inspec-core 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +139 -140
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
data/lib/inspec/secrets.rb
CHANGED
@@ -1,18 +1,14 @@
|
|
1
|
-
|
2
|
-
# author: Christoph Hartmann
|
3
|
-
# author: Dominik Richter
|
4
|
-
|
5
|
-
require 'inspec/plugin/v1'
|
1
|
+
require "inspec/plugin/v1"
|
6
2
|
|
7
3
|
module Inspec
|
8
4
|
SecretsBackend = PluginRegistry.new
|
9
5
|
|
10
6
|
def self.secrets(version)
|
11
7
|
if version != 1
|
12
|
-
raise
|
8
|
+
raise "Only secrets version 1 is supported!"
|
13
9
|
end
|
14
10
|
Inspec::Plugins::Secret
|
15
11
|
end
|
16
12
|
end
|
17
13
|
|
18
|
-
require
|
14
|
+
require "inspec/secrets/yaml"
|
data/lib/inspec/secrets/yaml.rb
CHANGED
@@ -1,15 +1,13 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require 'yaml'
|
1
|
+
require "yaml"
|
4
2
|
|
5
3
|
module Secrets
|
6
4
|
class YAML < Inspec.secrets(1)
|
7
|
-
name
|
5
|
+
name "yaml"
|
8
6
|
|
9
7
|
attr_reader :inputs
|
10
8
|
|
11
9
|
def self.resolve(target)
|
12
|
-
unless target.is_a?(String) && File.file?(target) && [
|
10
|
+
unless target.is_a?(String) && File.file?(target) && [".yml", ".yaml"].include?(File.extname(target).downcase)
|
13
11
|
return nil
|
14
12
|
end
|
15
13
|
new(target)
|
data/lib/inspec/shell.rb
CHANGED
@@ -1,8 +1,4 @@
|
|
1
|
-
|
2
|
-
# author: Dominik Richter
|
3
|
-
# author: Christoph Hartmann
|
4
|
-
|
5
|
-
require 'pry'
|
1
|
+
require "pry"
|
6
2
|
|
7
3
|
module Inspec
|
8
4
|
# A pry based shell for inspec. Given a runner (with a configured backend and
|
@@ -19,7 +15,7 @@ module Inspec
|
|
19
15
|
# context creates to evaluate each individual test file. We want to
|
20
16
|
# pretend like we are constantly appending to the same file and want
|
21
17
|
# to capture the local variable context from inside said class.
|
22
|
-
@ctx_binding = @runner.eval_with_virtual_profile(
|
18
|
+
@ctx_binding = @runner.eval_with_virtual_profile("binding")
|
23
19
|
configure_pry
|
24
20
|
@ctx_binding.pry
|
25
21
|
end
|
@@ -35,28 +31,28 @@ module Inspec
|
|
35
31
|
that = self
|
36
32
|
|
37
33
|
# Add the help command
|
38
|
-
Pry::Commands.block_command
|
34
|
+
Pry::Commands.block_command "help", "Show examples" do |resource|
|
39
35
|
that.help(resource)
|
40
36
|
end
|
41
37
|
|
42
38
|
# configure pry shell prompt
|
43
|
-
Pry.config.prompt_name =
|
39
|
+
Pry.config.prompt_name = "inspec"
|
44
40
|
Pry.prompt = [proc { "#{readline_ignore("\e[1m\e[32m")}#{Pry.config.prompt_name}> #{readline_ignore("\e[0m")}" }]
|
45
41
|
|
46
42
|
# Add a help menu as the default intro
|
47
|
-
Pry.hooks.add_hook(:before_session,
|
43
|
+
Pry.hooks.add_hook(:before_session, "inspec_intro") do
|
48
44
|
intro
|
49
45
|
print_target_info
|
50
46
|
end
|
51
47
|
|
52
48
|
# Track the rules currently registered and what their merge count is.
|
53
|
-
Pry.hooks.add_hook(:before_eval,
|
49
|
+
Pry.hooks.add_hook(:before_eval, "inspec_before_eval") do
|
54
50
|
@runner.reset
|
55
51
|
end
|
56
52
|
|
57
53
|
# After pry has evaluated a commanding within the binding context of a
|
58
54
|
# test file, register all the rules it discovered.
|
59
|
-
Pry.hooks.add_hook(:after_eval,
|
55
|
+
Pry.hooks.add_hook(:after_eval, "inspec_after_eval") do
|
60
56
|
@runner.load
|
61
57
|
@runner.run_tests if !@runner.all_rules.empty?
