inspec-core 4.21.1 → 4.22.22

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f7be94754504cd2aeda9badd0701a9ac28691e0c62f76741db0c3b1b75988b2b
-  data.tar.gz: 314ce4bedf429cb87185f4903bcb5e47c93587fc1c125f9dcff112574f5dde72
+  metadata.gz: feb9a92b579da111caf36845c7ba22e6d0831233d59c5f6f5de0212aa8ef529c
+  data.tar.gz: 945341a0aa073b969ce15e35d058246af5584d3ddfb94a5b7ffbd86cb8162254
 SHA512:
-  metadata.gz: fa7f2ac74a61e23f82236d175b5adcc4236eb6b48316d7eaca9cfa85fe9f3917a22eb87fc56723ff56635348897e21f635816071fcf1c13a2f808df212388693
-  data.tar.gz: 17245f5ba3ca9aad13bba4870e52bf48c2e2cf2219b03ee569d0a1aa2e699bd2b6de447d30a2d23c44e01c72ded87c9dab596e564eb9206f7826ae72f6b4d366
+  metadata.gz: 148281428e3b5d2855a2c89eccb3a29e4b159933b025049d9852eab4336b9ffb0f267bb48701b208c06fc71ce2c173fe175466622b3ec535ddb4a2692d3d927f
+  data.tar.gz: ac2e46f5dc21b7359b76df729d6b47c0f51f1f8bd272872121477204f3422d49028982a39a01df60a4ae796f03ccb41f6a448a994e22e2feb7e4d946b574cc27

data/Gemfile

@@ -19,7 +19,7 @@ group :omnibus do
 end
 
 group :test do
-  gem "chefstyle", "~> 0.13.0"
+  gem "chefstyle", "~> 1.2.1"
   gem "minitest", "~> 5.5"
   gem "minitest-sprint", "~> 1.0"
   gem "rake", ">= 10"

data/inspec-core.gemspec

@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
 
   # the gemfile and gemspec are necessary for appbundler so don't remove it
   spec.files =
-    Dir.glob("{{lib,etc}/**/*,README.md,LICENSE,Gemfile,inspec-core.gemspec}")
+    Dir.glob("{{lib,etc}/**/*,LICENSE,Gemfile,inspec-core.gemspec}")
       .grep_v(%r{(?<!inspec-init/templates/profiles/)(aws|azure|gcp)})
       .grep_v(%r{lib/plugins/.*/test/})
       .reject { |f| File.directory?(f) }
@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "chef-telemetry",     "~> 1.0"
   spec.add_dependency "license-acceptance", ">= 0.2.13", "< 2.0"
   spec.add_dependency "thor",               ">= 0.20", "< 2.0"
-  spec.add_dependency "json_schemer",       "~> 0.2.1"
+  spec.add_dependency "json_schemer",       ">= 0.2.1", "< 0.2.12"
   spec.add_dependency "method_source",      ">= 0.8", "< 2.0"
   spec.add_dependency "rubyzip",            "~> 1.2", ">= 1.2.2"
   spec.add_dependency "rspec",              "~> 3.9"
@@ -43,9 +43,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "addressable",        "~> 2.4"
   spec.add_dependency "parslet",            "~> 1.5"
   spec.add_dependency "semverse",           "~> 3.0"
-  spec.add_dependency "htmlentities",       "~> 4.3" # TODO: remove when #4853 fixed
   spec.add_dependency "multipart-post",     "~> 2.0"
-  spec.add_dependency "term-ansicolor",     "~> 1.7"
 
   spec.add_dependency "train-core", "~> 3.0"
 end

data/lib/bundles/inspec-supermarket/cli.rb

@@ -5,7 +5,7 @@ module Supermarket
   class SupermarketCLI < Inspec::BaseCLI
     namespace "supermarket"
 
