inspec-core 2.2.78 → 2.2.101

data/lib/inspec/profile.rb

@@ -5,6 +5,7 @@
 
 require 'forwardable'
 require 'openssl'
+require 'inspec/attribute_registry'
 require 'inspec/polyfill'
 require 'inspec/cached_fetcher'
 require 'inspec/file_provider'
@@ -55,7 +56,7 @@ module Inspec
       file_provider = FileProvider.for_path(path)
       rp = file_provider.relative_provider
 
-      # copy embedded dependecies into global cache
+      # copy embedded dependencies into global cache
       copy_deps_into_cache(rp, opts) unless opts[:vendor_cache].nil?
 
       reader = Inspec::SourceReader.resolve(rp)
@@ -79,7 +80,7 @@ module Inspec
     end
 
     attr_reader :source_reader, :backend, :runner_context, :check_mode
-    attr_accessor :parent_profile
+    attr_accessor :parent_profile, :profile_name
     def_delegator :@source_reader, :tests
     def_delegator :@source_reader, :libraries
     def_delegator :@source_reader, :metadata
@@ -93,11 +94,13 @@ module Inspec
       @controls = options[:controls] || []
       @writable = options[:writable] || false
       @profile_id = options[:id]
+      @profile_name = options[:profile_name]
       @cache = options[:vendor_cache] || Cache.new
       @attr_values = options[:attributes]
       @tests_collected = false
       @libraries_loaded = false
       @check_mode = options[:check_mode] || false
+      @parent_profile = options[:parent_profile]
       Metadata.finalize(@source_reader.metadata, @profile_id, options)
 
       # if a backend has already been created, clone it so each profile has its own unique backend object
@@ -119,6 +122,17 @@ module Inspec
 
       @supports_platform = metadata.supports_platform?(@backend)
       @supports_runtime = metadata.supports_runtime?
+      register_metadata_attributes
+    end
+
+    def register_metadata_attributes
+      if metadata.params.key?(:attributes)
+        metadata.params[:attributes].each do |attribute|
+          attr_dup = attribute.dup
+          name = attr_dup.delete(:name)
+          @runner_context.register_attribute(name, attr_dup)
+        end
+      end
     end
 
     def name
@@ -229,7 +243,7 @@ module Inspec
       info(load_params.dup)
     end
 
-    def info(res = params.dup) # rubocop:disable Metrics/CyclomaticComplexity
+    def info(res = params.dup) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
       # add information about the controls
       res[:controls] = res[:controls].map do |id, rule|
         next if id.to_s.empty?
@@ -239,6 +253,16 @@ module Inspec
         data[:impact] = 1.0 if data[:impact] > 1.0
         data[:impact] = 0.0 if data[:impact] < 0.0
         data[:id] = id
+
+        # if the code field is empty try and pull info from dependencies
+        if data[:code].empty? && parent_profile.nil?
+          locked_dependencies.dep_list.each do |_name, dep|
+            profile = dep.profile
+            code = Inspec::MethodSource.code_at(data[:source_location], profile.source_reader)
+            data[:code] = code unless code.nil? || code.empty?
+            break if !data[:code].empty?
+          end
+        end
         data
       end.compact
 
@@ -249,7 +273,12 @@ module Inspec
       end
 
       # add information about the required attributes
-      res[:attributes] = res[:attributes].map(&:to_hash) unless res[:attributes].nil? || res[:attributes].empty?
+      if res[:attributes].nil? || res[:attributes].empty?
+        # convert to array for backwords compatability
+        res[:attributes] = []
+      else
+        res[:attributes] = res[:attributes].values.map(&:to_hash)
+      end
       res[:sha256] = sha256
       res[:parent_profile] = parent_profile unless parent_profile.nil?
 

data/lib/inspec/profile_context.rb

@@ -18,7 +18,7 @@ module Inspec
                                    'check_mode' => profile.check_mode })
     end
 
-    attr_reader :attributes, :profile_id, :resource_registry, :backend
+    attr_reader :attributes, :backend, :profile_name, :profile_id, :resource_registry
     attr_accessor :rules
     def initialize(profile_id, backend, conf)
       if backend.nil?
@@ -28,12 +28,14 @@ module Inspec
       @profile_id = profile_id
       @backend = backend
       @conf = conf.dup
+      @profile_name = @conf['profile'].profile_name || @profile_id if @conf['profile']
       @skip_only_if_eval = @conf['check_mode']
       @rules = {}
       @control_subcontexts = []
       @lib_subcontexts = []
       @require_loader = ::Inspec::RequireLoader.new
-      @attributes = []
+      Inspec::AttributeRegistry.register_profile_alias(@profile_id, @profile_name) if @profile_id != @profile_name
+      @attributes = Inspec::AttributeRegistry.list_attributes_for_profile(@profile_id)
       # A local resource registry that only contains resources defined
       # in the transitive dependency tree of the loaded profile.
       @resource_registry = Inspec::Resource.new_registry
@@ -187,11 +189,9 @@ module Inspec
 
