inspec-core 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +139 -140
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
data/lib/inspec/cli.rb
CHANGED
@@ -1,57 +1,75 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# Copyright 2015 Dominik Richter
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
require
|
7
|
-
require
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
2
|
+
|
3
|
+
require "inspec/utils/deprecation/deprecator"
|
4
|
+
require "inspec/dist"
|
5
|
+
require "inspec/backend"
|
6
|
+
require "inspec/dependencies/cache"
|
7
|
+
|
8
|
+
module Inspec # TODO: move this somewhere "better"?
|
9
|
+
autoload :BaseCLI, "inspec/base_cli"
|
10
|
+
autoload :Deprecation, "inspec/utils/deprecation"
|
11
|
+
autoload :Exceptions, "inspec/exceptions"
|
12
|
+
autoload :Fetcher, "inspec/fetcher"
|
13
|
+
autoload :Formatters, "inspec/formatters"
|
14
|
+
autoload :Globals, "inspec/globals"
|
15
|
+
autoload :Impact, "inspec/impact"
|
16
|
+
autoload :Impact, "inspec/impact"
|
17
|
+
autoload :InputRegistry, "inspec/input_registry"
|
18
|
+
autoload :Profile, "inspec/profile"
|
19
|
+
autoload :Reporters, "inspec/reporters"
|
20
|
+
autoload :Resource, "inspec/resource"
|
21
|
+
autoload :Rule, "inspec/rule"
|
22
|
+
autoload :Runner, "inspec/runner"
|
23
|
+
autoload :Runner, "inspec/runner"
|
24
|
+
autoload :Shell, "inspec/shell"
|
25
|
+
autoload :SourceReader, "inspec/source_reader"
|
26
|
+
autoload :Telemetry, "inspec/utils/telemetry"
|
27
|
+
autoload :V1, "inspec/plugin/v1"
|
28
|
+
autoload :V2, "inspec/plugin/v2"
|
29
|
+
autoload :VERSION, "inspec/version"
|
30
|
+
end
|
19
31
|
|
20
32
|
class Inspec::InspecCLI < Inspec::BaseCLI
|
21
33
|
class_option :log_level, aliases: :l, type: :string,
|
22
|
-
desc:
|
34
|
+
desc: "Set the log level: info (default), debug, warn, error"
|
23
35
|
|
24
36
|
class_option :log_location, type: :string,
|
25
|
-
desc:
|
37
|
+
desc: "Location to send diagnostic log messages to. (default: $stdout or Inspec::Log.error)"
|
26
38
|
|
27
39
|
class_option :diagnose, type: :boolean,
|
28
|
-
desc:
|
40
|
+
desc: "Show diagnostics (versions, configurations)"
|
29
41
|
|
30
42
|
class_option :color, type: :boolean,
|
31
|
-
desc:
|
43
|
+
desc: "Use colors in output."
|
32
44
|
|
33
45
|
class_option :interactive, type: :boolean,
|
34
|
-
desc:
|
46
|
+
desc: "Allow or disable user interaction"
|
35
47
|
|
36
|
-
class_option :disable_core_plugins, type: :string, banner:
|
37
|
-
desc:
|
48
|
+
class_option :disable_core_plugins, type: :string, banner: "", # Actually a boolean, but this suppresses the creation of a --no-disable...
|
49
|
+
desc: "Disable loading all plugins that are shipped in the lib/plugins directory of InSpec. Useful in development."
|
38
50
|
|
39
|
-
class_option :disable_user_plugins, type: :string, banner:
|
40
|
-
desc:
|
51
|
+
class_option :disable_user_plugins, type: :string, banner: "",
|
52
|
+
desc: "Disable loading all plugins that the user installed."
