inspec-core 3.7.1 → 3.7.11

data/lib/resources/etc_group.rb

@@ -30,13 +30,13 @@ module Inspec::Resources
     name 'etc_group'
     supports platform: 'unix'
     desc 'Use the etc_group InSpec audit resource to test groups that are defined on Linux and UNIX platforms. The /etc/group file stores details about each group---group name, password, group identifier, along with a comma-separate list of users that belong to the group.'
-    example "
+    example <<~EXAMPLE
       describe etc_group do
         its('gids') { should_not contain_duplicates }
         its('groups') { should include 'my_user' }
         its('users') { should include 'my_user' }
       end
-    "
+    EXAMPLE
 
     include FileReader
 

data/lib/resources/etc_hosts.rb

@@ -10,13 +10,13 @@ class EtcHosts < Inspec.resource(1)
   supports platform: 'windows'
   desc 'Use the etc_hosts InSpec audit resource to find an
     ip_address and its associated hosts'
-  example "
+  example <<~EXAMPLE
     describe etc_hosts.where { ip_address == '127.0.0.1' } do
       its('ip_address') { should cmp '127.0.0.1' }
       its('primary_name') { should cmp 'localhost' }
       its('all_host_names') { should eq [['localhost', 'localhost.localdomain', 'localhost4', 'localhost4.localdomain4']] }
     end
-  "
+  EXAMPLE
 
   attr_reader :params
 

data/lib/resources/etc_hosts_allow_deny.rb

@@ -9,12 +9,12 @@ module Inspec::Resources
     supports platform: 'unix'
     desc 'Use the etc_hosts_allow InSpec audit resource to test the connections
           the client will allow. Controlled by the /etc/hosts.allow file.'
-    example "
+    example <<~EXAMPLE
       describe etc_hosts_allow.where { daemon == 'ALL' } do
         its('client_list') { should include ['127.0.0.1', '[::1]'] }
         its('options') { should eq [[]] }
       end
-    "
+    EXAMPLE
 
     attr_reader :params
 
@@ -91,12 +91,12 @@ module Inspec::Resources
     supports platform: 'unix'
     desc 'Use the etc_hosts_deny InSpec audit resource to test the connections
           the client will deny. Controlled by the /etc/hosts.deny file.'
-    example "
+    example <<~EXAMPLE
       describe etc_hosts_deny.where { daemon_list == 'ALL' } do
         its('client_list') { should eq [['127.0.0.1', '[::1]']] }
         its('options') { should eq [] }
       end
-    "
+    EXAMPLE
 
     def initialize(path = nil)
       return skip_resource '`etc_hosts_deny` is not supported on your OS' unless inspec.os.linux?

data/lib/resources/file.rb

@@ -22,7 +22,7 @@ module Inspec::Resources
     supports platform: 'unix'
     supports platform: 'windows'
     desc 'Use the file InSpec audit resource to test all system file types, including files, directories, symbolic links, named pipes, sockets, character devices, block devices, and doors.'
-    example "
+    example <<~EXAMPLE
       describe file('path') do
         it { should exist }
         it { should be_file }
@@ -32,7 +32,7 @@ module Inspec::Resources
         it { should be_owned_by 'root' }
         its('mode') { should cmp '0644' }
       end
-    "
+    EXAMPLE
 
     attr_reader :file, :mount_options
     def initialize(path)

data/lib/resources/filesystem.rb

@@ -4,7 +4,7 @@ module Inspec::Resources
     supports platform: 'linux'
     supports platform: 'windows'
     desc 'Use the filesystem InSpec resource to test file system'
-    example "
+    example <<~EXAMPLE
       describe filesystem('/') do
         its('size_kb') { should be >= 32000 }
         its('free_kb') { should be >= 3200 }
@@ -17,7 +17,7 @@ module Inspec::Resources
         its('type') { should cmp 'NTFS' }
         its('percent_free') { should be >= 20 }
       end
-    "
+    EXAMPLE
     attr_reader :partition
 
     def initialize(partition)

data/lib/resources/firewalld.rb

@@ -10,7 +10,7 @@ module Inspec::Resources
     name 'firewalld'
     supports platform: 'linux'
     desc 'Use the firewalld resource to check and see if firewalld is configured to grand or deny access to specific hosts or services'
-    example "
+    example <<~EXAMPLE
       describe firewalld do
         it { should be_running }
         its('default_zone') { should eq 'public' }
@@ -23,7 +23,7 @@ module Inspec::Resources
         its('sources') { should cmp ['ssh', 'icmp'] }
         its('services') { should cmp ['192.168.1.0/24', '192.168.1.2'] }
       end
-    "
+    EXAMPLE
 