     def register_attribute(name, options = {})
       # we need to return an attribute object, to allow dermination of default values
-      attr = Attribute.new(name, options)
-      # read value from given gived values
-      attr.value = @conf['attributes'][attr.name] unless @conf['attributes'].nil?
-      @attributes.push(attr)
-      attr.value
+      attribute = Inspec::AttributeRegistry.register_attribute(name, @profile_id, options)
+      attribute.value = @conf['attributes'][name] unless @conf['attributes'].nil? || @conf['attributes'][name].nil?
+      attribute.value
     end
 
     def set_header(field, val)

data/lib/inspec/profile_vendor.rb

@@ -8,7 +8,7 @@ module Inspec
     attr_reader :profile_path
 
     def initialize(path)
-      @profile_path = Pathname.new(path)
+      @profile_path = Pathname.new(File.expand_path(path))
     end
 
     def vendor!
@@ -56,11 +56,31 @@ module Inspec
     def vendor_dependencies
       delete_vendored_data
       File.write(lockfile, profile.generate_lockfile.to_yaml)
+      extract_archives
     end
 
     def delete_vendored_data
       FileUtils.rm_rf(cache_path) if cache_path.exist?
       File.delete(lockfile) if lockfile.exist?
     end
+
+    def extract_archives
+      Dir.glob(File.join(cache_path, '*')).each do |filepath|
+        # Get SHA without extension
+        # We use split since '.' is not valid in a SHA checksum
+        destination_dir_name = File.basename(filepath).split('.')[0]
+        destination_path = File.join(cache_path, destination_dir_name)
+
+        provider = FileProvider.for_path(filepath)
+
+        next unless provider.is_a?(ZipProvider) || provider.is_a?(TarProvider)
+
+        Inspec::Log.debug("Extracting '#{filepath}' to '#{destination_path}'")
+        provider.extract(destination_path)
+
+        Inspec::Log.debug("Deleting archive '#{filepath}'")
+        File.delete(filepath)
+      end
+    end
   end
 end

data/lib/inspec/reporters/automate.rb

@@ -53,8 +53,13 @@ module Inspec::Reporters
           http.verify_mode = OpenSSL::SSL::VERIFY_NONE
         end
 
-        http.request(req)
-        return true
+        res = http.request(req)
+        if res.is_a?(Net::HTTPSuccess)
+          return true
+        else
+          Inspec::Log.error "send_report: POST to #{uri.path} returned: #{res.body}"
+          return false
+        end
       rescue => e
         Inspec::Log.error "send_report: POST to #{uri.path} returned: #{e.message}"
         return false

data/lib/inspec/reporters/cli.rb

@@ -63,9 +63,17 @@ module Inspec::Reporters
     private
 
     def print_profile_header(profile)
-      output("Profile: #{format_profile_name(profile)}")
-      output("Version: #{profile[:version] || '(not specified)'}")
-      output("Target:  #{run_data[:platform][:target]}") unless run_data[:platform][:target].nil?
+      header = {
+        'Profile' => format_profile_name(profile),
+        'Version' => profile[:version] || '(not specified)',
+      }
+      header['Target'] = run_data[:platform][:target] unless run_data[:platform][:target].nil?
+      header['Target ID'] = @config['target_id'] unless @config['target_id'].nil?
+
+      pad = header.keys.max_by(&:length).length + 1
+      header.each do |title, value|
+        output(format("%-#{pad}s %s", title + ':', value))
+      end
       output('')
     end
 
@@ -141,7 +149,7 @@ module Inspec::Reporters
 
       message_to_format = ''
       message_to_format += "#{INDICATORS[indicator]}  " unless indicator.nil?
-      message_to_format += message.to_s.lstrip
+      message_to_format += message.to_s.lstrip.force_encoding(Encoding::UTF_8)
 
       format_with_color(color, indent_lines(message_to_format, indentation))
     end

data/lib/inspec/reporters/json.rb

@@ -22,10 +22,12 @@ module Inspec::Reporters
     private
 
     def platform
-      {
+      platform = {
         name: run_data[:platform][:name],
         release: run_data[:platform][:release],
       }
+      platform[:target_id] = @config['target_id'] if @config['target_id']
+      platform
     end
 
     def profile_results(control)

