inspec-core 4.24.8 → 4.26.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (92) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +9 -14
  3. data/inspec-core.gemspec +9 -8
  4. data/lib/bundles/inspec-supermarket/api.rb +2 -2
  5. data/lib/bundles/inspec-supermarket/target.rb +1 -1
  6. data/lib/inspec/archive/tar.rb +1 -1
  7. data/lib/inspec/archive/zip.rb +3 -3
  8. data/lib/inspec/base_cli.rb +4 -2
  9. data/lib/inspec/cached_fetcher.rb +1 -1
  10. data/lib/inspec/cli.rb +1 -1
  11. data/lib/inspec/config.rb +19 -6
  12. data/lib/inspec/dependencies/cache.rb +1 -1
  13. data/lib/inspec/env_printer.rb +2 -2
  14. data/lib/inspec/fetcher/git.rb +3 -3
  15. data/lib/inspec/fetcher/local.rb +1 -1
  16. data/lib/inspec/fetcher/url.rb +4 -4
  17. data/lib/inspec/file_provider.rb +4 -4
  18. data/lib/inspec/input.rb +3 -0
  19. data/lib/inspec/input_registry.rb +5 -3
  20. data/lib/inspec/metadata.rb +1 -1
  21. data/lib/inspec/plugin/v1/plugins.rb +2 -2
  22. data/lib/inspec/plugin/v2.rb +5 -0
  23. data/lib/inspec/plugin/v2/config_file.rb +1 -1
  24. data/lib/inspec/plugin/v2/filter.rb +2 -2
  25. data/lib/inspec/plugin/v2/installer.rb +5 -5
  26. data/lib/inspec/plugin/v2/loader.rb +1 -1
  27. data/lib/inspec/plugin/v2/registry.rb +2 -2
  28. data/lib/inspec/profile.rb +3 -3
  29. data/lib/inspec/profile_context.rb +1 -1
  30. data/lib/inspec/reporters/automate.rb +2 -2
  31. data/lib/inspec/reporters/json.rb +1 -1
  32. data/lib/inspec/reporters/json_automate.rb +1 -1
  33. data/lib/inspec/resources.rb +5 -5
  34. data/lib/inspec/resources/apt.rb +1 -1
  35. data/lib/inspec/resources/auditd.rb +1 -1
  36. data/lib/inspec/resources/csv.rb +1 -1
  37. data/lib/inspec/resources/dh_params.rb +1 -1
  38. data/lib/inspec/resources/file.rb +1 -1
  39. data/lib/inspec/resources/http.rb +1 -1
  40. data/lib/inspec/resources/iis_website.rb +1 -1
  41. data/lib/inspec/resources/interfaces.rb +1 -1
  42. data/lib/inspec/resources/json.rb +2 -2
  43. data/lib/inspec/resources/key_rsa.rb +1 -1
  44. data/lib/inspec/resources/mssql_session.rb +5 -1
  45. data/lib/inspec/resources/mysql_session.rb +1 -1
  46. data/lib/inspec/resources/nginx.rb +1 -1
  47. data/lib/inspec/resources/nginx_conf.rb +40 -1
  48. data/lib/inspec/resources/npm.rb +1 -1
  49. data/lib/inspec/resources/oracledb_session.rb +2 -2
  50. data/lib/inspec/resources/parse_config.rb +5 -2
  51. data/lib/inspec/resources/port.rb +1 -1
  52. data/lib/inspec/resources/postgres_session.rb +1 -1
  53. data/lib/inspec/resources/ppa.rb +1 -1
  54. data/lib/inspec/resources/processes.rb +1 -1
  55. data/lib/inspec/resources/rabbitmq_conf.rb +1 -1
  56. data/lib/inspec/resources/registry_key.rb +1 -1
  57. data/lib/inspec/resources/ssh_config.rb +24 -2
  58. data/lib/inspec/resources/sshd_config.rb +1 -1
  59. data/lib/inspec/resources/ssl.rb +2 -2
  60. data/lib/inspec/resources/toml.rb +1 -1
  61. data/lib/inspec/resources/vbscript.rb +1 -1
  62. data/lib/inspec/resources/windows_registry_key.rb +1 -1
  63. data/lib/inspec/resources/wmi.rb +1 -1
  64. data/lib/inspec/resources/x509_certificate.rb +1 -1
  65. data/lib/inspec/resources/xml.rb +1 -1
  66. data/lib/inspec/runner.rb +2 -2
  67. data/lib/inspec/schema.rb +1 -1
  68. data/lib/inspec/schema/output_schema.rb +1 -1
  69. data/lib/inspec/schema/primitives.rb +1 -1
  70. data/lib/inspec/shell_detector.rb +2 -2
  71. data/lib/inspec/utils/command_wrapper.rb +1 -1
  72. data/lib/inspec/utils/deprecation/config_file.rb +2 -2
  73. data/lib/inspec/utils/json_log.rb +1 -1
  74. data/lib/inspec/utils/run_data_filters.rb +7 -5
  75. data/lib/inspec/utils/telemetry/collector.rb +1 -1
  76. data/lib/inspec/utils/telemetry/data_series.rb +1 -1
  77. data/lib/inspec/version.rb +1 -1
  78. data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +5 -5
  79. data/lib/plugins/inspec-compliance/README.md +1 -1
  80. data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +3 -3
  81. data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +2 -2
  82. data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +2 -2
  83. data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +3 -3
  84. data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +1 -1
  85. data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +1 -1
  86. data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +2 -2
  87. data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +3 -3
  88. data/lib/plugins/inspec-reporter-html2/lib/inspec-reporter-html2/reporter.rb +1 -1
  89. data/lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min/reporter.rb +1 -1
  90. data/lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit/reporter.rb +1 -1
  91. data/lib/plugins/shared/core_plugin_test_helper.rb +6 -6
  92. metadata +63 -25
@@ -4,7 +4,7 @@ require "inspec/resource"
4
4
  require "inspec/library_eval_context"
5
5
  require "inspec/control_eval_context"
6
6
  require "inspec/require_loader"
7
- require "securerandom"
7
+ require "securerandom" unless defined?(SecureRandom)
8
8
  require "inspec/input_registry"
9
9
 
