inspec-core 4.24.8 → 4.26.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +9 -14
- data/inspec-core.gemspec +9 -8
- data/lib/bundles/inspec-supermarket/api.rb +2 -2
- data/lib/bundles/inspec-supermarket/target.rb +1 -1
- data/lib/inspec/archive/tar.rb +1 -1
- data/lib/inspec/archive/zip.rb +3 -3
- data/lib/inspec/base_cli.rb +4 -2
- data/lib/inspec/cached_fetcher.rb +1 -1
- data/lib/inspec/cli.rb +1 -1
- data/lib/inspec/config.rb +19 -6
- data/lib/inspec/dependencies/cache.rb +1 -1
- data/lib/inspec/env_printer.rb +2 -2
- data/lib/inspec/fetcher/git.rb +3 -3
- data/lib/inspec/fetcher/local.rb +1 -1
- data/lib/inspec/fetcher/url.rb +4 -4
- data/lib/inspec/file_provider.rb +4 -4
- data/lib/inspec/input.rb +3 -0
- data/lib/inspec/input_registry.rb +5 -3
- data/lib/inspec/metadata.rb +1 -1
- data/lib/inspec/plugin/v1/plugins.rb +2 -2
- data/lib/inspec/plugin/v2.rb +5 -0
- data/lib/inspec/plugin/v2/config_file.rb +1 -1
- data/lib/inspec/plugin/v2/filter.rb +2 -2
- data/lib/inspec/plugin/v2/installer.rb +5 -5
- data/lib/inspec/plugin/v2/loader.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +2 -2
- data/lib/inspec/profile.rb +3 -3
- data/lib/inspec/profile_context.rb +1 -1
- data/lib/inspec/reporters/automate.rb +2 -2
- data/lib/inspec/reporters/json.rb +1 -1
- data/lib/inspec/reporters/json_automate.rb +1 -1
- data/lib/inspec/resources.rb +5 -5
- data/lib/inspec/resources/apt.rb +1 -1
- data/lib/inspec/resources/auditd.rb +1 -1
- data/lib/inspec/resources/csv.rb +1 -1
- data/lib/inspec/resources/dh_params.rb +1 -1
- data/lib/inspec/resources/file.rb +1 -1
- data/lib/inspec/resources/http.rb +1 -1
- data/lib/inspec/resources/iis_website.rb +1 -1
- data/lib/inspec/resources/interfaces.rb +1 -1
- data/lib/inspec/resources/json.rb +2 -2
- data/lib/inspec/resources/key_rsa.rb +1 -1
- data/lib/inspec/resources/mssql_session.rb +5 -1
- data/lib/inspec/resources/mysql_session.rb +1 -1
- data/lib/inspec/resources/nginx.rb +1 -1
- data/lib/inspec/resources/nginx_conf.rb +40 -1
- data/lib/inspec/resources/npm.rb +1 -1
- data/lib/inspec/resources/oracledb_session.rb +2 -2
- data/lib/inspec/resources/parse_config.rb +5 -2
- data/lib/inspec/resources/port.rb +1 -1
- data/lib/inspec/resources/postgres_session.rb +1 -1
- data/lib/inspec/resources/ppa.rb +1 -1
- data/lib/inspec/resources/processes.rb +1 -1
- data/lib/inspec/resources/rabbitmq_conf.rb +1 -1
- data/lib/inspec/resources/registry_key.rb +1 -1
- data/lib/inspec/resources/ssh_config.rb +24 -2
- data/lib/inspec/resources/sshd_config.rb +1 -1
- data/lib/inspec/resources/ssl.rb +2 -2
- data/lib/inspec/resources/toml.rb +1 -1
- data/lib/inspec/resources/vbscript.rb +1 -1
- data/lib/inspec/resources/windows_registry_key.rb +1 -1
- data/lib/inspec/resources/wmi.rb +1 -1
- data/lib/inspec/resources/x509_certificate.rb +1 -1
- data/lib/inspec/resources/xml.rb +1 -1