-    # TODO: find another solution, once https://github.com/erikhuda/thor/issues/261 is fixed
+    # TODO: find another solution, once https://github.com/erikhuda/thor/issues/261 is fixed.
     def self.banner(command, _namespace = nil, _subcommand = false)
       "#{basename} #{subcommand_prefix} #{command.usage}"
     end

data/lib/inspec/base_cli.rb

@@ -60,7 +60,7 @@ module Inspec
       true
     end
 
-    def self.target_options # rubocop:disable MethodLength
+    def self.target_options # rubocop:disable Metrics/MethodLength
       option :target, aliases: :t, type: :string,
         desc: "Simple targeting option using URIs, e.g. ssh://user:pass@host:port"
       option :backend, aliases: :b, type: :string,
@@ -231,7 +231,7 @@ module Inspec
 
     private
 
-    ALL_OF_OUR_REPORTERS = %w{json json-min json-rspec json-automate junit html yaml documentation progress}.freeze # BUT WHY?!?!
+    ALL_OF_OUR_REPORTERS = %w{json json-min json-rspec json-automate junit html html2 yaml documentation progress}.freeze # BUT WHY?!?!
 
     def suppress_log_output?(opts)
       return false if opts["reporter"].nil?

data/lib/inspec/config.rb

@@ -344,7 +344,6 @@ module Inspec
         cli
         json
         json-automate
-        junit
         yaml
       }
 

data/lib/inspec/exceptions.rb

@@ -4,6 +4,7 @@ module Inspec
   module Exceptions
     class InputsFileDoesNotExist < ArgumentError; end
     class InputsFileNotReadable < ArgumentError; end
+    class ProfileLoadFailed < StandardError; end
     class ResourceFailed < StandardError; end
     class ResourceSkipped < StandardError; end
     class SecretsBackendNotFound < ArgumentError; end

data/lib/inspec/input_registry.rb

@@ -165,7 +165,8 @@ module Inspec
             raise ArgumentError, "ERROR: An '=' is required when using --input. Usage: --input input_name1=input_value1 input2=value2"
           end
         end
-        input_name, input_value = pair.split("=")
+        pair = pair.match(/(.*?)=(.*)/)
+        input_name, input_value = pair[1], pair[2]
         input_value = parse_cli_input_value(input_name, input_value)
         evt = Inspec::Input::Event.new(
           value: input_value,

data/lib/inspec/metadata.rb

@@ -9,7 +9,12 @@ require "inspec/version"
 require "inspec/utils/spdx"
 
 module Inspec
-  # Extract metadata.rb information
+  # The Metadata class represents a profile's metadata.
+  # This includes the metadata stored in the profile's metadata.rb file, as well as inferred
+  # metadata like if this profile supports the current runtime and the intended target.
+  # This class does NOT represent the runtime state of a profile during execution.
+  # See lib/inspec/profile.rb for the runtime representation of a profile.
+  #
   # A Metadata object may be created and finalized with invalid data.
   # This allows the check CLI command to analyse the issues.
   # Use valid? to determine if the metadata is coherent.

data/lib/inspec/plugin/v2/plugin_types/reporter.rb

@@ -31,17 +31,14 @@ module Inspec::Plugin::V2::PluginType
       runtime_config = Inspec::Config.cached.respond_to?(:final_options) ? Inspec::Config.cached.final_options : {}
 
       message_truncation = runtime_config[:reporter_message_truncation] || "ALL"
-      trunc = message_truncation == "ALL" ? -1 : message_truncation.to_i
+      @trunc = message_truncation == "ALL" ? -1 : message_truncation.to_i
       include_backtrace = runtime_config[:reporter_backtrace_inclusion].nil? ? true : runtime_config[:reporter_backtrace_inclusion]
 
       @run_data[:profiles]&.each do |p|
         p[:controls].each do |c|
           c[:results]&.map! do |r|
             r.delete(:backtrace) unless include_backtrace
-            if r.key?(:message) && r[:message] != "" && trunc > -1
-              r[:message] = r[:message][0...trunc] + "[Truncated to #{trunc} characters]"
-            end
-            r
+            process_message_truncation(r)
           end
         end
       end
@@ -64,5 +61,14 @@ module Inspec::Plugin::V2::PluginType
     def self.run_data_schema_constraints
       raise NotImplementedError, "#{self.class} must implement a `run_data_schema_constraints` class method to declare its compatibiltity with the RunData API."
     end
+
+    private
+
+    def process_message_truncation(result)
+      if result.key?(:message) && result[:message] != "" && @trunc > -1 && result[:message].length > @trunc
+        result[:message] = result[:message][0...@trunc] + "[Truncated to #{@trunc} characters]"
+      end
+      result
+    end
   end
 end