10
10
  module Inspec
@@ -1,5 +1,5 @@
1
- require "json"
2
- require "net/http"
1
+ require "json" unless defined?(JSON)
2
+ require "net/http" unless defined?(Net::HTTP)
3
3
 
4
4
  module Inspec::Reporters
5
5
  class Automate < JsonAutomate
@@ -1,4 +1,4 @@
1
- require "json"
1
+ require "json" unless defined?(JSON)
2
2
 
3
3
  module Inspec::Reporters
4
4
  # rubocop:disable Layout/AlignHash, Style/BlockDelimiters
@@ -1,4 +1,4 @@
1
- require "json"
1
+ require "json" unless defined?(JSON)
2
2
 
3
3
  module Inspec::Reporters
4
4
  class JsonAutomate < Json
@@ -16,11 +16,11 @@ inspec_core_only = ENV["NO_AWS"] || !File.exist?(File.join(File.dirname(__FILE__
16
16
  # Do not attempt to load cloud resources if we are in inspec-core mode
17
17
  unless inspec_core_only
18
18
  require "resource_support/aws"
19
- require "resources/azure/azure_backend.rb"
20
- require "resources/azure/azure_generic_resource.rb"
21
- require "resources/azure/azure_resource_group.rb"
22
- require "resources/azure/azure_virtual_machine.rb"
23
- require "resources/azure/azure_virtual_machine_data_disk.rb"
19
+ require "resources/azure/azure_backend"
20
+ require "resources/azure/azure_generic_resource"
21
+ require "resources/azure/azure_resource_group"
22
+ require "resources/azure/azure_virtual_machine"
23
+ require "resources/azure/azure_virtual_machine_data_disk"
24
24
  end
25
25
 
