inspec-core 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +139 -140
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
@@ -1,6 +1,4 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require 'json'
|
1
|
+
require "json"
|
4
2
|
|
5
3
|
module Inspec::Reporters
|
6
4
|
class Json < Base
|
@@ -26,7 +24,7 @@ module Inspec::Reporters
|
|
26
24
|
name: run_data[:platform][:name],
|
27
25
|
release: run_data[:platform][:release],
|
28
26
|
}
|
29
|
-
platform[:target_id] = @config[
|
27
|
+
platform[:target_id] = @config["target_id"] if @config["target_id"]
|
30
28
|
platform
|
31
29
|
end
|
32
30
|
|
@@ -1,13 +1,11 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
|
3
1
|
module Inspec::Reporters
|
4
2
|
class Junit < Base
|
5
3
|
def render
|
6
|
-
require
|
4
|
+
require "rexml/document"
|
7
5
|
xml_output = REXML::Document.new
|
8
6
|
xml_output.add(REXML::XMLDecl.new)
|
9
7
|
|
10
|
-
testsuites = REXML::Element.new(
|
8
|
+
testsuites = REXML::Element.new("testsuites")
|
11
9
|
xml_output.add(testsuites)
|
12
10
|
|
13
11
|
run_data[:profiles].each do |profile|
|
@@ -16,18 +14,18 @@ module Inspec::Reporters
|
|
16
14
|
|
17
15
|
formatter = REXML::Formatters::Pretty.new
|
18
16
|
formatter.compact = true
|
19
|
-
output(formatter.write(xml_output.xml_decl,
|
20
|
-
output(formatter.write(xml_output.root,
|
17
|
+
output(formatter.write(xml_output.xml_decl, ""))
|
18
|
+
output(formatter.write(xml_output.root, ""))
|
21
19
|
end
|
22
20
|
|
23
21
|
private
|
24
22
|
|
25
23
|
def build_profile_xml(profile)
|
26
|
-
profile_xml = REXML::Element.new(
|
27
|
-
profile_xml.add_attribute(
|
28
|
-
profile_xml.add_attribute(
|
29
|
-
profile_xml.add_attribute(
|
30
|
-
profile_xml.add_attribute(
|
24
|
+
profile_xml = REXML::Element.new("testsuite")
|
25
|
+
profile_xml.add_attribute("name", profile[:name])
|
26
|
+
profile_xml.add_attribute("tests", count_profile_tests(profile))
|
27
|
+
profile_xml.add_attribute("failed", count_profile_failed_tests(profile))
|
28
|
+
profile_xml.add_attribute("failures", count_profile_failed_tests(profile))
|
31
29
|
|
32
30
|
profile[:controls].each do |control|
|
33
31
|
next if control[:results].nil?
|
@@ -41,39 +39,39 @@ module Inspec::Reporters
|
|
41
39
|
end
|
42
40
|
|
43
41
|
def build_result_xml(profile_name, control, result)
|
44
|
-
result_xml = REXML::Element.new(
|
45
|
-
result_xml.add_attribute(
|
46
|
-
result_xml.add_attribute(
|
47
|
-
result_xml.add_attribute(
|
48
|
-
result_xml.add_attribute(
|
42
|
+
result_xml = REXML::Element.new("testcase")
|
43
|
+
result_xml.add_attribute("name", result[:code_desc])
|
44
|
+
result_xml.add_attribute("classname", control[:title].nil? ? "#{profile_name}.Anonymous" : "#{profile_name}.#{control[:id]}")
|
45
|
+
result_xml.add_attribute("target", run_data[:platform][:target].nil? ? "" : run_data[:platform][:target].to_s)
|
46
|
+
result_xml.add_attribute("time", result[:run_time])
|
49
47
|
|
50
|
-
if result[:status] ==
|
51
|
-
failure_element = REXML::Element.new(
|
52
|
-
failure_element.add_attribute(
|
48
|
+
if result[:status] == "failed"
|
49
|
+
failure_element = REXML::Element.new("failure")
|
50
|
+
failure_element.add_attribute("message", result[:message])
|
53
51
|
result_xml.add(failure_element)
|
54
|
-
elsif result[:status] ==
|
55
|
-
result_xml.add_element(
|
52
|
+
elsif result[:status] == "skipped"
|
53
|
+
result_xml.add_element("skipped")
|
56
54
|
end
|
57
55
|
|
58
56
|
result_xml
|
59
57
|
end
|
60
58
|
|
61
59
|
def count_profile_tests(profile)
|
62
|
-
profile[:controls].reduce(0)
|
60
|
+
profile[:controls].reduce(0) do |acc, elem|
|
63
61
|
acc + (elem[:results].nil? ? 0 : elem[:results].count)
|
64
|
-
|
62
|
+
end
|
65
63
|
end
|
66
64
|
|
67
65
|
def count_profile_failed_tests(profile)
|
68
|
-
profile[:controls].reduce(0)
|
66
|
+
profile[:controls].reduce(0) do |acc, elem|
|
69
67
|
if elem[:results].nil?
