inspec-core 4.18.51 → 4.18.85

data/lib/inspec/resources/command.rb

@@ -67,7 +67,7 @@ module Inspec::Resources
         res = if inspec.platform.name == "alpine"
                 inspec.backend.run_command("which \"#{@command}\"")
               else
-                inspec.backend.run_command("bash -c 'type \"#{@command}\"'")
+                inspec.backend.run_command("sh -c 'type \"#{@command}\"'")
               end
       elsif inspec.os.windows?
         res = inspec.backend.run_command("Get-Command \"#{@command}\"")

data/lib/inspec/resources/crontab.rb

@@ -32,7 +32,7 @@ module Inspec::Resources
 
     attr_reader :params
 
-    include CommentParser
+    include Inspec::Utils::CommentParser
 
     def initialize(opts = nil)
       if opts.respond_to?(:fetch)
@@ -67,6 +67,7 @@ module Inspec::Resources
     end
 
     def crontab_cmd
+      # TODO: the -u scenario needs to be able to do sudo
       @user.nil? ? "crontab -l" : "crontab -l -u #{@user}"
     end
 
@@ -108,66 +109,65 @@ module Inspec::Resources
       !@user.nil?
     end
 
-    def parse_system_crontab(data)
+    # rubocop:disable Layout/AlignHash
+
+    DEFAULT_TIMES = {
+      "minute"  => "*",
+      "hour"    => "*",
+      "day"     => "*",
+      "month"   => "*",
+      "weekday" => "*",
+    }.freeze
+
+    SYSTEM_COLUMNS = %w{minute hour day month weekday user command}.freeze
+    USER_COLUMNS = %w{minute hour day month weekday command}.freeze
+
+    HOURLY  = { "minute" => "0" }.freeze
+    DAILY   = HOURLY  .merge("hour"    => "0").freeze
+    WEEKLY  = HOURLY  .merge("weekday" => "0").freeze
+    MONTHLY = DAILY   .merge("day"     => "1").freeze
+    YEARLY  = MONTHLY .merge("month"   => "1").freeze
+    REBOOT  = {
+      "minute"  => "-1",
+      "hour"    => "-1",
+      "day"     => "-1",
+      "month"   => "-1",
+      "weekday" => "-1",
+    }.freeze
+
+    def merge_crontab(data, default)
       case data
-      when /@hourly .*/
-        elements = data.split(/\s+/, 3)
-        { "minute" => "0", "hour" => "*", "day" => "*", "month" => "*", "weekday" => "*", "user" => elements.at(1), "command" => elements.at(2) }
-      when /@(midnight|daily) .*/
-        elements = data.split(/\s+/, 3)
-        { "minute" => "0", "hour" => "0", "day" => "*", "month" => "*", "weekday" => "*", "user" => elements.at(1), "command" => elements.at(2) }
-      when /@weekly .*/
-        elements = data.split(/\s+/, 3)
-        { "minute" => "0", "hour" => "0", "day" => "*", "month" => "*", "weekday" => "0", "user" => elements.at(1), "command" => elements.at(2) }
-      when /@monthly ./
-        elements = data.split(/\s+/, 3)
-        { "minute" => "0", "hour" => "0", "day" => "1", "month" => "*", "weekday" => "*", "user" => elements.at(1), "command" => elements.at(2) }
-      when /@(annually|yearly) .*/
-        elements = data.split(/\s+/, 3)
-        { "minute" => "0", "hour" => "0", "day" => "1", "month" => "1", "weekday" => "*", "user" => elements.at(1), "command" => elements.at(2) }
-      when /@reboot .*/
-        elements = data.split(/\s+/, 3)
-        { "minute" => "-1", "hour" => "-1", "day" => "-1", "month" => "-1", "weekday" => "-1", "user" => elements.at(1), "command" => elements.at(2) }
-      else
-        elements = data.split(/\s+/, 7)
-        {
-          "minute" => elements.at(0),
-          "hour" => elements.at(1),
-          "day" => elements.at(2),
-          "month" => elements.at(3),
-          "weekday" => elements.at(4),
-          "user" => elements.at(5),
-          "command" => elements.at(6),
-        }
+      when /@hourly /
+        default.merge(HOURLY)
+      when /@(midnight|daily) /
+        default.merge(DAILY)
+      when /@weekly /
+        default.merge(WEEKLY)
+      when /@monthly /
+        default.merge(MONTHLY)
+      when /@(annually|yearly) /
+        default.merge(YEARLY)
+      when /@reboot /
+        default.merge(REBOOT)
       end
     end
 
