inspec-core 4.24.8 → 4.26.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +9 -14
- data/inspec-core.gemspec +9 -8
- data/lib/bundles/inspec-supermarket/api.rb +2 -2
- data/lib/bundles/inspec-supermarket/target.rb +1 -1
- data/lib/inspec/archive/tar.rb +1 -1
- data/lib/inspec/archive/zip.rb +3 -3
- data/lib/inspec/base_cli.rb +4 -2
- data/lib/inspec/cached_fetcher.rb +1 -1
- data/lib/inspec/cli.rb +1 -1
- data/lib/inspec/config.rb +19 -6
- data/lib/inspec/dependencies/cache.rb +1 -1
- data/lib/inspec/env_printer.rb +2 -2
- data/lib/inspec/fetcher/git.rb +3 -3
- data/lib/inspec/fetcher/local.rb +1 -1
- data/lib/inspec/fetcher/url.rb +4 -4
- data/lib/inspec/file_provider.rb +4 -4
- data/lib/inspec/input.rb +3 -0
- data/lib/inspec/input_registry.rb +5 -3
- data/lib/inspec/metadata.rb +1 -1
- data/lib/inspec/plugin/v1/plugins.rb +2 -2
- data/lib/inspec/plugin/v2.rb +5 -0
- data/lib/inspec/plugin/v2/config_file.rb +1 -1
- data/lib/inspec/plugin/v2/filter.rb +2 -2
- data/lib/inspec/plugin/v2/installer.rb +5 -5
- data/lib/inspec/plugin/v2/loader.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +2 -2
- data/lib/inspec/profile.rb +3 -3
- data/lib/inspec/profile_context.rb +1 -1
- data/lib/inspec/reporters/automate.rb +2 -2
- data/lib/inspec/reporters/json.rb +1 -1
- data/lib/inspec/reporters/json_automate.rb +1 -1
- data/lib/inspec/resources.rb +5 -5
- data/lib/inspec/resources/apt.rb +1 -1
- data/lib/inspec/resources/auditd.rb +1 -1
- data/lib/inspec/resources/csv.rb +1 -1
- data/lib/inspec/resources/dh_params.rb +1 -1
- data/lib/inspec/resources/file.rb +1 -1
- data/lib/inspec/resources/http.rb +1 -1
- data/lib/inspec/resources/iis_website.rb +1 -1
- data/lib/inspec/resources/interfaces.rb +1 -1
- data/lib/inspec/resources/json.rb +2 -2
- data/lib/inspec/resources/key_rsa.rb +1 -1
- data/lib/inspec/resources/mssql_session.rb +5 -1
- data/lib/inspec/resources/mysql_session.rb +1 -1
- data/lib/inspec/resources/nginx.rb +1 -1
- data/lib/inspec/resources/nginx_conf.rb +40 -1
- data/lib/inspec/resources/npm.rb +1 -1
- data/lib/inspec/resources/oracledb_session.rb +2 -2
- data/lib/inspec/resources/parse_config.rb +5 -2
- data/lib/inspec/resources/port.rb +1 -1
- data/lib/inspec/resources/postgres_session.rb +1 -1
- data/lib/inspec/resources/ppa.rb +1 -1
- data/lib/inspec/resources/processes.rb +1 -1
- data/lib/inspec/resources/rabbitmq_conf.rb +1 -1
- data/lib/inspec/resources/registry_key.rb +1 -1
- data/lib/inspec/resources/ssh_config.rb +24 -2
- data/lib/inspec/resources/sshd_config.rb +1 -1
- data/lib/inspec/resources/ssl.rb +2 -2
- data/lib/inspec/resources/toml.rb +1 -1
- data/lib/inspec/resources/vbscript.rb +1 -1
- data/lib/inspec/resources/windows_registry_key.rb +1 -1
- data/lib/inspec/resources/wmi.rb +1 -1
- data/lib/inspec/resources/x509_certificate.rb +1 -1
