inspec-core 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +139 -140
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
@@ -1,13 +1,12 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require
|
4
|
-
require 'hashie/mash'
|
1
|
+
require "pathname"
|
2
|
+
require "hashie/mash"
|
3
|
+
require "inspec/resources/command"
|
5
4
|
|
6
5
|
module Inspec::Resources
|
7
6
|
class Nginx < Inspec.resource(1)
|
8
|
-
name
|
9
|
-
supports platform:
|
10
|
-
desc
|
7
|
+
name "nginx"
|
8
|
+
supports platform: "unix"
|
9
|
+
desc "Use the nginx InSpec audit resource to test information about your NGINX instance."
|
11
10
|
example <<~EXAMPLE
|
12
11
|
describe nginx do
|
13
12
|
its('conf_path') { should cmp '/etc/nginx/nginx.conf' }
|
@@ -21,13 +20,13 @@ module Inspec::Resources
|
|
21
20
|
EXAMPLE
|
22
21
|
attr_reader :params, :bin_dir
|
23
22
|
|
24
|
-
def initialize(nginx_path =
|
25
|
-
return skip_resource
|
26
|
-
return skip_resource
|
23
|
+
def initialize(nginx_path = "/usr/sbin/nginx")
|
24
|
+
return skip_resource "The `nginx` resource is not yet available on your OS." if inspec.os.windows?
|
25
|
+
return skip_resource "The `nginx` binary not found in the path provided." unless inspec.command(nginx_path).exist?
|
27
26
|
|
28
27
|
cmd = inspec.command("#{nginx_path} -V 2>&1")
|
29
|
-
if
|
30
|
-
return skip_resource
|
28
|
+
if cmd.exit_status != 0
|
29
|
+
return skip_resource "Error using the command nginx -V"
|
31
30
|
end
|
32
31
|
@data = cmd.stdout
|
33
32
|
@params = {}
|
@@ -42,17 +41,17 @@ module Inspec::Resources
|
|
42
41
|
|
43
42
|
def openssl_version
|
44
43
|
result = @data.scan(/built with OpenSSL\s(\S+)\s(\d+\s\S+\s\d{4})/).flatten
|
45
|
-
Hashie::Mash.new({
|
44
|
+
Hashie::Mash.new({ "version" => result[0], "date" => result[1] })
|
46
45
|
end
|
47
46
|
|
48
47
|
def compiler_info
|
49
48
|
result = @data.scan(/built by (\S+)\s(\S+)\s(\S+)/).flatten
|
50
|
-
Hashie::Mash.new({
|
49
|
+
Hashie::Mash.new({ "compiler" => result[0], "version" => result[1], "date" => result[2] })
|
51
50
|
end
|
52
51
|
|
53
52
|
def support_info
|
54
53
|
support_info = @data.scan(/(.*\S+) support enabled/).flatten
|
55
|
-
support_info.empty? ? nil : support_info.join(
|
54
|
+
support_info.empty? ? nil : support_info.join(" ")
|
56
55
|
end
|
57
56
|
|
58
57
|
def modules
|
@@ -60,7 +59,7 @@ module Inspec::Resources
|
|
60
59
|
end
|
61
60
|
|
62
61
|
def to_s
|
63
|
-
|
62
|
+
"Nginx Environment"
|
64
63
|
end
|
65
64
|
|
66
65
|
private
|
@@ -73,7 +72,7 @@ module Inspec::Resources
|
|
73
72
|
|
74
73
|
def parse_config
|
75
74
|
@params[:prefix] = @data.scan(/--prefix=(\S+)\s/).flatten.first
|
76
|
-
@params[:service] =
|
75
|
+
@params[:service] = "nginx"
|
77
76
|
@params[:version] = @data.scan(%r{nginx version: nginx\/(\S+)\s}).flatten.first
|
78
77
|
end
|
79
78
|
|
@@ -1,9 +1,7 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require
|
4
|
-
require
|
5
|
-
require 'utils/file_reader'
|
6
|
-
require 'forwardable'
|
1
|
+
require "inspec/utils/nginx_parser"
|
2
|
+
require "inspec/utils/find_files"
|
3
|
+
require "inspec/utils/file_reader"
|
4
|
+
require "forwardable"
