0
data/docs/resources/ini.md.erb +76 -0
data/docs/resources/interface.md.erb +58 -0
data/docs/resources/iptables.md.erb +64 -0
data/docs/resources/json.md.erb +63 -0
data/docs/resources/kernel_module.md.erb +120 -0
data/docs/resources/kernel_parameter.md.erb +53 -0
data/docs/resources/key_rsa.md.erb +85 -0
data/docs/resources/launchd_service.md.erb +57 -0
data/docs/resources/limits_conf.md.erb +75 -0
data/docs/resources/login_defs.md.erb +71 -0
data/docs/resources/mount.md.erb +69 -0
data/docs/resources/mssql_session.md.erb +60 -0
data/docs/resources/mysql_conf.md.erb +99 -0
data/docs/resources/mysql_session.md.erb +74 -0
data/docs/resources/nginx.md.erb +79 -0
data/docs/resources/nginx_conf.md.erb +138 -0
data/docs/resources/npm.md.erb +60 -0
data/docs/resources/ntp_conf.md.erb +60 -0
data/docs/resources/oneget.md.erb +53 -0
data/docs/resources/oracledb_session.md.erb +52 -0
data/docs/resources/os.md.erb +141 -0
data/docs/resources/os_env.md.erb +91 -0
data/docs/resources/package.md.erb +120 -0
data/docs/resources/packages.md.erb +67 -0
data/docs/resources/parse_config.md.erb +103 -0
data/docs/resources/parse_config_file.md.erb +138 -0
data/docs/resources/passwd.md.erb +141 -0
data/docs/resources/pip.md.erb +67 -0
data/docs/resources/port.md.erb +137 -0
data/docs/resources/postgres_conf.md.erb +79 -0
data/docs/resources/postgres_hba_conf.md.erb +93 -0
data/docs/resources/postgres_ident_conf.md.erb +76 -0
data/docs/resources/postgres_session.md.erb +69 -0
data/docs/resources/powershell.md.erb +102 -0
data/docs/resources/processes.md.erb +109 -0
data/docs/resources/rabbitmq_config.md.erb +41 -0
data/docs/resources/registry_key.md.erb +158 -0
data/docs/resources/runit_service.md.erb +57 -0
data/docs/resources/security_policy.md.erb +47 -0
data/docs/resources/service.md.erb +121 -0
data/docs/resources/shadow.md.erb +146 -0
data/docs/resources/ssh_config.md.erb +73 -0
data/docs/resources/sshd_config.md.erb +83 -0
data/docs/resources/ssl.md.erb +119 -0
data/docs/resources/sys_info.md.erb +42 -0
data/docs/resources/systemd_service.md.erb +57 -0
data/docs/resources/sysv_service.md.erb +57 -0
data/docs/resources/upstart_service.md.erb +57 -0
data/docs/resources/user.md.erb +140 -0
data/docs/resources/users.md.erb +127 -0
data/docs/resources/vbscript.md.erb +55 -0
data/docs/resources/virtualization.md.erb +57 -0
data/docs/resources/windows_feature.md.erb +47 -0
data/docs/resources/windows_hotfix.md.erb +53 -0
data/docs/resources/windows_task.md.erb +95 -0
data/docs/resources/wmi.md.erb +81 -0
data/docs/resources/x509_certificate.md.erb +151 -0
data/docs/resources/xinetd_conf.md.erb +156 -0
data/docs/resources/xml.md.erb +85 -0
data/docs/resources/yaml.md.erb +69 -0
data/docs/resources/yum.md.erb +98 -0
data/docs/resources/zfs_dataset.md.erb +53 -0
data/docs/resources/zfs_pool.md.erb +47 -0
data/docs/ruby_usage.md +203 -0
data/docs/shared/matcher_be.md.erb +1 -0
data/docs/shared/matcher_cmp.md.erb +43 -0
data/docs/shared/matcher_eq.md.erb +3 -0
data/docs/shared/matcher_include.md.erb +1 -0
data/docs/shared/matcher_match.md.erb +1 -0
data/docs/shell.md +217 -0
data/examples/README.md +8 -0
data/examples/inheritance/README.md +65 -0
data/examples/inheritance/controls/example.rb +14 -0
data/examples/inheritance/inspec.yml +15 -0
data/examples/kitchen-ansible/.kitchen.yml +25 -0
data/examples/kitchen-ansible/Gemfile +19 -0
data/examples/kitchen-ansible/README.md +53 -0
data/examples/kitchen-ansible/files/nginx.repo +6 -0
