inspec-core 4.3.2 → 4.6.3

data/lib/{resources → inspec/resources}/auditd_conf.rb

@@ -1,13 +1,12 @@
-# encoding: utf-8
 # copyright: 2015, Vulcano Security GmbH
 
-require 'utils/simpleconfig'
-require 'utils/file_reader'
+require "inspec/utils/simpleconfig"
+require "inspec/utils/file_reader"
 
 module Inspec::Resources
   class AuditDaemonConf < Inspec.resource(1)
-    name 'auditd_conf'
-    supports platform: 'unix'
+    name "auditd_conf"
+    supports platform: "unix"
     desc "Use the auditd_conf InSpec audit resource to test the configuration settings for the audit daemon. This file is typically located under /etc/audit/auditd.conf' on UNIX and Linux platforms."
     example <<~EXAMPLE
       describe auditd_conf do
@@ -18,7 +17,7 @@ module Inspec::Resources
     include FileReader
 
     def initialize(path = nil)
-      @conf_path = path || '/etc/audit/auditd.conf'
+      @conf_path = path || "/etc/audit/auditd.conf"
       @content = read_file_content(@conf_path)
     end
 
@@ -27,7 +26,7 @@ module Inspec::Resources
     end
 
     def to_s
-      'Audit Daemon Config'
+      "Audit Daemon Config"
     end
 
     private
@@ -38,7 +37,7 @@ module Inspec::Resources
       # parse the file
       conf = SimpleConfig.new(
         @content,
-        multiple_values: false,
+        multiple_values: false
       )
       @params = conf.params
     end

data/lib/{resources → inspec/resources}/bash.rb

@@ -1,13 +1,11 @@
-# encoding: utf-8
-
-require 'utils/command_wrapper'
-require 'resources/command'
+require "inspec/utils/command_wrapper"
+require "inspec/resources/command"
 
 module Inspec::Resources
   class Bash < Cmd
-    name 'bash'
-    supports platform: 'unix'
-    desc 'Run a command or script in BASH.'
+    name "bash"
+    supports platform: "unix"
+    desc "Run a command or script in BASH."
     example <<~EXAMPLE
       describe bash('ls -al /') do
         its('stdout') { should match /bin/ }
@@ -24,7 +22,7 @@ module Inspec::Resources
 
     def initialize(command, options = {})
       @raw_command = command
-      options[:shell] = 'bash' if options.is_a?(Hash)
+      options[:shell] = "bash" if options.is_a?(Hash)
       super(CommandWrapper.wrap(command, options))
     end
 

data/lib/{resources → inspec/resources}/bond.rb

@@ -1,12 +1,11 @@
-# encoding: utf-8
-
-require 'resources/file'
-require 'utils/file_reader'
+require "inspec/resources/file"
+require "inspec/utils/file_reader"
+require "inspec/utils/simpleconfig"
 
 module Inspec::Resources
   class Bond < FileResource
-    name 'bond'
-    supports platform: 'unix'
+    name "bond"
+    supports platform: "unix"
     desc 'Use the bond InSpec audit resource to test a logical, bonded network interface (i.e. "two or more network interfaces aggregated into a single, logical network interface"). On Linux platforms, any value in the /proc/net/bonding directory may be tested.'
     example <<~EXAMPLE
       describe bond('bond0') do
@@ -26,11 +25,13 @@ module Inspec::Resources
     end
 
     def read_content
-      @params = SimpleConfig.new(
-        @content,
-        assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
-        multiple_values: true,
-      ).params if @file.exist?
+      if @file.exist?
+        @params = SimpleConfig.new(
+          @content,
+          assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+          multiple_values: true
+        ).params
+      end
       @loaded = true
       @content
     end
@@ -51,15 +52,15 @@ module Inspec::Resources
     end
 
     def has_interface?(interface)
-      params['Slave Interface'].include?(interface)
+      params["Slave Interface"].include?(interface)
     end
 
     def interfaces
-      params['Slave Interface']
+      params["Slave Interface"]
     end
 
     def mode
-      params['Bonding Mode'].first
+      params["Bonding Mode"].first
     end
 
     def to_s

data/lib/{resources → inspec/resources}/bridge.rb

@@ -1,4 +1,4 @@
-# encoding: utf-8
+require "inspec/resources/file"
 
