inspec-core 4.24.26 → 4.26.13

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +7 -3
  3. data/inspec-core.gemspec +4 -3
  4. data/lib/inspec/base_cli.rb +4 -2
  5. data/lib/inspec/config.rb +14 -1
  6. data/lib/inspec/profile_context.rb +3 -0
  7. data/lib/inspec/resources/nginx_conf.rb +39 -0
  8. data/lib/inspec/resources/oracledb_session.rb +1 -1
  9. data/lib/inspec/resources/ssh_config.rb +25 -3
  10. data/lib/inspec/utils/run_data_filters.rb +7 -5
  11. data/lib/inspec/version.rb +1 -1
  12. metadata +31 -11
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bfed5976ebd618d37b1fbf0058fbd9389b243dbd5070444fda7558cf309392c3
4
- data.tar.gz: 3b894051f2f56e249af59acf0de10c50d8a826d3af1755eaf60100a7a4934dab
3
+ metadata.gz: 19dc98f8f780ec1c69bf76e316f50bf6a66de76fa2960928412bfda16ab9a7e3
4
+ data.tar.gz: 8238123e0f700752c00c3a147a0a0b71b8758dd609834c14bc589e1a3595cd63
5
5
  SHA512:
6
- metadata.gz: c1d9b3598a4bc81085d95b5a4b254ac57001aa301e4371394b8b8b307b54ed26644784ccf9dafd2e52d4e2553e5c1ff77ae821691ef738e542f13d892f692f81
7
- data.tar.gz: 54f9be8adc1870127be3e825e809499270717d395fa26d11408f186a66fdb61ca7db0ac78fd73143652893bd482acf2d1009c3343609e8b34bcd3ff3eb0aaa0c
6
+ metadata.gz: 97d0166605c0fccaa3938afeaeea2578a3acd849d69d8b25cbb89714a6758f503c2d7b10c185ca8a9a67c88cedba692b5dd3b3c10730196a86b9965695f25852
7
+ data.tar.gz: b16242929c1163917fed27a93af18c7632131f2a8397a8d3a1b175574bf692b06fde536bab33aa0303c3d0d6fb664b754bc00e3782752cc552e2d61c40625c18
data/Gemfile CHANGED
@@ -9,13 +9,17 @@ gem "inspec", path: "."
9
9
  # in it in order to package the executable. Hence the odd backwards dependency.
10
10
  gem "inspec-bin", path: "./inspec-bin"
11
11
 
12
- gem "ffi", ">= 1.9.14", "!= 1.13.0"
12
+ gem "ffi", ">= 1.9.14", "!= 1.13.0", "!= 1.14.2"
13
13
 
14
14
  if Gem.ruby_version.to_s.start_with?("2.5")
15
15
  # 16.7.23 required ruby 2.6+
16
16
  gem "chef-utils", "< 16.7.23" # TODO: remove when we drop ruby 2.5
17
17
  end
18
18
 
19
+ # inspec tests depend text output that changed in the 3.10 release
20
+ # but our runtime dep is still 3.9+
21
+ gem "rspec", ">= 3.10"
22
+
19
23
  group :omnibus do
20
24
  gem "rb-readline"
21
25
  gem "appbundler"
@@ -24,10 +28,10 @@ group :omnibus do
24
28
  end
25
29
 