|
62
58
|
end
|
@@ -81,7 +77,7 @@ module Inspec
|
|
81
77
|
end
|
82
78
|
|
83
79
|
def intro
|
84
|
-
puts
|
80
|
+
puts "Welcome to the interactive InSpec Shell"
|
85
81
|
puts "To find out how to use it, type: #{mark 'help'}"
|
86
82
|
puts
|
87
83
|
end
|
@@ -114,13 +110,13 @@ module Inspec
|
|
114
110
|
|
115
111
|
#{print_target_info}
|
116
112
|
EOF
|
117
|
-
elsif topic ==
|
113
|
+
elsif topic == "resources"
|
118
114
|
resources.sort.each do |resource|
|
119
115
|
puts " - #{resource}"
|
120
116
|
end
|
121
|
-
elsif topic ==
|
117
|
+
elsif topic == "matchers"
|
122
118
|
print_matchers_help
|
123
|
-
elsif !Inspec::Resource.registry[topic].nil?
|
119
|
+
elsif !Inspec::Resource.registry[topic].nil? # TODO: fix unnecessary logic
|
124
120
|
topic_info = Inspec::Resource.registry[topic]
|
125
121
|
info = "#{mark 'Name:'} #{topic}\n\n"
|
126
122
|
unless topic_info.desc.nil?
|
@@ -1,6 +1,5 @@
|
|
1
|
-
|
2
|
-
require
|
3
|
-
require 'rbconfig'
|
1
|
+
require "etc"
|
2
|
+
require "rbconfig"
|
4
3
|
|
5
4
|
module Inspec
|
6
5
|
#
|
@@ -36,7 +35,7 @@ module Inspec
|
|
36
35
|
|
37
36
|
def detect
|
38
37
|
# Most of our detection code assumes a unix-like environment
|
39
|
-
return nil if RbConfig::CONFIG[
|
38
|
+
return nil if RbConfig::CONFIG["host_os"] =~ /mswin|mingw|cygwin/
|
40
39
|
|
41
40
|
shellpath = detect_by_ppid
|
42
41
|
|
@@ -57,7 +56,7 @@ module Inspec
|
|
57
56
|
|
58
57
|
def detect_by_ppid
|
59
58
|
ppid = Process.ppid
|
60
|
-
if Dir.exist?(
|
59
|
+
if Dir.exist?("/proc")
|
61
60
|
File.readlink("/proc/#{ppid}/exe")
|
62
61
|
else
|
63
62
|
`ps -cp #{ppid} -o command=`.chomp
|
@@ -65,7 +64,7 @@ module Inspec
|
|
65
64
|
end
|
66
65
|
|
67
66
|
def detect_by_env
|
68
|
-
ENV[
|
67
|
+
ENV["SHELL"]
|
69
68
|
end
|
70
69
|
|
71
70
|
def detect_by_getpwuid
|
@@ -76,7 +75,7 @@ module Inspec
|
|
76
75
|
# Strip any leading path elements
|
77
76
|
#
|
78
77
|
def shellname(shellpath)
|
79
|
-
shellpath.split(
|
78
|
+
shellpath.split("/").last
|
80
79
|
end
|
81
80
|
|
82
81
|
#
|
data/lib/inspec/source_reader.rb
CHANGED
@@ -1,8 +1,4 @@
|
|
1
|
-
|
2
|
-
# author: Dominik Richter
|
3
|
-
# author: Christoph Hartmann
|
4
|
-
|
5
|
-
require 'inspec/plugin/v1'
|
1
|
+
require "inspec/plugin/v1"
|
6
2
|
|
7
3
|
module Inspec
|
8
4
|
# Pre-checking of target resolution. Make sure that SourceReader plugins
|
@@ -18,11 +14,11 @@ module Inspec
|
|
18
14
|
|
19
15
|
def self.source_reader(version)
|
20
16
|
if version != 1
|
21
|
-
raise
|
17
|
+
raise "Only source readers version 1 is supported!"
