inspec-core 2.2.78 → 2.2.101
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +44 -14
- data/docs/profiles.md +106 -8
- data/examples/inheritance/inspec.yml +2 -1
- data/examples/profile/controls/gordon.rb +1 -1
- data/examples/profile/controls/meta.rb +2 -0
- data/examples/profile/inspec.yml +2 -1
- data/inspec-core.gemspec +2 -1
- data/lib/bundles/inspec-compliance/cli.rb +13 -1
- data/lib/bundles/inspec-compliance/http.rb +9 -18
- data/lib/bundles/inspec-compliance/target.rb +3 -3
- data/lib/fetchers/local.rb +60 -17
- data/lib/inspec.rb +4 -0
- data/lib/inspec/attribute_registry.rb +83 -0
- data/lib/inspec/base_cli.rb +10 -1
- data/lib/inspec/cli.rb +12 -1
- data/lib/inspec/control_eval_context.rb +13 -4
- data/lib/inspec/dependencies/cache.rb +1 -1
- data/lib/inspec/dependencies/dependency_set.rb +1 -1
- data/lib/inspec/dependencies/requirement.rb +2 -1
- data/lib/inspec/errors.rb +27 -0
- data/lib/inspec/file_provider.rb +38 -1
- data/lib/inspec/globals.rb +5 -0
- data/lib/inspec/impact.rb +34 -0
- data/lib/inspec/objects/attribute.rb +92 -7
- data/lib/inspec/profile.rb +33 -4
- data/lib/inspec/profile_context.rb +7 -7
- data/lib/inspec/profile_vendor.rb +21 -1
- data/lib/inspec/reporters/automate.rb +7 -2
- data/lib/inspec/reporters/cli.rb +12 -4
- data/lib/inspec/reporters/json.rb +3 -1
- data/lib/inspec/rspec_extensions.rb +12 -0
- data/lib/inspec/rule.rb +6 -1
- data/lib/inspec/runner.rb +2 -2
- data/lib/inspec/schema.rb +16 -2
- data/lib/inspec/version.rb +1 -1
- data/lib/resources/mysql_session.rb +1 -0
- metadata +22 -4
data/lib/inspec/profile.rb
CHANGED
@@ -5,6 +5,7 @@
|
|
5
5
|
|
6
6
|
require 'forwardable'
|
7
7
|
require 'openssl'
|
8
|
+
require 'inspec/attribute_registry'
|
8
9
|
require 'inspec/polyfill'
|
9
10
|
require 'inspec/cached_fetcher'
|
10
11
|
require 'inspec/file_provider'
|
@@ -55,7 +56,7 @@ module Inspec
|
|
55
56
|
file_provider = FileProvider.for_path(path)
|
56
57
|
rp = file_provider.relative_provider
|
57
58
|
|
58
|
-
# copy embedded
|
59
|
+
# copy embedded dependencies into global cache
|
59
60
|
copy_deps_into_cache(rp, opts) unless opts[:vendor_cache].nil?
|
60
61
|
|
61
62
|
reader = Inspec::SourceReader.resolve(rp)
|
@@ -79,7 +80,7 @@ module Inspec
|
|
79
80
|
end
|
80
81
|
|
81
82
|
attr_reader :source_reader, :backend, :runner_context, :check_mode
|
82
|
-
attr_accessor :parent_profile
|
83
|
+
attr_accessor :parent_profile, :profile_name
|
83
84
|
def_delegator :@source_reader, :tests
|
84
85
|
def_delegator :@source_reader, :libraries
|
85
86
|
def_delegator :@source_reader, :metadata
|
@@ -93,11 +94,13 @@ module Inspec
|
|
93
94
|
@controls = options[:controls] || []
|
94
95
|
@writable = options[:writable] || false
|
95
96
|
@profile_id = options[:id]
|
97
|
+
@profile_name = options[:profile_name]
|
96
98
|
@cache = options[:vendor_cache] || Cache.new
|
97
99
|
@attr_values = options[:attributes]
|
98
100
|
@tests_collected = false
|
99
101
|
@libraries_loaded = false
|
100
102
|
@check_mode = options[:check_mode] || false
|
103
|
+
@parent_profile = options[:parent_profile]
|
101
104
|
Metadata.finalize(@source_reader.metadata, @profile_id, options)
|
102
105
|
|
103
106
|
# if a backend has already been created, clone it so each profile has its own unique backend object
|
@@ -119,6 +122,17 @@ module Inspec
|
|
119
122
|
|
120
123
|
@supports_platform = metadata.supports_platform?(@backend)
|
121
124
|
@supports_runtime = metadata.supports_runtime?
