inspec-core 4.23.15 → 4.25.1

data/lib/inspec/plugin/v2/loader.rb

@@ -50,6 +50,11 @@ module Inspec::Plugin::V2
       # we want to allow "sidecar loading", in which case a plugin may add an entry to the registry.
       registry.plugin_names.dup.each do |plugin_name|
         plugin_details = registry[plugin_name]
+
+        # Under some conditions (kitchen-inspec with multiple test suites, for example), this may be
+        # called multple times. Don't reload anything.
+        next if plugin_details.loaded
+
         # We want to capture literally any possible exception here, since we are storing them.
         # rubocop: disable Lint/RescueException
         begin
@@ -125,7 +130,7 @@ module Inspec::Plugin::V2
     end
 
     def self.plugin_gem_path
-      require "rbconfig"
+      require "rbconfig" unless defined?(RbConfig)
       ruby_abi_version = RbConfig::CONFIG["ruby_version"]
       # TODO: why are we installing under the api directory for plugins?
       base_dir = Inspec.config_dir

data/lib/inspec/plugin/v2/registry.rb

@@ -1,5 +1,5 @@
-require "forwardable"
-require "singleton"
+require "forwardable" unless defined?(Forwardable)
+require "singleton" unless defined?(Singleton)
 require "train"
 
 require_relative "status"

data/lib/inspec/profile.rb

@@ -1,8 +1,8 @@
 # Copyright 2015 Dominik Richter
 
-require "forwardable"
-require "openssl"
-require "pathname"
+require "forwardable" unless defined?(Forwardable)
+require "openssl" unless defined?(OpenSSL)
+require "pathname" unless defined?(Pathname)
 require "inspec/input_registry"
 require "inspec/cached_fetcher" # TODO: split or rename
 require "inspec/source_reader"

data/lib/inspec/profile_context.rb

@@ -4,7 +4,7 @@ require "inspec/resource"
 require "inspec/library_eval_context"
 require "inspec/control_eval_context"
 require "inspec/require_loader"
-require "securerandom"
+require "securerandom" unless defined?(SecureRandom)
 require "inspec/input_registry"
 
 module Inspec

data/lib/inspec/reporters/automate.rb

@@ -1,5 +1,5 @@
-require "json"
-require "net/http"
+require "json" unless defined?(JSON)
+require "net/http" unless defined?(Net::HTTP)
 
 module Inspec::Reporters
   class Automate < JsonAutomate

data/lib/inspec/reporters/json.rb

@@ -1,4 +1,4 @@
-require "json"
+require "json" unless defined?(JSON)
 
 module Inspec::Reporters
   # rubocop:disable Layout/AlignHash, Style/BlockDelimiters
@@ -40,6 +40,8 @@ module Inspec::Reporters
           message:      r[:message],
           exception:    r[:exception],
           backtrace:    r[:backtrace],
+          resource_class: r[:resource_class],
+          resource_params: r[:resource_params].to_s,
         }.reject { |_k, v| v.nil? }
       }
     end

data/lib/inspec/reporters/json_automate.rb

@@ -1,4 +1,4 @@
-require "json"
+require "json" unless defined?(JSON)
 
 module Inspec::Reporters
   class JsonAutomate < Json

data/lib/inspec/resource.rb

@@ -108,6 +108,7 @@ module Inspec
     # Infrastructure / Bookkeeping
 
     def self.__register(name, resource_klass)
+      # This has bitten us and should be a great candidate to remove in InSpec5
       cl = Class.new(resource_klass) do # TODO: remove
         # As best I can figure out, this anonymous class only exists
         # because we're trying to avoid having resources with
@@ -116,6 +117,7 @@ module Inspec
         # documentation.
         def initialize(backend, name, *args)
           supersuper_initialize(backend, name) do
+            @resource_params = args
             super(*args)
           end
         end

data/lib/inspec/resources.rb

@@ -16,11 +16,11 @@ inspec_core_only = ENV["NO_AWS"] || !File.exist?(File.join(File.dirname(__FILE__
 # Do not attempt to load cloud resources if we are in inspec-core mode
 unless inspec_core_only
   require "resource_support/aws"
-  require "resources/azure/azure_backend.rb"
-  require "resources/azure/azure_generic_resource.rb"
-  require "resources/azure/azure_resource_group.rb"
-  require "resources/azure/azure_virtual_machine.rb"
-  require "resources/azure/azure_virtual_machine_data_disk.rb"
+  require "resources/azure/azure_backend"
+  require "resources/azure/azure_generic_resource"
+  require "resources/azure/azure_resource_group"
+  require "resources/azure/azure_virtual_machine"
+  require "resources/azure/azure_virtual_machine_data_disk"
 end
 
 require "inspec/resources/aide_conf"

data/lib/inspec/resources/apt.rb

@@ -24,7 +24,7 @@ require "inspec/resources/command"
 # apt-get install software-properties-common
 # add-apt-repository ppa:ubuntu-wine/ppa
 
