inspec-core 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +139 -140
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
@@ -1,13 +1,11 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require 'resources/platform'
|
1
|
+
require "inspec/resources/platform"
|
4
2
|
|
5
3
|
module Inspec::Resources
|
6
4
|
class OSResource < PlatformResource
|
7
|
-
name
|
8
|
-
supports platform:
|
9
|
-
supports platform:
|
10
|
-
desc
|
5
|
+
name "os"
|
6
|
+
supports platform: "unix"
|
7
|
+
supports platform: "windows"
|
8
|
+
desc "Use the os InSpec audit resource to test the platform on which the system is running."
|
11
9
|
example <<~EXAMPLE
|
12
10
|
describe os[:family] do
|
13
11
|
it { should eq 'redhat' }
|
@@ -30,7 +28,7 @@ module Inspec::Resources
|
|
30
28
|
end
|
31
29
|
|
32
30
|
def to_s
|
33
|
-
|
31
|
+
"Operating System Detection"
|
34
32
|
end
|
35
33
|
end
|
36
34
|
end
|
@@ -1,4 +1,3 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# copyright: 2015, Vulcano Security GmbH
|
3
2
|
|
4
3
|
# Usage:
|
@@ -8,14 +7,14 @@
|
|
8
7
|
# its('split') { should_not include('.') }
|
9
8
|
# end
|
10
9
|
|
11
|
-
require
|
10
|
+
require "inspec/utils/simpleconfig"
|
12
11
|
|
13
12
|
module Inspec::Resources
|
14
13
|
class OsEnv < Inspec.resource(1)
|
15
|
-
name
|
16
|
-
supports platform:
|
17
|
-
supports platform:
|
18
|
-
desc
|
14
|
+
name "os_env"
|
15
|
+
supports platform: "unix"
|
16
|
+
supports platform: "windows"
|
17
|
+
desc "Use the os_env InSpec audit resource to test the environment variables for the platform on which the system is running."
|
19
18
|
example <<~EXAMPLE
|
20
19
|
describe os_env('VARIABLE') do
|
21
20
|
its('matcher') { should eq 1 }
|
@@ -25,10 +24,10 @@ module Inspec::Resources
|
|
25
24
|
def initialize(env = nil, target = nil)
|
26
25
|
@osenv = env
|
27
26
|
@target = unless target.nil?
|
28
|
-
if target.casecmp(
|
29
|
-
|
27
|
+
if target.casecmp("system") == 0
|
28
|
+
"Machine"
|
30
29
|
else
|
31
|
-
|
30
|
+
"User"
|
32
31
|
end
|
33
32
|
end
|
34
33
|
end
|
@@ -36,7 +35,7 @@ module Inspec::Resources
|
|
36
35
|
def split
|
37
36
|
# we can't take advantage of `File::PATH_SEPARATOR` as code is
|
38
37
|
# evaluated on the host machine
|
39
|
-
path_separator = inspec.os.windows? ?
|
38
|
+
path_separator = inspec.os.windows? ? ";" : ":"
|
40
39
|
# -1 is required to catch cases like dir1::dir2:
|
41
40
|
# where we have a trailing :
|
42
41
|
content.nil? ? [] : content.split(path_separator, -1)
|
@@ -49,7 +48,7 @@ module Inspec::Resources
|
|
49
48
|
|
50
49
|
def to_s
|
51
50
|
if @osenv.nil?
|
52
|
-
|
51
|
+
"Environment variables"
|
53
52
|
else
|
54
53
|
"Environment variable #{@osenv}"
|
55
54
|
end
|
@@ -65,7 +64,7 @@ module Inspec::Resources
|
|
65
64
|
"[System.Environment]::GetEnvironmentVariable('#{env}', [System.EnvironmentVariableTarget]::#{target})"
|
66
65
|
end
|
67
66
|
else
|
68
|
-
|
67
|
+
"env"
|
69
68
|
end
|
70
69
|
|
71
70
|
out = inspec.command(command)
|
@@ -1,4 +1,5 @@
|
|
1
|
-
|
1
|
+
require "inspec/resources/directory"
|
2
|
+
require "inspec/utils/simpleconfig"
|
2
3
|
|
3
4
|
# Resource to determine package information
|
4
5
|
#
|
@@ -8,10 +9,10 @@
|
|
8
9
|
# end
|
9
10
|
module Inspec::Resources
|
10
11
|
class Package < Inspec.resource(1)
|
11
|
-
name
|
12
|
-
supports platform:
|
13
|
-
supports platform:
|
14
|
-
desc
|
12
|
+
name "package"
|
13
|
+
supports platform: "unix"
|
14
|
+
supports platform: "windows"
|
15
|
+
desc "Use the package InSpec audit resource to test if the named package and/or package version is installed on the system."