- data/lib/inspec/resources/xml.rb +1 -1
- data/lib/inspec/runner.rb +2 -2
- data/lib/inspec/schema.rb +1 -1
- data/lib/inspec/schema/output_schema.rb +1 -1
- data/lib/inspec/schema/primitives.rb +1 -1
- data/lib/inspec/shell_detector.rb +2 -2
- data/lib/inspec/utils/command_wrapper.rb +1 -1
- data/lib/inspec/utils/deprecation/config_file.rb +2 -2
- data/lib/inspec/utils/json_log.rb +1 -1
- data/lib/inspec/utils/run_data_filters.rb +7 -5
- data/lib/inspec/utils/telemetry/collector.rb +1 -1
- data/lib/inspec/utils/telemetry/data_series.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +5 -5
- data/lib/plugins/inspec-compliance/README.md +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +3 -3
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +2 -2
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +3 -3
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +2 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +3 -3
- data/lib/plugins/inspec-reporter-html2/lib/inspec-reporter-html2/reporter.rb +1 -1
- data/lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min/reporter.rb +1 -1
- data/lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit/reporter.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +6 -6
- metadata +63 -25
@@ -4,7 +4,7 @@ require "inspec/resource"
|
|
4
4
|
require "inspec/library_eval_context"
|
5
5
|
require "inspec/control_eval_context"
|
6
6
|
require "inspec/require_loader"
|
7
|
-
require "securerandom"
|
7
|
+
require "securerandom" unless defined?(SecureRandom)
|
8
8
|
require "inspec/input_registry"
|
9
9
|
|
10
10
|
module Inspec
|
data/lib/inspec/resources.rb
CHANGED
@@ -16,11 +16,11 @@ inspec_core_only = ENV["NO_AWS"] || !File.exist?(File.join(File.dirname(__FILE__
|
|
16
16
|
# Do not attempt to load cloud resources if we are in inspec-core mode
|
17
17
|
unless inspec_core_only
|
18
18
|
require "resource_support/aws"
|
19
|
-
require "resources/azure/azure_backend
|
20
|
-
require "resources/azure/azure_generic_resource
|
21
|
-
require "resources/azure/azure_resource_group
|
22
|
-
require "resources/azure/azure_virtual_machine
|
23
|
-
require "resources/azure/azure_virtual_machine_data_disk
|
19
|
+
require "resources/azure/azure_backend"
|
20
|
+
require "resources/azure/azure_generic_resource"
|
21
|
+
require "resources/azure/azure_resource_group"
|
22
|
+
require "resources/azure/azure_virtual_machine"
|
23
|
+
require "resources/azure/azure_virtual_machine_data_disk"
|
24
24
|
end
|
25
25
|
|
26
26
|
require "inspec/resources/aide_conf"
|
data/lib/inspec/resources/apt.rb
CHANGED
data/lib/inspec/resources/csv.rb
CHANGED
@@ -20,7 +20,7 @@ module Inspec::Resources
|
|
20
20
|
# { 'name' => 'row2', 'col1' => 'value3', 'col2' => 'value4' }
|
21
21
|
# ]
|
22
22
|
def parse(content)
|
23
|
-
require "csv"
|
23
|
+
require "csv" unless defined?(CSV)