26
26
  require "inspec/resources/aide_conf"
@@ -24,7 +24,7 @@ require "inspec/resources/command"
24
24
  # apt-get install software-properties-common
25
25
  # add-apt-repository ppa:ubuntu-wine/ppa
26
26
 
27
- require "uri"
27
+ require "uri" unless defined?(URI)
28
28
 
29
29
  module Inspec::Resources
30
30
  class AptRepository < Inspec.resource(1)
@@ -1,4 +1,4 @@
1
- require "forwardable"
1
+ require "forwardable" unless defined?(Forwardable)
2
2
  require "inspec/utils/filter_array"
3
3
  require "inspec/utils/filter"
4
4
  require "inspec/utils/parser"
@@ -20,7 +20,7 @@ module Inspec::Resources
20
20
  # { 'name' => 'row2', 'col1' => 'value3', 'col2' => 'value4' }
21
21
  # ]
22
22
  def parse(content)
23
- require "csv"
23
+ require "csv" unless defined?(CSV)
24
24
 
25
25
  # convert empty field to nil
26
26
  CSV::Converters[:blank_to_nil] = lambda do |field|
@@ -1,4 +1,4 @@
1
- require "openssl"
1
+ require "openssl" unless defined?(OpenSSL)
2
2
  require "inspec/utils/file_reader"
3
3
 
4
4
  module Inspec::Resources
@@ -1,6 +1,6 @@
1
1
  # copyright: 2015, Vulcano Security GmbH
2
2
 
3
- require "shellwords"
3
+ require "shellwords" unless defined?(Shellwords)
4
4
  require "inspec/utils/parser"
5
5
 
6
6
  module Inspec::Resources
@@ -3,7 +3,7 @@
3
3
  # license: Apache v2
4
4
 
5
5
  require "inspec/resources/command"
6
- require "faraday"
6
+ require "faraday" unless defined?(Faraday)
7
7
  require "faraday_middleware"
8
8
  require "hashie"
9
9
 
@@ -1,2 +1,2 @@
1
1
  # This is just here to make the dynamic loader happy.
2
- require "inspec/resources/iis_website.rb"
2
+ require "inspec/resources/iis_website"
@@ -24,7 +24,7 @@ module Inspec::Resources
24
24
  .install_filter_methods_on_resource(self, :scan_interfaces)
25
25
 
26
26
  def ipv4_address
27
- require "ipaddr"
27
+ require "ipaddr" unless defined?(IPAddr)
28
28
 
29
29
  # Loop over interface names
30
30
  # Select those that are up and have an ipv4 address
@@ -48,7 +48,7 @@ module Inspec::Resources
48
48
  # @return [Object] the value stored at this position
49
49
  def method_missing(*keys)
50
50
  # catch bahavior of rspec its implementation
51
- # @see https://github.com/rspec/rspec-its/blob/master/lib/rspec/its.rb#L110
51
+ # @see https://github.com/rspec/rspec-its/blob/v1.2.0/lib/rspec/its.rb#L110
52
52
  keys.shift if keys.is_a?(Array) && keys[0] == :[]
53
53
  value(keys)
54
54
  end
@@ -66,7 +66,7 @@ module Inspec::Resources
66
66
  private
67
67
 
68
68
  def parse(content)
69
- require "json"
69
+ require "json" unless defined?(JSON)
70
70
  JSON.parse(content)
71
71
  rescue => e
72
72
  raise Inspec::Exceptions::ResourceFailed, "Unable to parse JSON: #{e.message}"
@@ -1,4 +1,4 @@
1
- require "openssl"
1
+ require "openssl" unless defined?(OpenSSL)
2
2
  require "hashie/mash"
3
3
  require "inspec/utils/file_reader"
4
4
  require "inspec/utils/pkey_reader"
@@ -12,6 +12,10 @@ module Inspec::Resources
12
12
  class MssqlSession < Inspec.resource(1)
13
13
  name "mssql_session"
14
14
  supports platform: "windows"
15
+ supports platform: "darwin"
16
+ supports platform: "debian"
17
+ supports platform: "redhat"
18
+ supports platform: "suse"
15
19
  desc "Use the mssql_session InSpec audit resource to test SQL commands run against a MS Sql Server database."
16
20
  example <<~EXAMPLE
17
21
  # Using SQL authentication
@@ -95,7 +99,7 @@ module Inspec::Resources
95
99
  end
96
100
 
