inspec-core 4.3.2 → 4.6.3

data/lib/{resources → inspec/resources}/host.rb

@@ -1,4 +1,4 @@
-# encoding: utf-8
+require "inspec/resources/command"
 
 # Usage:
 # describe host('example.com') do
@@ -22,14 +22,14 @@
 #   it { should be_resolvable.by('dns') }
 # end
 
-require 'resolv'
+require "resolv"
 
 module Inspec::Resources
   class Host < Inspec.resource(1)
-    name 'host'
-    supports platform: 'unix'
-    supports platform: 'windows'
-    desc 'Use the host InSpec audit resource to test the name used to refer to a specific host and its availability, including the Internet protocols and ports over which that host name should be available.'
+    name "host"
+    supports platform: "unix"
+    supports platform: "windows"
+    desc "Use the host InSpec audit resource to test the name used to refer to a specific host and its availability, including the Internet protocols and ports over which that host name should be available."
     example <<~EXAMPLE
       describe host('example.com') do
         it { should be_reachable }
@@ -49,33 +49,35 @@ module Inspec::Resources
       @port = params[:port]
 
       if params[:proto]
-        Inspec.deprecate(:host_resource_proto_usage, 'The `host` resource `proto` resource parameter is deprecated. Please use `protocol`.')
+        Inspec.deprecate(:host_resource_proto_usage, "The `host` resource `proto` resource parameter is deprecated. Please use `protocol`.")
         @protocol = params[:proto]
       else
-        @protocol = params.fetch(:protocol, 'icmp')
+        @protocol = params.fetch(:protocol, "icmp")
       end
 
       @host_provider = nil
       if inspec.os.linux?
         @host_provider = LinuxHostProvider.new(inspec)
       elsif inspec.os.windows?
-        return skip_resource 'Invalid protocol: only `tcp` and `icmp` protocols are support for the `host` resource on your OS.' unless
+        return skip_resource "Invalid protocol: only `tcp` and `icmp` protocols are support for the `host` resource on your OS." unless
           %w{icmp tcp}.include?(@protocol)
 
         @host_provider = WindowsHostProvider.new(inspec)
       elsif inspec.os.darwin?
         @host_provider = DarwinHostProvider.new(inspec)
       else
-        return skip_resource 'The `host` resource is not supported on your OS yet.'
+        return skip_resource "The `host` resource is not supported on your OS yet."
       end
 
       missing_requirements = @host_provider.missing_requirements(protocol)
-      return skip_resource 'The following requirements are not met for this resource: ' \
-        "#{missing_requirements.join(', ')}" unless missing_requirements.empty?
+      unless missing_requirements.empty?
+        return skip_resource "The following requirements are not met for this resource: " \
+          "#{missing_requirements.join(', ')}"
+      end
     end
 
     def proto
-      Inspec.deprecate(:host_resource_proto_usage, 'The host resource `proto` method is deprecated. Please use `protocol`.')
+      Inspec.deprecate(:host_resource_proto_usage, "The host resource `proto` method is deprecated. Please use `protocol`.")
       protocol
     end
 
@@ -87,7 +89,7 @@ module Inspec::Resources
 
     def reachable?
       # ping checks do not require port or protocol
-      return ping.fetch(:success, false) if protocol == 'icmp'
+      return ping.fetch(:success, false) if protocol == "icmp"
 
       # if either port or protocol are specified but not both, we cannot proceed.
       if port.nil? || protocol.nil?
@@ -150,8 +152,8 @@ module Inspec::Resources
     def initialize(inspec)
       super
 
-      @has_nc = inspec.command('nc').exist?
-      @has_ncat = inspec.command('ncat').exist?
+      @has_nc = inspec.command("nc").exist?
+      @has_ncat = inspec.command("ncat").exist?
       @has_net_redirections = inspec.command("strings `which bash` | grep -qE '/dev/(tcp|udp)/'").exit_status == 0
     end
 
@@ -162,7 +164,7 @@ module Inspec::Resources
         if @has_net_redirections
           missing << "#{timeout} (part of coreutils) or netcat must be installed" unless inspec.command(timeout).exist?
         else
-          missing << 'netcat must be installed'
+          missing << "netcat must be installed"
         end
       end
 
@@ -182,7 +184,7 @@ module Inspec::Resources
       end
 
       {
-        success: resp.exit_status.to_i.zero?,
+        success: resp.exit_status.to_i == 0,
         connection: resp.stderr,
         socket: resp.stdout,
       }
@@ -190,24 +192,24 @@ module Inspec::Resources
 
     def netcat_check_command(hostname, port, protocol)
       if @has_nc
-        base_cmd = 'nc'
+        base_cmd = "nc"
       elsif @has_ncat
-        base_cmd = 'ncat'
+        base_cmd = "ncat"
       else
         return
       end
 