|
15
16
|
example <<~EXAMPLE
|
16
17
|
describe package('nginx') do
|
17
18
|
it { should be_installed }
|
@@ -31,22 +32,22 @@ module Inspec::Resources
|
|
31
32
|
@pkgman = Deb.new(inspec)
|
32
33
|
elsif os.redhat? || %w{suse amazon fedora}.include?(os[:family])
|
33
34
|
@pkgman = Rpm.new(inspec, opts)
|
34
|
-
elsif [
|
35
|
+
elsif ["arch"].include?(os[:name])
|
35
36
|
@pkgman = Pacman.new(inspec)
|
36
|
-
elsif [
|
37
|
+
elsif ["darwin"].include?(os[:family])
|
37
38
|
@pkgman = Brew.new(inspec)
|
38
39
|
elsif os.windows?
|
39
40
|
@pkgman = WindowsPkg.new(inspec)
|
40
|
-
elsif [
|
41
|
+
elsif ["aix"].include?(os[:family])
|
41
42
|
@pkgman = BffPkg.new(inspec)
|
42
43
|
elsif os.solaris?
|
43
44
|
@pkgman = SolarisPkg.new(inspec)
|
44
|
-
elsif [
|
45
|
+
elsif ["hpux"].include?(os[:family])
|
45
46
|
@pkgman = HpuxPkg.new(inspec)
|
46
|
-
elsif [
|
47
|
+
elsif ["alpine"].include?(os[:name])
|
47
48
|
@pkgman = AlpinePkg.new(inspec)
|
48
49
|
else
|
49
|
-
raise Inspec::Exceptions::ResourceSkipped,
|
50
|
+
raise Inspec::Exceptions::ResourceSkipped, "The `package` resource is not supported on your OS yet."
|
50
51
|
end
|
51
52
|
|
52
53
|
evaluate_missing_requirements
|
@@ -85,7 +86,7 @@ module Inspec::Resources
|
|
85
86
|
private
|
86
87
|
|
87
88
|
def evaluate_missing_requirements
|
88
|
-
missing_requirements_string = @pkgman.missing_requirements.uniq.join(
|
89
|
+
missing_requirements_string = @pkgman.missing_requirements.uniq.join(", ")
|
89
90
|
return if missing_requirements_string.empty?
|
90
91
|
raise Inspec::Exceptions::ResourceSkipped, "The following requirements are not met for this resource: #{missing_requirements_string}"
|
91
92
|
end
|
@@ -113,18 +114,18 @@ module Inspec::Resources
|
|
113
114
|
params = SimpleConfig.new(
|
114
115
|
cmd.stdout.chomp,
|
115
116
|
assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
|
116
|
-
multiple_values: false
|
117
|
+
multiple_values: false
|
117
118
|
).params
|
118
119
|
# If the package is installed, Status is "install ok installed"
|
119
120
|
# If the package is installed and marked hold, Status is "hold ok installed"
|
120
121
|
# If the package is removed and not purged, Status is "deinstall ok config-files" with exit_status 0
|
121
122
|
# If the package is purged cmd fails with non-zero exit status
|
122
123
|
{
|
123
|
-
name: params[
|
124
|
-
installed: params[
|
125
|
-
held: params[
|
126
|
-
version: params[
|
127
|
-
type:
|
124
|
+
name: params["Package"],
|
125
|
+
installed: params["Status"].split(" ")[2] == "installed",
|
126
|
+
held: params["Status"].split(" ")[0] == "hold",
|
127
|
+
version: params["Version"],
|
128
|
+
type: "deb",
|
128
129
|
}
|
129
130
|
end
|
130
131
|
end
|
@@ -156,35 +157,35 @@ module Inspec::Resources
|
|
156
157
|
params = SimpleConfig.new(
|
157
158
|
cmd.stdout.chomp,
|
158
159
|
assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
|
159
|
-
multiple_values: false
|
160
|
+
multiple_values: false
|
160
161
|
).params
|
161
162
|
# On some (all?) systems, the linebreak before the vendor line is missing
|
162
|
-
if params[
|
163
|
-
v = params[