97
101
  def parse_csv_result(cmd)
98
- require "csv"
102
+ require "csv" unless defined?(CSV)
99
103
  table = CSV.parse(cmd.stdout, headers: true)
100
104
 
101
105
  # remove first row, since it will be a seperator line
@@ -1,7 +1,7 @@
1
1
  # copyright: 2015, Vulcano Security GmbH
2
2
 
3
3
  require "inspec/resources/command"
4
- require "shellwords"
4
+ require "shellwords" unless defined?(Shellwords)
5
5
 
6
6
  module Inspec::Resources
7
7
  class Lines
@@ -1,4 +1,4 @@
1
- require "pathname"
1
+ require "pathname" unless defined?(Pathname)
2
2
  require "hashie/mash"
3
3
  require "inspec/resources/command"
4
4
 
@@ -1,7 +1,7 @@
1
1
  require "inspec/utils/nginx_parser"
2
2
  require "inspec/utils/find_files"
3
3
  require "inspec/utils/file_reader"
4
- require "forwardable"
4
+ require "forwardable" unless defined?(Forwardable)
5
5
 
6
6
  # STABILITY: Experimental
7
7
  # This resouce needs a proper interace to the underlying data, which is currently missing.
@@ -54,6 +54,21 @@ module Inspec::Resources
54
54
  "nginx_conf #{@conf_path}"
55
55
  end
56
56
 
57
+ def method_missing(name)
58
+ return super if name.to_s.match?(/^to_/)
59
+
60
+ v = params[name.to_s]
61
+ return v.flatten unless v.nil?
62
+
63
+ nil
64
+ end
65
+
66
+ def respond_to_missing?(name, include_all = false)
67
+ return super if name.to_s.match?(/^to_/)
68
+
69
+ true
70
+ end
71
+
57
72
  private
58
73
 
59
74
  def read_content(path)
@@ -175,6 +190,18 @@ module Inspec::Resources
175
190
  end
176
191
  alias inspect to_s
177
192
 
193
+ def method_missing(name)
194
+ return super if name.to_s.match?(/^to_/)
195
+
196
+ (@params[name.to_s] || []).flatten
197
+ end
198
+
199
+ def respond_to_missing?(name, include_all = false)
200
+ return super if name.to_s.match?(/^to_/)
201
+
202
+ true
203
+ end
204
+
178
205
  private
179
206
 
180
207
  def server_table
@@ -207,6 +234,18 @@ module Inspec::Resources
207
234
  end
208
235
  alias inspect to_s
209
236
 
237
+ def method_missing(name)
238
+ return super if name.to_s.match?(/^to_/)
239
+
240
+ (@params[name.to_s] || []).flatten
241
+ end
242
+
243
+ def respond_to_missing?(name, include_all = false)
244
+ return super if name.to_s.match?(/^to_/)
245
+
246
+ true
247
+ end
248
+
210
249
  private
211
250
 
212
251
  def location_table
@@ -1,5 +1,5 @@
1
1
  require "inspec/resources/command"
2
- require "shellwords"
2
+ require "shellwords" unless defined?(Shellwords)
3
3
 
4
4
  module Inspec::Resources
5
5
  class NpmPackage < Inspec.resource(1)
@@ -1,7 +1,7 @@
1
1
  require "inspec/resources/command"
2
2
  require "inspec/utils/database_helpers"
3
3
  require "hashie/mash"
4
- require "csv"
4
+ require "csv" unless defined?(CSV)
5
5
 