|
70
68
|
acc
|
71
69
|
else
|
72
|
-
acc + elem[:results].reduce(0)
|
73
|
-
test_case[:status] ==
|
74
|
-
|
70
|
+
acc + elem[:results].reduce(0) do |fail_test_total, test_case|
|
71
|
+
test_case[:status] == "failed" ? fail_test_total + 1 : fail_test_total
|
72
|
+
end
|
75
73
|
end
|
76
|
-
|
74
|
+
end
|
77
75
|
end
|
78
76
|
end
|
79
77
|
end
|
data/lib/inspec/resource.rb
CHANGED
@@ -1,8 +1,6 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# copyright: 2015, Vulcano Security GmbH
|
3
|
-
|
4
|
-
#
|
5
|
-
require 'inspec/plugin/v1'
|
2
|
+
require "inspec/plugin/v1"
|
3
|
+
require "inspec/utils/deprecation/global_method" # for resources
|
6
4
|
|
7
5
|
module Inspec
|
8
6
|
class ProfileNotFound < StandardError; end
|
@@ -78,128 +76,9 @@ module Inspec
|
|
78
76
|
end
|
79
77
|
|
80
78
|
def self.validate_resource_dsl_version!(version)
|
81
|
-
raise
|
79
|
+
raise "Only resource version 1 is supported!" if version != 1
|
82
80
|
end
|
83
81
|
end
|
84
82
|
|
85
83
|
# Many resources use FilterTable.
|
86
|
-
require
|
87
|
-
|
88
|
-
# Detect if we are running the stripped-down inspec-core
|
89
|
-
# This relies on AWS being stripped from the inspec-core gem
|
90
|
-
inspec_core_only = !File.exist?(File.join(File.dirname(__FILE__), '..', 'resource_support', 'aws.rb'))
|
91
|
-
|
92
|
-
# Do not attempt to load cloud resources if we are in inspec-core mode
|
93
|
-
unless inspec_core_only
|
94
|
-
require 'resource_support/aws'
|
95
|
-
require 'resources/azure/azure_backend.rb'
|
96
|
-
require 'resources/azure/azure_generic_resource.rb'
|
97
|
-
require 'resources/azure/azure_resource_group.rb'
|
98
|
-
require 'resources/azure/azure_virtual_machine.rb'
|
99
|
-
require 'resources/azure/azure_virtual_machine_data_disk.rb'
|
100
|
-
end
|
101
|
-
|
102
|
-
require 'resources/aide_conf'
|
103
|
-
require 'resources/apache'
|
104
|
-
require 'resources/apache_conf'
|
105
|
-
require 'resources/apt'
|
106
|
-
require 'resources/audit_policy'
|
107
|
-
require 'resources/auditd'
|
108
|
-
require 'resources/auditd_conf'
|
109
|
-
require 'resources/bash'
|
110
|
-
require 'resources/bond'
|
111
|
-
require 'resources/bridge'
|
112
|
-
require 'resources/chocolatey_package'
|
113
|
-
require 'resources/command'
|
114
|
-
require 'resources/cran'
|
115
|
-
require 'resources/cpan'
|
116
|
-
require 'resources/crontab'
|
117
|
-
require 'resources/dh_params'
|
118
|
-
require 'resources/directory'
|
119
|
-
require 'resources/docker'
|
120
|
-
require 'resources/docker_container'
|
121
|
-
require 'resources/docker_image'
|
122
|
-
require 'resources/docker_plugin'
|
123
|
-
require 'resources/docker_service'
|
124
|
-
require 'resources/elasticsearch'
|
125
|
-
require 'resources/etc_fstab'
|
126
|
-
require 'resources/etc_group'
|
127
|
-
require 'resources/etc_hosts_allow_deny'
|
128
|
-
require 'resources/etc_hosts'
|
129
|
-
require 'resources/file'
|
130
|
-
require 'resources/filesystem'
|
131
|
-
require 'resources/firewalld'
|
132
|
-
require 'resources/gem'
|
133
|
-
require 'resources/groups'
|
134
|
-
require 'resources/grub_conf'
|
135
|
-
require 'resources/host'
|
136
|
-
require 'resources/http'
|
137
|
-