|
24
24
|
|
25
25
|
# convert empty field to nil
|
26
26
|
CSV::Converters[:blank_to_nil] = lambda do |field|
|
@@ -1,2 +1,2 @@
|
|
1
1
|
# This is just here to make the dynamic loader happy.
|
2
|
-
require "inspec/resources/iis_website
|
2
|
+
require "inspec/resources/iis_website"
|
@@ -24,7 +24,7 @@ module Inspec::Resources
|
|
24
24
|
.install_filter_methods_on_resource(self, :scan_interfaces)
|
25
25
|
|
26
26
|
def ipv4_address
|
27
|
-
require "ipaddr"
|
27
|
+
require "ipaddr" unless defined?(IPAddr)
|
28
28
|
|
29
29
|
# Loop over interface names
|
30
30
|
# Select those that are up and have an ipv4 address
|
@@ -48,7 +48,7 @@ module Inspec::Resources
|
|
48
48
|
# @return [Object] the value stored at this position
|
49
49
|
def method_missing(*keys)
|
50
50
|
# catch bahavior of rspec its implementation
|
51
|
-
# @see https://github.com/rspec/rspec-its/blob/
|
51
|
+
# @see https://github.com/rspec/rspec-its/blob/v1.2.0/lib/rspec/its.rb#L110
|
52
52
|
keys.shift if keys.is_a?(Array) && keys[0] == :[]
|
53
53
|
value(keys)
|
54
54
|
end
|
@@ -66,7 +66,7 @@ module Inspec::Resources
|
|
66
66
|
private
|
67
67
|
|
68
68
|
def parse(content)
|
69
|
-
require "json"
|
69
|
+
require "json" unless defined?(JSON)
|
70
70
|
JSON.parse(content)
|
71
71
|
rescue => e
|
72
72
|
raise Inspec::Exceptions::ResourceFailed, "Unable to parse JSON: #{e.message}"
|
@@ -12,6 +12,10 @@ module Inspec::Resources
|
|
12
12
|
class MssqlSession < Inspec.resource(1)
|
13
13
|
name "mssql_session"
|
14
14
|
supports platform: "windows"
|
15
|
+
supports platform: "darwin"
|
16
|
+
supports platform: "debian"
|
17
|
+
supports platform: "redhat"
|
18
|
+
supports platform: "suse"
|
15
19
|
desc "Use the mssql_session InSpec audit resource to test SQL commands run against a MS Sql Server database."
|
16
20
|
example <<~EXAMPLE
|
17
21
|
# Using SQL authentication
|
@@ -95,7 +99,7 @@ module Inspec::Resources
|
|
95
99
|
end
|
96
100
|
|
97
101
|
def parse_csv_result(cmd)
|
98
|
-
require "csv"
|
102
|
+
require "csv" unless defined?(CSV)
|
99
103
|
table = CSV.parse(cmd.stdout, headers: true)
|
100
104
|
|
101
105
|
# remove first row, since it will be a seperator line
|
@@ -1,7 +1,7 @@
|
|
1
1
|
require "inspec/utils/nginx_parser"
|
2
2
|
require "inspec/utils/find_files"
|
3
3
|
require "inspec/utils/file_reader"
|
4
|
-
require "forwardable"
|
4
|
+
require "forwardable" unless defined?(Forwardable)
|
5
5
|
|
6
6
|
# STABILITY: Experimental
|
7
7
|
# This resouce needs a proper interace to the underlying data, which is currently missing.
|
@@ -54,6 +54,21 @@ module Inspec::Resources
|
|
54
54
|
"nginx_conf #{@conf_path}"
|
55
55
|
end
|
56
56
|
|
57
|
+
def method_missing(name)
|
58
|
+
return super if name.to_s.match?(/^to_/)
|
59
|
+
|
60
|
+
v = params[name.to_s]
|
61
|
+
return v.flatten unless v.nil?