- data/lib/inspec/runner.rb +2 -2
- data/lib/inspec/schema.rb +1 -1
- data/lib/inspec/schema/output_schema.rb +1 -1
- data/lib/inspec/schema/primitives.rb +1 -1
- data/lib/inspec/shell_detector.rb +2 -2
- data/lib/inspec/utils/command_wrapper.rb +1 -1
- data/lib/inspec/utils/deprecation/config_file.rb +2 -2
- data/lib/inspec/utils/json_log.rb +1 -1
- data/lib/inspec/utils/run_data_filters.rb +7 -5
- data/lib/inspec/utils/telemetry/collector.rb +1 -1
- data/lib/inspec/utils/telemetry/data_series.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +5 -5
- data/lib/plugins/inspec-compliance/README.md +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +3 -3
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +2 -2
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +3 -3
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +2 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +3 -3
- data/lib/plugins/inspec-reporter-html2/lib/inspec-reporter-html2/reporter.rb +1 -1
- data/lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min/reporter.rb +1 -1
- data/lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit/reporter.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +6 -6
- metadata +63 -25
|
@@ -4,7 +4,7 @@ require "inspec/resource"
|
|
|
4
4
|
require "inspec/library_eval_context"
|
|
5
5
|
require "inspec/control_eval_context"
|
|
6
6
|
require "inspec/require_loader"
|
|
7
|
-
require "securerandom"
|
|
7
|
+
require "securerandom" unless defined?(SecureRandom)
|
|
8
8
|
require "inspec/input_registry"
|
|
9
9
|
|
|
10
10
|
module Inspec
|
data/lib/inspec/resources.rb
CHANGED
|
@@ -16,11 +16,11 @@ inspec_core_only = ENV["NO_AWS"] || !File.exist?(File.join(File.dirname(__FILE__
|
|
|
16
16
|
# Do not attempt to load cloud resources if we are in inspec-core mode
|
|
17
17
|
unless inspec_core_only
|
|
18
18
|
require "resource_support/aws"
|
|
19
|
-
require "resources/azure/azure_backend
|
|
20
|
-
require "resources/azure/azure_generic_resource
|
|
21
|
-
require "resources/azure/azure_resource_group
|
|
22
|
-
require "resources/azure/azure_virtual_machine
|
|
23
|
-
require "resources/azure/azure_virtual_machine_data_disk
|
|
19
|
+
require "resources/azure/azure_backend"
|
|
20
|
+
require "resources/azure/azure_generic_resource"
|
|
21
|
+
require "resources/azure/azure_resource_group"
|
|
22
|
+
require "resources/azure/azure_virtual_machine"
|
|
23
|
+
require "resources/azure/azure_virtual_machine_data_disk"
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
require "inspec/resources/aide_conf"
|
data/lib/inspec/resources/apt.rb
CHANGED
data/lib/inspec/resources/csv.rb
CHANGED
|
@@ -20,7 +20,7 @@ module Inspec::Resources
|
|
|
20
20
|
# { 'name' => 'row2', 'col1' => 'value3', 'col2' => 'value4' }
|
|
21
21
|
# ]
|
|
22
22
|
def parse(content)
|
|
23
|
-
require "csv"
|
|
23
|
+
require "csv" unless defined?(CSV)
