inspec-core 4.24.26 → 4.26.13
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +7 -3
- data/inspec-core.gemspec +4 -3
- data/lib/inspec/base_cli.rb +4 -2
- data/lib/inspec/config.rb +14 -1
- data/lib/inspec/profile_context.rb +3 -0
- data/lib/inspec/resources/nginx_conf.rb +39 -0
- data/lib/inspec/resources/oracledb_session.rb +1 -1
- data/lib/inspec/resources/ssh_config.rb +25 -3
- data/lib/inspec/utils/run_data_filters.rb +7 -5
- data/lib/inspec/version.rb +1 -1
- metadata +31 -11
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 19dc98f8f780ec1c69bf76e316f50bf6a66de76fa2960928412bfda16ab9a7e3
|
4
|
+
data.tar.gz: 8238123e0f700752c00c3a147a0a0b71b8758dd609834c14bc589e1a3595cd63
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 97d0166605c0fccaa3938afeaeea2578a3acd849d69d8b25cbb89714a6758f503c2d7b10c185ca8a9a67c88cedba692b5dd3b3c10730196a86b9965695f25852
|
7
|
+
data.tar.gz: b16242929c1163917fed27a93af18c7632131f2a8397a8d3a1b175574bf692b06fde536bab33aa0303c3d0d6fb664b754bc00e3782752cc552e2d61c40625c18
|
data/Gemfile
CHANGED
@@ -9,13 +9,17 @@ gem "inspec", path: "."
|
|
9
9
|
# in it in order to package the executable. Hence the odd backwards dependency.
|
10
10
|
gem "inspec-bin", path: "./inspec-bin"
|
11
11
|
|
12
|
-
gem "ffi", ">= 1.9.14", "!= 1.13.0"
|
12
|
+
gem "ffi", ">= 1.9.14", "!= 1.13.0", "!= 1.14.2"
|
13
13
|
|
14
14
|
if Gem.ruby_version.to_s.start_with?("2.5")
|
15
15
|
# 16.7.23 required ruby 2.6+
|
16
16
|
gem "chef-utils", "< 16.7.23" # TODO: remove when we drop ruby 2.5
|
17
17
|
end
|
18
18
|
|
19
|
+
# inspec tests depend text output that changed in the 3.10 release
|
20
|
+
# but our runtime dep is still 3.9+
|
21
|
+
gem "rspec", ">= 3.10"
|
22
|
+
|
19
23
|
group :omnibus do
|
20
24
|
gem "rb-readline"
|
21
25
|
gem "appbundler"
|
@@ -24,10 +28,10 @@ group :omnibus do
|
|
24
28
|
end
|
25
29
|
|
26
30
|
group :test do
|
27
|
-
gem "chefstyle", "~> 1.
|
31
|
+
gem "chefstyle", "~> 1.7.1"
|
28
32
|
gem "concurrent-ruby", "~> 1.0"
|
29
33
|
gem "html-proofer", platforms: :ruby # do not attempt to run proofer on windows
|
30
|
-
gem "json_schemer", ">= 0.2.1", "< 0.2.
|
34
|
+
gem "json_schemer", ">= 0.2.1", "< 0.2.18"
|
31
35
|
gem "m"
|
32
36
|
gem "minitest-sprint", "~> 1.0"
|
33
37
|
gem "minitest", "~> 5.5"
|
data/inspec-core.gemspec
CHANGED
@@ -28,19 +28,20 @@ Gem::Specification.new do |spec|
|
|
28
28
|
spec.add_dependency "thor", ">= 0.20", "< 2.0"
|
29
29
|
spec.add_dependency "method_source", ">= 0.8", "< 2.0"
|
30
30
|
spec.add_dependency "rubyzip", ">= 1.2.2", "< 3.0"
|
31
|
-
spec.add_dependency "rspec", "
|
31
|
+
spec.add_dependency "rspec", ">= 3.9", "< 3.11"
|
32
32
|
spec.add_dependency "rspec-its", "~> 1.2"
|
33
33
|
spec.add_dependency "pry", "~> 0.13"
|
34
34
|
spec.add_dependency "hashie", ">= 3.4", "< 5.0"
|
35
35
|
spec.add_dependency "mixlib-log", "~> 3.0"
|
36
36
|
spec.add_dependency "sslshake", "~> 1.2"
|
37
37
|
spec.add_dependency "parallel", "~> 1.9"
|
38
|
-
spec.add_dependency "faraday", ">= 0.9.0", "< 1.
