inspec-core 4.3.2 → 4.6.3

data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb}

@@ -1,14 +1,13 @@
-# encoding: utf-8
 # copyright: 2015, Vulcano Security GmbH
 
-require 'utils/simpleconfig'
-require 'utils/file_reader'
+require "inspec/utils/simpleconfig"
+require "inspec/utils/file_reader"
 
 module Inspec::Resources
-  class SshConf < Inspec.resource(1)
-    name 'ssh_config'
-    supports platform: 'unix'
-    desc 'Use the `ssh_config` InSpec audit resource to test OpenSSH client configuration data located at `/etc/ssh/ssh_config` on Linux and Unix platforms.'
+  class SshConfig < Inspec.resource(1)
+    name "ssh_config"
+    supports platform: "unix"
+    desc "Use the `ssh_config` InSpec audit resource to test OpenSSH client configuration data located at `/etc/ssh/ssh_config` on Linux and Unix platforms."
     example <<~EXAMPLE
       describe ssh_config do
         its('cipher') { should contain '3des' }
@@ -20,8 +19,8 @@ module Inspec::Resources
     include FileReader
 
     def initialize(conf_path = nil, type = nil)
-      @conf_path = conf_path || '/etc/ssh/ssh_config'
-      typename = (@conf_path.include?('sshd') ? 'Server' : 'Client')
+      @conf_path = conf_path || "/etc/ssh/ssh_config"
+      typename = (@conf_path.include?("sshd") ? "Server" : "Client")
       @type = type || "SSH #{typename} configuration #{conf_path}"
       read_content
     end
@@ -53,7 +52,7 @@ module Inspec::Resources
     end
 
     def to_s
-      'SSH Configuration'
+      "SSH Configuration"
     end
 
     private
@@ -70,16 +69,16 @@ module Inspec::Resources
       conf = SimpleConfig.new(
         read_content,
         assignment_regex: /^\s*(\S+?)\s+(.*?)\s*$/,
-        multiple_values: true,
+        multiple_values: true
       )
       @params = convert_hash(conf.params)
     end
   end
 
-  class SshdConf < SshConf
-    name 'sshd_config'
-    supports platform: 'unix'
-    desc 'Use the sshd_config InSpec audit resource to test configuration data for the Open SSH daemon located at /etc/ssh/sshd_config on Linux and UNIX platforms. sshd---the Open SSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command execution, and data exchanges.'
+  class SshdConfig < SshConfig
+    name "sshd_config"
+    supports platform: "unix"
+    desc "Use the sshd_config InSpec audit resource to test configuration data for the Open SSH daemon located at /etc/ssh/sshd_config on Linux and UNIX platforms. sshd---the Open SSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command execution, and data exchanges."
     example <<~EXAMPLE
       describe sshd_config do
         its('Protocol') { should eq '2' }
@@ -87,11 +86,11 @@ module Inspec::Resources
     EXAMPLE
 
     def initialize(path = nil)
-      super(path || '/etc/ssh/sshd_config')
+      super(path || "/etc/ssh/sshd_config")
     end
 
     def to_s
-      'SSHD Configuration'
+      "SSHD Configuration"
     end
   end
 end

data/lib/{resources → inspec/resources}/ssl.rb

@@ -1,16 +1,15 @@
-# encoding: utf-8
 # copyright: 2015, Chef Software Inc.
 
