inspec-core 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +139 -140
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
@@ -1,14 +1,12 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require
|
4
|
-
require 'utils/filter'
|
5
|
-
require 'utils/file_reader'
|
1
|
+
require "inspec/utils/parser"
|
2
|
+
require "inspec/utils/filter"
|
3
|
+
require "inspec/utils/file_reader"
|
6
4
|
|
7
5
|
module Inspec::Resources
|
8
6
|
class XinetdConf < Inspec.resource(1)
|
9
|
-
name
|
10
|
-
supports platform:
|
11
|
-
desc
|
7
|
+
name "xinetd_conf"
|
8
|
+
supports platform: "unix"
|
9
|
+
desc "Xinetd services configuration."
|
12
10
|
example <<~EXAMPLE
|
13
11
|
describe xinetd_conf.services('chargen') do
|
14
12
|
its('socket_types') { should include 'dgram' }
|
@@ -22,7 +20,7 @@ module Inspec::Resources
|
|
22
20
|
include XinetdParser
|
23
21
|
include FileReader
|
24
22
|
|
25
|
-
def initialize(conf_path =
|
23
|
+
def initialize(conf_path = "/etc/xinetd.conf")
|
26
24
|
@conf_path = conf_path
|
27
25
|
@contents = {}
|
28
26
|
read_content(@conf_path)
|
@@ -37,14 +35,14 @@ module Inspec::Resources
|
|
37
35
|
end
|
38
36
|
|
39
37
|
filter = FilterTable.create
|
40
|
-
filter.register_column(:services, field:
|
41
|
-
.register_column(:ids, field:
|
42
|
-
.register_column(:socket_types, field:
|
43
|
-
.register_column(:types, field:
|
44
|
-
.register_column(:protocols, field:
|
45
|
-
.register_column(:wait, field:
|
46
|
-
.register_custom_matcher(:disabled?) { |x| x.where(
|
47
|
-
.register_custom_matcher(:enabled?) { |x| x.where(
|
38
|
+
filter.register_column(:services, field: "service")
|
39
|
+
.register_column(:ids, field: "id")
|
40
|
+
.register_column(:socket_types, field: "socket_type")
|
41
|
+
.register_column(:types, field: "type")
|
42
|
+
.register_column(:protocols, field: "protocol")
|
43
|
+
.register_column(:wait, field: "wait")
|
44
|
+
.register_custom_matcher(:disabled?) { |x| x.where("disable" => "no").services.empty? }
|
45
|
+
.register_custom_matcher(:enabled?) { |x| x.where("disable" => "yes").services.empty? }
|
48
46
|
.install_filter_methods_on_resource(self, :service_lines)
|
49
47
|
|
50
48
|
private
|
@@ -59,7 +57,7 @@ module Inspec::Resources
|
|
59
57
|
return {} if read_content.nil?
|
60
58
|
flat_params = parse_xinetd(read_content)
|
61
59
|
# we need to map service data in order to use it with filtertable
|
62
|
-
params = {
|
60
|
+
params = { "services" => {} }
|
63
61
|
# map services that were defined and map it to the service hash
|
64
62
|
flat_params.each do |k, v|
|
65
63
|
name = k[/^service (.+)$/, 1]
|
@@ -69,13 +67,13 @@ module Inspec::Resources
|
|
69
67
|
# handle service entries
|
70
68
|
else
|
71
69
|
# store service
|
72
|
-
params[
|
70
|
+
params["services"][name] = v
|
73
71
|
|
74
72
|
# add the service identifier to its parameters
|
75
73
|
if v.is_a?(Array)
|
76
|
-
v.each { |service| service.params[
|
74
|
+
v.each { |service| service.params["service"] = name }
|
77
75
|
else
|
78
|
-
v.params[
|
76
|
+
v.params["service"] = name
|
79
77
|
end
|
80
78
|
end
|
81
79
|
end
|
@@ -85,20 +83,20 @@ module Inspec::Resources