data/lib/inspec/profile.rb

@@ -94,6 +94,7 @@ module Inspec
       @input_values = options[:inputs]
       @tests_collected = false
       @libraries_loaded = false
+      @state = :loaded
       @check_mode = options[:check_mode] || false
       @parent_profile = options[:parent_profile]
       @legacy_profile_path = options[:profiles_path] || false
@@ -146,7 +147,12 @@ module Inspec
         options[:profile_context] ||
         Inspec::ProfileContext.for_profile(self, @backend)
 
-      @supports_platform = metadata.supports_platform?(@backend)
+      if metadata.supports_platform?(@backend)
+        @supports_platform = true
+      else
+        @supports_platform = false
+        @state = :skipped
+      end
       @supports_runtime = metadata.supports_runtime?
     end
 
@@ -162,6 +168,10 @@ module Inspec
       @writable
     end
 
+    def failed?
+      @state == :failed
+    end
+
     #
     # Is this profile is supported on the current platform of the
     # backend machine and the current inspec version.
@@ -197,7 +207,7 @@ module Inspec
     end
 
     def collect_tests(include_list = @controls)
-      unless @tests_collected
+      unless @tests_collected || failed?
         return unless supports_platform?
 
         locked_dependencies.each(&:collect_tests)
@@ -206,7 +216,12 @@ module Inspec
           next if content.nil? || content.empty?
 
           abs_path = source_reader.target.abs_path(path)
-          @runner_context.load_control_file(content, abs_path, nil)
+          begin
+            @runner_context.load_control_file(content, abs_path, nil)
+          rescue => e
+            @state = :failed
+            raise Inspec::Exceptions::ProfileLoadFailed, "Failed to load source for #{path}: #{e}"
+          end
         end
         @tests_collected = true
       end
@@ -249,12 +264,13 @@ module Inspec
         d = dep.profile
         # this will force a dependent profile load so we are only going to add
         # this metadata if the parent profile is supported.
-        if supports_platform? && !d.supports_platform?
+        if @supports_platform && !d.supports_platform?
           # since ruby 1.9 hashes are ordered so we can just use index values here
           # TODO: NO! this is a violation of encapsulation to an extreme
           metadata.dependencies[i][:status] = "skipped"
           msg = "Skipping profile: '#{d.name}' on unsupported platform: '#{d.backend.platform.name}/#{d.backend.platform.release}'."
-          metadata.dependencies[i][:skip_message] = msg
+          metadata.dependencies[i][:status_message] = msg
+          metadata.dependencies[i][:skip_message] = msg # Repeat as skip_message for backward compatibility
           next
         elsif metadata.dependencies[i]
           # Currently wrapper profiles will load all dependencies, and then we
@@ -324,12 +340,13 @@ module Inspec
       res[:sha256] = sha256
       res[:parent_profile] = parent_profile unless parent_profile.nil?
 
-      if !supports_platform?
+      if @supports_platform
+        res[:status_message] = @status_message || ""
+        res[:status] = failed? ? "failed" : "loaded"
+      else
         res[:status] = "skipped"
         msg = "Skipping profile: '#{name}' on unsupported platform: '#{backend.platform.name}/#{backend.platform.release}'."
-        res[:skip_message] = msg
-      else
-        res[:status] = "loaded"
+        res[:status_message] = msg
       end
 
       # convert legacy os-* supports to their platform counterpart
@@ -455,6 +472,10 @@ module Inspec
       params[:controls].values.length
     end
 
+    def set_status_message(msg)
+      @status_message = msg.to_s
+    end
+
     # generates a archive of a folder profile
     # assumes that the profile was checked before
     def archive(opts)

data/lib/inspec/reporters.rb

@@ -2,7 +2,6 @@ require "inspec/reporters/base"
 require "inspec/reporters/cli"
 require "inspec/reporters/json"
 require "inspec/reporters/json_automate"
-require "inspec/reporters/junit"
 require "inspec/reporters/automate"
 require "inspec/reporters/yaml"
 