|
22
18
|
end
|
23
19
|
Inspec::Plugins::SourceReader
|
24
20
|
end
|
25
21
|
end
|
26
22
|
|
27
|
-
require
|
28
|
-
require
|
23
|
+
require "source_readers/inspec"
|
24
|
+
require "source_readers/flat"
|
data/lib/inspec/ui.rb
CHANGED
@@ -1,6 +1,3 @@
|
|
1
|
-
require 'tty-table'
|
2
|
-
require 'tty-prompt'
|
3
|
-
|
4
1
|
module Inspec
|
5
2
|
# Provides simple terminal UI interaction primitives for CLI commands and plugins.
|
6
3
|
class UI
|
@@ -18,15 +15,15 @@ module Inspec
|
|
18
15
|
}.freeze
|
19
16
|
|
20
17
|
GLYPHS = {
|
21
|
-
bullet:
|
22
|
-
check:
|
23
|
-
swirl:
|
24
|
-
script_x:
|
25
|
-
question:
|
26
|
-
em_dash:
|
27
|
-
heavy_dash:
|
28
|
-
vertical_dash:
|
29
|
-
table_corner:
|
18
|
+
bullet: "•", # BULLET, Unicode: U+2022, UTF-8: E2 80 A2
|
19
|
+
check: "✔", # HEAVY CHECK MARK, Unicode: U+2714, UTF-8: E2 9C 94
|
20
|
+
swirl: "↺", # ANTICLOCKWISE OPEN CIRCLE ARROW, Unicode U+21BA, UTF-8: E2 86 BA
|
21
|
+
script_x: "×", # MULTIPLICATION SIGN, Unicode: U+00D7, UTF-8: C3 97
|
22
|
+
question: "?", # normal ASCII question mark
|
23
|
+
em_dash: "─", # BOX DRAWINGS LIGHT HORIZONTAL Unicode: U+2500, UTF-8: E2 94 80
|
24
|
+
heavy_dash: "≖", # RING IN EQUAL TO, Unicode: U+2256, UTF-8: E2 89 96
|
25
|
+
vertical_dash: "│", # BOX DRAWINGS LIGHT VERTICAL, Unicode: U+2502, UTF-8: E2 94 82
|
26
|
+
table_corner: "⨀", # N-ARY CIRCLED DOT OPERATOR, Unicode: U+2A00, UTF-8: E2 A8 80
|
30
27
|
}.freeze
|
31
28
|
|
32
29
|
EXIT_NORMAL = 0
|
@@ -62,7 +59,7 @@ module Inspec
|
|
62
59
|
print_or_return(str.to_s, opts[:print])
|
63
60
|
end
|
64
61
|
|
65
|
-
def plain_line(str =
|
62
|
+
def plain_line(str = "", opts = { print: true })
|
66
63
|
print_or_return(str.to_s + "\n", opts[:print])
|
67
64
|
end
|
68
65
|
|
@@ -96,11 +93,11 @@ module Inspec
|
|
96
93
|
end
|
97
94
|
|
98
95
|
result = "\n"
|
99
|
-
result +=
|
100
|
-
result += color? ? ANSI_CODES[:bold] + ANSI_CODES[:color][:white] :
|
96
|
+
result += " " + (color? ? GLYPHS[:em_dash] : "-") * dash_length + " "
|
97
|
+
result += color? ? ANSI_CODES[:bold] + ANSI_CODES[:color][:white] : ""
|
101
98
|
result += str
|
102
|
-
result += color? ? ANSI_CODES[:reset] :
|
103
|
-
result +=
|
99
|
+
result += color? ? ANSI_CODES[:reset] : ""
|
100
|
+
result += " " + (color? ? GLYPHS[:em_dash] : "-") * dash_length + " "
|
104
101
|
result += "\n\n"
|
105
102
|
|
106
103
|
print_or_return(result, opts[:print])