+    def parse_system_crontab(data)
+      _, user, cmd = data.split(/\s+/, 3)
+      default = DEFAULT_TIMES.merge("user"    => user,
+                                    "command" => cmd)
+
+      merge_crontab(data, default) ||
+        SYSTEM_COLUMNS.zip(data.split(/\s+/, 7)).to_h
+    end
+
     def parse_user_crontab(data)
-      case data
-      when /@hourly .*/
-        { "minute" => "0", "hour" => "*", "day" => "*", "month" => "*", "weekday" => "*", "user" => @user, "command" => data.split(/\s+/, 2).at(1) }
-      when /@(midnight|daily) .*/
-        { "minute" => "0", "hour" => "0", "day" => "*", "month" => "*", "weekday" => "*", "user" => @user, "command" => data.split(/\s+/, 2).at(1) }
-      when /@weekly .*/
-        { "minute" => "0", "hour" => "0", "day" => "*", "month" => "*", "weekday" => "0", "user" => @user, "command" => data.split(/\s+/, 2).at(1) }
-      when /@monthly ./
-        { "minute" => "0", "hour" => "0", "day" => "1", "month" => "*", "weekday" => "*", "user" => @user, "command" => data.split(/\s+/, 2).at(1) }
-      when /@(annually|yearly) .*/
-        { "minute" => "0", "hour" => "0", "day" => "1", "month" => "1", "weekday" => "*", "user" => @user, "command" => data.split(/\s+/, 2).at(1) }
-      when /@reboot .*/
-        { "minute" => "-1", "hour" => "-1", "day" => "-1", "month" => "-1", "weekday" => "-1", "user" => @user, "command" => data.split(/\s+/, 2).at(1) }
-      else
-        elements = data.split(/\s+/, 6)
-        {
-          "minute" => elements.at(0),
-          "hour" => elements.at(1),
-          "day" => elements.at(2),
-          "month" => elements.at(3),
-          "weekday" => elements.at(4),
-          "user" => @user,
-          "command" => elements.at(5),
-        }
-      end
+      _, cmd = data.split(/\s+/, 2)
+      default = DEFAULT_TIMES.merge("user"    => @user,
+                                    "command" => cmd)
+
+      merge_crontab(data, default) ||
+        USER_COLUMNS.zip(data.split(/\s+/, 6)).to_h.merge("user" => @user)
     end
   end
 end

data/lib/inspec/resources/etc_fstab.rb

@@ -25,7 +25,7 @@ module Inspec::Resources
 
     attr_reader :params
 
-    include CommentParser
+    include Inspec::Utils::CommentParser
     include FileReader
 
     def initialize(fstab_path = nil)

data/lib/inspec/resources/etc_group.rb

@@ -24,7 +24,7 @@ require "inspec/utils/file_reader"
 module Inspec::Resources
   class EtcGroup < Inspec.resource(1)
     include Converter
-    include CommentParser
+    include Inspec::Utils::CommentParser
 
     name "etc_group"
     supports platform: "unix"

data/lib/inspec/resources/etc_hosts.rb

@@ -4,8 +4,7 @@ require "inspec/utils/file_reader"
 module Inspec::Resources
   class EtcHosts < Inspec.resource(1)
     name "etc_hosts"
-    supports platform: "linux"
-    supports platform: "bsd"
+    supports platform: "unix"
     supports platform: "windows"
     desc 'Use the etc_hosts InSpec audit resource to find an
       ip_address and its associated hosts'
@@ -19,7 +18,7 @@ module Inspec::Resources
 
     attr_reader :params
 
-    include CommentParser
+    include Inspec::Utils::CommentParser
     include FileReader
 
