inspec-core 4.24.28 → 4.28.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a6bfd73094c1841563b430595d99aa5007d5e6a3067b4d174c608d8db92e76fb
-  data.tar.gz: 8a39bdfee98500463151a5fac6a6970b5c34dd504c7fc7e1184b2b10d0bbd40d
+  metadata.gz: f7e64d5cc4ef40dc18b0c488e88c804425403123a38ed5bdfbeac8e4e26c4f02
+  data.tar.gz: 1b953e8cf39b218bed69e379bb5f03d92ae7bde3f402de1a17bfee2a7c67f58d
 SHA512:
-  metadata.gz: 64d616c2e3f3ee17af271dc5681c3af9dd17a409902d84061649e4ee6350b3bc8cf33a38615bcd2330e19430235efa5bc74d04c67b6605f6226db9c969216854
-  data.tar.gz: e5f6686d79c49d937bd216edad0226e64106c21693d6bffa6d40c520d7a04617b7aac55abdf73c0e05fb8366c7b4eaaeb37d9ad5e106de31a2c8d93febc60f17
+  metadata.gz: 9f6b97c6cc9e7d23f64a5f5b9666831e6a1577ad164ce3b32a3bff3ce24b628be65f0b60894681aa9d408ce989355d5da946bc87f67ec51ca4679e04be2f0b77
+  data.tar.gz: 246ddd83d0af2e3ce069deb932451c0eb905e2e73dc5255b8ce574e862115b03e30cfc92a9cda0611a996d1d00ddb3895a7284cb44aa66677e4fea932bff9d09

data/Gemfile

@@ -16,6 +16,10 @@ if Gem.ruby_version.to_s.start_with?("2.5")
   gem "chef-utils", "< 16.7.23" # TODO: remove when we drop ruby 2.5
 end
 
+# inspec tests depend text output that changed in the 3.10 release
+# but our runtime dep is still 3.9+
+gem "rspec", ">= 3.10"
+
 group :omnibus do
   gem "rb-readline"
   gem "appbundler"
@@ -24,10 +28,10 @@ group :omnibus do
 end
 
 group :test do
-  gem "chefstyle", "~> 1.5.7"
+  gem "chefstyle", "~> 1.7.1"
   gem "concurrent-ruby", "~> 1.0"
   gem "html-proofer", platforms: :ruby # do not attempt to run proofer on windows
-  gem "json_schemer", ">= 0.2.1", "< 0.2.12"
+  gem "json_schemer", ">= 0.2.1", "< 0.2.19"
   gem "m"
   gem "minitest-sprint", "~> 1.0"
   gem "minitest", "~> 5.5"

data/inspec-core.gemspec

@@ -28,19 +28,20 @@ Gem::Specification.new do |spec|
   spec.add_dependency "thor",               ">= 0.20", "< 2.0"
   spec.add_dependency "method_source",      ">= 0.8", "< 2.0"
   spec.add_dependency "rubyzip",            ">= 1.2.2", "< 3.0"
-  spec.add_dependency "rspec",              "~> 3.10"
+  spec.add_dependency "rspec",              ">= 3.9", "< 3.11"
   spec.add_dependency "rspec-its",          "~> 1.2"
   spec.add_dependency "pry",                "~> 0.13"
   spec.add_dependency "hashie",             ">= 3.4", "< 5.0"
   spec.add_dependency "mixlib-log",         "~> 3.0"
   spec.add_dependency "sslshake",           "~> 1.2"
   spec.add_dependency "parallel",           "~> 1.9"
-  spec.add_dependency "faraday",            ">= 0.9.0", "< 1.2"
+  spec.add_dependency "faraday",            ">= 0.9.0", "< 1.4"
+  spec.add_dependency "faraday_middleware", "~> 1.0"
   spec.add_dependency "tty-table",          "~> 0.10"
   spec.add_dependency "tty-prompt",         "~> 0.17"
   spec.add_dependency "tomlrb",             ">= 1.2", "< 2.1"
   spec.add_dependency "addressable",        "~> 2.4"
-  spec.add_dependency "parslet",            ">= 1.5", "< 3.0"
+  spec.add_dependency "parslet",            ">= 1.5", "< 2.0" # Pinned < 2.0, see #5389
   spec.add_dependency "semverse",           "~> 3.0"
   spec.add_dependency "multipart-post",     "~> 2.0"
 