     attr_reader :params
 

data/lib/resources/gem.rb

@@ -6,12 +6,12 @@ module Inspec::Resources
     supports platform: 'unix'
     supports platform: 'windows'
     desc 'Use the gem InSpec audit resource to test if a global gem package is installed.'
-    example "
+    example <<~EXAMPLE
       describe gem('rubocop') do
         it { should be_installed }
         its('version') { should eq '0.33.0' }
       end
-    "
+    EXAMPLE
 
     attr_reader :gem_binary
 

data/lib/resources/groups.rb

@@ -28,7 +28,7 @@ module Inspec::Resources
     supports platform: 'unix'
     supports platform: 'windows'
     desc 'Use the group InSpec audit resource to test groups on the system. Groups can be filtered.'
-    example "
+    example <<~EXAMPLE
       describe groups.where { name == 'root'} do
         its('names') { should eq ['root'] }
         its('gids') { should eq [0] }
@@ -38,7 +38,7 @@ module Inspec::Resources
         its('names') { should eq ['Administrators'] }
         its('gids') { should eq ['S-1-5-32-544'] }
       end
-    "
+    EXAMPLE
 
     def initialize
       # select group manager
@@ -80,7 +80,7 @@ module Inspec::Resources
     supports platform: 'unix'
     supports platform: 'windows'
     desc 'Use the group InSpec audit resource to test groups on the system.'
-    example "
+    example <<~EXAMPLE
       describe group('root') do
         it { should exist }
         its('gid') { should eq 0 }
@@ -89,7 +89,7 @@ module Inspec::Resources
       describe group('Administrators') do
         its('members') { should include 'Administrator' }
       end
-    "
+    EXAMPLE
 
     def initialize(groupname)
       @group = groupname

data/lib/resources/grub_conf.rb

@@ -7,7 +7,7 @@ class GrubConfig < Inspec.resource(1)
   name 'grub_conf'
   supports platform: 'unix'
   desc 'Use the grub_conf InSpec audit resource to test the boot config of Linux systems that use Grub.'
-  example "
+  example <<~EXAMPLE
     describe grub_conf('/etc/grub.conf',  'default') do
       its('kernel') { should include '/vmlinuz-2.6.32-573.7.1.el6.x86_64' }
       its('initrd') { should include '/initramfs-2.6.32-573.el6.x86_64.img=1' }
@@ -19,7 +19,7 @@ class GrubConfig < Inspec.resource(1)
     describe grub_conf('/etc/grub.conf',  'CentOS (2.6.32-573.12.1.el6.x86_64)') do
       its('kernel') { should include 'audit=1' }
     end
-  "
+  EXAMPLE
 
   include FileReader
 

data/lib/resources/host.rb

@@ -30,7 +30,7 @@ module Inspec::Resources
     supports platform: 'unix'
     supports platform: 'windows'
     desc 'Use the host InSpec audit resource to test the name used to refer to a specific host and its availability, including the Internet protocols and ports over which that host name should be available.'
-    example "
+    example <<~EXAMPLE
       describe host('example.com') do
         it { should be_reachable }
         it { should be_resolvable }
@@ -40,7 +40,7 @@ module Inspec::Resources
       describe host('example.com', port: '80', protocol: 'tcp') do
         it { should be_reachable }
       end
-    "
+    EXAMPLE
 
     attr_reader :hostname, :port, :protocol
 

data/lib/resources/http.rb

@@ -4,6 +4,7 @@
 # license: Apache v2
 
 require 'faraday'
+require 'faraday_middleware'
 require 'hashie'
 
 module Inspec::Resources
@@ -11,7 +12,7 @@ module Inspec::Resources
     name 'http'
     supports platform: 'unix'
     desc 'Use the http InSpec audit resource to test http call.'
-    example "
+    example <<~EXAMPLE
       describe http('http://localhost:8080/ping', auth: {user: 'user', pass: 'test'}, params: {format: 'html'}) do
         its('status') { should cmp 200 }
         its('body') { should cmp 'pong' }
@@ -22,7 +23,7 @@ module Inspec::Resources
         its('Content-Length') { should cmp 258 }
         its('Content-Type') { should cmp 'text/html; charset=UTF-8' }
       end
-    "
+    EXAMPLE
 
