inspec-core 4.22.8 → 4.23.15

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b909b05a8f7510d2833aee0e464f0ed9cec64409fe5825fc05078c67b01e4a43
-  data.tar.gz: ee56167e3ab21f7eed5fd938e5728c3f48a7621fe71d1f3294cb4f2991298a79
+  metadata.gz: a8d456ded6249283aa4db22d7dc054afeb37996472a16d9d8d007bd492f7a6c8
+  data.tar.gz: f355c608691df7895a0440a7f70a0ffb0f8cd0d7167da490dfcefeec45bba2bc
 SHA512:
-  metadata.gz: 116d85fb0ef947cda4beb31c825cb02e134e2c9130338e062cc4e82d2d58a59e6f7fbdc8df4908759c0d508692efc00dac40550d0ce6ae9da72e904336f1fed6
-  data.tar.gz: e6208c479f04da18199aec2b1c8dc4c8e101bb08609b32fb9d026f485f69d7e848d62a68a6087171fa38a3486f44777d0ad56c64fe2743195b4cc1abb58f8ad9
+  metadata.gz: f9c878fa83d12844ea6d0b1a58da70d6e39650a41e5ad7b7041bfc11faee21c8ce67adee8c5eae29ef04a4734b7c916415d285dab888c0c776a80717037c049b
+  data.tar.gz: f072fbccdb85a007f3a33ba9294024b403eda80b184ee806a08226a47728681aaed1692ac61cbefde5fe7e965ea0db5e6306405e6c808f15d4011a44a6215542

data/Gemfile

@@ -19,12 +19,13 @@ group :omnibus do
 end
 
 group :test do
-  gem "chefstyle", "~> 0.13.0"
+  gem "chefstyle", "~> 1.2.1"
   gem "minitest", "~> 5.5"
   gem "minitest-sprint", "~> 1.0"
   gem "rake", ">= 10"
   gem "simplecov", ["~> 0.10", "<=0.18.2"]
   gem "concurrent-ruby", "~> 1.0"
+  gem "nokogiri", "~> 1.9"
   gem "mocha", "~> 1.1"
   gem "ruby-progressbar", "~> 1.8"
   gem "webmock", "~> 3.0"

data/inspec-core.gemspec

@@ -17,14 +17,14 @@ Gem::Specification.new do |spec|
 
   # the gemfile and gemspec are necessary for appbundler so don't remove it
   spec.files =
-    Dir.glob("{{lib,etc}/**/*,README.md,LICENSE,Gemfile,inspec-core.gemspec}")
+    Dir.glob("{{lib,etc}/**/*,LICENSE,Gemfile,inspec-core.gemspec}")
       .grep_v(%r{(?<!inspec-init/templates/profiles/)(aws|azure|gcp)})
       .grep_v(%r{lib/plugins/.*/test/})
       .reject { |f| File.directory?(f) }
 
   # Implementation dependencies
   spec.add_dependency "chef-telemetry",     "~> 1.0"
-  spec.add_dependency "license-acceptance", ">= 0.2.13", "< 2.0"
+  spec.add_dependency "license-acceptance", ">= 0.2.13", "< 3.0"
   spec.add_dependency "thor",               ">= 0.20", "< 2.0"
   spec.add_dependency "json_schemer",       ">= 0.2.1", "< 0.2.12"
   spec.add_dependency "method_source",      ">= 0.8", "< 2.0"
@@ -36,16 +36,14 @@ Gem::Specification.new do |spec|
   spec.add_dependency "mixlib-log",         "~> 3.0"
   spec.add_dependency "sslshake",           "~> 1.2"
   spec.add_dependency "parallel",           "~> 1.9"
-  spec.add_dependency "faraday",            ">= 0.9.0"
+  spec.add_dependency "faraday",            ">= 0.9.0", "< 1.1"
   spec.add_dependency "tty-table",          "~> 0.10"
   spec.add_dependency "tty-prompt",         "~> 0.17"
   spec.add_dependency "tomlrb",             "~> 1.2.0"
   spec.add_dependency "addressable",        "~> 2.4"
   spec.add_dependency "parslet",            "~> 1.5"
   spec.add_dependency "semverse",           "~> 3.0"
-  spec.add_dependency "htmlentities",       "~> 4.3" # TODO: remove when #4853 fixed
   spec.add_dependency "multipart-post",     "~> 2.0"
-  spec.add_dependency "term-ansicolor",     "~> 1.7"
 