|
@@ -109,11 +106,11 @@ module Inspec
|
|
109
106
|
# Issues a one-line message, with 'ERROR: ' prepended in bold red.
|
110
107
|
def error(str, opts = { print: true })
|
111
108
|
str = str.dup.to_s
|
112
|
-
result =
|
113
|
-
result += color? ? ANSI_CODES[:bold] + ANSI_CODES[:color][:red] :
|
114
|
-
result +=
|
115
|
-
result += color? ? ANSI_CODES[:reset] :
|
116
|
-
result +=
|
109
|
+
result = ""
|
110
|
+
result += color? ? ANSI_CODES[:bold] + ANSI_CODES[:color][:red] : ""
|
111
|
+
result += "ERROR:"
|
112
|
+
result += color? ? ANSI_CODES[:reset] : ""
|
113
|
+
result += " "
|
117
114
|
result += str
|
118
115
|
result += "\n"
|
119
116
|
print_or_return(result, opts[:print])
|
@@ -122,11 +119,11 @@ module Inspec
|
|
122
119
|
# Issues a one-line message, with 'WARNING: ' prepended in bold yellow.
|
123
120
|
def warning(str, opts = { print: true })
|
124
121
|
str = str.dup.to_s
|
125
|
-
result =
|
126
|
-
result += color? ? ANSI_CODES[:bold] + ANSI_CODES[:color][:yellow] :
|
127
|
-
result +=
|
128
|
-
result += color? ? ANSI_CODES[:reset] :
|
129
|
-
result +=
|
122
|
+
result = ""
|
123
|
+
result += color? ? ANSI_CODES[:bold] + ANSI_CODES[:color][:yellow] : ""
|
124
|
+
result += "WARNING:"
|
125
|
+
result += color? ? ANSI_CODES[:reset] : ""
|
126
|
+
result += " "
|
130
127
|
result += str
|
131
128
|
result += "\n"
|
132
129
|
print_or_return(result, opts[:print])
|
@@ -137,15 +134,15 @@ module Inspec
|
|
137
134
|
if color?
|
138
135
|
result = ANSI_CODES[:bold] + GLYPHS[:heavy_dash] * 80 + ANSI_CODES[:reset] + "\n"
|
139
136
|
else
|
140
|
-
result =
|
137
|
+
result = "-" * 80 + "\n"
|
141
138
|
end
|
142
139
|
print_or_return(result, opts[:print])
|
143
140
|
end
|
144
141
|
|
145
142
|
# Makes a bullet point.
|
146
143
|
def list_item(str, opts = { print: true })
|
147
|
-
bullet = color? ? ANSI_CODES[:bold] + ANSI_CODES[:color][:white] + GLYPHS[:bullet] + ANSI_CODES[:reset] :
|
148
|
-
result =
|
144
|
+
bullet = color? ? ANSI_CODES[:bold] + ANSI_CODES[:color][:white] + GLYPHS[:bullet] + ANSI_CODES[:reset] : "*"
|
145
|
+
result = " " + bullet + " " + str.to_s + "\n"
|
149
146
|
print_or_return(result, opts[:print])
|
150
147
|
end
|
151
148
|
|
@@ -158,6 +155,8 @@ module Inspec
|
|
158
155
|
# t << ['', '', 1]
|
159
156
|
# end
|
160
157
|
def table(opts = { print: true })
|
158
|
+
require "inspec/ui_table_helper"
|
159
|
+
|
161
160
|
the_table = TableHelper.new
|
162
161
|
yield(the_table)
|
163
162
|
|
@@ -174,13 +173,6 @@ module Inspec
|
|
174
173
|
print_or_return(result, opts[:print])
|
175
174
|
end
|
176
175
|
|
177
|
-
class TableHelper < TTY::Table
|
178
|
-
def header=(ary)
|
179
|
-
cells = ary.dup.map { |label| { value: label, alignment: :center } }
|
180
|
-
@header = TTY::Table::Header.new(cells)
|
181
|
-
end
|
182
|
-
end
|
183
|
-
|
184
176
|
#=========================================================================#
|
185
177
|
# Exit Codes
|
186
178
|
#=========================================================================#
|
@@ -190,7 +182,7 @@ module Inspec
|
|
190
182
|
if code_sym.is_a? Numeric
|
191
183
|
code_int = code_sym
|
192
184
|
else
|
193
|
-
code_const = (
|
185
|
+
code_const = ("EXIT_" + code_sym.to_s.upcase).to_sym
|
194
186
|
unless self.class.const_defined?(code_const)
|
195
187
|
warning("Unrecognized exit constant #{code_const} - exit with code 1")
|
196
188
|
exit(:usage_error)