 # Usage:
 # describe bridge('br0') do
@@ -8,9 +8,9 @@
 
 module Inspec::Resources
   class Bridge < Inspec.resource(1)
-    name 'bridge'
-    supports platform: 'unix'
-    desc 'Use the bridge InSpec audit resource to test basic network bridge properties, such as name, if an interface is defined, and the associations for any defined interface.'
+    name "bridge"
+    supports platform: "unix"
+    desc "Use the bridge InSpec audit resource to test basic network bridge properties, such as name, if an interface is defined, and the associations for any defined interface."
     example <<~EXAMPLE
       describe bridge 'br0' do
         it { should exist }
@@ -27,7 +27,7 @@ module Inspec::Resources
       elsif inspec.os.windows?
         @bridge_provider = WindowsBridge.new(inspec)
       else
-        return skip_resource 'The `bridge` resource is not supported on your OS yet.'
+        return skip_resource "The `bridge` resource is not supported on your OS yet."
       end
     end
 
@@ -36,7 +36,7 @@ module Inspec::Resources
     end
 
     def has_interface?(interface)
-      return skip_resource 'The `bridge` resource does not provide interface detection for Windows yet' if inspec.os.windows?
+      return skip_resource "The `bridge` resource does not provide interface detection for Windows yet" if inspec.os.windows?
       bridge_info.nil? ? false : bridge_info[:interfaces].include?(interface)
     end
 
@@ -92,7 +92,7 @@ module Inspec::Resources
   class WindowsBridge < BridgeDetection
     def bridge_info(bridge_name)
       # find all bridge adapters
-      cmd = inspec.command('Get-NetAdapterBinding -ComponentID ms_bridge | Get-NetAdapter | Select-Object -Property Name, InterfaceDescription | ConvertTo-Json')
+      cmd = inspec.command("Get-NetAdapterBinding -ComponentID ms_bridge | Get-NetAdapter | Select-Object -Property Name, InterfaceDescription | ConvertTo-Json")
 
       # filter network interface
       begin
@@ -108,7 +108,7 @@ module Inspec::Resources
       bridges = bridges.each_with_object([]) do |adapter, adapter_collection|
         # map object
         info = {
-          name: adapter['Name'],
+          name: adapter["Name"],
           interfaces: nil,
         }
         adapter_collection.push(info) if info[:name].casecmp(bridge_name) == 0

data/lib/{resources → inspec/resources}/chocolatey_package.rb

@@ -1,12 +1,14 @@
-# encoding: utf-8
 # frozen_string_literal: true
 
+require "inspec/resources/command"
+require "inspec/resources/powershell"
+
 # Check for Chocolatey packages to be installed
 module Inspec::Resources
   class ChocoPkg < Inspec.resource(1)
-    name 'chocolatey_package'
-    supports platform: 'windows'
-    desc 'Use the chocolatey_package InSpec audit resource to test if the named package and/or package version is installed on the system.'
+    name "chocolatey_package"
+    supports platform: "windows"
+    desc "Use the chocolatey_package InSpec audit resource to test if the named package and/or package version is installed on the system."
     example <<~EXAMPLE
       describe chocolatey_package('git') do
         it { should be_installed }
@@ -17,7 +19,7 @@ module Inspec::Resources
     attr_reader :package_name
 
     def initialize(package_name, _opts = {})
-      raise 'Chocolatey is not installed' unless inspec.command('choco').exist?
+      raise "Chocolatey is not installed" unless inspec.command("choco").exist?
       @package_name = package_name
       @cache = base_data.update(generate_cache)
     end
@@ -53,7 +55,7 @@ module Inspec::Resources
         name: package_name,
         version: nil,
         installed: false,
-        type: 'chocolatey',
+        type: "chocolatey",
       }
     end
 
@@ -67,12 +69,12 @@ module Inspec::Resources
       return {} if cmd.exit_status != 0 || cmd.stdout.strip.empty?
       out = JSON.parse(cmd.stdout)
 