|
7
5
|
|
8
6
|
# STABILITY: Experimental
|
9
7
|
# This resouce needs a proper interace to the underlying data, which is currently missing.
|
@@ -14,11 +12,11 @@ require 'forwardable'
|
|
14
12
|
# when running remotely.
|
15
13
|
module Inspec::Resources
|
16
14
|
class NginxConf < Inspec.resource(1)
|
17
|
-
name
|
18
|
-
supports platform:
|
19
|
-
desc
|
20
|
-
|
21
|
-
|
15
|
+
name "nginx_conf"
|
16
|
+
supports platform: "unix"
|
17
|
+
desc "Use the nginx_conf InSpec resource to test configuration data "\
|
18
|
+
"for the NginX web server located in /etc/nginx/nginx.conf on "\
|
19
|
+
"Linux and UNIX platforms."
|
22
20
|
example <<~EXAMPLE
|
23
21
|
describe nginx_conf.params ...
|
24
22
|
describe nginx_conf('/path/to/my/nginx.conf').params ...
|
@@ -32,9 +30,9 @@ module Inspec::Resources
|
|
32
30
|
attr_reader :contents
|
33
31
|
|
34
32
|
def initialize(conf_path = nil)
|
35
|
-
@conf_path = conf_path ||
|
33
|
+
@conf_path = conf_path || "/etc/nginx/nginx.conf"
|
36
34
|
@contents = {}
|
37
|
-
return skip_resource
|
35
|
+
return skip_resource "The `nginx_conf` resource is currently not supported on Windows." if inspec.os.windows?
|
38
36
|
read_content(@conf_path)
|
39
37
|
end
|
40
38
|
|
@@ -46,7 +44,7 @@ module Inspec::Resources
|
|
46
44
|
end
|
47
45
|
|
48
46
|
def http
|
49
|
-
NginxConfHttp.new(params[
|
47
|
+
NginxConfHttp.new(params["http"], self)
|
50
48
|
end
|
51
49
|
|
52
50
|
def_delegators :http, :servers, :locations
|
@@ -91,8 +89,8 @@ module Inspec::Resources
|
|
91
89
|
|
92
90
|
# Any call to `include` gets its data read, parsed, and merged back
|
93
91
|
# into the current data structure
|
94
|
-
if data.key?(
|
95
|
-
data.delete(
|
92
|
+
if data.key?("include")
|
93
|
+
data.delete("include").flatten
|
96
94
|
.map { |x| File.expand_path(x, rel_path) }
|
97
95
|
.map { |x| find_files(x) }.flatten
|
98
96
|
.map { |path| parse_nginx(path) }
|
@@ -143,7 +141,7 @@ module Inspec::Resources
|
|
143
141
|
end
|
144
142
|
|
145
143
|
def to_s
|
146
|
-
@parent.to_s +
|
144
|
+
@parent.to_s + ", http entries"
|
147
145
|
end
|
148
146
|
alias inspect to_s
|
149
147
|
end
|
@@ -156,7 +154,7 @@ module Inspec::Resources
|
|
156
154
|
end
|
157
155
|
|
158
156
|
filter = FilterTable.create
|
159
|
-
filter.register_column(:servers, field:
|
157
|
+
filter.register_column(:servers, field: "server")
|
160
158
|
.install_filter_methods_on_resource(self, :server_table)
|
161
159
|
|
162
160
|
def locations
|
@@ -164,18 +162,18 @@ module Inspec::Resources
|
|
164
162
|
end
|
165
163
|
|
166
164
|
def to_s
|
167
|
-
@parent.to_s +
|
165
|
+
@parent.to_s + ", http entry"
|
168
166
|
end
|
169
167
|
alias inspect to_s
|
170
168
|
|
171
169
|
private
|
172
170
|
|
173
171
|
def server_table
|
174
|
-
@server_table ||= (params[
|
172
|
+
@server_table ||= (params["server"] || []).map { |x| { "server" => NginxConfServer.new(x, self) } }
|
175
173
|
end
|
176
174
|
end
|
177
175
|
|
178
|
-
class NginxConfServer
|
176
|
+
class NginxConfServer # TODO: rename NginxServer
|
179
177
|
attr_reader :params, :parent
|
180
178
|
def initialize(params, parent)
|
181
179
|
@parent = parent
|
@@ -183,15 +181,15 @@ module Inspec::Resources
|
|
183
181
|
end
|
184
182
|
|
185
183
|
filter = FilterTable.create
|
186
|
-
filter.register_column(:locations, field:
|
184
|
+
filter.register_column(:locations, field: "location")
|
187
185
|
.install_filter_methods_on_resource(self, :location_table)
|
188
186
|
|
189
187
|
def to_s
|
190
|
-
server =
|
191
|
-
name = Array(params[
|
188
|
+
server = ""
|
189
|
+
name = Array(params["server_name"]).flatten.first
|
192
190
|
unless name.nil?