|
|
24
24
|
|
|
25
25
|
# convert empty field to nil
|
|
26
26
|
CSV::Converters[:blank_to_nil] = lambda do |field|
|
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
# This is just here to make the dynamic loader happy.
|
|
2
|
-
require "inspec/resources/iis_website
|
|
2
|
+
require "inspec/resources/iis_website"
|
|
@@ -24,7 +24,7 @@ module Inspec::Resources
|
|
|
24
24
|
.install_filter_methods_on_resource(self, :scan_interfaces)
|
|
25
25
|
|
|
26
26
|
def ipv4_address
|
|
27
|
-
require "ipaddr"
|
|
27
|
+
require "ipaddr" unless defined?(IPAddr)
|
|
28
28
|
|
|
29
29
|
# Loop over interface names
|
|
30
30
|
# Select those that are up and have an ipv4 address
|
|
@@ -48,7 +48,7 @@ module Inspec::Resources
|
|
|
48
48
|
# @return [Object] the value stored at this position
|
|
49
49
|
def method_missing(*keys)
|
|
50
50
|
# catch bahavior of rspec its implementation
|
|
51
|
-
# @see https://github.com/rspec/rspec-its/blob/
|
|
51
|
+
# @see https://github.com/rspec/rspec-its/blob/v1.2.0/lib/rspec/its.rb#L110
|
|
52
52
|
keys.shift if keys.is_a?(Array) && keys[0] == :[]
|
|
53
53
|
value(keys)
|
|
54
54
|
end
|
|
@@ -66,7 +66,7 @@ module Inspec::Resources
|
|
|
66
66
|
private
|
|
67
67
|
|
|
68
68
|
def parse(content)
|
|
69
|
-
require "json"
|
|
69
|
+
require "json" unless defined?(JSON)
|
|
70
70
|
JSON.parse(content)
|
|
71
71
|
rescue => e
|
|
72
72
|
raise Inspec::Exceptions::ResourceFailed, "Unable to parse JSON: #{e.message}"
|
|
@@ -12,6 +12,10 @@ module Inspec::Resources
|
|
|
12
12
|
class MssqlSession < Inspec.resource(1)
|
|
13
13
|
name "mssql_session"
|
|
14
14
|
supports platform: "windows"
|
|
15
|
+
supports platform: "darwin"
|
|
16
|
+
supports platform: "debian"
|
|
17
|
+
supports platform: "redhat"
|
|
18
|
+
supports platform: "suse"
|
|
15
19
|
desc "Use the mssql_session InSpec audit resource to test SQL commands run against a MS Sql Server database."
|
|
16
20
|
example <<~EXAMPLE
|
|
17
21
|
# Using SQL authentication
|
|
@@ -95,7 +99,7 @@ module Inspec::Resources
|
|
|
95
99
|
end
|
|
96
100
|
|
|
97
101
|
def parse_csv_result(cmd)
|
|
98
|
-
require "csv"
|
|
102
|
+
require "csv" unless defined?(CSV)
|
|
99
103
|
table = CSV.parse(cmd.stdout, headers: true)
|
|
100
104
|
|
|
101
105
|
# remove first row, since it will be a seperator line
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
require "inspec/utils/nginx_parser"
|
|
2
2
|
require "inspec/utils/find_files"
|
|
3
3
|
require "inspec/utils/file_reader"
|
|
4
|
-
require "forwardable"
|
|
4
|
+
require "forwardable" unless defined?(Forwardable)
|
|
5
5
|
|
|
6
6
|
# STABILITY: Experimental
|
|
7
7
|
# This resouce needs a proper interace to the underlying data, which is currently missing.
|
|
@@ -54,6 +54,21 @@ module Inspec::Resources
|
|
|
54
54
|
"nginx_conf #{@conf_path}"
|
|
55
55
|
end
|
|
56
56
|
|
|
57
|
+
def method_missing(name)
|
|
58
|
+
return super if name.to_s.match?(/^to_/)
|
|
59
|
+
|
|
60
|
+
v = params[name.to_s]
|
|
61
|
+
return v.flatten unless v.nil?
