inspec-core 4.3.2 → 4.6.3

data/lib/{resources → inspec/resources}/apache.rb

@@ -1,11 +1,10 @@
-# encoding: utf-8
 # copyright: 2015, Vulcano Security GmbH
 
 module Inspec::Resources
   class Apache < Inspec.resource(1)
-    name 'apache'
-    supports platform: 'unix'
-    desc 'Use the apache InSpec audit resource to retrieve Apache environment settings.'
+    name "apache"
+    supports platform: "unix"
+    desc "Use the apache InSpec audit resource to retrieve Apache environment settings."
     example <<~EXAMPLE
       describe apache do
         its ('service') { should cmp 'apache2' }
@@ -26,23 +25,23 @@ module Inspec::Resources
 
     attr_reader :service, :conf_dir, :conf_path, :user
     def initialize
-      Inspec.deprecate(:resource_apache, 'The apache resource is deprecated')
+      Inspec.deprecate(:resource_apache, "The apache resource is deprecated")
 
       if inspec.os.debian?
-        @service = 'apache2'
-        @conf_dir = '/etc/apache2/'
-        @conf_path = File.join @conf_dir, 'apache2.conf'
-        @user = 'www-data'
+        @service = "apache2"
+        @conf_dir = "/etc/apache2/"
+        @conf_path = File.join @conf_dir, "apache2.conf"
+        @user = "www-data"
       else
-        @service = 'httpd'
-        @conf_dir = '/etc/httpd/'
-        @conf_path = File.join @conf_dir, '/conf/httpd.conf'
-        @user = 'apache'
+        @service = "httpd"
+        @conf_dir = "/etc/httpd/"
+        @conf_path = File.join @conf_dir, "/conf/httpd.conf"
+        @user = "apache"
       end
     end
 
     def to_s
-      'Apache Environment'
+      "Apache Environment"
     end
   end
 end

data/lib/{resources → inspec/resources}/apache_conf.rb

@@ -1,16 +1,15 @@
-# encoding: utf-8
 # copyright: 2015, Vulcano Security GmbH
 
-require 'utils/simpleconfig'
-require 'utils/find_files'
-require 'utils/file_reader'
+require "inspec/utils/simpleconfig"
+require "inspec/utils/find_files"
+require "inspec/utils/file_reader"
 
 module Inspec::Resources
   class ApacheConf < Inspec.resource(1)
-    name 'apache_conf'
-    supports platform: 'linux'
-    supports platform: 'debian'
-    desc 'Use the apache_conf InSpec audit resource to test the configuration settings for Apache. This file is typically located under /etc/apache2 on the Debian and Ubuntu platforms and under /etc/httpd on the Fedora, CentOS, Red Hat Enterprise Linux, and Arch Linux platforms. The configuration settings may vary significantly from platform to platform.'
+    name "apache_conf"
+    supports platform: "linux"
+    supports platform: "debian"
+    desc "Use the apache_conf InSpec audit resource to test the configuration settings for Apache. This file is typically located under /etc/apache2 on the Debian and Ubuntu platforms and under /etc/httpd on the Fedora, CentOS, Red Hat Enterprise Linux, and Arch Linux platforms. The configuration settings may vary significantly from platform to platform."
     example <<~EXAMPLE
       describe apache_conf do
         its('setting_name') { should eq 'value' }
@@ -52,7 +51,7 @@ module Inspec::Resources
     end
 
     def filter_comments(data)
-      content = ''
+      content = ""
       data.each_line do |line|
         if !line.match(/^\s*#/)
           content << line
@@ -62,7 +61,7 @@ module Inspec::Resources
     end
 
     def read_content
-      @content = ''
+      @content = ""
       @params = {}
 
       read_file_content(conf_path)
@@ -83,7 +82,7 @@ module Inspec::Resources
         params = SimpleConfig.new(
           raw_conf,
           assignment_regex: /^\s*(\S+)\s+['"]*((?=.*\s+$).*?|.*?)['"]*\s*$/,
-          multiple_values: true,
+          multiple_values: true
         ).params
 
         # Capture any characters between quotes that are not escaped in values
@@ -108,14 +107,14 @@ module Inspec::Resources
 
     def include_files(params)
       # see if there is more config files to include
-      include_files = params['Include'] || []
-      include_files_optional = params['IncludeOptional'] || []
+      include_files = params["Include"] || []
+      include_files_optional = params["IncludeOptional"] || []
 
       includes = []
       (include_files + include_files_optional).each do |f|
         id    = Pathname.new(f).absolute? ? f : File.join(conf_dir, f)
-        files = find_files(id, depth: 1, type: 'file')
-        files += find_files(id, depth: 1, type: 'link')
+        files = find_files(id, depth: 1, type: "file")
+        files += find_files(id, depth: 1, type: "link")
 
         includes.push(files) if files
       end
@@ -148,9 +147,9 @@ module Inspec::Resources
 
     def default_conf_path
       if inspec.os.debian?
-        '/etc/apache2/apache2.conf'
+        "/etc/apache2/apache2.conf"
       else
-        '/etc/httpd/conf/httpd.conf'
+        "/etc/httpd/conf/httpd.conf"
       end
     end
   end

data/lib/{resources → inspec/resources}/apt.rb

@@ -1,4 +1,4 @@
-# encoding: utf-8
+require "inspec/resources/command"
 
