inspec-core 4.20.6 → 4.22.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bad597d54eeb47c2f634b9c2bba2fcec8afa0d507e0b321244caee264c3b59cf
-  data.tar.gz: 966803761b3601c83b1d2474b3405b863b245396f8e4962fc950484ed87ee9ea
+  metadata.gz: 2b4f096b34b4707a39ac4392118bdeadf0ab3b15b2ebea8faf8661902dbf8409
+  data.tar.gz: 60ed138d131e605f8257a541a655757bf819c6e72b169a2c1034a1626db7c4d1
 SHA512:
-  metadata.gz: 2ea62a2de16846b6d3bd1075868e070e41a14d9a8dce9a711155e7d75519eb56fa23238fa4cc3b53a97480396c4bd7a1b20a98251918268a66278c970ab0cda1
-  data.tar.gz: a420f3368a7ae4b6f264f15901848e7615bd6e7fefac559dda3c955d83b7059dd59464e685cef5e4310da2d503e61f72c254739c4a054e7b6f76c7bd5f61ef37
+  metadata.gz: 910a8739e4f375d3d573a734f46350e3e609a72b2376d8d9e04757e06e2274da1f728b612ab11312b08f90fafd5baf68f90a179fc90edaac9366ca49701680eb
+  data.tar.gz: 25320c374c74ee45a8ebdcfce19c7fd481a1888c7d7f3250c5a091a3e556096dd42191b570e58572ae382dea7f99661c901ae3822438c52268b76ccef286572f

data/Gemfile

@@ -31,6 +31,7 @@ group :test do
   gem "m"
   gem "pry", "~> 0.10"
   gem "pry-byebug"
+  gem "html-proofer", platforms: :ruby # do not attempt to run proofer on windows
 end
 
 group :integration do

data/inspec-core.gemspec

@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "chef-telemetry",     "~> 1.0"
   spec.add_dependency "license-acceptance", ">= 0.2.13", "< 2.0"
   spec.add_dependency "thor",               ">= 0.20", "< 2.0"
-  spec.add_dependency "json_schemer",       "~> 0.2.1"
+  spec.add_dependency "json_schemer",       ">= 0.2.1", "< 0.2.12"
   spec.add_dependency "method_source",      ">= 0.8", "< 2.0"
   spec.add_dependency "rubyzip",            "~> 1.2", ">= 1.2.2"
   spec.add_dependency "rspec",              "~> 3.9"

data/lib/inspec/base_cli.rb

@@ -231,7 +231,7 @@ module Inspec
 
     private
 
-    ALL_OF_OUR_REPORTERS = %w{json json-min json-rspec json-automate junit html yaml documentation progress}.freeze # BUT WHY?!?!
+    ALL_OF_OUR_REPORTERS = %w{json json-min json-rspec json-automate junit html html2 yaml documentation progress}.freeze # BUT WHY?!?!
 
     def suppress_log_output?(opts)
       return false if opts["reporter"].nil?

data/lib/inspec/cli.rb

@@ -375,6 +375,12 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     puts "Valid schemas are #{Inspec::Schema::OutputSchema.names.join(", ")}"
   end
 
+  desc "run_context", "used to test run-context detection", hide: true
+  def run_context
+    require "inspec/utils/telemetry/run_context_probe"
+    puts Inspec::Telemetry::RunContextProbe.guess_run_context
+  end
+
   desc "version", "prints the version of this tool"
   option :format, type: :string
   def version
@@ -387,11 +393,6 @@ class Inspec::InspecCLI < Inspec::BaseCLI
   end
   map %w{-v --version} => :version
 
-  desc "nothing", "does nothing"
-  def nothing
-    puts "you did nothing"
-  end
-
   private
 
   def run_command(opts)

data/lib/inspec/config.rb

@@ -341,6 +341,7 @@ module Inspec
       # Tracked on https://github.com/inspec/inspec/issues/3667
       inspec_reporters_that_are_not_yet_plugins = %w{
         automate
+        cli
         json
         json-automate
         junit
@@ -354,12 +355,7 @@ module Inspec
         .find_activators(plugin_type: :reporter)\
         .map(&:activator_name).map(&:to_s)
 