|
125
|
+
register_metadata_attributes
|
126
|
+
end
|
127
|
+
|
128
|
+
def register_metadata_attributes
|
129
|
+
if metadata.params.key?(:attributes)
|
130
|
+
metadata.params[:attributes].each do |attribute|
|
131
|
+
attr_dup = attribute.dup
|
132
|
+
name = attr_dup.delete(:name)
|
133
|
+
@runner_context.register_attribute(name, attr_dup)
|
134
|
+
end
|
135
|
+
end
|
122
136
|
end
|
123
137
|
|
124
138
|
def name
|
@@ -229,7 +243,7 @@ module Inspec
|
|
229
243
|
info(load_params.dup)
|
230
244
|
end
|
231
245
|
|
232
|
-
def info(res = params.dup) # rubocop:disable Metrics/CyclomaticComplexity
|
246
|
+
def info(res = params.dup) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
233
247
|
# add information about the controls
|
234
248
|
res[:controls] = res[:controls].map do |id, rule|
|
235
249
|
next if id.to_s.empty?
|
@@ -239,6 +253,16 @@ module Inspec
|
|
239
253
|
data[:impact] = 1.0 if data[:impact] > 1.0
|
240
254
|
data[:impact] = 0.0 if data[:impact] < 0.0
|
241
255
|
data[:id] = id
|
256
|
+
|
257
|
+
# if the code field is empty try and pull info from dependencies
|
258
|
+
if data[:code].empty? && parent_profile.nil?
|
259
|
+
locked_dependencies.dep_list.each do |_name, dep|
|
260
|
+
profile = dep.profile
|
261
|
+
code = Inspec::MethodSource.code_at(data[:source_location], profile.source_reader)
|
262
|
+
data[:code] = code unless code.nil? || code.empty?
|
263
|
+
break if !data[:code].empty?
|
264
|
+
end
|
265
|
+
end
|
242
266
|
data
|
243
267
|
end.compact
|
244
268
|
|
@@ -249,7 +273,12 @@ module Inspec
|
|
249
273
|
end
|
250
274
|
|
251
275
|
# add information about the required attributes
|
252
|
-
|
276
|
+
if res[:attributes].nil? || res[:attributes].empty?
|
277
|
+
# convert to array for backwords compatability
|
278
|
+
res[:attributes] = []
|
279
|
+
else
|
280
|
+
res[:attributes] = res[:attributes].values.map(&:to_hash)
|
281
|
+
end
|
253
282
|
res[:sha256] = sha256
|
254
283
|
res[:parent_profile] = parent_profile unless parent_profile.nil?
|
255
284
|
|
@@ -18,7 +18,7 @@ module Inspec
|
|
18
18
|
'check_mode' => profile.check_mode })
|
19
19
|
end
|
20
20
|
|
21
|
-
attr_reader :attributes, :
|
21
|
+
attr_reader :attributes, :backend, :profile_name, :profile_id, :resource_registry
|
22
22
|
attr_accessor :rules
|
23
23
|
def initialize(profile_id, backend, conf)
|
24
24
|
if backend.nil?
|
@@ -28,12 +28,14 @@ module Inspec
|
|
28
28
|
@profile_id = profile_id
|
29
29
|
@backend = backend
|
30
30
|
@conf = conf.dup
|
31
|
+
@profile_name = @conf['profile'].profile_name || @profile_id if @conf['profile']
|
31
32
|
@skip_only_if_eval = @conf['check_mode']
|
32
33
|
@rules = {}
|
33
34
|
@control_subcontexts = []
|
34
35
|
@lib_subcontexts = []
|
35
36
|
@require_loader = ::Inspec::RequireLoader.new
|
36
|
-
@
|
37
|
+
Inspec::AttributeRegistry.register_profile_alias(@profile_id, @profile_name) if @profile_id != @profile_name
|
38
|
+
@attributes = Inspec::AttributeRegistry.list_attributes_for_profile(@profile_id)