|
@@ -210,8 +202,10 @@ module Inspec
|
|
210
202
|
# This simply returns a TTY::Prompt object, gated on interactivity being enabled.
|
211
203
|
def prompt
|
212
204
|
unless interactive?
|
213
|
-
raise Inspec::UserInteractionRequired,
|
205
|
+
raise Inspec::UserInteractionRequired, "Somthing is trying to ask the user a question, but interactivity is disabled."
|
214
206
|
end
|
207
|
+
require "tty-prompt"
|
208
|
+
|
215
209
|
@prompt ||= TTY::Prompt.new
|
216
210
|
end
|
217
211
|
end
|
@@ -1,15 +1,11 @@
|
|
1
|
-
|
2
|
-
# author: Dominik Richter
|
3
|
-
# author: Christoph Hartmann
|
4
|
-
|
5
|
-
require 'shellwords'
|
1
|
+
require "shellwords"
|
6
2
|
|
7
3
|
class CommandWrapper
|
8
4
|
UNIX_SHELLS = %w{sh bash zsh ksh}.freeze
|
9
5
|
|
10
6
|
def self.wrap(cmd, options)
|
11
7
|
unless options.is_a?(Hash)
|
12
|
-
raise
|
8
|
+
raise "All options for the command wrapper must be provided as a hash. "\
|
13
9
|
"You entered: #{options.inspect}. Please consult the documentation."
|
14
10
|
end
|
15
11
|
|
@@ -21,7 +17,7 @@ class CommandWrapper
|
|
21
17
|
raise "Don't know how to wrap commands for shell: #{shell.inspect}." unless UNIX_SHELLS.include?(shell)
|
22
18
|
|
23
19
|
path = options[:path] || shell
|
24
|
-
args = options[:args] ||
|
25
|
-
path.to_s +
|
20
|
+
args = options[:args] || "-c"
|
21
|
+
path.to_s + " " + args + " " + Shellwords.escape(cmd)
|
26
22
|
end
|
27
23
|
end
|
@@ -1,7 +1,3 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
# author: Christoph Hartmann
|
3
|
-
# author: Dominik Richter
|
4
|
-
|
5
1
|
module DatabaseHelper
|
6
2
|
class SQLColumn
|
7
3
|
def initialize(row, name)
|
@@ -10,11 +6,11 @@ module DatabaseHelper
|
|
10
6
|
end
|
11
7
|
|
12
8
|
def value
|
13
|
-
@row.nil? ?