require 'resources/iis_app'
|
138
|
-
require 'resources/iis_app_pool'
|
139
|
-
require 'resources/iis_site'
|
140
|
-
require 'resources/inetd_conf'
|
141
|
-
require 'resources/interface'
|
142
|
-
require 'resources/iptables'
|
143
|
-
require 'resources/json'
|
144
|
-
require 'resources/kernel_module'
|
145
|
-
require 'resources/kernel_parameter'
|
146
|
-
require 'resources/key_rsa'
|
147
|
-
require 'resources/ksh'
|
148
|
-
require 'resources/limits_conf'
|
149
|
-
require 'resources/login_def'
|
150
|
-
require 'resources/mount'
|
151
|
-
require 'resources/mssql_session'
|
152
|
-
require 'resources/mysql'
|
153
|
-
require 'resources/mysql_conf'
|
154
|
-
require 'resources/mysql_session'
|
155
|
-
require 'resources/nginx'
|
156
|
-
require 'resources/nginx_conf'
|
157
|
-
require 'resources/npm'
|
158
|
-
require 'resources/ntp_conf'
|
159
|
-
require 'resources/oneget'
|
160
|
-
require 'resources/oracledb_session'
|
161
|
-
require 'resources/os'
|
162
|
-
require 'resources/os_env'
|
163
|
-
require 'resources/package'
|
164
|
-
require 'resources/packages'
|
165
|
-
require 'resources/parse_config'
|
166
|
-
require 'resources/passwd'
|
167
|
-
require 'resources/pip'
|
168
|
-
require 'resources/platform'
|
169
|
-
require 'resources/port'
|
170
|
-
require 'resources/postgres'
|
171
|
-
require 'resources/postgres_conf'
|
172
|
-
require 'resources/postgres_hba_conf'
|
173
|
-
require 'resources/postgres_ident_conf'
|
174
|
-
require 'resources/postgres_session'
|
175
|
-
require 'resources/powershell'
|
176
|
-
require 'resources/processes'
|
177
|
-
require 'resources/rabbitmq_conf'
|
178
|
-
require 'resources/registry_key'
|
179
|
-
require 'resources/security_identifier'
|
180
|
-
require 'resources/security_policy'
|
181
|
-
require 'resources/service'
|
182
|
-
require 'resources/shadow'
|
183
|
-
require 'resources/ssh_conf'
|
184
|
-
require 'resources/ssl'
|
185
|
-
require 'resources/sys_info'
|
186
|
-
require 'resources/toml'
|
187
|
-
require 'resources/users'
|
188
|
-
require 'resources/vbscript'
|
189
|
-
require 'resources/virtualization'
|
190
|
-
require 'resources/windows_feature'
|
191
|
-
require 'resources/windows_hotfix'
|
192
|
-
require 'resources/windows_task'
|
193
|
-
require 'resources/wmi'
|
194
|
-
require 'resources/x509_certificate'
|
195
|
-
require 'resources/xinetd'
|
196
|
-
require 'resources/yum'
|
197
|
-
require 'resources/zfs_dataset'
|
198
|
-
require 'resources/zfs_pool'
|
199
|
-
|
200
|
-
# file formats, depend on json implementation
|
201
|
-
require 'resources/json'
|
202
|
-
require 'resources/yaml'
|
203
|
-
require 'resources/csv'
|
204
|
-
require 'resources/ini'
|
205
|
-
require 'resources/xml'
|
84
|
+
require "inspec/utils/filter"
|
@@ -0,0 +1,121 @@
|
|
1
|
+
require "inspec/resource"
|
2
|
+
|
3
|
+
# Detect if we are running the stripped-down inspec-core
|
4
|
+
# This relies on AWS being stripped from the inspec-core gem
|
5
|
+
inspec_core_only = ENV["NO_AWS"] || !File.exist?(File.join(File.dirname(__FILE__), "..", "resource_support", "aws.rb"))
|
6
|
+
|
7
|
+
require "rspec/matchers"
|
8
|
+
|
9
|
+
# Do not attempt to load cloud resources if we are in inspec-core mode
|
