inspec-core 4.19.2 → 4.21.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d3f655ad7598f4a71bab9caff608eca6990e6c66242d1c11519d105c89168fcb
-  data.tar.gz: f6679028fc6283e7482143368d09edf70cb74d648bd45ede5d2bb8e4eb6ec165
+  metadata.gz: cefaf29ca67cbd5cdc90ac2bc3a41e990f38f966761d324489d46f8c9a32fdc5
+  data.tar.gz: 933e72e1021a81bffac47c3de56378ea0945682c6ed8f51b0e9751bd42859398
 SHA512:
-  metadata.gz: ea24f149c474dc40974f05d017d3544ce2f4e3b762f1474f7c9146d01cf3c074a8526406bc7bb1b325cd973251f0ffc5cad06a86d7686dda0e7bf6a226f834c0
-  data.tar.gz: cb74991d735738e58dbf04ed6c0dc5e32c923d83fe61cc7143a8af611050f001bb0d174949ed34a8ba7f97cd16735ca96e8d845e970abda579a12f44dec6fc22
+  metadata.gz: 0b4919f052f1f9f7bccdbf4116c2d33fded92f508f6c3057bed3a56a8214c7fa20754e281e3f50f04a5807be4c8693740e2952a0441f96447c44d2bc43059c67
+  data.tar.gz: 1c6b5778d3fe67831b7bd680dd1475f1ca7ddbb1becc24fbbeb1d245e8f6698f2c36d94d5f565564572039a87a94a6f82e9d7ddd50b70475a45c280f43766eca

data/Gemfile

@@ -9,7 +9,7 @@ gem "inspec", path: "."
 # in it in order to package the executable. Hence the odd backwards dependency.
 gem "inspec-bin", path: "./inspec-bin"
 
-gem "ffi", [">= 1.9.14", "< 1.13"] # 1.13 does not work on Windows: https://github.com/ffi/ffi/issues/784
+gem "ffi", ">= 1.9.14", "!= 1.13.0"
 
 group :omnibus do
   gem "rb-readline"
@@ -31,6 +31,7 @@ group :test do
   gem "m"
   gem "pry", "~> 0.10"
   gem "pry-byebug"
+  gem "html-proofer", platforms: :ruby # do not attempt to run proofer on windows
 end
 
 group :integration do

data/inspec-core.gemspec

@@ -39,7 +39,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "faraday",            ">= 0.9.0"
   spec.add_dependency "tty-table",          "~> 0.10"
   spec.add_dependency "tty-prompt",         "~> 0.17"
-  spec.add_dependency "tomlrb",             "~> 1.2"
+  spec.add_dependency "tomlrb",             "~> 1.2.0"
   spec.add_dependency "addressable",        "~> 2.4"
   spec.add_dependency "parslet",            "~> 1.5"
   spec.add_dependency "semverse",           "~> 3.0"

data/lib/inspec/base_cli.rb

@@ -140,7 +140,7 @@ module Inspec
       option :reporter_backtrace_inclusion, type: :boolean,
         desc: "Include a code backtrace in report data (default: true)"
       option :input, type: :array, banner: "name1=value1 name2=value2",
-        desc: "Specify one or more inputs directly on the command line, as --input NAME=VALUE"
+        desc: "Specify one or more inputs directly on the command line, as --input NAME=VALUE. Accepts single-quoted YAML and JSON structures."
       option :input_file, type: :array,
         desc: "Load one or more input files, a YAML file with values for the profile to use"
       option :waiver_file, type: :array,
@@ -155,6 +155,9 @@ module Inspec
         desc: "Show progress while executing tests."
       option :distinct_exit, type: :boolean, default: true,
         desc: "Exit with code 101 if any tests fail, and 100 if any are skipped (default).  If disabled, exit 0 on skips and 1 for failures."
+      option :silence_deprecations, type: :array,
+        banner: "[all]|[GROUP GROUP...]",
+        desc: "Suppress deprecation warnings. See install_dir/etc/deprecations.json for list of GROUPs or use 'all'."
     end
 
     def self.format_platform_info(params: {}, indent: 0, color: 39)
@@ -228,7 +231,7 @@ module Inspec
 
     private
 
-    ALL_OF_OUR_REPORTERS = %w{json json-min json-rspec json-automate junit html yaml documentation progress}.freeze # BUT WHY?!?!
+    ALL_OF_OUR_REPORTERS = %w{json json-min json-rspec json-automate junit html html2 yaml documentation progress}.freeze # BUT WHY?!?!
 
     def suppress_log_output?(opts)
       return false if opts["reporter"].nil?

data/lib/inspec/cli.rb

@@ -375,6 +375,12 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     puts "Valid schemas are #{Inspec::Schema::OutputSchema.names.join(", ")}"
   end
 
+  desc "run_context", "used to test run-context detection", hide: true
+  def run_context
+    require "inspec/utils/telemetry/run_context_probe"
+    puts Inspec::Telemetry::RunContextProbe.guess_run_context
+  end
+
   desc "version", "prints the version of this tool"
   option :format, type: :string
   def version
@@ -387,11 +393,6 @@ class Inspec::InspecCLI < Inspec::BaseCLI
   end
   map %w{-v --version} => :version
 