 # Verifies apt and ppa repositories
 #
@@ -24,13 +24,13 @@
 # apt-get install software-properties-common
 # add-apt-repository ppa:ubuntu-wine/ppa
 
-require 'uri'
+require "uri"
 
 module Inspec::Resources
   class AptRepository < Inspec.resource(1)
-    name 'apt'
-    supports platform: 'unix'
-    desc 'Use the apt InSpec audit resource to verify Apt repositories on the Debian and Ubuntu platforms, and also PPA repositories on the Ubuntu platform.'
+    name "apt"
+    supports platform: "unix"
+    desc "Use the apt InSpec audit resource to verify Apt repositories on the Debian and Ubuntu platforms, and also PPA repositories on the Ubuntu platform."
     example <<~EXAMPLE
       describe apt('nginx/stable') do
         it { should exist }
@@ -45,7 +45,7 @@ module Inspec::Resources
         @deb_url = determine_ppa_url(ppa_name)
       else
         # this resource is only supported on ubuntu and debian
-        skip_resource 'The `apt` resource is not supported on your OS yet.'
+        skip_resource "The `apt` resource is not supported on your OS yet."
       end
     end
 
@@ -67,10 +67,10 @@ module Inspec::Resources
     private
 
     def find_repo
-      read_debs.select { |repo| repo[:url] == @deb_url && repo[:type] == 'deb' }
+      read_debs.select { |repo| repo[:url] == @deb_url && repo[:type] == "deb" }
     end
 
-    HTTP_URL_RE = /\A#{URI::DEFAULT_PARSER.make_regexp(%w{http https})}\z/
+    HTTP_URL_RE = /\A#{URI::DEFAULT_PARSER.make_regexp(%w{http https})}\z/.freeze
 
     # read
     def read_debs
@@ -84,7 +84,7 @@ module Inspec::Resources
         active = true
 
         # detect if the repo is commented out
-        line = raw_line.gsub(/^(#\s*)*/, '')
+        line = raw_line.gsub(/^(#\s*)*/, "")
         active = false if raw_line != line
 
         # eg.: deb http://archive.ubuntu.com/ubuntu/ wily main restricted
@@ -99,10 +99,10 @@ module Inspec::Resources
           type: parse_repo[1],
           url: parse_repo[2],
           distro: parse_repo[3],
-          components: parse_repo[4].chomp.split(' '),
+          components: parse_repo[4].chomp.split(" "),
           active: active,
         }
-        next unless ['deb', 'deb-src'].include? repo[:type]
+        next unless ["deb", "deb-src"].include? repo[:type]
 
         lines.push(repo)
       end
@@ -116,19 +116,19 @@ module Inspec::Resources
       # otherwise start generating the ppa url
 
       # special care if the name stats with :
-      ppa_url = ppa_url.split(':')[1] if ppa_url.start_with?('ppa:')
+      ppa_url = ppa_url.split(":")[1] if ppa_url.start_with?("ppa:")
 
       # parse ppa owner and repo
-      ppa_owner, ppa_repo = ppa_url.split('/')
-      ppa_repo = 'ppa' if ppa_repo.nil?
+      ppa_owner, ppa_repo = ppa_url.split("/")
+      ppa_repo = "ppa" if ppa_repo.nil?
 
       # construct new ppa url and return it
-      format('http://ppa.launchpad.net/%s/%s/ubuntu', ppa_owner, ppa_repo)
+      format("http://ppa.launchpad.net/%s/%s/ubuntu", ppa_owner, ppa_repo)
     end
   end
 
   class PpaRepository < AptRepository
-    name 'ppa'
+    name "ppa"
 
     def exists?
       deprecated
@@ -141,7 +141,7 @@ module Inspec::Resources
     end
 
     def deprecated
-      Inspec.deprecate(:resource_ppa, 'The `ppa` resource is deprecated. Please use `apt`')
+      Inspec.deprecate(:resource_ppa, "The `ppa` resource is deprecated. Please use `apt`")
     end
   end
 end

data/lib/{resources → inspec/resources}/audit_policy.rb

@@ -1,4 +1,5 @@
-# encoding: utf-8
+require "inspec/resources/command"
+
 # copyright: 2015, Vulcano Security GmbH
 