     def initialize(url, opts = {})
       @url = url
@@ -63,7 +64,11 @@ module Inspec::Resources
     end
 
     def to_s
-      "http #{http_method} on #{@url}"
+      if @opts and @url
+        "HTTP #{http_method} on #{@url}"
+      else
+        'HTTP Resource'
+      end
     end
 
     class Worker
@@ -110,6 +115,10 @@ module Inspec::Resources
         def ssl_verify?
           opts.fetch(:ssl_verify, true)
         end
+
+        def max_redirects
+          opts.fetch(:max_redirects, 0)
+        end
       end
 
       class Local < Base
@@ -129,7 +138,11 @@ module Inspec::Resources
 
         def response
           return @response if @response
-          conn = Faraday.new url: url, headers: request_headers, params: params, ssl: { verify: ssl_verify? }
+          conn = Faraday.new(url: url, headers: request_headers, params: params, ssl: { verify: ssl_verify? }) do |builder|
+            builder.request :url_encoded
+            builder.use FaradayMiddleware::FollowRedirects, limit: max_redirects if max_redirects > 0
+            builder.adapter Faraday.default_adapter
+          end
 
           # set basic authentication
           conn.basic_auth username, password unless username.nil? || password.nil?
@@ -187,7 +200,12 @@ module Inspec::Resources
           response.delete!("\r")
 
           # split the prelude (status line and headers) and the body
-          prelude, @body = response.split("\n\n", 2)
+          prelude, remainder = response.split("\n\n", 2)
+          loop do
+            break unless remainder =~ %r{^HTTP/}
+            prelude, remainder = remainder.split("\n\n", 2)
+          end
+          @body = remainder
           prelude = prelude.lines
 
           # grab the status off of the first line of the prelude
@@ -220,6 +238,8 @@ module Inspec::Resources
           cmd << "--user \'#{username}:#{password}\'" unless username.nil? || password.nil?
           cmd << '--insecure' unless ssl_verify?
           cmd << "--data #{Shellwords.shellescape(request_body)}" unless request_body.nil?
+          cmd << '--location' if max_redirects > 0
+          cmd << "--max-redirs #{max_redirects}" if max_redirects > 0
 
           request_headers.each do |k, v|
             cmd << "-H '#{k}: #{v}'"

data/lib/resources/iis_app.rb

@@ -7,7 +7,7 @@ module Inspec::Resources
     name 'iis_app'
     supports platform: 'windows'
     desc 'Tests IIS application configuration on windows. Supported in server 2012+ only'
-    example "
+    example <<~EXAMPLE
       describe iis_app('/myapp', 'Default Web Site') do
         it { should exist }
         it { should have_application_pool('MyAppPool') }
@@ -16,7 +16,7 @@ module Inspec::Resources
         it { should have_physical_path('C:\\inetpub\\wwwroot\\myapp') }
         it { should have_path('\\My Application') }
       end
-    "
+    EXAMPLE
 
     def initialize(path, site_name)
       @path = path

data/lib/resources/iis_app_pool.rb

@@ -7,14 +7,14 @@ class IisAppPool < Inspec.resource(1)
   name 'iis_app_pool'
   desc 'Tests IIS application pool configuration on windows.'
   supports platform: 'windows'
-  example <<~EOH
+  example <<~EXAMPLE
     describe iis_app_pool('DefaultAppPool') do
       it { should exist }
       its('enable32bit') { should cmp 'True' }
       its('runtime_version') { should eq 'v4.0' }
       its('pipeline_mode') { should eq 'Integrated' }
     end
-  EOH
+  EXAMPLE
 
   def initialize(pool_name)
     @pool_name = pool_name
@@ -86,10 +86,13 @@ class IisAppPool < Inspec.resource(1)
   def iis_app_pool
     return @cache unless @cache.nil?
 
