inspec-core 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +139 -140
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
@@ -1,4 +1,4 @@
|
|
1
|
-
|
1
|
+
require "inspec/resources/command"
|
2
2
|
|
3
3
|
# Usage:
|
4
4
|
# describe host('example.com') do
|
@@ -22,14 +22,14 @@
|
|
22
22
|
# it { should be_resolvable.by('dns') }
|
23
23
|
# end
|
24
24
|
|
25
|
-
require
|
25
|
+
require "resolv"
|
26
26
|
|
27
27
|
module Inspec::Resources
|
28
28
|
class Host < Inspec.resource(1)
|
29
|
-
name
|
30
|
-
supports platform:
|
31
|
-
supports platform:
|
32
|
-
desc
|
29
|
+
name "host"
|
30
|
+
supports platform: "unix"
|
31
|
+
supports platform: "windows"
|
32
|
+
desc "Use the host InSpec audit resource to test the name used to refer to a specific host and its availability, including the Internet protocols and ports over which that host name should be available."
|
33
33
|
example <<~EXAMPLE
|
34
34
|
describe host('example.com') do
|
35
35
|
it { should be_reachable }
|
@@ -49,33 +49,35 @@ module Inspec::Resources
|
|
49
49
|
@port = params[:port]
|
50
50
|
|
51
51
|
if params[:proto]
|
52
|
-
Inspec.deprecate(:host_resource_proto_usage,
|
52
|
+
Inspec.deprecate(:host_resource_proto_usage, "The `host` resource `proto` resource parameter is deprecated. Please use `protocol`.")
|
53
53
|
@protocol = params[:proto]
|
54
54
|
else
|
55
|
-
@protocol = params.fetch(:protocol,
|
55
|
+
@protocol = params.fetch(:protocol, "icmp")
|
56
56
|
end
|
57
57
|
|
58
58
|
@host_provider = nil
|
59
59
|
if inspec.os.linux?
|
60
60
|
@host_provider = LinuxHostProvider.new(inspec)
|
61
61
|
elsif inspec.os.windows?
|
62
|
-
return skip_resource
|
62
|
+
return skip_resource "Invalid protocol: only `tcp` and `icmp` protocols are support for the `host` resource on your OS." unless
|
63
63
|
%w{icmp tcp}.include?(@protocol)
|
64
64
|
|
65
65
|
@host_provider = WindowsHostProvider.new(inspec)
|
66
66
|
elsif inspec.os.darwin?
|
67
67
|
@host_provider = DarwinHostProvider.new(inspec)
|
68
68
|
else
|
69
|
-
return skip_resource
|
69
|
+
return skip_resource "The `host` resource is not supported on your OS yet."
|
70
70
|
end
|
71
71
|
|
72
72
|
missing_requirements = @host_provider.missing_requirements(protocol)
|
73
|
-
|
74
|
-
"
|
73
|
+
unless missing_requirements.empty?
|
74
|
+
return skip_resource "The following requirements are not met for this resource: " \
|
75
|
+
"#{missing_requirements.join(', ')}"
|
76
|
+
end
|
75
77
|
end
|
76
78
|
|
77
79
|
def proto
|
78
|
-
Inspec.deprecate(:host_resource_proto_usage,
|
80
|
+
Inspec.deprecate(:host_resource_proto_usage, "The host resource `proto` method is deprecated. Please use `protocol`.")
|
79
81
|
protocol
|
80
82
|
end
|
81
83
|
|
@@ -87,7 +89,7 @@ module Inspec::Resources
|
|
87
89
|
|
88
90
|
def reachable?
|
89
91
|
# ping checks do not require port or protocol
|
90
|
-
return ping.fetch(:success, false) if protocol ==
|
92
|
+
return ping.fetch(:success, false) if protocol == "icmp"
|
91
93
|
|
92
94
|
# if either port or protocol are specified but not both, we cannot proceed.
|
93
95
|
if port.nil? || protocol.nil?
|
@@ -150,8 +152,8 @@ module Inspec::Resources
|
|
150
152
|
def initialize(inspec)
|
151
153
|
super
|
152
154
|
|
153
|
-
@has_nc = inspec.command(
|
154
|
-
@has_ncat = inspec.command(
|
155
|
+
@has_nc = inspec.command("nc").exist?
|
156
|
+
@has_ncat = inspec.command("ncat").exist?
|
155
157
|
@has_net_redirections = inspec.command("strings `which bash` | grep -qE '/dev/(tcp|udp)/'").exit_status == 0
|
156
158
|
end
|
157
159
|
|
@@ -162,7 +164,7 @@ module Inspec::Resources
|
|
162
164
|
if @has_net_redirections
|
163
165
|
missing << "#{timeout} (part of coreutils) or netcat must be installed" unless inspec.command(timeout).exist?
