inspec-core 3.0.25 → 3.0.46

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 50eee6fe644f3592cc9916bfa3049c40c9e76c7add7c0e553cbc9d6e9b555138
4
- data.tar.gz: 9eea909629ba57730bd6d197f7c65696daf48773509fd0075702ea5150fca131
3
+ metadata.gz: 5eafca2cfa375552bf4a20c971ec35787ba47e3ce7dc77f2ecb6818d3fe29a28
4
+ data.tar.gz: c6ff286509fe13ba680fbdd4a1c67b9029827c57429dbcba7dfb57697a8c3e1c
5
5
  SHA512:
6
- metadata.gz: 1692336cb1121e9bcdf91ad5205f4d2a6489a6be80b9ff6bfcb264a06b1ab9643a73de93886f7e31995647193d6a02f1c4f3b686c027bd1df50acc6f697829a3
7
- data.tar.gz: 581bbe107b9260e83caa5b2469c6c15b792a2afd185780b6d383c7c6bf4e3c9d0d600b8a75064032bc9b1142b4f6bd64309fb34df525c4f8b63d02577e28bf87
6
+ metadata.gz: ed867504c283069b22611fb9f1f5b62767b8f81a5b5b7dd7aeb0c480c847856b07356adc3afe17651c1bcb8a69485324ceaf516e691ff36db49a7e6edd729464
7
+ data.tar.gz: 141b8b52dc883f908d739c608adcaf1be07adc026b26d330e17150cede8fadd089e79800f6336c86090c4eed7e6949bd4b4417dde925a29a612da4c46c7184a9
data/CHANGELOG.md CHANGED
@@ -1,31 +1,53 @@
1
1
  # Change Log
2
2
  <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
3
- <!-- latest_release 3.0.25 -->
4
- ## [v3.0.25](https://github.com/inspec/inspec/tree/v3.0.25) (2018-11-01)
3
+ <!-- latest_release 3.0.46 -->
4
+ ## [v3.0.46](https://github.com/inspec/inspec/tree/v3.0.46) (2018-11-08)
5
5
 
6
- #### Merged Pull Requests
7
- - bump expeditor version [#3569](https://github.com/inspec/inspec/pull/3569) ([jquick](https://github.com/jquick))
6
+ #### New Features
7
+ - Add Git SSH and HTTP basic auth support to `inspec exec` [#3562](https://github.com/inspec/inspec/pull/3562) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
8
8
  <!-- latest_release -->
9
9
 
10
- <!-- release_rollup since=3.0.12 -->
11
- ### Changes since 3.0.12 release
10
+ <!-- release_rollup since=3.0.25 -->
11
+ ### Changes since 3.0.25 release
12
+
13
+ #### New Features
14
+ - Add Git SSH and HTTP basic auth support to `inspec exec` [#3562](https://github.com/inspec/inspec/pull/3562) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 3.0.46 -->
12
15
 
13
16
  #### Bug Fixes
14
- - Change usage of `Dir.home` to `Inspec.config_dir` [#3567](https://github.com/inspec/inspec/pull/3567) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 3.0.19 -->
17
+ - port: Correctly detect FreeBSD [#3579](https://github.com/inspec/inspec/pull/3579) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 3.0.43 -->
18
+ - Update iis_site bindingInformation construction and add tests [#3492](https://github.com/inspec/inspec/pull/3492) ([mrshanahan](https://github.com/mrshanahan)) <!-- 3.0.40 -->
19
+ - Silence RSpec &#39;should&#39; Warning [#3560](https://github.com/inspec/inspec/pull/3560) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 3.0.29 -->
15
20
 