|
193
191
|
server += name
|
194
|
-
listen = Array(params[
|
192
|
+
listen = Array(params["listen"]).flatten.first
|
195
193
|
server += ":#{listen}" unless listen.nil?
|
196
194
|
end
|
197
195
|
|
@@ -203,7 +201,7 @@ module Inspec::Resources
|
|
203
201
|
private
|
204
202
|
|
205
203
|
def location_table
|
206
|
-
@location_table ||= (params[
|
204
|
+
@location_table ||= (params["location"] || []).map { |x| { "location" => NginxConfLocation.new(x, self) } }
|
207
205
|
end
|
208
206
|
end
|
209
207
|
|
@@ -215,8 +213,9 @@ module Inspec::Resources
|
|
215
213
|
end
|
216
214
|
|
217
215
|
def to_s
|
218
|
-
location = Array(params[
|
216
|
+
location = Array(params["_"]).join(" ")
|
219
217
|
# go three levels up: 1. to the server entry, 2. http entry and 3. to the root nginx conf
|
218
|
+
# TODO: fix parent.parent.parent
|
220
219
|
@parent.parent.parent.to_s + ", location #{location.inspect}"
|
221
220
|
end
|
222
221
|
alias inspect to_s
|
@@ -1,13 +1,12 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require 'shellwords'
|
1
|
+
require "inspec/resources/command"
|
2
|
+
require "shellwords"
|
4
3
|
|
5
4
|
module Inspec::Resources
|
6
5
|
class NpmPackage < Inspec.resource(1)
|
7
|
-
name
|
8
|
-
supports platform:
|
9
|
-
supports platform:
|
10
|
-
desc
|
6
|
+
name "npm"
|
7
|
+
supports platform: "unix"
|
8
|
+
supports platform: "windows"
|
9
|
+
desc "Use the npm InSpec audit resource to test if a global npm package is installed. npm is the the package manager for Nodejs packages, such as bower and StatsD."
|
11
10
|
example <<~EXAMPLE
|
12
11
|
describe npm('bower') do
|
13
12
|
it { should be_installed }
|
@@ -30,19 +29,19 @@ module Inspec::Resources
|
|
30
29
|
if @location
|
31
30
|
npm = "cd #{Shellwords.escape @location} && npm"
|
32
31
|
else
|
33
|
-
npm =
|
32
|
+
npm = "npm -g"
|
34
33
|
end
|
35
34
|
|
36
35
|
cmd = inspec.command("#{npm} ls --json #{@package_name}")
|
37
36
|
@info = {
|
38
37
|
name: @package_name,
|
39
|
-
type:
|
38
|
+
type: "npm",
|
40
39
|
installed: cmd.exit_status == 0,
|
41
40
|
}
|
42
41
|
return @info unless @info[:installed]
|
43
42
|
|
44
43
|
pkgs = JSON.parse(cmd.stdout)
|
45
|
-
@info[:version] = pkgs[
|
44
|
+
@info[:version] = pkgs["dependencies"][@package_name]["version"]
|
46
45
|
@info
|
47
46
|
end
|
48
47
|
|
@@ -1,14 +1,13 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# copyright: 2015, Vulcano Security GmbH
|
3
2
|
|
4
|
-
require
|
5
|
-
require
|
3
|
+
require "inspec/utils/simpleconfig"
|
4
|
+
require "inspec/utils/file_reader"
|
6
5
|
|
7
6
|
module Inspec::Resources
|
8
7
|
class NtpConf < Inspec.resource(1)
|
9
|
-
name
|
10
|
-
supports platform:
|
11
|
-
desc
|
8
|
+
name "ntp_conf"
|
9
|
+
supports platform: "unix"
|
10
|
+
desc "Use the ntp_conf InSpec audit resource to test the synchronization settings defined in the ntp.conf file. This file is typically located at /etc/ntp.conf."