|
164
166
|
else
|
165
|
-
missing <<
|
167
|
+
missing << "netcat must be installed"
|
166
168
|
end
|
167
169
|
end
|
168
170
|
|
@@ -182,7 +184,7 @@ module Inspec::Resources
|
|
182
184
|
end
|
183
185
|
|
184
186
|
{
|
185
|
-
success: resp.exit_status.to_i
|
187
|
+
success: resp.exit_status.to_i == 0,
|
186
188
|
connection: resp.stderr,
|
187
189
|
socket: resp.stdout,
|
188
190
|
}
|
@@ -190,24 +192,24 @@ module Inspec::Resources
|
|
190
192
|
|
191
193
|
def netcat_check_command(hostname, port, protocol)
|
192
194
|
if @has_nc
|
193
|
-
base_cmd =
|
195
|
+
base_cmd = "nc"
|
194
196
|
elsif @has_ncat
|
195
|
-
base_cmd =
|
197
|
+
base_cmd = "ncat"
|
196
198
|
else
|
197
199
|
return
|
198
200
|
end
|
199
201
|
|
200
|
-
if protocol ==
|
201
|
-
extra_flags =
|
202
|
+
if protocol == "udp"
|
203
|
+
extra_flags = "-u"
|
202
204
|
else
|
203
|
-
extra_flags =
|
205
|
+
extra_flags = ""
|
204
206
|
end
|
205
207
|
|
206
208
|
"echo | #{base_cmd} -v -w 1 #{extra_flags} #{hostname} #{port}"
|
207
209
|
end
|
208
210
|
|
209
211
|
def timeout
|
210
|
-
|
212
|
+
"timeout"
|
211
213
|
end
|
212
214
|
|
213
215
|
def resolve_with_dig(hostname)
|
@@ -232,7 +234,7 @@ module Inspec::Resources
|
|
232
234
|
|
233
235
|
def resolve_with_getent(hostname)
|
234
236
|
cmd = inspec.command("getent ahosts #{hostname}")
|
235
|
-
return nil unless cmd.exit_status.to_i
|
237
|
+
return nil unless cmd.exit_status.to_i == 0
|
236
238
|
|
237
239
|
# getent ahosts output is formatted like so:
|
238
240
|
# $ getent ahosts www.google.com
|
@@ -255,7 +257,7 @@ module Inspec::Resources
|
|
255
257
|
|
256
258
|
class DarwinHostProvider < UnixHostProvider
|
257
259
|
def timeout
|
258
|
-
|
260
|
+
"gtimeout"
|
259
261
|
end
|
260
262
|
|
261
263
|
def resolve(hostname)
|
@@ -279,7 +281,7 @@ module Inspec::Resources
|
|
279
281
|
# TCP and port: Test-NetConnection -ComputerName www.microsoft.com -RemotePort 80
|
280
282
|
request = "Test-NetConnection -ComputerName #{hostname} -WarningAction SilentlyContinue"
|
281
283
|
request += " -RemotePort #{port}" unless port.nil?
|
282
|
-
request +=
|
284
|
+
request += "| Select-Object -Property ComputerName, TcpTestSucceeded, PingSucceeded | ConvertTo-Json"
|
283
285
|
cmd = inspec.command(request)
|
284
286
|
|
285
287
|
begin
|
@@ -288,7 +290,7 @@ module Inspec::Resources
|
|
288
290
|
return {}
|
289
291
|
end
|
290
292
|
|
291
|
-
{ success: port.nil? ? ping[
|
293
|
+
{ success: port.nil? ? ping["PingSucceeded"] : ping["TcpTestSucceeded"] }
|
292
294
|
end
|
293
295
|
|
294
296
|
def resolve(hostname)
|
@@ -300,7 +302,7 @@ module Inspec::Resources
|
|
300
302
|
end
|
301
303
|
|
302
304
|
resolv = [resolv] unless resolv.is_a?(Array)
|
303
|
-
resolv.map { |entry| entry[
|
305
|
+
resolv.map { |entry| entry["IPAddress"] }
|
304
306
|
end
|
305
307
|
end
|
306
308
|
end
|
@@ -1,17 +1,17 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# copyright: 2017, Criteo
|
3
2
|
# copyright: 2017, Chef Software Inc
|
4
3
|
# license: Apache v2
|
5
4
|
|
6
|
-
require
|
7
|
-
require
|
8
|
-
require
|
5
|
+
require "inspec/resources/command"
|
6
|
+
require "faraday"
|
7
|
+
require "faraday_middleware"
|
8
|
+
require "hashie"
|
9
9
|
|
10
10
|
module Inspec::Resources
|
11
11
|
class Http < Inspec.resource(1)
|
12
|
-
name
|
13
|
-
supports platform:
|
14
|
-
desc
|
12
|
+
name "http"
|
13
|
+
supports platform: "unix"
|
14
|
+
desc "Use the http InSpec audit resource to test http call."