|
38
|
+
spec.add_dependency "faraday", ">= 0.9.0", "< 1.4"
|
39
|
+
spec.add_dependency "faraday_middleware", "~> 1.0"
|
39
40
|
spec.add_dependency "tty-table", "~> 0.10"
|
40
41
|
spec.add_dependency "tty-prompt", "~> 0.17"
|
41
42
|
spec.add_dependency "tomlrb", ">= 1.2", "< 2.1"
|
42
43
|
spec.add_dependency "addressable", "~> 2.4"
|
43
|
-
spec.add_dependency "parslet", ">= 1.5", "<
|
44
|
+
spec.add_dependency "parslet", ">= 1.5", "< 2.0" # Pinned < 2.0, see #5389
|
44
45
|
spec.add_dependency "semverse", "~> 3.0"
|
45
46
|
spec.add_dependency "multipart-post", "~> 2.0"
|
46
47
|
|
data/lib/inspec/base_cli.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
require "thor"
|
1
|
+
require "thor" # rubocop:disable Chef/Ruby/UnlessDefinedRequire
|
2
2
|
require "inspec/log"
|
3
3
|
require "inspec/ui"
|
4
4
|
require "inspec/config"
|
@@ -118,6 +118,8 @@ module Inspec
|
|
118
118
|
desc: "Disable SSL verification on select targets"
|
119
119
|
option :target_id, type: :string,
|
120
120
|
desc: "Provide a ID which will be included on reports"
|
121
|
+
option :winrm_shell_type, type: :string, default: "powershell",
|
122
|
+
desc: "Specify a shell type for winrm (eg. 'elevated' or 'powershell')"
|
121
123
|
end
|
122
124
|
|
123
125
|
def self.profile_options
|
@@ -136,7 +138,7 @@ module Inspec
|
|
136
138
|
banner: "one two:/output/file/path",
|
137
139
|
desc: "Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit, yaml"
|
138
140
|
option :reporter_message_truncation, type: :string,
|
139
|
-
desc: "Number of characters to truncate failure messages in report data to (default: no truncation)"
|
141
|
+
desc: "Number of characters to truncate failure messages and code_desc in report data to (default: no truncation)"
|
140
142
|
option :reporter_backtrace_inclusion, type: :boolean,
|
141
143
|
desc: "Include a code backtrace in report data (default: true)"
|
142
144
|
option :input, type: :array, banner: "name1=value1 name2=value2",
|
data/lib/inspec/config.rb
CHANGED
@@ -128,12 +128,25 @@ module Inspec
|
|
128
128
|
end
|
129
129
|
|
130
130
|
#-----------------------------------------------------------------------#
|
131
|
-
#
|
131
|
+
# Handling Plugin Data
|
132
132
|
#-----------------------------------------------------------------------#
|
133
133
|
def fetch_plugin_config(plugin_name)
|
134
134
|
Thor::CoreExt::HashWithIndifferentAccess.new(@plugin_cfg[plugin_name] || {})
|
135
135
|
end
|
136
136
|
|
137
|
+
def set_plugin_config(plugin_name, plugin_config)
|
138
|
+
plugin_name = plugin_name.to_s unless plugin_name.is_a? String
|
139
|
+
|
140
|
+
@plugin_cfg[plugin_name] = plugin_config
|
141
|
+
end
|
142
|
+
|
143
|
+
def merge_plugin_config(plugin_name, additional_plugin_config)
|
144
|
+
plugin_name = plugin_name.to_s unless plugin_name.is_a? String
|
145
|
+
|
146
|
+
@plugin_cfg[plugin_name] = {} if @plugin_cfg[plugin_name].nil?
