inspec-core 4.23.4 → 4.24.26

data/lib/inspec/resources/toml.rb

@@ -1,4 +1,4 @@
-require "tomlrb"
+require "tomlrb" unless defined?(Tomlrb)
 require "inspec/resources/json"
 
 module Inspec::Resources

data/lib/inspec/resources/vbscript.rb

@@ -1,5 +1,5 @@
 require "inspec/resources/powershell"
-require "securerandom"
+require "securerandom" unless defined?(SecureRandom)
 
 module Inspec::Resources
   # This resource allows users to run vbscript on windows machines. We decided

data/lib/inspec/resources/windows_registry_key.rb

@@ -1,2 +1,2 @@
 # This is just here to make the dynamic loader happy.
-require "inspec/resources/registry_key.rb"
+require "inspec/resources/registry_key"

data/lib/inspec/resources/wmi.rb

@@ -16,7 +16,10 @@ module Inspec::Resources
         namespace: 'root\\rsop\\computer',
         filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'
       }) do
-         its('Setting') { should eq true }
+         its('Setting') { should cmp true }
+      end
+      describe wmi({namespace: "root\\cimv2", query: "SELECT installstate FROM win32_optionalfeature"}) do
+        its("installstate") { should include 2 }
       end
     EXAMPLE
 
@@ -36,7 +39,7 @@ module Inspec::Resources
     # returns nil, if not existant or value
     def method_missing(*keys)
       # catch behavior of rspec its implementation
-      # @see https://github.com/rspec/rspec-its/blob/master/lib/rspec/its.rb#L110
+      # @see https://github.com/rspec/rspec-its/blob/v1.2.0/lib/rspec/its.rb#L110
       keys.shift if keys.is_a?(Array) && keys[0] == :[]
 
       # map all symbols to strings
@@ -66,13 +69,18 @@ module Inspec::Resources
 
       # run wmi command and filter empty wmi
       script = <<-EOH
-      Filter Aggregate
-      {
-          $arr = @{}
-          $_.properties | % {
-              $arr.Add($_.name, $_.value)
+      Function Aggregate {
+        $propsHash = @{}
+        ForEach ($wmiObj in $Input) {
+          ForEach ($wmiProp in $wmiObj.properties) {
+            If($propsHash.ContainsKey($wmiProp.name)) {
+              $propsHash[$wmiProp.name].add($wmiProp.value) | Out-Null
+            } Else {
+              $propsHash[$wmiProp.name] = [System.Collections.ArrayList]@($wmiProp.value)
+            }
           }
-          $arr
+        }
+        $propsHash
       }
       Get-WmiObject #{params} | Aggregate | ConvertTo-Json
       EOH

data/lib/inspec/resources/x509_certificate.rb

@@ -1,4 +1,4 @@
-require "openssl"
+require "openssl" unless defined?(OpenSSL)
 require "hashie/mash"
 require "inspec/utils/file_reader"
 

data/lib/inspec/resources/xml.rb

@@ -13,7 +13,7 @@ module Inspec::Resources
     EXAMPLE
 
     def parse(content)
-      require "rexml/document"
+      require "rexml/document" unless defined?(REXML::Document)
       REXML::Document.new(content)
     rescue => e
       raise Inspec::Exceptions::ResourceFailed, "Unable to parse XML: #{e.message}"

data/lib/inspec/rule.rb

@@ -343,14 +343,8 @@ module Inspec
       __waiver_data["skipped_due_to_waiver"] = false
       __waiver_data["message"] = ""
 
-      # Waivers should have a hash value with keys possibly including "run" and
-      # expiration_date. We only care here if it has a "run" key and it
-      # is false-like, since all non-skipped waiver operations are handled
-      # during reporting phase.
-      return unless __waiver_data.key?("run") && !__waiver_data["run"]
-
-      # OK, the intent is to skip. Does it have an expiration date, and
-      # if so, is it in the future?
+      # Does it have an expiration date, and if so, is it in the future?
+      # This sets a waiver message before checking `run: true`
       expiry = __waiver_data["expiration_date"]
       if expiry
         # YAML will automagically give us a Date or a Time.
@@ -370,6 +364,12 @@ module Inspec
         end
       end
 