|
15
15
|
example <<~EXAMPLE
|
16
16
|
describe http('http://localhost:8080/ping', auth: {user: 'user', pass: 'test'}, params: {format: 'html'}) do
|
17
17
|
its('status') { should cmp 200 }
|
@@ -34,9 +34,9 @@ module Inspec::Resources
|
|
34
34
|
# to give users an opportunity to remove the unused option from their
|
35
35
|
# profiles.
|
36
36
|
if opts.key?(:enable_remote_worker) && !inspec.local_transport?
|
37
|
-
warn
|
38
|
-
|
39
|
-
|
37
|
+
warn "Ignoring `enable_remote_worker` option, the `http` resource ",
|
38
|
+
"remote worker is enabled by default for remote targets and ",
|
39
|
+
"cannot be disabled"
|
40
40
|
end
|
41
41
|
|
42
42
|
# Run locally if InSpec is ran locally and remotely if ran remotely
|
@@ -60,14 +60,14 @@ module Inspec::Resources
|
|
60
60
|
end
|
61
61
|
|
62
62
|
def http_method
|
63
|
-
@opts.fetch(:method,
|
63
|
+
@opts.fetch(:method, "GET")
|
64
64
|
end
|
65
65
|
|
66
66
|
def to_s
|
67
|
-
if @opts
|
67
|
+
if @opts && @url
|
68
68
|
"HTTP #{http_method} on #{@url}"
|
69
69
|
else
|
70
|
-
|
70
|
+
"HTTP Resource"
|
71
71
|
end
|
72
72
|
end
|
73
73
|
|
@@ -161,9 +161,9 @@ module Inspec::Resources
|
|
161
161
|
attr_reader :inspec
|
162
162
|
|
163
163
|
def initialize(inspec, http_method, url, opts)
|
164
|
-
unless inspec.command(
|
164
|
+
unless inspec.command("curl").exist?
|
165
165
|
raise Inspec::Exceptions::ResourceSkipped,
|
166
|
-
|
166
|
+
"curl is not available on the target machine"
|
167
167
|
end
|
168
168
|
|
169
169
|
@ran_curl = false
|
@@ -210,35 +210,35 @@ module Inspec::Resources
|
|
210
210
|
|
211
211
|
# grab the status off of the first line of the prelude
|
212
212
|
status_line = prelude.shift
|
213
|
-
@status = status_line.split(
|
213
|
+
@status = status_line.split(" ", 3)[1].to_i
|
214
214
|
|
215
215
|
# parse the rest of the prelude which will be all the HTTP headers
|
216
216
|
@response_headers = {}
|
217
217
|
prelude.each do |line|
|
218
218
|
line.strip!
|
219
|
-
key, value = line.split(
|
219
|
+
key, value = line.split(":", 2)
|
220
220
|
@response_headers[key] = value.strip
|
221
221
|
end
|
222
222
|
end
|
223
223
|
|
224
224
|
def curl_command # rubocop:disable Metrics/AbcSize
|
225
|
-
cmd = [
|
225
|
+
cmd = ["curl -i"]
|
226
226
|
|
227
227
|
# Use curl's --head option when the method requested is HEAD. Otherwise,
|
228
228
|
# the user may experience a timeout when curl does not properly close
|
229
229
|
# the connection after the response is received.
|
230
|
-
if http_method.casecmp(
|
231
|
-
cmd <<
|
230
|
+
if http_method.casecmp("HEAD") == 0
|
231
|
+
cmd << "--head"
|
232
232
|
else
|
233
233
|
cmd << "-X #{http_method}"
|
234
234
|
end
|
235
235
|
|
236
236
|
cmd << "--connect-timeout #{open_timeout}"
|
237
|
-
cmd << "--max-time #{open_timeout+read_timeout}"
|
237
|
+
cmd << "--max-time #{open_timeout + read_timeout}"
|
238
238
|
cmd << "--user \'#{username}:#{password}\'" unless username.nil? || password.nil?
|
239
|
-
cmd <<
|
239
|
+
cmd << "--insecure" unless ssl_verify?
|
240
240
|
cmd << "--data #{Shellwords.shellescape(request_body)}" unless request_body.nil?