6
6
  module Inspec::Resources
7
7
  # STABILITY: Experimental
@@ -48,7 +48,7 @@ module Inspec::Resources
48
48
  format_options = "set sqlformat csv\nSET FEEDBACK OFF"
49
49
  else
50
50
  @bin = "#{@sqlplus_bin} -S"
51
- format_options = "SET MARKUP CSV ON\nSET PAGESIZE 32000\nSET FEEDBACK OFF"
51
+ format_options = "SET PAGESIZE 32000\nSET FEEDBACK OFF\nSET UNDERLINE OFF"
52
52
  end
53
53
 
54
54
  command = command_builder(format_options, sql)
@@ -55,8 +55,11 @@ module Inspec::Resources
55
55
  read_params unless @content.nil?
56
56
  end
57
57
 
58
- def method_missing(name)
59
- read_params[name.to_s]
58
+ def method_missing(*name)
59
+ # catch bahavior of rspec its implementation
60
+ # @see https://github.com/rspec/rspec-its/blob/v1.2.0/lib/rspec/its.rb#L110
61
+ name.shift if name.is_a?(Array) && name[0] == :[]
62
+ read_params[name[0].to_s]
60
63
  end
61
64
 
62
65
  def params(*opts)
@@ -1,6 +1,6 @@
1
1
  require "inspec/utils/parser"
2
2
  require "inspec/utils/filter"
3
- require "ipaddr"
3
+ require "ipaddr" unless defined?(IPAddr)
4
4
 
5
5
  # TODO: currently we return local ip only
6
6
  # TODO: improve handling of same port on multiple interfaces
@@ -1,6 +1,6 @@
1
1
  # copyright: 2015, Vulcano Security GmbH
2
2
 
3
- require "shellwords"
3
+ require "shellwords" unless defined?(Shellwords)
4
4
 
5
5
  module Inspec::Resources
6
6
  class Lines
@@ -1,2 +1,2 @@
1
1
  # This is just here to make the dynamic loader happy.
2
- require "inspec/resources/apt.rb"
2
+ require "inspec/resources/apt"
@@ -1,7 +1,7 @@
1
1
  # copyright: 2015, Vulcano Security GmbH
2
2
 
3
3
  require "inspec/utils/filter"
4
- require "ostruct"
4
+ require "ostruct" unless defined?(OpenStruct)
5
5
  require "inspec/resources/command"
6
6
 
7
7
  module Inspec::Resources
@@ -1,2 +1,2 @@
1
1
  # This is just here to make the dynamic loader happy.
2
- require "inspec/resources/rabbitmq_config.rb"
2
+ require "inspec/resources/rabbitmq_config"
@@ -1,6 +1,6 @@
1
1
  # copyright: 2015, Vulcano Security GmbH
2
2
 
3
- require "json"
3
+ require "json" unless defined?(JSON)
4
4
  require "inspec/resources/powershell"
5
5
 
6
6
  # Three constructor methods are available:
@@ -7,6 +7,7 @@ module Inspec::Resources
7
7
  class SshConfig < Inspec.resource(1)
8
8
  name "ssh_config"
9
9
  supports platform: "unix"
10
+ supports platform: "windows"
10
11
  desc "Use the `ssh_config` InSpec audit resource to test OpenSSH client configuration data located at `/etc/ssh/ssh_config` on Linux and Unix platforms."
11
12
  example <<~EXAMPLE
12
13
  describe ssh_config do
@@ -19,7 +20,7 @@ module Inspec::Resources
19
20
  include FileReader
20
21
 