|
41
53
|
|
42
|
-
|
54
|
+
class_option :enable_telemetry, type: :boolean,
|
55
|
+
desc: "Allow or disable telemetry", default: false
|
56
|
+
|
57
|
+
require "license_acceptance/cli_flags/thor"
|
43
58
|
include LicenseAcceptance::CLIFlags::Thor
|
44
59
|
|
45
|
-
desc
|
60
|
+
desc "json PATH", "read all tests in PATH and generate a JSON summary"
|
46
61
|
option :output, aliases: :o, type: :string,
|
47
|
-
desc:
|
62
|
+
desc: "Save the created profile to a path"
|
48
63
|
option :controls, type: :array,
|
49
|
-
desc:
|
64
|
+
desc: "A list of controls to include. Ignore all other tests."
|
50
65
|
profile_options
|
51
66
|
def json(target)
|
67
|
+
require "inspec/resources"
|
68
|
+
require "json"
|
69
|
+
|
52
70
|
o = config
|
53
71
|
diagnose(o)
|
54
|
-
o[
|
72
|
+
o["log_location"] = $stderr
|
55
73
|
configure_logger(o)
|
56
74
|
|
57
75
|
o[:backend] = Inspec::Backend.create(Inspec::Config.mock)
|
@@ -62,7 +80,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
62
80
|
info = profile.info
|
63
81
|
# add in inspec version
|
64
82
|
info[:generator] = {
|
65
|
-
name:
|
83
|
+
name: "inspec",
|
66
84
|
version: Inspec::VERSION,
|
67
85
|
}
|
68
86
|
dst = o[:output].to_s
|
@@ -81,12 +99,18 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
81
99
|
pretty_handle_exception(e)
|
82
100
|
end
|
83
101
|
|
84
|
-
desc
|
102
|
+
desc "check PATH", "verify all tests at the specified PATH"
|
85
103
|
option :format, type: :string
|
86
104
|
profile_options
|
87
|
-
def check(path) # rubocop:disable Metrics/AbcSize
|
105
|
+
def check(path) # rubocop:disable Metrics/AbcSize,Metrics/MethodLength
|
106
|
+
require "inspec/resources"
|
107
|
+
|
88
108
|
o = config
|
89
109
|
diagnose(o)
|
110
|
+
o["log_location"] ||= STDERR if o["format"] == "json"
|
111
|
+
o["log_level"] ||= "warn"
|
112
|
+
configure_logger(o)
|
113
|
+
|
90
114
|
o[:backend] = Inspec::Backend.create(Inspec::Config.mock)
|
91
115
|
o[:check_mode] = true
|
92
116
|
o[:vendor_cache] = Inspec::Cache.new(o[:vendor_cache])
|
@@ -95,25 +119,25 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
95
119
|
profile = Inspec::Profile.for_target(path, o)
|
96
120
|
result = profile.check
|
97
121
|
|
98
|
-
if o[
|
122
|
+
if o["format"] == "json"
|
99
123
|
puts JSON.generate(result)
|
100
124
|
else
|
101
125
|
%w{location profile controls timestamp valid}.each do |item|
|
102
|
-
puts format(
|
126
|
+
puts format("%-12s %s", item.to_s.capitalize + ":",
|
103
127
|
mark_text(result[:summary][item.to_sym]))
|
104
128
|
end
|
105
129
|
puts
|
106
130
|
|
107
|
-
if result[:errors].empty?
|
108
|
-
puts
|
131
|
+
if result[:errors].empty? && result[:warnings].empty?
|
132
|
+
puts "No errors or warnings"
|
109
133
|
else
|
110
134
|
red = "\033[31m"
|
111
135
|
yellow = "\033[33m"
|
112
136
|
rst = "\033[0m"
|
113
137
|
|
114
138
|
item_msg = lambda { |item|
|
115
|
-
pos = [item[:file], item[:line], item[:column]].compact.join(
|
116
|
-
pos.empty? ? item[:msg] : pos +
|
139
|
+
pos = [item[:file], item[:line], item[:column]].compact.join(":")
|
140
|
+
pos.empty? ? item[:msg] : pos + ": " + item[:msg]
|
117
141
|
}
|
118
142
|
result[:errors].each do |item|
|
119
143
|
puts "#{red} ✖ #{item_msg.call(item)}#{rst}"
|
@@ -123,7 +147,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
123
147
|
end
|
124
148
|
|
125
149
|
puts
|
126
|
-
puts format(
|
150
|
+
puts format("Summary: %s%d errors%s, %s%d warnings%s",
|
127
151
|
red, result[:errors].length, rst,
|
128
152
|
yellow, result[:warnings].length, rst)
|
129
153
|
end
|
@@ -133,35 +157,39 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
133
157
|
pretty_handle_exception(e)
|
134
158
|
end
|
135
159
|
|
136
|
-
desc
|
160
|
+
desc "vendor PATH", "Download all dependencies and generate a lockfile in a `vendor` directory"
|
137
161
|
option :overwrite, type: :boolean, default: false,
|
138
|
-
desc:
|
162
|
+
desc: "Overwrite existing vendored dependencies and lockfile."