|
|
62
|
+
|
|
63
|
+
nil
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
def respond_to_missing?(name, include_all = false)
|
|
67
|
+
return super if name.to_s.match?(/^to_/)
|
|
68
|
+
|
|
69
|
+
true
|
|
70
|
+
end
|
|
71
|
+
|
|
57
72
|
private
|
|
58
73
|
|
|
59
74
|
def read_content(path)
|
|
@@ -175,6 +190,18 @@ module Inspec::Resources
|
|
|
175
190
|
end
|
|
176
191
|
alias inspect to_s
|
|
177
192
|
|
|
193
|
+
def method_missing(name)
|
|
194
|
+
return super if name.to_s.match?(/^to_/)
|
|
195
|
+
|
|
196
|
+
(@params[name.to_s] || []).flatten
|
|
197
|
+
end
|
|
198
|
+
|
|
199
|
+
def respond_to_missing?(name, include_all = false)
|
|
200
|
+
return super if name.to_s.match?(/^to_/)
|
|
201
|
+
|
|
202
|
+
true
|
|
203
|
+
end
|
|
204
|
+
|
|
178
205
|
private
|
|
179
206
|
|
|
180
207
|
def server_table
|
|
@@ -207,6 +234,18 @@ module Inspec::Resources
|
|
|
207
234
|
end
|
|
208
235
|
alias inspect to_s
|
|
209
236
|
|
|
237
|
+
def method_missing(name)
|
|
238
|
+
return super if name.to_s.match?(/^to_/)
|
|
239
|
+
|
|
240
|
+
(@params[name.to_s] || []).flatten
|
|
241
|
+
end
|
|
242
|
+
|
|
243
|
+
def respond_to_missing?(name, include_all = false)
|
|
244
|
+
return super if name.to_s.match?(/^to_/)
|
|
245
|
+
|
|
246
|
+
true
|
|
247
|
+
end
|
|
248
|
+
|
|
210
249
|
private
|
|
211
250
|
|
|
212
251
|
def location_table
|
data/lib/inspec/resources/npm.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
require "inspec/resources/command"
|
|
2
2
|
require "inspec/utils/database_helpers"
|
|
3
3
|
require "hashie/mash"
|
|
4
|
-
require "csv"
|
|
4
|
+
require "csv" unless defined?(CSV)
|
|
5
5
|
|
|
6
6
|
module Inspec::Resources
|
|
7
7
|
# STABILITY: Experimental
|
|
@@ -48,7 +48,7 @@ module Inspec::Resources
|
|
|
48
48
|
format_options = "set sqlformat csv\nSET FEEDBACK OFF"
|
|
49
49
|
else
|
|
50
50
|
@bin = "#{@sqlplus_bin} -S"
|
|
51
|
-
format_options = "SET
|
|
51
|
+
format_options = "SET PAGESIZE 32000\nSET FEEDBACK OFF\nSET UNDERLINE OFF"
|
|
52
52
|
end
|
|
53
53
|
|
|
54
54
|
command = command_builder(format_options, sql)
|
|
@@ -55,8 +55,11 @@ module Inspec::Resources
|
|
|
55
55
|
read_params unless @content.nil?
|
|
56
56
|
end
|
|
57
57
|
|
|
58
|
-
def method_missing(name)
|
|
59
|
-
|
|
58
|
+
def method_missing(*name)
|
|
59
|
+
# catch bahavior of rspec its implementation
|
|
60
|
+
# @see https://github.com/rspec/rspec-its/blob/v1.2.0/lib/rspec/its.rb#L110
|
|
61
|
+
name.shift if name.is_a?(Array) && name[0] == :[]
|
|
62
|
+
read_params[name[0].to_s]
|
|
60
63
|
end
|
|
61
64
|
|
|
62
65
|
def params(*opts)
|
data/lib/inspec/resources/ppa.rb
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
# This is just here to make the dynamic loader happy.
|
|
2
|
-
require "inspec/resources/apt
|
|
2
|
+
require "inspec/resources/apt"
|
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
# This is just here to make the dynamic loader happy.
|
|
2
|
-
require "inspec/resources/rabbitmq_config
|
|
2
|
+
require "inspec/resources/rabbitmq_config"
|
|
@@ -7,6 +7,7 @@ module Inspec::Resources
|
|
|
7
7
|
class SshConfig < Inspec.resource(1)
|
|
8
8
|
name "ssh_config"
|
|
9
9
|
supports platform: "unix"
|
|
10
|
+
supports platform: "windows"
|
|
10
11
|
desc "Use the `ssh_config` InSpec audit resource to test OpenSSH client configuration data located at `/etc/ssh/ssh_config` on Linux and Unix platforms."