|
147
|
+
@plugin_cfg[plugin_name].merge!(additional_plugin_config)
|
148
|
+
end
|
149
|
+
|
137
150
|
# clear the cached config
|
138
151
|
def self.__reset
|
139
152
|
@cached_config = nil
|
@@ -54,6 +54,21 @@ module Inspec::Resources
|
|
54
54
|
"nginx_conf #{@conf_path}"
|
55
55
|
end
|
56
56
|
|
57
|
+
def method_missing(name)
|
58
|
+
return super if name.to_s.match?(/^to_/)
|
59
|
+
|
60
|
+
v = params[name.to_s]
|
61
|
+
return v.flatten unless v.nil?
|
62
|
+
|
63
|
+
nil
|
64
|
+
end
|
65
|
+
|
66
|
+
def respond_to_missing?(name, include_all = false)
|
67
|
+
return super if name.to_s.match?(/^to_/)
|
68
|
+
|
69
|
+
true
|
70
|
+
end
|
71
|
+
|
57
72
|
private
|
58
73
|
|
59
74
|
def read_content(path)
|
@@ -175,6 +190,18 @@ module Inspec::Resources
|
|
175
190
|
end
|
176
191
|
alias inspect to_s
|
177
192
|
|
193
|
+
def method_missing(name)
|
194
|
+
return super if name.to_s.match?(/^to_/)
|
195
|
+
|
196
|
+
(@params[name.to_s] || []).flatten
|
197
|
+
end
|
198
|
+
|
199
|
+
def respond_to_missing?(name, include_all = false)
|
200
|
+
return super if name.to_s.match?(/^to_/)
|
201
|
+
|
202
|
+
true
|
203
|
+
end
|
204
|
+
|
178
205
|
private
|
179
206
|
|
180
207
|
def server_table
|
@@ -207,6 +234,18 @@ module Inspec::Resources
|
|
207
234
|
end
|
208
235
|
alias inspect to_s
|
209
236
|
|
237
|
+
def method_missing(name)
|
238
|
+
return super if name.to_s.match?(/^to_/)
|
239
|
+
|
240
|
+
(@params[name.to_s] || []).flatten
|
241
|
+
end
|
242
|
+
|
243
|
+
def respond_to_missing?(name, include_all = false)
|
244
|
+
return super if name.to_s.match?(/^to_/)
|
245
|
+
|
246
|
+
true
|
247
|
+
end
|
248
|
+
|
210
249
|
private
|
211
250
|
|
212
251
|
def location_table
|
@@ -48,7 +48,7 @@ module Inspec::Resources
|
|
48
48
|
format_options = "set sqlformat csv\nSET FEEDBACK OFF"
|
49
49
|
else
|
50
50
|
@bin = "#{@sqlplus_bin} -S"
|
51
|
-
format_options = "SET
|
51
|
+
format_options = "SET PAGESIZE 32000\nSET FEEDBACK OFF\nSET UNDERLINE OFF"
|
52
52
|
end
|
53
53
|
|
54
54
|
command = command_builder(format_options, sql)
|
@@ -7,6 +7,7 @@ module Inspec::Resources
|
|
7
7
|
class SshConfig < Inspec.resource(1)
|
8
8
|
name "ssh_config"
|
9
9
|
supports platform: "unix"
|
10
|
+
supports platform: "windows"
|
10
11
|
desc "Use the `ssh_config` InSpec audit resource to test OpenSSH client configuration data located at `/etc/ssh/ssh_config` on Linux and Unix platforms."