|
139
163
|
def vendor(path = nil)
|
164
|
+
require "inspec/resources"
|
165
|
+
|
140
166
|
o = config
|
141
167
|
configure_logger(o)
|
142
|
-
o[:logger] = Logger.new(
|
168
|
+
o[:logger] = Logger.new($stdout)
|
143
169
|
o[:logger].level = get_log_level(o[:log_level])
|
144
170
|
|
145
171
|
vendor_deps(path, o)
|
146
172
|
end
|
147
173
|
|
148
|
-
desc
|
174
|
+
desc "archive PATH", "archive a profile to tar.gz (default) or zip"
|
149
175
|
profile_options
|
150
176
|
option :output, aliases: :o, type: :string,
|
151
|
-
desc:
|
177
|
+
desc: "Save the archive to a path"
|
152
178
|
option :zip, type: :boolean, default: false,
|
153
|
-
desc:
|
179
|
+
desc: "Generates a zip archive."
|
154
180
|
option :tar, type: :boolean, default: false,
|
155
|
-
desc:
|
181
|
+
desc: "Generates a tar.gz archive."
|
156
182
|
option :overwrite, type: :boolean, default: false,
|
157
|
-
desc:
|
183
|
+
desc: "Overwrite existing archive."
|
158
184
|
option :ignore_errors, type: :boolean, default: false,
|
159
|
-
desc:
|
185
|
+
desc: "Ignore profile warnings."
|
160
186
|
def archive(path)
|
187
|
+
require "inspec/resources"
|
188
|
+
|
161
189
|
o = config
|
162
190
|
diagnose(o)
|
163
191
|
|
164
|
-
o[:logger] = Logger.new(
|
192
|
+
o[:logger] = Logger.new($stdout)
|
165
193
|
o[:logger].level = get_log_level(o[:log_level])
|
166
194
|
o[:backend] = Inspec::Backend.create(Inspec::Config.mock)
|
167
195
|
|
@@ -174,7 +202,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
174
202
|
result = profile.check
|
175
203
|
|
176
204
|
if result && !o[:ignore_errors] == false
|
177
|
-
o[:logger].info
|
205
|
+
o[:logger].info "Profile check failed. Please fix the profile before generating an archive."
|
178
206
|
return exit 1
|
179
207
|
end
|
180
208
|
|
@@ -184,7 +212,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
184
212
|
pretty_handle_exception(e)
|
185
213
|
end
|
186
214
|
|
187
|
-
desc
|
215
|
+
desc "exec LOCATIONS", "run all test files at the specified LOCATIONS."