-      if protocol == 'udp'
-        extra_flags = '-u'
+      if protocol == "udp"
+        extra_flags = "-u"
       else
-        extra_flags = ''
+        extra_flags = ""
       end
 
       "echo | #{base_cmd} -v -w 1 #{extra_flags} #{hostname} #{port}"
     end
 
     def timeout
-      'timeout'
+      "timeout"
     end
 
     def resolve_with_dig(hostname)
@@ -232,7 +234,7 @@ module Inspec::Resources
 
     def resolve_with_getent(hostname)
       cmd = inspec.command("getent ahosts #{hostname}")
-      return nil unless cmd.exit_status.to_i.zero?
+      return nil unless cmd.exit_status.to_i == 0
 
       # getent ahosts output is formatted like so:
       # $ getent ahosts www.google.com
@@ -255,7 +257,7 @@ module Inspec::Resources
 
   class DarwinHostProvider < UnixHostProvider
     def timeout
-      'gtimeout'
+      "gtimeout"
     end
 
     def resolve(hostname)
@@ -279,7 +281,7 @@ module Inspec::Resources
       # TCP and port: Test-NetConnection -ComputerName www.microsoft.com -RemotePort 80
       request = "Test-NetConnection -ComputerName #{hostname} -WarningAction SilentlyContinue"
       request += " -RemotePort #{port}" unless port.nil?
-      request += '| Select-Object -Property ComputerName, TcpTestSucceeded, PingSucceeded | ConvertTo-Json'
+      request += "| Select-Object -Property ComputerName, TcpTestSucceeded, PingSucceeded | ConvertTo-Json"
       cmd = inspec.command(request)
 
       begin
@@ -288,7 +290,7 @@ module Inspec::Resources
         return {}
       end
 
-      { success: port.nil? ? ping['PingSucceeded'] : ping['TcpTestSucceeded'] }
+      { success: port.nil? ? ping["PingSucceeded"] : ping["TcpTestSucceeded"] }
     end
 
     def resolve(hostname)
@@ -300,7 +302,7 @@ module Inspec::Resources
       end
 
       resolv = [resolv] unless resolv.is_a?(Array)
-      resolv.map { |entry| entry['IPAddress'] }
+      resolv.map { |entry| entry["IPAddress"] }
     end
   end
 end

data/lib/{resources → inspec/resources}/http.rb

@@ -1,17 +1,17 @@
-# encoding: utf-8
 # copyright: 2017, Criteo
 # copyright: 2017, Chef Software Inc
 # license: Apache v2
 
-require 'faraday'
-require 'faraday_middleware'
-require 'hashie'
+require "inspec/resources/command"
+require "faraday"
+require "faraday_middleware"
+require "hashie"
 
 module Inspec::Resources
   class Http < Inspec.resource(1)
-    name 'http'
-    supports platform: 'unix'
-    desc 'Use the http InSpec audit resource to test http call.'
+    name "http"
+    supports platform: "unix"
+    desc "Use the http InSpec audit resource to test http call."
     example <<~EXAMPLE
       describe http('http://localhost:8080/ping', auth: {user: 'user', pass: 'test'}, params: {format: 'html'}) do
         its('status') { should cmp 200 }
@@ -34,9 +34,9 @@ module Inspec::Resources
       # to give users an opportunity to remove the unused option from their
       # profiles.
       if opts.key?(:enable_remote_worker) && !inspec.local_transport?
-        warn 'Ignoring `enable_remote_worker` option, the `http` resource ',
-             'remote worker is enabled by default for remote targets and ',
-             'cannot be disabled'
+        warn "Ignoring `enable_remote_worker` option, the `http` resource ",
+             "remote worker is enabled by default for remote targets and ",
+             "cannot be disabled"
       end
 
       # Run locally if InSpec is ran locally and remotely if ran remotely
@@ -60,14 +60,14 @@ module Inspec::Resources
     end
 
     def http_method
-      @opts.fetch(:method, 'GET')
+      @opts.fetch(:method, "GET")
     end
 
     def to_s
-      if @opts and @url
+      if @opts && @url
         "HTTP #{http_method} on #{@url}"
       else
-        'HTTP Resource'
+        "HTTP Resource"
       end
     end
 
@@ -161,9 +161,9 @@ module Inspec::Resources
         attr_reader :inspec
 
         def initialize(inspec, http_method, url, opts)
-          unless inspec.command('curl').exist?
+          unless inspec.command("curl").exist?
             raise Inspec::Exceptions::ResourceSkipped,
-                  'curl is not available on the target machine'
+                  "curl is not available on the target machine"
           end
 