data/lib/inspec/base_cli.rb

@@ -1,4 +1,4 @@
-require "thor" unless defined?(Thor)
+require "thor" # rubocop:disable Chef/Ruby/UnlessDefinedRequire
 require "inspec/log"
 require "inspec/ui"
 require "inspec/config"
@@ -118,6 +118,8 @@ module Inspec
         desc: "Disable SSL verification on select targets"
       option :target_id, type: :string,
         desc: "Provide a ID which will be included on reports"
+      option :winrm_shell_type, type: :string, default: "powershell",
+        desc: "Specify a shell type for winrm (eg. 'elevated' or 'powershell')"
     end
 
     def self.profile_options
@@ -162,6 +164,8 @@ module Inspec
         desc: "Use --no-diff to suppress 'diff' output of failed textual test results."
       option :sort_results_by, type: :string, default: "file", banner: "--sort-results-by=none|control|file|random",
         desc: "After normal execution order, results are sorted by control ID, or by file (default), or randomly. None uses legacy unsorted mode."
+      option :filter_empty_profiles, type: :boolean, default: false,
+        desc: "Filter empty profiles (profiles without controls) from the report."
     end
 
     def self.help(*args)

data/lib/inspec/cli.rb

@@ -395,6 +395,20 @@ class Inspec::InspecCLI < Inspec::BaseCLI
   end
   map %w{-v --version} => :version
 
+  desc "clear_cache", "clears the InSpec cache. Useful for debugging."
+  option :vendor_cache, type: :string,
+    desc: "Use the given path for caching dependencies. (default: ~/.inspec/cache)"
+  def clear_cache
+    o = config
+    configure_logger(o)
+    cache_path = o[:vendor_cache] || "~/.inspec/cache"
+    FileUtils.rm_r Dir.glob(File.expand_path(cache_path))
+
+    o[:logger] = Logger.new($stdout)
+    o[:logger].level = get_log_level(o[:log_level])
+    o[:logger].info "== InSpec cache cleared successfully =="
+  end
+
   private
 
   def run_command(opts)

data/lib/inspec/config.rb

@@ -128,12 +128,25 @@ module Inspec
     end
 
     #-----------------------------------------------------------------------#
-    #                      Fetching Plugin Data
+    #                      Handling Plugin Data
     #-----------------------------------------------------------------------#
     def fetch_plugin_config(plugin_name)
       Thor::CoreExt::HashWithIndifferentAccess.new(@plugin_cfg[plugin_name] || {})
     end
 
+    def set_plugin_config(plugin_name, plugin_config)
+      plugin_name = plugin_name.to_s unless plugin_name.is_a? String
+
+      @plugin_cfg[plugin_name] = plugin_config
+    end
+
+    def merge_plugin_config(plugin_name, additional_plugin_config)
+      plugin_name = plugin_name.to_s unless plugin_name.is_a? String
+
+      @plugin_cfg[plugin_name] = {} if @plugin_cfg[plugin_name].nil?
+      @plugin_cfg[plugin_name].merge!(additional_plugin_config)
+    end
+
     # clear the cached config
     def self.__reset
       @cached_config = nil

data/lib/inspec/profile_context.rb

@@ -173,6 +173,9 @@ module Inspec
 
     def unregister_rule(id)
       @rules.delete(full_id(@profile_id, id))
+      @control_subcontexts.each do |c|
+        c.unregister_rule(id)
+      end
     end
 
     attr_reader :current_load

data/lib/inspec/resources/auditd_conf.rb

@@ -16,6 +16,8 @@ module Inspec::Resources
 
     include FileReader
 
+    attr_reader :conf_path, :content, :params
+
     def initialize(path = nil)
       @conf_path = path || "/etc/audit/auditd.conf"
       @content = read_file_content(@conf_path)

