inspec-core 4.18.0 → 4.18.24
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/inspec/dependencies/cache.rb +2 -0
- data/lib/inspec/{describe.rb → describe_base.rb} +0 -0
- data/lib/inspec/file_provider.rb +1 -1
- data/lib/inspec/input.rb +11 -0
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +1 -1
- data/lib/inspec/plugin/v2/loader.rb +0 -6
- data/lib/inspec/profile.rb +1 -0
- data/lib/inspec/resource.rb +25 -0
- data/lib/inspec/resources/etc_hosts_allow_deny.rb +4 -0
- data/lib/inspec/resources/filesystem.rb +1 -1
- data/lib/inspec/resources/iis_app_pool.rb +38 -42
- data/lib/inspec/resources/json.rb +1 -0
- data/lib/inspec/resources/mssql_session.rb +1 -0
- data/lib/inspec/resources/oracledb_session.rb +45 -48
- data/lib/inspec/resources/users.rb +3 -2
- data/lib/inspec/resources/yum.rb +4 -1
- data/lib/inspec/rspec_extensions.rb +2 -2
- data/lib/inspec/rule.rb +2 -2
- data/lib/inspec/runner.rb +2 -0
- data/lib/inspec/utils/nginx_parser.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-compliance/README.md +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +3 -3
- data/lib/plugins/shared/core_plugin_test_helper.rb +3 -4
- metadata +17 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 983039fedda07315582c5329b0041543af3b234cc66d8f5e09938f23540e4731
|
4
|
+
data.tar.gz: aa83556f643cc61866aab9800c8cdb481808c2058d04fe3e80701cec75e473ce
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7830977e9d97ee2654ca16727f99d94d28cf62f965fb813c17b04f98ef3f75cdec0f25e8b154b6d2a6ccf449b02b220a41e7cf7b4ed099b42382922b758557eb
|
7
|
+
data.tar.gz: '09032668f99b15d19532e790244325da380c9bf317308a3ae4e336a6a7d4731c297b039d6a3df8724dafc7b9d6002e1fc150dac25ba34c60072f91aa11e87817'
|
File without changes
|
data/lib/inspec/file_provider.rb
CHANGED
@@ -171,7 +171,7 @@ module Inspec
|
|
171
171
|
path = Pathname.new(name).relative_path_from(here).to_s
|
172
172
|
|
173
173
|
@contents[path] = begin # not ||= in a tarball, last one wins
|
174
|
-
res = entry.read
|
174
|
+
res = entry.read || ""
|
175
175
|
try = res.dup
|
176
176
|
try.force_encoding Encoding::UTF_8
|
177
177
|
res = try if try.valid_encoding?
|
data/lib/inspec/input.rb
CHANGED
@@ -318,6 +318,17 @@ module Inspec
|
|
318
318
|
!current_value.is_a? NO_VALUE_SET
|
319
319
|
end
|
320
320
|
|
321
|
+
def to_hash
|
322
|
+
as_hash = { name: name, options: {} }
|
323
|
+
%i{description title identifier type required value}.each do |field|
|
324
|
+
val = send(field)
|
325
|
+
next if val.nil?
|
326
|
+
|
327
|
+
as_hash[:options][field] = val
|
328
|
+
end
|
329
|
+
as_hash
|
330
|
+
end
|
331
|
+
|
321
332
|
#--------------------------------------------------------------------------#
|
322
333
|
# Value Type Coercion
|
323
334
|
#--------------------------------------------------------------------------#
|
@@ -3,12 +3,6 @@ require "inspec/version"
|
|
3
3
|
require "inspec/plugin/v2/config_file"
|
4
4
|
require "inspec/plugin/v2/filter"
|
5
5
|
|
6
|
-
# Add the current directory of the process to the load path
|
7
|
-
$LOAD_PATH.unshift(".") unless $LOAD_PATH.include?(".")