26
30
  group :test do
27
- gem "chefstyle", "~> 1.5.7"
31
+ gem "chefstyle", "~> 1.7.1"
28
32
  gem "concurrent-ruby", "~> 1.0"
29
33
  gem "html-proofer", platforms: :ruby # do not attempt to run proofer on windows
30
- gem "json_schemer", ">= 0.2.1", "< 0.2.12"
34
+ gem "json_schemer", ">= 0.2.1", "< 0.2.18"
31
35
  gem "m"
32
36
  gem "minitest-sprint", "~> 1.0"
33
37
  gem "minitest", "~> 5.5"
data/inspec-core.gemspec CHANGED
@@ -28,19 +28,20 @@ Gem::Specification.new do |spec|
28
28
  spec.add_dependency "thor", ">= 0.20", "< 2.0"
29
29
  spec.add_dependency "method_source", ">= 0.8", "< 2.0"
30
30
  spec.add_dependency "rubyzip", ">= 1.2.2", "< 3.0"
31
- spec.add_dependency "rspec", "~> 3.10"
31
+ spec.add_dependency "rspec", ">= 3.9", "< 3.11"
32
32
  spec.add_dependency "rspec-its", "~> 1.2"
33
33
  spec.add_dependency "pry", "~> 0.13"
34
34
  spec.add_dependency "hashie", ">= 3.4", "< 5.0"
35
35
  spec.add_dependency "mixlib-log", "~> 3.0"
36
36
  spec.add_dependency "sslshake", "~> 1.2"
37
37
  spec.add_dependency "parallel", "~> 1.9"
38
- spec.add_dependency "faraday", ">= 0.9.0", "< 1.2"
38
+ spec.add_dependency "faraday", ">= 0.9.0", "< 1.4"
39
+ spec.add_dependency "faraday_middleware", "~> 1.0"
39
40
  spec.add_dependency "tty-table", "~> 0.10"
40
41
  spec.add_dependency "tty-prompt", "~> 0.17"
41
42
  spec.add_dependency "tomlrb", ">= 1.2", "< 2.1"
42
43
  spec.add_dependency "addressable", "~> 2.4"
43
- spec.add_dependency "parslet", ">= 1.5", "< 3.0"
44
+ spec.add_dependency "parslet", ">= 1.5", "< 2.0" # Pinned < 2.0, see #5389
44
45
  spec.add_dependency "semverse", "~> 3.0"
45
46
  spec.add_dependency "multipart-post", "~> 2.0"
46
47
 
data/lib/inspec/base_cli.rb CHANGED
@@ -1,4 +1,4 @@
1
- require "thor" unless defined?(Thor)
1
+ require "thor" # rubocop:disable Chef/Ruby/UnlessDefinedRequire
2
2
  require "inspec/log"
3
3
  require "inspec/ui"
4
4
  require "inspec/config"
@@ -118,6 +118,8 @@ module Inspec
118
118
  desc: "Disable SSL verification on select targets"
119
119
  option :target_id, type: :string,
120
120
  desc: "Provide a ID which will be included on reports"
121
+ option :winrm_shell_type, type: :string, default: "powershell",
122
+ desc: "Specify a shell type for winrm (eg. 'elevated' or 'powershell')"
121
123
  end
122
124
 
123
125
  def self.profile_options
@@ -136,7 +138,7 @@ module Inspec
136
138
  banner: "one two:/output/file/path",
137
139
  desc: "Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit, yaml"
138
140
  option :reporter_message_truncation, type: :string,
139
- desc: "Number of characters to truncate failure messages in report data to (default: no truncation)"
141
+ desc: "Number of characters to truncate failure messages and code_desc in report data to (default: no truncation)"
140
142
  option :reporter_backtrace_inclusion, type: :boolean,
141
143
  desc: "Include a code backtrace in report data (default: true)"
142
144
  option :input, type: :array, banner: "name1=value1 name2=value2",
data/lib/inspec/config.rb CHANGED
@@ -128,12 +128,25 @@ module Inspec
128
128
  end
129
129
 
130
130
  #-----------------------------------------------------------------------#
131
- # Fetching Plugin Data
131
+ # Handling Plugin Data
132
132
  #-----------------------------------------------------------------------#
133
133
  def fetch_plugin_config(plugin_name)
134
134
  Thor::CoreExt::HashWithIndifferentAccess.new(@plugin_cfg[plugin_name] || {})
135
135
  end
136
136
 