-  desc "nothing", "does nothing"
-  def nothing
-    puts "you did nothing"
-  end
-
   private
 
   def run_command(opts)

data/lib/inspec/config.rb

@@ -344,7 +344,6 @@ module Inspec
         cli
         json
         json-automate
-        json-min
         junit
         yaml
       }

data/lib/inspec/input_registry.rb

@@ -166,8 +166,9 @@ module Inspec
           end
         end
         input_name, input_value = pair.split("=")
+        input_value = parse_cli_input_value(input_name, input_value)
         evt = Inspec::Input::Event.new(
-          value: input_value.chomp(","), # Trim trailing comma if any
+          value: input_value,
           provider: :cli,
           priority: 50
         )
@@ -175,6 +176,37 @@ module Inspec
       end
     end
 
+    # Remove trailing commas, resolve type.
+    def parse_cli_input_value(input_name, given_value)
+      value = given_value.chomp(",") # Trim trailing comma if any
+      case value
+      when /^true|false$/i
+        value = !!(value =~ /true/i)
+      when /^-?\d+$/
+        value = value.to_i
+      when /^-?\d+\.\d+$/
+        value = value.to_f
+      when /^(\[|\{).*(\]|\})$/
+        # Look for complex values and try to parse them.
+        require "yaml"
+        begin
+          value = YAML.load(value)
+        rescue Psych::SyntaxError => yaml_error
+          # It could be that we just tried to run JSON through the YAML parser.
+          require "json"
+          begin
+            value = JSON.parse(value)
+          rescue JSON::ParserError => json_error
+            msg = "Unparseable value '#{value}' for --input #{input_name}.\n"
+            msg += "When treated as YAML, error: #{yaml_error.message}\n"
+            msg += "When treated as JSON, error: #{json_error.message}"
+            Inspec::Log.warn msg
+          end
+        end
+      end
+      value
+    end
+
     def bind_inputs_from_runner_api(profile_name, input_hash)
       # TODO: move this into a core plugin
 

data/lib/inspec/reporters.rb

@@ -2,7 +2,6 @@ require "inspec/reporters/base"
 require "inspec/reporters/cli"
 require "inspec/reporters/json"
 require "inspec/reporters/json_automate"
-require "inspec/reporters/json_min"
 require "inspec/reporters/junit"
 require "inspec/reporters/automate"
 require "inspec/reporters/yaml"
@@ -21,8 +20,6 @@ module Inspec::Reporters
     # right to introduce breaking changes to this reporter at any time.
     when "json-automate"
       reporter = Inspec::Reporters::JsonAutomate.new(config)
-    when "json-min"
-      reporter = Inspec::Reporters::JsonMin.new(config)
     when "junit"
       reporter = Inspec::Reporters::Junit.new(config)
     when "automate"
@@ -60,15 +57,23 @@ module Inspec::Reporters
     case name
     when "json"
       reporter = Inspec::Reporters::Json.new(config)
-    when "json-min"
-      reporter = Inspec::Reporters::JsonMin.new(config)
     when "json-automate"
       reporter = Inspec::Reporters::JsonAutomate.new(config)
     when "yaml"
       reporter = Inspec::Reporters::Yaml.new(config)
     else
-      # use base run_data hash for any other report
-      return run_data
+      # If we made it here, it might be a plugin
+      begin
+        activator = Inspec::Plugin::V2::Registry.instance.find_activator(plugin_type: :reporter, activator_name: name.to_sym)
+        activator.activate!
+        reporter = activator.implementation_class.new(config)
+        unless reporter.respond_to(:report?)
+          return run_data
+        end
+      rescue Inspec::Plugin::V2::LoadError
+        # Must not have been a plugin - just return the run_data
+        return run_data
+      end
     end
 
     reporter.report

data/lib/inspec/resources/interface.rb

@@ -47,10 +47,18 @@ module Inspec::Resources
       ipv6_addresses && !ipv6_addresses.empty?
     end
 
+    def ipv4_address
+      ipv4_addresses.first
+    end
+
     def ipv4_addresses
       ipv4_cidrs.map { |i| i.split("/")[0] }
     end
 
+    def ipv6_address
+      ipv6_addresses.first
+    end
+
     def ipv6_addresses
       ipv6_cidrs.map { |i| i.split("/")[0] }
     end
@@ -85,6 +93,7 @@ module Inspec::Resources
       @cache ||= begin
                    provider = LinuxInterface.new(inspec) if inspec.os.linux?
                    provider = WindowsInterface.new(inspec) if inspec.os.windows?
+                   provider = BsdInterface.new(inspec) if inspec.os.bsd? # includes macOS
                    Hash(provider && provider.interface_info(@iface))
                  end
     end
@@ -98,6 +107,52 @@ module Inspec::Resources
     end
   end
 
+  class BsdInterface < InterfaceInfo
+    def interface_info(iface)
+      cmd = inspec.command("ifconfig #{iface}")
+      return nil if cmd.exit_status.to_i != 0
+
+      lines = cmd.stdout.split("\n")
+      iface_info = {
+        name: iface,
+        ipv4_addresses: [], # Actually CIDRs
+        ipv6_addresses: [], # are expected to go here
+      }
+
+      iface_info[:up] = lines[0].include?("UP")
+      lines.each do |line|
+        # IPv4 case
+        m = line.match(/^\s+inet\s+((?:\d{1,3}\.){3}\d{1,3})\s+netmask\s+(0x[a-f0-9]{8})/)
+        if m
+          ip = m[1]
+          hex_mask = m[2]
+          cidr = hex_mask.to_i(16).to_s(2).count("1")
+          iface_info[:ipv4_addresses] << "#{ip}/#{cidr}"
+          next
+        end
+
+        # IPv6 case
+        m = line.match(/^\s+inet6\s+([a-f0-9:]+)%#{iface}\s+prefixlen\s+(\d+)/)
+        if m
+          ip = m[1]
+          cidr = m[2]
+          iface_info[:ipv6_addresses] << "#{ip}/#{cidr}"
+          next
+        end
+
+        # Speed detect, crummy - can't detect wifi, finds any number in the string
+        # Ethernet autoselect (1000baseT <full-duplex>)
+        m = line.match(/^\s+media:\D+(\d+)/)
+        if m
+          iface_info[:speed] = m[1].to_i
+          next
+        end
+      end
+
+      iface_info
+    end
+  end
+
   class LinuxInterface < InterfaceInfo
     def interface_info(iface)
       # will return "[mtu]\n1500\n[type]\n1"