10
|
+
unless inspec_core_only
|
11
|
+
require "resource_support/aws"
|
12
|
+
require "resources/azure/azure_backend.rb"
|
13
|
+
require "resources/azure/azure_generic_resource.rb"
|
14
|
+
require "resources/azure/azure_resource_group.rb"
|
15
|
+
require "resources/azure/azure_virtual_machine.rb"
|
16
|
+
require "resources/azure/azure_virtual_machine_data_disk.rb"
|
17
|
+
end
|
18
|
+
|
19
|
+
require "inspec/resources/aide_conf"
|
20
|
+
require "inspec/resources/apache"
|
21
|
+
require "inspec/resources/apache_conf"
|
22
|
+
require "inspec/resources/apt"
|
23
|
+
require "inspec/resources/audit_policy"
|
24
|
+
require "inspec/resources/auditd"
|
25
|
+
require "inspec/resources/auditd_conf"
|
26
|
+
require "inspec/resources/bash"
|
27
|
+
require "inspec/resources/bond"
|
28
|
+
require "inspec/resources/bridge"
|
29
|
+
require "inspec/resources/chocolatey_package"
|
30
|
+
require "inspec/resources/command"
|
31
|
+
require "inspec/resources/cran"
|
32
|
+
require "inspec/resources/cpan"
|
33
|
+
require "inspec/resources/crontab"
|
34
|
+
require "inspec/resources/dh_params"
|
35
|
+
require "inspec/resources/directory"
|
36
|
+
require "inspec/resources/docker"
|
37
|
+
require "inspec/resources/docker_container"
|
38
|
+
require "inspec/resources/docker_image"
|
39
|
+
require "inspec/resources/docker_plugin"
|
40
|
+
require "inspec/resources/docker_service"
|
41
|
+
require "inspec/resources/elasticsearch"
|
42
|
+
require "inspec/resources/etc_fstab"
|
43
|
+
require "inspec/resources/etc_group"
|
44
|
+
require "inspec/resources/etc_hosts_allow_deny"
|
45
|
+
require "inspec/resources/etc_hosts"
|
46
|
+
require "inspec/resources/file"
|
47
|
+
require "inspec/resources/filesystem"
|
48
|
+
require "inspec/resources/firewalld"
|
49
|
+
require "inspec/resources/gem"
|
50
|
+
require "inspec/resources/groups"
|
51
|
+
require "inspec/resources/grub_conf"
|
52
|
+
require "inspec/resources/host"
|
53
|
+
require "inspec/resources/http"
|
54
|
+
require "inspec/resources/iis_app"
|
55
|
+
require "inspec/resources/iis_app_pool"
|
56
|
+
require "inspec/resources/iis_site"
|
57
|
+
require "inspec/resources/inetd_conf"
|
58
|
+
require "inspec/resources/interface"
|
59
|
+
require "inspec/resources/iptables"
|
60
|
+
require "inspec/resources/kernel_module"
|
61
|
+
require "inspec/resources/kernel_parameter"
|
62
|
+
require "inspec/resources/key_rsa"
|
63
|
+
require "inspec/resources/ksh"
|
64
|
+
require "inspec/resources/limits_conf"
|
65
|
+
require "inspec/resources/login_defs"
|
66
|
+
require "inspec/resources/mount"
|
67
|
+
require "inspec/resources/mssql_session"
|
68
|
+
require "inspec/resources/mysql"
|
69
|
+
require "inspec/resources/mysql_conf"
|
70
|
+
require "inspec/resources/mysql_session"
|
71
|
+
require "inspec/resources/nginx"
|
72
|
+
require "inspec/resources/nginx_conf"
|
73
|
+
require "inspec/resources/npm"
|
74
|
+
require "inspec/resources/ntp_conf"
|
75
|
+
require "inspec/resources/oneget"
|
76
|
+
require "inspec/resources/oracledb_session"
|
77
|
+
require "inspec/resources/os"
|
78
|
+
require "inspec/resources/os_env"
|
79
|
+
require "inspec/resources/package"
|
80