|
|
85
83
|
# Method used to derive the default protocol used from the socket_type
|
86
84
|
def default_protocol(type)
|
87
85
|
case type
|
88
|
-
when
|
89
|
-
|
90
|
-
when
|
91
|
-
|
86
|
+
when "stream"
|
87
|
+
"tcp"
|
88
|
+
when "dgram"
|
89
|
+
"udp"
|
92
90
|
else
|
93
|
-
|
91
|
+
"unknown"
|
94
92
|
end
|
95
93
|
end
|
96
94
|
|
97
95
|
def service_lines
|
98
|
-
@services ||= params[
|
99
|
-
service.params[
|
96
|
+
@services ||= params["services"].values.flatten.map do |service|
|
97
|
+
service.params["protocol"] ||= default_protocol(service.params["socket_type"])
|
100
98
|
service.params
|
101
|
-
|
99
|
+
end
|
102
100
|
end
|
103
101
|
end
|
104
102
|
end
|
@@ -1,11 +1,11 @@
|
|
1
|
-
|
1
|
+
require "inspec/resources/json"
|
2
2
|
|
3
3
|
module Inspec::Resources
|
4
4
|
class XmlConfig < JsonConfig
|
5
|
-
name
|
6
|
-
supports platform:
|
7
|
-
supports platform:
|
8
|
-
desc
|
5
|
+
name "xml"
|
6
|
+
supports platform: "unix"
|
7
|
+
supports platform: "windows"
|
8
|
+
desc "Use the xml InSpec resource to test configuration data in an XML file"
|
9
9
|
example <<~EXAMPLE
|
10
10
|
describe xml('default.xml') do
|
11
11
|
its('key/sub_key') { should eq(['value']) }
|
@@ -14,7 +14,7 @@ module Inspec::Resources
|
|
14
14
|
EXAMPLE
|
15
15
|
|
16
16
|
def parse(content)
|
17
|
-
require
|
17
|
+
require "rexml/document"
|
18
18
|
REXML::Document.new(content)
|
19
19
|
rescue => e
|
20
20
|
raise Inspec::Exceptions::ResourceFailed, "Unable to parse XML: #{e.message}"
|
@@ -42,7 +42,7 @@ module Inspec::Resources
|
|
42
42
|
# used by JsonConfig to build up a full to_s method
|
43
43
|
# based on whether a file path, content, or command was supplied.
|
44
44
|
def resource_base_name
|
45
|
-
|
45
|
+
"XML"
|
46
46
|
end
|
47
47
|
end
|
48
48
|
end
|
@@ -1,6 +1,5 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require 'yaml'
|
1
|
+
require "yaml"
|
2
|
+
require "inspec/resources/json"
|
4
3
|
|
5
4
|
# Parses a yaml document
|
6
5
|
# Usage:
|
@@ -9,8 +8,8 @@ require 'yaml'
|
|
9
8
|
# end
|
10
9
|
module Inspec::Resources
|
11
10
|
class YamlConfig < JsonConfig
|
12
|
-
name
|
13
|
-
desc
|
11
|
+
name "yaml"
|
12
|
+
desc "Use the yaml InSpec audit resource to test configuration data in a YAML file."
|
14
13
|
example <<~EXAMPLE
|
15
14
|
describe yaml('config.yaml') do
|
16
15
|
its(['driver', 'name']) { should eq 'vagrant' }
|
@@ -37,7 +36,7 @@ module Inspec::Resources
|
|
37
36
|
# used by JsonConfig to build up a full to_s method
|
38
37
|
# based on whether a file path, content, or command was supplied.
|
39
38
|
def resource_base_name
|
40
|
-
|
39
|
+
"YAML"
|
41
40
|
end
|
42
41
|
end
|
43
42
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
|
1
|
+
require "inspec/resources/command"
|
2
2
|
|
3
3
|
# Usage:
|
4
4
|
# describe yum do
|
@@ -29,9 +29,9 @@
|
|
29
29
|
|
30
30
|
module Inspec::Resources
|
31
31
|
class Yum < Inspec.resource(1)
|
32
|
-
name
|
33
|
-
supports platform:
|
34
|
-
desc
|
32
|
+
name "yum"
|
33
|
+
supports platform: "unix"
|
34
|
+
desc "Use the yum InSpec audit resource to test the configuration of Yum repositories."