data/examples/kitchen-ansible/tasks/main.yml +16 -0
data/examples/kitchen-ansible/test/integration/default/default.yml +5 -0
data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -0
data/examples/kitchen-chef/.kitchen.yml +20 -0
data/examples/kitchen-chef/Berksfile +3 -0
data/examples/kitchen-chef/Gemfile +19 -0
data/examples/kitchen-chef/README.md +27 -0
data/examples/kitchen-chef/metadata.rb +7 -0
data/examples/kitchen-chef/recipes/default.rb +6 -0
data/examples/kitchen-chef/recipes/nginx.rb +30 -0
data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -0
data/examples/kitchen-puppet/.kitchen.yml +23 -0
data/examples/kitchen-puppet/Gemfile +20 -0
data/examples/kitchen-puppet/Puppetfile +25 -0
data/examples/kitchen-puppet/README.md +53 -0
data/examples/kitchen-puppet/manifests/site.pp +33 -0
data/examples/kitchen-puppet/metadata.json +11 -0
data/examples/kitchen-puppet/modules/.gitkeep +0 -0
data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -0
data/examples/meta-profile/README.md +37 -0
data/examples/meta-profile/controls/example.rb +13 -0
data/examples/meta-profile/inspec.yml +13 -0
data/examples/profile-attribute.yml +2 -0
data/examples/profile-attribute/README.md +14 -0
data/examples/profile-attribute/controls/example.rb +11 -0
data/examples/profile-attribute/inspec.yml +8 -0
data/examples/profile-sensitive/README.md +29 -0
data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -0
data/examples/profile-sensitive/controls/sensitive.rb +9 -0
data/examples/profile-sensitive/inspec.yml +8 -0
data/examples/profile/README.md +48 -0
data/examples/profile/controls/example.rb +23 -0
data/examples/profile/controls/gordon.rb +36 -0
data/examples/profile/controls/meta.rb +34 -0
data/examples/profile/inspec.yml +10 -0
data/examples/profile/libraries/gordon_config.rb +59 -0
data/inspec-core.gemspec +43 -0
data/lib/bundles/README.md +3 -0
data/lib/bundles/inspec-artifact.rb +7 -0
data/lib/bundles/inspec-artifact/README.md +1 -0
data/lib/bundles/inspec-artifact/cli.rb +277 -0
data/lib/bundles/inspec-compliance.rb +16 -0
data/lib/bundles/inspec-compliance/.kitchen.yml +20 -0
data/lib/bundles/inspec-compliance/README.md +193 -0
data/lib/bundles/inspec-compliance/api.rb +360 -0
data/lib/bundles/inspec-compliance/api/login.rb +193 -0
data/lib/bundles/inspec-compliance/bootstrap.sh +41 -0
data/lib/bundles/inspec-compliance/cli.rb +260 -0
data/lib/bundles/inspec-compliance/configuration.rb +103 -0
data/lib/bundles/inspec-compliance/http.rb +125 -0
data/lib/bundles/inspec-compliance/images/cc-token.png +0 -0
data/lib/bundles/inspec-compliance/support.rb +36 -0
data/lib/bundles/inspec-compliance/target.rb +106 -0
data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -0
data/lib/bundles/inspec-habitat.rb +12 -0
data/lib/bundles/inspec-habitat/cli.rb +36 -0
data/lib/bundles/inspec-habitat/log.rb +10 -0
data/lib/bundles/inspec-habitat/profile.rb +391 -0
data/lib/bundles/inspec-init.rb +8 -0
data/lib/bundles/inspec-init/README.md +31 -0
data/lib/bundles/inspec-init/cli.rb +97 -0
data/lib/bundles/inspec-init/templates/profile/README.md +3 -0
data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -0
data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -0
data/lib/bundles/inspec-init/templates/profile/libraries/.gitkeep +0 -0
data/lib/bundles/inspec-supermarket.rb +13 -0
data/lib/bundles/inspec-supermarket/README.md +45 -0
data/lib/bundles/inspec-supermarket/api.rb +84 -0
