RubyGems - inspec-core - Versions diffs - 2.1.67 - Mend

inspec-core 2.1.67

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (412) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +3136 -0
data/Gemfile +56 -0
data/LICENSE +14 -0
data/MAINTAINERS.md +33 -0
data/MAINTAINERS.toml +52 -0
data/README.md +453 -0
data/bin/inspec +12 -0
data/docs/.gitignore +2 -0
data/docs/README.md +40 -0
data/docs/dev/control-eval.md +62 -0
data/docs/dsl_inspec.md +258 -0
data/docs/dsl_resource.md +100 -0
data/docs/glossary.md +99 -0
data/docs/habitat.md +192 -0
data/docs/inspec_and_friends.md +114 -0
data/docs/matchers.md +169 -0
data/docs/migration.md +293 -0
data/docs/platforms.md +119 -0
data/docs/plugin_kitchen_inspec.md +50 -0
data/docs/profiles.md +378 -0
data/docs/reporters.md +105 -0
data/docs/resources/aide_conf.md.erb +76 -0
data/docs/resources/apache.md.erb +67 -0
data/docs/resources/apache_conf.md.erb +68 -0
data/docs/resources/apt.md.erb +71 -0
data/docs/resources/audit_policy.md.erb +47 -0
data/docs/resources/auditd.md.erb +79 -0
data/docs/resources/auditd_conf.md.erb +68 -0
data/docs/resources/bash.md.erb +75 -0
data/docs/resources/bond.md.erb +90 -0
data/docs/resources/bridge.md.erb +57 -0
data/docs/resources/bsd_service.md.erb +67 -0
data/docs/resources/chocolatey_package.md.erb +58 -0
data/docs/resources/command.md.erb +138 -0
data/docs/resources/cpan.md.erb +79 -0
data/docs/resources/cran.md.erb +64 -0
data/docs/resources/crontab.md.erb +89 -0
data/docs/resources/csv.md.erb +54 -0
data/docs/resources/dh_params.md.erb +205 -0
data/docs/resources/directory.md.erb +30 -0
data/docs/resources/docker.md.erb +219 -0
data/docs/resources/docker_container.md.erb +103 -0
data/docs/resources/docker_image.md.erb +94 -0
data/docs/resources/docker_service.md.erb +114 -0
data/docs/resources/elasticsearch.md.erb +242 -0
data/docs/resources/etc_fstab.md.erb +125 -0
data/docs/resources/etc_group.md.erb +75 -0
data/docs/resources/etc_hosts.md.erb +78 -0
data/docs/resources/etc_hosts_allow.md.erb +74 -0
data/docs/resources/etc_hosts_deny.md.erb +74 -0
data/docs/resources/file.md.erb +526 -0
data/docs/resources/filesystem.md.erb +41 -0
data/docs/resources/firewalld.md.erb +107 -0
data/docs/resources/gem.md.erb +79 -0
data/docs/resources/group.md.erb +61 -0
data/docs/resources/grub_conf.md.erb +101 -0
data/docs/resources/host.md.erb +86 -0
data/docs/resources/http.md.erb +197 -0
data/docs/resources/iis_app.md.erb +122 -0
data/docs/resources/iis_site.md.erb +135 -0
data/docs/resources/inetd_conf.md.erb +94 -0
data/docs/resources/ini.md.erb +76 -0
data/docs/resources/interface.md.erb +58 -0
data/docs/resources/iptables.md.erb +64 -0
data/docs/resources/json.md.erb +63 -0
data/docs/resources/kernel_module.md.erb +120 -0
data/docs/resources/kernel_parameter.md.erb +53 -0
data/docs/resources/key_rsa.md.erb +85 -0
data/docs/resources/launchd_service.md.erb +57 -0
data/docs/resources/limits_conf.md.erb +75 -0
data/docs/resources/login_defs.md.erb +71 -0
data/docs/resources/mount.md.erb +69 -0
data/docs/resources/mssql_session.md.erb +60 -0
data/docs/resources/mysql_conf.md.erb +99 -0
data/docs/resources/mysql_session.md.erb +74 -0
data/docs/resources/nginx.md.erb +79 -0
data/docs/resources/nginx_conf.md.erb +138 -0
data/docs/resources/npm.md.erb +60 -0
data/docs/resources/ntp_conf.md.erb +60 -0
data/docs/resources/oneget.md.erb +53 -0
data/docs/resources/oracledb_session.md.erb +52 -0
data/docs/resources/os.md.erb +141 -0
data/docs/resources/os_env.md.erb +91 -0
data/docs/resources/package.md.erb +120 -0
data/docs/resources/packages.md.erb +67 -0
data/docs/resources/parse_config.md.erb +103 -0