|
8
|
-
# Add the InSpec source root directory to the load path
|
9
|
-
folder = File.expand_path(File.join("..", "..", "..", ".."), __dir__)
|
10
|
-
$LOAD_PATH.unshift(folder) unless $LOAD_PATH.include?("folder")
|
11
|
-
|
12
6
|
module Inspec::Plugin::V2
|
13
7
|
class Loader
|
14
8
|
attr_reader :conf_file, :registry, :options
|
data/lib/inspec/profile.rb
CHANGED
@@ -332,6 +332,7 @@ module Inspec
|
|
332
332
|
# convert legacy os-* supports to their platform counterpart
|
333
333
|
if res[:supports] && !res[:supports].empty?
|
334
334
|
res[:supports].each do |support|
|
335
|
+
# TODO: deprecate
|
335
336
|
support[:"platform-family"] = support.delete(:"os-family") if support.key?(:"os-family")
|
336
337
|
support[:"platform-name"] = support.delete(:"os-name") if support.key?(:"os-name")
|
337
338
|
end
|
data/lib/inspec/resource.rb
CHANGED
@@ -10,10 +10,12 @@ module Inspec
|
|
10
10
|
@default_registry ||= {}
|
11
11
|
end
|
12
12
|
|
13
|
+
# TODO: these are keyed off of strings
|
13
14
|
def self.registry
|
14
15
|
@registry ||= default_registry
|
15
16
|
end
|
16
17
|
|
18
|
+
# TODO: these are keyed off of symbols
|
17
19
|
def self.supports
|
18
20
|
@supports ||= {}
|
19
21
|
end
|
@@ -22,6 +24,29 @@ module Inspec
|
|
22
24
|
default_registry.dup
|
23
25
|
end
|
24
26
|
|
27
|
+
def self.backfill_supports!
|
28
|
+
reg = registry.keys.map(&:to_sym).sort
|
29
|
+
sup = supports.keys.map(&:to_sym).sort
|
30
|
+
|
31
|
+
missings = reg - sup
|
32
|
+
|
33
|
+
supports[:platform] = [{ platform: "os" }] # patch the circular dep
|
34
|
+
|
35
|
+
missings.each do |missing|
|
36
|
+
klass = registry[missing.to_s].superclass
|
37
|
+
sklas = klass.superclass.name&.to_sym # might be resource = no name
|
38
|
+
|
39
|
+
klass = klass.name.to_sym
|
40
|
+
|
41
|
+
case
|
42
|
+
when klass != missing # an alias
|
43
|
+
supports[missing] = supports[klass]
|
44
|
+
when sklas
|
45
|
+
supports[klass] = supports[sklas]
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
25
50
|
# Creates the inner DSL which includes all resources for
|
26
51
|
# creating tests. It is always connected to one target,
|
27
52
|
# which is specified via the backend argument.
|
@@ -95,7 +95,7 @@ module Inspec::Resources
|
|
95
95
|
|
96
96
|
class LinuxFileSystemResource < FsManagement
|
97
97
|
def info(partition)
|
98
|
-
cmd = inspec.command("df #{partition} -
|
98
|
+
cmd = inspec.command("df #{partition} -PT")
|
99
99
|
if cmd.stdout.nil? || cmd.stdout.empty? || cmd.exit_status != 0
|
100
100
|
raise Inspec::Exceptions::ResourceFailed,
|
101
101
|
"Unable to get available space for partition #{partition}"
|
@@ -22,10 +22,6 @@ module Inspec::Resources
|
|
22
22
|
def initialize(pool_name)
|
23
23
|
@pool_name = pool_name
|
24
24
|
@pool_path = "IIS:\\AppPools\\#{@pool_name}"
|
25
|
-
@cache = nil
|
26
|
-
|
27
|
-
# verify that this resource is only supported on Windows
|
28
|
-
return skip_resource "The `iis_app_pool` resource is not supported on your OS." unless inspec.os.windows?
|
29
25
|
end
|
30
26
|
|
31
27
|
def pool_name
|
@@ -77,7 +73,7 @@ module Inspec::Resources
|
|
77
73
|
end
|
78
74
|
|
79
75
|
def exists?