|
35
35
|
example <<~EXAMPLE
|
36
36
|
describe yum.repo('name') do
|
37
37
|
it { should exist }
|
@@ -49,7 +49,7 @@ module Inspec::Resources
|
|
49
49
|
return @cache if defined?(@cache)
|
50
50
|
# parse the repository data from yum
|
51
51
|
# we cannot use -C, because this is not reliable and may lead to errors
|
52
|
-
@command_result = inspec.command(
|
52
|
+
@command_result = inspec.command("yum -v repolist all")
|
53
53
|
@content = @command_result.stdout
|
54
54
|
@cache = []
|
55
55
|
repo = {}
|
@@ -73,7 +73,7 @@ module Inspec::Resources
|
|
73
73
|
end
|
74
74
|
|
75
75
|
def repos
|
76
|
-
repositories.map { |repo| repo[
|
76
|
+
repositories.map { |repo| repo["id"] }
|
77
77
|
end
|
78
78
|
|
79
79
|
def repo(repo)
|
@@ -86,7 +86,7 @@ module Inspec::Resources
|
|
86
86
|
end
|
87
87
|
|
88
88
|
def to_s
|
89
|
-
|
89
|
+
"Yum Repository"
|
90
90
|
end
|
91
91
|
|
92
92
|
private
|
@@ -99,7 +99,7 @@ module Inspec::Resources
|
|
99
99
|
# Optimize the key value
|
100
100
|
def repo_key(key)
|
101
101
|
return key if key.nil?
|
102
|
-
key.gsub(
|
102
|
+
key.gsub("Repo-", "").downcase
|
103
103
|
end
|
104
104
|
end
|
105
105
|
|
@@ -118,7 +118,7 @@ module Inspec::Resources
|
|
118
118
|
|
119
119
|
def info
|
120
120
|
return @cache if defined?(@cache)
|
121
|
-
selection = @yum.repositories.select { |e| e[
|
121
|
+
selection = @yum.repositories.select { |e| e["id"] == @reponame || shortname(e["id"]) == @reponame }
|
122
122
|
@cache = selection.empty? ? {} : selection.first
|
123
123
|
@cache
|
124
124
|
end
|
@@ -129,7 +129,7 @@ module Inspec::Resources
|
|
129
129
|
|
130
130
|
def enabled?
|
131
131
|
return false unless exist?
|
132
|
-
info[
|
132
|
+
info["status"] == "enabled"
|
133
133
|
end
|
134
134
|
|
135
135
|
# provide a method for each of the repo metadata items we know about
|
@@ -1,9 +1,9 @@
|
|
1
|
-
|
1
|
+
require "inspec/resources/command"
|
2
2
|
|
3
3
|
module Inspec::Resources
|
4
4
|
class ZfsDataset < Inspec.resource(1)
|
5
|
-
name
|
6
|
-
supports platform:
|
5
|
+
name "zfs_dataset"
|
6
|
+
supports platform: "unix"
|
7
7
|
desc "
|
8
8
|
Use the zfs_dataset InSpec audit resource to test if the named
|
9
9
|
ZFS Dataset is present and/or has certain properties.
|
@@ -16,7 +16,7 @@ module Inspec::Resources
|
|
16
16
|
EXAMPLE
|
17
17
|
|
18
18
|
def initialize(zfs_dataset)
|
19
|
-
return skip_resource
|
19
|
+
return skip_resource "The `zfs_dataset` resource is not supported on your OS yet." if !inspec.os.bsd?
|
20
20
|
@zfs_dataset = zfs_dataset
|
21
21
|
|
22
22
|
@params = gather
|
@@ -29,7 +29,7 @@ module Inspec::Resources
|
|
29
29
|
|
30
30
|
def mounted?
|
31
31
|
return false if !exists?
|
32
|
-
inspec.mount(@params[
|
32
|
+
inspec.mount(@params["mountpoint"]).mounted?
|
33
33
|
end
|
34
34
|
|
35
35
|
def to_s
|
@@ -49,7 +49,7 @@ module Inspec::Resources
|
|
49
49
|
|
50
50
|
# override method
|
51
51
|
def exec
|
52
|
-
@params[
|
52
|
+
@params["exec"]
|
53
53
|
end
|
54
54
|
|
55
55
|
# expose all parameters
|
@@ -1,9 +1,9 @@
|
|
1
|
-
|
1
|
+
require "inspec/resources/command"
|
2
2
|
|
3
3
|
module Inspec::Resources
|
4
4
|
class ZfsPool < Inspec.resource(1)
|
5
|
-
name
|
6
|
-
supports platform:
|
5
|
+
name "zfs_pool"
|
6
|
+
supports platform: "unix"
|
7
7
|
desc "
|
8
8
|
Use the zfs_pool InSpec audit resource to test if the named
|
9
9
|
ZFS Pool is present and/or has certain properties.