-      return {
+      {
         version: out.fetch(package_name),
         installed: true,
       }
     rescue JSON::ParserError, KeyError
-      return {}
+      {}
     end
   end
 end

data/lib/{resources → inspec/resources}/command.rb

@@ -1,12 +1,13 @@
-# encoding: utf-8
 # copyright: 2015, Vulcano Security GmbH
 
+require "inspec/resource"
+
 module Inspec::Resources
   class Cmd < Inspec.resource(1)
-    name 'command'
-    supports platform: 'unix'
-    supports platform: 'windows'
-    desc 'Use the command InSpec audit resource to test an arbitrary command that is run on the system.'
+    name "command"
+    supports platform: "unix"
+    supports platform: "windows"
+    desc "Use the command InSpec audit resource to test an arbitrary command that is run on the system."
     example <<~EXAMPLE
       describe command('ls -al /') do
         its('stdout') { should match /bin/ }
@@ -24,7 +25,7 @@ module Inspec::Resources
 
     def initialize(cmd, options = {})
       if cmd.nil?
-        raise 'InSpec `command` was called with `nil` as the argument. This is not supported. Please provide a valid command instead.'
+        raise "InSpec `command` was called with `nil` as the argument. This is not supported. Please provide a valid command instead."
       end
 
       @command = cmd
@@ -32,9 +33,9 @@ module Inspec::Resources
       if options[:redact_regex]
         unless options[:redact_regex].is_a?(Regexp)
           # Make sure command is replaced so sensitive output isn't shown
-          @command = 'ERROR'
+          @command = "ERROR"
           raise Inspec::Exceptions::ResourceFailed,
-                'The `redact_regex` option must be a regular expression'
+                "The `redact_regex` option must be a regular expression"
         end
         @redact_regex = options[:redact_regex]
       end
@@ -58,10 +59,10 @@ module Inspec::Resources
 
     def exist? # rubocop:disable Metrics/AbcSize
       # silent for mock resources
-      return false if inspec.os.name.nil? || inspec.os.name == 'mock'
+      return false if inspec.os.name.nil? || inspec.os.name == "mock"
 
       if inspec.os.linux?
-        res = if inspec.platform.name == 'alpine'
+        res = if inspec.platform.name == "alpine"
                 inspec.backend.run_command("which \"#{@command}\"")
               else
                 inspec.backend.run_command("bash -c 'type \"#{@command}\"'")

data/lib/{resources → inspec/resources}/cpan.rb

@@ -1,4 +1,4 @@
-# encoding: utf-8
+require "inspec/resources/command"
 
 # Usage:
 # describe cpan('DBD::Pg') do
@@ -8,9 +8,9 @@
 
 module Inspec::Resources
   class CpanPackage < Inspec.resource(1)
-    name 'cpan'
-    supports platform: 'unix'
-    desc 'Use the `cpan` InSpec audit resource to test Perl modules that are installed by system packages or the CPAN installer.'
+    name "cpan"
+    supports platform: "unix"
+    desc "Use the `cpan` InSpec audit resource to test Perl modules that are installed by system packages or the CPAN installer."
     example <<~EXAMPLE
       describe cpan('DBD::Pg') do
         it { should be_installed }
@@ -20,24 +20,24 @@ module Inspec::Resources
     def initialize(package_name, perl_lib_path = nil)
       @package_name = package_name
       @perl_lib_path = perl_lib_path
-      @perl_cmd = 'perl'
+      @perl_cmd = "perl"
 
       # this resource is not supported on Windows
-      return skip_resource 'The `cpan` resource is not supported on your OS yet.' if inspec.os.windows?
-      return skip_resource 'perl not found' unless inspec.command(@perl_cmd).exist?
+      return skip_resource "The `cpan` resource is not supported on your OS yet." if inspec.os.windows?
+      return skip_resource "perl not found" unless inspec.command(@perl_cmd).exist?
     end
 
     def info
       return @info if defined?(@info)
 