-require "uri"
+require "uri" unless defined?(URI)
 
 module Inspec::Resources
   class AptRepository < Inspec.resource(1)

data/lib/inspec/resources/auditd.rb

@@ -1,4 +1,4 @@
-require "forwardable"
+require "forwardable" unless defined?(Forwardable)
 require "inspec/utils/filter_array"
 require "inspec/utils/filter"
 require "inspec/utils/parser"

data/lib/inspec/resources/csv.rb

@@ -20,7 +20,7 @@ module Inspec::Resources
     #      { 'name' => 'row2', 'col1' => 'value3', 'col2' => 'value4' }
     #    ]
     def parse(content)
-      require "csv"
+      require "csv" unless defined?(CSV)
 
       # convert empty field to nil
       CSV::Converters[:blank_to_nil] = lambda do |field|

data/lib/inspec/resources/dh_params.rb

@@ -1,4 +1,4 @@
-require "openssl"
+require "openssl" unless defined?(OpenSSL)
 require "inspec/utils/file_reader"
 
 module Inspec::Resources

data/lib/inspec/resources/file.rb

@@ -1,6 +1,6 @@
 # copyright: 2015, Vulcano Security GmbH
 
-require "shellwords"
+require "shellwords" unless defined?(Shellwords)
 require "inspec/utils/parser"
 
 module Inspec::Resources

data/lib/inspec/resources/grub_conf.rb

@@ -29,7 +29,7 @@ module Inspec::Resources
       @content = read_file(@conf_path)
       @kernel = kernel || "default"
     rescue UnknownGrubConfig
-      skip_resource "The `grub_config` resource is not supported on your OS yet."
+      skip_resource "The `grub_conf` resource is not yet supported on the target OS #{inspec.os[:name]}."
     end
 
     def config_for_platform(path)
@@ -77,6 +77,7 @@ module Inspec::Resources
 
     def grub2_parse_kernel_lines(content, conf)
       menu_entries = extract_menu_entries(content)
+      return {} if menu_entries.empty?
 
       if @kernel == "default"
         default_menu_entry(menu_entries, conf["GRUB_DEFAULT"])

data/lib/inspec/resources/http.rb

@@ -3,7 +3,7 @@
 # license: Apache v2
 
 require "inspec/resources/command"
-require "faraday"
+require "faraday" unless defined?(Faraday)
 require "faraday_middleware"
 require "hashie"
 

data/lib/inspec/resources/iis_website.rb

@@ -1,2 +1,2 @@
 # This is just here to make the dynamic loader happy.
-require "inspec/resources/iis_website.rb"
+require "inspec/resources/iis_website"

data/lib/inspec/resources/interfaces.rb

@@ -24,7 +24,7 @@ module Inspec::Resources
       .install_filter_methods_on_resource(self, :scan_interfaces)
 
     def ipv4_address
-      require "ipaddr"
+      require "ipaddr" unless defined?(IPAddr)
 
       # Loop over interface names
       # Select those that are up and have an ipv4 address

data/lib/inspec/resources/json.rb

@@ -48,7 +48,7 @@ module Inspec::Resources
     # @return [Object] the value stored at this position
     def method_missing(*keys)
       # catch bahavior of rspec its implementation
-      # @see https://github.com/rspec/rspec-its/blob/master/lib/rspec/its.rb#L110
+      # @see https://github.com/rspec/rspec-its/blob/v1.2.0/lib/rspec/its.rb#L110
       keys.shift if keys.is_a?(Array) && keys[0] == :[]
       value(keys)
     end
@@ -66,7 +66,7 @@ module Inspec::Resources
     private
 