|
11
12
|
example <<~EXAMPLE
|
12
13
|
describe ssh_config do
|
@@ -19,7 +20,7 @@ module Inspec::Resources
|
|
19
20
|
include FileReader
|
20
21
|
|
21
22
|
def initialize(conf_path = nil, type = nil)
|
22
|
-
@conf_path = conf_path || "
|
23
|
+
@conf_path = conf_path || ssh_config_file("ssh_config")
|
23
24
|
typename = (@conf_path.include?("sshd") ? "Server" : "Client")
|
24
25
|
@type = type || "SSH #{typename} configuration #{conf_path}"
|
25
26
|
read_content
|
@@ -38,7 +39,7 @@ module Inspec::Resources
|
|
38
39
|
def convert_hash(hash)
|
39
40
|
new_hash = {}
|
40
41
|
hash.each do |k, v|
|
41
|
-
new_hash[k.downcase]
|
42
|
+
new_hash[k.downcase] ||= v
|
42
43
|
end
|
43
44
|
new_hash
|
44
45
|
end
|
@@ -75,11 +76,21 @@ module Inspec::Resources
|
|
75
76
|
)
|
76
77
|
@params = convert_hash(conf.params)
|
77
78
|
end
|
79
|
+
|
80
|
+
def ssh_config_file(type)
|
81
|
+
if inspec.os.windows?
|
82
|
+
programdata = inspec.os_env("programdata").content
|
83
|
+
return "#{programdata}\\ssh\\#{type}"
|
84
|
+
end
|
85
|
+
|
86
|
+
"/etc/ssh/#{type}"
|
87
|
+
end
|
78
88
|
end
|
79
89
|
|
80
90
|
class SshdConfig < SshConfig
|
81
91
|
name "sshd_config"
|
82
92
|
supports platform: "unix"
|
93
|
+
supports platform: "windows"
|
83
94
|
desc "Use the sshd_config InSpec audit resource to test configuration data for the Open SSH daemon located at /etc/ssh/sshd_config on Linux and UNIX platforms. sshd---the Open SSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command execution, and data exchanges."
|
84
95
|
example <<~EXAMPLE
|
85
96
|
describe sshd_config do
|
@@ -88,11 +99,22 @@ module Inspec::Resources
|
|
88
99
|
EXAMPLE
|
89
100
|
|
90
101
|
def initialize(path = nil)
|
91
|
-
super(path || "
|
102
|
+
super(path || ssh_config_file("sshd_config"))
|
92
103
|
end
|
93
104
|
|
94
105
|
def to_s
|
95
106
|
"SSHD Configuration"
|
96
107
|
end
|
108
|
+
|
109
|
+
private
|
110
|
+
|
111
|
+
def ssh_config_file(type)
|
112
|
+
if inspec.os.windows?
|
113
|
+
programdata = inspec.os_env("programdata").content
|
114
|
+
return "#{programdata}\\ssh\\#{type}"
|
115
|
+
end
|
116
|
+
|
117
|
+
"/etc/ssh/#{type}"
|
118
|
+
end
|
97
119
|
end
|
98
120
|
end
|
@@ -18,7 +18,7 @@ module Inspec
|
|
18
18
|
sort_controls
|
19
19
|
end
|
20
20
|
|
21
|
-
# Apply options such as message truncation and removal of backtraces
|
21
|
+
# Apply options such as message and code_desc truncation, and removal of backtraces
|
22
22
|
def apply_report_resize_options
|
23
23
|
runtime_config = @config[:runtime_config]
|
24
24
|
|
@@ -30,7 +30,7 @@ module Inspec
|
|
30
30
|
p[:controls].each do |c|
|
31
31
|
c[:results]&.map! do |r|
|
32
32
|
r.delete(:backtrace) unless include_backtrace
|
33
|
-
|
33
|
+
process_truncation(r)
|
34
34
|
end
|
35
35
|
end
|
36
36
|
end
|
@@ -93,9 +93,11 @@ module Inspec
|
|
93
93
|
|
94
94
|
private
|
95
95
|
|
96
|
-
def
|
97
|
-
|
98
|
-
result
|
96
|
+
def process_truncation(result)
|
97
|
+
%i{code_desc message}.each do |field|
|
98
|
+
if result.key?(field) && result[field] != "" && @trunc > -1 && result[field].length > @trunc
|
99
|
+
result[field] = result[field][0...@trunc] + "[Truncated to #{@trunc} characters]"
|
100
|
+
end
|
99
101
|
end
|
100
102
|
result
|
101
103
|
end
|
data/lib/inspec/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.26.13
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chef InSpec Team
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-02-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: chef-telemetry
|
@@ -108,16 +108,22 @@ dependencies:
|
|
108
108
|
name: rspec
|
109
109
|
requirement: !ruby/object:Gem::Requirement
|
110
110
|
requirements:
|
111
|
-
- - "
|
111
|
+
- - ">="
|
112
|
+
- !ruby/object:Gem::Version
|
113
|
+
version: '3.9'
|
114
|
+
- - "<"
|
112
115
|
- !ruby/object:Gem::Version
|
113
|
-
version: '3.