data/lib/inspec/resources/interfaces.rb

@@ -0,0 +1,119 @@
+require "inspec/utils/filter"
+require "inspec/resources/command"
+
+module Inspec::Resources
+  class Interfaces < Inspec.resource(1)
+    name "interfaces"
+    supports platform: "unix"
+    supports platform: "windows"
+    desc "Use the interfaces InSpec audit resource to test properties for multiple network interfaces installed on the system"
+    example <<~EXAMPLE
+      describe interfaces do
+        its('names') { should include 'eth0' }
+      end
+    EXAMPLE
+
+    attr_reader :iface_data
+
+    def to_s
+      "Interfaces"
+    end
+
+    filter = FilterTable.create
+    filter.register_column(:names, field: "name")
+      .install_filter_methods_on_resource(self, :scan_interfaces)
+
+    def ipv4_address
+      require "ipaddr"
+
+      # Loop over interface names
+      # Select those that are up and have an ipv4 address
+      interfaces = names.map { |n| inspec.interface(n) }.select do |i|
+        i.ipv4_address? && i.up?
+      end
+
+      addrs = interfaces.map(&:ipv4_addresses).flatten.map { |a| IPAddr.new(a) }
+
+      # Look for progressively "better" IP addresses
+      [
+        # Loopback and private IP ranges
+        IPAddr.new("127.0.0.0/8"),
+        IPAddr.new("192.168.0.0/16"),
+        IPAddr.new("172.16.0.0/12"),
+        IPAddr.new("10.0.0.0/8"),
+      ].each do |private_range|
+        filtered_addrs = addrs.reject { |a| private_range.include?(a) }
+        if filtered_addrs.empty?
+          # Everything we had was a private or loopback IP. Return the "best" thing we were left with.
+          return addrs.first.to_s
+        end
+
+        addrs = filtered_addrs
+      end
+      addrs.first.to_s
+    end
+
+    private
+
+    def scan_interfaces
+      @iface_data ||= begin
+                    provider = LinuxInterfaceLister.new(inspec) if inspec.os.linux?
+                    provider = WindowsInterfaceLister.new(inspec) if inspec.os.windows?
+                    provider = BsdInterfaceLister.new(inspec) if inspec.os.bsd? # includes macOS
+                    Array(provider && provider.scan_interfaces)
+                  end
+    end
+
+    class InterfaceLister
+      attr_reader :inspec
+      def initialize(inspec)
+        @inspec = inspec
+      end
+    end
+
+    class BsdInterfaceLister < InterfaceLister
+      def scan_interfaces
+        iface_data = []
+        cmd = inspec.command("ifconfig -a")
+        cmd.stdout.split("\n").each do |line|
+          # lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
+          m = line.match(/^(\S+):/)
+          if m
+            iface_data << { "name" => m[1] }
+          end
+        end
+        iface_data
+      end
+    end
+
+    class LinuxInterfaceLister < InterfaceLister
+      def scan_interfaces
+        iface_data = []
+        cmd = inspec.command("ls /sys/class/net")
+        cmd.stdout.split("\n").each do |iface|
+          iface_data << { "name" => iface }
+        end
+        iface_data
+      end
+    end
+
+    class WindowsInterfaceLister < InterfaceLister
+      def scan_interfaces
+        iface_data = []
+        cmd = inspec.command("Get-NetAdapter | Select-Object -Property Name | ConvertTo-Json")
+        begin
+          adapter_info = JSON.parse(cmd.stdout)
+          # May be a Hash if only one, or Array if multiple - normalize to Array
+          adapter_info = [ adapter_info ] if adapter_info.is_a? Hash
+        rescue JSON::ParserError => _e
+          return nil
+        end
+        adapter_info.each do |info|
+          iface_data << { "name" => info["Name"] }
+        end
+        iface_data
+      end
+    end
+
+  end
+end

data/lib/inspec/run_data.rb

@@ -1,12 +1,19 @@
 
 module Inspec
   module HashLikeStruct
+    # Only list keys whose value are non-nil
     def keys
-      members
+      members.reject { |k| self[k].nil? }
     end
 
+    # Only list non-nil members for backwards compatibility
     def key?(item)
-      members.include?(item)
+      members.include?(item) && non_nil?(item)
+    end
+
+    # This is provided for clarity - many locations make this test
+    def non_nil?(item)
+      !self[item].nil?
     end
   end
 

data/lib/inspec/utils/deprecation/config_file.rb

@@ -1,6 +1,7 @@
 require "stringio"
 require "json"
 require "inspec/globals"
+require "inspec/config"
 
 module Inspec
   module Deprecation
@@ -32,6 +33,7 @@ module Inspec
         @groups = {}
         @unknown_group_action = :warn
         validate!
+        silence_deprecations_from_cli
       end
 
       private
@@ -45,6 +47,25 @@ module Inspec
         File.open(default_path)
       end
 