|
188
216
|
# TODO: find a way for Thor not to butcher the formatting of this
|
189
217
|
long_desc <<~EOT
|
190
218
|
Loads the given profile(s) and fetches their dependencies if needed. Then
|
@@ -206,55 +234,55 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
206
234
|
|
207
235
|
Automate:
|
208
236
|
```
|
209
|
-
|
210
|
-
|
237
|
+
#{Inspec::Dist::EXEC_NAME} compliance login
|
238
|
+
#{Inspec::Dist::EXEC_NAME} exec compliance://username/linux-baseline
|
211
239
|
```
|
212
240
|
|
213
241
|
Supermarket:
|
214
242
|
```
|
215
|
-
|
243
|
+
#{Inspec::Dist::EXEC_NAME} exec supermarket://username/linux-baseline
|
216
244
|
```
|
217
245
|
|
218
246
|
Local profile (executes all tests in `controls/`):
|
219
247
|
```
|
220
|
-
|
248
|
+
#{Inspec::Dist::EXEC_NAME} exec /path/to/profile
|
221
249
|
```
|
222
250
|
|
223
251
|
Local single test (doesn't allow inputs or custom resources)
|
224
252
|
```
|
225
|
-
|
253
|
+
#{Inspec::Dist::EXEC_NAME} exec /path/to/a_test.rb
|
226
254
|
```
|
227
255
|
|
228
256
|
Git via SSH
|
229
257
|
```
|
230
|
-
|
258
|
+
#{Inspec::Dist::EXEC_NAME} exec git@github.com:dev-sec/linux-baseline.git
|
231
259
|
```
|
232
260
|
|
233
261
|
Git via HTTPS (.git suffix is required):
|
234
262
|
```
|
235
|
-
|
263
|
+
#{Inspec::Dist::EXEC_NAME} exec https://github.com/dev-sec/linux-baseline.git
|
236
264
|
```
|
237
265
|
|
238
266
|
Private Git via HTTPS (.git suffix is required):
|
239
267
|
```
|
240
|
-
|
268
|
+
#{Inspec::Dist::EXEC_NAME} exec https://API_TOKEN@github.com/dev-sec/linux-baseline.git
|
241
269
|
```
|
242
270
|
|
243
271
|
Private Git via HTTPS and cached credentials (.git suffix is required):
|
244
272
|
```
|
245
273
|
git config credential.helper cache
|
246
274
|
git ls-remote https://github.com/dev-sec/linux-baseline.git
|
247
|
-
|
275
|
+
#{Inspec::Dist::EXEC_NAME} exec https://github.com/dev-sec/linux-baseline.git
|
248
276
|
```
|
249
277
|
|
250
278
|
Web hosted fileshare (also supports .zip):
|
251
279
|
```
|
252
|
-
|
280
|
+
#{Inspec::Dist::EXEC_NAME} exec https://webserver/linux-baseline.tar.gz
|
253
281
|
```
|
254
282
|
|
255
283
|
Web hosted fileshare with basic authentication (supports .zip):
|
256
284
|
```
|
257
|
-
|
285
|
+
#{Inspec::Dist::EXEC_NAME} exec https://username:password@webserver/linux-baseline.tar.gz
|
258
286
|
```
|
259
287
|
EOT
|
260
288
|
exec_options
|
@@ -274,17 +302,17 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
274
302
|
pretty_handle_exception(e)
|
275
303
|
end
|
276
304
|
|
277
|
-
desc
|
305
|
+
desc "detect", "detect the target OS"
|
278
306
|
target_options
|
279
307
|
option :format, type: :string
|
280
308
|
def detect
|
281
309
|
o = config
|
282
|
-
o[:command] =
|
310
|
+
o[:command] = "platform.params"
|
283
311
|
(_, res) = run_command(o)
|
284
|
-
if o[
|
312
|
+
if o["format"] == "json"
|
285
313
|
puts res.to_json
|
286
314
|
else
|
287
|
-
headline(
|
315
|
+
headline("Platform Details")
|
288
316
|
puts Inspec::BaseCLI.format_platform_info(params: res, indent: 0, color: 36)
|
289
317
|
end
|
290
318
|
rescue ArgumentError, RuntimeError, Train::UserError => e
|
@@ -294,23 +322,23 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
294
322
|
pretty_handle_exception(e)
|
295
323
|
end
|
296
324
|
|
297
|
-
desc
|
325
|
+
desc "shell", "open an interactive debugging shell"
|
298
326
|
target_options
|
299
327
|
option :command, aliases: :c,
|
300
|
-
desc:
|
328
|
+
desc: "A single command string to run instead of launching the shell"
|
301
329
|
option :reporter, type: :array,
|
302
|
-
banner:
|
303
|
-
desc:
|
330
|
+
banner: "one two:/output/file/path",
|
331
|
+
desc: "Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit"
|
304
332
|
option :depends, type: :array, default: [],
|
305
|
-
desc:
|
333
|
+
desc: "A space-delimited list of local folders containing profiles whose libraries and resources will be loaded into the new shell"
|
306
334
|
option :distinct_exit, type: :boolean, default: true,
|
307
|
-
desc:
|
335
|
+
desc: "Exit with code 100 if any tests fail, and 101 if any are skipped but none failed (default). If disabled, exit 0 on skips and 1 for failures."