|
116
|
+
version: '3.11'
|
114
117
|
type: :runtime
|
115
118
|
prerelease: false
|
116
119
|
version_requirements: !ruby/object:Gem::Requirement
|
117
120
|
requirements:
|
118
|
-
- - "
|
121
|
+
- - ">="
|
122
|
+
- !ruby/object:Gem::Version
|
123
|
+
version: '3.9'
|
124
|
+
- - "<"
|
119
125
|
- !ruby/object:Gem::Version
|
120
|
-
version: '3.
|
126
|
+
version: '3.11'
|
121
127
|
- !ruby/object:Gem::Dependency
|
122
128
|
name: rspec-its
|
123
129
|
requirement: !ruby/object:Gem::Requirement
|
@@ -217,7 +223,7 @@ dependencies:
|
|
217
223
|
version: 0.9.0
|
218
224
|
- - "<"
|
219
225
|
- !ruby/object:Gem::Version
|
220
|
-
version: '1.
|
226
|
+
version: '1.4'
|
221
227
|
type: :runtime
|
222
228
|
prerelease: false
|
223
229
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -227,7 +233,21 @@ dependencies:
|
|
227
233
|
version: 0.9.0
|
228
234
|
- - "<"
|
229
235
|
- !ruby/object:Gem::Version
|
230
|
-
version: '1.
|
236
|
+
version: '1.4'
|
237
|
+
- !ruby/object:Gem::Dependency
|
238
|
+
name: faraday_middleware
|
239
|
+
requirement: !ruby/object:Gem::Requirement
|
240
|
+
requirements:
|
241
|
+
- - "~>"
|
242
|
+
- !ruby/object:Gem::Version
|
243
|
+
version: '1.0'
|
244
|
+
type: :runtime
|
245
|
+
prerelease: false
|
246
|
+
version_requirements: !ruby/object:Gem::Requirement
|
247
|
+
requirements:
|
248
|
+
- - "~>"
|
249
|
+
- !ruby/object:Gem::Version
|
250
|
+
version: '1.0'
|
231
251
|
- !ruby/object:Gem::Dependency
|
232
252
|
name: tty-table
|
233
253
|
requirement: !ruby/object:Gem::Requirement
|
@@ -299,7 +319,7 @@ dependencies:
|
|
299
319
|
version: '1.5'
|
300
320
|
- - "<"
|
301
321
|
- !ruby/object:Gem::Version
|
302
|
-
version: '
|
322
|
+
version: '2.0'
|
303
323
|
type: :runtime
|
304
324
|
prerelease: false
|
305
325
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -309,7 +329,7 @@ dependencies:
|
|
309
329
|
version: '1.5'
|
310
330
|
- - "<"
|
311
331
|
- !ruby/object:Gem::Version
|
312
|
-
version: '
|
332
|
+
version: '2.0'
|
313
333
|
- !ruby/object:Gem::Dependency
|
314
334
|
name: semverse
|
315
335
|
requirement: !ruby/object:Gem::Requirement
|
@@ -750,7 +770,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
750
770
|
- !ruby/object:Gem::Version
|
751
771
|
version: '0'
|
752
772
|
requirements: []
|
753
|
-
rubygems_version: 3.
|
773
|
+
rubygems_version: 3.1.4
|
754
774
|
signing_key:
|
755
775
|
specification_version: 4
|
756
776
|
summary: Infrastructure and compliance testing. Core library.
|