inspec-core 4.23.11 → 4.24.32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +17 -35
- data/inspec-core.gemspec +8 -9
- data/lib/bundles/inspec-supermarket/api.rb +2 -2
- data/lib/bundles/inspec-supermarket/target.rb +1 -1
- data/lib/inspec/archive/tar.rb +1 -1
- data/lib/inspec/archive/zip.rb +3 -3
- data/lib/inspec/base_cli.rb +2 -2
- data/lib/inspec/cached_fetcher.rb +1 -1
- data/lib/inspec/cli.rb +1 -1
- data/lib/inspec/config.rb +5 -5
- data/lib/inspec/dependencies/cache.rb +1 -1
- data/lib/inspec/env_printer.rb +2 -2
- data/lib/inspec/fetcher/git.rb +3 -3
- data/lib/inspec/fetcher/local.rb +1 -1
- data/lib/inspec/fetcher/url.rb +4 -4
- data/lib/inspec/file_provider.rb +4 -4
- data/lib/inspec/formatters/base.rb +16 -0
- data/lib/inspec/globals.rb +8 -2
- data/lib/inspec/input.rb +3 -0
- data/lib/inspec/input_registry.rb +5 -3
- data/lib/inspec/metadata.rb +1 -1
- data/lib/inspec/plugin/v1/plugins.rb +2 -2
- data/lib/inspec/plugin/v2.rb +5 -0
- data/lib/inspec/plugin/v2/config_file.rb +1 -1
- data/lib/inspec/plugin/v2/filter.rb +2 -2
- data/lib/inspec/plugin/v2/installer.rb +5 -5
- data/lib/inspec/plugin/v2/loader.rb +6 -1
- data/lib/inspec/plugin/v2/registry.rb +2 -2
- data/lib/inspec/profile.rb +3 -3
- data/lib/inspec/profile_context.rb +1 -1
- data/lib/inspec/reporters/automate.rb +2 -2
- data/lib/inspec/reporters/json.rb +3 -1
- data/lib/inspec/reporters/json_automate.rb +1 -1
- data/lib/inspec/resource.rb +2 -0
- data/lib/inspec/resources.rb +5 -5
- data/lib/inspec/resources/apt.rb +1 -1
- data/lib/inspec/resources/auditd.rb +1 -1
- data/lib/inspec/resources/csv.rb +1 -1
- data/lib/inspec/resources/dh_params.rb +1 -1
- data/lib/inspec/resources/file.rb +1 -1
- data/lib/inspec/resources/grub_conf.rb +2 -1
- data/lib/inspec/resources/http.rb +1 -1
- data/lib/inspec/resources/iis_website.rb +1 -1
- data/lib/inspec/resources/interfaces.rb +1 -1
- data/lib/inspec/resources/json.rb +2 -2
- data/lib/inspec/resources/key_rsa.rb +1 -1
- data/lib/inspec/resources/mssql_session.rb +5 -1
- data/lib/inspec/resources/mysql_session.rb +1 -1
- data/lib/inspec/resources/nginx.rb +1 -1
- data/lib/inspec/resources/nginx_conf.rb +1 -1
- data/lib/inspec/resources/npm.rb +1 -1
- data/lib/inspec/resources/oracledb_session.rb +1 -1
- data/lib/inspec/resources/package.rb +1 -1
- data/lib/inspec/resources/parse_config.rb +5 -2
- data/lib/inspec/resources/platform.rb +11 -1
- data/lib/inspec/resources/port.rb +1 -1
- data/lib/inspec/resources/postgres_session.rb +1 -1
- data/lib/inspec/resources/ppa.rb +1 -1
- data/lib/inspec/resources/processes.rb +1 -1
- data/lib/inspec/resources/rabbitmq_conf.rb +1 -1
- data/lib/inspec/resources/registry_key.rb +1 -1
- data/lib/inspec/resources/sshd_config.rb +1 -1
- data/lib/inspec/resources/ssl.rb +2 -2
- data/lib/inspec/resources/toml.rb +1 -1
- data/lib/inspec/resources/vbscript.rb +1 -1
- data/lib/inspec/resources/windows_registry_key.rb +1 -1
- data/lib/inspec/resources/wmi.rb +16 -8
- data/lib/inspec/resources/x509_certificate.rb +1 -1
- data/lib/inspec/resources/xml.rb +1 -1
- data/lib/inspec/rule.rb +8 -8
- data/lib/inspec/run_data.rb +1 -1
- data/lib/inspec/run_data/result.rb +2 -0
- data/lib/inspec/runner.rb +2 -2
- data/lib/inspec/schema.rb +3 -1
- data/lib/inspec/schema/output_schema.rb +1 -1
- data/lib/inspec/schema/primitives.rb +1 -1
- data/lib/inspec/shell_detector.rb +2 -2
- data/lib/inspec/utils/command_wrapper.rb +1 -1
- data/lib/inspec/utils/deprecation/config_file.rb +2 -2