16
21
  #### Enhancements
17
- - Allow help args after Thor commands [#3553](https://github.com/inspec/inspec/pull/3553) ([jquick](https://github.com/jquick)) <!-- 3.0.17 -->
18
- - adds additional checks for vendored profiles [#3362](https://github.com/inspec/inspec/pull/3362) ([chris-rock](https://github.com/chris-rock)) <!-- 3.0.14 -->
22
+ - Allow add_test to accept negation [#3586](https://github.com/inspec/inspec/pull/3586) ([rachelrice](https://github.com/rachelrice)) <!-- 3.0.37 -->
23
+ - Added xml resource support for ints, bools, and string responses [#3583](https://github.com/inspec/inspec/pull/3583) ([greenantdotcom](https://github.com/greenantdotcom)) <!-- 3.0.34 -->
24
+ - Add only_if to Inspec objects [#3577](https://github.com/inspec/inspec/pull/3577) ([james-stocks](https://github.com/james-stocks)) <!-- 3.0.31 -->
25
+ - aws_vpc: accept 17 hexadecimal characters for vpc_id [#3564](https://github.com/inspec/inspec/pull/3564) ([kchistova](https://github.com/kchistova)) <!-- 3.0.28 -->
19
26
 
20
27
  #### Merged Pull Requests
21
- - bump expeditor version [#3569](https://github.com/inspec/inspec/pull/3569) ([jquick](https://github.com/jquick)) <!-- 3.0.25 -->
22
- - Pin to train 1.5.6 [#3568](https://github.com/inspec/inspec/pull/3568) ([jquick](https://github.com/jquick)) <!-- 3.0.18 -->
23
- - Allow end of options during Thor array parsing [#3547](https://github.com/inspec/inspec/pull/3547) ([jquick](https://github.com/jquick)) <!-- 3.0.16 -->
24
- - Modernize omnibus config and reduce omnibus package size [#3543](https://github.com/inspec/inspec/pull/3543) ([tas50](https://github.com/tas50)) <!-- 3.0.15 -->
25
- - Adding inspec init profile for GCP. [#3484](https://github.com/inspec/inspec/pull/3484) ([skpaterson](https://github.com/skpaterson)) <!-- 3.0.13 -->
28
+ - Fixes broken link in documentation [#3588](https://github.com/inspec/inspec/pull/3588) ([dmccown](https://github.com/dmccown)) <!-- 3.0.30 -->
29
+ - Fixes (some) ruby warnings related to functional tests [#3561](https://github.com/inspec/inspec/pull/3561) ([TheLonelyGhost](https://github.com/TheLonelyGhost)) <!-- 3.0.27 -->
30
+ - Fix functional tests issues with vendoring [#3572](https://github.com/inspec/inspec/pull/3572) ([jquick](https://github.com/jquick)) <!-- 3.0.26 -->
26
31
  <!-- release_rollup -->
27
32
 
28
33
  <!-- latest_stable_release -->
34
+ ## [v3.0.25](https://github.com/inspec/inspec/tree/v3.0.25) (2018-11-01)
35
+
36
+ #### Enhancements
37
+ - ✓ adds additional checks for vendored profiles [#3362](https://github.com/inspec/inspec/pull/3362) ([chris-rock](https://github.com/chris-rock))
38
+ - Allow help args after Thor commands [#3553](https://github.com/inspec/inspec/pull/3553) ([jquick](https://github.com/jquick))
39
+
40
+ #### Bug Fixes
41
+ - Change usage of `Dir.home` to `Inspec.config_dir` [#3567](https://github.com/inspec/inspec/pull/3567) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
42
+
43
+ #### Merged Pull Requests
44
+ - Adding inspec init profile for GCP. [#3484](https://github.com/inspec/inspec/pull/3484) ([skpaterson](https://github.com/skpaterson))
45
+ - Modernize omnibus config and reduce omnibus package size [#3543](https://github.com/inspec/inspec/pull/3543) ([tas50](https://github.com/tas50))
46
+ - Allow end of options during Thor array parsing [#3547](https://github.com/inspec/inspec/pull/3547) ([jquick](https://github.com/jquick))
47
+ - Pin to train 1.5.6 [#3568](https://github.com/inspec/inspec/pull/3568) ([jquick](https://github.com/jquick))
48
+ - bump expeditor version [#3569](https://github.com/inspec/inspec/pull/3569) ([jquick](https://github.com/jquick))
49
+ <!-- latest_stable_release -->
50
+
29
51
  ## [v3.0.12](https://github.com/inspec/inspec/tree/v3.0.12) (2018-10-24)
30
52
 