data/docs/resources/parse_config_file.md.erb +138 -0
data/docs/resources/passwd.md.erb +141 -0
data/docs/resources/pip.md.erb +67 -0
data/docs/resources/port.md.erb +137 -0
data/docs/resources/postgres_conf.md.erb +79 -0
data/docs/resources/postgres_hba_conf.md.erb +93 -0
data/docs/resources/postgres_ident_conf.md.erb +76 -0
data/docs/resources/postgres_session.md.erb +69 -0
data/docs/resources/powershell.md.erb +102 -0
data/docs/resources/processes.md.erb +109 -0
data/docs/resources/rabbitmq_config.md.erb +41 -0
data/docs/resources/registry_key.md.erb +158 -0
data/docs/resources/runit_service.md.erb +57 -0
data/docs/resources/security_policy.md.erb +47 -0
data/docs/resources/service.md.erb +121 -0
data/docs/resources/shadow.md.erb +146 -0
data/docs/resources/ssh_config.md.erb +73 -0
data/docs/resources/sshd_config.md.erb +83 -0
data/docs/resources/ssl.md.erb +119 -0
data/docs/resources/sys_info.md.erb +42 -0
data/docs/resources/systemd_service.md.erb +57 -0
data/docs/resources/sysv_service.md.erb +57 -0
data/docs/resources/upstart_service.md.erb +57 -0
data/docs/resources/user.md.erb +140 -0
data/docs/resources/users.md.erb +127 -0
data/docs/resources/vbscript.md.erb +55 -0
data/docs/resources/virtualization.md.erb +57 -0
data/docs/resources/windows_feature.md.erb +47 -0
data/docs/resources/windows_hotfix.md.erb +53 -0
data/docs/resources/windows_task.md.erb +95 -0
data/docs/resources/wmi.md.erb +81 -0
data/docs/resources/x509_certificate.md.erb +151 -0
data/docs/resources/xinetd_conf.md.erb +156 -0
data/docs/resources/xml.md.erb +85 -0
data/docs/resources/yaml.md.erb +69 -0
data/docs/resources/yum.md.erb +98 -0
data/docs/resources/zfs_dataset.md.erb +53 -0
data/docs/resources/zfs_pool.md.erb +47 -0
data/docs/ruby_usage.md +203 -0
data/docs/shared/matcher_be.md.erb +1 -0
data/docs/shared/matcher_cmp.md.erb +43 -0
data/docs/shared/matcher_eq.md.erb +3 -0
data/docs/shared/matcher_include.md.erb +1 -0
data/docs/shared/matcher_match.md.erb +1 -0
data/docs/shell.md +217 -0
data/examples/README.md +8 -0
data/examples/inheritance/README.md +65 -0
data/examples/inheritance/controls/example.rb +14 -0
data/examples/inheritance/inspec.yml +15 -0
data/examples/kitchen-ansible/.kitchen.yml +25 -0
data/examples/kitchen-ansible/Gemfile +19 -0
data/examples/kitchen-ansible/README.md +53 -0
data/examples/kitchen-ansible/files/nginx.repo +6 -0
data/examples/kitchen-ansible/tasks/main.yml +16 -0
data/examples/kitchen-ansible/test/integration/default/default.yml +5 -0
data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -0
data/examples/kitchen-chef/.kitchen.yml +20 -0
data/examples/kitchen-chef/Berksfile +3 -0
data/examples/kitchen-chef/Gemfile +19 -0
data/examples/kitchen-chef/README.md +27 -0
data/examples/kitchen-chef/metadata.rb +7 -0
data/examples/kitchen-chef/recipes/default.rb +6 -0
data/examples/kitchen-chef/recipes/nginx.rb +30 -0
data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -0
data/examples/kitchen-puppet/.kitchen.yml +23 -0
data/examples/kitchen-puppet/Gemfile +20 -0
data/examples/kitchen-puppet/Puppetfile +25 -0
data/examples/kitchen-puppet/README.md +53 -0
data/examples/kitchen-puppet/manifests/site.pp +33 -0
data/examples/kitchen-puppet/metadata.json +11 -0
data/examples/kitchen-puppet/modules/.gitkeep +0 -0
data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -0
data/examples/meta-profile/README.md +37 -0
data/examples/meta-profile/controls/example.rb +13 -0
data/examples/meta-profile/inspec.yml +13 -0
data/examples/profile-attribute.yml +2 -0
data/examples/profile-attribute/README.md +14 -0
data/examples/profile-attribute/controls/example.rb +11 -0
data/examples/profile-attribute/inspec.yml +8 -0