- data/lib/inspec/utils/json_log.rb +1 -1
- data/lib/inspec/utils/run_data_filters.rb +7 -5
- data/lib/inspec/utils/telemetry/collector.rb +1 -1
- data/lib/inspec/utils/telemetry/data_series.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +5 -5
- data/lib/plugins/inspec-compliance/README.md +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +3 -3
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +2 -2
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +3 -3
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +2 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +3 -3
- data/lib/plugins/inspec-reporter-html2/lib/inspec-reporter-html2/reporter.rb +1 -1
- data/lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min/reporter.rb +1 -1
- data/lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit/reporter.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +6 -6
- metadata +41 -43
@@ -50,6 +50,11 @@ module Inspec::Plugin::V2
|
|
50
50
|
# we want to allow "sidecar loading", in which case a plugin may add an entry to the registry.
|
51
51
|
registry.plugin_names.dup.each do |plugin_name|
|
52
52
|
plugin_details = registry[plugin_name]
|
53
|
+
|
54
|
+
# Under some conditions (kitchen-inspec with multiple test suites, for example), this may be
|
55
|
+
# called multple times. Don't reload anything.
|
56
|
+
next if plugin_details.loaded
|
57
|
+
|
53
58
|
# We want to capture literally any possible exception here, since we are storing them.
|
54
59
|
# rubocop: disable Lint/RescueException
|
55
60
|
begin
|
@@ -125,7 +130,7 @@ module Inspec::Plugin::V2
|
|
125
130
|
end
|
126
131
|
|
127
132
|
def self.plugin_gem_path
|
128
|
-
require "rbconfig"
|
133
|
+
require "rbconfig" unless defined?(RbConfig)
|
129
134
|
ruby_abi_version = RbConfig::CONFIG["ruby_version"]
|
130
135
|
# TODO: why are we installing under the api directory for plugins?
|
131
136
|
base_dir = Inspec.config_dir
|
data/lib/inspec/profile.rb
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
# Copyright 2015 Dominik Richter
|
2
2
|
|
3
|
-
require "forwardable"
|
4
|
-
require "openssl"
|
5
|
-
require "pathname"
|
3
|
+
require "forwardable" unless defined?(Forwardable)
|
4
|
+
require "openssl" unless defined?(OpenSSL)
|
5
|
+
require "pathname" unless defined?(Pathname)
|
6
6
|
require "inspec/input_registry"
|
7
7
|
require "inspec/cached_fetcher" # TODO: split or rename
|
8
8
|
require "inspec/source_reader"
|
@@ -4,7 +4,7 @@ require "inspec/resource"
|
|
4
4
|
require "inspec/library_eval_context"
|
5
5
|
require "inspec/control_eval_context"
|
6
6
|
require "inspec/require_loader"
|
7
|
-
require "securerandom"
|
7
|
+
require "securerandom" unless defined?(SecureRandom)
|
8
8
|
require "inspec/input_registry"
|
9
9
|
|
10
10
|
module Inspec
|
@@ -1,4 +1,4 @@
|
|
1
|
-
require "json"
|
1
|
+
require "json" unless defined?(JSON)
|
2
2
|
|
3
3
|
module Inspec::Reporters
|
4
4
|
# rubocop:disable Layout/AlignHash, Style/BlockDelimiters
|
@@ -40,6 +40,8 @@ module Inspec::Reporters
|
|
40
40
|
message: r[:message],
|
41
41
|
exception: r[:exception],
|
42
42
|
backtrace: r[:backtrace],
|
43
|
+
resource_class: r[:resource_class],
|
44
|
+
resource_params: r[:resource_params].to_s,
|
43
45
|
}.reject { |_k, v| v.nil? }
|
44
46
|
}
|
45
47
|
end
|
data/lib/inspec/resource.rb
CHANGED
@@ -108,6 +108,7 @@ module Inspec
|
|
108
108
|
# Infrastructure / Bookkeeping
|
109
109
|
|
110
110
|
def self.__register(name, resource_klass)