|
62
|
+
|
63
|
+
nil
|
64
|
+
end
|
65
|
+
|
66
|
+
def respond_to_missing?(name, include_all = false)
|
67
|
+
return super if name.to_s.match?(/^to_/)
|
68
|
+
|
69
|
+
true
|
70
|
+
end
|
71
|
+
|
57
72
|
private
|
58
73
|
|
59
74
|
def read_content(path)
|
@@ -175,6 +190,18 @@ module Inspec::Resources
|
|
175
190
|
end
|
176
191
|
alias inspect to_s
|
177
192
|
|
193
|
+
def method_missing(name)
|
194
|
+
return super if name.to_s.match?(/^to_/)
|
195
|
+
|
196
|
+
(@params[name.to_s] || []).flatten
|
197
|
+
end
|
198
|
+
|
199
|
+
def respond_to_missing?(name, include_all = false)
|
200
|
+
return super if name.to_s.match?(/^to_/)
|
201
|
+
|
202
|
+
true
|
203
|
+
end
|
204
|
+
|
178
205
|
private
|
179
206
|
|
180
207
|
def server_table
|
@@ -207,6 +234,18 @@ module Inspec::Resources
|
|
207
234
|
end
|
208
235
|
alias inspect to_s
|
209
236
|
|
237
|
+
def method_missing(name)
|
238
|
+
return super if name.to_s.match?(/^to_/)
|
239
|
+
|
240
|
+
(@params[name.to_s] || []).flatten
|
241
|
+
end
|
242
|
+
|
243
|
+
def respond_to_missing?(name, include_all = false)
|
244
|
+
return super if name.to_s.match?(/^to_/)
|
245
|
+
|
246
|
+
true
|
247
|
+
end
|
248
|
+
|
210
249
|
private
|
211
250
|
|
212
251
|
def location_table
|
data/lib/inspec/resources/npm.rb
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
require "inspec/resources/command"
|
2
2
|
require "inspec/utils/database_helpers"
|
3
3
|
require "hashie/mash"
|
4
|
-
require "csv"
|
4
|
+
require "csv" unless defined?(CSV)
|
5
5
|
|
6
6
|
module Inspec::Resources
|
7
7
|
# STABILITY: Experimental
|
@@ -48,7 +48,7 @@ module Inspec::Resources
|
|
48
48
|
format_options = "set sqlformat csv\nSET FEEDBACK OFF"
|
49
49
|
else
|
50
50
|
@bin = "#{@sqlplus_bin} -S"
|
51
|
-
format_options = "SET
|
51
|
+
format_options = "SET PAGESIZE 32000\nSET FEEDBACK OFF\nSET UNDERLINE OFF"
|
52
52
|
end
|
53
53
|
|
54
54
|
command = command_builder(format_options, sql)
|
@@ -55,8 +55,11 @@ module Inspec::Resources
|
|
55
55
|
read_params unless @content.nil?
|
56
56
|
end
|
57
57
|
|
58
|
-
def method_missing(name)
|
59
|
-
|
58
|
+
def method_missing(*name)
|
59
|
+
# catch bahavior of rspec its implementation
|
60
|
+
# @see https://github.com/rspec/rspec-its/blob/v1.2.0/lib/rspec/its.rb#L110
|
61
|
+
name.shift if name.is_a?(Array) && name[0] == :[]
|
62
|
+
read_params[name[0].to_s]
|
60
63
|
end
|
61
64
|
|
62
65
|
def params(*opts)
|
data/lib/inspec/resources/ppa.rb
CHANGED
@@ -1,2 +1,2 @@
|
|
1
1
|
# This is just here to make the dynamic loader happy.
|
2
|
-
require "inspec/resources/apt
|
2
|
+
require "inspec/resources/apt"
|
@@ -1,2 +1,2 @@
|
|
1
1
|
# This is just here to make the dynamic loader happy.
|
2
|
-
require "inspec/resources/rabbitmq_config
|
2
|
+
require "inspec/resources/rabbitmq_config"
|
@@ -7,6 +7,7 @@ module Inspec::Resources
|
|
7
7
|
class SshConfig < Inspec.resource(1)
|
8
8
|
name "ssh_config"
|
9
9
|
supports platform: "unix"
|
10
|
+
supports platform: "windows"
|
10
11
|
desc "Use the `ssh_config` InSpec audit resource to test OpenSSH client configuration data located at `/etc/ssh/ssh_config` on Linux and Unix platforms."