|
+
require "inspec/resources/packages"
|
81
|
+
require "inspec/resources/parse_config"
|
82
|
+
require "inspec/resources/passwd"
|
83
|
+
require "inspec/resources/pip"
|
84
|
+
require "inspec/resources/platform"
|
85
|
+
require "inspec/resources/port"
|
86
|
+
require "inspec/resources/postgres"
|
87
|
+
require "inspec/resources/postgres_conf"
|
88
|
+
require "inspec/resources/postgres_hba_conf"
|
89
|
+
require "inspec/resources/postgres_ident_conf"
|
90
|
+
require "inspec/resources/postgres_session"
|
91
|
+
require "inspec/resources/powershell"
|
92
|
+
require "inspec/resources/processes"
|
93
|
+
require "inspec/resources/rabbitmq_config"
|
94
|
+
require "inspec/resources/registry_key"
|
95
|
+
require "inspec/resources/security_identifier"
|
96
|
+
require "inspec/resources/security_policy"
|
97
|
+
require "inspec/resources/service"
|
98
|
+
require "inspec/resources/shadow"
|
99
|
+
require "inspec/resources/ssh_config"
|
100
|
+
require "inspec/resources/ssl"
|
101
|
+
require "inspec/resources/sys_info"
|
102
|
+
require "inspec/resources/toml"
|
103
|
+
require "inspec/resources/users"
|
104
|
+
require "inspec/resources/vbscript"
|
105
|
+
require "inspec/resources/virtualization"
|
106
|
+
require "inspec/resources/windows_feature"
|
107
|
+
require "inspec/resources/windows_hotfix"
|
108
|
+
require "inspec/resources/windows_task"
|
109
|
+
require "inspec/resources/wmi"
|
110
|
+
require "inspec/resources/x509_certificate"
|
111
|
+
require "inspec/resources/xinetd_conf"
|
112
|
+
require "inspec/resources/yum"
|
113
|
+
require "inspec/resources/zfs_dataset"
|
114
|
+
require "inspec/resources/zfs_pool"
|
115
|
+
|
116
|
+
# file formats, depend on json implementation
|
117
|
+
require "inspec/resources/json"
|
118
|
+
require "inspec/resources/yaml"
|
119
|
+
require "inspec/resources/csv"
|
120
|
+
require "inspec/resources/ini"
|
121
|
+
require "inspec/resources/xml"
|
@@ -1,12 +1,11 @@
|
|
1
|
-
|
1
|
+
require "inspec/utils/filter"
|
2
|
+
require "inspec/utils/parser"
|
3
|
+
require "inspec/utils/file_reader"
|
2
4
|
|
3
|
-
require 'utils/filter'
|
4
|
-
require 'utils/parser'
|
5
|
-
require 'utils/file_reader'
|
6
5
|
module Inspec::Resources
|
7
6
|
class AideConf < Inspec.resource(1)
|
8
|
-
name
|
9
|
-
supports platform:
|
7
|
+
name "aide_conf"
|
8
|
+
supports platform: "unix"
|
10
9
|
desc 'Use the aide_conf InSpec audit resource to test the rules established for
|
11
10
|
the file integrity tool AIDE. Controlled by the aide.conf file typically at /etc/aide.conf.'
|
12
11
|
example <<~EXAMPLE
|
@@ -29,7 +28,7 @@ module Inspec::Resources
|
|
29
28
|
include FileReader
|
30
29
|
|
31
30
|
def initialize(aide_conf_path = nil)
|
32
|
-
@conf_path = aide_conf_path ||
|
31
|
+
@conf_path = aide_conf_path || "/etc/aide.conf"
|
33
32
|
@content = nil
|
34
33
|
@rules = nil
|
35
34
|
read_content
|
@@ -39,13 +38,13 @@ module Inspec::Resources
|
|
39
38
|
# Case when file didn't exist or perms didn't allow an open
|
40
39
|
return false if @content.nil?
|
41
40
|
|
42
|
-
lines = @params.reject { |line| line[
|
41
|
+
lines = @params.reject { |line| line["rules"].include? rule }
|
43
42
|
lines.empty?