data/examples/profile-sensitive/README.md +29 -0
data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -0
data/examples/profile-sensitive/controls/sensitive.rb +9 -0
data/examples/profile-sensitive/inspec.yml +8 -0
data/examples/profile/README.md +48 -0
data/examples/profile/controls/example.rb +23 -0
data/examples/profile/controls/gordon.rb +36 -0
data/examples/profile/controls/meta.rb +34 -0
data/examples/profile/inspec.yml +10 -0
data/examples/profile/libraries/gordon_config.rb +59 -0
data/inspec-core.gemspec +43 -0
data/lib/bundles/README.md +3 -0
data/lib/bundles/inspec-artifact.rb +7 -0
data/lib/bundles/inspec-artifact/README.md +1 -0
data/lib/bundles/inspec-artifact/cli.rb +277 -0
data/lib/bundles/inspec-compliance.rb +16 -0
data/lib/bundles/inspec-compliance/.kitchen.yml +20 -0
data/lib/bundles/inspec-compliance/README.md +193 -0
data/lib/bundles/inspec-compliance/api.rb +360 -0
data/lib/bundles/inspec-compliance/api/login.rb +193 -0
data/lib/bundles/inspec-compliance/bootstrap.sh +41 -0
data/lib/bundles/inspec-compliance/cli.rb +260 -0
data/lib/bundles/inspec-compliance/configuration.rb +103 -0
data/lib/bundles/inspec-compliance/http.rb +125 -0
data/lib/bundles/inspec-compliance/images/cc-token.png +0 -0
data/lib/bundles/inspec-compliance/support.rb +36 -0
data/lib/bundles/inspec-compliance/target.rb +106 -0
data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -0
data/lib/bundles/inspec-habitat.rb +12 -0
data/lib/bundles/inspec-habitat/cli.rb +36 -0
data/lib/bundles/inspec-habitat/log.rb +10 -0
data/lib/bundles/inspec-habitat/profile.rb +391 -0
data/lib/bundles/inspec-init.rb +8 -0
data/lib/bundles/inspec-init/README.md +31 -0
data/lib/bundles/inspec-init/cli.rb +97 -0
data/lib/bundles/inspec-init/templates/profile/README.md +3 -0
data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -0
data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -0
data/lib/bundles/inspec-init/templates/profile/libraries/.gitkeep +0 -0
data/lib/bundles/inspec-supermarket.rb +13 -0
data/lib/bundles/inspec-supermarket/README.md +45 -0
data/lib/bundles/inspec-supermarket/api.rb +84 -0
data/lib/bundles/inspec-supermarket/cli.rb +73 -0
data/lib/bundles/inspec-supermarket/target.rb +34 -0
data/lib/fetchers/git.rb +163 -0
data/lib/fetchers/local.rb +74 -0
data/lib/fetchers/mock.rb +35 -0
data/lib/fetchers/url.rb +247 -0
data/lib/inspec.rb +24 -0
data/lib/inspec/archive/tar.rb +29 -0
data/lib/inspec/archive/zip.rb +19 -0
data/lib/inspec/backend.rb +93 -0
data/lib/inspec/base_cli.rb +368 -0
data/lib/inspec/cached_fetcher.rb +66 -0
data/lib/inspec/cli.rb +292 -0
data/lib/inspec/completions/bash.sh.erb +45 -0
data/lib/inspec/completions/fish.sh.erb +34 -0
data/lib/inspec/completions/zsh.sh.erb +61 -0
data/lib/inspec/control_eval_context.rb +179 -0
data/lib/inspec/dependencies/cache.rb +72 -0
data/lib/inspec/dependencies/dependency_set.rb +92 -0
data/lib/inspec/dependencies/lockfile.rb +115 -0
data/lib/inspec/dependencies/requirement.rb +123 -0
data/lib/inspec/dependencies/resolver.rb +86 -0
data/lib/inspec/describe.rb +27 -0
data/lib/inspec/dsl.rb +66 -0
data/lib/inspec/dsl_shared.rb +33 -0
data/lib/inspec/env_printer.rb +157 -0
data/lib/inspec/errors.rb +14 -0
data/lib/inspec/exceptions.rb +12 -0
data/lib/inspec/expect.rb +45 -0
data/lib/inspec/fetcher.rb +45 -0
data/lib/inspec/file_provider.rb +275 -0
data/lib/inspec/formatters.rb +3 -0
data/lib/inspec/formatters/base.rb +259 -0
data/lib/inspec/formatters/json_rspec.rb +20 -0
data/lib/inspec/formatters/show_progress.rb +12 -0
data/lib/inspec/library_eval_context.rb +58 -0
data/lib/inspec/log.rb +11 -0
data/lib/inspec/metadata.rb +247 -0