|
@@ -15,7 +15,7 @@ module Inspec::Resources
|
|
15
15
|
EXAMPLE
|
16
16
|
|
17
17
|
def initialize(zfs_pool)
|
18
|
-
return skip_resource
|
18
|
+
return skip_resource "The `zfs_pool` resource is not supported on your OS yet." if !inspec.os.bsd?
|
19
19
|
@zfs_pool = zfs_pool
|
20
20
|
|
21
21
|
@params = gather
|
@@ -1,6 +1,6 @@
|
|
1
|
-
require
|
2
|
-
require
|
3
|
-
require
|
1
|
+
require "inspec/input_registry"
|
2
|
+
require "inspec/plugin/v2"
|
3
|
+
require "rspec/core/example_group"
|
4
4
|
|
5
5
|
# Any additions to RSpec::Core::ExampleGroup (the RSpec class behind describe blocks) should go here.
|
6
6
|
|
@@ -65,14 +65,30 @@ end
|
|
65
65
|
|
66
66
|
class RSpec::Core::ExampleGroup
|
67
67
|
# This DSL method allows us to access the values of inputs within InSpec tests
|
68
|
-
def
|
69
|
-
|
68
|
+
def input(input_name, options = {})
|
69
|
+
profile_id = self.class.metadata[:profile_id]
|
70
|
+
if options.empty?
|
71
|
+
# Simply an access, no event here
|
72
|
+
Inspec::InputRegistry.find_or_register_input(input_name, profile_id).value
|
73
|
+
else
|
74
|
+
options[:priority] = 20
|
75
|
+
options[:provider] = :inline_control_code
|
76
|
+
evt = Inspec::Input.infer_event(options)
|
77
|
+
Inspec::InputRegistry.find_or_register_input(input_name, profile_id, event: evt).value
|
78
|
+
end
|
70
79
|
end
|
71
|
-
define_example_method :
|
72
|
-
|
80
|
+
define_example_method :input
|
81
|
+
|
82
|
+
def input_object(name)
|
73
83
|
Inspec::InputRegistry.find_or_register_input(name, self.class.metadata[:profile_id])
|
74
84
|
end
|
75
|
-
define_example_method :
|
85
|
+
define_example_method :input_object
|
86
|
+
|
87
|
+
def attribute(name, options = {})
|
88
|
+
Inspec.deprecate(:attrs_dsl, "Input name: #{name}, Profile: #{self.class.metadata[:profile_id]}")
|
89
|
+
input(name, options)
|
90
|
+
end
|
91
|
+
define_example_method :attribute
|
76
92
|
|
77
93
|
# Here, we have to ensure our method_missing gets called prior
|
78
94
|
# to RSpec::Core::ExampleGroup.method_missing (the class method).
|
data/lib/inspec/rule.rb
CHANGED
@@ -1,11 +1,10 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# copyright: 2015, Dominik Richter
|
3
|
-
# author: Dominik Richter
|
4
|
-
# author: Christoph Hartmann
|
5
2
|
|
6
|
-
require
|
7
|
-
require
|
8
|
-
require
|
3
|
+
require "method_source"
|
4
|
+
require "inspec/describe"
|
5
|
+
require "inspec/expect"
|
6
|
+
require "inspec/resource"
|
7
|
+
require "inspec/resources/os"