137
+ def set_plugin_config(plugin_name, plugin_config)
138
+ plugin_name = plugin_name.to_s unless plugin_name.is_a? String
139
+
140
+ @plugin_cfg[plugin_name] = plugin_config
141
+ end
142
+
143
+ def merge_plugin_config(plugin_name, additional_plugin_config)
144
+ plugin_name = plugin_name.to_s unless plugin_name.is_a? String
145
+
146
+ @plugin_cfg[plugin_name] = {} if @plugin_cfg[plugin_name].nil?
147
+ @plugin_cfg[plugin_name].merge!(additional_plugin_config)
148
+ end
149
+
137
150
  # clear the cached config
138
151
  def self.__reset
139
152
  @cached_config = nil
data/lib/inspec/profile_context.rb CHANGED
@@ -173,6 +173,9 @@ module Inspec
173
173
 
174
174
  def unregister_rule(id)
175
175
  @rules.delete(full_id(@profile_id, id))
176
+ @control_subcontexts.each do |c|
177
+ c.unregister_rule(id)
178
+ end
176
179
  end
177
180
 
178
181
  attr_reader :current_load
data/lib/inspec/resources/nginx_conf.rb CHANGED
@@ -54,6 +54,21 @@ module Inspec::Resources
54
54
  "nginx_conf #{@conf_path}"
55
55
  end
56
56
 
57
+ def method_missing(name)
58
+ return super if name.to_s.match?(/^to_/)
59
+
60
+ v = params[name.to_s]
61
+ return v.flatten unless v.nil?
62
+
63
+ nil
64
+ end
65
+
66
+ def respond_to_missing?(name, include_all = false)
67
+ return super if name.to_s.match?(/^to_/)
68
+
69
+ true
70
+ end
71
+
57
72
  private
58
73
 
59
74
  def read_content(path)
@@ -175,6 +190,18 @@ module Inspec::Resources
175
190
  end
176
191
  alias inspect to_s
177
192
 
193
+ def method_missing(name)
194
+ return super if name.to_s.match?(/^to_/)
195
+
196
+ (@params[name.to_s] || []).flatten
197
+ end
198
+
199
+ def respond_to_missing?(name, include_all = false)
200
+ return super if name.to_s.match?(/^to_/)
201
+
202
+ true
203
+ end
204
+
178
205
  private
179
206
 
180
207
  def server_table
@@ -207,6 +234,18 @@ module Inspec::Resources
207
234
  end
208
235
  alias inspect to_s
209
236
 
237
+ def method_missing(name)
238
+ return super if name.to_s.match?(/^to_/)
239
+
240
+ (@params[name.to_s] || []).flatten
241
+ end
242
+
243
+ def respond_to_missing?(name, include_all = false)
244
+ return super if name.to_s.match?(/^to_/)
245
+
246
+ true
247
+ end
248
+
210
249
  private
211
250
 
212
251
  def location_table
data/lib/inspec/resources/oracledb_session.rb CHANGED
@@ -48,7 +48,7 @@ module Inspec::Resources
48
48
  format_options = "set sqlformat csv\nSET FEEDBACK OFF"
49
49
  else
50
50
  @bin = "#{@sqlplus_bin} -S"
51
- format_options = "SET MARKUP CSV ON\nSET PAGESIZE 32000\nSET FEEDBACK OFF"
51
+ format_options = "SET PAGESIZE 32000\nSET FEEDBACK OFF\nSET UNDERLINE OFF"
52
52
  end
53
53
 
54
54
  command = command_builder(format_options, sql)
data/lib/inspec/resources/ssh_config.rb CHANGED
@@ -7,6 +7,7 @@ module Inspec::Resources
7
7
  class SshConfig < Inspec.resource(1)
8
8
  name "ssh_config"
9
9
  supports platform: "unix"
10
+ supports platform: "windows"
10
11
  desc "Use the `ssh_config` InSpec audit resource to test OpenSSH client configuration data located at `/etc/ssh/ssh_config` on Linux and Unix platforms."
11
12
  example <<~EXAMPLE
12
13
  describe ssh_config do
@@ -19,7 +20,7 @@ module Inspec::Resources
19
20
  include FileReader
20
21
 