|
80
|
-
|
76
|
+
!!iis_app_pool[:pool_name]
|
81
77
|
end
|
82
78
|
|
83
79
|
def to_s
|
@@ -87,45 +83,45 @@ module Inspec::Resources
|
|
87
83
|
private
|
88
84
|
|
89
85
|
def iis_app_pool
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
86
|
+
@iis_app_pool ||= begin
|
87
|
+
# We use `-Compress` here to avoid a bug in PowerShell
|
88
|
+
# It does not affect validity of the output, only the representation
|
89
|
+
# See: https://github.com/inspec/inspec/pull/3842
|
90
|
+
script = <<~EOH
|
91
|
+
Import-Module WebAdministration
|
92
|
+
If (Test-Path '#{@pool_path}') {
|
93
|
+
Get-Item '#{@pool_path}' | Select-Object * | ConvertTo-Json -Compress
|
94
|
+
} Else {
|
95
|
+
Write-Host '{}'
|
96
|
+
}
|
97
|
+
EOH
|
98
|
+
cmd = inspec.powershell(script)
|
99
|
+
|
100
|
+
begin
|
101
|
+
pool = JSON.parse(cmd.stdout)
|
102
|
+
rescue JSON::ParserError => _e
|
103
|
+
raise Inspec::Exceptions::ResourceFailed, "Unable to parse app pool JSON"
|
104
|
+
end
|
105
|
+
|
106
|
+
process_model = pool.fetch("processModel", {})
|
107
|
+
idle_timeout = process_model.fetch("idleTimeout", {})
|
108
|
+
|
109
|
+
# map our values to a hash table
|
110
|
+
@cache = {
|
111
|
+
pool_name: pool["name"],
|
112
|
+
version: pool["managedRuntimeVersion"],
|
113
|
+
e32b: pool["enable32BitAppOnWin64"],
|
114
|
+
mode: pool["managedPipelineMode"],
|
115
|
+
processes: process_model["maxProcesses"],
|
116
|
+
timeout: "#{idle_timeout["Hours"]}:#{idle_timeout["Minutes"]}:#{idle_timeout["Seconds"]}",
|
117
|
+
timeout_days: idle_timeout["Days"],
|
118
|
+
timeout_hours: idle_timeout["Hours"],
|
119
|
+
timeout_minutes: idle_timeout["Minutes"],
|
120
|
+
timeout_seconds: idle_timeout["Seconds"],
|
121
|
+
user_identity_type: process_model["identityType"],
|
122
|
+
username: process_model["userName"],
|
101
123
|
}
|
102
|
-
EOH
|
103
|
-
cmd = inspec.powershell(script)
|
104
|
-
|
105
|
-
begin
|
106
|
-
pool = JSON.parse(cmd.stdout)
|
107
|
-
rescue JSON::ParserError => _e
|
108
|
-
raise Inspec::Exceptions::ResourceFailed, "Unable to parse app pool JSON"
|
109
124
|
end
|
110
|
-
|
111
|
-
process_model = pool.fetch("processModel", {})
|
112
|
-
idle_timeout = process_model.fetch("idleTimeout", {})
|
113
|
-
|
114
|
-
# map our values to a hash table
|
115
|
-
@cache = {
|
116
|
-
pool_name: pool["name"],
|
117
|
-
version: pool["managedRuntimeVersion"],
|
118
|
-
e32b: pool["enable32BitAppOnWin64"],
|
119
|
-
mode: pool["managedPipelineMode"],
|
120
|
-
processes: process_model["maxProcesses"],
|
121
|
-
timeout: "#{idle_timeout["Hours"]}:#{idle_timeout["Minutes"]}:#{idle_timeout["Seconds"]}",
|
122
|
-
timeout_days: idle_timeout["Days"],
|
123
|
-
timeout_hours: idle_timeout["Hours"],
|
124
|
-
timeout_minutes: idle_timeout["Minutes"],
|
125
|
-
timeout_seconds: idle_timeout["Seconds"],
|
126
|
-
user_identity_type: process_model["identityType"],
|
127
|
-
username: process_model["userName"],
|
128
|
-
}
|
129
125
|
end
|
130
126
|
end
|
131
127
|
end
|
@@ -5,6 +5,7 @@ require "inspec/utils/file_reader"
|
|
5
5
|
module Inspec::Resources
|
6
6
|
class JsonConfig < Inspec.resource(1)
|
7
7
|
name "json"
|
8
|
+
supports platform: "os"
|
8
9
|
desc "Use the json InSpec audit resource to test data in a JSON file."