+      def silence_deprecations_from_cli
+        # Read --silence-deprecations CLI option
+        cfg = Inspec::Config.cached
+        return unless cfg[:silence_deprecations]
+
+        groups_to_silence = cfg[:silence_deprecations]
+        silence_all = groups_to_silence.include?("all")
+
+        groups.each do |group_name, group|
+          # Only silence things that warn. Don't silence things that exit;
+          # those harsher measures are usually protecting removed code and ignoring
+          # and continuing regardless would be perilous and lead to errors.
+          if %i{warn fail_control}.include?(group.action) &&
+              (silence_all || groups_to_silence.include?(group_name.to_s))
+            group.action = :ignore
+          end
+        end
+      end
+
       #====================================================================================================#
       #                                          Validation
       #====================================================================================================#

data/lib/inspec/utils/telemetry/run_context_probe.rb

@@ -0,0 +1,48 @@
+module Inspec
+  module Telemetry
+    # Guesses the run context of InSpec - how were we invoked?
+    # All stack values here are determined experimentally
+
+    class RunContextProbe
+      def self.guess_run_context(stack = nil)
+        stack ||= caller_locations
+        return "test-kitchen" if kitchen?(stack)
+        return "cli" if run_by_thor?(stack)
+        return "audit-cookbook" if audit_cookbook?(stack)
+
+        "unknown"
+      end
+
+      def self.run_by_thor?(stack)
+        stack_match(stack: stack, path: "thor/command", label: "run") &&
+          stack_match(stack: stack, path: "thor/invocation", label: "invoke_command")
+      end
+
+      def self.kitchen?(stack)
+        stack_match(stack: stack, path: "kitchen/instance", label: "verify_action") &&
+          stack_match(stack: stack, path: "kitchen/instance", label: "verify")
+      end
+
+      def self.audit_cookbook?(stack)
+        stack_match(stack: stack, path: "chef/handler", label: "run_report_handlers") &&
+          stack_match(stack: stack, path: "handler/audit_report", label: "report")
+      end
+
+      def self.stack_match(stack: [], label: nil, path: nil)
+        return false if stack.nil?
+
+        stack.any? do |frame|
+          if label && path
+            frame.label == label && frame.absolute_path.include?(path)
+          elsif label
+            frame.label == label
+          elsif path
+            frame.absolute_path.include?(path)
+          else
+            false
+          end
+        end
+      end
+    end
+  end
+end

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "4.19.2".freeze
+  VERSION = "4.21.3".freeze
 end

data/lib/plugins/inspec-reporter-html2/README.md

@@ -0,0 +1,53 @@
+# inspec-reporter-html2 Plugin
+
+An "improved" HTML output reporter specifically for Chef InSpec. Unlike the default `html` reporter, which is RSpec-based, this reporter knows about Chef InSpec structures like Controls and Profiles, and includes full metadata such as control tags, etc.
+
+## To Install This Plugin
+
+This plugin ships with Chef InSpec and requires no installation.
+
+It should appear when you run:
+
+```
+you@machine $ inspec plugin list
+```
+
+## How to use this plugin
+
+To generate an HTML report using this plugin and save the output to a file named `report.html`, run:
+
+```
+you@machine $ inspec exec some_profile --reporter html2:report.html
+```
+
+Note the `2` in the reporter name. If you omit it and run `--reporter html` instead, you will run the legacy RSpec HTML reporter.
+
+## Configuring the Plugin
+
+The `html2` reporter requires no configuration to function. However, two options--`alternate_css_file` and `alternate_js_file`--are available for customization. The options are set in the JSON-formatted configuration file that Chef InSpec consumes. For details, see [our configuration file documentation](https://www.inspec.io/docs/reference/config/).
+
+For example:
+
+```json
+{
+  "version": "1.2",
+  "plugins": {
+    "inspec-reporter-html2": {
+      "alternate_js_file":"/var/www/js/my-javascript.js",
+      "alternate_css_file":"/var/www/css/my-style.css"
+    }
+  }
+}
+```
+
+### alternate\_css\_file
+
+Specifies the full path to the location of a CSS file that will be read and inlined into the HTML report. The default CSS will not be included.
+
+### alternate\_js\_file
+
+Specifies the full path to the location of a JavaScript file that will be read and inlined into the HTML report. The default JavaScript will not be included. The JavaScript file should implement at least a `pageLoaded()` function, which will be called by the `onload` event of the HTML `body` element.
+
+## Developing This Plugin
+
+This plugin is part of the Chef InSpec source code. While it has its own tests, the general contribution policy is dictated by the Chef InSpec project at https://github.com/inspec/inspec/blob/master/CONTRIBUTING.md

data/lib/plugins/inspec-reporter-html2/lib/inspec-reporter-html2.rb

@@ -0,0 +1,18 @@
+libdir = File.dirname(__FILE__)
+$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
+
+require "inspec-reporter-html2/version"
+module InspecPlugins
+  module Html2Reporter
+    class Plugin < ::Inspec.plugin(2)
+      # Internal machine name of the plugin. InSpec will use this in errors, etc.
+      plugin_name :'inspec-reporter-html2'
+
+      # Define a new Reporter.
+      reporter :html2 do
+        require "inspec-reporter-html2/reporter"
+        InspecPlugins::Html2Reporter::Reporter
+      end
+    end
+  end
+end

