inspec-core 2.2.102 → 2.2.112

data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb

@@ -0,0 +1,81 @@
+require 'fileutils'
+require 'erb'
+
+module InspecPlugins
+  module Init
+    class Renderer
+      # Creates a renderer able to render the given template type
+      # 1. iterate over all files
+      # 2. read content in erb
+      # 3. write to full_destination_root_path
+
+      attr_reader :overwrite_mode, :ui
+      def initialize(cli_ui, cli_options = {})
+        @ui = cli_ui
+        @overwrite_mode = cli_options['overwrite']
+      end
+
+      # rubocop: disable Metrics/AbcSize
+      def render_with_values(template_type, template_values = {})
+        # look for template directory
+        base_dir = File.join(File.dirname(__FILE__), 'templates', template_type)
+        # prepare glob for all subdirectories and files
+        template_glob = File.join(base_dir, '**', '{*,.*}')
+        # Use the name attribute to define the path to the profile.
+        profile_path = template_values[:name]
+        # Use slashes (\, /) to split up the name into an Array then use the last entry
+        # to reset the name of the profile.
+        template_values[:name] = template_values[:name].split(%r{\\|\/}).last
+        # Generate the full full_destination_root_path path on disk
+        full_destination_root_path = Pathname.new(Dir.pwd).join(profile_path)
+        ui.plain_text "Create new #{template_type} at #{ui.mark_text(full_destination_root_path)}"
+
+        # check that the directory does not exist
+        if File.exist?(full_destination_root_path) && !overwrite_mode
+          ui.plain_text "#{ui.mark_text(full_destination_root_path)} exists already, use --overwrite"
+          ui.exit(1)
+        end
+
+        # ensure that full_destination_root_path directory is available
+        FileUtils.mkdir_p(full_destination_root_path)
+
+        # iterate over files and write to full_destination_root_path
+        Dir.glob(template_glob) do |file|
+          relative_destination_item_path = Pathname.new(file).relative_path_from(Pathname.new(base_dir))
+          full_destination_item_path = Pathname.new(full_destination_root_path).join(relative_destination_item_path)
+          if File.directory?(file)
+            ui.li "Create directory #{ui.mark_text(relative_destination_item_path)}"
+            FileUtils.mkdir_p(full_destination_item_path)
+          elsif File.file?(file)
+            ui.li "Create file #{ui.mark_text(relative_destination_item_path)}"
+            # read & render content
+            content = render(File.read(file), template_values)
+            # write file content
+            File.write(full_destination_item_path, content)
+          else
+            ui.plain_text "Ignore #{file}, because its not an file or directoy"
+          end
+        end
+      end
+      # rubocop: enable Metrics/AbcSize
+
+      # This is a render helper to bind hash values to a ERB template
+      # ERB provides result_with_hash in ruby 2.5.0+, which does exactly this
+      def render(template_content, hash)
+        # create a new binding class
+        cls = Class.new do
+          hash.each do |key, value|
+            define_method key.to_sym do
+              value
+            end
+          end
+          # expose binding
+          define_method :bind do
+            binding
+          end
+        end
+        ERB.new(template_content).result(cls.new.bind)
+      end
+    end
+  end
+end

data/lib/plugins/inspec-init/lib/inspec-init.rb

@@ -0,0 +1,12 @@
+module InspecPlugins
+  module Init
+    class Plugin < Inspec.plugin(2)
+      plugin_name :'inspec-init'
+
+      cli_command :init do
+        require_relative 'inspec-init/cli'
+        InspecPlugins::Init::CLI
+      end
+    end
+  end
+end