+    # We use `-Compress` here to avoid a bug in PowerShell
+    # It does not affect validity of the output, only the representation
+    # See: https://github.com/inspec/inspec/pull/3842
     script = <<~EOH
       Import-Module WebAdministration
       If (Test-Path '#{@pool_path}') {
-        Get-Item '#{@pool_path}' | Select-Object * | ConvertTo-Json
+        Get-Item '#{@pool_path}' | Select-Object * | ConvertTo-Json -Compress
       } Else {
         Write-Host '{}'
       }

data/lib/resources/iis_site.rb

@@ -18,7 +18,7 @@ module Inspec::Resources
     name 'iis_site'
     supports platform: 'windows'
     desc 'Tests IIS site configuration on windows. Supported in server 2012+ only'
-    example "
+    example <<~EXAMPLE
       describe iis_site('Default Web Site') do
         it { should exist }
         it { should be_running }
@@ -27,7 +27,7 @@ module Inspec::Resources
         it { should have_binding('net.pipe *') }
         it { should have_path('C:\\inetpub\\wwwroot') }
       end
-    "
+    EXAMPLE
 
     def initialize(site_name)
       @site_name = site_name
@@ -125,13 +125,13 @@ module Inspec::Resources
   class IisSiteServerSpec < IisSite
     name 'iis_website'
     desc 'Tests IIS site configuration on windows. Deprecated, use `iis_site` instead.'
-    example "
+    example <<~EXAMPLE
       describe iis_website('Default Website') do
         it{ should exist }
         it{ should be_running }
         it{ should be_in_app_pool('Default App Pool') }
       end
-    "
+    EXAMPLE
 
     def initialize(site_name)
       super(site_name)

data/lib/resources/inetd_conf.rb

@@ -9,13 +9,13 @@ module Inspec::Resources
     name 'inetd_conf'
     supports platform: 'unix'
     desc 'Use the inetd_conf InSpec audit resource to test if a service is enabled in the inetd.conf file on Linux and UNIX platforms. inetd---the Internet service daemon---listens on dedicated ports, and then loads the appropriate program based on a request. The inetd.conf file is typically located at /etc/inetd.conf and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled.'
-    example "
+    example <<~EXAMPLE
       describe inetd_conf do
         its('shell') { should eq nil }
         its('login') { should eq nil }
         its('exec') { should eq nil }
       end
-    "
+    EXAMPLE
 
     include FileReader
 

data/lib/resources/ini.rb

@@ -8,11 +8,11 @@ module Inspec::Resources
     supports platform: 'unix'
     supports platform: 'windows'
     desc 'Use the ini InSpec audit resource to test data in a INI file.'
-    example "
+    example <<~EXAMPLE
       descibe ini do
         its('auth_protocol') { should eq 'https' }
       end
-    "
+    EXAMPLE
     # override file load and parse hash with simple config
     def parse(content)
       SimpleConfig.new(content).params

data/lib/resources/interface.rb

@@ -8,13 +8,13 @@ module Inspec::Resources
     supports platform: 'unix'
     supports platform: 'windows'
     desc 'Use the interface InSpec audit resource to test basic network adapter properties, such as name, status, and link speed (in MB/sec).'
-    example "
+    example <<~EXAMPLE
       describe interface('eth0') do
         it { should exist }
         it { should be_up }
         its('speed') { should eq 1000 }
       end
-    "
+    EXAMPLE
     def initialize(iface)
       @iface = iface
 

data/lib/resources/iptables.rb

@@ -24,11 +24,11 @@ module Inspec::Resources
     name 'iptables'
     supports platform: 'linux'
     desc 'Use the iptables InSpec audit resource to test rules that are defined in iptables, which maintains tables of IP packet filtering rules. There may be more than one table. Each table contains one (or more) chains (both built-in and custom). A chain is a list of rules that match packets. When the rule matches, the rule defines what target to assign to the packet.'
-    example "
+    example <<~EXAMPLE
       describe iptables do
         it { should have_rule('-P INPUT ACCEPT') }
       end
-    "
+    EXAMPLE
 
     def initialize(params = {})
       @table = params[:table]

data/lib/resources/json.rb

@@ -8,7 +8,7 @@ module Inspec::Resources
   class JsonConfig < Inspec.resource(1)
     name 'json'
     desc 'Use the json InSpec audit resource to test data in a JSON file.'
-    example "
+    example <<~EXAMPLE
       describe json('policyfile.lock.json') do
         its(['cookbook_locks','omnibus','version']) { should eq('2.2.0') }
       end
@@ -20,8 +20,7 @@ module Inspec::Resources
       describe json({ content: '{\"item1\": { \"status\": \"available\" } }' }) do
         its(['item1', 'status']) { should cmp 'available' }
       end
-
-    "
+    EXAMPLE
 
     include ObjectTraverser
     include FileReader