-require 'sslshake'
-require 'utils/filter'
-require 'uri'
-require 'parallel'
+require "sslshake"
+require "inspec/utils/filter"
+require "uri"
+require "parallel"
 
 # Custom resource based on the InSpec resource DSL
 class SSL < Inspec.resource(1)
-  name 'ssl'
-  supports platform: 'unix'
-  supports platform: 'windows'
+  name "ssl"
+  supports platform: "unix"
+  supports platform: "windows"
 
   desc "
     SSL test resource
@@ -33,11 +32,11 @@ class SSL < Inspec.resource(1)
   EXAMPLE
 
   VERSIONS = [
-    'ssl2',
-    'ssl3',
-    'tls1.0',
-    'tls1.1',
-    'tls1.2',
+    "ssl2",
+    "ssl3",
+    "tls1.0",
+    "tls1.1",
+    "tls1.2",
   ].freeze
 
   attr_reader :host, :port, :timeout, :retries
@@ -46,10 +45,10 @@ class SSL < Inspec.resource(1)
     @host = opts[:host]
     if @host.nil?
       # Transports like SSH and WinRM will provide a hostname
-      if inspec.backend.respond_to?('hostname')
+      if inspec.backend.respond_to?("hostname")
         @host = inspec.backend.hostname
-      elsif inspec.backend.class.to_s == 'Train::Transports::Local::Connection'
-        @host = 'localhost'
+      elsif inspec.backend.class.to_s == "Train::Transports::Local::Connection"
+        @host = "localhost"
       end
     end
     @port = opts[:port] || 443
@@ -59,12 +58,12 @@ class SSL < Inspec.resource(1)
 
   filter = FilterTable.create
   filter.register_custom_matcher(:enabled?) do |x|
-    raise 'Cannot determine host for SSL test. Please specify it or use a different target.' if x.resource.host.nil?
-    x.handshake.values.any? { |i| i['success'] }
+    raise "Cannot determine host for SSL test. Please specify it or use a different target." if x.resource.host.nil?
+    x.handshake.values.any? { |i| i["success"] }
   end
-  filter.register_column(:ciphers, field: 'cipher')
-        .register_column(:protocols, field: 'protocol')
-        .register_custom_property(:handshake) { |x|
+  filter.register_column(:ciphers, field: "cipher")
+        .register_column(:protocols, field: "protocol")
+        .register_custom_property(:handshake) do |x|
           groups = x.entries.group_by(&:protocol)
           res = Parallel.map(groups, in_threads: 8) do |proto, e|
             [proto, SSLShake.hello(x.resource.host, port: x.resource.port,
@@ -72,7 +71,7 @@ class SSL < Inspec.resource(1)
               timeout: x.resource.timeout, retries: x.resource.retries, servername: x.resource.host)]
           end
           Hash[res]
-        }
+        end
         .install_filter_methods_on_resource(self, :scan_config)
 
   def to_s
@@ -83,14 +82,14 @@ class SSL < Inspec.resource(1)
 
   def scan_config
     [
-      { 'protocol' => 'ssl2', 'ciphers' => SSLShake::SSLv2::CIPHERS.keys },
-      { 'protocol' => 'ssl3', 'ciphers' => SSLShake::TLS::SSL3_CIPHERS.keys },
-      { 'protocol' => 'tls1.0', 'ciphers' => SSLShake::TLS::TLS10_CIPHERS.keys },
-      { 'protocol' => 'tls1.1', 'ciphers' => SSLShake::TLS::TLS10_CIPHERS.keys },
-      { 'protocol' => 'tls1.2', 'ciphers' => SSLShake::TLS::TLS_CIPHERS.keys },
+      { "protocol" => "ssl2", "ciphers" => SSLShake::SSLv2::CIPHERS.keys },
+      { "protocol" => "ssl3", "ciphers" => SSLShake::TLS::SSL3_CIPHERS.keys },
+      { "protocol" => "tls1.0", "ciphers" => SSLShake::TLS::TLS10_CIPHERS.keys },
+      { "protocol" => "tls1.1", "ciphers" => SSLShake::TLS::TLS10_CIPHERS.keys },
+      { "protocol" => "tls1.2", "ciphers" => SSLShake::TLS::TLS_CIPHERS.keys },
     ].map do |line|
-      line['ciphers'].map do |cipher|
-        { 'protocol' => line['protocol'], 'cipher' => cipher }
+      line["ciphers"].map do |cipher|
+        { "protocol" => line["protocol"], "cipher" => cipher }
       end
     end.flatten
   end