|
9
10
|
example <<~EXAMPLE
|
10
11
|
describe json('policyfile.lock.json') do
|
@@ -11,6 +11,7 @@ module Inspec::Resources
|
|
11
11
|
# @see https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-connect-and-query-sqlcmd
|
12
12
|
class MssqlSession < Inspec.resource(1)
|
13
13
|
name "mssql_session"
|
14
|
+
supports platform: "windows"
|
14
15
|
desc "Use the mssql_session InSpec audit resource to test SQL commands run against a MS Sql Server database."
|
15
16
|
example <<~EXAMPLE
|
16
17
|
# Using SQL authentication
|
@@ -1,8 +1,8 @@
|
|
1
1
|
require "inspec/resources/command"
|
2
|
-
require "hashie/mash"
|
3
2
|
require "inspec/utils/database_helpers"
|
4
3
|
require "htmlentities"
|
5
4
|
require "rexml/document"
|
5
|
+
require "hashie/mash"
|
6
6
|
require "csv"
|
7
7
|
|
8
8
|
module Inspec::Resources
|
@@ -21,8 +21,9 @@ module Inspec::Resources
|
|
21
21
|
end
|
22
22
|
EXAMPLE
|
23
23
|
|
24
|
-
attr_reader :
|
25
|
-
|
24
|
+
attr_reader :bin, :db_role, :host, :password, :port, :service,
|
25
|
+
:su_user, :user
|
26
|
+
|
26
27
|
def initialize(opts = {})
|
27
28
|
@user = opts[:user]
|
28
29
|
@password = opts[:password] || opts[:pass]
|
@@ -30,60 +31,35 @@ module Inspec::Resources
|
|
30
31
|
Inspec.deprecate(:oracledb_session_pass_option, "The oracledb_session `pass` option is deprecated. Please use `password`.")
|
31
32
|
end
|
32
33
|
|
34
|
+
@bin = "sqlplus"
|
33
35
|
@host = opts[:host] || "localhost"
|
34
36
|
@port = opts[:port] || "1521"
|
35
37
|
@service = opts[:service]
|
36
|
-
|
37
|
-
# connection as sysdba stuff
|
38
|
-
return skip_resource "Option 'as_os_user' not available in Windows" if inspec.os.windows? && opts[:as_os_user]
|
39
|
-
|
40
38
|
@su_user = opts[:as_os_user]
|
41
39
|
@db_role = opts[:as_db_role]
|
42
|
-
|
43
|
-
# we prefer sqlci although it is way slower than sqlplus, but it understands csv properly
|
44
|
-
@sqlcl_bin = "sql" unless opts.key?(:sqlplus_bin) # don't use it if user specified sqlplus_bin option
|
40
|
+
@sqlcl_bin = opts[:sqlcl_bin] || nil
|
45
41
|
@sqlplus_bin = opts[:sqlplus_bin] || "sqlplus"
|
46
|
-
|
47
|
-
|
48
|
-
|
42
|
+
skip_resource "Option 'as_os_user' not available in Windows" if inspec.os.windows? && su_user
|
43
|
+
fail_resource "Can't run Oracle checks without authentication" unless su_user && (user || password)
|
44
|
+
fail_resource "You must provide a service name for the session" unless service
|
49
45
|
end
|
50
46
|
|
51
|
-
def query(
|
52
|
-
escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"')
|
53
|
-
# escape tables with $
|
54
|
-
escaped_query = escaped_query.gsub("$", '\\$')
|
55
|
-
|
56
|
-
p = nil
|
57
|
-
# use sqlplus if sqlcl is not available
|
47
|
+
def query(sql)
|
58
48
|
if @sqlcl_bin && inspec.command(@sqlcl_bin).exist?
