inspec-core 3.7.1 → 3.7.11

data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb

@@ -74,6 +74,18 @@ class InitCli < MiniTest::Test
     end
   end
 
+  def test_generating_inspec_profile_azure
+    Dir.mktmpdir do |dir|
+      profile = File.join(dir, 'test-azure-profile')
+      out = run_inspec_process("init profile --platform azure test-azure-profile", prefix: "cd #{dir} &&")
+      assert_equal 0, out.exit_status
+      assert_includes out.stdout, 'Creating new profile at'
+      assert_includes out.stdout, profile
+      assert_includes Dir.entries(profile).join, 'inspec.yml'
+      assert_includes Dir.entries(profile).join, 'README.md'
+    end
+  end
+
   def test_generating_inspec_profile_os
     Dir.mktmpdir do |dir|
       profile = File.join(dir, 'test-os-profile')

data/lib/resources/aide_conf.rb

@@ -9,7 +9,7 @@ module Inspec::Resources
     supports platform: 'unix'
     desc 'Use the aide_conf InSpec audit resource to test the rules established for
       the file integrity tool AIDE. Controlled by the aide.conf file typically at /etc/aide.conf.'
-    example "
+    example <<~EXAMPLE
       describe aide_conf do
         its('selection_lines') { should include '/sbin' }
       end
@@ -21,7 +21,7 @@ module Inspec::Resources
       describe aide_conf.all_have_rule('sha512') do
         it { should eq true }
       end
-    "
+    EXAMPLE
 
     attr_reader :params
 

data/lib/resources/apache.rb

@@ -6,7 +6,7 @@ module Inspec::Resources
     name 'apache'
     supports platform: 'unix'
     desc 'Use the apache InSpec audit resource to retrieve Apache environment settings.'
-    example "
+    example <<~EXAMPLE
       describe apache do
         its ('service') { should cmp 'apache2' }
       end
@@ -22,7 +22,7 @@ module Inspec::Resources
       describe apache do
         its ('user') { should cmp 'www-data' }
       end
-    "
+    EXAMPLE
 
     attr_reader :service, :conf_dir, :conf_path, :user
     def initialize

data/lib/resources/apache_conf.rb

@@ -11,11 +11,11 @@ module Inspec::Resources
     supports platform: 'linux'
     supports platform: 'debian'
     desc 'Use the apache_conf InSpec audit resource to test the configuration settings for Apache. This file is typically located under /etc/apache2 on the Debian and Ubuntu platforms and under /etc/httpd on the Fedora, CentOS, Red Hat Enterprise Linux, and Arch Linux platforms. The configuration settings may vary significantly from platform to platform.'
-    example "
+    example <<~EXAMPLE
       describe apache_conf do
         its('setting_name') { should eq 'value' }
       end
-    "
+    EXAMPLE
 
     include FindFiles
     include FileReader

data/lib/resources/apt.rb

@@ -31,12 +31,12 @@ module Inspec::Resources
     name 'apt'
     supports platform: 'unix'
     desc 'Use the apt InSpec audit resource to verify Apt repositories on the Debian and Ubuntu platforms, and also PPA repositories on the Ubuntu platform.'
-    example "
+    example <<~EXAMPLE
       describe apt('nginx/stable') do
         it { should exist }
         it { should be_enabled }
       end
-    "
+    EXAMPLE
 
     def initialize(ppa_name)
       @deb_url = nil

data/lib/resources/audit_policy.rb

@@ -26,11 +26,11 @@ module Inspec::Resources
     name 'audit_policy'
     supports platform: 'windows'
     desc 'Use the audit_policy InSpec audit resource to test auditing policies on the Microsoft Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each enabled auditing category property, the auditing level may be set to No Auditing, Not Specified, Success, Success and Failure, or Failure.'
-    example "
+    example <<~EXAMPLE
       describe audit_policy do
         its('parameter') { should eq 'value' }
       end
-    "
+    EXAMPLE
 