data/lib/inspec/resources/sys_info.rb

@@ -0,0 +1,30 @@
+require "inspec/resources/command"
+require "inspec/resources/powershell"
+
+module Inspec::Resources
+  # this resource returns additional system informatio
+  class System < Inspec.resource(1)
+    name "sys_info"
+    supports platform: "unix"
+    supports platform: "windows"
+
+    desc "Use the user InSpec system resource to test for operating system properties."
+    example <<~EXAMPLE
+      describe sys_info do
+        its('hostname') { should eq 'example.com' }
+      end
+    EXAMPLE
+
+    # returns the hostname of the local system
+    def hostname
+      os = inspec.os
+      if os.linux? || os.darwin?
+        inspec.command("hostname").stdout.chomp
+      elsif os.windows?
+        inspec.powershell("$env:computername").stdout.chomp
+      else
+        skip_resource "The `sys_info.hostname` resource is not supported on your OS yet."
+      end
+    end
+  end
+end

data/lib/{resources → inspec/resources}/toml.rb

@@ -1,12 +1,10 @@
-# encoding: utf-8
-# author: Nolan Davidson
-
-require 'tomlrb'
+require "tomlrb"
+require "inspec/resources/json"
 
 module Inspec::Resources
   class TomlConfig < JsonConfig
-    name 'toml'
-    desc 'Use the toml InSpec resource to test configuration data in a TOML file'
+    name "toml"
+    desc "Use the toml InSpec resource to test configuration data in a TOML file"
     example <<~EXAMPLE
       describe toml('default.toml') do
         its('key') { should eq('value') }
@@ -26,7 +24,7 @@ module Inspec::Resources
     # used by JsonConfig to build up a full to_s method
     # based on whether a file path, content, or command was supplied.
     def resource_base_name
-      'TOML'
+      "TOML"
     end
   end
 end

data/lib/{resources → inspec/resources}/users.rb

@@ -1,8 +1,8 @@
-# encoding: utf-8
-
-require 'utils/parser'
-require 'utils/convert'
-require 'utils/filter'
+require "inspec/utils/parser"
+require "inspec/utils/convert"
+require "inspec/utils/filter"
+require "inspec/utils/simpleconfig"
+require "inspec/resources/powershell"
 
 module Inspec::Resources
   # This file contains two resources, the `user` and `users` resource.
@@ -17,15 +17,15 @@ module Inspec::Resources
         LinuxUser.new(inspec)
       elsif os.windows?
         WindowsUser.new(inspec)
-      elsif ['darwin'].include?(os[:family])
+      elsif ["darwin"].include?(os[:family])
         DarwinUser.new(inspec)
-      elsif ['freebsd'].include?(os[:family])
+      elsif ["freebsd"].include?(os[:family])
         FreeBSDUser.new(inspec)
-      elsif ['aix'].include?(os[:family])
+      elsif ["aix"].include?(os[:family])
         AixUser.new(inspec)
       elsif os.solaris?
         SolarisUser.new(inspec)
-      elsif ['hpux'].include?(os[:family])
+      elsif ["hpux"].include?(os[:family])
         HpuxUser.new(inspec)
       end
     end
@@ -52,10 +52,10 @@ module Inspec::Resources
   class Users < Inspec.resource(1)
     include UserManagementSelector
 