|
111
|
+
# This has bitten us and should be a great candidate to remove in InSpec5
|
111
112
|
cl = Class.new(resource_klass) do # TODO: remove
|
112
113
|
# As best I can figure out, this anonymous class only exists
|
113
114
|
# because we're trying to avoid having resources with
|
@@ -116,6 +117,7 @@ module Inspec
|
|
116
117
|
# documentation.
|
117
118
|
def initialize(backend, name, *args)
|
118
119
|
supersuper_initialize(backend, name) do
|
120
|
+
@resource_params = args
|
119
121
|
super(*args)
|
120
122
|
end
|
121
123
|
end
|
data/lib/inspec/resources.rb
CHANGED
@@ -16,11 +16,11 @@ inspec_core_only = ENV["NO_AWS"] || !File.exist?(File.join(File.dirname(__FILE__
|
|
16
16
|
# Do not attempt to load cloud resources if we are in inspec-core mode
|
17
17
|
unless inspec_core_only
|
18
18
|
require "resource_support/aws"
|
19
|
-
require "resources/azure/azure_backend
|
20
|
-
require "resources/azure/azure_generic_resource
|
21
|
-
require "resources/azure/azure_resource_group
|
22
|
-
require "resources/azure/azure_virtual_machine
|
23
|
-
require "resources/azure/azure_virtual_machine_data_disk
|
19
|
+
require "resources/azure/azure_backend"
|
20
|
+
require "resources/azure/azure_generic_resource"
|
21
|
+
require "resources/azure/azure_resource_group"
|
22
|
+
require "resources/azure/azure_virtual_machine"
|
23
|
+
require "resources/azure/azure_virtual_machine_data_disk"
|
24
24
|
end
|
25
25
|
|
26
26
|
require "inspec/resources/aide_conf"
|
data/lib/inspec/resources/apt.rb
CHANGED
data/lib/inspec/resources/csv.rb
CHANGED
@@ -20,7 +20,7 @@ module Inspec::Resources
|
|
20
20
|
# { 'name' => 'row2', 'col1' => 'value3', 'col2' => 'value4' }
|
21
21
|
# ]
|
22
22
|
def parse(content)
|
23
|
-
require "csv"
|
23
|
+
require "csv" unless defined?(CSV)
|
24
24
|
|
25
25
|
# convert empty field to nil
|
26
26
|
CSV::Converters[:blank_to_nil] = lambda do |field|
|
@@ -29,7 +29,7 @@ module Inspec::Resources
|
|
29
29
|
@content = read_file(@conf_path)
|
30
30
|
@kernel = kernel || "default"
|
31
31
|
rescue UnknownGrubConfig
|
32
|
-
skip_resource "The `
|
32
|
+
skip_resource "The `grub_conf` resource is not yet supported on the target OS #{inspec.os[:name]}."
|
33
33
|
end
|
34
34
|
|
35
35
|
def config_for_platform(path)
|
@@ -77,6 +77,7 @@ module Inspec::Resources
|
|
77
77
|
|
78
78
|
def grub2_parse_kernel_lines(content, conf)
|
79
79
|
menu_entries = extract_menu_entries(content)
|
80
|
+
return {} if menu_entries.empty?
|
80
81
|
|
81
82
|
if @kernel == "default"
|
82
83
|
default_menu_entry(menu_entries, conf["GRUB_DEFAULT"])