+      # Waivers should have a hash value with keys possibly including "run" and
+      # expiration_date. We only care here if it has a "run" key and it
+      # is false-like, since all non-skipped waiver operations are handled
+      # during reporting phase.
+      return unless __waiver_data.key?("run") && !__waiver_data["run"]
+
       # OK, apply a skip.
       @__skip_rule[:result] = true
       @__skip_rule[:type] = :waiver

data/lib/inspec/run_data.rb

@@ -47,7 +47,7 @@ module Inspec
     # core reporters have been migrated to plugins. It is probable that new data elements
     # and new Hash compatibility behavior will be added during the core reporter plugin
     # conversion process.
-    SCHEMA_VERSION = "0.2.0".freeze
+    SCHEMA_VERSION = "0.3.0".freeze
 
     def self.compatible_schema?(constraints)
       reqs = Gem::Requirement.create(constraints)

data/lib/inspec/run_data/result.rb

@@ -8,6 +8,7 @@ module Inspec
       :run_time,            # Float seconds execution time
       :skip_message,        # String
       :start_time,          # DateTime
+      :resource_params,     # What is passed to the resource as a raw grep
       :status, # String
       :resource_title, # Ugly internals
       # :waiver_data,       # Undocumented tramp data / not exposed in this API
@@ -34,6 +35,7 @@ module Inspec
         end
 
         self.resource_name = raw_res_data[:resource_title].instance_variable_get(:@__resource_name__)&.to_s
+        self.resource_params = raw_res_data[:resource_title].instance_variable_get(:@grep)&.to_s
       end
     end
   end

data/lib/inspec/runner.rb

@@ -1,7 +1,7 @@
 # copyright: 2015, Dominik Richter
 
-require "forwardable"
-require "uri"
+require "forwardable" unless defined?(Forwardable)
+require "uri" unless defined?(URI)
 require "inspec/backend"
 require "inspec/profile_context"
 require "inspec/profile"

data/lib/inspec/schema.rb

@@ -1,4 +1,4 @@
-require "json"
+require "json" unless defined?(JSON)
 
 module Inspec
   class Schema
@@ -56,6 +56,7 @@ module Inspec
         "code_desc" => { "type" => "string" },
         "run_time" => { "type" => "number" },
         "start_time" => { "type" => "string" },
+        "resource_class" => { "type" => "string", "optional" => true },
         "skip_message" => { "type" => "string", "optional" => true },
         "resource" => { "type" => "string", "optional" => true },
         "message" => { "type" => "string", "optional" => true },
@@ -194,6 +195,7 @@ module Inspec
         "profile_sha256" => { "type" => "string" },
         "status" => { "type" => "string" },
         "code_desc" => { "type" => "string" },
+        "resource_class" => { "type" => "string", "optional" => true },
         "skip_message" => { "type" => "string", "optional" => true },
         "resource" => { "type" => "string", "optional" => true },
         "message" => { "type" => "string", "optional" => true },

data/lib/inspec/schema/exec_json.rb

@@ -74,7 +74,7 @@ module Inspec
         },
       }, [CONTROL_DESCRIPTION, Primitives::REFERENCE, Primitives::SOURCE_LOCATION, CONTROL_RESULT])
 
-      # Based loosely on https://www.inspec.io/docs/reference/profiles/ as of July 3, 2019
+      # Based loosely on https://docs.chef.io/inspec/profiles/ as of July 3, 2019
       # However, concessions were made to the reality of current reporters, specifically
       # with how description is omitted and version/inspec_version aren't as advertised online
       PROFILE = Primitives::SchemaType.new("Exec JSON Profile", {

data/lib/inspec/schema/output_schema.rb

@@ -1,4 +1,4 @@
-require "json"
+require "json" unless defined?(JSON)
 require "inspec/schema/primitives"
 require "inspec/schema/exec_json"
 require "inspec/schema/exec_json_min"

data/lib/inspec/schema/primitives.rb

@@ -1,4 +1,4 @@
-require "set"
+require "set" unless defined?(Set)
 
 # These elements are shared between more than one output type
 

data/lib/inspec/shell.rb

@@ -1,4 +1,4 @@
-require "pry"
+autoload :Pry, "pry"
 
 module Inspec
   # A pry based shell for inspec. Given a runner (with a configured backend and
@@ -137,7 +137,7 @@ module Inspec
         end
 
         info += "#{mark "Web Reference:"}\n\n"
-        info += "https://www.inspec.io/docs/reference/resources/#{topic}\n\n"
+        info += "https://docs.chef.io/inspec/resources/#{topic}\n\n"
         puts info
       else
         begin
@@ -208,7 +208,7 @@ module Inspec
 
           its('content') { should_not match /^MyKey:\\s+some value/ }
 
-        For more examples, see: https://www.inspec.io/docs/reference/matchers/
+        For more examples, see: https://docs.chef.io/inspec/matchers/
 