|
308
336
|
def shell_func
|
309
337
|
o = config
|
310
338
|
diagnose(o)
|
311
339
|
o[:debug_shell] = true
|
312
340
|
|
313
|
-
log_device = suppress_log_output?(o) ? nil :
|
341
|
+
log_device = suppress_log_output?(o) ? nil : $stdout
|
314
342
|
o[:logger] = Logger.new(log_device)
|
315
343
|
o[:logger].level = get_log_level(o[:log_level])
|
316
344
|
|
@@ -323,7 +351,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
323
351
|
exit res unless run_type == :ruby_eval
|
324
352
|
|
325
353
|
# No InSpec tests - just print evaluation output.
|
326
|
-
res = (res.respond_to?(:to_json) ? res.to_json : JSON.dump(res)) if o[
|
354
|
+
res = (res.respond_to?(:to_json) ? res.to_json : JSON.dump(res)) if o["reporter"]&.keys&.include?("json")
|
327
355
|
puts res
|
328
356
|
exit 0
|
329
357
|
rescue RuntimeError, Train::UserError => e
|
@@ -332,7 +360,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
332
360
|
pretty_handle_exception(e)
|
333
361
|
end
|
334
362
|
|
335
|
-
desc
|
363
|
+
desc "env", "Output shell-appropriate completion configuration"
|
336
364
|
def env(shell = nil)
|
337
365
|
p = Inspec::EnvPrinter.new(self.class, shell)
|
338
366
|
p.print_and_exit!
|
@@ -340,31 +368,40 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
340
368
|
pretty_handle_exception(e)
|
341
369
|
end
|
342
370
|
|
343
|
-
desc
|
371
|
+
desc "schema NAME", "print the JSON schema", hide: true
|
344
372
|
def schema(name)
|
373
|
+
require "inspec/schema"
|
374
|
+
|
345
375
|
puts Inspec::Schema.json(name)
|
346
376
|
rescue StandardError => e
|
347
377
|
puts e
|
348
378
|
puts "Valid schemas are #{Inspec::Schema.names.join(', ')}"
|
349
379
|
end
|
350
380
|
|
351
|
-
desc
|
381
|
+
desc "version", "prints the version of this tool"
|
352
382
|
option :format, type: :string
|
353
383
|
def version
|
354
|
-
if config[
|
384
|
+
if config["format"] == "json"
|
355
385
|
v = { version: Inspec::VERSION }
|
356
386
|
puts v.to_json
|
357
387
|
else
|
388
|
+
require "inspec/utils/latest_version"
|
358
389
|
puts Inspec::VERSION
|
359
390
|
# display outdated version
|
360
|
-
|
391
|
+
# TODO: remove this. Don't notify of update to a gem when they install omnibus
|
392
|
+
latest = LatestInSpecVersion.new.latest || Inspec::VERSION
|
361
393
|
if Gem::Version.new(Inspec::VERSION) < Gem::Version.new(latest)
|
362
|
-
puts "\nYour version of
|
394
|
+
puts "\nYour version of #{Inspec::Dist::PRODUCT_NAME} is out of date! The latest version is #{latest}."