31
53
  #### New Resources
@@ -36,7 +58,6 @@
36
58
 
37
59
  #### Merged Pull Requests
38
60
  - Add inspec/train vault to plugin exclusion [#3532](https://github.com/inspec/inspec/pull/3532) ([jquick](https://github.com/jquick))
39
- <!-- latest_stable_release -->
40
61
 
41
62
  ## [v3.0.9](https://github.com/inspec/inspec/tree/v3.0.9) (2018-10-18)
42
63
 
data/lib/fetchers/git.rb CHANGED
@@ -29,7 +29,11 @@ module Fetchers
29
29
  priority 200
30
30
 
31
31
  def self.resolve(target, opts = {})
32
- new(target[:git], opts.merge(target)) if target.respond_to?(:has_key?) && target.key?(:git)
32
+ if target.is_a?(String)
33
+ new(target, opts) if target.start_with?('git@') || target.end_with?('.git')
34
+ elsif target.respond_to?(:has_key?) && target.key?(:git)
35
+ new(target[:git], opts.merge(target))
36
+ end
33
37
  end
34
38
 
35
39
  def initialize(remote_url, opts = {})
data/lib/fetchers/url.rb CHANGED
@@ -95,6 +95,7 @@ module Fetchers
95
95
 
96
96
  def initialize(url, opts)
97
97
  @target = url
98
+ @target_uri = parse_uri(@target)
98
99
  @insecure = opts['insecure']
99
100
  @token = opts['token']
100
101
  @config = opts
@@ -120,6 +121,11 @@ module Fetchers
120
121
 
121
122
  private
122
123
 
124
+ def parse_uri(target)
125
+ return URI.parse(target) if target.is_a?(String)
126
+ URI.parse(target[:url])
127
+ end
128
+
123
129
  def sha256
124
130
  file = @archive_path || temp_archive_path
125
131
  OpenSSL::Digest::SHA256.digest(File.read(file)).unpack('H*')[0]
@@ -155,9 +161,8 @@ module Fetchers
155
161
  version: @config['profile'][2],
156
162
  }.to_json
157
163
 
158
- uri = URI.parse(@target)
159
164
  opts = http_opts
160
- opts[:use_ssl] = uri.scheme == 'https'
165
+ opts[:use_ssl] = @target_uri.scheme == 'https'
161
166
 
162
167
  if @insecure
163
168
  opts[:verify_mode] = OpenSSL::SSL::VERIFY_NONE
@@ -165,12 +170,12 @@ module Fetchers
165
170
  opts[:verify_mode] = OpenSSL::SSL::VERIFY_PEER
166
171
  end
167
172
 
168
- req = Net::HTTP::Post.new(uri)
173
+ req = Net::HTTP::Post.new(@target_uri)
169
174
  opts.each do |key, value|
170
175
  req.add_field(key, value)
171
176
  end
172
177
  req.body = json
173
- res = Net::HTTP.start(uri.host, uri.port, opts) { |http|
178
+ res = Net::HTTP.start(@target_uri.host, @target_uri.port, opts) { |http|
174
179
  http.request(req)
175
180
  }
176
181
 
@@ -188,7 +193,7 @@ module Fetchers
188
193
  def download_archive_to_temp
189
194
  return @temp_archive_path if !@temp_archive_path.nil?
190
195
  Inspec::Log.debug("Fetching URL: #{@target}")
191
- remote = open(@target, http_opts)
196
+ remote = open_via_uri(@target)
192
197
  @archive_type = file_type_from_remote(remote) # side effect :(
193
198
  archive = Tempfile.new(['inspec-dl-', @archive_type])
194
199
  archive.binmode
@@ -199,6 +204,17 @@ module Fetchers
199
204
  @temp_archive_path = archive.path
200
205
  end
201
206
 