       @info = {}
-      @info[:type] = 'cpan'
+      @info[:type] = "cpan"
       @info[:name] = @package_name
       # set PERL5LIB environment variable if a custom lib path is given
-      lib_path = @perl_lib_path.nil? ? '' : "PERL5LIB=#{@perl_lib_path} "
-      cmd = inspec.command("#{lib_path+@perl_cmd} -le 'eval \"require $ARGV[0]\" and print $ARGV[0]->VERSION or exit 1' #{@package_name}")
-      @info[:installed] = cmd.exit_status.zero?
-      return @info unless cmd.exit_status.zero?
+      lib_path = @perl_lib_path.nil? ? "" : "PERL5LIB=#{@perl_lib_path} "
+      cmd = inspec.command("#{lib_path + @perl_cmd} -le 'eval \"require $ARGV[0]\" and print $ARGV[0]->VERSION or exit 1' #{@package_name}")
+      @info[:installed] = cmd.exit_status == 0
+      return @info unless cmd.exit_status == 0
 
       @info[:version] = cmd.stdout.strip
       @info

data/lib/{resources → inspec/resources}/cran.rb

@@ -1,4 +1,4 @@
-# encoding: utf-8
+require "inspec/resources/command"
 
 # Usage:
 # describe cran('DBI') do
@@ -8,9 +8,9 @@
 
 module Inspec::Resources
   class CranPackage < Inspec.resource(1)
-    name 'cran'
-    supports platform: 'unix'
-    desc 'Use the `cran` InSpec audit resource to test R modules that are installed from CRAN package repository.'
+    name "cran"
+    supports platform: "unix"
+    desc "Use the `cran` InSpec audit resource to test R modules that are installed from CRAN package repository."
     example <<~EXAMPLE
       describe cran('DBI') do
         it { should be_installed }
@@ -19,21 +19,21 @@ module Inspec::Resources
 
     def initialize(package_name)
       @package_name = package_name
-      @r_cmd = 'Rscript'
+      @r_cmd = "Rscript"
 
       # this resource is not supported on Windows
-      return skip_resource 'The `cran` resource is not supported on your OS yet.' if inspec.os.windows?
-      return skip_resource 'Rscript not found' unless inspec.command(@r_cmd).exist?
+      return skip_resource "The `cran` resource is not supported on your OS yet." if inspec.os.windows?
+      return skip_resource "Rscript not found" unless inspec.command(@r_cmd).exist?
     end
 
     def info
       return @info if defined?(@info)
 
       @info = {}
-      @info[:type] = 'cran'
+      @info[:type] = "cran"
       @info[:name] = @package_name
       cmd = inspec.command("#{@r_cmd} -e 'packageVersion(\"#{@package_name}\")'")
-      return @info unless cmd.exit_status.zero?
+      return @info unless cmd.exit_status == 0
 
       # Extract package version from Rscript output
       # Output includes unicode punctuation (backticks) characters like so:

data/lib/{resources → inspec/resources}/crontab.rb

@@ -1,13 +1,12 @@
-# encoding: utf-8
-
-require 'utils/parser'
-require 'utils/filter'
+require "inspec/resources/file"
+require "inspec/utils/parser"
+require "inspec/utils/filter"
 
 module Inspec::Resources
   class Crontab < Inspec.resource(1)
-    name 'crontab'
-    supports platform: 'unix'
-    desc 'Use the crontab InSpec audit resource to test the contents of the crontab for a given user which contains information about scheduled tasks owned by that user.'
+    name "crontab"
+    supports platform: "unix"
+    desc "Use the crontab InSpec audit resource to test the contents of the crontab for a given user which contains information about scheduled tasks owned by that user."
     example <<~EXAMPLE
       describe crontab(user: 'root') do
         its('commands') { should include '/path/to/some/script' }
@@ -40,8 +39,8 @@ module Inspec::Resources
         Hash[opts.map { |k, v| [k.to_sym, v] }]
         @user = opts.fetch(:user, nil)
         @path = opts.fetch(:path, nil)
-        raise Inspec::Exceptions::ResourceFailed, 'A user or path must be supplied.' if @user.nil? && @path.nil?
-        raise Inspec::Exceptions::ResourceFailed, 'Either user or path must be supplied, not both!' if !@user.nil? && !@path.nil?
+        raise Inspec::Exceptions::ResourceFailed, "A user or path must be supplied." if @user.nil? && @path.nil?
+        raise Inspec::Exceptions::ResourceFailed, "Either user or path must be supplied, not both!" if !@user.nil? && !@path.nil?
       else
         @user = opts
         @path = nil
@@ -60,31 +59,31 @@ module Inspec::Resources
     end
 
     def parse_crontab_line(l)
-      data, = parse_comment_line(l, comment_char: '#', standalone_comments: false)
+      data, = parse_comment_line(l, comment_char: "#", standalone_comments: false)
       return nil if data.nil? || data.empty?
 