|
163
|
+
if params["Version"] =~ /\s*Vendor:/
|
164
|
+
v = params["Version"].split(" ")[0]
|
164
165
|
else
|
165
|
-
v = params[
|
166
|
+
v = params["Version"]
|
166
167
|
end
|
167
168
|
# On some (all?) systems, the linebreak before the build line is missing
|
168
|
-
if params[
|
169
|
-
r = params[
|
169
|
+
if params["Release"] =~ /\s*Build Date:/
|
170
|
+
r = params["Release"].split(" ")[0]
|
170
171
|
else
|
171
|
-
r = params[
|
172
|
+
r = params["Release"]
|
172
173
|
end
|
173
174
|
{
|
174
|
-
name: params[
|
175
|
+
name: params["Name"],
|
175
176
|
installed: true,
|
176
177
|
version: "#{v}-#{r}",
|
177
|
-
type:
|
178
|
+
type: "rpm",
|
178
179
|
}
|
179
180
|
end
|
180
181
|
|
181
182
|
private
|
182
183
|
|
183
184
|
def rpm_command(package_name)
|
184
|
-
cmd =
|
185
|
-
cmd +=
|
185
|
+
cmd = ""
|
186
|
+
cmd += "rpm -qi"
|
186
187
|
cmd += " --dbpath #{@dbpath}" if @dbpath
|
187
|
-
cmd +=
|
188
|
+
cmd += " " + package_name
|
188
189
|
|
189
190
|
cmd
|
190
191
|
end
|
@@ -193,7 +194,7 @@ module Inspec::Resources
|
|
193
194
|
# MacOS / Darwin implementation
|
194
195
|
class Brew < PkgManagement
|
195
196
|
def info(package_name)
|
196
|
-
brew_path = inspec.command(
|
197
|
+
brew_path = inspec.command("brew").exist? ? "brew" : "/usr/local/bin/brew"
|
197
198
|
cmd = inspec.command("#{brew_path} info --json=v1 #{package_name}")
|
198
199
|
|
199
200
|
# If no available formula exists, then `brew` will exit non-zero
|
@@ -203,17 +204,17 @@ module Inspec::Resources
|
|
203
204
|
|
204
205
|
# If package exists but is not installed, then `brew` output will not
|
205
206
|
# contain `pkg['installed'][0]['version']
|
206
|
-
return {} unless pkg.dig(
|
207
|
+
return {} unless pkg.dig("installed", 0, "version")
|
207
208
|
|
208
209
|
{
|
209
|
-
name: pkg[
|
210
|
+
name: pkg["name"],
|
210
211
|
installed: true,
|
211
|
-
version: pkg[
|
212
|
-
type:
|
212
|
+
version: pkg["installed"][0]["version"],
|
213
|
+
type: "brew",
|
213
214
|
}
|
214
215
|
rescue JSON::ParserError => e
|
215
216
|
raise Inspec::Exceptions::ResourceFailed,
|
216
|
-
|
217
|
+
"Failed to parse JSON from `brew` command. " \
|
217
218
|
"Error: #{e}"
|
218
219
|
end
|
219
220
|
end
|
@@ -227,14 +228,14 @@ module Inspec::Resources
|
|
227
228
|
params = SimpleConfig.new(
|
228
229
|
cmd.stdout.chomp,
|
229
230
|
assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
|
230
|
-
multiple_values: false
|
231
|
+
multiple_values: false
|
231
232
|
).params
|
232
233
|
|
233
234
|
{
|
234
|
-
name: params[
|
235
|
+
name: params["Name"],
|
235
236
|
installed: true,
|
236
|
-
version: params[
|
237
|
-
type:
|
237
|
+
version: params["Version"],
|
238
|
+
type: "pacman",
|
238
239
|
}
|
239
240
|
end
|
240
241
|
end
|
@@ -243,12 +244,12 @@ module Inspec::Resources
|
|
243
244
|
def info(package_name)
|
244
245
|
cmd = inspec.command("swlist -l product | grep #{package_name}")
|
245
246
|
return {} if cmd.exit_status.to_i != 0
|
246
|
-
pkg = cmd.stdout.strip.split(
|
247
|
+
pkg = cmd.stdout.strip.split(" ")
|
247
248
|
{
|
248
249
|
name: pkg[0],
|
249
250
|
installed: true,