data/lib/plugins/inspec-init/test/functional/inspec_init_test.rb

@@ -0,0 +1,30 @@
+# encoding: utf-8
+
+require_relative '../../../shared/core_plugin_test_helper.rb'
+
+class InitCli < MiniTest::Test
+  include CorePluginFunctionalHelper
+
+  def test_generating_inspec_profile
+    Dir.mktmpdir do |dir|
+      profile = File.join(dir, 'test-profile')
+      out = run_inspec_process("init profile test-profile", prefix: "cd #{dir} &&")
+      assert_equal 0, out.exit_status
+      assert_includes out.stdout, 'Create new profile at'
+      assert_includes out.stdout, profile
+      assert_includes Dir.entries(profile).join, 'inspec.yml'
+      assert_includes Dir.entries(profile).join, 'README.md'
+    end
+  end
+
+  def test_profile_with_slash_name
+    Dir.mktmpdir do |dir|
+      profile = dir + '/test/deeper/profile'
+      out = run_inspec_process("init profile test/deeper/profile", prefix: "cd #{dir} &&")
+      assert_equal 0, out.exit_status
+      assert_equal true, File.exist?(profile)
+      profile = YAML.load_file("#{profile}/inspec.yml")
+      assert_equal 'profile', profile['name']
+    end
+  end
+end

data/lib/plugins/shared/core_plugin_test_helper.rb

@@ -0,0 +1,50 @@
+
+# Load test harness - MiniTest
+require 'minitest/autorun'
+require 'minitest/unit'
+require 'minitest/pride'
+require 'minitest/spec'
+
+# Data formats commonly used in testing
+require 'json'
+require 'ostruct'
+
+# Utilities often needed
+require 'fileutils'
+
+# Configure MiniTest to expose things like `let`
+class Module
+  include Minitest::Spec::DSL
+end
+
+module CorePluginBaseHelper
+  let(:repo_path) { File.expand_path(File.join(__FILE__, '..', '..', '..', '..')) }
+  let(:inspec_bin_path) { File.join(repo_path, 'bin', 'inspec') }
+  let(:core_mock_path) { File.join(repo_path, 'test', 'unit', 'mock') }
+  let(:core_fixture_plugins_path) { File.join(core_mock_path, 'plugins') }
+  let(:core_config_dir_path) { File.join(core_mock_path, 'config_dirs') }
+
+  let(:registry) { Inspec::Plugin::V2::Registry.instance }
+end
+
+module CorePluginFunctionalHelper
+  include CorePluginBaseHelper
+
+  require 'train'
+  TRAIN_CONNECTION = Train.create('local', command_runner: :generic).connection
+
+  def run_inspec_process(command_line, opts = {})
+    prefix = ''
+    if opts.key?(:prefix)
+      prefix = opts[:prefix]
+    elsif opts.key?(:env)
+      prefix = opts[:env].to_a.map { |assignment| "#{assignment[0]}=#{assignment[1]}" }.join(' ')
+    end
+    TRAIN_CONNECTION.run_command("#{prefix} #{inspec_bin_path} #{command_line}")
+  end
+end
+
+module CorePluginUnitHelper
+  include CorePluginBaseHelper
+  require 'inspec'
+end

data/lib/resources/gem.rb

@@ -49,9 +49,10 @@ module Inspec::Resources
       }
       return @info unless @info[:installed]
 
-      versions = params[2].split(',')
+      versions = params[2].split(',').map(&:strip)
       @info[:name] = params[1]
       @info[:version] = versions[0]
+      @info[:versions] = versions
       @info
     end
 
@@ -63,6 +64,11 @@ module Inspec::Resources
       info[:version]
     end
 
+    # this returns an array of strings
+    def versions
+      info[:versions]
+    end
+
     def to_s
       "gem package #{@package_name}"
     end

data/lib/resources/mssql_session.rb

@@ -29,7 +29,7 @@ module Inspec::Resources
       end
     "
 
-    attr_reader :user, :password, :host, :port, :instance, :local_mode
+    attr_reader :user, :password, :host, :port, :instance, :local_mode, :db_name
     def initialize(opts = {})
       @user = opts[:user]
       @password = opts[:password] || opts[:pass]
@@ -46,6 +46,7 @@ module Inspec::Resources
         end
       end
       @instance = opts[:instance]
+      @db_name = opts[:db_name]
 
       # check if sqlcmd is available
       raise Inspec::Exceptions::ResourceSkipped, 'sqlcmd is missing' unless inspec.command('sqlcmd').exist?
@@ -53,11 +54,12 @@ module Inspec::Resources
       raise Inspec::Exceptions::ResourceSkipped, "Can't connect to the MS SQL Server." unless test_connection
     end
 