|
37
39
|
# A local resource registry that only contains resources defined
|
38
40
|
# in the transitive dependency tree of the loaded profile.
|
39
41
|
@resource_registry = Inspec::Resource.new_registry
|
@@ -187,11 +189,9 @@ module Inspec
|
|
187
189
|
|
188
190
|
def register_attribute(name, options = {})
|
189
191
|
# we need to return an attribute object, to allow dermination of default values
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
@attributes.push(attr)
|
194
|
-
attr.value
|
192
|
+
attribute = Inspec::AttributeRegistry.register_attribute(name, @profile_id, options)
|
193
|
+
attribute.value = @conf['attributes'][name] unless @conf['attributes'].nil? || @conf['attributes'][name].nil?
|
194
|
+
attribute.value
|
195
195
|
end
|
196
196
|
|
197
197
|
def set_header(field, val)
|
@@ -8,7 +8,7 @@ module Inspec
|
|
8
8
|
attr_reader :profile_path
|
9
9
|
|
10
10
|
def initialize(path)
|
11
|
-
@profile_path = Pathname.new(path)
|
11
|
+
@profile_path = Pathname.new(File.expand_path(path))
|
12
12
|
end
|
13
13
|
|
14
14
|
def vendor!
|
@@ -56,11 +56,31 @@ module Inspec
|
|
56
56
|
def vendor_dependencies
|
57
57
|
delete_vendored_data
|
58
58
|
File.write(lockfile, profile.generate_lockfile.to_yaml)
|
59
|
+
extract_archives
|
59
60
|
end
|
60
61
|
|
61
62
|
def delete_vendored_data
|
62
63
|
FileUtils.rm_rf(cache_path) if cache_path.exist?
|
63
64
|
File.delete(lockfile) if lockfile.exist?
|
64
65
|
end
|
66
|
+
|
67
|
+
def extract_archives
|
68
|
+
Dir.glob(File.join(cache_path, '*')).each do |filepath|
|
69
|
+
# Get SHA without extension
|
70
|
+
# We use split since '.' is not valid in a SHA checksum
|
71
|
+
destination_dir_name = File.basename(filepath).split('.')[0]
|
72
|
+
destination_path = File.join(cache_path, destination_dir_name)
|
73
|
+
|
74
|
+
provider = FileProvider.for_path(filepath)
|
75
|
+
|
76
|
+
next unless provider.is_a?(ZipProvider) || provider.is_a?(TarProvider)
|
77
|
+
|
78
|
+
Inspec::Log.debug("Extracting '#{filepath}' to '#{destination_path}'")
|
79
|
+
provider.extract(destination_path)
|
80
|
+
|
81
|
+
Inspec::Log.debug("Deleting archive '#{filepath}'")
|
82
|
+
File.delete(filepath)
|
83
|
+
end
|
84
|
+
end
|
65
85
|
end
|
66
86
|
end
|
@@ -53,8 +53,13 @@ module Inspec::Reporters
|
|
53
53
|
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
54
54
|
end
|
55
55
|
|
56
|
-
http.request(req)
|
57
|
-
|
56
|
+
res = http.request(req)
|
57
|
+
if res.is_a?(Net::HTTPSuccess)
|
58
|
+
return true
|
59
|
+
else
|
60
|
+
Inspec::Log.error "send_report: POST to #{uri.path} returned: #{res.body}"
|
61
|
+
return false
|
62
|
+
end
|
58
63
|
rescue => e
|
59
64
|
Inspec::Log.error "send_report: POST to #{uri.path} returned: #{e.message}"
|
60
65
|
return false
|
data/lib/inspec/reporters/cli.rb
CHANGED
@@ -63,9 +63,17 @@ module Inspec::Reporters
|
|
63
63
|
private
|
64
64
|
|
65
65
|
def print_profile_header(profile)
|
66
|
-
|
67
|
-
|
68
|
-
|
66
|
+
header = {
|
67
|
+
'Profile' => format_profile_name(profile),
|
68
|
+
'Version' => profile[:version] || '(not specified)',
|
69
|
+
}
|
70
|
+
header['Target'] = run_data[:platform][:target] unless run_data[:platform][:target].nil?