|
250
251
|
version: pkg[1],
|
251
|
-
type:
|
252
|
+
type: "pkg",
|
252
253
|
}
|
253
254
|
end
|
254
255
|
end
|
@@ -259,13 +260,13 @@ module Inspec::Resources
|
|
259
260
|
return {} if cmd.exit_status.to_i != 0
|
260
261
|
|
261
262
|
pkg_info = cmd.stdout.split("\n").delete_if { |e| e =~ /^WARNING/i }
|
262
|
-
pkg = pkg_info[0].split(
|
263
|
+
pkg = pkg_info[0].split(" - ")[0]
|
263
264
|
|
264
265
|
{
|
265
|
-
name: pkg.partition(
|
266
|
+
name: pkg.partition("-")[0],
|
266
267
|
installed: true,
|
267
|
-
version: pkg.partition(
|
268
|
-
type:
|
268
|
+
version: pkg.partition("-")[2],
|
269
|
+
type: "pkg",
|
269
270
|
}
|
270
271
|
end
|
271
272
|
end
|
@@ -280,13 +281,13 @@ module Inspec::Resources
|
|
280
281
|
]
|
281
282
|
|
282
283
|
# add 64 bit search paths
|
283
|
-
if inspec.os.arch ==
|
284
|
+
if inspec.os.arch == "x86_64"
|
284
285
|
search_paths << 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*'
|
285
286
|
search_paths << 'HKCU:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*'
|
286
287
|
end
|
287
288
|
|
288
289
|
# Find the package
|
289
|
-
cmd = inspec.command <<-EOF.gsub(/^\s*/,
|
290
|
+
cmd = inspec.command <<-EOF.gsub(/^\s*/, "")
|
290
291
|
Get-ItemProperty (@("#{search_paths.join('", "')}") | Where-Object { Test-Path $_ }) |
|
291
292
|
Where-Object { $_.DisplayName -match "^\s*#{package_name.shellescape}\.*" -or $_.PSChildName -match "^\s*#{package_name.shellescape}\.*" } |
|
292
293
|
Select-Object -Property DisplayName,DisplayVersion | ConvertTo-Json
|
@@ -296,13 +297,13 @@ module Inspec::Resources
|
|
296
297
|
# above command. Instead, if no package is found the output of the command
|
297
298
|
# will be `''` so we can use that to return `{}` to match the behavior of
|
298
299
|
# other package managers.
|
299
|
-
return {} if cmd.stdout ==
|
300
|
+
return {} if cmd.stdout == ""
|
300
301
|
|
301
302
|
begin
|
302
303
|
package = JSON.parse(cmd.stdout)
|
303
304
|
rescue JSON::ParserError => e
|
304
305
|
raise Inspec::Exceptions::ResourceFailed,
|
305
|
-
|
306
|
+
"Failed to parse JSON from PowerShell. " \
|
306
307
|
"Error: #{e}"
|
307
308
|
end
|
308
309
|
|
@@ -310,10 +311,10 @@ module Inspec::Resources
|
|
310
311
|
package = package[0] if package.is_a?(Array)
|
311
312
|
|
312
313
|
{
|
313
|
-
name: package[
|
314
|
+
name: package["DisplayName"],
|
314
315
|
installed: true,
|
315
|
-
version: package[
|
316
|
-
type:
|
316
|
+
version: package["DisplayVersion"],
|
317
|
+
type: "windows",
|
317
318
|
}
|
318
319
|
end
|
319
320
|
end
|
@@ -324,12 +325,12 @@ module Inspec::Resources
|
|
324
325
|
cmd = inspec.command("lslpp -cL #{package_name}")
|
325
326
|
return {} if cmd.exit_status.to_i != 0
|
326
327
|
|
327
|
-
bff_pkg = cmd.stdout.split("\n").last.split(
|
328
|
+
bff_pkg = cmd.stdout.split("\n").last.split(":")
|
328
329
|
{
|
329
|
-
name:
|
330
|
+
name: bff_pkg[1],
|
330
331
|
installed: true,
|
331
|
-
version:
|
332
|
-
type:
|
332
|
+
version: bff_pkg[2],
|
333
|
+
type: "bff",
|
333
334
|
}
|
334
335
|
end
|
335
336
|
end
|
@@ -352,16 +353,16 @@ module Inspec::Resources
|
|
352
353
|