   spec.add_dependency "train-core", "~> 3.0"
 end

data/lib/bundles/inspec-supermarket/cli.rb

@@ -5,7 +5,7 @@ module Supermarket
   class SupermarketCLI < Inspec::BaseCLI
     namespace "supermarket"
 
-    # TODO: find another solution, once https://github.com/erikhuda/thor/issues/261 is fixed
+    # TODO: find another solution, once https://github.com/erikhuda/thor/issues/261 is fixed.
     def self.banner(command, _namespace = nil, _subcommand = false)
       "#{basename} #{subcommand_prefix} #{command.usage}"
     end

data/lib/inspec/base_cli.rb

@@ -60,7 +60,7 @@ module Inspec
       true
     end
 
-    def self.target_options # rubocop:disable MethodLength
+    def self.target_options # rubocop:disable Metrics/MethodLength
       option :target, aliases: :t, type: :string,
         desc: "Simple targeting option using URIs, e.g. ssh://user:pass@host:port"
       option :backend, aliases: :b, type: :string,
@@ -158,6 +158,16 @@ module Inspec
       option :silence_deprecations, type: :array,
         banner: "[all]|[GROUP GROUP...]",
         desc: "Suppress deprecation warnings. See install_dir/etc/deprecations.json for list of GROUPs or use 'all'."
+      option :diff, type: :boolean, default: true,
+        desc: "Use --no-diff to suppress 'diff' output of failed textual test results."
+      option :sort_results_by, type: :string, default: "file", banner: "--sort-results-by=none|control|file|random",
+        desc: "After normal execution order, results are sorted by control ID, or by file (default), or randomly. None uses legacy unsorted mode."
+    end
+
+    def self.help(*args)
+      super(*args)
+      puts "\nAbout #{Inspec::Dist::PRODUCT_NAME}:"
+      puts "  Patents: chef.io/patents\n\n"
     end
 
     def self.format_platform_info(params: {}, indent: 0, color: 39)

data/lib/inspec/cli.rb

@@ -48,7 +48,8 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     desc: "Allow or disable user interaction"
 
   class_option :disable_core_plugins, type: :string, banner: "", # Actually a boolean, but this suppresses the creation of a --no-disable...
-    desc: "Disable loading all plugins that are shipped in the lib/plugins directory of InSpec. Useful in development."
+    desc: "Disable loading all plugins that are shipped in the lib/plugins directory of InSpec. Useful in development.",
+    hide: true
 
   class_option :disable_user_plugins, type: :string, banner: "",
     desc: "Disable loading all plugins that the user installed."
@@ -194,7 +195,8 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     pretty_handle_exception(e)
   end
 
-  desc "exec LOCATIONS", <<~EOT
+  desc "exec LOCATIONS", "Run all tests at LOCATIONS."
+  long_desc <<~EOT
     Run all test files at the specified LOCATIONS.
 
     Loads the given profile(s) and fetches their dependencies if needed. Then

data/lib/inspec/config.rb

@@ -344,7 +344,6 @@ module Inspec
         cli
         json
         json-automate
-        junit
         yaml
       }
 
@@ -406,6 +405,18 @@ module Inspec
       @plugin_cfg = data
     end
 
+    def validate_sort_results_by!(option_value)
+      expected = %w{
+        none
+        control
+        file
+        random
+      }
+      return if expected.include? option_value
+
+      raise Inspec::ConfigError::Invalid, "--sort-results-by must be one of #{expected.join(", ")}"
+    end
+
     #-----------------------------------------------------------------------#
     #                         Merging Options
     #-----------------------------------------------------------------------#
@@ -436,6 +447,7 @@ module Inspec
       finalize_parse_reporters(options)
       finalize_handle_sudo(options)
       finalize_compliance_login(options)
+      finalize_sort_results(options)
 