@@ -20,8 +19,6 @@ module Inspec::Reporters
     # right to introduce breaking changes to this reporter at any time.
     when "json-automate"
       reporter = Inspec::Reporters::JsonAutomate.new(config)
-    when "junit"
-      reporter = Inspec::Reporters::Junit.new(config)
     when "automate"
       reporter = Inspec::Reporters::Automate.new(config)
     when "yaml"

data/lib/inspec/reporters/automate.rb

@@ -49,14 +49,14 @@ module Inspec::Reporters
 
         res = http.request(req)
         if res.is_a?(Net::HTTPSuccess)
-          return true
+          true
         else
           Inspec::Log.error "send_report: POST to #{uri.path} returned: #{res.body}"
-          return false
+          false
         end
       rescue => e
         Inspec::Log.error "send_report: POST to #{uri.path} returned: #{e.message}"
-        return false
+        false
       end
     end
 

data/lib/inspec/reporters/base.rb

@@ -14,17 +14,14 @@ module Inspec::Reporters
       runtime_config = Inspec::Config.cached.respond_to?(:final_options) ? Inspec::Config.cached.final_options : {}
 
       message_truncation = runtime_config[:reporter_message_truncation] || "ALL"
-      trunc = message_truncation == "ALL" ? -1 : message_truncation.to_i
+      @trunc = message_truncation == "ALL" ? -1 : message_truncation.to_i
       include_backtrace = runtime_config[:reporter_backtrace_inclusion].nil? ? true : runtime_config[:reporter_backtrace_inclusion]
 
       @run_data[:profiles]&.each do |p|
         p[:controls].each do |c|
           c[:results]&.map! do |r|
             r.delete(:backtrace) unless include_backtrace
-            if r.key?(:message) && r[:message] != "" && trunc > -1
-              r[:message] = r[:message][0...trunc] + "[Truncated to #{trunc} characters]"
-            end
-            r
+            process_message_truncation(r)
           end
         end
       end
@@ -43,5 +40,14 @@ module Inspec::Reporters
     def render
       raise NotImplementedError, "#{self.class} must implement a `#render` method to format its output."
     end
+
+    private
+
+    def process_message_truncation(result)
+      if result.key?(:message) && result[:message] != "" && @trunc > -1 && result[:message].length > @trunc
+        result[:message] = result[:message][0...@trunc] + "[Truncated to #{@trunc} characters]"
+      end
+      result
+    end
   end
 end

data/lib/inspec/reporters/cli.rb

@@ -72,6 +72,7 @@ module Inspec::Reporters
         "Profile" => format_profile_name(profile),
         "Version" => profile[:version] || "(not specified)",
       }
+      header["Failure Message"] = profile[:status_message] if profile[:status] == "failed"
       header["Target"] = run_data[:platform][:target] unless run_data[:platform][:target].nil?
       header["Target ID"] = @config["target_id"] unless @config["target_id"].nil?
 

data/lib/inspec/reporters/json.rb

@@ -45,8 +45,8 @@ module Inspec::Reporters
     end
 
     def profiles
-      run_data[:profiles].map { |p|
-        {
+      run_data[:profiles].map do |p|
+        res = {
           name:            p[:name],
           version:         p[:version],
           sha256:          p[:sha256],
@@ -64,10 +64,15 @@ module Inspec::Reporters
           groups:          profile_groups(p),
           controls:        profile_controls(p),
           status:          p[:status],
-          skip_message:    p[:skip_message],
+          status_message:  p[:status_message],
           waiver_data:     p[:waiver_data],
         }.reject { |_k, v| v.nil? }
-      }
+
+        # For backwards compatibility
+        res[:skip_message] = res[:status_message] if res[:status] == "skipped"
+
+        res
+      end
     end
 
     def profile_groups(profile)

data/lib/inspec/resources/apt.rb

@@ -90,12 +90,14 @@ module Inspec::Resources
         # deb               "http://archive.ubuntu.com/ubuntu/" wily main restricted ...
         # deb               http://archive.ubuntu.com/ubuntu/ wily main restricted ...
         # deb [trusted=yes] http://archive.ubuntu.com/ubuntu/ wily main restricted ...
+        # deb cdrom:[Ubuntu 15.10 _Wily Werewolf_ - Release amd64 (20151021)]/ wily main restricted ...
 