data/lib/inspec/resources/crontab.rb

@@ -67,8 +67,14 @@ module Inspec::Resources
     end
 
     def crontab_cmd
-      # TODO: the -u scenario needs to be able to do sudo
-      @user.nil? ? "crontab -l" : "crontab -l -u #{@user}"
+      if @user.nil?
+        "crontab -l"
+      elsif inspec.os.aix?
+        "crontab -l #{@user}"
+      else
+        # TODO: the -u scenario needs to be able to do sudo
+        "crontab -l -u #{@user}"
+      end
     end
 
     filter = FilterTable.create

data/lib/inspec/resources/nginx_conf.rb

@@ -54,6 +54,21 @@ module Inspec::Resources
       "nginx_conf #{@conf_path}"
     end
 
+    def method_missing(name)
+      return super if name.to_s.match?(/^to_/)
+
+      v = params[name.to_s]
+      return v.flatten unless v.nil?
+
+      nil
+    end
+
+    def respond_to_missing?(name, include_all = false)
+      return super if name.to_s.match?(/^to_/)
+
+      true
+    end
+
     private
 
     def read_content(path)
@@ -175,6 +190,18 @@ module Inspec::Resources
     end
     alias inspect to_s
 
+    def method_missing(name)
+      return super if name.to_s.match?(/^to_/)
+
+      (@params[name.to_s] || []).flatten
+    end
+
+    def respond_to_missing?(name, include_all = false)
+      return super if name.to_s.match?(/^to_/)
+
+      true
+    end
+
     private
 
     def server_table
@@ -207,6 +234,18 @@ module Inspec::Resources
     end
     alias inspect to_s
 
+    def method_missing(name)
+      return super if name.to_s.match?(/^to_/)
+
+      (@params[name.to_s] || []).flatten
+    end
+
+    def respond_to_missing?(name, include_all = false)
+      return super if name.to_s.match?(/^to_/)
+
+      true
+    end
+
     private
 
     def location_table

data/lib/inspec/resources/oracledb_session.rb

@@ -48,7 +48,7 @@ module Inspec::Resources
         format_options = "set sqlformat csv\nSET FEEDBACK OFF"
       else
         @bin = "#{@sqlplus_bin} -S"
-        format_options = "SET MARKUP CSV ON\nSET PAGESIZE 32000\nSET FEEDBACK OFF"
+        format_options = "SET PAGESIZE 32000\nSET FEEDBACK OFF\nSET UNDERLINE OFF"
       end
 
       command = command_builder(format_options, sql)

data/lib/inspec/resources/ssh_config.rb

@@ -7,6 +7,7 @@ module Inspec::Resources
   class SshConfig < Inspec.resource(1)
     name "ssh_config"
     supports platform: "unix"
+    supports platform: "windows"
     desc "Use the `ssh_config` InSpec audit resource to test OpenSSH client configuration data located at `/etc/ssh/ssh_config` on Linux and Unix platforms."
     example <<~EXAMPLE
       describe ssh_config do
@@ -19,7 +20,7 @@ module Inspec::Resources
     include FileReader
 
     def initialize(conf_path = nil, type = nil)
-      @conf_path = conf_path || "/etc/ssh/ssh_config"
+      @conf_path = conf_path || ssh_config_file("ssh_config")
       typename = (@conf_path.include?("sshd") ? "Server" : "Client")
       @type = type || "SSH #{typename} configuration #{conf_path}"
       read_content
@@ -38,7 +39,7 @@ module Inspec::Resources
     def convert_hash(hash)
       new_hash = {}
       hash.each do |k, v|
-        new_hash[k.downcase] = v
+        new_hash[k.downcase] ||= v
       end
       new_hash
     end
@@ -75,11 +76,21 @@ module Inspec::Resources
       )
       @params = convert_hash(conf.params)
     end
+
+    def ssh_config_file(type)
+      if inspec.os.windows?
+        programdata = inspec.os_env("programdata").content
+        return "#{programdata}\\ssh\\#{type}"
+      end
+
+      "/etc/ssh/#{type}"
+    end
   end
 