data/lib/plugins/inspec-reporter-html2/lib/inspec-reporter-html2/reporter.rb

@@ -0,0 +1,24 @@
+require "erb"
+require "inspec/config"
+
+module InspecPlugins::Html2Reporter
+  class Reporter < Inspec.plugin(2, :reporter)
+    def render
+      template_path = File.expand_path(__FILE__ + "../../../../templates")
+
+      # Read config data from the user's config file. Supports two settings, both of which are absolute filesystem paths:
+      #  alternate_css_file - contents will be used instead of default CSS
+      #  alternate_js_file - contents will be used instead of default JavaScript
+      cfg = Inspec::Config.cached.fetch_plugin_config("inspec-reporter-html2")
+      js_path = cfg[:alternate_js_file] || (template_path + "/default.js")
+      css_path = cfg[:alternate_css_file] || (template_path + "/default.css")
+
+      template = ERB.new(File.read(template_path + "/body.html.erb"))
+      output(template.result(binding))
+    end
+
+    def self.run_data_schema_constraints
+      "~> 0.0"
+    end
+  end
+end

data/lib/plugins/inspec-reporter-html2/lib/inspec-reporter-html2/version.rb

@@ -0,0 +1,8 @@
+# This file simply makes it easier for CI engines to update
+# the version stamp, and provide a clean way for the gemspec
+# to learn the current version.
+module InspecPlugins
+  module Html2Reporter
+    VERSION = "0.1.0".freeze
+  end
+end

data/lib/plugins/inspec-reporter-html2/templates/body.html.erb

@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<!-- saved from url=(0014)about:internet -->
+<!-- prior comment allows JS to execute on IE when saved as a local file, "MOTW" -->
+<html lang="en">
+  <head>
+    <title><%= Inspec::Dist::PRODUCT_NAME %> Results</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <style type="text/css">
+    /* Must inline all CSS files, this is a single-file output that may be airgapped */
+    <%= ERB.new(File.read(css_path), nil, nil, "_css").result(binding)  %>
+    </style>
+    <script type="text/javascript">
+    // <![CDATA[
+    /* Must inline all JavaScript files, this is a single-file output that may be airgapped */
+    <%= ERB.new(File.read(js_path), nil, nil, "_js").result(binding)  %>
+    // ]]>
+    </script>
+  </head>
+  <body onload="pageLoaded()">
+    <%= ERB.new(File.read(template_path + "/selector.html.erb"), nil, nil, "_select").result(binding)  %>
+    <div class="inspec-report">
+    <h1><%= Inspec::Dist::PRODUCT_NAME %> Report</h1>
+    <% run_data.profiles.each do |profile| %>
+      <%= ERB.new(File.read(template_path + "/profile.html.erb"), nil, nil, "_prof").result(binding)  %>
+    <% end %>
+
+    <div class="inspec-summary">
+      <table id="platform" class="info">
+        <tr><th colspan=2><h4 id="platform-label">Platform Information</h4></th></tr>
+        <tr class= "name"><th>Name:</th><td><%= run_data.platform.name %></td></tr>
+        <tr class= "release"><th>Release:</th><td><%= run_data.platform.release %></td></tr>
+        <tr class= "target"><th>Target:</th><td><%= run_data.platform.target %></td></tr>
+      </table>
+      <table id="statistics" class="info">
+        <tr><th colspan="2"><h4 id="statistics-label">Control Statistics</h4></th></tr>
+        <tr class= "passed"><th>Passed:</th><td><%= run_data.statistics.controls.passed.total %></td></tr>
+        <tr class= "skipped"><th>Skipped:</th><td><%= run_data.statistics.controls.skipped.total %></td></tr>
+        <tr class= "failed"><th>Failed:</th><td><%= run_data.statistics.controls.failed.total %></td></tr>
+        <tr class= "duration"><th>Duration:</th><td><%= run_data.statistics.duration %> seconds</td></tr>
+        <tr class= "date"><th>Time Finished:</th><td><%= Time.now %></td></tr>
+      </table>
+      <span id="inspec-version"><%= Inspec::Dist::PRODUCT_NAME %> version <%= run_data.version %></span>
+    </div>
+    </div>
+  </body>
+</html>