data/lib/inspec/rspec_extensions.rb

@@ -0,0 +1,12 @@
+require 'inspec/attribute_registry'
+require 'rspec/core/example_group'
+
+# This file allows you to add ExampleGroups to be used in rspec tests
+#
+class RSpec::Core::ExampleGroup
+  # This DSL method allows us to access the values of attributes within InSpec tests
+  def attribute(name)
+    Inspec::AttributeRegistry.find_attribute(name, self.class.metadata[:profile_id]).value
+  end
+  define_example_method :attribute
+end

data/lib/inspec/rule.rb

@@ -75,7 +75,12 @@ module Inspec
     end
 
     def impact(v = nil)
-      @impact = v unless v.nil?
+      if v.is_a?(String)
+        @impact = Inspec::Impact.impact_from_string(v)
+      elsif !v.nil?
+        @impact = v
+      end
+
       @impact
     end
 

data/lib/inspec/runner.rb

@@ -52,7 +52,7 @@ module Inspec
       end
 
       # list of profile attributes
-      @attributes = []
+      @attributes = {}
 
       load_attributes(@conf)
       configure_transport
@@ -88,7 +88,7 @@ module Inspec
           @test_collector.add_profile(requirement.profile)
         end
 
-        @attributes |= profile.runner_context.attributes
+        @attributes = profile.runner_context.attributes if @attributes.empty?
         all_controls += profile.collect_tests
       end
 

data/lib/inspec/schema.rb

@@ -42,6 +42,7 @@ module Inspec
       'properties' => {
         'name' => { 'type' => 'string' },
         'release' => { 'type' => 'string' },
+        'target_id' => { 'type' => 'string', 'optional' => true },
       },
     }.freeze
 
@@ -200,9 +201,17 @@ module Inspec
       },
     }.freeze
 
+    # using a proc here so we can lazy load it when we need
+    PLATFORMS = lambda do
+      require 'train'
+      Train.create('mock').connection
+      Train::Platforms.export
+    end
+
     LIST = {
       'exec-json' => EXEC_JSON,
       'exec-jsonmin' => EXEC_JSONMIN,
+      'platforms' => PLATFORMS,
     }.freeze
 
     def self.names
@@ -210,8 +219,13 @@ module Inspec
     end
 
     def self.json(name)
-      v = LIST[name] ||
-          raise("Cannot find schema #{name.inspect}.")
+      if !LIST.key?(name)
+        raise("Cannot find schema #{name.inspect}.")
+      elsif LIST[name].is_a?(Proc)
+        v = LIST[name].call
+      else
+        v = LIST[name]
+      end
       JSON.dump(v)
     end
   end

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '2.2.78'
+  VERSION = '2.2.101'
 end

data/lib/resources/mysql_session.rb

@@ -72,6 +72,7 @@ module Inspec::Resources
 
     def init_fallback
       # support debian mysql administration login
+      return if inspec.platform.in_family?('windows')
       debian = inspec.command('test -f /etc/mysql/debian.cnf && cat /etc/mysql/debian.cnf').stdout
       return if debian.empty?
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 2.2.78
+  version: 2.2.101
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-30 00:00:00.000000000 Z
+date: 2018-09-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train-core
@@ -19,7 +19,7 @@ dependencies:
         version: '1.4'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.4.35
+        version: 1.4.37
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '1.4'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.4.35
+        version: 1.4.37
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -274,6 +274,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: multipart-post
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Core InSpec, local support only. See `inspec` for full support.
 email:
 - dominik.richter@gmail.com
@@ -508,6 +522,7 @@ files:
 - lib/inspec.rb
 - lib/inspec/archive/tar.rb
 - lib/inspec/archive/zip.rb
+- lib/inspec/attribute_registry.rb
 - lib/inspec/backend.rb
 - lib/inspec/base_cli.rb
 - lib/inspec/cached_fetcher.rb
@@ -534,6 +549,8 @@ files:
 - lib/inspec/formatters/base.rb
 - lib/inspec/formatters/json_rspec.rb
 - lib/inspec/formatters/show_progress.rb
+- lib/inspec/globals.rb
+- lib/inspec/impact.rb
 - lib/inspec/library_eval_context.rb
 - lib/inspec/log.rb
 - lib/inspec/metadata.rb
@@ -580,6 +597,7 @@ files:
 - lib/inspec/reporters/yaml.rb
 - lib/inspec/require_loader.rb
 - lib/inspec/resource.rb
+- lib/inspec/rspec_extensions.rb
 - lib/inspec/rule.rb
 - lib/inspec/runner.rb
 - lib/inspec/runner_mock.rb