-    def query(q)
+    def query(q) # rubocop:disable Metrics/PerceivedComplexity
       escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
       # surpress 'x rows affected' in SQLCMD with 'set nocount on;'
       cmd_string = "sqlcmd -Q \"set nocount on; #{escaped_query}\" -W -w 1024 -s ','"
       cmd_string += " -U '#{@user}' -P '#{@password}'" unless @user.nil? || @password.nil?
+      cmd_string += " -d '#{@db_name}'" unless @db_name.nil?
       unless local_mode?
         if @port.nil?
           cmd_string += " -S '#{@host}"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 2.2.102
+  version: 2.2.112
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-09-17 00:00:00.000000000 Z
+date: 2018-09-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train-core
@@ -482,9 +482,6 @@ files:
 - examples/profile/libraries/gordon_config.rb
 - inspec-core.gemspec
 - lib/bundles/README.md
-- lib/bundles/inspec-artifact.rb
-- lib/bundles/inspec-artifact/README.md
-- lib/bundles/inspec-artifact/cli.rb
 - lib/bundles/inspec-compliance.rb
 - lib/bundles/inspec-compliance/.kitchen.yml
 - lib/bundles/inspec-compliance/README.md
@@ -498,18 +495,6 @@ files:
 - lib/bundles/inspec-compliance/support.rb
 - lib/bundles/inspec-compliance/target.rb
 - lib/bundles/inspec-compliance/test/integration/default/cli.rb
-- lib/bundles/inspec-habitat.rb
-- lib/bundles/inspec-habitat/cli.rb
-- lib/bundles/inspec-habitat/log.rb
-- lib/bundles/inspec-habitat/profile.rb
-- lib/bundles/inspec-init.rb
-- lib/bundles/inspec-init/README.md
-- lib/bundles/inspec-init/cli.rb
-- lib/bundles/inspec-init/renderer.rb
-- lib/bundles/inspec-init/templates/profile/README.md
-- lib/bundles/inspec-init/templates/profile/controls/example.rb
-- lib/bundles/inspec-init/templates/profile/inspec.yml
-- lib/bundles/inspec-init/templates/profile/libraries/.gitkeep
 - lib/bundles/inspec-supermarket.rb
 - lib/bundles/inspec-supermarket/README.md
 - lib/bundles/inspec-supermarket/api.rb
@@ -611,6 +596,25 @@ files:
 - lib/inspec/source_reader.rb
 - lib/inspec/version.rb
 - lib/matchers/matchers.rb
+- lib/plugins/README.md
+- lib/plugins/inspec-artifact/lib/inspec-artifact.rb
+- lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb
+- lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb
+- lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb
+- lib/plugins/inspec-habitat/lib/inspec-habitat.rb
+- lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb
+- lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb
+- lib/plugins/inspec-habitat/test/unit/profile_test.rb
+- lib/plugins/inspec-init/README.md
+- lib/plugins/inspec-init/lib/inspec-init.rb
+- lib/plugins/inspec-init/lib/inspec-init/cli.rb
+- lib/plugins/inspec-init/lib/inspec-init/renderer.rb
+- lib/plugins/inspec-init/lib/inspec-init/templates/profile/README.md
+- lib/plugins/inspec-init/lib/inspec-init/templates/profile/controls/example.rb
+- lib/plugins/inspec-init/lib/inspec-init/templates/profile/inspec.yml
+- lib/plugins/inspec-init/lib/inspec-init/templates/profile/libraries/.gitkeep
+- lib/plugins/inspec-init/test/functional/inspec_init_test.rb
+- lib/plugins/shared/core_plugin_test_helper.rb
 - lib/resources/aide_conf.rb
 - lib/resources/apache.rb
 - lib/resources/apache_conf.rb