           @ran_curl = false
@@ -210,35 +210,35 @@ module Inspec::Resources
 
           # grab the status off of the first line of the prelude
           status_line = prelude.shift
-          @status = status_line.split(' ', 3)[1].to_i
+          @status = status_line.split(" ", 3)[1].to_i
 
           # parse the rest of the prelude which will be all the HTTP headers
           @response_headers = {}
           prelude.each do |line|
             line.strip!
-            key, value = line.split(':', 2)
+            key, value = line.split(":", 2)
             @response_headers[key] = value.strip
           end
         end
 
         def curl_command # rubocop:disable Metrics/AbcSize
-          cmd = ['curl -i']
+          cmd = ["curl -i"]
 
           # Use curl's --head option when the method requested is HEAD. Otherwise,
           # the user may experience a timeout when curl does not properly close
           # the connection after the response is received.
-          if http_method.casecmp('HEAD') == 0
-            cmd << '--head'
+          if http_method.casecmp("HEAD") == 0
+            cmd << "--head"
           else
             cmd << "-X #{http_method}"
           end
 
           cmd << "--connect-timeout #{open_timeout}"
-          cmd << "--max-time #{open_timeout+read_timeout}"
+          cmd << "--max-time #{open_timeout + read_timeout}"
           cmd << "--user \'#{username}:#{password}\'" unless username.nil? || password.nil?
-          cmd << '--insecure' unless ssl_verify?
+          cmd << "--insecure" unless ssl_verify?
           cmd << "--data #{Shellwords.shellescape(request_body)}" unless request_body.nil?
-          cmd << '--location' if max_redirects > 0
+          cmd << "--location" if max_redirects > 0
           cmd << "--max-redirs #{max_redirects}" if max_redirects > 0
 
           request_headers.each do |k, v|
@@ -251,7 +251,7 @@ module Inspec::Resources
             cmd << "'#{url}?#{params.map { |e| e.join('=') }.join('&')}'"
           end
 
-          cmd.join(' ')
+          cmd.join(" ")
         end
       end
     end

data/lib/{resources → inspec/resources}/iis_app.rb

@@ -1,12 +1,11 @@
-# encoding: utf-8
 # frozen_string_literal: true
 # check for web applications in IIS
 # Note: this is only supported in windows 2012 and later
 module Inspec::Resources
   class IisApp < Inspec.resource(1)
-    name 'iis_app'
-    supports platform: 'windows'
-    desc 'Tests IIS application configuration on windows. Supported in server 2012+ only'
+    name "iis_app"
+    supports platform: "windows"
+    desc "Tests IIS application configuration on windows. Supported in server 2012+ only"
     example <<~EXAMPLE
       describe iis_app('/myapp', 'Default Web Site') do
         it { should exist }
@@ -90,9 +89,9 @@ module Inspec::Resources
       info = {
         site_name: @site_name,
         path: @path,
-        application_pool: app['applicationPool'],
-        physical_path: app['PhysicalPath'],
-        protocols: app['enabledProtocols'],
+        application_pool: app["applicationPool"],
+        physical_path: app["PhysicalPath"],
+        protocols: app["enabledProtocols"],
       }
 
       @cache = info unless info.nil?

data/lib/{resources → inspec/resources}/iis_app_pool.rb

@@ -1,12 +1,14 @@
-# encoding: utf-8
 # frozen_string_literal: true
+
+require "inspec/resources/powershell"
+
 # check for web applications in IIS
 # Note: this is only supported in windows 2012 and later
 
 class IisAppPool < Inspec.resource(1)
-  name 'iis_app_pool'
-  desc 'Tests IIS application pool configuration on windows.'
-  supports platform: 'windows'
+  name "iis_app_pool"
+  desc "Tests IIS application pool configuration on windows."
+  supports platform: "windows"
   example <<~EXAMPLE
     describe iis_app_pool('DefaultAppPool') do
       it { should exist }
@@ -22,7 +24,7 @@ class IisAppPool < Inspec.resource(1)
     @cache = nil
 
     # verify that this resource is only supported on Windows
-    return skip_resource 'The `iis_app_pool` resource is not supported on your OS.' unless inspec.os.windows?
+    return skip_resource "The `iis_app_pool` resource is not supported on your OS." unless inspec.os.windows?
   end
 
   def pool_name
@@ -102,26 +104,26 @@ class IisAppPool < Inspec.resource(1)
     begin
       pool = JSON.parse(cmd.stdout)
     rescue JSON::ParserError => _e
-      raise Inspec::Exceptions::ResourceFailed, 'Unable to parse app pool JSON'
+      raise Inspec::Exceptions::ResourceFailed, "Unable to parse app pool JSON"
     end
 