data/lib/bundles/inspec-supermarket/cli.rb +73 -0
data/lib/bundles/inspec-supermarket/target.rb +34 -0
data/lib/fetchers/git.rb +163 -0
data/lib/fetchers/local.rb +74 -0
data/lib/fetchers/mock.rb +35 -0
data/lib/fetchers/url.rb +247 -0
data/lib/inspec.rb +24 -0
data/lib/inspec/archive/tar.rb +29 -0
data/lib/inspec/archive/zip.rb +19 -0
data/lib/inspec/backend.rb +93 -0
data/lib/inspec/base_cli.rb +368 -0
data/lib/inspec/cached_fetcher.rb +66 -0
data/lib/inspec/cli.rb +292 -0
data/lib/inspec/completions/bash.sh.erb +45 -0
data/lib/inspec/completions/fish.sh.erb +34 -0
data/lib/inspec/completions/zsh.sh.erb +61 -0
data/lib/inspec/control_eval_context.rb +179 -0
data/lib/inspec/dependencies/cache.rb +72 -0
data/lib/inspec/dependencies/dependency_set.rb +92 -0
data/lib/inspec/dependencies/lockfile.rb +115 -0
data/lib/inspec/dependencies/requirement.rb +123 -0
data/lib/inspec/dependencies/resolver.rb +86 -0
data/lib/inspec/describe.rb +27 -0
data/lib/inspec/dsl.rb +66 -0
data/lib/inspec/dsl_shared.rb +33 -0
data/lib/inspec/env_printer.rb +157 -0
data/lib/inspec/errors.rb +14 -0
data/lib/inspec/exceptions.rb +12 -0
data/lib/inspec/expect.rb +45 -0
data/lib/inspec/fetcher.rb +45 -0
data/lib/inspec/file_provider.rb +275 -0
data/lib/inspec/formatters.rb +3 -0
data/lib/inspec/formatters/base.rb +259 -0
data/lib/inspec/formatters/json_rspec.rb +20 -0
data/lib/inspec/formatters/show_progress.rb +12 -0
data/lib/inspec/library_eval_context.rb +58 -0
data/lib/inspec/log.rb +11 -0
data/lib/inspec/metadata.rb +247 -0
data/lib/inspec/method_source.rb +24 -0
data/lib/inspec/objects.rb +14 -0
data/lib/inspec/objects/attribute.rb +75 -0
data/lib/inspec/objects/control.rb +61 -0
data/lib/inspec/objects/describe.rb +92 -0
data/lib/inspec/objects/each_loop.rb +36 -0
data/lib/inspec/objects/list.rb +15 -0
data/lib/inspec/objects/or_test.rb +40 -0
data/lib/inspec/objects/ruby_helper.rb +15 -0
data/lib/inspec/objects/tag.rb +27 -0
data/lib/inspec/objects/test.rb +87 -0
data/lib/inspec/objects/value.rb +27 -0
data/lib/inspec/plugins.rb +60 -0
data/lib/inspec/plugins/cli.rb +24 -0
data/lib/inspec/plugins/fetcher.rb +86 -0
data/lib/inspec/plugins/resource.rb +135 -0
data/lib/inspec/plugins/secret.rb +15 -0
data/lib/inspec/plugins/source_reader.rb +40 -0
data/lib/inspec/polyfill.rb +12 -0
data/lib/inspec/profile.rb +513 -0
data/lib/inspec/profile_context.rb +208 -0
data/lib/inspec/profile_vendor.rb +66 -0
data/lib/inspec/reporters.rb +60 -0
data/lib/inspec/reporters/automate.rb +76 -0
data/lib/inspec/reporters/base.rb +25 -0
data/lib/inspec/reporters/cli.rb +356 -0
data/lib/inspec/reporters/json.rb +116 -0
data/lib/inspec/reporters/json_min.rb +48 -0
data/lib/inspec/reporters/junit.rb +78 -0
data/lib/inspec/require_loader.rb +33 -0
data/lib/inspec/resource.rb +190 -0
data/lib/inspec/rule.rb +280 -0
data/lib/inspec/runner.rb +345 -0
data/lib/inspec/runner_mock.rb +41 -0
data/lib/inspec/runner_rspec.rb +175 -0
data/lib/inspec/runtime_profile.rb +26 -0
data/lib/inspec/schema.rb +213 -0
data/lib/inspec/secrets.rb +19 -0
data/lib/inspec/secrets/yaml.rb +30 -0
data/lib/inspec/shell.rb +220 -0
data/lib/inspec/shell_detector.rb +90 -0
data/lib/inspec/source_reader.rb +29 -0
data/lib/inspec/version.rb +8 -0
data/lib/matchers/matchers.rb +339 -0
data/lib/resources/aide_conf.rb +151 -0
data/lib/resources/apache.rb +48 -0
data/lib/resources/apache_conf.rb +149 -0
data/lib/resources/apt.rb +149 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd.rb +231 -0