data/lib/inspec/method_source.rb +24 -0
data/lib/inspec/objects.rb +14 -0
data/lib/inspec/objects/attribute.rb +75 -0
data/lib/inspec/objects/control.rb +61 -0
data/lib/inspec/objects/describe.rb +92 -0
data/lib/inspec/objects/each_loop.rb +36 -0
data/lib/inspec/objects/list.rb +15 -0
data/lib/inspec/objects/or_test.rb +40 -0
data/lib/inspec/objects/ruby_helper.rb +15 -0
data/lib/inspec/objects/tag.rb +27 -0
data/lib/inspec/objects/test.rb +87 -0
data/lib/inspec/objects/value.rb +27 -0
data/lib/inspec/plugins.rb +60 -0
data/lib/inspec/plugins/cli.rb +24 -0
data/lib/inspec/plugins/fetcher.rb +86 -0
data/lib/inspec/plugins/resource.rb +135 -0
data/lib/inspec/plugins/secret.rb +15 -0
data/lib/inspec/plugins/source_reader.rb +40 -0
data/lib/inspec/polyfill.rb +12 -0
data/lib/inspec/profile.rb +513 -0
data/lib/inspec/profile_context.rb +208 -0
data/lib/inspec/profile_vendor.rb +66 -0
data/lib/inspec/reporters.rb +60 -0
data/lib/inspec/reporters/automate.rb +76 -0
data/lib/inspec/reporters/base.rb +25 -0
data/lib/inspec/reporters/cli.rb +356 -0
data/lib/inspec/reporters/json.rb +116 -0
data/lib/inspec/reporters/json_min.rb +48 -0
data/lib/inspec/reporters/junit.rb +78 -0
data/lib/inspec/require_loader.rb +33 -0
data/lib/inspec/resource.rb +190 -0
data/lib/inspec/rule.rb +280 -0
data/lib/inspec/runner.rb +345 -0
data/lib/inspec/runner_mock.rb +41 -0
data/lib/inspec/runner_rspec.rb +175 -0
data/lib/inspec/runtime_profile.rb +26 -0
data/lib/inspec/schema.rb +213 -0
data/lib/inspec/secrets.rb +19 -0
data/lib/inspec/secrets/yaml.rb +30 -0
data/lib/inspec/shell.rb +220 -0
data/lib/inspec/shell_detector.rb +90 -0
data/lib/inspec/source_reader.rb +29 -0
data/lib/inspec/version.rb +8 -0
data/lib/matchers/matchers.rb +339 -0
data/lib/resources/aide_conf.rb +151 -0
data/lib/resources/apache.rb +48 -0
data/lib/resources/apache_conf.rb +149 -0
data/lib/resources/apt.rb +149 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd.rb +231 -0
data/lib/resources/auditd_conf.rb +46 -0
data/lib/resources/bash.rb +35 -0
data/lib/resources/bond.rb +69 -0
data/lib/resources/bridge.rb +122 -0
data/lib/resources/chocolatey_package.rb +78 -0
data/lib/resources/command.rb +73 -0
data/lib/resources/cpan.rb +58 -0
data/lib/resources/cran.rb +64 -0
data/lib/resources/crontab.rb +169 -0
data/lib/resources/csv.rb +56 -0
data/lib/resources/dh_params.rb +77 -0
data/lib/resources/directory.rb +25 -0
data/lib/resources/docker.rb +236 -0
data/lib/resources/docker_container.rb +89 -0
data/lib/resources/docker_image.rb +83 -0
data/lib/resources/docker_object.rb +57 -0
data/lib/resources/docker_service.rb +90 -0
data/lib/resources/elasticsearch.rb +169 -0
data/lib/resources/etc_fstab.rb +94 -0
data/lib/resources/etc_group.rb +154 -0
data/lib/resources/etc_hosts.rb +66 -0
data/lib/resources/etc_hosts_allow_deny.rb +112 -0
data/lib/resources/file.rb +298 -0
data/lib/resources/filesystem.rb +31 -0
data/lib/resources/firewalld.rb +143 -0
data/lib/resources/gem.rb +70 -0
data/lib/resources/groups.rb +215 -0
data/lib/resources/grub_conf.rb +227 -0
data/lib/resources/host.rb +306 -0
data/lib/resources/http.rb +253 -0
data/lib/resources/iis_app.rb +101 -0
data/lib/resources/iis_site.rb +148 -0
data/lib/resources/inetd_conf.rb +54 -0
data/lib/resources/ini.rb +29 -0
data/lib/resources/interface.rb +129 -0
data/lib/resources/iptables.rb +80 -0
data/lib/resources/json.rb +111 -0
data/lib/resources/kernel_module.rb +107 -0
data/lib/resources/kernel_parameter.rb +58 -0
data/lib/resources/key_rsa.rb +63 -0
data/lib/resources/limits_conf.rb +46 -0
data/lib/resources/login_def.rb +57 -0
data/lib/resources/mount.rb +88 -0
data/lib/resources/mssql_session.rb +101 -0