-    process_model = pool.fetch('processModel', {})
-    idle_timeout = process_model.fetch('idleTimeout', {})
+    process_model = pool.fetch("processModel", {})
+    idle_timeout = process_model.fetch("idleTimeout", {})
 
     # map our values to a hash table
     @cache = {
-      pool_name: pool['name'],
-      version: pool['managedRuntimeVersion'],
-      e32b: pool['enable32BitAppOnWin64'],
-      mode: pool['managedPipelineMode'],
-      processes: process_model['maxProcesses'],
+      pool_name: pool["name"],
+      version: pool["managedRuntimeVersion"],
+      e32b: pool["enable32BitAppOnWin64"],
+      mode: pool["managedPipelineMode"],
+      processes: process_model["maxProcesses"],
       timeout: "#{idle_timeout['Hours']}:#{idle_timeout['Minutes']}:#{idle_timeout['Seconds']}",
-      timeout_days: idle_timeout['Days'],
-      timeout_hours: idle_timeout['Hours'],
-      timeout_minutes: idle_timeout['Minutes'],
-      timeout_seconds: idle_timeout['Seconds'],
-      user_identity_type: process_model['identityType'],
-      username: process_model['userName'],
+      timeout_days: idle_timeout["Days"],
+      timeout_hours: idle_timeout["Hours"],
+      timeout_minutes: idle_timeout["Minutes"],
+      timeout_seconds: idle_timeout["Seconds"],
+      user_identity_type: process_model["identityType"],
+      username: process_model["userName"],
     }
   end
 end

data/lib/{resources → inspec/resources}/iis_site.rb

@@ -1,5 +1,7 @@
-# encoding: utf-8
 # frozen_string_literal: true
+
+require "inspec/resources/command"
+
 # check for site in IIS
 # Usage:
 # describe iis_site('Default Web Site') do
@@ -15,9 +17,9 @@
 
 module Inspec::Resources
   class IisSite < Inspec.resource(1)
-    name 'iis_site'
-    supports platform: 'windows'
-    desc 'Tests IIS site configuration on windows. Supported in server 2012+ only'
+    name "iis_site"
+    supports platform: "windows"
+    desc "Tests IIS site configuration on windows. Supported in server 2012+ only"
     example <<~EXAMPLE
       describe iis_site('Default Web Site') do
         it { should exist }
@@ -36,7 +38,7 @@ module Inspec::Resources
       @site_provider = SiteProvider.new(inspec)
 
       # verify that this resource is only supported on Windows
-      return skip_resource 'The `iis_site` resource is not supported on your OS.' if inspec.os[:family] != 'windows'
+      return skip_resource "The `iis_site` resource is not supported on your OS." if inspec.os[:family] != "windows"
     end
 
     def app_pool
@@ -60,7 +62,7 @@ module Inspec::Resources
     end
 
     def running?
-      iis_site.nil? ? false : (iis_site[:state] == 'Started')
+      iis_site.nil? ? false : (iis_site[:state] == "Started")
     end
 
     def has_app_pool?(app_pool)
@@ -103,17 +105,17 @@ module Inspec::Resources
         return nil
       end
 
-      bindings_array = site['bindings']['Collection'].map { |k|
+      bindings_array = site["bindings"]["Collection"].map do |k|
         "#{k['protocol']} #{k['bindingInformation']}#{k['protocol'] == 'https' ? " sslFlags=#{k['sslFlags']}" : ''}"
-      }
+      end
 
       # map our values to a hash table
       info = {
-        name: site['name'],
-        state: site['state'],
-        path: site['physicalPath'],
+        name: site["name"],
+        state: site["state"],
+        path: site["physicalPath"],
         bindings: bindings_array,
-        app_pool: site['applicationPool'],
+        app_pool: site["applicationPool"],
       }
 
       info
@@ -123,8 +125,8 @@ module Inspec::Resources
   # for compatability with serverspec
   # this is deprecated syntax and will be removed in future versions
   class IisSiteServerSpec < IisSite
-    name 'iis_website'
-    desc 'Tests IIS site configuration on windows. Deprecated, use `iis_site` instead.'
+    name "iis_website"
+    desc "Tests IIS site configuration on windows. Deprecated, use `iis_site` instead."
     example <<~EXAMPLE
       describe iis_website('Default Website') do
         it{ should exist }
@@ -134,7 +136,7 @@ module Inspec::Resources
     EXAMPLE
 
     def initialize(site_name)
-      Inspec.deprecate(:resource_iis_website, 'The `iis_website` resource is deprecated. Please use `iis_site` instead.')
+      Inspec.deprecate(:resource_iis_website, "The `iis_website` resource is deprecated. Please use `iis_site` instead.")
       super(site_name)
     end