         words = line.split
         words.delete_at 1 if words[1] && words[1].start_with?("[")
         type, url, distro, *components = words
         url = url.delete('"') if url
 
+        next if words[1] && words[1].start_with?("cdrom:") # skip unsupported apt-cdrom repos
         next if components.empty?
         next unless URI::HTTP === URI.parse(url)
         next unless %w{deb deb-src}.include? type

data/lib/inspec/resources/bridge.rb

@@ -27,7 +27,7 @@ module Inspec::Resources
       elsif inspec.os.windows?
         @bridge_provider = WindowsBridge.new(inspec)
       else
-        return skip_resource "The `bridge` resource is not supported on your OS yet."
+        skip_resource "The `bridge` resource is not supported on your OS yet."
       end
     end
 

data/lib/inspec/resources/host.rb

@@ -71,7 +71,7 @@ module Inspec::Resources
 
       missing_requirements = @host_provider.missing_requirements(protocol)
       unless missing_requirements.empty?
-        return skip_resource "The following requirements are not met for this resource: " \
+        skip_resource "The following requirements are not met for this resource: " \
           "#{missing_requirements.join(", ")}"
       end
     end

data/lib/inspec/resources/mount.rb

@@ -61,7 +61,7 @@ module Inspec::Resources
       os = inspec.os
       if os.linux?
         LinuxMounts.new(inspec)
-      elsif ["freebsd"].include?(os[:family])
+      elsif os.bsd?
         BsdMounts.new(inspec)
       end
     end

data/lib/inspec/resources/mysql_session.rb

@@ -4,6 +4,27 @@ require "inspec/resources/command"
 require "shellwords"
 
 module Inspec::Resources
+  class Lines
+    attr_reader :output, :stdout, :stderr, :exit_status
+
+    def initialize(raw, desc, exit_status)
+      @output = raw
+      @desc = desc
+      @exit_status = exit_status
+      # backwards compatibility
+      @stdout = raw
+      @stderr = raw
+    end
+
+    def lines
+      output.split("\n")
+    end
+
+    def to_s
+      @desc
+    end
+  end
+
   class MysqlSession < Inspec.resource(1)
     name "mysql_session"
     supports platform: "unix"
@@ -12,7 +33,7 @@ module Inspec::Resources
     example <<~EXAMPLE
       sql = mysql_session('my_user','password','host')
       describe sql.query('show databases like \'test\';') do
-        its('stdout') { should_not match(/test/) }
+        its('output') { should_not match(/test/) }
       end
     EXAMPLE
 
@@ -28,15 +49,17 @@ module Inspec::Resources
 
     def query(q, db = "")
       mysql_cmd = create_mysql_cmd(q, db)
-      cmd = inspec.command(mysql_cmd)
+      cmd = if !@pass.nil?
+              inspec.command(mysql_cmd, redact_regex: /(mysql -u\w+ -p).+(\s-(h|S).*)/)
+            else
+              inspec.command(mysql_cmd)
+            end
       out = cmd.stdout + "\n" + cmd.stderr
-      if out =~ /Can't connect to .* MySQL server/ || out.downcase =~ /^error /
-        # skip this test if the server can't run the query
-        warn("Can't connect to MySQL instance for SQL checks.")
+      if cmd.exit_status != 0 || out =~ /Can't connect to .* MySQL server/ || out.downcase =~ /^error:.*/
+        Lines.new(out, "MySQL query with errors: #{q}", cmd.exit_status)
+      else
+        Lines.new(cmd.stdout.strip, "MySQL query: #{q}", cmd.exit_status)
       end
-
-      # return the raw command output
-      cmd
     end
 
     def to_s