data/lib/bundles/inspec-artifact/README.md

@@ -1 +0,0 @@
-# TODO

data/lib/bundles/inspec-artifact/cli.rb

@@ -1,278 +0,0 @@
-# encoding: utf-8
-# frozen_string_literal: true
-require 'base64'
-require 'openssl'
-require 'pathname'
-require 'set'
-require 'tempfile'
-require 'yaml'
-require 'inspec/base_cli'
-
-# Notes:
-#
-# Generate keys
-#   The initial implementation uses 2048 bit RSA key pairs (public + private).
-#   Public keys must be available for a customer to install and verify an artifact.
-#   Private keys should be stored in a secure location and NOT be distributed.
-#     (They're only for creating artifacts).
-#
-#
-# .IAF file format
-#   .iaf = "Inspec Artifact File", easy to rename if you'd like something more appropriate.
-#   The iaf file wraps a binary artifact with some metadata. The first implementation
-#   looks like this:
-#
-# INSPEC-PROFILE-1
-# name_of_signing_key
-# algorithm
-# signature
-# <empty line>
-# binary-blob
-# <eof>
-#
-# Let's look at each line:
-# INSPEC-PROFILE-1:
-#   This is the artifact version descriptor. It should't change unless the
-#   format of the archive changes.
-#
-# name_of_signing_key
-#   The name of the public key that can be used to verify an artifact
-#
-# algorithm
-#   The digest used to sign, I picked SHA512 to start with.
-#   If we support multiple digests, we'll need to have the verify() method
-#   support each digest.
-#
-# signature
-#   The result of passing the binary artifact through the digest algorithm above.
-#   Result is base64 encoded.
-#
-# <empty line>
-#   We use an empty line to separate artifact header from artifact body (binary blob).
-#   The artifact body can be anything you like.
-#
-# binary-blob
-#   A binary blob, most likely a .tar.gz or tar.xz file. We'll need to pick one and
-#   stick with it as part of the "INSPEC-PROFILE-1" artifact version. If we change block
-#   format, the artifact version descriptor must be incremented, and the sign()
-#   and verify() methods must be updated to support a newer version.
-#
-#
-# Key revocation
-#   This implementation doesn't support key revocation. However, a customer
-#   can remove the public cert file before installation, and artifacts will then
-#   fail verification.
-#
-# Key locations
-#   This implementation uses the current working directory to find public and
-#   private keys. We should establish a common key directory (similar to /hab/cache/keys
-#   or ~/.hab/cache/keys in Habitat).
-#
-# Extracting artifacts outside of Inspec
-#   As in Habitat, the artifact format for Inspec allows the use of common
-#   Unix tools to read the header and body of an artifact.
-# To extract the header from a .iaf:
-#        sed '/^$/q' foo.iaf
-# To extract the raw content from a .iaf:
-#        sed '1,/^$/d' foo.iaf
-
-module Artifact
-  KEY_BITS=2048
-  KEY_ALG=OpenSSL::PKey::RSA
-
-  INSPEC_PROFILE_VERSION_1='INSPEC-PROFILE-1'
-  INSPEC_REPORT_VERSION_1='INSPEC-REPORT-1'
-
-  ARTIFACT_DIGEST=OpenSSL::Digest::SHA512
-  ARTIFACT_DIGEST_NAME='SHA512'
-
-  VALID_PROFILE_VERSIONS=Set.new [INSPEC_PROFILE_VERSION_1]
-  VALID_PROFILE_DIGESTS=Set.new [ARTIFACT_DIGEST_NAME]
-
-  SIGNED_PROFILE_SUFFIX='iaf'
-  SIGNED_REPORT_SUFFIX='iar'
-  class CLI < Inspec::BaseCLI
-    namespace 'artifact'
-
-    # TODO: find another solution, once https://github.com/erikhuda/thor/issues/261 is fixed
-    def self.banner(command, _namespace = nil, _subcommand = false)
-      "#{basename} #{subcommand_prefix} #{command.usage}"
-    end
-
-    def self.subcommand_prefix
-      namespace
-    end
-
-    desc 'generate', 'Generate a RSA key pair for signing and verification'
-    option :keyname, type: :string, required: true,
-      desc: 'Desriptive name of key'
-    option :keydir, type: :string, default: './',
-      desc: 'Directory to search for keys'
-    def generate_keys
-      puts 'Generating keys'
-      keygen
-    end
-
-    desc 'sign-profile', 'Create a signed .iaf artifact'
-    option :profile, type: :string, required: true,
-      desc: 'Path to profile directory'
-    option :keyname, type: :string, required: true,
-      desc: 'Desriptive name of key'
-    def sign_profile
-      profile_sign
-    end
-
-    desc 'verify-profile', 'Verify a signed .iaf artifact'
-    option :infile, type: :string, required: true,
-        desc: '.iaf file to verify'
-    def verify_profile
-      profile_verify
-    end
-
-    desc 'install-profile', 'Verify and install a signed .iaf artifact'
-    option :infile, type: :string, required: true,
-        desc: '.iaf file to install'
-    option :destdir, type: :string, required: true,
-      desc: 'Installation directory'
-    def install_profile
-      profile_install
-    end
-
-    private
-