     DEFAULT_UNIX_PATH    = "/etc/hosts".freeze

data/lib/inspec/resources/etc_hosts_allow_deny.rb

@@ -16,7 +16,7 @@ module Inspec::Resources
 
     attr_reader :params
 
-    include CommentParser
+    include Inspec::Utils::CommentParser
     include FileReader
 
     def initialize(hosts_allow_path = nil)

data/lib/inspec/resources/file.rb

@@ -17,12 +17,12 @@ module Inspec::Resources
   # TODO: rename file_resource.rb
   class FileResource < Inspec.resource(1)
     include FilePermissionsSelector
-    include LinuxMountParser
+    include Inspec::Utils::LinuxMountParser
 
     name "file"
     supports platform: "unix"
     supports platform: "windows"
-    desc "Use the file InSpec audit resource to test all system file types, including files, directories, symbolic links, named pipes, sockets, character devices, block devices, and doors."
+    desc "Use the file InSpec audit resource to test all system file types, including files, directories, symbolic links, etc."
     example <<~EXAMPLE
       describe file('path') do
         it { should exist }

data/lib/inspec/resources/filesystem.rb

@@ -3,7 +3,7 @@ require "inspec/resources/command"
 module Inspec::Resources
   class FileSystemResource < Inspec.resource(1)
     name "filesystem"
-    supports platform: "linux"
+    supports platform: "unix"
     supports platform: "windows"
     desc "Use the filesystem InSpec resource to test file system"
     example <<~EXAMPLE
@@ -29,8 +29,8 @@ module Inspec::Resources
       @fsman = nil
 
       os = inspec.os
-      if os.linux?
-        @fsman = LinuxFileSystemResource.new(inspec)
+      if os.unix?
+        @fsman = UnixFileSystemResource.new(inspec)
       elsif os.windows?
         @fsman = WindowsFileSystemResource.new(inspec)
       else
@@ -93,7 +93,7 @@ module Inspec::Resources
     end
   end
 
-  class LinuxFileSystemResource < FsManagement
+  class UnixFileSystemResource < FsManagement
     def info(partition)
       cmd = inspec.command("df #{partition} -PT")
       if cmd.stdout.nil? || cmd.stdout.empty? || cmd.exit_status != 0

data/lib/inspec/resources/groups.rb

@@ -173,6 +173,8 @@ module Inspec::Resources
     end
 
     def groups
+      # https://apple.stackexchange.com/a/130815
+
       group_by_id = runmap("dscl . -list /Groups PrimaryGroupID")  { |l| name, id = l.split; [id.to_i, name] }
       userss      = runmap("dscl . -list /Users  PrimaryGroupID")  { |l| name, id = l.split; [name, id.to_i] }
       membership  = runmap("dscl . -list /Groups GroupMembership") { |l| key, *vs = l.split; [key, vs] }
@@ -196,9 +198,21 @@ module Inspec::Resources
         users = g.delete("users") || ""
         users = users.split
         users += Array(users_by_group[g["name"]])
-        g["members"] = users
-        g["members"].sort.join ","
+        g["members"] = users.sort
       end
+
+      groups # de-dupe/merge by gid
+        .group_by { |g| g["gid"] }
+        .values
+        .map { |subgroups|
+          g = subgroups.first
+
+          if subgroups.size != 1
+            g["members"] = subgroups.map { |h| h["members"] }.flatten.uniq
+          end
+
+          g
+        }
     end
   end
 

data/lib/inspec/resources/iis_app.rb

@@ -10,7 +10,7 @@ module Inspec::Resources
       describe iis_app('/myapp', 'Default Web Site') do
         it { should exist }
         it { should have_application_pool('MyAppPool') }
-        it { should have_protocols('http') }
+        it { should have_protocol('http') }
         it { should have_site_name('Default Web Site') }
         it { should have_physical_path('C:\\inetpub\\wwwroot\\myapp') }
         it { should have_path('\\My Application') }

data/lib/inspec/resources/ini.rb

@@ -4,8 +4,7 @@ require "inspec/utils/simpleconfig"
 module Inspec::Resources
   class IniConfig < JsonConfig
     name "ini"
-    supports platform: "unix"
-    supports platform: "windows"
+    supports platform: "os"
     desc "Use the ini InSpec audit resource to test data in a INI file."
     example <<~EXAMPLE
       descibe ini do

data/lib/inspec/resources/mount.rb

@@ -79,10 +79,10 @@ module Inspec::Resources
   end
 
   class LinuxMounts < MountsInfo
-    include LinuxMountParser
+    include Inspec::Utils::LinuxMountParser
   end
 
   class BsdMounts < MountsInfo
-    include BsdMountParser
+    include Inspec::Utils::BsdMountParser
   end
 end