       Thor::CoreExt::HashWithIndifferentAccess.new(options)
     end
@@ -510,6 +522,12 @@ module Inspec
       end
     end
 
+    def finalize_sort_results(options)
+      if options.key?("sort_results_by")
+        validate_sort_results_by!(options["sort_results_by"])
+      end
+    end
+
     class Defaults
       DEFAULTS = {
         exec: {

data/lib/inspec/input.rb

@@ -171,7 +171,7 @@ module Inspec
     # are free to go higher.
     DEFAULT_PRIORITY_FOR_VALUE_SET = 60
 
-    attr_reader :description, :events, :identifier, :name, :required, :title, :type
+    attr_reader :description, :events, :identifier, :name, :required, :sensitive, :title, :type
 
     def initialize(name, options = {})
       @name = name
@@ -264,6 +264,7 @@ module Inspec
       @required = options[:required] if options.key?(:required)
       @identifier = options[:identifier] if options.key?(:identifier) # TODO: determine if this is ever used
       @type = options[:type] if options.key?(:type)
+      @sensitive = options[:sensitive] if options.key?(:sensitive)
     end
 
     def make_creation_event(options)
@@ -320,7 +321,7 @@ module Inspec
 
     def to_hash
       as_hash = { name: name, options: {} }
-      %i{description title identifier type required value}.each do |field|
+      %i{description title identifier type required value sensitive}.each do |field|
         val = send(field)
         next if val.nil?
 
@@ -334,7 +335,7 @@ module Inspec
     #--------------------------------------------------------------------------#
 
     def to_s
-      "Input #{name} with #{current_value}"
+      "Input #{name} with value " + (sensitive ? "*** (senstive)" : "#{current_value}")
     end
 
     #--------------------------------------------------------------------------#

data/lib/inspec/input_registry.rb

@@ -29,6 +29,8 @@ module Inspec
     def_delegator :inputs_by_profile, :select
     def_delegator :profile_aliases, :key?, :profile_alias?
 
+    attr_accessor :cache_inputs
+
     def initialize
       # Keyed on String profile_name => Hash of String input_name => Input object
       @inputs_by_profile = {}
@@ -43,6 +45,9 @@ module Inspec
         activator.activate!
         activator.implementation_class.new
       end
+
+      # Activate caching for inputs by default
+      @cache_inputs = true
     end
 
     #-------------------------------------------------------------#
@@ -84,7 +89,7 @@ module Inspec
 
       # Find or create the input
       inputs_by_profile[profile_name] ||= {}
-      if inputs_by_profile[profile_name].key?(input_name)
+      if inputs_by_profile[profile_name].key?(input_name) && cache_inputs
         inputs_by_profile[profile_name][input_name].update(options)
       else
         inputs_by_profile[profile_name][input_name] = Inspec::Input.new(input_name, options)
@@ -316,6 +321,7 @@ module Inspec
         profile_name,
         type: input_options[:type],
         required: input_options[:required],
+        sensitive: input_options[:sensitive],
         event: evt
       )
     end

data/lib/inspec/plugin/v2/plugin_types/reporter.rb

@@ -1,18 +1,20 @@
 require_relative "../../../run_data"
+require_relative "../../../utils/run_data_filters"
 
 module Inspec::Plugin::V2::PluginType
   class Reporter < Inspec::Plugin::V2::PluginBase
     register_plugin_type(:reporter)
+    include Inspec::Utils::RunDataFilters
 
     attr_reader :run_data
 
     def initialize(config)
       @config = config
 
-      # Trim the run_data while still a Hash; if it is huge, this
+      # Filter the run_data while still a Hash; if it is huge, this
       # saves on conversion time
       @run_data = config[:run_data] || {}
-      apply_report_resize_options
+      apply_run_data_filters_to_hash
 
       unless Inspec::RunData.compatible_schema?(self.class.run_data_schema_constraints)
         # Best we can do is warn here, the InSpec run has finished
@@ -24,26 +26,6 @@ module Inspec::Plugin::V2::PluginType
       @output = ""
     end
 