data/lib/resources/mysql.rb +82 -0
data/lib/resources/mysql_conf.rb +127 -0
data/lib/resources/mysql_session.rb +85 -0
data/lib/resources/nginx.rb +96 -0
data/lib/resources/nginx_conf.rb +226 -0
data/lib/resources/npm.rb +48 -0
data/lib/resources/ntp_conf.rb +51 -0
data/lib/resources/oneget.rb +71 -0
data/lib/resources/oracledb_session.rb +139 -0
data/lib/resources/os.rb +36 -0
data/lib/resources/os_env.rb +86 -0
data/lib/resources/package.rb +370 -0
data/lib/resources/packages.rb +111 -0
data/lib/resources/parse_config.rb +112 -0
data/lib/resources/passwd.rb +76 -0
data/lib/resources/pip.rb +130 -0
data/lib/resources/platform.rb +109 -0
data/lib/resources/port.rb +771 -0
data/lib/resources/postgres.rb +131 -0
data/lib/resources/postgres_conf.rb +114 -0
data/lib/resources/postgres_hba_conf.rb +90 -0
data/lib/resources/postgres_ident_conf.rb +79 -0
data/lib/resources/postgres_session.rb +71 -0
data/lib/resources/powershell.rb +67 -0
data/lib/resources/processes.rb +204 -0
data/lib/resources/rabbitmq_conf.rb +51 -0
data/lib/resources/registry_key.rb +297 -0
data/lib/resources/security_policy.rb +180 -0
data/lib/resources/service.rb +794 -0
data/lib/resources/shadow.rb +159 -0
data/lib/resources/ssh_conf.rb +97 -0
data/lib/resources/ssl.rb +99 -0
data/lib/resources/sys_info.rb +28 -0
data/lib/resources/toml.rb +32 -0
data/lib/resources/users.rb +654 -0
data/lib/resources/vbscript.rb +68 -0
data/lib/resources/virtualization.rb +247 -0
data/lib/resources/windows_feature.rb +84 -0
data/lib/resources/windows_hotfix.rb +35 -0
data/lib/resources/windows_task.rb +102 -0
data/lib/resources/wmi.rb +110 -0
data/lib/resources/x509_certificate.rb +137 -0
data/lib/resources/xinetd.rb +106 -0
data/lib/resources/xml.rb +46 -0
data/lib/resources/yaml.rb +43 -0
data/lib/resources/yum.rb +180 -0
data/lib/resources/zfs_dataset.rb +60 -0
data/lib/resources/zfs_pool.rb +49 -0
data/lib/source_readers/flat.rb +39 -0
data/lib/source_readers/inspec.rb +75 -0
data/lib/utils/command_wrapper.rb +27 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/database_helpers.rb +77 -0
data/lib/utils/enumerable_delegation.rb +9 -0
data/lib/utils/erlang_parser.rb +192 -0
data/lib/utils/file_reader.rb +25 -0
data/lib/utils/filter.rb +273 -0
data/lib/utils/filter_array.rb +27 -0
data/lib/utils/find_files.rb +47 -0
data/lib/utils/hash.rb +41 -0
data/lib/utils/json_log.rb +18 -0
data/lib/utils/latest_version.rb +22 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/nginx_parser.rb +105 -0
data/lib/utils/object_traversal.rb +49 -0
data/lib/utils/parser.rb +274 -0
data/lib/utils/pkey_reader.rb +15 -0
data/lib/utils/plugin_registry.rb +93 -0
data/lib/utils/simpleconfig.rb +120 -0
data/lib/utils/spdx.rb +13 -0
data/lib/utils/spdx.txt +344 -0
metadata +713 -0

data/lib/utils/modulator.rb ADDED

@@ -0,0 +1,12 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+module Modulator
+  def modules
+    @modules ||= {}
+  end
+  def add_module(name, handler)
+    modules[name] = handler
+  end
+end

data/lib/utils/nginx_parser.rb ADDED

@@ -0,0 +1,105 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'parslet'
+class NginxParser < Parslet::Parser
+  root :outermost
+  # only designed for rabbitmq config files for now:
+  rule(:outermost) { filler? >> exp.repeat }
+  rule(:filler?) { one_filler.repeat }
+  rule(:one_filler) { match('\s+') | match["\n"] | comment }
+  rule(:space)   { match('\s+') }
+  rule(:comment) { str('#') >> (match["\n\r"].absent? >> any).repeat }
+  rule(:exp) {
+    section | assignment
+  }
+  rule(:assignment) {
+    (identifier >> values.maybe.as(:args)).as(:assignment) >> str(';') >> filler?