data/lib/plugins/inspec-reporter-html2/templates/control.html.erb

@@ -0,0 +1,77 @@
+<% slugged_id = control.id.tr(" ", "_") %>
+<%
+    # Determine status of control
+    status = "passed"
+    if control.results.any? { |r| r.status == "failed" }
+      status = "failed"
+    elsif control.results.any? { |r| r.status == "skipped" }
+      status = "skipped"
+    end
+%>
+
+<div class="control control-status-<%= status %>" id="control-<%= slugged_id %>">
+
+  <%
+    # Determine range of impact
+    i = control.impact || 0.0
+    impact_level = "none"
+    if i < 0.3
+      impact_level = "low"
+    elsif i < 0.7
+      impact_level = "medium"
+    else
+      impact_level = "high"
+    end
+  %>
+
+  <h3 class="control-title">Control <code><%= control.id %></code></h3>
+  <table class="control-metadata info" id="control-metadata-<%= slugged_id %>">
+    <tr class="status status-<%= status %>"><th>Status:</th><td><div><%= status.capitalize %></div></td></tr>
+    <% if control.title %><tr class="title"><th>Title:</th><td><%= control.title %></td></tr> <% end %>
+    <% if control.desc %><tr class="desc"><th>Description:</th><td><%= control.desc %></td></tr> <% end %>
+    <% if control.impact %><tr class="impact impact-<%= impact_level %>"><th>Impact:</th><td><%= control.impact %></td></tr> <% end %>
+    <% unless control.tags.empty? %>
+      <tr class="tags">
+        <th>Tags:</th>
+        <td>
+          <table class="tags">
+            <% control.tags.each do |tag_name, tag_text| %>
+              <tr><td><%= tag_name %></td><td><%= tag_text %></td></tr>
+            <% end %>
+          </table>
+        </td>
+      </tr>
+    <% end %>
+    <% unless control.refs.empty? %>
+      <tr class="refs">
+        <th>References:</th>
+        <td>
+          <ul>
+          <% control.refs.each do |r| %>
+            <li><a href="<%= r.url %>"><%= r.ref %></a></li>
+          <% end %>
+          </ul>
+        </td>
+      </tr>
+    <% end %>
+    <tr class="code">
+      <th>Source Code:</th>
+      <td>
+        <input type="button" class="show-source-code" id="show-code-<%= slugged_id %>" value="Show Source"/>
+        <input type="button" class="hide-source-code hidden" id="hide-code-<%= slugged_id %>" value="Hide Source"/>
+        <pre class="source-code hidden" id="source-code-<%= slugged_id %>">
+          <code>
+<%= control.code %>
+          </code>
+        </pre>
+      </td>
+    </tr>
+  <!-- TODO waiver data -->
+
+  </table>
+
+  <% control.results.each do |result| %>
+    <%= ERB.new(File.read(template_path + "/result.html.erb"), nil, nil, "_rslt").result(binding)  %>
+  <% end %>
+
+</div>

data/lib/plugins/inspec-reporter-html2/templates/default.css

@@ -0,0 +1,107 @@
+body {
+  margin: 20px 10% 20px 10%;
+  padding: 0;
+  background: #fff;
+}
+h1, h2, h3, h4, h5 {
+  font-family: "Lucida Grande", Helvetica, sans-serif;
+}
+h1, h2 {
+  padding: 10px;
+  text-align: center
+}
+table.info th, table.info th {
+  padding: 2px;
+}
+table.info th {
+  text-align: right;
+}
+.hidden {
+  display: none;
+}
+pre code {
+  background-color: #eee;
+  border: 1px solid #999;
+  display: block;
+  padding: 20px;
+}
+
+.profile, .control, .profile-metadata {
+  border: 1px solid #ccc;
+  padding: 10px;
+  margin: 5px auto;
+}
+
+.resource-title {
+  margin-left: 2.5%;
+}
+
+.control-title code,
+.resource-title code {
+  font-size: larger;
+}
+.control-metadata .status div,
+.result-metadata .status div {
+  color: white;
+  font-weight: bold;
+  width: fit-content;
+  padding: 0px 2px;
+}
+
+.control-metadata .status-passed div,
+.result-metadata .status-passed div  {
+  background-color: darkgreen;
+}
+.control-metadata .status-failed div,
+.result-metadata .status-failed div {
+  background-color: red;
+}
+.control-metadata .status-skipped div,
+.result-metadata .status-skipped div  {
+  background-color: grey;
+}
+.result-metadata,
+.control-metadata {
+  margin: 0 0 0 5%;
+}
+
+.selector-panel {
+  position: fixed;
+  z-index: 100;
+  background-color: #ccc;
+  padding: 10px;
+  top: 0;
+  margin-left: -10%;
+  border-bottom-right-radius: 10px;
+}
+
+@media print {
+  .selector-panel {
+     visibility: hidden;
+  }
+}
+
+.inspec-summary {
+  border: 1px solid #ccc;
+  padding: 10px;
+  margin: 5px auto;
+  width: fit-content
+}
+
+.inspec-summary h4 {
+  margin-bottom: 0px;
+}
+
+.inspec-summary #platform, .inspec-summary #statistics {
+  display: inline;
+}
+
+#statistics .date td {
+  width: 100px
+}
+
+#inspec-version {
+  display: block;
+  text-align: center;
+  font-style: italic;
+}

data/lib/plugins/inspec-reporter-html2/templates/default.js

@@ -0,0 +1,79 @@
+
+/* CSS primitives */
+function addCssClass(id, cls) {
+  document.getElementById(id).className += (" " + cls);
+}
+
+function removeCssClass(id, cls) {
+  var el = document.getElementById(id);
+  var classes = el.className.replace(cls,'');
+  el.className = classes;
+}
+
+function handleShowSource(evt) {
+  var control_id = evt.srcElement.id.replace("show-code-", "")
+  addCssClass(evt.srcElement.id, "hidden")
+  removeCssClass("hide-code-" + control_id, "hidden")
+  removeCssClass("source-code-" + control_id, "hidden")
+}
+
+function handleHideSource(evt) {
+  var control_id = evt.srcElement.id.replace("hide-code-", "")
+  addCssClass(evt.srcElement.id, "hidden")
+  addCssClass("source-code-" + control_id, "hidden")
+  removeCssClass("show-code-" + control_id, "hidden")
+}
+
+function handleSelectorChange(evt) {
+  var should_show = evt.srcElement.checked
+  var which_group = evt.srcElement.id.replace("-checkbox","")
+  var controls = document.getElementsByClassName("control-status-" + which_group)
+  var i;
+  if (should_show) {
+    for (i = 0; i < controls.length; i++) {
+      removeCssClass(controls[i].id, "hidden")
+    }
+  } else {
+    for (i = 0; i < controls.length; i++) {
+      addCssClass(controls[i].id, "hidden")
+    }
+  }
+}
+
+function handleChildProfileChange(evt) {
+  var should_show = evt.srcElement.checked
+  var child_profiles = document.getElementsByClassName("child-profile")
+  var i;
+  if (should_show) {
+    for (i = 0; i < child_profiles.length; i++) {
+      removeCssClass(child_profiles[i].id, "hidden")
+    }
+  } else {
+    for (i = 0; i < child_profiles.length; i++) {
+      addCssClass(child_profiles[i].id, "hidden")
+    }
+  }
+}
+
+/* Main entry point */
+function  pageLoaded() {
+  var i;
+
+  // wire up show source links
+  var show_links = document.getElementsByClassName("show-source-code");
+  for (i = 0; i < show_links.length; i++) {
+    show_links[i].onclick = handleShowSource;
+  }
+  // wire up hide source links
+  var hide_links = document.getElementsByClassName("hide-source-code");
+  for (i = 0; i < hide_links.length; i++) {
+    hide_links[i].onclick = handleHideSource;
+  }
+  // wire up selector checkboxes
+  var selectors = document.getElementsByClassName("selector-checkbox");
+  for (i = 0; i < selectors.length; i++) {
+    selectors[i].onchange = handleSelectorChange;
+  }
+  // wire up child profile checkbox
+  document.getElementById("child-profile-checkbox").onchange = handleChildProfileChange;
+}