|
12
11
|
example <<~EXAMPLE
|
13
12
|
describe ntp_conf do
|
14
13
|
its('server') { should_not eq nil }
|
@@ -19,19 +18,19 @@ module Inspec::Resources
|
|
19
18
|
include FileReader
|
20
19
|
|
21
20
|
def initialize(path = nil)
|
22
|
-
@conf_path = path ||
|
21
|
+
@conf_path = path || "/etc/ntp.conf"
|
23
22
|
@content = read_file_content(@conf_path)
|
24
23
|
end
|
25
24
|
|
26
25
|
def method_missing(name)
|
27
26
|
param = read_params[name.to_s]
|
28
27
|
# extract first value if we have only one value in array
|
29
|
-
return param[0] if param.is_a?(Array)
|
28
|
+
return param[0] if param.is_a?(Array) && (param.length == 1)
|
30
29
|
param
|
31
30
|
end
|
32
31
|
|
33
32
|
def to_s
|
34
|
-
|
33
|
+
"ntp.conf"
|
35
34
|
end
|
36
35
|
|
37
36
|
private
|
@@ -43,7 +42,7 @@ module Inspec::Resources
|
|
43
42
|
conf = SimpleConfig.new(
|
44
43
|
@content,
|
45
44
|
assignment_regex: /^\s*(\S+)\s+(.*)\s*$/,
|
46
|
-
multiple_values: true
|
45
|
+
multiple_values: true
|
47
46
|
)
|
48
47
|
@params = conf.params
|
49
48
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
|
1
|
+
require "inspec/resources/command"
|
2
2
|
|
3
3
|
# This resource talks with OneGet (https://github.com/OneGet/oneget)
|
4
4
|
# Its part of Windows Management Framework 5.0 and part of Windows 10
|
@@ -9,9 +9,9 @@
|
|
9
9
|
# end
|
10
10
|
module Inspec::Resources
|
11
11
|
class OneGetPackage < Inspec.resource(1)
|
12
|
-
name
|
13
|
-
supports platform:
|
14
|
-
desc
|
12
|
+
name "oneget"
|
13
|
+
supports platform: "windows"
|
14
|
+
desc "Use the oneget InSpec audit resource to test if the named package and/or package version is installed on the system. This resource uses OneGet, which is part of the Windows Management Framework 5.0 and Windows 10. This resource uses the Get-Package cmdlet to return all of the package names in the OneGet repository."
|
15
15
|
example <<~EXAMPLE
|
16
16
|
describe oneget('zoomit') do
|
17
17
|
it { should be_installed }
|
@@ -23,14 +23,14 @@ module Inspec::Resources
|
|
23
23
|
@package_name = package_name
|
24
24
|
|
25
25
|
# verify that this resource is only supported on Windows
|
26
|
-
return skip_resource
|
26
|
+
return skip_resource "The `oneget` resource is not supported on your OS." if !inspec.os.windows?