-    # This is a temporary duplication of code from lib/inspec/reporters/base.rb
-    # To be DRY'd up once the core reporters become plugins...
-    # Apply options such as message truncation and removal of backtraces
-    def apply_report_resize_options
-      runtime_config = Inspec::Config.cached.respond_to?(:final_options) ? Inspec::Config.cached.final_options : {}
-
-      message_truncation = runtime_config[:reporter_message_truncation] || "ALL"
-      @trunc = message_truncation == "ALL" ? -1 : message_truncation.to_i
-      include_backtrace = runtime_config[:reporter_backtrace_inclusion].nil? ? true : runtime_config[:reporter_backtrace_inclusion]
-
-      @run_data[:profiles]&.each do |p|
-        p[:controls].each do |c|
-          c[:results]&.map! do |r|
-            r.delete(:backtrace) unless include_backtrace
-            process_message_truncation(r)
-          end
-        end
-      end
-    end
-
     def output(str, newline = true)
       @output << str
       @output << "\n" if newline
@@ -61,14 +43,5 @@ module Inspec::Plugin::V2::PluginType
     def self.run_data_schema_constraints
       raise NotImplementedError, "#{self.class} must implement a `run_data_schema_constraints` class method to declare its compatibiltity with the RunData API."
     end
-
-    private
-
-    def process_message_truncation(result)
-      if result.key?(:message) && result[:message] != "" && @trunc > -1 && result[:message].length > @trunc
-        result[:message] = result[:message][0...@trunc] + "[Truncated to #{@trunc} characters]"
-      end
-      result
-    end
   end
 end

data/lib/inspec/reporters.rb

@@ -2,7 +2,6 @@ require "inspec/reporters/base"
 require "inspec/reporters/cli"
 require "inspec/reporters/json"
 require "inspec/reporters/json_automate"
-require "inspec/reporters/junit"
 require "inspec/reporters/automate"
 require "inspec/reporters/yaml"
 
@@ -20,8 +19,6 @@ module Inspec::Reporters
     # right to introduce breaking changes to this reporter at any time.
     when "json-automate"
       reporter = Inspec::Reporters::JsonAutomate.new(config)
-    when "junit"
-      reporter = Inspec::Reporters::Junit.new(config)
     when "automate"
       reporter = Inspec::Reporters::Automate.new(config)
     when "yaml"

data/lib/inspec/reporters/automate.rb

@@ -49,14 +49,14 @@ module Inspec::Reporters
 
         res = http.request(req)
         if res.is_a?(Net::HTTPSuccess)
-          return true
+          true
         else
           Inspec::Log.error "send_report: POST to #{uri.path} returned: #{res.body}"
-          return false
+          false
         end
       rescue => e
         Inspec::Log.error "send_report: POST to #{uri.path} returned: #{e.message}"
-        return false
+        false
       end
     end
 

data/lib/inspec/reporters/base.rb

@@ -1,30 +1,17 @@
+require_relative "../utils/run_data_filters"
+
 module Inspec::Reporters
   class Base
+    include Inspec::Utils::RunDataFilters
+
     attr_reader :run_data
 
     def initialize(config)
       @config = config
-      @run_data = config[:run_data]
-      apply_report_resize_options unless @run_data.nil?
-      @output = ""
-    end
-
-    # Apply options such as message truncation and removal of backtraces
-    def apply_report_resize_options
-      runtime_config = Inspec::Config.cached.respond_to?(:final_options) ? Inspec::Config.cached.final_options : {}
+      @run_data = config[:run_data] || {}
+      apply_run_data_filters_to_hash
 