data/lib/plugins/inspec-reporter-html2/templates/profile.html.erb

@@ -0,0 +1,20 @@
+<div class="profile <%= profile.parent_profile ? "child-profile hidden" : "" %>" id="profile-<%= profile.name %>">
+  <% display_name = profile.title || profile.name %>
+  <h2 class="profile_title">Profile <%= display_name %> (<%= profile.name %>)</h2>
+
+  <table class="profile-metadata info" id="profile-metadata-<%= profile.name %>">
+    <tr class="profile-version"><th>Version:</th><td><%= profile.version %></td></tr>
+    <% if profile.summary %>
+    <tr class="profile-summary"><th>Summary:</th><td><%= profile.summary %></td></tr>
+    <% end %>
+    <% if profile.skip_message %>
+    <tr class="profile-skip-message"><th>Skip Message:</th><td><%= profile.skip_message %></td></tr>
+    <% end %>
+  </table>
+
+  <% if profile.status == "loaded" %>
+    <% profile.controls.each do |control| %>
+      <%= ERB.new(File.read(template_path + "/control.html.erb"), nil, nil, "_ctl").result(binding)  %>
+    <% end %>
+  <% end %>
+</div>

data/lib/plugins/inspec-reporter-html2/templates/result.html.erb

@@ -0,0 +1,15 @@
+<% slugged_id = result.resource_title.to_s.gsub(/\W/, "_") %>
+<div class="result" id="result-<%= slugged_id %>">
+  <h4 class="resource-title">Resource <code><%= result.resource_title.to_s %></code></h4>
+  <table class="result-metadata info">
+    <tr class="expectation_message"><th>Test:</th><td><code><%= result.expectation_message %></code></td></tr>
+    <tr class="status status-<%= result.status %>"><th>Status:</th><td><div><%= result.status.capitalize %></div></td></tr>
+    <% if result.status == "failed" %>
+    <tr class="fail_message"><th>Failure Message:</th><td><code><%= result.message %></code></td></tr>
+    <% end %>
+    <% if result.status == "skipped" %>
+    <tr class="skip_message"><th>Skip Message:</th><td><%= result.skip_message %></td></tr>
+    <% end %>
+    <tr class="duration"><th>Duration:</th><td><%= result.run_time %> seconds</td></tr>
+  </table>
+</div>

data/lib/plugins/inspec-reporter-html2/templates/selector.html.erb

@@ -0,0 +1,8 @@
+<div class="selector-panel">
+  <p id="selector-instructions">Display controls that are:</p>
+  <input class="selector-checkbox" id="passed-checkbox" type="checkbox" checked="checked"/><label for="passed-checkbox">Passed</label>
+  <input class="selector-checkbox" id="skipped-checkbox" type="checkbox" checked="checked"/><label for="skipped-checkbox">Skipped</label>
+  <input class="selector-checkbox" id="failed-checkbox" type="checkbox" checked="checked"/><label for="failed-checkbox">Failed</label>
+  <p id="selector-instructions">Display profiles that are:</p>
+  <input class="profile-selector-checkbox" id="child-profile-checkbox" type="checkbox" /><label for="child-profile-checkbox">Dependent Profiles</label>
+</div>

data/lib/plugins/inspec-reporter-json-min/README.md

@@ -0,0 +1,10 @@
+# JSON Minimal Reporter Plugin
+
+## To Install This Plugin
+
+This plugin is included with InSpec. There is no need to install it.
+
+## What This Plugin Does
+
+This plugin provides the `json-min` reporter, which produces test output in JSON format with less detail than the `json` reporter.
+

data/lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min.rb

@@ -0,0 +1,13 @@
+require_relative "inspec-reporter-json-min/version"
+
+module InspecPlugins
+  module JsonMinReporter
+    class Plugin < ::Inspec.plugin(2)
+      plugin_name :"inspec-reporter-json-min"
+      reporter :"json-min" do
+        require_relative "inspec-reporter-json-min/reporter"
+        InspecPlugins::JsonMinReporter::Reporter
+      end
+    end
+  end
+end