|
27
27
|
end
|
28
28
|
|
29
29
|
def info
|
30
30
|
return @info if defined?(@info)
|
31
31
|
|
32
32
|
@info = {}
|
33
|
-
@info[:type] =
|
33
|
+
@info[:type] = "oneget"
|
34
34
|
@info[:installed] = false
|
35
35
|
|
36
36
|
cmd = inspec.command("Get-Package -Name '#{@package_name}' | ConvertTo-Json")
|
@@ -51,8 +51,8 @@ module Inspec::Resources
|
|
51
51
|
return @info
|
52
52
|
end
|
53
53
|
|
54
|
-
@info[:name] = pkgs[
|
55
|
-
@info[:version] = pkgs[
|
54
|
+
@info[:name] = pkgs["Name"] if pkgs.key?("Name")
|
55
|
+
@info[:version] = pkgs["Version"] if pkgs.key?("Version")
|
56
56
|
@info
|
57
57
|
end
|
58
58
|
|
@@ -1,20 +1,19 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require
|
4
|
-
require
|
5
|
-
require
|
6
|
-
require
|
7
|
-
require 'csv'
|
1
|
+
require "inspec/resources/command"
|
2
|
+
require "hashie/mash"
|
3
|
+
require "inspec/utils/database_helpers"
|
4
|
+
require "htmlentities"
|
5
|
+
require "rexml/document"
|
6
|
+
require "csv"
|
8
7
|
|
9
8
|
module Inspec::Resources
|
10
9
|
# STABILITY: Experimental
|
11
10
|
# This resource needs further testing and refinement
|
12
11
|
#
|
13
12
|
class OracledbSession < Inspec.resource(1)
|
14
|
-
name
|
15
|
-
supports platform:
|
16
|
-
supports platform:
|
17
|
-
desc
|
13
|
+
name "oracledb_session"
|
14
|
+
supports platform: "unix"
|
15
|
+
supports platform: "windows"
|
16
|
+
desc "Use the oracledb_session InSpec resource to test commands against an Oracle database"
|
18
17
|
example <<~EXAMPLE
|
19
18
|
sql = oracledb_session(user: 'my_user', pass: 'password')
|
20
19
|
describe sql.query(\"SELECT UPPER(VALUE) AS VALUE FROM V$PARAMETER WHERE UPPER(NAME)='AUDIT_SYS_OPERATIONS'\").row(0).column('value') do
|
@@ -28,11 +27,11 @@ module Inspec::Resources
|
|
28
27
|
@user = opts[:user]
|
29
28
|
@password = opts[:password] || opts[:pass]
|
30
29
|
if opts[:pass]
|
31
|
-
Inspec.deprecate(:oracledb_session_pass_option,
|
30
|
+
Inspec.deprecate(:oracledb_session_pass_option, "The oracledb_session `pass` option is deprecated. Please use `password`.")
|
32
31
|
end
|
33
32
|
|
34
|
-
@host = opts[:host] ||
|
35
|
-
@port = opts[:port] ||
|
33
|
+
@host = opts[:host] || "localhost"
|
34
|
+
@port = opts[:port] || "1521"
|
36
35
|
@service = opts[:service]
|
37
36
|
|
38
37
|
# connection as sysdba stuff
|
@@ -41,21 +40,21 @@ module Inspec::Resources
|
|
41
40
|
@db_role = opts[:as_db_role]
|
42
41
|
|
43
42
|
# we prefer sqlci although it is way slower than sqlplus, but it understands csv properly
|
44
|
-
@sqlcl_bin =
|
45
|
-
@sqlplus_bin = opts[:sqlplus_bin] ||
|
43
|
+
@sqlcl_bin = "sql" unless opts.key?(:sqlplus_bin) # don't use it if user specified sqlplus_bin option
|
44
|
+
@sqlplus_bin = opts[:sqlplus_bin] || "sqlplus"
|
46
45
|
|
47
46
|
return fail_resource "Can't run Oracle checks without authentication" if @su_user.nil? && (@user.nil? || @password.nil?)
|
48
|
-
return fail_resource
|
47
|
+
return fail_resource "You must provide a service name for the session" if @service.nil?
|
49
48
|
end
|
50
49
|
|
51
50
|
def query(q)
|
52
51
|
escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"')
|
53
52
|
# escape tables with $
|
54
|
-
escaped_query = escaped_query.gsub(
|
53
|
+
escaped_query = escaped_query.gsub("$", '\\$')
|
55
54
|
|
56
55
|
p = nil
|
57
56
|
# use sqlplus if sqlcl is not available
|
58
|
-
if @sqlcl_bin
|
57
|
+
if @sqlcl_bin && inspec.command(@sqlcl_bin).exist?