-    name 'users'
-    supports platform: 'unix'
-    supports platform: 'windows'
-    desc 'Use the users InSpec audit resource to test local user profiles. Users can be filtered by groups to which they belong, the frequency of required password changes, the directory paths to home and shell.'
+    name "users"
+    supports platform: "unix"
+    supports platform: "windows"
+    desc "Use the users InSpec audit resource to test local user profiles. Users can be filtered by groups to which they belong, the frequency of required password changes, the directory paths to home and shell."
     example <<~EXAMPLE
       describe users.where { uid == 0 }.entries do
         it { should eq ['root'] }
@@ -66,7 +66,7 @@ module Inspec::Resources
     def initialize
       # select user provider
       @user_provider = select_user_manager(inspec.os)
-      return skip_resource 'The `users` resource is not supported on your OS yet.' if @user_provider.nil?
+      return skip_resource "The `users` resource is not supported on your OS yet." if @user_provider.nil?
     end
 
     filter = FilterTable.create
@@ -87,7 +87,7 @@ module Inspec::Resources
     filter.install_filter_methods_on_resource(self, :collect_user_details)
 
     def to_s
-      'Users'
+      "Users"
     end
 
     private
@@ -137,10 +137,10 @@ module Inspec::Resources
   # end
   class User < Inspec.resource(1)
     include UserManagementSelector
-    name 'user'
-    supports platform: 'unix'
-    supports platform: 'windows'
-    desc 'Use the user InSpec audit resource to test user profiles, including the groups to which they belong, the frequency of required password changes, the directory paths to home and shell.'
+    name "user"
+    supports platform: "unix"
+    supports platform: "windows"
+    desc "Use the user InSpec audit resource to test user profiles, including the groups to which they belong, the frequency of required password changes, the directory paths to home and shell."
     example <<~EXAMPLE
       describe user('root') do
         it { should exist }
@@ -152,7 +152,7 @@ module Inspec::Resources
       @username = username
       # select user provider
       @user_provider = select_user_manager(inspec.os)
-      return skip_resource 'The `user` resource is not supported on your OS yet.' if @user_provider.nil?
+      return skip_resource "The `user` resource is not supported on your OS yet." if @user_provider.nil?
     end
 
     def exists?
@@ -213,35 +213,35 @@ module Inspec::Resources
 
     # implement 'mindays' method to be compatible with serverspec
     def minimum_days_between_password_change
-      Inspec.deprecate(:resource_user_serverspec_compat, 'The user resource `minimum_days_between_password_change` property is deprecated. Please use `mindays`.')
+      Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `minimum_days_between_password_change` property is deprecated. Please use `mindays`.")
       mindays
     end
 
     # implement 'maxdays' method to be compatible with serverspec
     def maximum_days_between_password_change
-      Inspec.deprecate(:resource_user_serverspec_compat, 'The user resource `maximum_days_between_password_change` property is deprecated. Please use `maxdays`.')
+      Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `maximum_days_between_password_change` property is deprecated. Please use `maxdays`.")
       maxdays
     end
 
     # implements rspec has matcher, to be compatible with serverspec
     # @see: https://github.com/rspec/rspec-expectations/blob/master/lib/rspec/matchers/built_in/has.rb
     def has_uid?(compare_uid)
-      Inspec.deprecate(:resource_user_serverspec_compat, 'The user resource `has_uid?` matcher is deprecated.')
+      Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `has_uid?` matcher is deprecated.")
       uid == compare_uid
     end
 
     def has_home_directory?(compare_home)
-      Inspec.deprecate(:resource_user_serverspec_compat, 'The user resource `has_home_directory?` matcher is deprecated. Please use `its(\'home\')`.')
+      Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `has_home_directory?` matcher is deprecated. Please use `its('home')`.")
       home == compare_home
     end
 
     def has_login_shell?(compare_shell)
-      Inspec.deprecate(:resource_user_serverspec_compat, 'The user resource `has_login_shell?` matcher is deprecated. Please use `its(\'shell\')`.')
+      Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `has_login_shell?` matcher is deprecated. Please use `its('shell')`.")
       shell == compare_shell
     end
 
     def has_authorized_key?(_compare_key)
-      Inspec.deprecate(:resource_user_serverspec_compat, 'The user resource `has_authorized_key?` matcher is deprecated. There is no currently implemented alternative')
+      Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `has_authorized_key?` matcher is deprecated. There is no currently implemented alternative")
       raise NotImplementedError
     end
 