207
+ def open_via_uri(target)
208
+ opts = http_opts
209
+
210
+ if opts[:http_basic_authentication]
211
+ # OpenURI does not support userinfo so we need to remove it
212
+ open(target.sub("#{@target_uri.userinfo}@", ''), opts)
213
+ else
214
+ open(target, opts)
215
+ end
216
+ end
217
+
202
218
  def download_archive(path)
203
219
  temp_archive_path
204
220
  final_path = "#{path}#{@archive_type}"
@@ -225,7 +241,9 @@ module Fetchers
225
241
  opts['Authorization'] = "Bearer #{@token}"
226
242
  end
227
243
 
228
- opts[:http_basic_authentication] = [@config[:username], @config[:password]] if @config[:username]
244
+ username = @config[:username] || @target_uri.user
245
+ password = @config[:password] || @target_uri.password
246
+ opts[:http_basic_authentication] = [username, password] if username
229
247
 
230
248
  # Do not send any headers that have nil values.
231
249
  # Net::HTTP does not gracefully handle this situation.
data/lib/inspec/cli.rb CHANGED
@@ -168,9 +168,70 @@ class Inspec::InspecCLI < Inspec::BaseCLI
168
168
  pretty_handle_exception(e)
169
169
  end
170
170
 
171
- desc 'exec PATHS', 'run all test files at the specified PATH.'
171
+ desc 'exec LOCATIONS', 'run all test files at the specified LOCATIONS.'
172
172
  long_desc <<~EOT
173
- Loads the given profile(s) and fetches their dependencies if needed. Then connects to the target and executes any controls contained in the profiles. One or more reporters are used to generate output. If all tests passed (no fails, no skips) exit code 0 is returned. If some tests skipped but none failed, exit code 101 is returned. If at least one test failed, exit code 100 is returned. If inspec failed for any other reason, exit code 1 is returned.
173
+ Loads the given profile(s) and fetches their dependencies if needed. Then
174
+ connects to the target and executes any controls contained in the profiles.
175
+ One or more reporters are used to generate output. If all tests passed
176
+ (no fails, no skips) exit code 0 is returned. If some tests skipped but
177
+ none failed, exit code 101 is returned. If at least one test failed, exit
178
+ code 100 is returned. If inspec failed for any other reason, exit code 1
179
+ is returned.
180
+
181
+ Below are some examples of using `exec` with different test LOCATIONS:
182
+
183
+ Automate:
184
+ ```
185
+ inspec compliance login
186
+ inspec exec compliance://username/linux-baseline
187
+ ```
188
+
189
+ Supermarket:
190
+ ```
191
+ inspec exec supermarket://username/linux-baseline
192
+ ```
193
+
194
+ Local profile (executes all tests in `controls/`):
195
+ ```
196
+ inspec exec /path/to/profile
197
+ ```
198
+
199
+ Local single test (doesn't allow attributes or custom resources)
200
+ ```
201
+ inspec exec /path/to/a_test.rb
202
+ ```
203
+
204
+ Git via SSH
205
+ ```
206
+ inspec exec git@github.com:dev-sec/linux-baseline.git
207
+ ```
208
+
209
+ Git via HTTPS (.git suffix is required):
210
+ ```
211
+ inspec exec https://github.com/dev-sec/linux-baseline.git
212
+ ```
213
+
214
+ Private Git via HTTPS (.git suffix is required):
215
+ ```
216
+ inspec exec https://API_TOKEN@github.com/dev-sec/linux-baseline.git
217
+ ```
218
+
219
+ Private Git via HTTPS and cached credentials (.git suffix is required):
220
+ ```
221
+ git config credential.helper cache
222
+ git ls-remote https://github.com/dev-sec/linux-baseline.git
223
+ inspec exec https://github.com/dev-sec/linux-baseline.git
224
+ ```
225
+
226
+ Web hosted fileshare (also supports .zip):
227
+ ```
228
+ inspec exec https://webserver/linux-baseline.tar.gz
229
+ ```
230
+
231
+ Web hosted fileshare with basic authentication (supports .zip):
232
+ ```
233
+ inspec exec https://username:password@webserver/linux-baseline.tar.gz
234
+ ```
174
235
  EOT
175
236
  exec_options
176
237
  def exec(*targets)
@@ -2,7 +2,7 @@
2
2
 