|
@@ -1,2 +1,2 @@
|
|
1
1
|
# This is just here to make the dynamic loader happy.
|
2
|
-
require "inspec/resources/iis_website
|
2
|
+
require "inspec/resources/iis_website"
|
@@ -24,7 +24,7 @@ module Inspec::Resources
|
|
24
24
|
.install_filter_methods_on_resource(self, :scan_interfaces)
|
25
25
|
|
26
26
|
def ipv4_address
|
27
|
-
require "ipaddr"
|
27
|
+
require "ipaddr" unless defined?(IPAddr)
|
28
28
|
|
29
29
|
# Loop over interface names
|
30
30
|
# Select those that are up and have an ipv4 address
|
@@ -48,7 +48,7 @@ module Inspec::Resources
|
|
48
48
|
# @return [Object] the value stored at this position
|
49
49
|
def method_missing(*keys)
|
50
50
|
# catch bahavior of rspec its implementation
|
51
|
-
# @see https://github.com/rspec/rspec-its/blob/
|
51
|
+
# @see https://github.com/rspec/rspec-its/blob/v1.2.0/lib/rspec/its.rb#L110
|
52
52
|
keys.shift if keys.is_a?(Array) && keys[0] == :[]
|
53
53
|
value(keys)
|
54
54
|
end
|
@@ -66,7 +66,7 @@ module Inspec::Resources
|
|
66
66
|
private
|
67
67
|
|
68
68
|
def parse(content)
|
69
|
-
require "json"
|
69
|
+
require "json" unless defined?(JSON)
|
70
70
|
JSON.parse(content)
|
71
71
|
rescue => e
|
72
72
|
raise Inspec::Exceptions::ResourceFailed, "Unable to parse JSON: #{e.message}"
|
@@ -12,6 +12,10 @@ module Inspec::Resources
|
|
12
12
|
class MssqlSession < Inspec.resource(1)
|
13
13
|
name "mssql_session"
|
14
14
|
supports platform: "windows"
|
15
|
+
supports platform: "darwin"
|
16
|
+
supports platform: "debian"
|
17
|
+
supports platform: "redhat"
|
18
|
+
supports platform: "suse"
|
15
19
|
desc "Use the mssql_session InSpec audit resource to test SQL commands run against a MS Sql Server database."
|
16
20
|
example <<~EXAMPLE
|
17
21
|
# Using SQL authentication
|
@@ -95,7 +99,7 @@ module Inspec::Resources
|
|
95
99
|
end
|
96
100
|
|
97
101
|
def parse_csv_result(cmd)
|
98
|
-
require "csv"
|
102
|
+
require "csv" unless defined?(CSV)
|
99
103
|
table = CSV.parse(cmd.stdout, headers: true)
|
100
104
|
|
101
105
|
# remove first row, since it will be a seperator line
|
@@ -1,7 +1,7 @@
|
|
1
1
|
require "inspec/utils/nginx_parser"
|
2
2
|
require "inspec/utils/find_files"
|
3
3
|
require "inspec/utils/file_reader"
|
4
|
-
require "forwardable"
|
4
|
+
require "forwardable" unless defined?(Forwardable)
|
5
5
|
|
6
6
|
# STABILITY: Experimental
|
7
7
|
# This resouce needs a proper interace to the underlying data, which is currently missing.
|
data/lib/inspec/resources/npm.rb
CHANGED
@@ -314,7 +314,7 @@ module Inspec::Resources
|
|
314
314
|
# Find the package
|
315
315
|
cmd = inspec.command <<-EOF.gsub(/^\s*/, "")
|
316
316
|
Get-ItemProperty (@("#{search_paths.join('", "')}") | Where-Object { Test-Path $_ }) |
|
317
|
-
Where-Object { $_.DisplayName -
|
317
|
+
Where-Object { $_.DisplayName -like "#{package_name}" -or $_.PSChildName -like "#{package_name}" } |
|
318
318
|
Select-Object -Property DisplayName,DisplayVersion | ConvertTo-Json
|
319
319
|
EOF
|
320
320
|
|
@@ -55,8 +55,11 @@ module Inspec::Resources
|
|
55
55
|
read_params unless @content.nil?
|
56
56
|
end
|
57
57
|
|
58
|
-
def method_missing(name)
|
59
|
-
|
58
|
+
def method_missing(*name)
|
59
|
+
# catch bahavior of rspec its implementation
|
60
|
+
# @see https://github.com/rspec/rspec-its/blob/v1.2.0/lib/rspec/its.rb#L110
|
61
|
+
name.shift if name.is_a?(Array) && name[0] == :[]
|
62
|
+
read_params[name[0].to_s]
|
60
63
|
end
|
61
64
|
|
62
65
|
def params(*opts)
|
@@ -81,7 +81,7 @@ module Inspec::Resources
|
|
81
81
|
when :os, :platform then
|
82
82
|
platform?(v)
|
83
83
|
when :os_name, :platform_name then
|
84
|
-
|
84
|
+
check_name(v)
|
85
85
|
when :release then
|
86
86
|
check_release(v)
|
87
87
|
end
|
@@ -99,6 +99,16 @@ module Inspec::Resources
|
|
99
99
|
|
100
100
|
private
|
101
101
|
|
102
|
+
def check_name(value)
|
103
|
+
# allow wild card matching
|
104
|
+
if value.include?("*")
|
105
|
+
cleaned = Regexp.escape(value).gsub('\*', ".*?")