     def method_missing(method)
       key = method.to_s

data/lib/resources/auditd.rb

@@ -14,7 +14,7 @@ module Inspec::Resources
     name 'auditd'
     supports platform: 'unix'
     desc 'Use the auditd InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the auditcl -l command.'
-    example "
+    example <<~EXAMPLE
       describe auditd.syscall('chown').where {arch == 'b32'} do
         its('action') { should eq ['always'] }
         its('list') { should eq ['exit'] }
@@ -27,7 +27,7 @@ module Inspec::Resources
       describe auditd do
         its('lines') { should include %r(-w /etc/ssh/sshd_config) }
       end
-    "
+    EXAMPLE
 
     def initialize
       unless inspec.command('/sbin/auditctl').exist?

data/lib/resources/auditd_conf.rb

@@ -9,11 +9,11 @@ module Inspec::Resources
     name 'auditd_conf'
     supports platform: 'unix'
     desc "Use the auditd_conf InSpec audit resource to test the configuration settings for the audit daemon. This file is typically located under /etc/audit/auditd.conf' on UNIX and Linux platforms."
-    example "
+    example <<~EXAMPLE
       describe auditd_conf do
         its('space_left_action') { should eq 'email' }
       end
-    "
+    EXAMPLE
 
     include FileReader
 

data/lib/resources/bash.rb

@@ -8,7 +8,7 @@ module Inspec::Resources
     name 'bash'
     supports platform: 'unix'
     desc 'Run a command or script in BASH.'
-    example "
+    example <<~EXAMPLE
       describe bash('ls -al /') do
         its('stdout') { should match /bin/ }
         its('stderr') { should eq '' }
@@ -20,7 +20,7 @@ module Inspec::Resources
 
       # Specify arguments (defaults to -c)
       bash('...', args: '-x -c')
-    "
+    EXAMPLE
 
     def initialize(command, options = {})
       @raw_command = command

data/lib/resources/bond.rb

@@ -8,11 +8,11 @@ module Inspec::Resources
     name 'bond'
     supports platform: 'unix'
     desc 'Use the bond InSpec audit resource to test a logical, bonded network interface (i.e. "two or more network interfaces aggregated into a single, logical network interface"). On Linux platforms, any value in the /proc/net/bonding directory may be tested.'
-    example "
+    example <<~EXAMPLE
       describe bond('bond0') do
         it { should exist }
       end
-    "
+    EXAMPLE
 
     include FileReader
 

data/lib/resources/bridge.rb

@@ -11,12 +11,12 @@ module Inspec::Resources
     name 'bridge'
     supports platform: 'unix'
     desc 'Use the bridge InSpec audit resource to test basic network bridge properties, such as name, if an interface is defined, and the associations for any defined interface.'
-    example "
+    example <<~EXAMPLE
       describe bridge 'br0' do
         it { should exist }
         it { should have_interface 'eth0' }
       end
-    "
+    EXAMPLE
 
     def initialize(bridge_name)
       @bridge_name = bridge_name

data/lib/resources/chocolatey_package.rb

@@ -7,12 +7,12 @@ module Inspec::Resources
     name 'chocolatey_package'
     supports platform: 'windows'
     desc 'Use the chocolatey_package InSpec audit resource to test if the named package and/or package version is installed on the system.'
-    example <<-EOH
+    example <<~EXAMPLE
       describe chocolatey_package('git') do
         it { should be_installed }
         its('version') { should eq '2.15.1' }
       end
-    EOH
+    EXAMPLE
 
     attr_reader :package_name
 

data/lib/resources/command.rb

@@ -7,7 +7,7 @@ module Inspec::Resources
     supports platform: 'unix'
     supports platform: 'windows'
     desc 'Use the command InSpec audit resource to test an arbitrary command that is run on the system.'
-    example "
+    example <<~EXAMPLE
       describe command('ls -al /') do
         its('stdout') { should match /bin/ }
         its('stderr') { should eq '' }
@@ -18,7 +18,7 @@ module Inspec::Resources
       describe command('ls') do
         it { should exist }
       end
-    "
+    EXAMPLE
 