       is_system_crontab? ? parse_system_crontab(data) : parse_user_crontab(data)
     end
 
     def crontab_cmd
-      @user.nil? ? 'crontab -l' : "crontab -l -u #{@user}"
+      @user.nil? ? "crontab -l" : "crontab -l -u #{@user}"
     end
 
     filter = FilterTable.create
-    filter.register_column(:minutes,  field: 'minute')
-          .register_column(:hours,    field: 'hour')
-          .register_column(:days,     field: 'day')
-          .register_column(:months,   field: 'month')
-          .register_column(:weekdays, field: 'weekday')
-          .register_column(:user,     field: 'user')
-          .register_column(:commands, field: 'command')
+    filter.register_column(:minutes,  field: "minute")
+          .register_column(:hours,    field: "hour")
+          .register_column(:days,     field: "day")
+          .register_column(:months,   field: "month")
+          .register_column(:weekdays, field: "weekday")
+          .register_column(:user,     field: "user")
+          .register_column(:commands, field: "command")
 
     # rebuild the crontab line from raw content
-    filter.register_custom_property(:content) { |t, _|
+    filter.register_custom_property(:content) do |t, _|
       t.entries.map do |e|
-        [e.minute, e.hour, e.day, e.month, e.weekday, e.user, e.command].compact.join(' ')
+        [e.minute, e.hour, e.day, e.month, e.weekday, e.user, e.command].compact.join(" ")
       end.join("\n")
-    }
+    end
 
     filter.install_filter_methods_on_resource(self, :params)
 
@@ -94,7 +93,7 @@ module Inspec::Resources
       elsif is_user_crontab?
         "crontab for user #{@user}"
       else
-        'crontab for current user'
+        "crontab for current user"
       end
     end
 