 # Advanced Auditing:
@@ -23,9 +24,9 @@
 
 module Inspec::Resources
   class AuditPolicy < Inspec.resource(1)
-    name 'audit_policy'
-    supports platform: 'windows'
-    desc 'Use the audit_policy InSpec audit resource to test auditing policies on the Microsoft Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each enabled auditing category property, the auditing level may be set to No Auditing, Not Specified, Success, Success and Failure, or Failure.'
+    name "audit_policy"
+    supports platform: "windows"
+    desc "Use the audit_policy InSpec audit resource to test auditing policies on the Microsoft Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each enabled auditing category property, the auditing level may be set to No Auditing, Not Specified, Success, Success and Failure, or Failure."
     example <<~EXAMPLE
       describe audit_policy do
         its('parameter') { should eq 'value' }
@@ -50,14 +51,14 @@ module Inspec::Resources
       values = nil
       unless target.nil?
         # split csv values and return value
-        values = target.split(',')[4]
+        values = target.split(",")[4]
       end
 
       values
     end
 
     def to_s
-      'Audit Policy'
+      "Audit Policy"
     end
   end
 end

data/lib/{resources → inspec/resources}/auditd.rb

@@ -1,9 +1,7 @@
-# encoding: utf-8
-
-require 'forwardable'
-require 'utils/filter_array'
-require 'utils/filter'
-require 'utils/parser'
+require "forwardable"
+require "inspec/utils/filter_array"
+require "inspec/utils/filter"
+require "inspec/utils/parser"
 
 module Inspec::Resources
   class AuditDaemon < Inspec.resource(1)
@@ -11,9 +9,9 @@ module Inspec::Resources
     attr_accessor :lines
     attr_reader :params
 
-    name 'auditd'
-    supports platform: 'unix'
-    desc 'Use the auditd InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the auditcl -l command.'
+    name "auditd"
+    supports platform: "unix"
+    desc "Use the auditd InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the auditcl -l command."
     example <<~EXAMPLE
       describe auditd.syscall('chown').where {arch == 'b32'} do
         its('action') { should eq ['always'] }
@@ -30,12 +28,12 @@ module Inspec::Resources
     EXAMPLE
 
     def initialize
-      unless inspec.command('/sbin/auditctl').exist?
+      unless inspec.command("/sbin/auditctl").exist?
         raise Inspec::Exceptions::ResourceFailed,
-              'Command `/sbin/auditctl` does not exist'
+              "Command `/sbin/auditctl` does not exist"
       end
 
-      auditctl_cmd = '/sbin/auditctl -l'
+      auditctl_cmd = "/sbin/auditctl -l"
       result = inspec.command(auditctl_cmd)
 
       if result.exit_status != 0
@@ -48,35 +46,35 @@ module Inspec::Resources
 
       if @content =~ /^LIST_RULES:/
         raise Inspec::Exceptions::RsourceFailed,
-              'The version of audit is outdated.' \
-              'The `auditd` resource supports versions of audit >= 2.3.'
+              "The version of audit is outdated." \
+              "The `auditd` resource supports versions of audit >= 2.3."
       end
       parse_content
     end
 
     filter = FilterTable.create
-    filter.register_column(:file,         field: 'file')
-          .register_column(:list,         field: 'list')
-          .register_column(:action,       field: 'action')
-          .register_column(:fields,       field: 'fields')
-          .register_column(:fields_nokey, field: 'fields_nokey')
-          .register_column(:syscall,      field: 'syscall')
-          .register_column(:key,          field: 'key')
-          .register_column(:arch,         field: 'arch')
-          .register_column(:path,         field: 'path')
-          .register_column(:permissions,  field: 'permissions')
-          .register_column(:exit,         field: 'exit')
+    filter.register_column(:file,         field: "file")
+          .register_column(:list,         field: "list")
+          .register_column(:action,       field: "action")
+          .register_column(:fields,       field: "fields")
+          .register_column(:fields_nokey, field: "fields_nokey")
+          .register_column(:syscall,      field: "syscall")
+          .register_column(:key,          field: "key")
+          .register_column(:arch,         field: "arch")
+          .register_column(:path,         field: "path")
+          .register_column(:permissions,  field: "permissions")
+          .register_column(:exit,         field: "exit")
 
     filter.install_filter_methods_on_resource(self, :params)
 
     def status(name = nil)
-      @status_content ||= inspec.command('/sbin/auditctl -s').stdout.chomp
+      @status_content ||= inspec.command("/sbin/auditctl -s").stdout.chomp
 
       # See: https://github.com/inspec/inspec/issues/3113
       if @status_content =~ /^AUDIT_STATUS/
-        @status_content = @status_content.gsub('AUDIT_STATUS: ', '')
-                                         .tr(' ', "\n")
-                                         .tr('=', ' ')
+        @status_content = @status_content.gsub("AUDIT_STATUS: ", "")
+                                         .tr(" ", "\n")
+                                         .tr("=", " ")
       end
 