     attr_reader :command
 

data/lib/resources/cpan.rb

@@ -11,11 +11,11 @@ module Inspec::Resources
     name 'cpan'
     supports platform: 'unix'
     desc 'Use the `cpan` InSpec audit resource to test Perl modules that are installed by system packages or the CPAN installer.'
-    example "
+    example <<~EXAMPLE
       describe cpan('DBD::Pg') do
         it { should be_installed }
       end
-    "
+    EXAMPLE
 
     def initialize(package_name, perl_lib_path = nil)
       @package_name = package_name

data/lib/resources/cran.rb

@@ -11,11 +11,11 @@ module Inspec::Resources
     name 'cran'
     supports platform: 'unix'
     desc 'Use the `cran` InSpec audit resource to test R modules that are installed from CRAN package repository.'
-    example "
+    example <<~EXAMPLE
       describe cran('DBI') do
         it { should be_installed }
       end
-    "
+    EXAMPLE
 
     def initialize(package_name)
       @package_name = package_name

data/lib/resources/crontab.rb

@@ -8,7 +8,7 @@ module Inspec::Resources
     name 'crontab'
     supports platform: 'unix'
     desc 'Use the crontab InSpec audit resource to test the contents of the crontab for a given user which contains information about scheduled tasks owned by that user.'
-    example "
+    example <<~EXAMPLE
       describe crontab(user: 'root') do
         its('commands') { should include '/path/to/some/script' }
       end
@@ -29,7 +29,7 @@ module Inspec::Resources
       describe crontab(path: '/etc/cron.d/some_crontab') do
         its('commands') { should include '/path/to/some/script' }
       end
-    "
+    EXAMPLE
 
     attr_reader :params
 

data/lib/resources/csv.rb

@@ -7,11 +7,11 @@ module Inspec::Resources
   class CsvConfig < JsonConfig
     name 'csv'
     desc 'Use the csv InSpec audit resource to test configuration data in a CSV file.'
-    example "
+    example <<~EXAMPLE
       describe csv('example.csv') do
         its('name') { should eq(['John', 'Alice']) }
       end
-    "
+    EXAMPLE
 
     # override the parse method from JsonConfig
     # Assuming a header row of name,col1,col2, it will output an array of hashes like so:

data/lib/resources/dh_params.rb

@@ -11,7 +11,7 @@ class DhParams < Inspec.resource(1)
     parameters.
   '
 
-  example "
+  example <<~EXAMPLE
     describe dh_params('/path/to/file.dh_pem') do
       it { should be_dh_params }
       it { should be_valid }
@@ -21,7 +21,7 @@ class DhParams < Inspec.resource(1)
       its('pem') { should eq '-----BEGIN DH PARAMETERS...' }
       its('text') { should eq 'PKCS#3 DH Parameters: (2048 bit)...' }
     end
-  "
+  EXAMPLE
 
   include FileReader
 

data/lib/resources/directory.rb

@@ -8,11 +8,11 @@ module Inspec::Resources
     supports platform: 'unix'
     supports platform: 'windows'
     desc 'Use the directory InSpec audit resource to test if the file type is a directory. This is equivalent to using the file InSpec audit resource and the be_directory matcher, but provides a simpler and more direct way to test directories. All of the matchers available to file may be used with directory.'
-    example "
+    example <<~EXAMPLE
       describe directory('path') do
         it { should be_directory }
       end
-    "
+    EXAMPLE
 
     def exist?
       file.exist? && file.directory?

data/lib/resources/docker.rb

@@ -94,7 +94,7 @@ module Inspec::Resources
       A resource to retrieve information about docker
     "
 