+  }
+  rule(:standard_identifier) {
+    (match('[a-zA-Z]') >> match('\S').repeat).as(:identifier) >> space >> space.repeat
+  }
+  rule(:quoted_identifier) {
+    str('"') >> (str('"').absent? >> any).repeat.as(:identifier) >> str('"') >> space.repeat
+  }
+  rule(:identifier) {
+    standard_identifier | quoted_identifier
+  }
+  rule(:standard_value) {
+    ((match(/[#;{'"]/).absent? >> any) >> (
+      str('\\') >> any | match('[#;{]|\s').absent? >> any
+    ).repeat).as(:value) >> space.repeat
+  }
+  rule(:single_quoted_value) {
+    str("'") >> (
+      str('\\') >> any | str("'").absent? >> any
+    ).repeat.as(:value) >> str("'") >> space.repeat
+  }
+  rule(:double_quoted_value) {
+    str('"') >> (
+      str('\\') >> any | str('"').absent? >> any
+    ).repeat.as(:value) >> str('"') >> space.repeat
+  }
+  rule(:quoted_value) {
+    single_quoted_value | double_quoted_value
+  }
+  rule(:value) {
+    standard_value | quoted_value
+  }
+  rule(:values) {
+    value.repeat >> space.maybe
+  }
+  rule(:section) {
+    identifier.as(:section) >> values.maybe.as(:args) >> str('{') >> filler? >> exp.repeat.as(:expressions) >> str('}') >> filler?
+  }
+end
+class NginxTransform < Parslet::Transform
+  Group = Struct.new(:id, :args, :body)
+  Exp = Struct.new(:key, :vals)
+  def self.assemble_binary(seq)
+    b = ErlangBitstream.new
+    seq.each { |i| b.add(i) }
+    b.value
+  end
+  rule(section: { identifier: simple(:x) }, args: subtree(:y), expressions: subtree(:z)) { Group.new(x.to_s, y, z) }
+  rule(assignment: { identifier: simple(:x), args: subtree(:y) }) { Exp.new(x.to_s, y) }
+  rule(value: simple(:x)) { x.to_s }
+end
+class NginxConfig
+  def self.parse(content)
+    lex = NginxParser.new.parse(content)
+    tree = NginxTransform.new.apply(lex)
+    gtree = NginxTransform::Group.new(nil, '', tree)
+    read_nginx_group(gtree)
+  rescue Parslet::ParseFailed => err
+    raise "Failed to parse NginX config: #{err}"
+  end
+  def self.read_nginx_group(t)
+    agg_conf = Hash.new([])
+    agg_conf['_'] = t.args unless t.args == ''
+    groups, conf = t.body.partition { |i| i.is_a? NginxTransform::Group }
+    conf.each { |x| agg_conf[x.key] += [x.vals] }
+    groups.each { |x| agg_conf[x.id] += [read_nginx_group(x)] }
+    agg_conf
+  end
+end

data/lib/utils/object_traversal.rb ADDED

@@ -0,0 +1,49 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+module ObjectTraverser
+  def extract_value(keys, value)
+    return nil if value.nil?
+    key = keys.shift
+    return nil if key.nil?
+    # if the current value is not a Hash or Array, it is undefined
+    # behavior so value will be assigned nil by default.
+    value = if value.is_a?(Array)
+              extract_from_array(key, value)
+            elsif value.is_a?(Hash)
+              extract_from_hash(key, value)
+            end
+    # if there are no more keys, just return the value
+    return value if keys.first.nil?
+    # if there are more keys, extract more
+    extract_value(keys.clone, value)
+  end
+  private
+  # If the values to return from is an Array, allow returning by index.
+  # Otherwise, support methods on the Array itself.
+  def extract_from_array(key, value)
+    if key.is_a?(Integer)
+      value[key]
+    elsif value.respond_to?(key.to_sym)
+      value.send(key.to_sym)
+    end
+  end
+  # for Hashes, try to return the value by the key.
+  # We first try to find by the raw key before we stringify
+  # if the keys themselves are symbols, for example.
+  #
+  # This will return nil default if we can't find the key.
+  def extract_from_hash(key, value)
+    if value.key?(key)
+      value[key]
+    elsif value.key?(key.to_s)
+      value[key.to_s]
+    end
+  end
+end

data/lib/utils/parser.rb ADDED

@@ -0,0 +1,274 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+module PasswdParser
+  # Parse /etc/passwd files.