     def parse(content)
-      require "json"
+      require "json" unless defined?(JSON)
       JSON.parse(content)
     rescue => e
       raise Inspec::Exceptions::ResourceFailed, "Unable to parse JSON: #{e.message}"

data/lib/inspec/resources/key_rsa.rb

@@ -1,4 +1,4 @@
-require "openssl"
+require "openssl" unless defined?(OpenSSL)
 require "hashie/mash"
 require "inspec/utils/file_reader"
 require "inspec/utils/pkey_reader"

data/lib/inspec/resources/mssql_session.rb

@@ -12,6 +12,10 @@ module Inspec::Resources
   class MssqlSession < Inspec.resource(1)
     name "mssql_session"
     supports platform: "windows"
+    supports platform: "darwin"
+    supports platform: "debian"
+    supports platform: "redhat"
+    supports platform: "suse"
     desc "Use the mssql_session InSpec audit resource to test SQL commands run against a MS Sql Server database."
     example <<~EXAMPLE
       # Using SQL authentication
@@ -95,7 +99,7 @@ module Inspec::Resources
     end
 
     def parse_csv_result(cmd)
-      require "csv"
+      require "csv" unless defined?(CSV)
       table = CSV.parse(cmd.stdout, headers: true)
 
       # remove first row, since it will be a seperator line

data/lib/inspec/resources/mysql_session.rb

@@ -1,7 +1,7 @@
 # copyright: 2015, Vulcano Security GmbH
 
 require "inspec/resources/command"
-require "shellwords"
+require "shellwords" unless defined?(Shellwords)
 
 module Inspec::Resources
   class Lines

data/lib/inspec/resources/nginx.rb

@@ -1,4 +1,4 @@
-require "pathname"
+require "pathname" unless defined?(Pathname)
 require "hashie/mash"
 require "inspec/resources/command"
 

data/lib/inspec/resources/nginx_conf.rb

@@ -1,7 +1,7 @@
 require "inspec/utils/nginx_parser"
 require "inspec/utils/find_files"
 require "inspec/utils/file_reader"
-require "forwardable"
+require "forwardable" unless defined?(Forwardable)
 
 # STABILITY: Experimental
 # This resouce needs a proper interace to the underlying data, which is currently missing.

data/lib/inspec/resources/npm.rb

@@ -1,5 +1,5 @@
 require "inspec/resources/command"
-require "shellwords"
+require "shellwords" unless defined?(Shellwords)
 
 module Inspec::Resources
   class NpmPackage < Inspec.resource(1)

data/lib/inspec/resources/oracledb_session.rb

@@ -1,7 +1,7 @@
 require "inspec/resources/command"
 require "inspec/utils/database_helpers"
 require "hashie/mash"
-require "csv"
+require "csv" unless defined?(CSV)
 
 module Inspec::Resources
   # STABILITY: Experimental

data/lib/inspec/resources/package.rb

@@ -314,7 +314,7 @@ module Inspec::Resources
       # Find the package
       cmd = inspec.command <<-EOF.gsub(/^\s*/, "")
         Get-ItemProperty (@("#{search_paths.join('", "')}") | Where-Object { Test-Path $_ }) |
-        Where-Object { $_.DisplayName -match "^\s*#{package_name.shellescape}\.*" -or $_.PSChildName -match "^\s*#{package_name.shellescape}\.*" } |
+        Where-Object { $_.DisplayName -like "#{package_name}" -or $_.PSChildName -like "#{package_name}" } |
         Select-Object -Property DisplayName,DisplayVersion | ConvertTo-Json
       EOF
 

data/lib/inspec/resources/parse_config.rb

@@ -55,8 +55,11 @@ module Inspec::Resources
       read_params unless @content.nil?
     end
 
-    def method_missing(name)
-      read_params[name.to_s]
+    def method_missing(*name)
+      # catch bahavior of rspec its implementation
+      # @see https://github.com/rspec/rspec-its/blob/v1.2.0/lib/rspec/its.rb#L110
+      name.shift if name.is_a?(Array) && name[0] == :[]
+      read_params[name[0].to_s]
     end
 
     def params(*opts)

data/lib/inspec/resources/platform.rb

@@ -81,7 +81,7 @@ module Inspec::Resources
           when :os, :platform then
             platform?(v)
           when :os_name, :platform_name then
-            name == v
+            check_name(v)
           when :release then
             check_release(v)
           end
@@ -99,6 +99,16 @@ module Inspec::Resources
 
     private
 
+    def check_name(value)
+      # allow wild card matching
+      if value.include?("*")
+        cleaned = Regexp.escape(value).gsub('\*', ".*?")
+        name =~ /#{cleaned}/
+      else
+        name == value
+      end
+    end
+
     def check_release(value)
       # allow wild card matching
       if value.include?("*")

data/lib/inspec/resources/port.rb

@@ -1,6 +1,6 @@
 require "inspec/utils/parser"
 require "inspec/utils/filter"
-require "ipaddr"
+require "ipaddr" unless defined?(IPAddr)
 