       EOL
     end

data/lib/inspec/shell_detector.rb

@@ -1,5 +1,5 @@
-require "etc"
-require "rbconfig"
+require "etc" unless defined?(Etc)
+require "rbconfig" unless defined?(RbConfig)
 
 module Inspec
   #

data/lib/inspec/utils/command_wrapper.rb

@@ -1,4 +1,4 @@
-require "shellwords"
+require "shellwords" unless defined?(Shellwords)
 
 class CommandWrapper
   UNIX_SHELLS = %w{sh bash zsh ksh}.freeze

data/lib/inspec/utils/deprecation/config_file.rb

@@ -1,5 +1,5 @@
-require "stringio"
-require "json"
+require "stringio" unless defined?(StringIO)
+require "json" unless defined?(JSON)
 require "inspec/globals"
 require "inspec/config"
 

data/lib/inspec/utils/json_log.rb

@@ -1,4 +1,4 @@
-require "json"
+require "json" unless defined?(JSON)
 
 # a simple streaming json logger
 class Logger::JSONFormatter < Logger::Formatter

data/lib/inspec/utils/telemetry/collector.rb

@@ -1,6 +1,6 @@
 require "inspec/config"
 require "inspec/utils/telemetry/data_series"
-require "singleton"
+require "singleton" unless defined?(Singleton)
 
 module Inspec::Telemetry
   # A Singleton collection of data series objects.

data/lib/inspec/utils/telemetry/data_series.rb

@@ -1,4 +1,4 @@
-require "json"
+require "json" unless defined?(JSON)
 
 module Inspec; end
 

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "4.23.4".freeze
+  VERSION = "4.24.26".freeze
 end

data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb

@@ -1,8 +1,8 @@
-require "base64"
-require "openssl"
-require "pathname"
-require "set"
-require "tempfile"
+require "base64" unless defined?(Base64)
+require "openssl" unless defined?(OpenSSL)
+require "pathname" unless defined?(Pathname)
+require "set" unless defined?(Set)
+require "tempfile" unless defined?(Tempfile)
 require "yaml"
 require "inspec/dist"
 require "inspec/utils/json_profile_summary"

data/lib/plugins/inspec-compliance/README.md

@@ -71,7 +71,7 @@ $ inspec compliance login https://automate.compliance.test --insecure --user 'ad
 
 You will need an access token for authentication. You can retrieve one via:
 
-![Chef Compliance Token](images/cc-token.png)
+![Chef Compliance Token](lib/inspec-compliance/images/cc-token.png)
 
 You can choose the access token (`--token`) or the refresh token (`--refresh_token`)
 

data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb

@@ -1,6 +1,6 @@
-require "net/http"
-require "uri"
-require "json"
+require "net/http" unless defined?(Net::HTTP)
+require "uri" unless defined?(URI)
+require "json" unless defined?(JSON)
 require "inspec/dist"
 
 require_relative "api/login"

data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb

@@ -1,6 +1,6 @@
-require "net/http"
+require "net/http" unless defined?(Net::HTTP)
 require "net/http/post/multipart"
-require "uri"
+require "uri" unless defined?(URI)
 
 module InspecPlugins
   module Compliance

data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb

@@ -1,4 +1,4 @@
-require "uri"
+require "uri" unless defined?(URI)
 require "inspec/fetcher"
 require "inspec/errors"
 require "inspec/dist"
@@ -85,7 +85,7 @@ module InspecPlugins
             # If version was specified, it will be the first and only result.
             # Note we are calling the sha256 as a string, not a symbol since
             # it was returned as json from the Compliance API.
-            profile_info = profile_result.sort_by { |x| Gem::Version.new(x["version"]) }[0]
+            profile_info = profile_result.min_by { |x| Gem::Version.new(x["version"]) }
             profile_checksum = profile_info.key?("sha256") ? profile_info["sha256"] : ""
           end
         end

data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb

@@ -1,7 +1,7 @@
 require "inspec/profile_vendor"
-require "mixlib/shellout"
-require "tomlrb"
-require "ostruct"
+require "mixlib/shellout" unless defined?(Mixlib::ShellOut)
+require "tomlrb" unless defined?(Tomlrb)
+require "ostruct" unless defined?(OpenStruct)
 require "inspec/dist"
 
 module InspecPlugins

data/lib/plugins/inspec-init/lib/inspec-init/cli.rb

@@ -1,4 +1,4 @@
-require "pathname"
+require "pathname" unless defined?(Pathname)
 require_relative "renderer"
 
 module InspecPlugins

data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb

@@ -1,4 +1,4 @@
-require "pathname"
+require "pathname" unless defined?(Pathname)
 require_relative "renderer"
 
 module InspecPlugins

data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb

@@ -1,5 +1,5 @@
-require "fileutils"
-require "erb"
+require "fileutils" unless defined?(FileUtils)
+require "erb" unless defined?(Erb)
 