|
59
|
-
bin = @sqlcl_bin
|
60
|
-
|
61
|
-
|
49
|
+
@bin = @sqlcl_bin
|
50
|
+
format_options = "set sqlformat csv\nSET FEEDBACK OFF"
|
51
|
+
parser = :parse_csv_result
|
62
52
|
else
|
63
|
-
bin = @sqlplus_bin
|
64
|
-
|
65
|
-
|
53
|
+
@bin = "#{@sqlplus_bin} -S"
|
54
|
+
format_options = "SET MARKUP HTML ON\nSET PAGESIZE 32000\nSET FEEDBACK OFF"
|
55
|
+
parser = :parse_html_result
|
66
56
|
end
|
67
57
|
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
command = %{#{bin} "#{@user}"/"#{@password}"@#{@host}:#{@port}/#{@service} as #{@db_role} <<EOC\n#{opts}\n#{query}\nEXIT\nEOC}
|
74
|
-
else
|
75
|
-
command = %{su - #{@su_user} -c "env ORACLE_SID=#{@service} #{bin} / as #{@db_role} <<EOC\n#{opts}\n#{query}\nEXIT\nEOC"}
|
76
|
-
end
|
77
|
-
cmd = inspec.command(command)
|
78
|
-
|
79
|
-
out = cmd.stdout + "\n" + cmd.stderr
|
80
|
-
if out.downcase =~ /^error/
|
81
|
-
# TODO: we need to throw an exception here
|
82
|
-
# change once https://github.com/chef/inspec/issues/1205 is in
|
83
|
-
warn "Could not execute the sql query #{out}"
|
84
|
-
DatabaseHelper::SQLQueryResult.new(cmd, Hashie::Mash.new({}))
|
85
|
-
end
|
86
|
-
DatabaseHelper::SQLQueryResult.new(cmd, send(p, cmd.stdout))
|
58
|
+
command = command_builder(format_options, sql)
|
59
|
+
inspec_cmd = inspec.command(command)
|
60
|
+
|
61
|
+
DatabaseHelper::SQLQueryResult.new(inspec_cmd, send(parser,
|
62
|
+
inspec_cmd.stdout))
|
87
63
|
end
|
88
64
|
|
89
65
|
def to_s
|
@@ -92,9 +68,30 @@ module Inspec::Resources
|
|
92
68
|
|
93
69
|
private
|
94
70
|
|
71
|
+
# 3 commands
|
72
|
+
# regular user password
|
73
|
+
# using a db_role
|
74
|
+
# su, using a db_role
|
75
|
+
def command_builder(format_options, query)
|
76
|
+
verified_query = verify_query(query)
|
77
|
+
sql_prefix, sql_postfix = "", ""
|
78
|
+
if inspec.os.windows?
|
79
|
+
sql_prefix = %{@'\n#{format_options}\n#{verified_query}\nEXIT\n'@ | }
|
80
|
+
else
|
81
|
+
sql_postfix = %{ <<'EOC'\n#{format_options}\n#{verified_query}\nEXIT\nEOC}
|
82
|
+
end
|
83
|
+
|
84
|
+
if @db_role.nil?
|
85
|
+
%{#{sql_prefix}#{bin} "#{user}"/"#{password}"@#{host}:#{port}/#{@service}#{sql_postfix}}
|
86
|
+
elsif @su_user.nil?