|
71
|
+
header['Target ID'] = @config['target_id'] unless @config['target_id'].nil?
|
72
|
+
|
73
|
+
pad = header.keys.max_by(&:length).length + 1
|
74
|
+
header.each do |title, value|
|
75
|
+
output(format("%-#{pad}s %s", title + ':', value))
|
76
|
+
end
|
69
77
|
output('')
|
70
78
|
end
|
71
79
|
|
@@ -141,7 +149,7 @@ module Inspec::Reporters
|
|
141
149
|
|
142
150
|
message_to_format = ''
|
143
151
|
message_to_format += "#{INDICATORS[indicator]} " unless indicator.nil?
|
144
|
-
message_to_format += message.to_s.lstrip
|
152
|
+
message_to_format += message.to_s.lstrip.force_encoding(Encoding::UTF_8)
|
145
153
|
|
146
154
|
format_with_color(color, indent_lines(message_to_format, indentation))
|
147
155
|
end
|
@@ -22,10 +22,12 @@ module Inspec::Reporters
|
|
22
22
|
private
|
23
23
|
|
24
24
|
def platform
|
25
|
-
{
|
25
|
+
platform = {
|
26
26
|
name: run_data[:platform][:name],
|
27
27
|
release: run_data[:platform][:release],
|
28
28
|
}
|
29
|
+
platform[:target_id] = @config['target_id'] if @config['target_id']
|
30
|
+
platform
|
29
31
|
end
|
30
32
|
|
31
33
|
def profile_results(control)
|
@@ -0,0 +1,12 @@
|
|
1
|
+
require 'inspec/attribute_registry'
|
2
|
+
require 'rspec/core/example_group'
|
3
|
+
|
4
|
+
# This file allows you to add ExampleGroups to be used in rspec tests
|
5
|
+
#
|
6
|
+
class RSpec::Core::ExampleGroup
|
7
|
+
# This DSL method allows us to access the values of attributes within InSpec tests
|
8
|
+
def attribute(name)
|
9
|
+
Inspec::AttributeRegistry.find_attribute(name, self.class.metadata[:profile_id]).value
|
10
|
+
end
|
11
|
+
define_example_method :attribute
|
12
|
+
end
|
data/lib/inspec/rule.rb
CHANGED
data/lib/inspec/runner.rb
CHANGED
@@ -52,7 +52,7 @@ module Inspec
|
|
52
52
|
end
|
53
53
|
|
54
54
|
# list of profile attributes
|
55
|
-
@attributes =
|
55
|
+
@attributes = {}
|
56
56
|
|
57
57
|
load_attributes(@conf)
|
58
58
|
configure_transport
|
@@ -88,7 +88,7 @@ module Inspec
|
|
88
88
|
@test_collector.add_profile(requirement.profile)
|
89
89
|
end
|
90
90
|
|
91
|
-
@attributes
|
91
|
+
@attributes = profile.runner_context.attributes if @attributes.empty?
|
92
92
|
all_controls += profile.collect_tests
|
93
93
|
end
|
94
94
|
|
data/lib/inspec/schema.rb
CHANGED
@@ -42,6 +42,7 @@ module Inspec
|
|
42
42
|
'properties' => {
|
43
43
|
'name' => { 'type' => 'string' },
|
44
44
|
'release' => { 'type' => 'string' },
|
45
|
+
'target_id' => { 'type' => 'string', 'optional' => true },
|
45
46
|
},
|
46
47
|
}.freeze
|
47
48
|
|
@@ -200,9 +201,17 @@ module Inspec
|
|
200
201
|
},
|
201
202
|
}.freeze
|
202
203
|
|
204
|
+
# using a proc here so we can lazy load it when we need
|
205
|
+
PLATFORMS = lambda do
|
206
|
+
require 'train'
|
207
|
+
Train.create('mock').connection
|
208
|
+
Train::Platforms.export
|
209
|
+
end
|
210
|
+
|
203
211
|
LIST = {
|
204
212
|
'exec-json' => EXEC_JSON,
|
205
213
|
'exec-jsonmin' => EXEC_JSONMIN,
|
214
|
+
'platforms' => PLATFORMS,
|
206
215
|
}.freeze
|
207
216
|
|
208
217
|
def self.names
|
@@ -210,8 +219,13 @@ module Inspec
|
|
210
219
|
end
|
211
220
|
|
212
221
|
def self.json(name)
|
213
|
-
|
214
|
-
|
222
|
+
if !LIST.key?(name)
|
223
|
+
raise("Cannot find schema #{name.inspect}.")