data/lib/inspec/resources/oracledb_session.rb

@@ -86,7 +86,7 @@ module Inspec::Resources
       elsif @su_user.nil?
         %{#{sql_prefix}#{bin} "#{user}"/"#{password}"@#{host}:#{port}/#{@service} as #{@db_role}#{sql_postfix}}
       else
-        %{su - #{@su_user} -c "env ORACLE_SID=#{@service} #{bin} / as #{@db_role}#{sql_postfix}}
+        %{su - #{@su_user} -c "env ORACLE_SID=#{@service} #{bin} / as #{@db_role}#{sql_postfix}"}
       end
     end
 

data/lib/inspec/resources/package.rb

@@ -46,6 +46,8 @@ module Inspec::Resources
         @pkgman = HpuxPkg.new(inspec)
       elsif ["alpine"].include?(os[:name])
         @pkgman = AlpinePkg.new(inspec)
+      elsif ["freebsd"].include?(os[:name])
+        @pkgman = FreebsdPkg.new(inspec)
       else
         raise Inspec::Exceptions::ResourceSkipped, "The `package` resource is not supported on your OS yet."
       end
@@ -274,6 +276,26 @@ module Inspec::Resources
     end
   end
 
+  class FreebsdPkg < PkgManagement
+    def info(package_name)
+      cmd = inspec.command("pkg info #{package_name}")
+      return {} if cmd.exit_status.to_i != 0
+
+      params = SimpleConfig.new(
+        cmd.stdout.chomp,
+        assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+        multiple_values: false
+      ).params
+
+      {
+        name: params["Name"],
+        installed: true,
+        version: params["Version"],
+        type: "pkg",
+      }
+    end
+  end
+
   # Determines the installed packages on Windows using the Windows package registry entries.
   # @see: http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/15/use-powershell-to-find-installed-software.aspx
   class WindowsPkg < PkgManagement

data/lib/inspec/resources/passwd.rb

@@ -33,7 +33,7 @@ module Inspec::Resources
       end
     EXAMPLE
 
-    include PasswdParser
+    include Inspec::Utils::PasswdParser
     include FileReader
 
     attr_reader :params

data/lib/inspec/resources/platform.rb

@@ -18,11 +18,16 @@ module Inspec::Resources
       @platform = inspec.backend.platform
     end
 
-    # add helper methods for easy access of properties
-    %w{family release arch}.each do |property|
-      define_method(property.to_sym) do
-        @platform[property]
-      end
+    def family
+      @platform.family
+    end
+
+    def release
+      @platform.release
+    end
+
+    def arch
+      @platform.arch if @platform.respond_to?(:arch)
     end
 
     def families
@@ -51,46 +56,41 @@ module Inspec::Resources
     end
 
     def params
+      # rubocop:disable Layout/AlignHash
       h = {
-        name: name,
+        name:     name,
         families: families,
-        release: release,
+        release:  release,
+        arch:     arch,
       }
+      # rubocop:enable Layout/AlignHash
 
-      # Avoid adding Arch for APIs (not applicable)
-      unless in_family?("api")
-        h[:arch] = arch
-      end
+      h.delete :arch if in_family?("api") # not applicable if api
 
       h
     end
 
     def supported?(supports)
-      return true if supports.nil? || supports.empty?
-
-      status = true
-      supports.each do |support|
-        support.each do |k, v|
-          status =
-            case k
-            when :os_family, :"os-family", :platform_family, :"platform-family" then
-              in_family?(v)
-            when :os, :platform then
-              platform?(v)
-            when :os_name, :"os-name", :platform_name, :"platform-name" then
-              name == v
-            when :release then
-              check_release(v)
-            else
-              false
-            end
-
-          break if status == false
-        end
-        return true if status == true
-      end
+      raise ArgumentError, "`supports` is nil." unless supports
+
+      supports.any? { |support|
+        support.all? { |k, v|
+          case normalize(k)
+          when :os_family, :platform_family then
+            in_family?(v)
+          when :os, :platform then
+            platform?(v)
+          when :os_name, :platform_name then
+            name == v
+          when :release then
+            check_release(v)
+          end
+        }
+      } || supports.empty?
+    end
 
-      status
+    def normalize(key) # TODO: dumb... push this up or remove need
+      key.to_s.tr("-", "_").to_sym
     end
 
     def to_s
@@ -103,7 +103,7 @@ module Inspec::Resources
       # allow wild card matching
       if value.include?("*")
         cleaned = Regexp.escape(value).gsub('\*', ".*?")
-        !(release =~ /#{cleaned}/).nil?
+        release =~ /#{cleaned}/
       else
         release == value
       end