-      # Include CLI explicitly, because it is the default reporter and will usually not be
-      # present on the command line, and thus its plugin will not appear on the list.
-      valid_types = rspec_built_in_formatters + \
-        inspec_reporters_that_are_not_yet_plugins + \
-        plugin_reporters + \
-        [ "cli" ]
+      valid_types = rspec_built_in_formatters + inspec_reporters_that_are_not_yet_plugins + plugin_reporters
 
       reporters.each do |reporter_name, reporter_config|
         raise NotImplementedError, "'#{reporter_name}' is not a valid reporter type." unless valid_types.include?(reporter_name)

data/lib/inspec/exceptions.rb

@@ -4,6 +4,7 @@ module Inspec
   module Exceptions
     class InputsFileDoesNotExist < ArgumentError; end
     class InputsFileNotReadable < ArgumentError; end
+    class ProfileLoadFailed < StandardError; end
     class ResourceFailed < StandardError; end
     class ResourceSkipped < StandardError; end
     class SecretsBackendNotFound < ArgumentError; end

data/lib/inspec/input_registry.rb

@@ -165,7 +165,8 @@ module Inspec
             raise ArgumentError, "ERROR: An '=' is required when using --input. Usage: --input input_name1=input_value1 input2=value2"
           end
         end
-        input_name, input_value = pair.split("=")
+        pair = pair.match(/(.*?)=(.*)/)
+        input_name, input_value = pair[1], pair[2]
         input_value = parse_cli_input_value(input_name, input_value)
         evt = Inspec::Input::Event.new(
           value: input_value,

data/lib/inspec/metadata.rb

@@ -9,7 +9,12 @@ require "inspec/version"
 require "inspec/utils/spdx"
 
 module Inspec
-  # Extract metadata.rb information
+  # The Metadata class represents a profile's metadata.
+  # This includes the metadata stored in the profile's metadata.rb file, as well as inferred
+  # metadata like if this profile supports the current runtime and the intended target.
+  # This class does NOT represent the runtime state of a profile during execution.
+  # See lib/inspec/profile.rb for the runtime representation of a profile.
+  #
   # A Metadata object may be created and finalized with invalid data.
   # This allows the check CLI command to analyse the issues.
   # Use valid? to determine if the metadata is coherent.

data/lib/inspec/profile.rb

@@ -94,6 +94,7 @@ module Inspec
       @input_values = options[:inputs]
       @tests_collected = false
       @libraries_loaded = false
+      @state = :loaded
       @check_mode = options[:check_mode] || false
       @parent_profile = options[:parent_profile]
       @legacy_profile_path = options[:profiles_path] || false
@@ -146,7 +147,12 @@ module Inspec
         options[:profile_context] ||
         Inspec::ProfileContext.for_profile(self, @backend)
 
-      @supports_platform = metadata.supports_platform?(@backend)
+      if metadata.supports_platform?(@backend)
+        @supports_platform = true
+      else
+        @supports_platform = false
+        @state = :skipped
+      end
       @supports_runtime = metadata.supports_runtime?
     end
 
@@ -162,6 +168,10 @@ module Inspec
       @writable
     end
 
+    def failed?
+      @state == :failed
+    end
+
     #
     # Is this profile is supported on the current platform of the
     # backend machine and the current inspec version.
@@ -197,7 +207,7 @@ module Inspec
     end
 
     def collect_tests(include_list = @controls)
-      unless @tests_collected
+      unless @tests_collected || failed?
         return unless supports_platform?
 
         locked_dependencies.each(&:collect_tests)
@@ -206,7 +216,12 @@ module Inspec
           next if content.nil? || content.empty?
 
           abs_path = source_reader.target.abs_path(path)
-          @runner_context.load_control_file(content, abs_path, nil)
+          begin
+            @runner_context.load_control_file(content, abs_path, nil)
+          rescue => e
+            @state = :failed
+            raise Inspec::Exceptions::ProfileLoadFailed, "Failed to load source for #{path}: #{e}"
+          end
         end
         @tests_collected = true
       end
@@ -249,12 +264,13 @@ module Inspec
         d = dep.profile
         # this will force a dependent profile load so we are only going to add
         # this metadata if the parent profile is supported.
-        if supports_platform? && !d.supports_platform?
+        if @supports_platform && !d.supports_platform?
           # since ruby 1.9 hashes are ordered so we can just use index values here
           # TODO: NO! this is a violation of encapsulation to an extreme
           metadata.dependencies[i][:status] = "skipped"
           msg = "Skipping profile: '#{d.name}' on unsupported platform: '#{d.backend.platform.name}/#{d.backend.platform.release}'."
-          metadata.dependencies[i][:skip_message] = msg
+          metadata.dependencies[i][:status_message] = msg
+          metadata.dependencies[i][:skip_message] = msg # Repeat as skip_message for backward compatibility
           next
         elsif metadata.dependencies[i]
           # Currently wrapper profiles will load all dependencies, and then we
@@ -324,12 +340,13 @@ module Inspec
       res[:sha256] = sha256
       res[:parent_profile] = parent_profile unless parent_profile.nil?
 