|
106
|
+
name =~ /#{cleaned}/
|
107
|
+
else
|
108
|
+
name == value
|
109
|
+
end
|
110
|
+
end
|
111
|
+
|
102
112
|
def check_release(value)
|
103
113
|
# allow wild card matching
|
104
114
|
if value.include?("*")
|
data/lib/inspec/resources/ppa.rb
CHANGED
@@ -1,2 +1,2 @@
|
|
1
1
|
# This is just here to make the dynamic loader happy.
|
2
|
-
require "inspec/resources/apt
|
2
|
+
require "inspec/resources/apt"
|
@@ -1,2 +1,2 @@
|
|
1
1
|
# This is just here to make the dynamic loader happy.
|
2
|
-
require "inspec/resources/rabbitmq_config
|
2
|
+
require "inspec/resources/rabbitmq_config"
|
@@ -1,2 +1,2 @@
|
|
1
1
|
# This is just here to make the dynamic loader happy.
|
2
|
-
require "inspec/resources/ssh_config
|
2
|
+
require "inspec/resources/ssh_config"
|
data/lib/inspec/resources/ssl.rb
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
# copyright: 2015, Chef Software Inc.
|
2
2
|
|
3
|
-
require "sslshake"
|
3
|
+
require "sslshake" unless defined?(SSLShake)
|
4
4
|
require "inspec/utils/filter"
|
5
|
-
require "uri"
|
5
|
+
require "uri" unless defined?(URI)
|
6
6
|
require "parallel"
|
7
7
|
|
8
8
|
# Custom resource based on the InSpec resource DSL
|
@@ -1,2 +1,2 @@
|
|
1
1
|
# This is just here to make the dynamic loader happy.
|
2
|
-
require "inspec/resources/registry_key
|
2
|
+
require "inspec/resources/registry_key"
|
data/lib/inspec/resources/wmi.rb
CHANGED
@@ -16,7 +16,10 @@ module Inspec::Resources
|
|
16
16
|
namespace: 'root\\rsop\\computer',
|
17
17
|
filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'
|
18
18
|
}) do
|
19
|
-
its('Setting') { should
|
19
|
+
its('Setting') { should cmp true }
|
20
|
+
end
|
21
|
+
describe wmi({namespace: "root\\cimv2", query: "SELECT installstate FROM win32_optionalfeature"}) do
|
22
|
+
its("installstate") { should include 2 }
|
20
23
|
end
|
21
24
|
EXAMPLE
|
22
25
|
|
@@ -36,7 +39,7 @@ module Inspec::Resources
|
|
36
39
|
# returns nil, if not existant or value
|
37
40
|
def method_missing(*keys)
|
38
41
|
# catch behavior of rspec its implementation
|
39
|
-
# @see https://github.com/rspec/rspec-its/blob/
|
42
|
+
# @see https://github.com/rspec/rspec-its/blob/v1.2.0/lib/rspec/its.rb#L110
|
40
43
|
keys.shift if keys.is_a?(Array) && keys[0] == :[]
|
41
44
|
|
42
45
|
# map all symbols to strings
|
@@ -66,13 +69,18 @@ module Inspec::Resources
|
|
66
69
|
|
67
70
|
# run wmi command and filter empty wmi
|
68
71
|
script = <<-EOH
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
$
|
73
|
-
|
72
|
+
Function Aggregate {
|
73
|
+
$propsHash = @{}
|
74
|
+
ForEach ($wmiObj in $Input) {
|
75
|
+
ForEach ($wmiProp in $wmiObj.properties) {
|
76
|
+
If($propsHash.ContainsKey($wmiProp.name)) {
|
77
|
+
$propsHash[$wmiProp.name].add($wmiProp.value) | Out-Null
|
78
|
+
} Else {
|
79
|
+
$propsHash[$wmiProp.name] = [System.Collections.ArrayList]@($wmiProp.value)
|
80
|
+
}
|
74
81
|
}
|
75
|
-
|
82
|
+
}
|
83
|
+
$propsHash
|
76
84
|
}
|
77
85
|
Get-WmiObject #{params} | Aggregate | ConvertTo-Json
|
78
86
|
EOH
|