|
224
|
+
elsif LIST[name].is_a?(Proc)
|
225
|
+
v = LIST[name].call
|
226
|
+
else
|
227
|
+
v = LIST[name]
|
228
|
+
end
|
215
229
|
JSON.dump(v)
|
216
230
|
end
|
217
231
|
end
|
data/lib/inspec/version.rb
CHANGED
@@ -72,6 +72,7 @@ module Inspec::Resources
|
|
72
72
|
|
73
73
|
def init_fallback
|
74
74
|
# support debian mysql administration login
|
75
|
+
return if inspec.platform.in_family?('windows')
|
75
76
|
debian = inspec.command('test -f /etc/mysql/debian.cnf && cat /etc/mysql/debian.cnf').stdout
|
76
77
|
return if debian.empty?
|
77
78
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.2.
|
4
|
+
version: 2.2.101
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dominik Richter
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-09-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: train-core
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
version: '1.4'
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 1.4.
|
22
|
+
version: 1.4.37
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,7 +29,7 @@ dependencies:
|
|
29
29
|
version: '1.4'
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version: 1.4.
|
32
|
+
version: 1.4.37
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: thor
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
@@ -274,6 +274,20 @@ dependencies:
|
|
274
274
|
- - ">="
|
275
275
|
- !ruby/object:Gem::Version
|
276
276
|
version: '0'
|
277
|
+
- !ruby/object:Gem::Dependency
|
278
|
+
name: multipart-post
|
279
|
+
requirement: !ruby/object:Gem::Requirement
|
280
|
+
requirements:
|
281
|
+
- - ">="
|
282
|
+
- !ruby/object:Gem::Version
|
283
|
+
version: '0'
|
284
|
+
type: :runtime
|
285
|
+
prerelease: false
|
286
|
+
version_requirements: !ruby/object:Gem::Requirement
|
287
|
+
requirements:
|
288
|
+
- - ">="
|
289
|
+
- !ruby/object:Gem::Version
|
290
|
+
version: '0'
|
277
291
|
description: Core InSpec, local support only. See `inspec` for full support.
|
278
292
|
email:
|
279
293
|
- dominik.richter@gmail.com
|
@@ -508,6 +522,7 @@ files:
|
|
508
522
|
- lib/inspec.rb
|
509
523
|
- lib/inspec/archive/tar.rb
|
510
524
|
- lib/inspec/archive/zip.rb
|
525
|
+
- lib/inspec/attribute_registry.rb
|
511
526
|
- lib/inspec/backend.rb
|
512
527
|
- lib/inspec/base_cli.rb
|
513
528
|
- lib/inspec/cached_fetcher.rb
|
@@ -534,6 +549,8 @@ files:
|
|
534
549
|
- lib/inspec/formatters/base.rb
|
535
550
|
- lib/inspec/formatters/json_rspec.rb
|
536
551
|
- lib/inspec/formatters/show_progress.rb
|
552
|
+
- lib/inspec/globals.rb
|
553
|
+
- lib/inspec/impact.rb
|
537
554
|
- lib/inspec/library_eval_context.rb
|
538
555
|
- lib/inspec/log.rb
|
539
556
|
- lib/inspec/metadata.rb
|
@@ -580,6 +597,7 @@ files:
|
|
580
597
|
- lib/inspec/reporters/yaml.rb
|
581
598
|
- lib/inspec/require_loader.rb
|
582
599
|
- lib/inspec/resource.rb
|
600
|
+
- lib/inspec/rspec_extensions.rb
|
583
601
|
- lib/inspec/rule.rb
|
584
602
|
- lib/inspec/runner.rb
|
585
603
|
- lib/inspec/runner_mock.rb
|