|
9
8
|
|
10
9
|
module Inspec
|
11
10
|
class Rule
|
@@ -58,8 +57,8 @@ module Inspec
|
|
58
57
|
# fail the control. Controls are failed by having a failed resource within
|
59
58
|
# them; but since our control block is unsafe (and opaque) to us, let's
|
60
59
|
# make a dummy and fail that.
|
61
|
-
location = block.source_location.compact.join(
|
62
|
-
describe
|
60
|
+
location = block.source_location.compact.join(":")
|
61
|
+
describe "Control Source Code Error" do
|
63
62
|
# Rubocop thinks we are raising an exception - we're actually calling RSpec's fail()
|
64
63
|
its(location) { fail e.message } # rubocop: disable Style/SignalException
|
65
64
|
end
|
@@ -160,13 +159,13 @@ module Inspec
|
|
160
159
|
include dsl
|
161
160
|
end.new(method(:__add_check))
|
162
161
|
else
|
163
|
-
__add_check(
|
162
|
+
__add_check("describe", values, with_dsl(block))
|
164
163
|
end
|
165
164
|
end
|
166
165
|
|
167
166
|
def expect(value, &block)
|
168
167
|
target = Inspec::Expect.new(value, &with_dsl(block))
|
169
|
-
__add_check(
|
168
|
+
__add_check("expect", [value], target)
|
170
169
|
target
|
171
170
|
end
|
172
171
|
|
@@ -209,14 +208,14 @@ module Inspec
|
|
209
208
|
if skip_check[:message]
|
210
209
|
msg = "Skipped control due to only_if condition: #{skip_check[:message]}"
|
211
210
|
else
|
212
|
-
msg =
|
211
|
+
msg = "Skipped control due to only_if condition."
|
213
212
|
end
|
214
213
|
|
215
214
|
# TODO: we use os as the carrier here, but should consider
|
216
215
|
# a separate resource to do skipping
|
217
216
|
resource = rule.os
|
218
217
|
resource.skip_resource(msg)
|
219
|
-
[[
|
218
|
+
[["describe", [resource], nil]]
|
220
219
|
end
|
221
220
|
|
222
221
|
def self.merge(dst, src) # rubocop:disable Metrics/AbcSize
|
@@ -251,7 +250,7 @@ module Inspec
|
|
251
250
|
dst.instance_variable_set(:@__merge_count, merge_count(dst) + 1)
|
252
251
|
dst.instance_variable_set(
|
253
252
|
:@__merge_changes,
|
254
|
-
merge_changes(dst) << src.instance_variable_get(:@__source_location)
|
253
|
+
merge_changes(dst) << src.instance_variable_get(:@__source_location)
|
255
254
|
)
|
256
255
|
end
|
257
256
|
|
@@ -299,9 +298,9 @@ module Inspec
|
|
299
298
|
# @param [String] text string which needs to be unindented
|
300
299
|
# @return [String] input with indentation removed; '' if input is nil
|
301
300
|
def unindent(text)
|
302
|
-
return
|
301
|
+
return "" if text.nil?
|
303
302
|
len = text.split("\n").reject { |l| l.strip.empty? }.map { |x| x.index(/[^\s]/) }.compact.min
|
304
|
-
text.gsub(/^[[:blank:]]{#{len}}/,
|
303
|
+
text.gsub(/^[[:blank:]]{#{len}}/, "").strip
|
305
304
|
end
|
306
305
|
|
307
306
|
# get the source location of the block
|
data/lib/inspec/runner.rb
CHANGED
@@ -1,16 +1,17 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# copyright: 2015, Dominik Richter
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
require
|
7
|
-
require
|
8
|
-
require
|
9
|
-
require
|
10
|
-
require
|
11
|
-
require
|
12
|
-
require
|
13
|
-
require
|
2
|
+
|
3
|
+
require "forwardable"
|
4
|
+
require "uri"
|
5
|
+
require "inspec/backend"
|
6
|
+
require "inspec/profile_context"
|
7
|
+
require "inspec/profile"
|
8
|
+
require "inspec/metadata"
|
9
|
+
require "inspec/config"
|
10
|
+
require "inspec/dependencies/cache"
|
11
|
+
require "inspec/dist"
|
12
|
+
require "inspec/resources"
|
13
|
+
require "inspec/reporters"
|
14
|
+
require "inspec/runner_rspec"
|
14
15
|
# spec requirements
|
15
16
|
|
16
17
|
module Inspec
|
@@ -52,7 +53,6 @@ module Inspec
|
|
52
53
|
@cache = Inspec::Cache.new(@conf[:vendor_cache])
|
53
54
|
|
54
55
|
@test_collector = @conf.delete(:test_collector) || begin
|
55
|
-
require 'inspec/runner_rspec'
|
56
56
|
RunnerRspec.new(@conf)
|
57
57
|
end
|
58
58
|
|
@@ -123,16 +123,16 @@ module Inspec
|
|
123
123
|
end
|
124
124
|
|
125
125
|
def render_output(run_data)
|
126
|
-
return if @conf[
|
126
|
+
return if @conf["reporter"].nil?