|
87
|
+
%{#{sql_prefix}#{bin} "#{user}"/"#{password}"@#{host}:#{port}/#{@service} as #{@db_role}#{sql_postfix}}
|
88
|
+
else
|
89
|
+
%{su - #{@su_user} -c "env ORACLE_SID=#{@service} #{bin} / as #{@db_role}#{sql_postfix}}
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
95
93
|
def verify_query(query)
|
96
|
-
|
97
|
-
query + ";" unless query.strip.end_with?(";")
|
94
|
+
query += ";" unless query.strip.end_with?(";")
|
98
95
|
query
|
99
96
|
end
|
100
97
|
|
@@ -115,7 +112,7 @@ module Inspec::Resources
|
|
115
112
|
results
|
116
113
|
end
|
117
114
|
|
118
|
-
def parse_html_result(stdout)
|
115
|
+
def parse_html_result(stdout)
|
119
116
|
result = stdout
|
120
117
|
# make oracle html valid html by removing the p tag, it does not include a closing tag
|
121
118
|
result = result.gsub("<p>", "").gsub("</p>", "").gsub("<br>", "")
|
@@ -464,8 +464,9 @@ module Inspec::Resources
|
|
464
464
|
multiple_values: false
|
465
465
|
).params
|
466
466
|
|
467
|
-
|
468
|
-
|
467
|
+
last_change = params["Last password change"]
|
468
|
+
dparse = Date.parse "#{last_change}" rescue nil
|
469
|
+
dayslastset = (Date.today - dparse).to_i if dparse
|
469
470
|
cmd = inspec.command("lastb -w -a | grep #{username} | wc -l")
|
470
471
|
badpasswordattempts = convert_to_i(cmd.stdout.chomp) if cmd.exit_status == 0
|
471
472
|
|
data/lib/inspec/resources/yum.rb
CHANGED
@@ -59,7 +59,7 @@ module Inspec::Resources
|
|
59
59
|
# detect repo start
|
60
60
|
in_repo = true if line =~ /^\s*Repo-id\s*:\s*(.*)\b/
|
61
61
|
# detect repo end
|
62
|
-
if line == "\n" && in_repo
|
62
|
+
if (line == "\n" || line =~ /\s*Total packages:/) && in_repo
|
63
63
|
in_repo = false
|
64
64
|
@cache.push(repo)
|
65
65
|
repo = {}
|
@@ -70,6 +70,9 @@ module Inspec::Resources
|
|
70
70
|
repo[repo_key(strip(val[1]))] = strip(val[2])
|
71
71
|
end
|
72
72
|
end
|
73
|
+
|
74
|
+
@cache.push(repo) if in_repo
|
75
|
+
|
73
76
|
@cache
|
74
77
|
end
|
75
78
|
|
@@ -50,8 +50,8 @@ module Inspec
|
|
50
50
|
def method_missing(method_name, *arguments, &block)
|
51
51
|
# see if it is a resource first
|
52
52
|
begin
|
53
|
-
|
54
|
-
resource = Inspec::DSL.method_missing_resource(
|
53
|
+
backend = inspec if respond_to?(:inspec) # backend not available??
|
54
|
+
resource = Inspec::DSL.method_missing_resource(backend, method_name, *arguments)
|
55
55
|
return resource if resource
|
56
56
|
rescue LoadError
|
57
57
|
# pass through
|
data/lib/inspec/rule.rb
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
require "method_source"
|
4
4
|
require "date"
|
5
|
-
require "inspec/
|
5
|
+
require "inspec/describe_base"
|
6
6
|
require "inspec/expect"
|
7
7
|
require "inspec/resource"
|
8
8
|
require "inspec/resources/os"
|
@@ -60,7 +60,7 @@ module Inspec
|
|
60
60
|
# waivers have higher precedence than only_if.
|
61
61
|
__apply_waivers
|
62
62
|
|
63
|
-
rescue StandardError => e
|
63
|
+
rescue SystemStackError, StandardError => e
|
64
64
|
# We've encountered an exception while trying to eval the code inside the
|
65
65
|
# control block. We need to prevent the exception from bubbling up, and
|
66
66
|
# fail the control. Controls are failed by having a failed resource within
|
data/lib/inspec/runner.rb
CHANGED
@@ -18,7 +18,7 @@ class NginxParser < Parslet::Parser
|
|
18
18
|
end
|
19
19
|
|
20
20
|
rule(:standard_identifier) do
|
21
|
-
(match("[a-zA-Z]") >> match('\S').repeat).as(:identifier) >> space >> space.repeat
|
21
|
+
(match("[a-zA-Z~*.]") >> match('\S').repeat).as(:identifier) >> space >> space.repeat
|
22
22
|
end
|
23
23
|
|
24
24
|
rule(:quoted_identifier) do
|
data/lib/inspec/version.rb
CHANGED