-      if !supports_platform?
+      if @supports_platform
+        res[:status_message] = @status_message || ""
+        res[:status] = failed? ? "failed" : "loaded"
+      else
         res[:status] = "skipped"
         msg = "Skipping profile: '#{name}' on unsupported platform: '#{backend.platform.name}/#{backend.platform.release}'."
-        res[:skip_message] = msg
-      else
-        res[:status] = "loaded"
+        res[:status_message] = msg
       end
 
       # convert legacy os-* supports to their platform counterpart
@@ -455,6 +472,10 @@ module Inspec
       params[:controls].values.length
     end
 
+    def set_status_message(msg)
+      @status_message = msg.to_s
+    end
+
     # generates a archive of a folder profile
     # assumes that the profile was checked before
     def archive(opts)

data/lib/inspec/reporters.rb

@@ -1,4 +1,5 @@
 require "inspec/reporters/base"
+require "inspec/reporters/cli"
 require "inspec/reporters/json"
 require "inspec/reporters/json_automate"
 require "inspec/reporters/junit"
@@ -11,6 +12,8 @@ module Inspec::Reporters
     name, config = reporter.dup
     config[:run_data] = run_data
     case name
+    when "cli"
+      reporter = Inspec::Reporters::CLI.new(config)
     when "json"
       reporter = Inspec::Reporters::Json.new(config)
     # This reporter is only used for Chef internal. We reserve the

data/lib/{plugins/inspec-reporter-cli/lib/inspec-reporter-cli/reporter.rb → inspec/reporters/cli.rb}

@@ -1,8 +1,5 @@
-require "forwardable"
-
-module InspecPlugins::CliReporter
-  class Reporter < Inspec.plugin(2, :reporter)
-
+module Inspec::Reporters
+  class CLI < Base
     case RUBY_PLATFORM
     when /windows|mswin|msys|mingw|cygwin/
       # Most currently available Windows terminals have poor support
@@ -43,15 +40,11 @@ module InspecPlugins::CliReporter
 
     MULTI_TEST_CONTROL_SUMMARY_MAX_LEN = 60
 
-    def self.run_data_schema_constraints
-      "~> 0.0"
-    end
-
     def render
-      run_data.profiles.each do |profile|
-        if profile.status == "skipped"
-          platform = run_data.platform
-          output("Skipping profile: '#{profile.name}' on unsupported platform: '#{platform.name}/#{platform.release}'.")
+      run_data[:profiles].each do |profile|
+        if profile[:status] == "skipped"
+          platform = run_data[:platform]
+          output("Skipping profile: '#{profile[:name]}' on unsupported platform: '#{platform[:name]}/#{platform[:release]}'.")
           next
         end
         @control_count = 0
@@ -77,9 +70,10 @@ module InspecPlugins::CliReporter
     def print_profile_header(profile)
       header = {
         "Profile" => format_profile_name(profile),
-        "Version" => profile.version || "(not specified)",
+        "Version" => profile[:version] || "(not specified)",
       }
-      header["Target"] = run_data.platform.target unless run_data.platform.target.nil?
+      header["Failure Message"] = profile[:status_message] if profile[:status] == "failed"
+      header["Target"] = run_data[:platform][:target] unless run_data[:platform][:target].nil?
       header["Target ID"] = @config["target_id"] unless @config["target_id"].nil?
 
       pad = header.keys.max_by(&:length).length + 1
@@ -91,8 +85,8 @@ module InspecPlugins::CliReporter
 
     def print_standard_control_results(profile)
       standard_controls_from_profile(profile).each do |control_from_profile|
-        control = ControlForCliDisplay.new(control_from_profile)
-        next if control.results.empty?
+        control = Control.new(control_from_profile)
+        next if control.results.nil?
 
         output(format_control_header(control))
         control.results.each do |result|
@@ -105,8 +99,8 @@ module InspecPlugins::CliReporter
 
     def print_anonymous_control_results(profile)
       anonymous_controls_from_profile(profile).each do |control_from_profile|
-        control = ControlForCliDisplay.new(control_from_profile)
-        next if control.results.empty?
+        control = Control.new(control_from_profile)
+        next if control.results.nil?
 
         output(format_control_header(control))
         control.results.each do |result|
@@ -117,10 +111,10 @@ module InspecPlugins::CliReporter
     end
 
     def format_profile_name(profile)
-      if profile.title.nil?
-        (profile.name || "unknown").to_s
+      if profile[:title].nil?
+        (profile[:name] || "unknown").to_s
       else
-        "#{profile.title} (#{profile.name || "unknown"})"
+        "#{profile[:title]} (#{profile[:name] || "unknown"})"
       end
     end
 
@@ -136,16 +130,16 @@ module InspecPlugins::CliReporter
     def format_result(control, result, type)
       impact = control.impact_string_for_result(result)
 
-      message = if result.status == "skipped"
-                  result.skip_message
+      message = if result[:status] == "skipped"
+                  result[:skip_message]
                 elsif type == :anonymous
-                  result.expectation_message
+                  result[:expectation_message]
                 else
-                  result.code_desc
+                  result[:code_desc]
                 end
 