data/lib/resources/auditd_conf.rb +46 -0
data/lib/resources/bash.rb +35 -0
data/lib/resources/bond.rb +69 -0
data/lib/resources/bridge.rb +122 -0
data/lib/resources/chocolatey_package.rb +78 -0
data/lib/resources/command.rb +73 -0
data/lib/resources/cpan.rb +58 -0
data/lib/resources/cran.rb +64 -0
data/lib/resources/crontab.rb +169 -0
data/lib/resources/csv.rb +56 -0
data/lib/resources/dh_params.rb +77 -0
data/lib/resources/directory.rb +25 -0
data/lib/resources/docker.rb +236 -0
data/lib/resources/docker_container.rb +89 -0
data/lib/resources/docker_image.rb +83 -0
data/lib/resources/docker_object.rb +57 -0
data/lib/resources/docker_service.rb +90 -0
data/lib/resources/elasticsearch.rb +169 -0
data/lib/resources/etc_fstab.rb +94 -0
data/lib/resources/etc_group.rb +154 -0
data/lib/resources/etc_hosts.rb +66 -0
data/lib/resources/etc_hosts_allow_deny.rb +112 -0
data/lib/resources/file.rb +298 -0
data/lib/resources/filesystem.rb +31 -0
data/lib/resources/firewalld.rb +143 -0
data/lib/resources/gem.rb +70 -0
data/lib/resources/groups.rb +215 -0
data/lib/resources/grub_conf.rb +227 -0
data/lib/resources/host.rb +306 -0
data/lib/resources/http.rb +253 -0
data/lib/resources/iis_app.rb +101 -0
data/lib/resources/iis_site.rb +148 -0
data/lib/resources/inetd_conf.rb +54 -0
data/lib/resources/ini.rb +29 -0
data/lib/resources/interface.rb +129 -0
data/lib/resources/iptables.rb +80 -0
data/lib/resources/json.rb +111 -0
data/lib/resources/kernel_module.rb +107 -0
data/lib/resources/kernel_parameter.rb +58 -0
data/lib/resources/key_rsa.rb +63 -0
data/lib/resources/limits_conf.rb +46 -0
data/lib/resources/login_def.rb +57 -0
data/lib/resources/mount.rb +88 -0
data/lib/resources/mssql_session.rb +101 -0
data/lib/resources/mysql.rb +82 -0
data/lib/resources/mysql_conf.rb +127 -0
data/lib/resources/mysql_session.rb +85 -0
data/lib/resources/nginx.rb +96 -0
data/lib/resources/nginx_conf.rb +226 -0
data/lib/resources/npm.rb +48 -0
data/lib/resources/ntp_conf.rb +51 -0
data/lib/resources/oneget.rb +71 -0
data/lib/resources/oracledb_session.rb +139 -0
data/lib/resources/os.rb +36 -0
data/lib/resources/os_env.rb +86 -0
data/lib/resources/package.rb +370 -0
data/lib/resources/packages.rb +111 -0
data/lib/resources/parse_config.rb +112 -0
data/lib/resources/passwd.rb +76 -0
data/lib/resources/pip.rb +130 -0
data/lib/resources/platform.rb +109 -0
data/lib/resources/port.rb +771 -0
data/lib/resources/postgres.rb +131 -0
data/lib/resources/postgres_conf.rb +114 -0
data/lib/resources/postgres_hba_conf.rb +90 -0
data/lib/resources/postgres_ident_conf.rb +79 -0
data/lib/resources/postgres_session.rb +71 -0
data/lib/resources/powershell.rb +67 -0
data/lib/resources/processes.rb +204 -0
data/lib/resources/rabbitmq_conf.rb +51 -0
data/lib/resources/registry_key.rb +297 -0
data/lib/resources/security_policy.rb +180 -0
data/lib/resources/service.rb +794 -0
data/lib/resources/shadow.rb +159 -0
data/lib/resources/ssh_conf.rb +97 -0
data/lib/resources/ssl.rb +99 -0
data/lib/resources/sys_info.rb +28 -0
data/lib/resources/toml.rb +32 -0
data/lib/resources/users.rb +654 -0
data/lib/resources/vbscript.rb +68 -0
data/lib/resources/virtualization.rb +247 -0
data/lib/resources/windows_feature.rb +84 -0
data/lib/resources/windows_hotfix.rb +35 -0
data/lib/resources/windows_task.rb +102 -0
data/lib/resources/wmi.rb +110 -0
data/lib/resources/x509_certificate.rb +137 -0
data/lib/resources/xinetd.rb +106 -0