-    def keygen
-      key = KEY_ALG.new KEY_BITS
-      puts 'Generating private key'
-      open "#{options['keyname']}.pem.key", 'w' do |io| io.write key.to_pem end
-      puts 'Generating public key'
-      open "#{options['keyname']}.pem.pub", 'w' do |io| io.write key.public_key.to_pem end
-    end
-
-    def read_profile_metadata(path_to_profile)
-      begin
-        p = Pathname.new(path_to_profile)
-        p = p.join('inspec.yml')
-        if not p.exist?
-          raise "#{path_to_profile} doesn't appear to be a valid Inspec profile"
-        end
-        yaml = YAML.load_file(p.to_s)
-        yaml = yaml.to_hash
-
-        if not yaml.key? 'name'
-          raise 'Profile is invalid, name is not defined'
-        end
-
-        if not yaml.key? 'version'
-          raise 'Profile is invalid, version is not defined'
-        end
-      rescue => e
-        # rewrap it and pass it up to the CLI
-        raise "Error reading Inspec profile metadata: #{e}"
-      end
-
-      yaml
-    end
-
-    def profile_compress(path_to_profile, profile_md, workdir)
-      profile_name = profile_md['name']
-      profile_version = profile_md['version']
-      outfile_name = "#{workdir}/#{profile_name}-#{profile_version}.tar.gz"
-      `tar czf #{outfile_name} -C #{path_to_profile} .`
-      outfile_name
-    end
-
-    def profile_sign
-      Dir.mktmpdir do |workdir|
-        puts "Signing #{options['profile']} with key #{options['keyname']}"
-        path_to_profile = options['profile']
-        profile_md = read_profile_metadata(path_to_profile)
-        artifact_filename = "#{profile_md['name']}-#{profile_md['version']}.#{SIGNED_PROFILE_SUFFIX}"
-        tarfile = profile_compress(path_to_profile, profile_md, workdir)
-        content = IO.binread(tarfile)
-        signing_key = KEY_ALG.new File.read "#{options['keyname']}.pem.key"
-        sha = ARTIFACT_DIGEST.new
-        signature = signing_key.sign sha, content
-        # convert the signature to Base64
-        signature_base64 = Base64.encode64(signature)
-        tar_content = IO.binread(tarfile)
-        File.open(artifact_filename, 'wb') do |f|
-          f.puts(INSPEC_PROFILE_VERSION_1)
-          f.puts(options['keyname'])
-          f.puts(ARTIFACT_DIGEST_NAME)
-          f.puts(signature_base64)
-          f.puts('') # newline separates artifact header with body
-          f.write(tar_content)
-        end
-        puts "Successfully generated #{artifact_filename}"
-      end
-    end
-
-    def valid_header?(file_alg, file_version, file_keyname)
-      public_keyfile = "#{file_keyname}.pem.pub"
-      puts "Looking for #{public_keyfile} to verify artifact"
-      if !File.exist? public_keyfile
-        raise "Can't find #{public_keyfile}"
-      end
-
-      raise 'Invalid artifact digest algorithm detected' if !VALID_PROFILE_DIGESTS.member?(file_alg)
-      raise 'Invalid artifact version detected' if !VALID_PROFILE_VERSIONS.member?(file_version)
-    end
-
-    def verify(file_to_verifiy, &content_block)
-      f = File.open(file_to_verifiy, 'r')
-      file_version = f.readline.strip!
-      file_keyname = f.readline.strip!
-      file_alg = f.readline.strip!
-
-      file_sig = ''
-      # the signature is multi-line
-      while (line = f.readline) != "\n"
-        file_sig += line
-      end
-      file_sig.strip!
-      f.close
-
-      valid_header?(file_alg, file_version, file_keyname)
-
-      public_keyfile = "#{file_keyname}.pem.pub"
-      verification_key = KEY_ALG.new File.read public_keyfile
-
-      f = File.open(file_to_verifiy, 'r')
-      while f.readline != "\n" do end
-      content = f.read
-
-      signature = Base64.decode64(file_sig)
-      digest = ARTIFACT_DIGEST.new
-      if verification_key.verify digest, signature, content
-        content_block.yield(content)
-      else
-        puts 'Artifact is invalid'
-      end
-    end
-
-    def profile_verify
-      file_to_verifiy = options['infile']
-      puts "Verifying #{file_to_verifiy}"
-      verify(file_to_verifiy) do ||
-        puts 'Artifact is valid'
-      end
-    end
-
-    def profile_install
-      puts 'Installing profile'
-      file_to_verifiy = options['infile']
-      dest_dir = options['destdir']
-      verify(file_to_verifiy) do |content|
-        Dir.mktmpdir do |workdir|
-          tmpfile = Pathname.new(workdir).join('artifact_to_install.tar.gz')
-          File.write(tmpfile, content)
-          puts "Installing to #{dest_dir}"
-          `tar xzf #{tmpfile} -C #{dest_dir}`
-        end
-      end
-    end
-  end
-
-  # register the subcommand to Inspec CLI registry
-  Inspec::Plugins::CLI.add_subcommand(Artifact::CLI, 'artifact', 'artifact SUBCOMMAND ...', 'Sign, verify and install artifacts', {})
-end