21
22
  def initialize(conf_path = nil, type = nil)
22
- @conf_path = conf_path || "/etc/ssh/ssh_config"
23
+ @conf_path = conf_path || ssh_config_file("ssh_config")
23
24
  typename = (@conf_path.include?("sshd") ? "Server" : "Client")
24
25
  @type = type || "SSH #{typename} configuration #{conf_path}"
25
26
  read_content
@@ -38,7 +39,7 @@ module Inspec::Resources
38
39
  def convert_hash(hash)
39
40
  new_hash = {}
40
41
  hash.each do |k, v|
41
- new_hash[k.downcase] = v
42
+ new_hash[k.downcase] ||= v
42
43
  end
43
44
  new_hash
44
45
  end
@@ -75,11 +76,21 @@ module Inspec::Resources
75
76
  )
76
77
  @params = convert_hash(conf.params)
77
78
  end
79
+
80
+ def ssh_config_file(type)
81
+ if inspec.os.windows?
82
+ programdata = inspec.os_env("programdata").content
83
+ return "#{programdata}\\ssh\\#{type}"
84
+ end
85
+
86
+ "/etc/ssh/#{type}"
87
+ end
78
88
  end
79
89
 
80
90
  class SshdConfig < SshConfig
81
91
  name "sshd_config"
82
92
  supports platform: "unix"
93
+ supports platform: "windows"
83
94
  desc "Use the sshd_config InSpec audit resource to test configuration data for the Open SSH daemon located at /etc/ssh/sshd_config on Linux and UNIX platforms. sshd---the Open SSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command execution, and data exchanges."
84
95
  example <<~EXAMPLE
85
96
  describe sshd_config do
@@ -88,11 +99,22 @@ module Inspec::Resources
88
99
  EXAMPLE
89
100
 
90
101
  def initialize(path = nil)
91
- super(path || "/etc/ssh/sshd_config")
102
+ super(path || ssh_config_file("sshd_config"))
92
103
  end
93
104
 
94
105
  def to_s
95
106
  "SSHD Configuration"
96
107
  end
108
+
109
+ private
110
+
111
+ def ssh_config_file(type)
112
+ if inspec.os.windows?
113
+ programdata = inspec.os_env("programdata").content
114
+ return "#{programdata}\\ssh\\#{type}"
115
+ end
116
+
117
+ "/etc/ssh/#{type}"
118
+ end
97
119
  end
98
120
  end
data/lib/inspec/utils/run_data_filters.rb CHANGED
@@ -18,7 +18,7 @@ module Inspec
18
18
  sort_controls
19
19
  end
20
20
 
21
- # Apply options such as message truncation and removal of backtraces
21
+ # Apply options such as message and code_desc truncation, and removal of backtraces
22
22
  def apply_report_resize_options
23
23
  runtime_config = @config[:runtime_config]
24
24
 
@@ -30,7 +30,7 @@ module Inspec
30
30
  p[:controls].each do |c|
31
31
  c[:results]&.map! do |r|
32
32
  r.delete(:backtrace) unless include_backtrace
33
- process_message_truncation(r)
33
+ process_truncation(r)
34
34
  end
35
35
  end
36
36
  end
@@ -93,9 +93,11 @@ module Inspec
93
93
 