data/lib/resources/xml.rb +46 -0
data/lib/resources/yaml.rb +43 -0
data/lib/resources/yum.rb +180 -0
data/lib/resources/zfs_dataset.rb +60 -0
data/lib/resources/zfs_pool.rb +49 -0
data/lib/source_readers/flat.rb +39 -0
data/lib/source_readers/inspec.rb +75 -0
data/lib/utils/command_wrapper.rb +27 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/database_helpers.rb +77 -0
data/lib/utils/enumerable_delegation.rb +9 -0
data/lib/utils/erlang_parser.rb +192 -0
data/lib/utils/file_reader.rb +25 -0
data/lib/utils/filter.rb +273 -0
data/lib/utils/filter_array.rb +27 -0
data/lib/utils/find_files.rb +47 -0
data/lib/utils/hash.rb +41 -0
data/lib/utils/json_log.rb +18 -0
data/lib/utils/latest_version.rb +22 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/nginx_parser.rb +105 -0
data/lib/utils/object_traversal.rb +49 -0
data/lib/utils/parser.rb +274 -0
data/lib/utils/pkey_reader.rb +15 -0
data/lib/utils/plugin_registry.rb +93 -0
data/lib/utils/simpleconfig.rb +120 -0
data/lib/utils/spdx.rb +13 -0
data/lib/utils/spdx.txt +344 -0
metadata +713 -0

data/lib/resources/etc_hosts.rb ADDED

@@ -0,0 +1,66 @@
+# encoding: utf-8
+require 'utils/parser'
+require 'utils/file_reader'
+class EtcHosts < Inspec.resource(1)
+  name 'etc_hosts'
+  supports platform: 'linux'
+  supports platform: 'bsd'
+  supports platform: 'windows'
+  desc 'Use the etc_hosts InSpec audit resource to find an
+    ip_address and its associated hosts'
+  example "
+    describe etc_hosts.where { ip_address == '127.0.0.1' } do
+      its('ip_address') { should cmp '127.0.0.1' }
+      its('primary_name') { should cmp 'localhost' }
+      its('all_host_names') { should eq [['localhost', 'localhost.localdomain', 'localhost4', 'localhost4.localdomain4']] }
+    end
+  "
+  attr_reader :params
+  include CommentParser
+  include FileReader
+  DEFAULT_UNIX_PATH    = '/etc/hosts'.freeze
+  DEFAULT_WINDOWS_PATH = 'C:\windows\system32\drivers\etc\hosts'.freeze
+  def initialize(hosts_path = nil)
+    content = read_file_content(hosts_path || default_hosts_file_path)
+    @params = parse_conf(content.lines)
+  end
+  FilterTable.create
+             .add_accessor(:where)
+             .add_accessor(:entries)
+             .add(:ip_address,     field: 'ip_address')
+             .add(:primary_name,   field: 'primary_name')
+             .add(:all_host_names, field: 'all_host_names')
+             .connect(self, :params)
+  private
+  def default_hosts_file_path
+    inspec.os.windows? ? DEFAULT_WINDOWS_PATH : DEFAULT_UNIX_PATH
+  end
+  def parse_conf(lines)
+    lines.reject(&:empty?).reject(&comment?).map(&parse_data).map(&format_data)
+  end
+  def comment?
+    parse_options = { comment_char: '#', standalone_comments: false }
+    ->(data) { parse_comment_line(data, parse_options).first.empty? }
+  end
+  def parse_data
+    ->(data) { [data.split[0], data.split[1], data.split[1..-1]] }
+  end
+  def format_data
+    ->(data) { %w{ip_address primary_name all_host_names}.zip(data).to_h }
+  end
+end

data/lib/resources/etc_hosts_allow_deny.rb ADDED

@@ -0,0 +1,112 @@
+# encoding: utf-8
+require 'utils/parser'
+require 'utils/file_reader'
+module Inspec::Resources
+  class EtcHostsAllow < Inspec.resource(1)
+    name 'etc_hosts_allow'
+    supports platform: 'unix'
+    desc 'Use the etc_hosts_allow InSpec audit resource to test the connections
+          the client will allow. Controlled by the /etc/hosts.allow file.'