|
44
43
|
end
|
45
44
|
|
46
45
|
filter = FilterTable.create
|
47
|
-
filter.register_column(:selection_lines, field:
|
48
|
-
.register_column(:rules, field:
|
46
|
+
filter.register_column(:selection_lines, field: "selection_line")
|
47
|
+
.register_column(:rules, field: "rules")
|
49
48
|
|
50
49
|
filter.install_filter_methods_on_resource(self, :params)
|
51
50
|
|
@@ -65,7 +64,7 @@ module Inspec::Resources
|
|
65
64
|
def filter_comments(data)
|
66
65
|
content = []
|
67
66
|
data.each do |line|
|
68
|
-
content_line, = parse_comment_line(line, comment_char:
|
67
|
+
content_line, = parse_comment_line(line, comment_char: "#", standalone_comments: false)
|
69
68
|
content.push(content_line)
|
70
69
|
end
|
71
70
|
content
|
@@ -75,7 +74,7 @@ module Inspec::Resources
|
|
75
74
|
params = []
|
76
75
|
content.each do |line|
|
77
76
|
param = parse_line(line)
|
78
|
-
if !param[
|
77
|
+
if !param["selection_line"].nil?
|
79
78
|
params.push(param)
|
80
79
|
end
|
81
80
|
end
|
@@ -85,19 +84,19 @@ module Inspec::Resources
|
|
85
84
|
def parse_line(line)
|
86
85
|
line_and_rules = {}
|
87
86
|
# Case when line is a rule line
|
88
|
-
if line.include?(
|
87
|
+
if line.include?(" = ")
|
89
88
|
parse_rule_line(line)
|
90
89
|
# Case when line is a selection line
|
91
|
-
elsif line.start_with?(
|
90
|
+
elsif line.start_with?("/", "!", "=")
|
92
91
|
line_and_rules = parse_selection_line(line)
|
93
92
|
end
|
94
93
|
line_and_rules
|
95
94
|
end
|
96
95
|
|
97
96
|
def parse_rule_line(line)
|
98
|
-
line.gsub!(/\s+/,
|
99
|
-
rule_line_arr = line.split(
|
100
|
-
rules_list = rule_line_arr.last.split(
|
97
|
+
line.gsub!(/\s+/, "")
|
98
|
+
rule_line_arr = line.split("=")
|
99
|
+
rules_list = rule_line_arr.last.split("+")
|
101
100
|
rule_name = rule_line_arr.first
|
102
101
|
rules_list.each_index do |i|
|
103
102
|
# Cases where rule respresents one or more other rules
|
@@ -110,10 +109,10 @@ module Inspec::Resources
|
|
110
109
|
end
|
111
110
|
|
112
111
|
def parse_selection_line(line)
|
113
|
-
selec_line_arr = line.split(
|
112
|
+
selec_line_arr = line.split(" ")
|
114
113
|
selection_line = selec_line_arr.first
|
115
|
-
selection_line.chop! if selection_line.end_with?(
|
116
|
-
rule_list = selec_line_arr.last.split(
|
114
|
+
selection_line.chop! if selection_line.end_with?("/")
|
115
|
+
rule_list = selec_line_arr.last.split("+")
|
117
116
|
rule_list.each_index do |i|
|
118
117
|
hash_list = @rules[rule_list[i]]
|
119
118
|
# Cases where rule respresents one or more other rules
|
@@ -124,8 +123,8 @@ module Inspec::Resources
|
|
124
123
|
end
|
125
124
|
rule_list.flatten!
|
126
125
|
{
|
127
|
-
|
128
|
-
|
126
|
+
"selection_line" => selection_line,
|
127
|
+
"rules" => rule_list,
|
129
128
|
}
|
130
129
|
end
|
131
130
|
|
@@ -136,11 +135,11 @@ module Inspec::Resources
|
|
136
135
|
grow_log_rules = %w{p l u g i n S}
|
137
136
|
|
138
137
|
case rule_list[i]
|
139
|
-
when
|
138
|
+
when "R"
|
140
139
|
return r_rules
|
141
|
-
when
|
140
|
+
when "L"
|
142
141
|
return l_rules
|
143
|
-
when
|
142
|
+
when ">"
|
144
143
|
return grow_log_rules
|
145
144
|
end
|
146
145
|
rule_list[i]
|