@@ -288,7 +288,7 @@ module Inspec::Resources
     #   groups: '',
     # }
     def identity(_username)
-      raise 'user provider must implement the `identity` method'
+      raise "user provider must implement the `identity` method"
     end
 
     # returns optional information about a user, eg shell
@@ -309,7 +309,7 @@ module Inspec::Resources
 
     # returns an array with users
     def list_users
-      raise 'user provider must implement the `list_users` method'
+      raise "user provider must implement the `list_users` method"
     end
 
     # retuns all aspects of the user as one hash
@@ -326,9 +326,9 @@ module Inspec::Resources
 
     # returns the full information list for a user
     def collect_user_details
-      list_users.map { |username|
+      list_users.map do |username|
         user_details(username.chomp)
-      }
+      end
     end
   end
 
@@ -337,7 +337,7 @@ module Inspec::Resources
     attr_reader :inspec, :id_cmd, :list_users_cmd
     def initialize(inspec)
       @inspec = inspec
-      @id_cmd ||= 'id'
+      @id_cmd ||= "id"
       @list_users_cmd ||= 'cut -d: -f1 /etc/passwd | grep -v "^#"'
       super
     end
@@ -353,10 +353,10 @@ module Inspec::Resources
     def parse_value(line)
       SimpleConfig.new(
         line,
-        line_separator: ',',
+        line_separator: ",",
         assignment_regex: /^\s*([^\(]*?)\s*\(\s*(.*?)\)*$/,
         group_re: nil,
-        multiple_values: false,
+        multiple_values: false
       ).params
     end
 
@@ -370,15 +370,15 @@ module Inspec::Resources
         parse_id_entries(cmd.stdout.chomp),
         assignment_regex: /^\s*([^=]*?)\s*=\s*(.*?)\s*$/,
         group_re: nil,
-        multiple_values: false,
+        multiple_values: false
       ).params
 
       {
-        uid: convert_to_i(parse_value(params['uid']).keys[0]),
-        username: parse_value(params['uid']).values[0],
-        gid: convert_to_i(parse_value(params['gid']).keys[0]),
-        groupname: parse_value(params['gid']).values[0],
-        groups: parse_value(params['groups']).values,
+        uid: convert_to_i(parse_value(params["uid"]).keys[0]),
+        username: parse_value(params["uid"]).values[0],
+        gid: convert_to_i(parse_value(params["gid"]).keys[0]),
+        groupname: parse_value(params["gid"]).values[0],
+        groups: parse_value(params["groups"]).values,
       }
     end
 
@@ -386,8 +386,8 @@ module Inspec::Resources
     def parse_id_entries(raw)
       data = []
       until (index = raw.index(/\)\s{1}/)).nil?
-        data.push(raw[0, index+1]) # inclue closing )
-        raw = raw[index+2, raw.length-index-2]
+        data.push(raw[0, index + 1]) # inclue closing )
+        raw = raw[index + 2, raw.length - index - 2]
       end
       data.push(raw) if !raw.nil?
       data.join("\n")
@@ -404,8 +404,8 @@ module Inspec::Resources
       # returns: root:x:0:0:root:/root:/bin/bash
       passwd = parse_passwd_line(cmd.stdout.chomp)
       {
-        home: passwd['home'],
-        shell: passwd['shell'],
+        home: passwd["home"],
+        shell: passwd["shell"],
       }
     end
 
@@ -417,13 +417,13 @@ module Inspec::Resources
         cmd.stdout.chomp,
         assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
         group_re: nil,
-        multiple_values: false,
+        multiple_values: false
       ).params
 