|
|
11
12
|
example <<~EXAMPLE
|
|
12
13
|
describe ssh_config do
|
|
@@ -19,7 +20,7 @@ module Inspec::Resources
|
|
|
19
20
|
include FileReader
|
|
20
21
|
|
|
21
22
|
def initialize(conf_path = nil, type = nil)
|
|
22
|
-
@conf_path = conf_path || "
|
|
23
|
+
@conf_path = conf_path || ssh_config_file("ssh_config")
|
|
23
24
|
typename = (@conf_path.include?("sshd") ? "Server" : "Client")
|
|
24
25
|
@type = type || "SSH #{typename} configuration #{conf_path}"
|
|
25
26
|
read_content
|
|
@@ -75,11 +76,21 @@ module Inspec::Resources
|
|
|
75
76
|
)
|
|
76
77
|
@params = convert_hash(conf.params)
|
|
77
78
|
end
|
|
79
|
+
|
|
80
|
+
def ssh_config_file(type)
|
|
81
|
+
if inspec.os.windows?
|
|
82
|
+
programdata = inspec.os_env("programdata").content
|
|
83
|
+
return "#{programdata}\\ssh\\#{type}"
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
"/etc/ssh/#{type}"
|
|
87
|
+
end
|
|
78
88
|
end
|
|
79
89
|
|
|
80
90
|
class SshdConfig < SshConfig
|
|
81
91
|
name "sshd_config"
|
|
82
92
|
supports platform: "unix"
|
|
93
|
+
supports platform: "windows"
|
|
83
94
|
desc "Use the sshd_config InSpec audit resource to test configuration data for the Open SSH daemon located at /etc/ssh/sshd_config on Linux and UNIX platforms. sshd---the Open SSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command execution, and data exchanges."
|
|
84
95
|
example <<~EXAMPLE
|
|
85
96
|
describe sshd_config do
|
|
@@ -88,11 +99,22 @@ module Inspec::Resources
|
|
|
88
99
|
EXAMPLE
|
|
89
100
|
|
|
90
101
|
def initialize(path = nil)
|
|
91
|
-
super(path || "
|
|
102
|
+
super(path || ssh_config_file("sshd_config"))
|
|
92
103
|
end
|
|
93
104
|
|
|
94
105
|
def to_s
|
|
95
106
|
"SSHD Configuration"
|
|
96
107
|
end
|
|
108
|
+
|
|
109
|
+
private
|
|
110
|
+
|
|
111
|
+
def ssh_config_file(type)
|
|
112
|
+
if inspec.os.windows?
|
|
113
|
+
programdata = inspec.os_env("programdata").content
|
|
114
|
+
return "#{programdata}\\ssh\\#{type}"
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
"/etc/ssh/#{type}"
|
|
118
|
+
end
|
|
97
119
|
end
|
|
98
120
|
end
|
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
# This is just here to make the dynamic loader happy.
|
|
2
|
-
require "inspec/resources/ssh_config
|
|
2
|
+
require "inspec/resources/ssh_config"
|
data/lib/inspec/resources/ssl.rb
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
# copyright: 2015, Chef Software Inc.
|
|
2
2
|
|
|
3
|
-
require "sslshake"
|
|
3
|
+
require "sslshake" unless defined?(SSLShake)
|
|
4
4
|
require "inspec/utils/filter"
|
|
5
|
-
require "uri"
|
|
5
|
+
require "uri" unless defined?(URI)
|
|
6
6
|
require "parallel"
|
|
7
7
|
|
|
8
8
|
# Custom resource based on the InSpec resource DSL
|
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
# This is just here to make the dynamic loader happy.
|
|
2
|
-
require "inspec/resources/registry_key
|
|
2
|
+
require "inspec/resources/registry_key"
|
data/lib/inspec/resources/wmi.rb
CHANGED
|
@@ -39,7 +39,7 @@ module Inspec::Resources
|
|
|
39
39
|
# returns nil, if not existant or value
|
|
40
40
|
def method_missing(*keys)
|
|
41
41
|
# catch behavior of rspec its implementation
|
|
42
|
-
# @see https://github.com/rspec/rspec-its/blob/
|
|
42
|
+
# @see https://github.com/rspec/rspec-its/blob/v1.2.0/lib/rspec/its.rb#L110
|
|
43
43
|
keys.shift if keys.is_a?(Array) && keys[0] == :[]
|
|
44
44
|
|
|
45
45
|
# map all symbols to strings
|