 module InspecPlugins
   module Init

data/lib/plugins/inspec-init/templates/profiles/aws/README.md

@@ -26,7 +26,7 @@ Creating new profile at /Users/spaterson/my-profile
 aws_vpc_id: 'custom-vpc-id'
 ```
 
-The related control will simply be skipped if this is not provided.  See the [InSpec DSL documentation](https://www.inspec.io/docs/reference/dsl_inspec/) for more details on conditional execution using `only_if`.
+The related control will simply be skipped if this is not provided.  See the [InSpec DSL documentation](https://docs.chef.io/inspec/dsl_inspec/) for more details on conditional execution using `only_if`.
 
 ## Run the tests
 

data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb

@@ -1,4 +1,4 @@
-require "pathname"
+require "pathname" unless defined?(Pathname)
 require "inspec/plugin/v2"
 require "inspec/plugin/v2/installer"
 require "inspec/dist"
@@ -505,8 +505,8 @@ module InspecPlugins
             plugin_name = status.name.to_s
             Inspec::Plugin::V2::Loader.list_installed_plugin_gems
               .select { |spec| spec.name == plugin_name }
-              .sort_by(&:version)
-              .last.version
+              .max_by(&:version)
+              .version
           end
         when :path
           "src"

data/lib/plugins/inspec-reporter-html2/README.md

@@ -24,7 +24,7 @@ Note the `2` in the reporter name. If you omit it and run `--reporter html` inst
 
 ## Configuring the Plugin
 
-The `html2` reporter requires no configuration to function. However, two options--`alternate_css_file` and `alternate_js_file`--are available for customization. The options are set in the JSON-formatted configuration file that Chef InSpec consumes. For details, see [our configuration file documentation](https://www.inspec.io/docs/reference/config/).
+The `html2` reporter requires no configuration to function. However, two options--`alternate_css_file` and `alternate_js_file`--are available for customization. The options are set in the JSON-formatted configuration file that Chef InSpec consumes. For details, see [our configuration file documentation](https://docs.chef.io/inspec/config/).
 
 For example:
 

data/lib/plugins/inspec-reporter-html2/lib/inspec-reporter-html2/reporter.rb

@@ -1,4 +1,4 @@
-require "erb"
+require "erb" unless defined?(Erb)
 require "inspec/config"
 
 module InspecPlugins::Html2Reporter

data/lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min/reporter.rb

@@ -1,4 +1,4 @@
-require "json"
+require "json" unless defined?(JSON)
 
 module InspecPlugins::JsonMinReporter
   class Reporter < Inspec.plugin(2, :reporter)

data/lib/plugins/inspec-reporter-junit/README.md

@@ -1,15 +1,17 @@
-# junit reporter
+# junit and junit2 reporters
 
-This is the implementation of the junit XML reporter.
+This is the implementation of the junit and junit2 XML reporters.
 
-## To Install This Plugin
+## Installation
 
-This plugin is included with inspec. There is no need to install it separately.
+This plugin ships with Chef InSpec and requires no additional installation.
 
-## What This Plugin Does
+## What These Plugins Do
 
-This reporter generates an XML report in Apache Ant JUnit format.
+`junit` is the legacy Chef InSpec JUnit reporter, which is retained for backwards compatibility. It generates an XML report in Apache Ant JUnit format. The output format is considered nonstandard in several ways. New users are advised to use `junit2`.
+
+`junit2` is an updated reporter that provides JUnit output according to the schema published by [Windy Road](https://github.com/windyroad/JUnit-Schema).
 
 ## Implementation Note
 
-This reporter uses the REXML XML generator, but may use more advanced XML systems for testing. This is to keep packaging requirements for CHef InSpec lightweight and free of compiled dependencies.
+This reporter uses the REXML XML generator at runtime, but uses Nokogiri, a more heavyweight XML library, for testing. This design keeps packaging requirements lightweight and free of compiled dependencies.

data/lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit.rb

@@ -3,10 +3,19 @@ module InspecPlugins
   module JUnitReporter
     class Plugin < ::Inspec.plugin(2)
       plugin_name :'inspec-reporter-junit'
+
+      # Legacy JUnit reporter, which generates subtly incorrect XML.
       reporter :junit do
         require_relative "inspec-reporter-junit/reporter"
-        InspecPlugins::JUnitReporter::Reporter
+        InspecPlugins::JUnitReporter::ReporterV1
       end
+
+      # v2 reporter, which generates valid JUnit XML.
+      reporter :junit2 do
+        require_relative "inspec-reporter-junit/reporter"
+        InspecPlugins::JUnitReporter::ReporterV2
+      end
+
     end
   end
 end