-    example "
+    example <<~EXAMPLE
       describe docker.containers do
         its('images') { should_not include 'u12:latest' }
       end
@@ -127,7 +127,7 @@ module Inspec::Resources
           its(%w(HostConfig Privileged)) { should_not cmp true }
         end
       end
-    "
+    EXAMPLE
 
     def containers
       DockerContainerFilter.new(parse_containers)

data/lib/resources/docker_container.rb

@@ -11,7 +11,7 @@ module Inspec::Resources
     name 'docker_container'
     supports platform: 'unix'
     desc ''
-    example "
+    example <<~EXAMPLE
       describe docker_container('an-echo-server') do
         it { should exist }
         it { should be_running }
@@ -28,7 +28,7 @@ module Inspec::Resources
         it { should exist }
         it { should be_running }
       end
-    "
+    EXAMPLE
 
     def initialize(opts = {})
       # if a string is provided, we expect it is the name

data/lib/resources/docker_image.rb

@@ -11,7 +11,7 @@ module Inspec::Resources
     name 'docker_image'
     supports platform: 'unix'
     desc ''
-    example "
+    example <<~EXAMPLE
       describe docker_image('alpine:latest') do
         it { should exist }
         its('id') { should_not eq '' }
@@ -27,7 +27,7 @@ module Inspec::Resources
       describe docker_image(id: '4a415e366388') do
         it { should exist }
       end
-    "
+    EXAMPLE
 
     def initialize(opts = {})
       # do sanitizion of input values

data/lib/resources/docker_plugin.rb

@@ -5,7 +5,7 @@ module Inspec::Resources
     name 'docker_plugin'
     supports platform: 'unix'
     desc 'Retrieves info about docker plugins'
-    example "
+    example <<~EXAMPLE
       describe docker_plugin('rexray/ebs') do
         it { should exist }
         its('id') { should_not eq '0ac30b93ad40' }
@@ -20,7 +20,7 @@ module Inspec::Resources
       describe docker_plugin(id: '4a415e366388') do
         it { should exist }
       end
-    "
+    EXAMPLE
 
     def initialize(opts = {})
       # do sanitizion of input values

data/lib/resources/docker_service.rb

@@ -11,7 +11,7 @@ module Inspec::Resources
     name 'docker_service'
     supports platform: 'unix'
     desc 'Swarm-mode service'
-    example "
+    example <<~EXAMPLE
       describe docker_service('service1') do
         it { should exist }
         its('id') { should_not eq '' }
@@ -27,7 +27,7 @@ module Inspec::Resources
       describe docker_service(image: 'alpine:latest') do
         it { should exist }
       end
-    "
+    EXAMPLE
 
     def initialize(opts = {})
       # do sanitizion of input values

data/lib/resources/elasticsearch.rb

@@ -11,7 +11,7 @@ module Inspec::Resources
     desc "Use the Elasticsearch InSpec audit resource to test the status of nodes in
       an Elasticsearch cluster."
 
-    example "
+    example <<~EXAMPLE
       describe elasticsearch('http://eshost.mycompany.biz:9200/', username: 'elastic', password: 'changeme', ssl_verify: false) do
         its('node_count') { should >= 3 }
       end
@@ -21,7 +21,7 @@ module Inspec::Resources
         its('os') { should_not include 'MacOS' }
         its('version') { should cmp > 1.2.0 }
       end
-    "
+    EXAMPLE
 
     filter = FilterTable.create
     filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }

data/lib/resources/etc_fstab.rb

@@ -9,7 +9,7 @@ module Inspec::Resources
     name 'etc_fstab'
     supports platform: 'unix'
     desc 'Use the etc_fstab InSpec audit resource to check the configuration of the etc/fstab file.'
-    example "
+    example <<~EXAMPLE
       nfs_systems = etc_fstab.nfs_file_systems.entries
       nfs_systems.each do |file_system|
         describe file_system do
@@ -22,7 +22,7 @@ module Inspec::Resources
       describe etc_fstab do
         its ('home_mount_options') { should include 'nosuid' }
       end
-    "
+    EXAMPLE
 
     attr_reader :params