       # append any failure details to the message if they exist
-      message += "\n#{result.message}" if result.message
+      message += "\n#{result[:message]}" if result[:message]
 
       format_message(
         color: impact,
@@ -177,7 +171,9 @@ module InspecPlugins::CliReporter
 
     def all_unique_controls
       @unique_controls ||= begin
-                             run_data.profiles.flat_map(&:controls).uniq
+                             run_data[:profiles].flat_map do |profile|
+                               profile[:controls]
+                             end.uniq
                            end
     end
 
@@ -187,12 +183,12 @@ module InspecPlugins::CliReporter
       passed = 0
 
       all_unique_controls.each do |control|
-        next if control.id.start_with? "(generated from "
-        next if control.results.empty?
+        next if control[:id].start_with? "(generated from "
+        next unless control[:results]
 
-        if control.results.any? { |r| r.status == "failed" }
+        if control[:results].any? { |r| r[:status] == "failed" }
           failed += 1
-        elsif control.results.any? { |r| r.status == "skipped" }
+        elsif control[:results].any? { |r| r[:status] == "skipped" }
           skipped += 1
         else
           passed += 1
@@ -216,12 +212,12 @@ module InspecPlugins::CliReporter
       passed = 0
 
       all_unique_controls.each do |control|
-        next if control.results.empty?
+        next unless control[:results]
 
-        control.results.each do |result|
-          if result.status == "failed"
+        control[:results].each do |result|
+          if result[:status] == "failed"
             failed += 1
-          elsif result.status == "skipped"
+          elsif result[:status] == "skipped"
             skipped += 1
           else
             passed += 1
@@ -278,30 +274,42 @@ module InspecPlugins::CliReporter
     end
 
     def standard_controls_from_profile(profile)
-      profile.controls.reject { |c| is_anonymous_control?(c) }
+      profile[:controls].reject { |c| is_anonymous_control?(c) }
     end
 
     def anonymous_controls_from_profile(profile)
-      profile.controls.select { |c| is_anonymous_control?(c) && !c[:results].nil? }
+      profile[:controls].select { |c| is_anonymous_control?(c) && !c[:results].nil? }
     end
 
     def is_anonymous_control?(control)
-      control.id.start_with?("(generated from ")
+      control[:id].start_with?("(generated from ")
     end
 
     def indent_lines(message, indentation)
       message.lines.map { |line| " " * indentation + line }.join
     end
 
-    class ControlForCliDisplay
+    class Control
+      attr_reader :data
 
-      extend Forwardable
+      def initialize(control_hash)
+        @data = control_hash
+      end
 
-      attr_reader :control_obj
-      def_delegators :@control_obj, :id, :impact, :results, :title
+      def id
+        data[:id]
+      end
+
+      def title
+        data[:title]
+      end
+
+      def results
+        data[:results]
+      end
 
-      def initialize(control_obj)
-        @control_obj = control_obj
+      def impact
+        data[:impact]
       end
 
       def anonymous?
@@ -310,9 +318,9 @@ module InspecPlugins::CliReporter
 
       def title_for_report
         # if this is an anonymous control, just grab the resource title from any result entry
-        return results.first.resource_title if anonymous?
+        return results.first[:resource_title] if anonymous?
 
-        title_for_report = "#{id}: #{title || results.first.resource_title}"
+        title_for_report = "#{id}: #{title || results.first[:resource_title]}"
 
         # we will not add any additional data to the title if there's only
         # zero or one test for this control.
@@ -330,9 +338,9 @@ module InspecPlugins::CliReporter
           nil
         elsif impact.nil?
           "unknown"
-        elsif results&.find { |r| r.status == "skipped" }
+        elsif results&.find { |r| r[:status] == "skipped" }
           "skipped"
-        elsif results.empty? || results.all? { |r| r.status == "passed" }
+        elsif results.nil? || results.empty? || results.all? { |r| r[:status] == "passed" }
           "passed"
         else
           "failed"
@@ -340,9 +348,9 @@ module InspecPlugins::CliReporter
       end
 
       def impact_string_for_result(result)
-        if result.status == "skipped"
+        if result[:status] == "skipped"
           "skipped"
-        elsif result.status == "passed"
+        elsif result[:status] == "passed"
           "passed"
         elsif impact.nil?
           "unknown"
@@ -352,11 +360,11 @@ module InspecPlugins::CliReporter
       end
 
       def failure_count
-        results.select { |r| r.status == "failed" }.size
+        results.select { |r| r[:status] == "failed" }.size
       end
 
       def skipped_count
-        results.select { |r| r.status == "skipped" }.size
+        results.select { |r| r[:status] == "skipped" }.size
       end
     end
   end