+    example "
+      describe etc_hosts_allow.where { daemon == 'ALL' } do
+        its('client_list') { should include ['127.0.0.1', '[::1]'] }
+        its('options') { should eq [[]] }
+      end
+    "
+    attr_reader :params
+    include CommentParser
+    include FileReader
+    def initialize(hosts_allow_path = nil)
+      @conf_path      = hosts_allow_path || '/etc/hosts.allow'
+      @content        = nil
+      @params         = nil
+      read_content
+    end
+    filter = FilterTable.create
+    filter.add_accessor(:where)
+          .add_accessor(:entries)
+          .add(:daemon,      field: 'daemon')
+          .add(:client_list, field: 'client_list')
+          .add(:options,     field: 'options')
+    filter.connect(self, :params)
+    private
+    def read_content
+      @content = ''
+      @params  = {}
+      @content = split_daemons(read_file(@conf_path))
+      @params  = parse_conf(@content)
+    end
+    def split_daemons(content)
+      split_daemons_list = []
+      content.each do |line|
+        data, = parse_comment_line(line, comment_char: '#', standalone_comments: false)
+        next unless data != ''
+        data.split(':')[0].split(',').each do |daemon|
+          split_daemons_list.push("#{daemon} : " + line.split(':', 2)[1])
+        end
+      end
+      split_daemons_list
+    end
+    def parse_conf(content)
+      content.map do |line|
+        data, = parse_comment_line(line, comment_char: '#', standalone_comments: false)
+        parse_line(data) unless data == ''
+      end.compact
+    end
+    def parse_line(line)
+      daemon, clients_and_options = line.split(/:\s+/, 2)
+      daemon = daemon.strip
+      clients_and_options ||= ''
+      clients, options = clients_and_options.split(/\s+:\s+/, 2)
+      client_list = clients.split(/,/).map(&:strip)
+      options ||= ''
+      options_list = options.split(/:\s+/).map(&:strip)
+      {
+        'daemon'      => daemon,
+        'client_list' => client_list,
+        'options'     => options_list,
+      }
+    end
+    def read_file(conf_path = @conf_path)
+      read_file_content(conf_path).lines
+    end
+  end
+  class EtcHostsDeny < EtcHostsAllow
+    name 'etc_hosts_deny'
+    supports platform: 'unix'
+    desc 'Use the etc_hosts_deny InSpec audit resource to test the connections
+          the client will deny. Controlled by the /etc/hosts.deny file.'
+    example "
+      describe etc_hosts_deny.where { daemon_list == 'ALL' } do
+        its('client_list') { should eq [['127.0.0.1', '[::1]']] }
+        its('options') { should eq [] }
+      end
+    "
+    def initialize(path = nil)
+      return skip_resource '`etc_hosts_deny` is not supported on your OS' unless inspec.os.linux?
+      super(path || '/etc/hosts.deny')
+    end
+    def to_s
+      'hosts.deny Configuration'
+    end
+  end
+end

data/lib/resources/file.rb ADDED

@@ -0,0 +1,298 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+require 'shellwords'
+module Inspec::Resources
+  module FilePermissionsSelector
+    def select_file_perms_style(os)
+      if os.unix?
+        UnixFilePermissions.new(inspec)
+      elsif os.windows?
+        WindowsFilePermissions.new(inspec)
+      end
+    end
+  end
+  class FileResource < Inspec.resource(1)
+    include FilePermissionsSelector
+    include LinuxMountParser
+    name 'file'
+    supports platform: 'unix'
+    supports platform: 'windows'
+    desc 'Use the file InSpec audit resource to test all system file types, including files, directories, symbolic links, named pipes, sockets, character devices, block devices, and doors.'
+    example "
+      describe file('path') do
+        it { should exist }
+        it { should be_file }
+        it { should be_readable }
+        it { should be_writable }
+        it { should be_executable.by_user('root') }
+        it { should be_owned_by 'root' }
+        its('mode') { should cmp '0644' }
+      end
+    "
+    attr_reader :file, :mount_options
+    def initialize(path)
+      # select permissions style
+      @perms_provider = select_file_perms_style(inspec.os)
+      @file = inspec.backend.file(path)
+    end
+    %w{
+      type exist? file? block_device? character_device? socket? directory?