|
59
58
|
bin = @sqlcl_bin
|
60
59
|
opts = "set sqlformat csv\nSET FEEDBACK OFF"
|
61
60
|
p = :parse_csv_result
|
@@ -66,7 +65,7 @@ module Inspec::Resources
|
|
66
65
|
end
|
67
66
|
|
68
67
|
query = verify_query(escaped_query)
|
69
|
-
query +=
|
68
|
+
query += ";" unless query.end_with?(";")
|
70
69
|
if @db_role.nil?
|
71
70
|
command = %{#{bin} "#{@user}"/"#{@password}"@#{@host}:#{@port}/#{@service} <<EOC\n#{opts}\n#{query}\nEXIT\nEOC}
|
72
71
|
elsif @su_user.nil?
|
@@ -87,14 +86,14 @@ module Inspec::Resources
|
|
87
86
|
end
|
88
87
|
|
89
88
|
def to_s
|
90
|
-
|
89
|
+
"Oracle Session"
|
91
90
|
end
|
92
91
|
|
93
92
|
private
|
94
93
|
|
95
94
|
def verify_query(query)
|
96
95
|
# ensure we have a ; at the end
|
97
|
-
query +
|
96
|
+
query + ";" if !query.strip.end_with?(";")
|
98
97
|
query
|
99
98
|
end
|
100
99
|
|
@@ -105,44 +104,44 @@ module Inspec::Resources
|
|
105
104
|
# convert to hash
|
106
105
|
headers = table.headers
|
107
106
|
|
108
|
-
results = table.map
|
107
|
+
results = table.map do |row|
|
109
108
|
res = {}
|
110
|
-
headers.each
|
109
|
+
headers.each do |header|
|
111
110
|
res[header.downcase] = row[header]
|
112
|
-
|
111
|
+
end
|
113
112
|
Hashie::Mash.new(res)
|
114
|
-
|
113
|
+
end
|
115
114
|
results
|
116
115
|
end
|
117
116
|
|
118
117
|
def parse_html_result(stdout) # rubocop:disable Metrics/AbcSize
|
119
118
|
result = stdout
|
120
119
|
# make oracle html valid html by removing the p tag, it does not include a closing tag
|
121
|
-
result = result.gsub(
|
120
|
+
result = result.gsub("<p>", "").gsub("</p>", "").gsub("<br>", "")
|
122
121
|
doc = REXML::Document.new result
|
123
|
-
table = doc.elements[
|
122
|
+
table = doc.elements["table"]
|
124
123
|
hash = []
|
125
124
|
if !table.nil?
|
126
125
|
rows = table.elements.to_a
|
127
|
-
headers = rows[0].elements.to_a(
|
126
|
+
headers = rows[0].elements.to_a("th").map { |entry| entry.text.strip }
|
128
127
|
rows.delete_at(0)
|
129
128
|
|
130
129
|
# iterate over each row, first row is header
|
131
130
|
hash = []
|
132
131
|
if !rows.nil? && !rows.empty?
|
133
|
-
hash = rows.map
|
132
|
+
hash = rows.map do |row|
|
134
133
|
res = {}
|
135
|
-
entries = row.elements.to_a(
|
134
|
+
entries = row.elements.to_a("td")
|
136
135
|
# ignore if we have empty entries, oracle is adding th rows in between
|
137
136
|
return nil if entries.empty?
|
138
|
-
headers.each_with_index
|
137
|
+
headers.each_with_index do |header, index|
|
139
138
|
# we need htmlentities since we do not have nokogiri
|
140
139
|
coder = HTMLEntities.new
|
141
140
|
val = coder.decode(entries[index].text).strip
|
142
141
|
res[header.downcase] = val
|
143
|
-
|
142
|
+
end
|
144
143
|
Hashie::Mash.new(res)
|
145
|
-
|
144
|
+
end.compact
|
146
145
|
end
|
147
146
|
end
|
148
147
|
hash
|