3
3
  module Inspec
4
4
  class Control
5
- attr_accessor :id, :title, :descriptions, :impact, :tests, :tags, :refs
5
+ attr_accessor :id, :title, :descriptions, :impact, :tests, :tags, :refs, :only_if
6
6
  def initialize
7
7
  @tests = []
8
8
  @tags = []
@@ -43,6 +43,7 @@ module Inspec
43
43
  res.push " impact #{impact}" unless impact.nil?
44
44
  tags.each { |t| res.push(indent(t.to_ruby, 2)) }
45
45
  refs.each { |t| res.push(" ref #{print_ref(t)}") }
46
+ res.push " only_if { #{only_if} }" if only_if
46
47
  tests.each { |t| res.push(indent(t.to_ruby, 2)) }
47
48
  res.push 'end'
48
49
  res.join("\n")
@@ -57,8 +57,8 @@ module Inspec
57
57
  @variables = []
58
58
  end
59
59
 
60
- def add_test(its, matcher, expectation)
61
- test = Inspec::Describe::Test.new(its, matcher, expectation, false)
60
+ def add_test(its, matcher, expectation, opts = {})
61
+ test = Inspec::Describe::Test.new(its, matcher, expectation, opts[:negated])
62
62
  tests.push(test)
63
63
  test
64
64
  end
@@ -2,7 +2,7 @@
2
2
 
3
3
  module Inspec
4
4
  class Test
5
- attr_accessor :qualifier, :matcher, :expectation, :skip, :negated, :variables
5
+ attr_accessor :qualifier, :matcher, :expectation, :skip, :negated, :variables, :only_if
6
6
  include RubyHelper
7
7
 
8
8
  def initialize
@@ -61,6 +61,7 @@ module Inspec
61
61
  end
62
62
 
63
63
  def rb_describe
64
+ only_if_clause = "only_if { #{only_if} }\n" if only_if
64
65
  vars = variables.map(&:to_ruby).join("\n")
65
66
  vars += "\n" unless vars.empty?
66
67
  res, xtra = describe_chain
@@ -74,8 +75,8 @@ module Inspec
74
75
  elsif xpect != ''
75
76
  ' ' + expectation.inspect
76
77
  end
77
- format("%sdescribe %s do\n %s { should%s %s%s }\nend",
78
- vars, res, itsy, naughty, matcher, xpect)
78
+ format("%s%sdescribe %s do\n %s { should%s %s%s }\nend",
79
+ only_if_clause, vars, res, itsy, naughty, matcher, xpect)
79
80
  end
80
81
 
81
82
  def rb_skip
@@ -1,6 +1,14 @@
1
1
  require 'inspec/attribute_registry'
2
+ require 'rspec/core'
2
3
  require 'rspec/core/example_group'
3
4
 
5
+ # Setup RSpec to allow use of `should` syntax without warnings
6
+ RSpec.configure do |config|
7
+ config.expect_with(:rspec) do |rspec_expectations_config|
8
+ rspec_expectations_config.syntax = :should
9
+ end
10
+ end
11
+
4
12
  # This file allows you to add ExampleGroups to be used in rspec tests
5
13
  #
6
14
  class RSpec::Core::ExampleGroup
data/lib/inspec/rule.rb CHANGED
@@ -37,6 +37,7 @@ module Inspec
37
37
  @tags = {}
38
38
 
39
39
  # not changeable by the user:
40
+ @__code = nil
40
41
  @__block = block
41
42
  @__source_location = __get_block_source_location(&block)
42
43
  @__rule_id = id
data/lib/inspec/runner.rb CHANGED
@@ -238,9 +238,11 @@ module Inspec
238
238
 