+  #
+  # @param [String] content the raw content of /etc/passwd
+  # @return [Array] Collection of passwd entries
+  def parse_passwd(content)
+    content.to_s.split("\n").map do |line|
+      next if line[0] == '#'
+      parse_passwd_line(line)
+    end.compact
+  end
+  # Parse a line of /etc/passwd
+  #
+  # @param [String] line a line of /etc/passwd
+  # @return [Hash] Map of entries in this line
+  def parse_passwd_line(line)
+    x = line.split(':')
+    {
+      'user' => x.at(0),
+      'password' => x.at(1),
+      'uid' => x.at(2),
+      'gid' => x.at(3),
+      'desc' => x.at(4),
+      'home' => x.at(5),
+      'shell' => x.at(6),
+    }
+  end
+end
+module CommentParser
+  # Parse a line with a command. For example: `a = b   # comment`.
+  # Retrieves the actual content.
+  #
+  # @param [String] raw the content lines you want to be parsed
+  # @param [Hash] opts optional configuration
+  # @return [Array] contains the actual line and the position of the line end
+  def parse_comment_line(raw, opts)
+    idx_nl = raw.index("\n")
+    idx_comment = raw.index(opts[:comment_char])
+    idx_nl = raw.length if idx_nl.nil?
+    idx_comment = idx_nl + 1 if idx_comment.nil?
+    line = ''
+    # is a comment inside this line
+    if idx_comment < idx_nl && idx_comment != 0
+      line = raw[0..(idx_comment - 1)]
+      # in case we don't allow comments at the end
+      # of an assignment/statement, ignore it and fall
+      # back to treating this as a regular line
+      if opts[:standalone_comments] && !is_empty_line(line)
+        line = raw[0..(idx_nl - 1)]
+      end
+    # if there is no comment in this line
+    elsif idx_comment > idx_nl && idx_nl != 0
+      line = raw[0..(idx_nl - 1)]
+    end
+    [line, idx_nl]
+  end
+end
+module LinuxMountParser
+  # this parses the output of mount command (only tested on linux)
+  # this method expects only one line of the mount output
+  def parse_mount_options(mount_line, compatibility = false)
+    if includes_whitespaces?(mount_line)
+      # Device-/Sharenames and Mountpoints including whitespaces require special treatment:
+      # We use the keyword ' type ' to split up and rebuild the desired array of fields
+      type_split = mount_line.split(' type ')
+      fs_path = type_split[0]
+      other_opts = type_split[1]
+      fs, path = fs_path.match(%r{^(.+?)\son\s(/.+?)$}).captures
+      mount = [fs, 'on', path, 'type']
+      mount.concat(other_opts.scan(/\S+/))
+    else
+      # ... otherwise we just split the fields by whitespaces
+      mount = mount_line.scan(/\S+/)
+    end
+    # parse device and type
+    mount_options    = { device: mount[0], type: mount[4] }
+    if compatibility == false
+      # parse options as array
+      mount_options[:options] = mount[5].gsub(/\(|\)/, '').split(',')
+    else
+      # parse options as serverspec uses it, tbis is deprecated
+      mount_options[:options] = {}
+      mount[5].gsub(/\(|\)/, '').split(',').each do |option|
+        name, val = option.split('=')
+        if val.nil?
+          val = true
+        elsif val =~ /^\d+$/
+          # parse numbers
+          val = val.to_i
+        end
+        mount_options[:options][name.to_sym] = val
+      end
+    end
+    mount_options
+  end
+  # Device-/Sharename or Mountpoint includes whitespaces?
+  def includes_whitespaces?(mount_line)
+    ws = mount_line.match(/^(.+)\son\s(.+)\stype\s.*$/)
+    ws.captures[0].include?(' ') or ws.captures[1].include?(' ')
+  end
+end
+module BsdMountParser
+  # this parses the output of mount command (only tested on freebsd)
+  # this method expects only one line of the mount output
+  def parse_mount_options(mount_line, _compatibility = false)
+    return {} if mount_line.nil? || mount_line.empty?
+    mount = mount_line.chomp.split(' ', 4)
+    options = mount[3].tr('()', '').split(', ')
+    # parse device and type
+    { device: mount[0], type: options.shift, options: options }
+  end
+end
+module SolarisNetstatParser
+  # takes this as a input and parses the values
+  # UDP: IPv4
+  #    Local Address        Remote Address      State
+  # -------------------- -------------------- ----------
+  #       *.*                                 Unbound
+  def parse_netstat(content) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize
+    return [] if content.nil? || content.empty?
+    protocol = nil
+    column_widths = nil
+    ports = []
+    cache_name_line = nil
+    content.each_line { |line|
+      # find header, its delimiter
+      if line =~ /TCP:|UDP:|SCTP:/
+        # get protocol
+        protocol = line.split(':')[0].chomp.strip.downcase
+        # determine version tcp, tcp6, udp, udp6
+        proto_version = line.split(':')[1].chomp.strip
+        protocol += '6' if proto_version == 'IPv6'
+        # reset names cache
+        column_widths = nil
+        cache_name_line = nil
+        names = nil
+      # calulate width of a column based on the horizontal line
+      elsif line =~ /^[- ]+$/
+        column_widths = columns(line)
+      # parse header values from line
+      elsif column_widths.nil? && !line.nil?
