inspec-core 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +139 -140
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
@@ -1,18 +1,15 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# copyright: 2015, Vulcano Security GmbH
|
3
|
-
# author: Dominik Richter
|
4
|
-
# author: Christoph Hartmann
|
5
2
|
|
6
3
|
module FindFiles
|
7
4
|
TYPES = {
|
8
|
-
block:
|
9
|
-
character:
|
10
|
-
directory:
|
11
|
-
pipe:
|
12
|
-
file:
|
13
|
-
link:
|
14
|
-
socket:
|
15
|
-
door:
|
5
|
+
block: "b",
|
6
|
+
character: "c",
|
7
|
+
directory: "d",
|
8
|
+
pipe: "p",
|
9
|
+
file: "f",
|
10
|
+
link: "l",
|
11
|
+
socket: "s",
|
12
|
+
door: "D",
|
16
13
|
}.freeze
|
17
14
|
|
18
15
|
# ignores errors
|
@@ -25,7 +22,7 @@ module FindFiles
|
|
25
22
|
type = TYPES[opts[:type].to_sym] if opts[:type]
|
26
23
|
|
27
24
|
# If `path` contains a `'` we must modify how we quote the `sh -c` argument
|
28
|
-
quote = path.include?("'") ? '"' : '
|
25
|
+
quote = path.include?("'") ? '"' : "'"
|
29
26
|
|
30
27
|
cmd = "sh -c #{quote}find #{path}"
|
31
28
|
cmd += " -type #{type}" unless type.nil?
|
@@ -1,7 +1,3 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
# author: Dominik Richter
|
3
|
-
# author: Christoph Hartmann
|
4
|
-
|
5
1
|
class ::Hash
|
6
2
|
# Inspired by: http://stackoverflow.com/a/9381776
|
7
3
|
def deep_merge(second)
|
@@ -21,7 +17,7 @@ class ::Hash
|
|
21
17
|
inject({}) do |acc, (key, value)|
|
22
18
|
index = prefix.to_s + key.to_s
|
23
19
|
if value.is_a?(Hash)
|
24
|
-
acc.merge(value.smash(index +
|
20
|
+
acc.merge(value.smash(index + "-"))
|
25
21
|
else
|
26
22
|
acc.merge(index => value)
|
27
23
|
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
require "json"
|
2
|
+
|
3
|
+
# a simple streaming json logger
|
4
|
+
class Logger::JSONFormatter < Logger::Formatter
|
5
|
+
def call(severity, time, progname, msg)
|
6
|
+
puts JSON.generate(
|
7
|
+
{
|
8
|
+
"progname" => progname,
|
9
|
+
"severity" => severity,
|
10
|
+
"time" => time,
|
11
|
+
"msg" => msg,
|
12
|
+
}
|
13
|
+
)
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
require "json"
|
2
|
+
require "open-uri"
|
3
|
+
|
4
|
+
class LatestInSpecVersion
|
5
|
+
# fetches the latest version from rubygems server
|
6
|
+
def latest
|
7
|
+
uri = URI("https://rubygems.org/api/v1/gems/inspec.json")
|
8
|
+
inspec_info = JSON.parse(uri.read(open_timeout: 1.5, read_timeout: 1.5))
|
9
|
+
inspec_info["version"]
|
10
|
+
rescue StandardError
|
11
|
+
nil
|
12
|
+
end
|
13
|
+
end
|
@@ -1,8 +1,4 @@
|
|
1
|
-
|
2
|
-
# author: Dominik Richter
|
3
|
-
# author: Christoph Hartmann
|
4
|
-
|
5
|
-
require 'parslet'
|
1
|
+
require "parslet"
|
6
2
|
|
7
3
|
class NginxParser < Parslet::Parser
|
8
4
|
root :outermost
|
@@ -12,60 +8,60 @@ class NginxParser < Parslet::Parser
|
|
12
8
|
rule(:filler?) { one_filler.repeat }
|
13
9
|
rule(:one_filler) { match('\s+') | match["\n"] | comment }
|
14
10
|
rule(:space) { match('\s+') }
|
15
|
-
rule(:comment) { str(
|
11
|
+
rule(:comment) { str("#") >> (match["\n\r"].absent? >> any).repeat }
|
16
12
|
|
17
|
-
rule(:exp)
|
13
|
+
rule(:exp) do
|
18
14
|
section | assignment
|
19
|
-
|
20
|
-
rule(:assignment)
|
21
|
-
(identifier >> values.maybe.as(:args)).as(:assignment) >> str(
|
22
|
-
|
15
|
+
end
|
16
|
+
rule(:assignment) do
|
17
|
+
(identifier >> values.maybe.as(:args)).as(:assignment) >> str(";") >> filler?