239
239
  # Load local profile dependencies. This is used in inspec shell
240
240
  # to provide access to local profiles that add resources.
241
- @depends
242
- .map { |x| Inspec::Profile.for_path(x, { profile_context: ctx }) }
243
- .each(&:load_libraries)
241
+ @depends.each do |dep|
242
+ # support for windows paths
243
+ dep = dep.tr('\\', '/')
244
+ Inspec::Profile.for_path(dep, { profile_context: ctx }).load_libraries
245
+ end
244
246
 
245
247
  ctx.load(command)
246
248
  end
@@ -4,5 +4,5 @@
4
4
  # author: Christoph Hartmann
5
5
 
6
6
  module Inspec
7
- VERSION = '3.0.25'
7
+ VERSION = '3.0.46'
8
8
  end
@@ -32,7 +32,6 @@ class InitCli < MiniTest::Test
32
32
 
33
33
  def test_generating_inspec_profile_with_bad_platform
34
34
  Dir.mktmpdir do |dir|
35
- profile = File.join(dir, 'test-profile')
36
35
  out = run_inspec_process("init profile --platform nonesuch test-profile", prefix: "cd #{dir} &&")
37
36
  assert_equal 1, out.exit_status
38
37
  assert_includes out.stdout, 'Unable to generate profile'
@@ -94,7 +94,7 @@ module Inspec::Resources
94
94
 
95
95
  # want to populate everything using one powershell command here and spit it out as json
96
96
  def iis_site(name)
97
- command = "Get-Website '#{name}' | select-object -Property Name,State,PhysicalPath,bindings,ApplicationPool | ConvertTo-Json"
97
+ command = "Get-Website '#{name}' | Select-Object -Property Name,State,PhysicalPath,bindings,ApplicationPool | ConvertTo-Json"
98
98
  cmd = @inspec.command(command)
99
99
 
100
100
  begin
@@ -103,11 +103,8 @@ module Inspec::Resources
103
103
  return nil
104
104
  end
105
105
 
106
- bindings_array = site['bindings']['Collection'].map { |k, _str|
107
- k['protocol'] <<
108
- ' ' <<
109
- k['bindingInformation'] <<
110
- (k['protocol'] == 'https' ? ' sslFlags=' << flags : '')
106
+ bindings_array = site['bindings']['Collection'].map { |k|
107
+ "#{k['protocol']} #{k['bindingInformation']}#{k['protocol'] == 'https' ? " sslFlags=#{k['sslFlags']}" : ''}"
111
108
  }
112
109
 
113
110
  # map our values to a hash table
@@ -63,10 +63,12 @@ module Inspec::Resources
63
63
  AixPorts.new(inspec)
64
64
  elsif os.darwin?
65
65
  # Darwin: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/lsof.8.html
66
+ # Careful: make sure darwin comes before BSD, below
66
67
  LsofPorts.new(inspec)
67
68
  elsif os.windows?
68
69
  WindowsPorts.new(inspec)
69
- elsif ['freebsd'].include?(os[:family])
70
+ elsif os.bsd?
71
+ # Relies on sockstat, usually present on FreeBSD and NetBSD (but not MacOS X)
70
72
  FreeBsdPorts.new(inspec)
71
73
  elsif os.solaris?
72
74
  SolarisPorts.new(inspec)
data/lib/resources/xml.rb CHANGED
@@ -27,6 +27,8 @@ module Inspec::Resources
27
27
  output.push(element.to_s)
28
28
  elsif element.is_a?(REXML::Element)
29
29
  output.push(element.text)
30
+ elsif element.is_a?(Integer) || element.is_a?(TrueClass) || element.is_a?(FalseClass) || element.is_a?(String)
31
+ output.push(element)
30
32
  else
31
33
  raise Inspec::Exceptions::ResourceFailed, "Unknown XML object received (#{element.class}): #{element}"
32
34
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.25
4
+ version: 3.0.46
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dominik Richter
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-11-01 00:00:00.000000000 Z
11
+ date: 2018-11-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: train-core