       {
-        mindays: convert_to_i(params['Minimum number of days between password change']),
-        maxdays: convert_to_i(params['Maximum number of days between password change']),
-        warndays: convert_to_i(params['Number of days of warning before password expires']),
+        mindays: convert_to_i(params["Minimum number of days between password change"]),
+        maxdays: convert_to_i(params["Maximum number of days between password change"]),
+        warndays: convert_to_i(params["Number of days of warning before password expires"]),
       }
     end
   end
@@ -431,7 +431,7 @@ module Inspec::Resources
   class SolarisUser < LinuxUser
     def initialize(inspec)
       @inspec = inspec
-      @id_cmd ||= 'id -a'
+      @id_cmd ||= "id -a"
       super
     end
   end
@@ -456,24 +456,24 @@ module Inspec::Resources
       lsuser = inspec.command("lsuser -C -a home shell #{username}")
       return nil if lsuser.exit_status != 0
 
-      user = lsuser.stdout.chomp.split("\n").last.split(':')
+      user = lsuser.stdout.chomp.split("\n").last.split(":")
       {
-        home:  user[1],
+        home: user[1],
         shell: user[2],
       }
     end
 
     def credentials(username)
       cmd = inspec.command(
-        "lssec -c -f /etc/security/user -s #{username} -a minage -a maxage -a pwdwarntime",
+        "lssec -c -f /etc/security/user -s #{username} -a minage -a maxage -a pwdwarntime"
       )
       return nil if cmd.exit_status != 0
 
-      user_sec = cmd.stdout.chomp.split("\n").last.split(':')
+      user_sec = cmd.stdout.chomp.split("\n").last.split(":")
 
       {
-        mindays:  user_sec[1].to_i * 7,
-        maxdays:  user_sec[2].to_i * 7,
+        mindays: user_sec[1].to_i * 7,
+        maxdays: user_sec[2].to_i * 7,
         warndays: user_sec[3].to_i,
       }
     end
@@ -483,7 +483,7 @@ module Inspec::Resources
     def meta_info(username)
       hpuxuser = inspec.command("logins -x -l #{username}")
       return nil if hpuxuser.exit_status != 0
-      user = hpuxuser.stdout.chomp.split(' ')
+      user = hpuxuser.stdout.chomp.split(" ")
       {
         home: user[4],
         shell: user[5],
@@ -498,7 +498,7 @@ module Inspec::Resources
   # @see http://superuser.com/questions/592921/mac-osx-users-vs-dscl-command-to-list-user
   class DarwinUser < UnixUser
     def initialize(inspec)
-      @list_users_cmd ||= 'dscl . list /Users'
+      @list_users_cmd ||= "dscl . list /Users"
       super
     end
 
@@ -510,12 +510,12 @@ module Inspec::Resources
         cmd.stdout.chomp,
         assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
         group_re: nil,
-        multiple_values: false,
+        multiple_values: false
       ).params
 
       {
-        home: params['NFSHomeDirectory'],
-        shell: params['UserShell'],
+        home: params["NFSHomeDirectory"],
+        shell: params["UserShell"],
       }
     end
   end
@@ -524,10 +524,10 @@ module Inspec::Resources
   # @see: https://www.freebsd.org/doc/handbook/users-synopsis.html
   # @see: https://www.freebsd.org/cgi/man.cgi?pw(8)
   # It offers the following commands:
-  # - adduser(8)	The recommended command-line application for adding new users.
-  # - rmuser(8)	The recommended command-line application for removing users.
-  # - chpass(1)	A flexible tool for changing user database information.
-  # - passwd(1)	The command-line tool to change user passwords.
+  # - adduser(8) The recommended command-line application for adding new users.
+  # - rmuser(8)  The recommended command-line application for removing users.
+  # - chpass(1)  A flexible tool for changing user database information.
+  # - passwd(1)  The command-line tool to change user passwords.
   class FreeBSDUser < UnixUser
     include PasswdParser
 
@@ -537,8 +537,8 @@ module Inspec::Resources
       # returns: root:*:0:0:Charlie &:/root:/bin/csh
       passwd = parse_passwd_line(cmd.stdout.chomp)
       {
-        home: passwd['home'],
-        shell: passwd['shell'],
+        home: passwd["home"],
+        shell: passwd["shell"],
       }
     end
   end