params = SimpleConfig.new(
|
353
354
|
cmd.stdout.chomp,
|
354
355
|
assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
|
355
|
-
multiple_values: false
|
356
|
+
multiple_values: false
|
356
357
|
).params
|
357
358
|
|
358
359
|
# parse 11.10.0,REV=2006.05.18.01.46
|
359
|
-
v = params[
|
360
|
+
v = params["VERSION"].split(",")
|
360
361
|
{
|
361
|
-
name: params[
|
362
|
+
name: params["PKGINST"],
|
362
363
|
installed: true,
|
363
|
-
version: v[0] +
|
364
|
-
type:
|
364
|
+
version: v[0] + "-" + v[1].split("=")[1],
|
365
|
+
type: "pkg",
|
365
366
|
}
|
366
367
|
end
|
367
368
|
|
@@ -373,15 +374,15 @@ module Inspec::Resources
|
|
373
374
|
params = SimpleConfig.new(
|
374
375
|
cmd.stdout.chomp,
|
375
376
|
assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
|
376
|
-
multiple_values: false
|
377
|
+
multiple_values: false
|
377
378
|
).params
|
378
379
|
|
379
380
|
{
|
380
|
-
name: params[
|
381
|
+
name: params["Name"],
|
381
382
|
installed: true,
|
382
383
|
# 0.5.11-0.175.3.1.0.5.0
|
383
384
|
version: "#{params['Version']}-#{params['Branch']}",
|
384
|
-
type:
|
385
|
+
type: "pkg",
|
385
386
|
}
|
386
387
|
end
|
387
388
|
end
|
@@ -1,13 +1,13 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# copyright: 2017, Chef Software, Inc. <legal@chef.io>
|
3
2
|
|
4
|
-
require
|
3
|
+
require "inspec/utils/filter"
|
4
|
+
require "inspec/resources/command"
|
5
5
|
|
6
6
|
module Inspec::Resources
|
7
7
|
class Packages < Inspec.resource(1)
|
8
|
-
name
|
9
|
-
supports platform:
|
10
|
-
desc
|
8
|
+
name "packages"
|
9
|
+
supports platform: "unix"
|
10
|
+
desc "Use the packages InSpec audit resource to test properties for multiple packages installed on the system"
|
11
11
|
example <<~EXAMPLE
|
12
12
|
describe packages(/xserver-xorg.*/) do
|
13
13
|
its('entries') { should be_empty }
|
@@ -42,10 +42,10 @@ module Inspec::Resources
|
|
42
42
|
end
|
43
43
|
|
44
44
|
filter = FilterTable.create
|
45
|
-
filter.register_column(:statuses, field:
|
46
|
-
.register_column(:names, field:
|
47
|
-
.register_column(:versions, field:
|
48
|
-
.register_column(:architectures, field:
|
45
|
+
filter.register_column(:statuses, field: "status", style: :simple)
|
46
|
+
.register_column(:names, field: "name")
|
47
|
+
.register_column(:versions, field: "version")
|
48
|
+
.register_column(:architectures, field: "architecture")
|
49
49
|
.install_filter_methods_on_resource(self, :filtered_packages)
|
50
50
|
|
51
51
|
private
|
@@ -84,8 +84,8 @@ module Inspec::Resources
|
|
84
84
|
return [] if all.nil?
|
85
85
|
all.map do |m|
|
86
86
|
a = m.split(/ {2,}/)
|
87
|
-
a[0] =
|
88
|
-
a[2] = a[2].split(
|
87
|
+
a[0] = "installed" if a[0] =~ /^.i/
|
88
|
+
a[2] = a[2].split(":").last
|
89
89
|
PackageStruct.new(*a)
|
90
90
|
end
|
91
91
|
end
|
@@ -100,8 +100,8 @@ module Inspec::Resources
|
|
100
100
|
all = cmd.stdout.split("\n")
|
101
101
|
return [] if all.nil?
|
102
102
|
all.map do |m|
|
103
|
-
a = m.split(
|
104
|
-
a.unshift(
|
103
|
+
a = m.split(" ")
|
104
|
+
a.unshift("installed")
|
105
105
|
PackageStruct.new(*a)
|
106
106
|
end
|
107
107
|
end
|