       @status_params ||= Hash[@status_content.scan(/^([^ ]+) (.*)$/)]
@@ -107,19 +105,19 @@ module Inspec::Resources
       action, list = action_list_for(line)
       fields = rule_fields_for(line)
       key_field, fields_nokey = remove_key_from(fields)
-      key = key_in(key_field.join(''))
+      key = key_in(key_field.join(""))
       perms = perms_in(fields)
 
       @params.push(
         {
-          'file' => file,
-          'list' => list,
-          'action' => action,
-          'fields' => fields,
-          'permissions' => perms,
-          'key' => key,
-          'fields_nokey' => fields_nokey,
-        },
+          "file" => file,
+          "list" => list,
+          "action" => action,
+          "fields" => fields,
+          "permissions" => perms,
+          "key" => key,
+          "fields_nokey" => fields_nokey,
+        }
       )
     end
 
@@ -128,7 +126,7 @@ module Inspec::Resources
       action, list = action_list_for(line)
       fields = rule_fields_for(line)
       key_field, fields_nokey = remove_key_from(fields)
-      key = key_in(key_field.join(''))
+      key = key_in(key_field.join(""))
       arch = arch_in(fields)
       path = path_in(fields)
       perms = perms_in(fields)
@@ -137,17 +135,17 @@ module Inspec::Resources
       syscalls.each do |s|
         @params.push(
           {
-            'syscall' => s,
-            'list' => list,
-            'action' => action,
-            'fields' => fields,
-            'key' => key,
-            'arch' => arch,
-            'path' => path,
-            'permissions' => perms,
-            'exit' => exit_field,
-            'fields_nokey' => fields_nokey,
-          },
+            "syscall" => s,
+            "list" => list,
+            "action" => action,
+            "fields" => fields,
+            "key" => key,
+            "arch" => arch,
+            "path" => path,
+            "permissions" => perms,
+            "exit" => exit_field,
+            "fields_nokey" => fields_nokey,
+          }
         )
       end
     end
@@ -159,15 +157,15 @@ module Inspec::Resources
 
       @params.push(
         {
-          'file' => file,
-          'key' => key,
-          'permissions' => perms,
-        },
+          "file" => file,
+          "key" => key,
+          "permissions" => perms,
+        }
       )
     end
 
     def to_s
-      'Auditd Rules'
+      "Auditd Rules"
     end
 
     private
@@ -185,7 +183,7 @@ module Inspec::Resources
     end
 
     def syscalls_for(line)
-      line.scan(/-S ([^ ]+)\s?/).flatten.first.split(',')
+      line.scan(/-S ([^ ]+)\s?/).flatten.first.split(",")
     end
 
     def action_list_for(line)
@@ -193,7 +191,7 @@ module Inspec::Resources
     end
 
     def key_for(line)
-      line.match(/-k ([^ ]+)\s?/)[1] if line.include?('-k ')
+      line.match(/-k ([^ ]+)\s?/)[1] if line.include?("-k ")
     end
 
     def file_for(line)
@@ -209,44 +207,44 @@ module Inspec::Resources
     end
 
     def rule_fields_for(line)
-      line.gsub(/-[aS] [^ ]+ /, '').split('-F ').map { |l| l.split(' ') }.flatten
+      line.gsub(/-[aS] [^ ]+ /, "").split("-F ").map { |l| l.split(" ") }.flatten
     end
 
     def arch_in(fields)
       fields.each do |field|
-        return field.match(/arch=(\S+)\s?/)[1] if field.start_with?('arch=')
+        return field.match(/arch=(\S+)\s?/)[1] if field.start_with?("arch=")
       end
       nil
     end
 
     def perms_in(fields)
       fields.each do |field|
-        return field.match(/perm=(\S+)\s?/)[1].scan(/\w/) if field.start_with?('perm=')
+        return field.match(/perm=(\S+)\s?/)[1].scan(/\w/) if field.start_with?("perm=")
       end
       nil
     end
 
     def path_in(fields)
       fields.each do |field|
-        return field.match(/path=(\S+)\s?/)[1] if field.start_with?('path=')
+        return field.match(/path=(\S+)\s?/)[1] if field.start_with?("path=")
       end
       nil
     end
 
     def exit_in(fields)
       fields.each do |field|
-        return field.match(/exit=(\S+)\s?/)[1] if field.start_with?('exit=')
+        return field.match(/exit=(\S+)\s?/)[1] if field.start_with?("exit=")
       end
       nil
     end
 
     def key_in(field)
-      _, v = field.split('=')
+      _, v = field.split("=")
       v
     end
 
     def remove_key_from(fields)
-      fields.partition { |x| x.start_with? 'key' }
+      fields.partition { |x| x.start_with? "key" }
     end
   end
 end