@@ -152,7 +152,7 @@ $ inspec exec compliance://admin/profile
|
|
152
152
|
|
153
153
|
Pending: (Failures listed here are expected and do not affect your suite's status)
|
154
154
|
|
155
|
-
1)
|
155
|
+
1) example_config Can't find file "/tmp/example/config.yaml"
|
156
156
|
# Not yet implemented
|
157
157
|
# ./lib/inspec/runner.rb:157
|
158
158
|
|
@@ -72,10 +72,10 @@ module InspecPlugins
|
|
72
72
|
desc "exec PROFILE", "executes a #{COMPLIANCE_PRODUCT_NAME} profile"
|
73
73
|
exec_options
|
74
74
|
def exec(*tests)
|
75
|
-
|
76
|
-
return unless loggedin(
|
75
|
+
compliance_config = InspecPlugins::Compliance::Configuration.new
|
76
|
+
return unless loggedin(compliance_config)
|
77
77
|
|
78
|
-
o =
|
78
|
+
o = config # o is an Inspec::Config object, provided by a helper method from Inspec::BaseCLI
|
79
79
|
diagnose(o)
|
80
80
|
configure_logger(o)
|
81
81
|
|
@@ -65,7 +65,7 @@ module CorePluginFunctionalHelper
|
|
65
65
|
elsif opts.key?(:env)
|
66
66
|
prefix = opts[:env].to_a.map { |assignment| "#{assignment[0]}=#{assignment[1]}" }.join(" ")
|
67
67
|
end
|
68
|
-
|
68
|
+
TRAIN_CONNECTION.run_command("#{prefix} #{exec_inspec} #{command_line}")
|
69
69
|
end
|
70
70
|
|
71
71
|
# This helper does some fancy footwork to make InSpec think a plugin
|
@@ -76,8 +76,7 @@ module CorePluginFunctionalHelper
|
|
76
76
|
# Modify plugin_statefile_data as needed; it will be written to a plugins.json
|
77
77
|
# in tmp_dir_path. You may also copy in other things to the tmp_dir_path. Your PWD
|
78
78
|
# will be in the tmp_dir, and it will exist and be empty.
|
79
|
-
# :post_run: Proc(
|
80
|
-
# run_result will be populated, but you can add more to the ostruct .payload
|
79
|
+
# :post_run: Proc(CommandResult, tmp_dir_path) - optional result capture block.
|
81
80
|
# Your PWD will be the tmp_dir, and it will still exist (for a moment!)
|
82
81
|
def run_inspec_process_with_this_plugin(command_line, opts = {})
|
83
82
|
plugin_path = __find_plugin_path_from_caller
|
@@ -101,7 +100,7 @@ module CorePluginFunctionalHelper
|
|
101
100
|
|
102
101
|
# Read the resulting plugins.json into memory, if any
|
103
102
|
if File.exist?(plugin_file_path)
|
104
|
-
|
103
|
+
@plugin_data = JSON.parse(File.read(plugin_file_path))
|
105
104
|
end
|
106
105
|
|
107
106
|
opts[:post_run]&.call(run_result, tmp_dir)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.18.
|
4
|
+
version: 4.18.24
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dominik Richter
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-10-
|
11
|
+
date: 2019-10-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: train-core
|
@@ -44,6 +44,20 @@ dependencies:
|
|
44
44
|
- - "<"
|
45
45
|
- !ruby/object:Gem::Version
|
46
46
|
version: '2.0'
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
name: chef-core
|
49
|
+
requirement: !ruby/object:Gem::Requirement
|
50
|
+
requirements:
|
51
|
+
- - "~>"
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: '0.0'
|
54
|
+
type: :runtime
|
55
|
+
prerelease: false
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
requirements:
|
58
|
+
- - "~>"
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: '0.0'
|
47
61
|
- !ruby/object:Gem::Dependency
|
48
62
|
name: thor
|
49
63
|
requirement: !ruby/object:Gem::Requirement
|
@@ -401,7 +415,7 @@ files:
|
|
401
415
|
- lib/inspec/dependencies/lockfile.rb
|
402
416
|
- lib/inspec/dependencies/requirement.rb
|
403
417
|
- lib/inspec/dependencies/resolver.rb
|
404
|
-
- lib/inspec/
|
418
|
+
- lib/inspec/describe_base.rb
|
405
419
|
- lib/inspec/dist.rb
|
406
420
|
- lib/inspec/dsl.rb
|
407
421
|
- lib/inspec/dsl_shared.rb
|