|
363
395
|
end
|
364
396
|
end
|
365
397
|
end
|
366
398
|
map %w{-v --version} => :version
|
367
399
|
|
400
|
+
desc "nothing", "does nothing"
|
401
|
+
def nothing
|
402
|
+
puts "you did nothing"
|
403
|
+
end
|
404
|
+
|
368
405
|
private
|
369
406
|
|
370
407
|
def run_command(opts)
|
@@ -381,25 +418,25 @@ end
|
|
381
418
|
# Pre-Flight Code
|
382
419
|
#=====================================================================#
|
383
420
|
|
384
|
-
help_commands = [
|
385
|
-
version_commands = [
|
421
|
+
help_commands = ["-h", "--help", "help"]
|
422
|
+
version_commands = ["-v", "--version", "version"]
|
386
423
|
commands_exempt_from_license_check = help_commands + version_commands
|
387
424
|
|
388
425
|
#---------------------------------------------------------------------#
|
389
426
|
# EULA acceptance
|
390
427
|
#---------------------------------------------------------------------#
|
391
|
-
require
|
428
|
+
require "license_acceptance/acceptor"
|
392
429
|
begin
|
393
|
-
if (commands_exempt_from_license_check & ARGV.map(&:downcase)).empty? &&
|
394
|
-
|
430
|
+
if (commands_exempt_from_license_check & ARGV.map(&:downcase)).empty? && # Did they use a non-exempt command?
|
431
|
+
!ARGV.empty? # Did they supply at least one command?
|
395
432
|
LicenseAcceptance::Acceptor.check_and_persist(
|
396
|
-
|
433
|
+
"inspec",
|
397
434
|
Inspec::VERSION,
|
398
|
-
logger: Inspec::Log
|
435
|
+
logger: Inspec::Log
|
399
436
|
)
|
400
437
|
end
|
401
438
|
rescue LicenseAcceptance::LicenseNotAcceptedError
|
402
|
-
Inspec::Log.error
|
439
|
+
Inspec::Log.error "InSpec cannot execute without accepting the license"
|
403
440
|
Inspec::UI.new.exit(:license_not_accepted)
|
404
441
|
end
|
405
442
|
|
@@ -418,10 +455,12 @@ end
|
|
418
455
|
#---------------------------------------------------------------------#
|
419
456
|
# Plugin Loading
|
420
457
|
#---------------------------------------------------------------------#
|
458
|
+
require "inspec/plugin/v2"
|
459
|
+
|
421
460
|
begin
|
422
461
|
# Load v2 plugins. Manually check for plugin disablement.
|
423
|
-
omit_core = ARGV.delete(
|
424
|
-
omit_user = ARGV.delete(
|
462
|
+
omit_core = ARGV.delete("--disable-core-plugins")
|
463
|
+
omit_user = ARGV.delete("--disable-user-plugins")
|
425
464
|
v2_loader = Inspec::Plugin::V2::Loader.new(omit_core_plugins: omit_core, omit_user_plugins: omit_user)
|
426
465
|
v2_loader.load_all
|
427
466
|
v2_loader.exit_on_load_error
|
@@ -432,23 +471,23 @@ begin
|
|
432
471
|
ctl.list.each { |x| ctl.load(x) }
|
433
472
|
|
434
473
|
# load v1 CLI plugins before the InSpec CLI has been started
|
435
|
-
Inspec::Plugins::CLI.subcommands.each
|
474
|
+
Inspec::Plugins::CLI.subcommands.each do |_subcommand, params|
|
436
475
|
Inspec::InspecCLI.register(
|
437
476
|
params[:klass],
|
438
477
|
params[:subcommand_name],
|
439
478
|
params[:usage],
|
440
479
|
params[:description],
|
441
|
-
params[:options]
|
480
|
+
params[:options]
|
442
481
|
)
|
443
|
-
|
482
|
+
end
|
444
483
|
rescue Inspec::Plugin::V2::Exception => v2ex
|
445
484
|
Inspec::Log.error v2ex.message
|
446
485
|
|
447
|
-
if ARGV.include?(
|
486
|
+
if ARGV.include?("--debug")
|
448
487
|
Inspec::Log.error v2ex.class.name
|
449
488
|
Inspec::Log.error v2ex.backtrace.join("\n")
|
450
489
|
else
|
451
|
-
Inspec::Log.error
|
490
|
+
Inspec::Log.error "Run again with --debug for a stacktrace."
|
452
491
|
end
|
453
492
|
exit 2
|
454
493
|
end
|