 # TODO: currently we return local ip only
 # TODO: improve handling of same port on multiple interfaces

data/lib/inspec/resources/postgres_session.rb

@@ -1,6 +1,6 @@
 # copyright: 2015, Vulcano Security GmbH
 
-require "shellwords"
+require "shellwords" unless defined?(Shellwords)
 
 module Inspec::Resources
   class Lines

data/lib/inspec/resources/ppa.rb

@@ -1,2 +1,2 @@
 # This is just here to make the dynamic loader happy.
-require "inspec/resources/apt.rb"
+require "inspec/resources/apt"

data/lib/inspec/resources/processes.rb

@@ -1,7 +1,7 @@
 # copyright: 2015, Vulcano Security GmbH
 
 require "inspec/utils/filter"
-require "ostruct"
+require "ostruct" unless defined?(OpenStruct)
 require "inspec/resources/command"
 
 module Inspec::Resources

data/lib/inspec/resources/rabbitmq_conf.rb

@@ -1,2 +1,2 @@
 # This is just here to make the dynamic loader happy.
-require "inspec/resources/rabbitmq_config.rb"
+require "inspec/resources/rabbitmq_config"

data/lib/inspec/resources/registry_key.rb

@@ -1,6 +1,6 @@
 # copyright: 2015, Vulcano Security GmbH
 
-require "json"
+require "json" unless defined?(JSON)
 require "inspec/resources/powershell"
 
 # Three constructor methods are available:

data/lib/inspec/resources/ssh_config.rb

@@ -7,6 +7,7 @@ module Inspec::Resources
   class SshConfig < Inspec.resource(1)
     name "ssh_config"
     supports platform: "unix"
+    supports platform: "windows"
     desc "Use the `ssh_config` InSpec audit resource to test OpenSSH client configuration data located at `/etc/ssh/ssh_config` on Linux and Unix platforms."
     example <<~EXAMPLE
       describe ssh_config do
@@ -19,7 +20,7 @@ module Inspec::Resources
     include FileReader
 
     def initialize(conf_path = nil, type = nil)
-      @conf_path = conf_path || "/etc/ssh/ssh_config"
+      @conf_path = conf_path || ssh_config_file("ssh_config")
       typename = (@conf_path.include?("sshd") ? "Server" : "Client")
       @type = type || "SSH #{typename} configuration #{conf_path}"
       read_content
@@ -75,11 +76,21 @@ module Inspec::Resources
       )
       @params = convert_hash(conf.params)
     end
+
+    def ssh_config_file(type)
+      if inspec.os.windows?
+        programdata = inspec.os_env("programdata").content
+        return "#{programdata}\\ssh\\#{type}"
+      end
+
+      "/etc/ssh/#{type}"
+    end
   end
 
   class SshdConfig < SshConfig
     name "sshd_config"
     supports platform: "unix"
+    supports platform: "windows"
     desc "Use the sshd_config InSpec audit resource to test configuration data for the Open SSH daemon located at /etc/ssh/sshd_config on Linux and UNIX platforms. sshd---the Open SSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command execution, and data exchanges."
     example <<~EXAMPLE
       describe sshd_config do
@@ -88,11 +99,22 @@ module Inspec::Resources
     EXAMPLE
 
     def initialize(path = nil)
-      super(path || "/etc/ssh/sshd_config")
+      super(path || ssh_config_file("sshd_config"))
     end
 
     def to_s
       "SSHD Configuration"
     end
+
+    private
+
+    def ssh_config_file(type)
+      if inspec.os.windows?
+        programdata = inspec.os_env("programdata").content
+        return "#{programdata}\\ssh\\#{type}"
+      end
+
+      "/etc/ssh/#{type}"
+    end
   end
 end