|
241
|
-
cmd <<
|
241
|
+
cmd << "--location" if max_redirects > 0
|
242
242
|
cmd << "--max-redirs #{max_redirects}" if max_redirects > 0
|
243
243
|
|
244
244
|
request_headers.each do |k, v|
|
@@ -251,7 +251,7 @@ module Inspec::Resources
|
|
251
251
|
cmd << "'#{url}?#{params.map { |e| e.join('=') }.join('&')}'"
|
252
252
|
end
|
253
253
|
|
254
|
-
cmd.join(
|
254
|
+
cmd.join(" ")
|
255
255
|
end
|
256
256
|
end
|
257
257
|
end
|
@@ -1,12 +1,11 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# frozen_string_literal: true
|
3
2
|
# check for web applications in IIS
|
4
3
|
# Note: this is only supported in windows 2012 and later
|
5
4
|
module Inspec::Resources
|
6
5
|
class IisApp < Inspec.resource(1)
|
7
|
-
name
|
8
|
-
supports platform:
|
9
|
-
desc
|
6
|
+
name "iis_app"
|
7
|
+
supports platform: "windows"
|
8
|
+
desc "Tests IIS application configuration on windows. Supported in server 2012+ only"
|
10
9
|
example <<~EXAMPLE
|
11
10
|
describe iis_app('/myapp', 'Default Web Site') do
|
12
11
|
it { should exist }
|
@@ -90,9 +89,9 @@ module Inspec::Resources
|
|
90
89
|
info = {
|
91
90
|
site_name: @site_name,
|
92
91
|
path: @path,
|
93
|
-
application_pool: app[
|
94
|
-
physical_path: app[
|
95
|
-
protocols: app[
|
92
|
+
application_pool: app["applicationPool"],
|
93
|
+
physical_path: app["PhysicalPath"],
|
94
|
+
protocols: app["enabledProtocols"],
|
96
95
|
}
|
97
96
|
|
98
97
|
@cache = info unless info.nil?
|
@@ -1,12 +1,14 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "inspec/resources/powershell"
|
4
|
+
|
3
5
|
# check for web applications in IIS
|
4
6
|
# Note: this is only supported in windows 2012 and later
|
5
7
|
|
6
8
|
class IisAppPool < Inspec.resource(1)
|
7
|
-
name
|
8
|
-
desc
|
9
|
-
supports platform:
|
9
|
+
name "iis_app_pool"
|
10
|
+
desc "Tests IIS application pool configuration on windows."
|
11
|
+
supports platform: "windows"
|
10
12
|
example <<~EXAMPLE
|
11
13
|
describe iis_app_pool('DefaultAppPool') do
|
12
14
|
it { should exist }
|
@@ -22,7 +24,7 @@ class IisAppPool < Inspec.resource(1)
|
|
22
24
|
@cache = nil
|
23
25
|
|
24
26
|
# verify that this resource is only supported on Windows
|
25
|
-
return skip_resource
|
27
|
+
return skip_resource "The `iis_app_pool` resource is not supported on your OS." unless inspec.os.windows?
|
26
28
|
end
|
27
29
|
|
28
30
|
def pool_name
|
@@ -102,26 +104,26 @@ class IisAppPool < Inspec.resource(1)
|
|
102
104
|
begin
|
103
105
|
pool = JSON.parse(cmd.stdout)
|
104
106
|
rescue JSON::ParserError => _e
|
105
|
-
raise Inspec::Exceptions::ResourceFailed,
|
107
|
+
raise Inspec::Exceptions::ResourceFailed, "Unable to parse app pool JSON"
|
106
108
|
end
|
107
109
|
|
108
|
-
process_model = pool.fetch(
|
109
|
-
idle_timeout = process_model.fetch(
|
110
|
+
process_model = pool.fetch("processModel", {})
|
111
|
+
idle_timeout = process_model.fetch("idleTimeout", {})
|
110
112
|
|
111
113
|
# map our values to a hash table
|
112
114
|
@cache = {
|
113
|
-
pool_name: pool[
|
114
|
-
version: pool[
|
115
|
-
e32b: pool[
|
116
|
-
mode: pool[
|
117
|
-
processes: process_model[
|
115
|
+
pool_name: pool["name"],
|
116
|
+
version: pool["managedRuntimeVersion"],
|
117
|
+
e32b: pool["enable32BitAppOnWin64"],
|
118
|
+
mode: pool["managedPipelineMode"],
|
119
|
+
processes: process_model["maxProcesses"],
|
118
120
|
timeout: "#{idle_timeout['Hours']}:#{idle_timeout['Minutes']}:#{idle_timeout['Seconds']}",