94
94
  private
95
95
 
96
- def process_message_truncation(result)
97
- if result.key?(:message) && result[:message] != "" && @trunc > -1 && result[:message].length > @trunc
98
- result[:message] = result[:message][0...@trunc] + "[Truncated to #{@trunc} characters]"
96
+ def process_truncation(result)
97
+ %i{code_desc message}.each do |field|
98
+ if result.key?(field) && result[field] != "" && @trunc > -1 && result[field].length > @trunc
99
+ result[field] = result[field][0...@trunc] + "[Truncated to #{@trunc} characters]"
100
+ end
99
101
  end
100
102
  result
101
103
  end
data/lib/inspec/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Inspec
2
- VERSION = "4.24.26".freeze
2
+ VERSION = "4.26.13".freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.24.26
4
+ version: 4.26.13
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chef InSpec Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-12-23 00:00:00.000000000 Z
11
+ date: 2021-02-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-telemetry
@@ -108,16 +108,22 @@ dependencies:
108
108
  name: rspec
109
109
  requirement: !ruby/object:Gem::Requirement
110
110
  requirements:
111
- - - "~>"
111
+ - - ">="
112
+ - !ruby/object:Gem::Version
113
+ version: '3.9'
114
+ - - "<"
112
115
  - !ruby/object:Gem::Version
113
- version: '3.10'
116
+ version: '3.11'
114
117
  type: :runtime
115
118
  prerelease: false
116
119
  version_requirements: !ruby/object:Gem::Requirement
117
120
  requirements:
118
- - - "~>"
121
+ - - ">="
122
+ - !ruby/object:Gem::Version
123
+ version: '3.9'
124
+ - - "<"
119
125
  - !ruby/object:Gem::Version
120
- version: '3.10'
126
+ version: '3.11'
121
127
  - !ruby/object:Gem::Dependency
122
128
  name: rspec-its
123
129
  requirement: !ruby/object:Gem::Requirement
@@ -217,7 +223,7 @@ dependencies:
217
223
  version: 0.9.0
218
224
  - - "<"
219
225
  - !ruby/object:Gem::Version
220
- version: '1.2'
226
+ version: '1.4'
221
227
  type: :runtime
222
228
  prerelease: false
223
229
  version_requirements: !ruby/object:Gem::Requirement
@@ -227,7 +233,21 @@ dependencies:
227
233
  version: 0.9.0
228
234
  - - "<"
229
235
  - !ruby/object:Gem::Version
230
- version: '1.2'
236
+ version: '1.4'
237
+ - !ruby/object:Gem::Dependency
238
+ name: faraday_middleware
239
+ requirement: !ruby/object:Gem::Requirement
240
+ requirements:
241
+ - - "~>"
242
+ - !ruby/object:Gem::Version
243
+ version: '1.0'
244
+ type: :runtime
245
+ prerelease: false
246
+ version_requirements: !ruby/object:Gem::Requirement
247
+ requirements:
248
+ - - "~>"
249
+ - !ruby/object:Gem::Version
250
+ version: '1.0'
231
251
  - !ruby/object:Gem::Dependency
232
252
  name: tty-table
233
253
  requirement: !ruby/object:Gem::Requirement
@@ -299,7 +319,7 @@ dependencies:
299
319
  version: '1.5'
300
320
  - - "<"
301
321
  - !ruby/object:Gem::Version
302
- version: '3.0'
322
+ version: '2.0'
303
323
  type: :runtime
304
324
  prerelease: false
305
325
  version_requirements: !ruby/object:Gem::Requirement
@@ -309,7 +329,7 @@ dependencies:
309
329
  version: '1.5'
310
330
  - - "<"
311
331
  - !ruby/object:Gem::Version
312
- version: '3.0'
332
+ version: '2.0'
313
333
  - !ruby/object:Gem::Dependency
314
334
  name: semverse
315
335
  requirement: !ruby/object:Gem::Requirement
@@ -750,7 +770,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
750
770
  - !ruby/object:Gem::Version
751
771
  version: '0'
752
772
  requirements: []
753
- rubygems_version: 3.0.3
773
+ rubygems_version: 3.1.4
754
774
  signing_key:
755
775
  specification_version: 4
756
776
  summary: Infrastructure and compliance testing. Core library.