21
22
  def initialize(conf_path = nil, type = nil)
22
- @conf_path = conf_path || "/etc/ssh/ssh_config"
23
+ @conf_path = conf_path || ssh_config_file("ssh_config")
23
24
  typename = (@conf_path.include?("sshd") ? "Server" : "Client")
24
25
  @type = type || "SSH #{typename} configuration #{conf_path}"
25
26
  read_content
@@ -75,11 +76,21 @@ module Inspec::Resources
75
76
  )
76
77
  @params = convert_hash(conf.params)
77
78
  end
79
+
80
+ def ssh_config_file(type)
81
+ if inspec.os.windows?
82
+ programdata = inspec.os_env("programdata").content
83
+ return "#{programdata}\\ssh\\#{type}"
84
+ end
85
+
86
+ "/etc/ssh/#{type}"
87
+ end
78
88
  end
79
89
 
80
90
  class SshdConfig < SshConfig
81
91
  name "sshd_config"
82
92
  supports platform: "unix"
93
+ supports platform: "windows"
83
94
  desc "Use the sshd_config InSpec audit resource to test configuration data for the Open SSH daemon located at /etc/ssh/sshd_config on Linux and UNIX platforms. sshd---the Open SSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command execution, and data exchanges."
84
95
  example <<~EXAMPLE
85
96
  describe sshd_config do
@@ -88,11 +99,22 @@ module Inspec::Resources
88
99
  EXAMPLE
89
100
 
90
101
  def initialize(path = nil)
91
- super(path || "/etc/ssh/sshd_config")
102
+ super(path || ssh_config_file("sshd_config"))
92
103
  end
93
104
 
94
105
  def to_s
95
106
  "SSHD Configuration"
96
107
  end
108
+
109
+ private
110
+
111
+ def ssh_config_file(type)
112
+ if inspec.os.windows?
113
+ programdata = inspec.os_env("programdata").content
114
+ return "#{programdata}\\ssh\\#{type}"
115
+ end
116
+
117
+ "/etc/ssh/#{type}"
118
+ end
97
119
  end
98
120
  end
@@ -1,2 +1,2 @@
1
1
  # This is just here to make the dynamic loader happy.
2
- require "inspec/resources/ssh_config.rb"
2
+ require "inspec/resources/ssh_config"
@@ -1,8 +1,8 @@
1
1
  # copyright: 2015, Chef Software Inc.
2
2
 
3
- require "sslshake"
3
+ require "sslshake" unless defined?(SSLShake)
4
4
  require "inspec/utils/filter"
5
- require "uri"
5
+ require "uri" unless defined?(URI)
6
6
  require "parallel"
7
7
 
8
8
  # Custom resource based on the InSpec resource DSL
@@ -1,4 +1,4 @@
1
- require "tomlrb"
1
+ require "tomlrb" unless defined?(Tomlrb)
2
2
  require "inspec/resources/json"
3
3
 
4
4
  module Inspec::Resources
@@ -1,5 +1,5 @@
1
1
  require "inspec/resources/powershell"
2
- require "securerandom"
2
+ require "securerandom" unless defined?(SecureRandom)
3
3
 
4
4
  module Inspec::Resources
5
5
  # This resource allows users to run vbscript on windows machines. We decided
@@ -1,2 +1,2 @@
1
1
  # This is just here to make the dynamic loader happy.
2
- require "inspec/resources/registry_key.rb"
2
+ require "inspec/resources/registry_key"
@@ -39,7 +39,7 @@ module Inspec::Resources
39
39
  # returns nil, if not existant or value
40
40
  def method_missing(*keys)
41
41
  # catch behavior of rspec its implementation
42
- # @see https://github.com/rspec/rspec-its/blob/master/lib/rspec/its.rb#L110
42
+ # @see https://github.com/rspec/rspec-its/blob/v1.2.0/lib/rspec/its.rb#L110
43
43
  keys.shift if keys.is_a?(Array) && keys[0] == :[]
44
44
 
45
45
  # map all symbols to strings
@@ -1,4 +1,4 @@
1
- require "openssl"
1
+ require "openssl" unless defined?(OpenSSL)
2
2
  require "hashie/mash"
3
3
  require "inspec/utils/file_reader"
4
4