|
119
|
-
timeout_days: idle_timeout[
|
120
|
-
timeout_hours: idle_timeout[
|
121
|
-
timeout_minutes: idle_timeout[
|
122
|
-
timeout_seconds: idle_timeout[
|
123
|
-
user_identity_type: process_model[
|
124
|
-
username: process_model[
|
121
|
+
timeout_days: idle_timeout["Days"],
|
122
|
+
timeout_hours: idle_timeout["Hours"],
|
123
|
+
timeout_minutes: idle_timeout["Minutes"],
|
124
|
+
timeout_seconds: idle_timeout["Seconds"],
|
125
|
+
user_identity_type: process_model["identityType"],
|
126
|
+
username: process_model["userName"],
|
125
127
|
}
|
126
128
|
end
|
127
129
|
end
|
@@ -1,5 +1,7 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "inspec/resources/command"
|
4
|
+
|
3
5
|
# check for site in IIS
|
4
6
|
# Usage:
|
5
7
|
# describe iis_site('Default Web Site') do
|
@@ -15,9 +17,9 @@
|
|
15
17
|
|
16
18
|
module Inspec::Resources
|
17
19
|
class IisSite < Inspec.resource(1)
|
18
|
-
name
|
19
|
-
supports platform:
|
20
|
-
desc
|
20
|
+
name "iis_site"
|
21
|
+
supports platform: "windows"
|
22
|
+
desc "Tests IIS site configuration on windows. Supported in server 2012+ only"
|
21
23
|
example <<~EXAMPLE
|
22
24
|
describe iis_site('Default Web Site') do
|
23
25
|
it { should exist }
|
@@ -36,7 +38,7 @@ module Inspec::Resources
|
|
36
38
|
@site_provider = SiteProvider.new(inspec)
|
37
39
|
|
38
40
|
# verify that this resource is only supported on Windows
|
39
|
-
return skip_resource
|
41
|
+
return skip_resource "The `iis_site` resource is not supported on your OS." if inspec.os[:family] != "windows"
|
40
42
|
end
|
41
43
|
|
42
44
|
def app_pool
|
@@ -60,7 +62,7 @@ module Inspec::Resources
|
|
60
62
|
end
|
61
63
|
|
62
64
|
def running?
|
63
|
-
iis_site.nil? ? false : (iis_site[:state] ==
|
65
|
+
iis_site.nil? ? false : (iis_site[:state] == "Started")
|
64
66
|
end
|
65
67
|
|
66
68
|
def has_app_pool?(app_pool)
|
@@ -103,17 +105,17 @@ module Inspec::Resources
|
|
103
105
|
return nil
|
104
106
|
end
|
105
107
|
|
106
|
-
bindings_array = site[
|
108
|
+
bindings_array = site["bindings"]["Collection"].map do |k|
|
107
109
|
"#{k['protocol']} #{k['bindingInformation']}#{k['protocol'] == 'https' ? " sslFlags=#{k['sslFlags']}" : ''}"
|
108
|
-
|
110
|
+
end
|
109
111
|
|
110
112
|
# map our values to a hash table
|
111
113
|
info = {
|
112
|
-
name: site[
|
113
|
-
state: site[
|
114
|
-
path: site[
|
114
|
+
name: site["name"],
|
115
|
+
state: site["state"],
|
116
|
+
path: site["physicalPath"],
|
115
117
|
bindings: bindings_array,
|
116
|
-
app_pool: site[
|
118
|
+
app_pool: site["applicationPool"],
|
117
119
|
}
|
118
120
|
|
119
121
|
info
|
@@ -123,8 +125,8 @@ module Inspec::Resources
|
|
123
125
|
# for compatability with serverspec
|
124
126
|
# this is deprecated syntax and will be removed in future versions
|
125
127
|
class IisSiteServerSpec < IisSite
|
126
|
-
name
|
127
|
-
desc
|
128
|
+
name "iis_website"
|
129
|
+
desc "Tests IIS site configuration on windows. Deprecated, use `iis_site` instead."
|
128
130
|
example <<~EXAMPLE
|
129
131
|
describe iis_website('Default Website') do
|
130
132
|
it{ should exist }
|
@@ -134,7 +136,7 @@ module Inspec::Resources
|
|
134
136
|
EXAMPLE
|
135
137
|
|
136
138
|
def initialize(site_name)
|
137
|
-
Inspec.deprecate(:resource_iis_website,
|
139
|
+
Inspec.deprecate(:resource_iis_website, "The `iis_website` resource is deprecated. Please use `iis_site` instead.")
|
138
140
|
super(site_name)
|
139
141
|
end
|
140
142
|
|