|
127
127
|
|
128
|
-
@conf[
|
128
|
+
@conf["reporter"].each do |reporter|
|
129
129
|
result = Inspec::Reporters.render(reporter, run_data)
|
130
130
|
raise Inspec::ReporterError, "Error generating reporter '#{reporter[0]}'" if result == false
|
131
131
|
end
|
132
132
|
end
|
133
133
|
|
134
134
|
def report
|
135
|
-
Inspec::Reporters.report(@conf[
|
135
|
+
Inspec::Reporters.report(@conf["reporter"].first, @run_data)
|
136
136
|
end
|
137
137
|
|
138
138
|
def write_lockfile(profile)
|
@@ -150,7 +150,7 @@ module Inspec
|
|
150
150
|
def run_tests(with = nil)
|
151
151
|
@run_data = @test_collector.run(with)
|
152
152
|
# dont output anything if we want a report
|
153
|
-
render_output(@run_data) unless @conf[
|
153
|
+
render_output(@run_data) unless @conf["report"]
|
154
154
|
@test_collector.exit_code
|
155
155
|
end
|
156
156
|
|
@@ -192,9 +192,9 @@ module Inspec
|
|
192
192
|
|
193
193
|
def supports_profile?(profile)
|
194
194
|
if !profile.supports_runtime?
|
195
|
-
raise
|
195
|
+
raise "This profile requires #{Inspec::Dist::PRODUCT_NAME} version "\
|
196
196
|
"#{profile.metadata.inspec_requirement}. You are running "\
|
197
|
-
"
|
197
|
+
"#{Inspec::Dist::PRODUCT_NAME} v#{Inspec::VERSION}.\n"
|
198
198
|
end
|
199
199
|
|
200
200
|
true
|
@@ -218,8 +218,8 @@ module Inspec
|
|
218
218
|
end
|
219
219
|
|
220
220
|
def eval_with_virtual_profile(command)
|
221
|
-
require
|
222
|
-
add_target({
|
221
|
+
require "fetchers/mock"
|
222
|
+
add_target({ "inspec.yml" => "name: inspec-shell" })
|
223
223
|
our_profile = @target_profiles.first
|
224
224
|
ctx = our_profile.runner_context
|
225
225
|
|
@@ -227,7 +227,7 @@ module Inspec
|
|
227
227
|
# to provide access to local profiles that add resources.
|
228
228
|
@depends.each do |dep|
|
229
229
|
# support for windows paths
|
230
|
-
dep = dep.tr('\\',
|
230
|
+
dep = dep.tr('\\', "/")
|
231
231
|
Inspec::Profile.for_path(dep, { profile_context: ctx }).load_libraries
|
232
232
|
end
|
233
233
|
|
@@ -240,8 +240,8 @@ module Inspec
|
|
240
240
|
return {} if block.nil? || !block.respond_to?(:source_location)
|
241
241
|
opts = {}
|
242
242
|
file_path, line = block.source_location
|
243
|
-
opts[
|
244
|
-
opts[
|
243
|
+
opts["file_path"] = file_path
|
244
|
+
opts["line_number"] = line
|
245
245
|
opts
|
246
246
|
end
|
247
247
|
|
@@ -286,7 +286,7 @@ module Inspec
|
|
286
286
|
def rspec_failed_block(arg, opts, message)
|
287
287
|
@test_collector.example_group(*arg, opts) do
|
288
288
|
# Send custom `it` block to RSpec
|
289
|
-
it
|
289
|
+
it "" do
|
290
290
|
# Raising here to fail the test and get proper formatting
|
291
291
|
raise Inspec::Exceptions::ResourceFailed, message
|
292
292
|
end
|
@@ -295,11 +295,11 @@ module Inspec
|
|
295
295
|
|
296
296
|
def add_resource(method_name, arg, opts, block)
|
297
297
|
case method_name
|
298
|
-
when
|
298
|
+
when "describe"
|
299
299
|
@test_collector.example_group(*arg, opts, &block)
|
300
|
-
when
|
300
|
+
when "expect"
|
301
301
|
block.example_group
|
302
|
-
when
|
302
|
+
when "describe.one"
|
303
303
|
tests = arg.map do |x|
|
304
304
|
@test_collector.example_group(x[1][0], block_source_info(x[2]), &x[2])
|
305
305
|
end
|