data/lib/bundles/inspec-artifact.rb

@@ -1,7 +0,0 @@
-# encoding: utf-8
-# author: Dave Parfitt
-
-libdir = File.dirname(__FILE__)
-$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
-
-require 'inspec-artifact/cli'

data/lib/bundles/inspec-habitat/cli.rb

@@ -1,37 +0,0 @@
-# encoding: utf-8
-# author: Adam Leff
-
-require 'thor'
-require 'inspec/base_cli'
-
-module Habitat
-  class HabitatProfileCLI < Thor
-    namespace 'habitat profile'
-
-    desc 'create PATH', 'Create a one-time Habitat artifact for the profile found at PATH'
-    option :output_dir, type: :string, required: false,
-      desc: 'Directory in which to save the generated Habitat artifact. Default: current directory'
-    def create(path)
-      Habitat::Profile.create(path, options)
-    end
-
-    desc 'setup PATH', 'Configure the profile at PATH for Habitat, including a plan and hooks'
-    def setup(path)
-      Habitat::Profile.setup(path)
-    end
-
-    desc 'upload PATH', 'Create a one-time Habitat artifact for the profile found at PATH, and upload it to a Habitat Depot'
-    def upload(path)
-      Habitat::Profile.upload(path, options)
-    end
-  end
-
-  class HabitatCLI < Inspec::BaseCLI
-    namespace 'habitat'
-
-    desc 'profile', 'Manage InSpec profiles as Habitat artifacts'
-    subcommand 'profile', HabitatProfileCLI
-  end
-
-  Inspec::Plugins::CLI.add_subcommand(HabitatCLI, 'habitat', 'habitat SUBCOMMAND ...', 'Commands for InSpec + Habitat Integration', {})
-end

data/lib/bundles/inspec-habitat/log.rb

@@ -1,10 +0,0 @@
-# encoding: utf-8
-# author: Adam Leff
-
-require 'mixlib/log'
-
-module Habitat
-  class Log
-    extend Mixlib::Log
-  end
-end