|
11
12
|
example <<~EXAMPLE
|
12
13
|
describe ssh_config do
|
@@ -19,7 +20,7 @@ module Inspec::Resources
|
|
19
20
|
include FileReader
|
20
21
|
|
21
22
|
def initialize(conf_path = nil, type = nil)
|
22
|
-
@conf_path = conf_path || "
|
23
|
+
@conf_path = conf_path || ssh_config_file("ssh_config")
|
23
24
|
typename = (@conf_path.include?("sshd") ? "Server" : "Client")
|
24
25
|
@type = type || "SSH #{typename} configuration #{conf_path}"
|
25
26
|
read_content
|
@@ -75,11 +76,21 @@ module Inspec::Resources
|
|
75
76
|
)
|
76
77
|
@params = convert_hash(conf.params)
|
77
78
|
end
|
79
|
+
|
80
|
+
def ssh_config_file(type)
|
81
|
+
if inspec.os.windows?
|
82
|
+
programdata = inspec.os_env("programdata").content
|
83
|
+
return "#{programdata}\\ssh\\#{type}"
|
84
|
+
end
|
85
|
+
|
86
|
+
"/etc/ssh/#{type}"
|
87
|
+
end
|
78
88
|
end
|
79
89
|
|
80
90
|
class SshdConfig < SshConfig
|
81
91
|
name "sshd_config"
|
82
92
|
supports platform: "unix"
|
93
|
+
supports platform: "windows"
|
83
94
|
desc "Use the sshd_config InSpec audit resource to test configuration data for the Open SSH daemon located at /etc/ssh/sshd_config on Linux and UNIX platforms. sshd---the Open SSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command execution, and data exchanges."
|
84
95
|
example <<~EXAMPLE
|
85
96
|
describe sshd_config do
|
@@ -88,11 +99,22 @@ module Inspec::Resources
|
|
88
99
|
EXAMPLE
|
89
100
|
|
90
101
|
def initialize(path = nil)
|
91
|
-
super(path || "
|
102
|
+
super(path || ssh_config_file("sshd_config"))
|
92
103
|
end
|
93
104
|
|
94
105
|
def to_s
|
95
106
|
"SSHD Configuration"
|
96
107
|
end
|
108
|
+
|
109
|
+
private
|
110
|
+
|
111
|
+
def ssh_config_file(type)
|
112
|
+
if inspec.os.windows?
|
113
|
+
programdata = inspec.os_env("programdata").content
|
114
|
+
return "#{programdata}\\ssh\\#{type}"
|
115
|
+
end
|
116
|
+
|
117
|
+
"/etc/ssh/#{type}"
|
118
|
+
end
|
97
119
|
end
|
98
120
|
end
|
@@ -1,2 +1,2 @@
|
|
1
1
|
# This is just here to make the dynamic loader happy.
|
2
|
-
require "inspec/resources/ssh_config
|
2
|
+
require "inspec/resources/ssh_config"
|
data/lib/inspec/resources/ssl.rb
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
# copyright: 2015, Chef Software Inc.
|
2
2
|
|
3
|
-
require "sslshake"
|
3
|
+
require "sslshake" unless defined?(SSLShake)
|
4
4
|
require "inspec/utils/filter"
|
5
|
-
require "uri"
|
5
|
+
require "uri" unless defined?(URI)
|
6
6
|
require "parallel"
|
7
7
|
|
8
8
|
# Custom resource based on the InSpec resource DSL
|
@@ -1,2 +1,2 @@
|
|
1
1
|
# This is just here to make the dynamic loader happy.
|
2
|
-
require "inspec/resources/registry_key
|
2
|
+
require "inspec/resources/registry_key"
|
data/lib/inspec/resources/wmi.rb
CHANGED
@@ -39,7 +39,7 @@ module Inspec::Resources
|
|
39
39
|
# returns nil, if not existant or value
|
40
40
|
def method_missing(*keys)
|
41
41
|
# catch behavior of rspec its implementation
|
42
|
-
# @see https://github.com/rspec/rspec-its/blob/
|
42
|
+
# @see https://github.com/rspec/rspec-its/blob/v1.2.0/lib/rspec/its.rb#L110
|
43
43
|
keys.shift if keys.is_a?(Array) && keys[0] == :[]
|
44
44
|
|
45
45
|
# map all symbols to strings
|