+      symlink? pipe? mode mode? owner owned_by? group grouped_into?
+      link_path linked_to? mtime size selinux_label immutable?
+      product_version file_version version? md5sum sha256sum
+      path basename source source_path uid gid
+    }.each do |m|
+      define_method m.to_sym do |*args|
+        file.method(m.to_sym).call(*args)
+      end
+    end
+    def content
+      res = file.content
+      return nil if res.nil?
+      res.force_encoding('utf-8')
+    end
+    def contain(*_)
+      raise 'Contain is not supported. Please use standard RSpec matchers.'
+    end
+    def readable?(by_usergroup, by_specific_user)
+      return false unless exist?
+      return skip_resource '`readable?` is not supported on your OS yet.' if @perms_provider.nil?
+      file_permission_granted?('read', by_usergroup, by_specific_user)
+    end
+    def writable?(by_usergroup, by_specific_user)
+      return false unless exist?
+      return skip_resource '`writable?` is not supported on your OS yet.' if @perms_provider.nil?
+      file_permission_granted?('write', by_usergroup, by_specific_user)
+    end
+    def executable?(by_usergroup, by_specific_user)
+      return false unless exist?
+      return skip_resource '`executable?` is not supported on your OS yet.' if @perms_provider.nil?
+      file_permission_granted?('execute', by_usergroup, by_specific_user)
+    end
+    def allowed?(permission, opts = {})
+      return false unless exist?
+      return skip_resource '`allowed?` is not supported on your OS yet.' if @perms_provider.nil?
+      file_permission_granted?(permission, opts[:by], opts[:by_user])
+    end
+    def mounted?(expected_options = nil, identical = false)
+      mounted = file.mounted
+      # return if no additional parameters have been provided
+      return file.mounted? if expected_options.nil?
+      # deprecation warning, this functionality will be removed in future version
+      warn "[DEPRECATION] `be_mounted.with and be_mounted.only_with` are deprecated.  Please use `mount('#{source_path}')` instead."
+      # we cannot read mount data on non-Linux systems
+      return nil if !inspec.os.linux?
+      # parse content if we are on linux
+      @mount_options ||= parse_mount_options(mounted.stdout, true)
+      if identical
+        # check if the options should be identical
+        @mount_options == expected_options
+      else
+        # otherwise compare the selected values
+        @mount_options.contains(expected_options)
+      end
+    end
+    def suid
+      (mode & 04000) > 0
+    end
+    alias setuid? suid
+    def sgid
+      (mode & 02000) > 0
+    end
+    alias setgid? sgid
+    def sticky
+      (mode & 01000) > 0
+    end
+    alias sticky? sticky
+    def to_s
+      "File #{source_path}"
+    end
+    private
+    def file_permission_granted?(access_type, by_usergroup, by_specific_user)
+      raise '`file_permission_granted?` is not supported on your OS' if @perms_provider.nil?
+      if by_specific_user.nil? || by_specific_user.empty?
+        @perms_provider.check_file_permission_by_mask(file, access_type, by_usergroup, by_specific_user)
+      else
+        @perms_provider.check_file_permission_by_user(access_type, by_specific_user, source_path)
+      end
+    end
+  end
+  class FilePermissions
+    attr_reader :inspec
+    def initialize(inspec)
+      @inspec = inspec
+    end
+  end
+  class UnixFilePermissions < FilePermissions
+    def permission_flag(access_type)
+      case access_type
+      when 'read'
+        'r'
+      when 'write'
+        'w'
+      when 'execute'
+        'x'
+      else
+        raise 'Invalid access_type provided'
+      end
+    end
+    def usergroup_for(usergroup, specific_user)
+      if usergroup == 'others'
+        'other'
+      elsif (usergroup.nil? || usergroup.empty?) && specific_user.nil?
+        'all'
+      else
+        usergroup
+      end
+    end
+    def check_file_permission_by_mask(file, access_type, usergroup, specific_user)
+      usergroup = usergroup_for(usergroup, specific_user)
+      flag = permission_flag(access_type)
+      mask = file.unix_mode_mask(usergroup, flag)
+      raise 'Invalid usergroup/owner provided' if mask.nil?
+      (file.mode & mask) != 0
+    end
+    def check_file_permission_by_user(access_type, user, path)
+      flag = permission_flag(access_type)
+      if inspec.os.linux?