-      message_truncation = runtime_config[:reporter_message_truncation] || "ALL"
-      @trunc = message_truncation == "ALL" ? -1 : message_truncation.to_i
-      include_backtrace = runtime_config[:reporter_backtrace_inclusion].nil? ? true : runtime_config[:reporter_backtrace_inclusion]
-
-      @run_data[:profiles]&.each do |p|
-        p[:controls].each do |c|
-          c[:results]&.map! do |r|
-            r.delete(:backtrace) unless include_backtrace
-            process_message_truncation(r)
-          end
-        end
-      end
+      @output = ""
     end
 
     def output(str, newline = true)
@@ -40,14 +27,5 @@ module Inspec::Reporters
     def render
       raise NotImplementedError, "#{self.class} must implement a `#render` method to format its output."
     end
-
-    private
-
-    def process_message_truncation(result)
-      if result.key?(:message) && result[:message] != "" && @trunc > -1 && result[:message].length > @trunc
-        result[:message] = result[:message][0...@trunc] + "[Truncated to #{@trunc} characters]"
-      end
-      result
-    end
   end
 end

data/lib/inspec/resources/apt.rb

@@ -87,13 +87,13 @@ module Inspec::Resources
         active = raw_line == line
 
         # formats:
-        # deb               "http://archive.ubuntu.com/ubuntu/" wily main restricted ...
-        # deb               http://archive.ubuntu.com/ubuntu/ wily main restricted ...
-        # deb [trusted=yes] http://archive.ubuntu.com/ubuntu/ wily main restricted ...
+        # deb                          "http://archive.ubuntu.com/ubuntu/" wily main restricted ...
+        # deb                          http://archive.ubuntu.com/ubuntu/ wily main restricted ...
+        # deb [trusted=yes]            http://archive.ubuntu.com/ubuntu/ wily main restricted ...
+        # deb [arch=amd64 trusted=yes] http://archive.ubuntu.com/ubuntu/ wily main restricted ...
         # deb cdrom:[Ubuntu 15.10 _Wily Werewolf_ - Release amd64 (20151021)]/ wily main restricted ...
 
-        words = line.split
-        words.delete_at 1 if words[1] && words[1].start_with?("[")
+        words = line.sub(/^(deb|deb-src)\s+\[.+?\]/, '\1').split
         type, url, distro, *components = words
         url = url.delete('"') if url
 

data/lib/inspec/resources/bridge.rb

@@ -27,7 +27,7 @@ module Inspec::Resources
       elsif inspec.os.windows?
         @bridge_provider = WindowsBridge.new(inspec)
       else
-        return skip_resource "The `bridge` resource is not supported on your OS yet."
+        skip_resource "The `bridge` resource is not supported on your OS yet."
       end
     end
 

data/lib/inspec/resources/host.rb

@@ -71,7 +71,7 @@ module Inspec::Resources
 
       missing_requirements = @host_provider.missing_requirements(protocol)
       unless missing_requirements.empty?
-        return skip_resource "The following requirements are not met for this resource: " \
+        skip_resource "The following requirements are not met for this resource: " \
           "#{missing_requirements.join(", ")}"
       end
     end

data/lib/inspec/resources/mysql_session.rb

@@ -5,11 +5,15 @@ require "shellwords"
 
 module Inspec::Resources
   class Lines
-    attr_reader :output
+    attr_reader :output, :stdout, :stderr, :exit_status
 
-    def initialize(raw, desc)
+    def initialize(raw, desc, exit_status)
       @output = raw
       @desc = desc
+      @exit_status = exit_status
+      # backwards compatibility
+      @stdout = raw
+      @stderr = raw
     end
 
     def lines
@@ -29,7 +33,7 @@ module Inspec::Resources
     example <<~EXAMPLE
       sql = mysql_session('my_user','password','host')
       describe sql.query('show databases like \'test\';') do
-        its('stdout') { should_not match(/test/) }
+        its('output') { should_not match(/test/) }
       end
     EXAMPLE
 
@@ -52,9 +56,9 @@ module Inspec::Resources
             end
       out = cmd.stdout + "\n" + cmd.stderr
       if cmd.exit_status != 0 || out =~ /Can't connect to .* MySQL server/ || out.downcase =~ /^error:.*/
-        Lines.new(out, "MySQL query with errors: #{q}")
+        Lines.new(out, "MySQL query with errors: #{q}", cmd.exit_status)
       else
-        Lines.new(cmd.stdout.strip, "MySQL query: #{q}")
+        Lines.new(cmd.stdout.strip, "MySQL query: #{q}", cmd.exit_status)
       end
     end