data/lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min/reporter.rb

@@ -0,0 +1,50 @@
+require "json"
+
+module InspecPlugins::JsonMinReporter
+  class Reporter < Inspec.plugin(2, :reporter)
+    def self.run_data_schema_constraints
+      "~> 0.0"
+    end
+
+    def render
+      output(report.to_json, false)
+    end
+
+    def report # rubocop:disable Metrics/AbcSize
+      report = {
+        controls: [],
+        statistics: { duration: run_data.statistics.duration },
+        version: run_data.version,
+      }
+
+      # collect all test results and add them to the report
+      run_data.profiles.each do |profile|
+        profile_id = profile.name
+
+        profile.controls.each do |control|
+          control_id = control.id
+
+          control.results.each do |result|
+            result_for_report = {
+              id: control_id,
+              profile_id: profile_id,
+              profile_sha256: profile.sha256,
+              status: result.status,
+              code_desc: result.code_desc,
+            }
+
+            result_for_report[:skip_message] = result.skip_message if result.non_nil?(:skip_message)
+            result_for_report[:resource] = result.resource if result.non_nil?(:resource)
+            result_for_report[:message] = result.message if result.non_nil?(:message)
+            result_for_report[:exception] = result.exception if result.non_nil?(:exception)
+            result_for_report[:backtrace] = result.backtrace if result.non_nil?(:backtrace)
+
+            report[:controls] << result_for_report
+          end
+        end
+      end
+
+      report
+    end
+  end
+end

data/lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min/version.rb

@@ -0,0 +1,5 @@
+module InspecPlugins
+  module JsonMinReporter
+    VERSION = "0.1.0".freeze
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 4.19.2
+  version: 4.21.3
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-06-04 00:00:00.000000000 Z
+date: 2020-06-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -264,14 +264,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: 1.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: 1.2.0
 - !ruby/object:Gem::Dependency
   name: addressable
   requirement: !ruby/object:Gem::Requirement
@@ -483,7 +483,6 @@ files:
 - lib/inspec/reporters/cli.rb
 - lib/inspec/reporters/json.rb
 - lib/inspec/reporters/json_automate.rb
-- lib/inspec/reporters/json_min.rb
 - lib/inspec/reporters/junit.rb
 - lib/inspec/reporters/yaml.rb
 - lib/inspec/require_loader.rb
@@ -537,6 +536,7 @@ files:
 - lib/inspec/resources/inetd_conf.rb
 - lib/inspec/resources/ini.rb
 - lib/inspec/resources/interface.rb
+- lib/inspec/resources/interfaces.rb
 - lib/inspec/resources/ip6tables.rb
 - lib/inspec/resources/iptables.rb
 - lib/inspec/resources/json.rb
@@ -667,6 +667,7 @@ files:
 - lib/inspec/utils/telemetry/collector.rb
 - lib/inspec/utils/telemetry/data_series.rb
 - lib/inspec/utils/telemetry/global_methods.rb
+- lib/inspec/utils/telemetry/run_context_probe.rb
 - lib/inspec/version.rb
 - lib/matchers/matchers.rb
 - lib/plugins/README.md
@@ -724,6 +725,21 @@ files:
 - lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb
 - lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb
 - lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb
+- lib/plugins/inspec-reporter-html2/README.md
+- lib/plugins/inspec-reporter-html2/lib/inspec-reporter-html2.rb
+- lib/plugins/inspec-reporter-html2/lib/inspec-reporter-html2/reporter.rb
+- lib/plugins/inspec-reporter-html2/lib/inspec-reporter-html2/version.rb
+- lib/plugins/inspec-reporter-html2/templates/body.html.erb
+- lib/plugins/inspec-reporter-html2/templates/control.html.erb
+- lib/plugins/inspec-reporter-html2/templates/default.css
+- lib/plugins/inspec-reporter-html2/templates/default.js
+- lib/plugins/inspec-reporter-html2/templates/profile.html.erb
+- lib/plugins/inspec-reporter-html2/templates/result.html.erb
+- lib/plugins/inspec-reporter-html2/templates/selector.html.erb
+- lib/plugins/inspec-reporter-json-min/README.md
+- lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min.rb
+- lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min/reporter.rb
+- lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min/version.rb
 - lib/plugins/shared/core_plugin_test_helper.rb
 - lib/plugins/things-for-train-integration.rb
 - lib/source_readers/flat.rb

data/lib/inspec/reporters/json_min.rb

@@ -1,48 +0,0 @@
-require "json"
-
-module Inspec::Reporters
-  class JsonMin < Base
-    def render
-      output(report.to_json, false)
-    end
-
-    def report # rubocop:disable Metrics/AbcSize
-      report = {
-        controls: [],
-        statistics: { duration: run_data[:statistics][:duration] },
-        version: run_data[:version],
-      }
-
-      # collect all test results and add them to the report
-      run_data[:profiles].each do |profile|
-        profile_id = profile[:name]
-        next unless profile[:controls]
-
-        profile[:controls].each do |control|
-          control_id = control[:id]
-          next unless control[:results]
-
-          control[:results].each do |result|
-            result_for_report = {
-              id: control_id,
-              profile_id: profile_id,
-              profile_sha256: profile[:sha256],
-              status: result[:status],
-              code_desc: result[:code_desc],
-            }
-
-            result_for_report[:skip_message] = result[:skip_message] if result.key?(:skip_message)
-            result_for_report[:resource] = result[:resource] if result.key?(:resource)
-            result_for_report[:message] = result[:message] if result.key?(:message)
-            result_for_report[:exception] = result[:exception] if result.key?(:exception)
-            result_for_report[:backtrace] = result[:backtrace] if result.key?(:backtrace)
-
-            report[:controls] << result_for_report
-          end
-        end
-      end
-
-      report
-    end
-  end
-end