@@ -112,32 +111,32 @@ module Inspec::Resources
       case data
       when /@hourly .*/
         elements = data.split(/\s+/, 3)
-        { 'minute' => '0', 'hour' => '*', 'day' => '*', 'month' => '*', 'weekday' => '*', 'user' => elements.at(1), 'command' => elements.at(2) }
+        { "minute" => "0", "hour" => "*", "day" => "*", "month" => "*", "weekday" => "*", "user" => elements.at(1), "command" => elements.at(2) }
       when /@(midnight|daily) .*/
         elements = data.split(/\s+/, 3)
-        { 'minute' => '0', 'hour' => '0', 'day' => '*', 'month' => '*', 'weekday' => '*', 'user' => elements.at(1), 'command' => elements.at(2) }
+        { "minute" => "0", "hour" => "0", "day" => "*", "month" => "*", "weekday" => "*", "user" => elements.at(1), "command" => elements.at(2) }
       when /@weekly .*/
         elements = data.split(/\s+/, 3)
-        { 'minute' => '0', 'hour' => '0', 'day' => '*', 'month' => '*', 'weekday' => '0', 'user' => elements.at(1), 'command' => elements.at(2) }
+        { "minute" => "0", "hour" => "0", "day" => "*", "month" => "*", "weekday" => "0", "user" => elements.at(1), "command" => elements.at(2) }
       when /@monthly ./
         elements = data.split(/\s+/, 3)
-        { 'minute' => '0', 'hour' => '0', 'day' => '1', 'month' => '*', 'weekday' => '*', 'user' => elements.at(1), 'command' => elements.at(2) }
+        { "minute" => "0", "hour" => "0", "day" => "1", "month" => "*", "weekday" => "*", "user" => elements.at(1), "command" => elements.at(2) }
       when /@(annually|yearly) .*/
         elements = data.split(/\s+/, 3)
-        { 'minute' => '0', 'hour' => '0', 'day' => '1', 'month' => '1', 'weekday' => '*', 'user' => elements.at(1), 'command' => elements.at(2) }
+        { "minute" => "0", "hour" => "0", "day" => "1", "month" => "1", "weekday" => "*", "user" => elements.at(1), "command" => elements.at(2) }
       when /@reboot .*/
         elements = data.split(/\s+/, 3)
-        { 'minute' => '-1', 'hour' => '-1', 'day' => '-1', 'month' => '-1', 'weekday' => '-1', 'user' => elements.at(1), 'command' => elements.at(2) }
+        { "minute" => "-1", "hour" => "-1", "day" => "-1", "month" => "-1", "weekday" => "-1", "user" => elements.at(1), "command" => elements.at(2) }
       else
         elements = data.split(/\s+/, 7)
         {
-          'minute'  => elements.at(0),
-          'hour'    => elements.at(1),
-          'day'     => elements.at(2),
-          'month'   => elements.at(3),
-          'weekday' => elements.at(4),
-          'user'    => elements.at(5),
-          'command' => elements.at(6),
+          "minute" => elements.at(0),
+          "hour" => elements.at(1),
+          "day" => elements.at(2),
+          "month" => elements.at(3),
+          "weekday" => elements.at(4),
+          "user" => elements.at(5),
+          "command" => elements.at(6),
         }
       end
     end
@@ -145,27 +144,27 @@ module Inspec::Resources
     def parse_user_crontab(data)
       case data
       when /@hourly .*/
-        { 'minute' => '0', 'hour' => '*', 'day' => '*', 'month' => '*', 'weekday' => '*', 'user' => @user, 'command' => data.split(/\s+/, 2).at(1) }
+        { "minute" => "0", "hour" => "*", "day" => "*", "month" => "*", "weekday" => "*", "user" => @user, "command" => data.split(/\s+/, 2).at(1) }
       when /@(midnight|daily) .*/
-        { 'minute' => '0', 'hour' => '0', 'day' => '*', 'month' => '*', 'weekday' => '*', 'user' => @user, 'command' => data.split(/\s+/, 2).at(1) }
+        { "minute" => "0", "hour" => "0", "day" => "*", "month" => "*", "weekday" => "*", "user" => @user, "command" => data.split(/\s+/, 2).at(1) }
       when /@weekly .*/
-        { 'minute' => '0', 'hour' => '0', 'day' => '*', 'month' => '*', 'weekday' => '0', 'user' => @user, 'command' => data.split(/\s+/, 2).at(1) }
+        { "minute" => "0", "hour" => "0", "day" => "*", "month" => "*", "weekday" => "0", "user" => @user, "command" => data.split(/\s+/, 2).at(1) }
       when /@monthly ./
-        { 'minute' => '0', 'hour' => '0', 'day' => '1', 'month' => '*', 'weekday' => '*', 'user' => @user, 'command' => data.split(/\s+/, 2).at(1) }
+        { "minute" => "0", "hour" => "0", "day" => "1", "month" => "*", "weekday" => "*", "user" => @user, "command" => data.split(/\s+/, 2).at(1) }
       when /@(annually|yearly) .*/
-        { 'minute' => '0', 'hour' => '0', 'day' => '1', 'month' => '1', 'weekday' => '*', 'user' => @user, 'command' => data.split(/\s+/, 2).at(1) }
+        { "minute" => "0", "hour" => "0", "day" => "1", "month" => "1", "weekday" => "*", "user" => @user, "command" => data.split(/\s+/, 2).at(1) }
       when /@reboot .*/
-        { 'minute' => '-1', 'hour' => '-1', 'day' => '-1', 'month' => '-1', 'weekday' => '-1', 'user' => @user, 'command' => data.split(/\s+/, 2).at(1) }
+        { "minute" => "-1", "hour" => "-1", "day" => "-1", "month" => "-1", "weekday" => "-1", "user" => @user, "command" => data.split(/\s+/, 2).at(1) }
       else
         elements = data.split(/\s+/, 6)
         {
-          'minute'  => elements.at(0),
-          'hour'    => elements.at(1),
-          'day'     => elements.at(2),
-          'month'   => elements.at(3),
-          'weekday' => elements.at(4),
-          'user'    => @user,
-          'command' => elements.at(5),
+          "minute" => elements.at(0),
+          "hour" => elements.at(1),
+          "day" => elements.at(2),
+          "month" => elements.at(3),
+          "weekday" => elements.at(4),
+          "user" => @user,
+          "command" => elements.at(5),
         }
       end
     end