|
9
|
+
@row.nil? ? "" : @row[@name.downcase]
|
14
10
|
end
|
15
11
|
|
16
12
|
def to_s
|
17
|
-
|
13
|
+
"SQL Column"
|
18
14
|
end
|
19
15
|
end
|
20
16
|
|
@@ -29,7 +25,7 @@ module DatabaseHelper
|
|
29
25
|
end
|
30
26
|
|
31
27
|
def to_s
|
32
|
-
|
28
|
+
"SQL Row"
|
33
29
|
end
|
34
30
|
end
|
35
31
|
|
@@ -73,7 +69,7 @@ module DatabaseHelper
|
|
73
69
|
end
|
74
70
|
|
75
71
|
def to_s
|
76
|
-
|
72
|
+
"SQL ResultSet"
|
77
73
|
end
|
78
74
|
end
|
79
75
|
end
|
@@ -1,6 +1,6 @@
|
|
1
|
-
require
|
2
|
-
require
|
3
|
-
require
|
1
|
+
require "stringio"
|
2
|
+
require "json"
|
3
|
+
require "inspec/globals"
|
4
4
|
|
5
5
|
module Inspec
|
6
6
|
module Deprecation
|
@@ -37,7 +37,7 @@ module Inspec
|
|
37
37
|
private
|
38
38
|
|
39
39
|
def open_default_config_io
|
40
|
-
default_path = File.join(Inspec.src_root,
|
40
|
+
default_path = File.join(Inspec.src_root, "etc", "deprecations.json")
|
41
41
|
unless File.exist?(default_path)
|
42
42
|
raise Inspec::Deprecation::MalformedConfigError, "Missing deprecation config file: #{default_path}"
|
43
43
|
end
|
@@ -51,28 +51,28 @@ module Inspec
|
|
51
51
|
validate_file_version
|
52
52
|
validate_unknown_group_action
|
53
53
|
|
54
|
-
unless @raw_data.key?(
|
55
|
-
raise Inspec::Deprecation::InvalidConfigFileError,
|
54
|
+
unless @raw_data.key?("groups")
|
55
|
+
raise Inspec::Deprecation::InvalidConfigFileError, "Missing groups field"
|
56
56
|
end
|
57
|
-
unless @raw_data[
|
58
|
-
raise Inspec::Deprecation::InvalidConfigFileError,
|
57
|
+
unless @raw_data["groups"].is_a?(Hash)
|
58
|
+
raise Inspec::Deprecation::InvalidConfigFileError, "Groups field must be a Hash"
|
59
59
|
end
|
60
|
-
@raw_data[
|
60
|
+
@raw_data["groups"].each do |group_name, group_info|
|
61
61
|
validate_group_entry(group_name, group_info)
|
62
62
|
end
|
63
63
|
end
|
64
64
|
|
65
65
|
def validate_file_version
|
66
|
-
unless @raw_data.key?(
|
67
|
-
raise Inspec::Deprecation::InvalidConfigFileError,
|
66
|
+
unless @raw_data.key?("file_version")
|
67
|
+
raise Inspec::Deprecation::InvalidConfigFileError, "Missing file_version field"
|
68
68
|
end
|
69
|
-
unless @raw_data[
|
69
|
+
unless @raw_data["file_version"] == "1.0.0"
|
70
70
|
raise Inspec::Deprecation::InvalidConfigFileError, "Unrecognized file_version '#{@raw_data['file_version']}' - supported versions: 1.0.0"
|
71
71
|
end
|
72
72
|
end
|
73
73
|
|
74
74
|
def validate_unknown_group_action
|
75
|
-
seen_action = (@raw_data[
|
75
|
+
seen_action = (@raw_data["unknown_group_action"] || @unknown_group_action).to_sym
|
76
76
|
unless VALID_ACTIONS.include?(seen_action)
|
77
77
|
raise Inspec::Deprecation::UnrecognizedActionError, "Unrecognized value '#{seen_action}' for field 'unknown_group_action' - supported actions: #{VALID_ACTIONS.map(&:to_s).join(', ')}"
|
78
78
|
end
|
@@ -88,15 +88,15 @@ module Inspec
|
|
88
88
|
|
89
89
|
entry = GroupEntry.new(name.to_sym)
|
90
90
|
|
91
|
-
opts[
|
92
|
-
unless VALID_ACTIONS.include?(opts[
|
91
|
+
opts["action"] = (opts["action"] || :warn).to_sym
|
92
|
+
unless VALID_ACTIONS.include?(opts["action"])
|
93
93
|
raise Inspec::Deprecation::UnrecognizedActionError, "Unrecognized action for group '#{name}' - saw '#{opts['action']}', supported actions: #{VALID_ACTIONS.map(&:to_s).join(', ')}"
|
94
94
|
end
|
95
|
-
entry.action = opts[
|
95
|
+
entry.action = opts["action"]
|
96
96
|
|
97
|
-
entry.suffix = opts[
|
98
|
-
entry.prefix = opts[
|
99
|
-
entry.exit_status = opts[
|
97
|
+
entry.suffix = opts["suffix"]
|
98
|
+
entry.prefix = opts["prefix"]
|
99
|
+
entry.exit_status = opts["exit_status"]
|
100
100
|
|
101
101
|
groups[name.to_sym] = entry
|
102
102
|
end
|