+        # we do not know the width at this point of time, therefore we need to cache
+        cache_name_line = line
+      # content line
+      elsif !column_widths.nil? && !line.nil? && !line.chomp.empty?
+        # default row
+        port = split_columns(column_widths, line).to_a.map { |v| v.chomp.strip }
+        # parse the header names
+        # TODO: names should be optional
+        names = split_columns(column_widths, cache_name_line).to_a.map { |v| v.chomp.strip.downcase.tr(' ', '-').gsub(/[^\w-]/, '_') }
+        info = {
+          'protocol' => protocol.downcase,
+        }
+        # generate hash for each line and use the names as keys
+        names.each_index { |i|
+          info[names[i]] = port[i] if i != 0
+        }
+        ports.push(info)
+      end
+    }
+    ports
+  end
+  private
+  # takes a line like "-------------------- -------------------- ----------"
+  # as input and calculates the length of each column
+  def columns(line)
+    # find all columns
+    m = line.scan(/-+/)
+    # calculate the length each column
+    m.map { |x| x.length } # rubocop:disable Style/SymbolProc
+  end
+  # takes a line and the width of the columns to extract the values
+  def split_columns(columns, line)
+    # generate regex based on columns
+    sep = '\\s'
+    length = columns.length
+    arr = columns.map.with_index { |x, i|
+      reg = "(.{#{x}})#{sep}" # add seperator between columns
+      reg = "(.{,#{x}})#{sep}" if i == length - 2 # make the pre-last one optional
+      reg = "(.{,#{x}})" if i == length - 1 # use , to say max value
+      reg
+    }
+    # extracts the columns
+    line.match(Regexp.new(arr.join))
+  end
+end
+# This parser for xinetd (extended Internet daemon) configuration files
+module XinetdParser
+  def xinetd_include_dir(dir)
+    return [] if dir.nil?
+    unless inspec.file(dir).directory?
+      raise Inspec::Exceptions::ResourceSkipped, "Can't find folder: #{dir}"
+    end
+    files = inspec.command("find #{dir} -type f").stdout.split("\n")
+    files.map { |file| parse_xinetd(read_content(file)) }
+  end
+  def parse_xinetd(raw) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+    return {} if raw.nil?
+    res = {}
+    cur_group = nil
+    simple_conf = []
+    rest = raw + "\n"
+    until rest.empty?
+      # extract content line
+      nl = rest.index("\n") || (rest.length-1)
+      comment = rest.index('#') || (rest.length-1)
+      dst_idx = comment < nl ? comment : nl
+      inner_line = dst_idx == 0 ? '' : rest[0..dst_idx-1].strip
+      # update unparsed content
+      rest = rest[nl+1..-1]
+      next if inner_line.empty?
+      if inner_line == '}'
+        if cur_group == 'defaults'
+          res[cur_group] = SimpleConfig.new(simple_conf.join("\n"))
+        else
+          res[cur_group] ||= []
+          res[cur_group].push(SimpleConfig.new(simple_conf.join("\n")))
+        end
+        cur_group = nil
+      elsif rest.lstrip[0] == '{'
+        cur_group = inner_line
+        simple_conf = []
+        rest = rest[rest.index("\n")+1..-1]
+      elsif cur_group.nil?
+        # parse all included files
+        others = xinetd_include_dir(inner_line[/includedir (.+)/, 1])
+        # complex merging of included configurations, as multiple services
+        # may be defined with the same name but different configuration
+        others.each { |ores|
+          ores.each { |k, v|
+            res[k] ||= []
+            res[k].concat(v)
+          }
+        }
+      else
+        simple_conf.push(inner_line)
+      end
+    end
+    res
+  end
+end

data/lib/utils/pkey_reader.rb ADDED

@@ -0,0 +1,15 @@
+module PkeyReader
+  def read_pkey(filecontent, passphrase)
+    raise_if_default(passphrase)
+    OpenSSL::PKey.read(filecontent, passphrase)
+  rescue OpenSSL::PKey::PKeyError
+    raise Inspec::Exceptions::ResourceFailed, 'passphrase error'
+  end
+  def raise_if_default(passphrase)
+    if passphrase.is_a? Inspec::Attribute::DEFAULT_ATTRIBUTE
+      raise Inspec::Exceptions::ResourceFailed, 'Please provide default value for attribute'
+    end
+  end
+end