   class SshdConfig < SshConfig
     name "sshd_config"
     supports platform: "unix"
+    supports platform: "windows"
     desc "Use the sshd_config InSpec audit resource to test configuration data for the Open SSH daemon located at /etc/ssh/sshd_config on Linux and UNIX platforms. sshd---the Open SSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command execution, and data exchanges."
     example <<~EXAMPLE
       describe sshd_config do
@@ -88,11 +99,22 @@ module Inspec::Resources
     EXAMPLE
 
     def initialize(path = nil)
-      super(path || "/etc/ssh/sshd_config")
+      super(path || ssh_config_file("sshd_config"))
     end
 
     def to_s
       "SSHD Configuration"
     end
+
+    private
+
+    def ssh_config_file(type)
+      if inspec.os.windows?
+        programdata = inspec.os_env("programdata").content
+        return "#{programdata}\\ssh\\#{type}"
+      end
+
+      "/etc/ssh/#{type}"
+    end
   end
 end

data/lib/inspec/runner_rspec.rb

@@ -5,7 +5,7 @@ require "matchers/matchers"
 require "inspec/rspec_extensions"
 
 # There be dragons!! Or borgs, or something...
-# This file and all its contents cannot be unit-tested. both test-suits
+# This file and all its contents cannot be unit-tested. both test-suites
 # collide and disable all unit tests that have been added.
 
 module Inspec

data/lib/inspec/utils/run_data_filters.rb

@@ -13,6 +13,7 @@ module Inspec
       def apply_run_data_filters_to_hash
         @config[:runtime_config] = Inspec::Config.cached || {}
         apply_report_resize_options
+        filter_empty_profiles
         redact_sensitive_inputs
         suppress_diff_output
         sort_controls
@@ -36,6 +37,14 @@ module Inspec
         end
       end
 
+      # Filters profiles from report which don't have controls in it.
+      def filter_empty_profiles
+        runtime_config = @config[:runtime_config]
+        if runtime_config[:filter_empty_profiles] && @run_data[:profiles].count > 1
+          @run_data[:profiles].delete_if { |p| p[:controls].empty? }
+        end
+      end
+
       # Find any inputs with :sensitive = true and replace their values with "***"
       def redact_sensitive_inputs
         @run_data[:profiles]&.each do |p|

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "4.24.28".freeze
+  VERSION = "4.28.0".freeze
 end

data/lib/matchers/matchers.rb

@@ -287,7 +287,7 @@ RSpec::Matchers.define :cmp do |first_expected| # rubocop:disable Metrics/BlockL
   end
 
   def format_actual(actual)
-    actual = "0%o" % actual if octal?(@expected)
+    actual = "0%o" % actual if octal?(@expected) && !actual.nil?
     "\n%s\n     got: %s\n\n(compared using `cmp` matcher)\n" % [format_expectation(false), actual]
   end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 4.24.28
+  version: 4.28.0
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-06 00:00:00.000000000 Z
+date: 2021-03-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -108,16 +108,22 @@ dependencies:
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.9'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '3.10'
+        version: '3.11'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.9'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '3.10'
+        version: '3.11'
 - !ruby/object:Gem::Dependency
   name: rspec-its
   requirement: !ruby/object:Gem::Requirement
@@ -217,7 +223,7 @@ dependencies:
         version: 0.9.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '1.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -227,7 +233,21 @@ dependencies:
         version: 0.9.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: faraday_middleware
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: tty-table
   requirement: !ruby/object:Gem::Requirement
@@ -299,7 +319,7 @@ dependencies:
         version: '1.5'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -309,7 +329,7 @@ dependencies:
         version: '1.5'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: semverse
   requirement: !ruby/object:Gem::Requirement
@@ -750,7 +770,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Infrastructure and compliance testing. Core library.