+        perm_cmd = "su -s /bin/sh -c \"test -#{flag} #{path}\" #{user}"
+      elsif inspec.os.bsd? || inspec.os.solaris?
+        perm_cmd = "sudo -u #{user} test -#{flag} #{path}"
+      elsif inspec.os.aix?
+        perm_cmd = "su #{user} -c test -#{flag} #{path}"
+      elsif inspec.os.hpux?
+        perm_cmd = "su #{user} -c \"test -#{flag} #{path}\""
+      else
+        return skip_resource 'The `file` resource does not support `by_user` on your OS.'
+      end
+      cmd = inspec.command(perm_cmd)
+      cmd.exit_status == 0 ? true : false
+    end
+  end
+  class WindowsFilePermissions < FilePermissions
+    def check_file_permission_by_mask(_file, _access_type, _usergroup, _specific_user)
+      raise '`check_file_permission_by_mask` is not supported on Windows'
+    end
+    def check_file_permission_by_user(access_type, user, path)
+      access_rule = translate_perm_names(access_type)
+      access_rule = convert_to_powershell_array(access_rule)
+      cmd = inspec.command("@(@((Get-Acl '#{path}').access | Where-Object {$_.AccessControlType -eq 'Allow' -and $_.IdentityReference -eq '#{user}' }) | Where-Object {($_.FileSystemRights.ToString().Split(',') | % {$_.trim()} | ? {#{access_rule} -contains $_}) -ne $null}) | measure | % { $_.Count }")
+      cmd.stdout.chomp == '0' ? false : true
+    end
+    private
+    def convert_to_powershell_array(arr)
+      if arr.empty?
+        '@()'
+      else
+        %{@('#{arr.join("', '")}')}
+      end
+    end
+    # Translates a developer-friendly string into a list of acceptable
+    # FileSystemRights that match it, because Windows has a fun heirarchy
+    # of permissions that are able to be noted in multiple ways.
+    #
+    # See also: https://www.codeproject.com/Reference/871338/AccessControl-FileSystemRights-Permissions-Table
+    def translate_perm_names(access_type)
+      names = translate_common_perms(access_type)
+      names ||= translate_granular_perms(access_type)
+      names ||= translate_uncommon_perms(access_type)
+      raise 'Invalid access_type provided' unless names
+      names
+    end
+    def translate_common_perms(access_type)
+      case access_type
+      when 'full-control'
+        %w{FullControl}
+      when 'modify'
+        translate_perm_names('full-control') + %w{Modify}
+      when 'read'
+        translate_perm_names('modify') + %w{ReadAndExecute Read}
+      when 'write'
+        translate_perm_names('modify') + %w{Write}
+      when 'execute'
+        translate_perm_names('modify') + %w{ReadAndExecute ExecuteFile Traverse}
+      when 'delete'
+        translate_perm_names('modify') + %w{Delete}
+      end
+    end
+    def translate_uncommon_perms(access_type)
+      case access_type
+      when 'delete-subdirectories-and-files'
+        translate_perm_names('full-control') + %w{DeleteSubdirectoriesAndFiles}
+      when 'change-permissions'
+        translate_perm_names('full-control') + %w{ChangePermissions}
+      when 'take-ownership'
+        translate_perm_names('full-control') + %w{TakeOwnership}
+      when 'synchronize'
+        translate_perm_names('full-control') + %w{Synchronize}
+      end
+    end
+    def translate_granular_perms(access_type)
+      case access_type
+      when 'write-data', 'create-files'
+        translate_perm_names('write') + %w{WriteData CreateFiles}
+      when 'append-data', 'create-directories'
+        translate_perm_names('write') + %w{CreateDirectories AppendData}
+      when 'write-extended-attributes'
+        translate_perm_names('write') + %w{WriteExtendedAttributes}
+      when 'write-attributes'
+        translate_perm_names('write') + %w{WriteAttributes}
+      when 'read-data', 'list-directory'
+        translate_perm_names('read') + %w{ReadData ListDirectory}
+      when 'read-attributes'
+        translate_perm_names('read') + %w{ReadAttributes}
+      when 'read-extended-attributes'
+        translate_perm_names('read') + %w{ReadExtendedAttributes}
+      when 'read-permissions'
+        translate_perm_names('read') + %w{ReadPermissions}
+      end
+    end
+  end
+end