|
18
|
+
end
|
23
19
|
|
24
|
-
rule(:standard_identifier)
|
25
|
-
(match(
|
26
|
-
|
20
|
+
rule(:standard_identifier) do
|
21
|
+
(match("[a-zA-Z]") >> match('\S').repeat).as(:identifier) >> space >> space.repeat
|
22
|
+
end
|
27
23
|
|
28
|
-
rule(:quoted_identifier)
|
24
|
+
rule(:quoted_identifier) do
|
29
25
|
str('"') >> (str('"').absent? >> any).repeat.as(:identifier) >> str('"') >> space.repeat
|
30
|
-
|
26
|
+
end
|
31
27
|
|
32
|
-
rule(:identifier)
|
28
|
+
rule(:identifier) do
|
33
29
|
standard_identifier | quoted_identifier
|
34
|
-
|
30
|
+
end
|
35
31
|
|
36
|
-
rule(:standard_value)
|
32
|
+
rule(:standard_value) do
|
37
33
|
((match(/[#;{'"]/).absent? >> any) >> (
|
38
34
|
str('\\') >> any | match('[#;{]|\s').absent? >> any
|
39
35
|
).repeat).as(:value) >> space.repeat
|
40
|
-
|
36
|
+
end
|
41
37
|
|
42
|
-
rule(:single_quoted_value)
|
38
|
+
rule(:single_quoted_value) do
|
43
39
|
str("'") >> (
|
44
40
|
str('\\') >> any | str("'").absent? >> any
|
45
41
|
).repeat.as(:value) >> str("'") >> space.repeat
|
46
|
-
|
42
|
+
end
|
47
43
|
|
48
|
-
rule(:double_quoted_value)
|
44
|
+
rule(:double_quoted_value) do
|
49
45
|
str('"') >> (
|
50
46
|
str('\\') >> any | str('"').absent? >> any
|
51
47
|
).repeat.as(:value) >> str('"') >> space.repeat
|
52
|
-
|
48
|
+
end
|
53
49
|
|
54
|
-
rule(:quoted_value)
|
50
|
+
rule(:quoted_value) do
|
55
51
|
single_quoted_value | double_quoted_value
|
56
|
-
|
52
|
+
end
|
57
53
|
|
58
|
-
rule(:value)
|
54
|
+
rule(:value) do
|
59
55
|
standard_value | quoted_value
|
60
|
-
|
56
|
+
end
|
61
57
|
|
62
|
-
rule(:values)
|
58
|
+
rule(:values) do
|
63
59
|
value.repeat >> space.maybe
|
64
|
-
|
60
|
+
end
|
65
61
|
|
66
|
-
rule(:section)
|
67
|
-
identifier.as(:section) >> values.maybe.as(:args) >> str(
|
68
|
-
|
62
|
+
rule(:section) do
|
63
|
+
identifier.as(:section) >> values.maybe.as(:args) >> str("{") >> filler? >> exp.repeat.as(:expressions) >> str("}") >> filler?
|
64
|
+
end
|
69
65
|
end
|
70
66
|
|
71
67
|
class NginxTransform < Parslet::Transform
|
@@ -87,7 +83,7 @@ class NginxConfig
|
|
87
83
|
def self.parse(content)
|
88
84
|
lex = NginxParser.new.parse(content)
|
89
85
|
tree = NginxTransform.new.apply(lex)
|
90
|
-
gtree = NginxTransform::Group.new(nil,
|
86
|
+
gtree = NginxTransform::Group.new(nil, "", tree)
|
91
87
|
read_nginx_group(gtree)
|
92
88
|
rescue Parslet::ParseFailed => err
|
93
89
|
raise "Failed to parse NginX config: #{err}"
|
@@ -95,7 +91,7 @@ class NginxConfig
|
|
95
91
|
|
96
92
|
def self.read_nginx_group(t)
|
97
93
|
agg_conf = Hash.new([])
|
98
|
-
agg_conf[
|
94
|
+
agg_conf["_"] = t.args unless t.args == ""
|
99
95
|
|
100
96
|
groups, conf = t.body.partition { |i| i.is_a? NginxTransform::Group }
|
101
97
|
conf.each { |x| agg_conf[x.key] += [x.vals] }
|
@@ -1,6 +1,4 @@
|
|
1
|
-
|
2
|
-
# author: Christoph Hartmann
|
3
|
-
# author: Dominik Richter
|
1
|
+
require "inspec/resources/command"
|
4
2
|
|
5
3
|
module PasswdParser
|
6
4
|
# Parse /etc/passwd files.
|
@@ -9,7 +7,7 @@ module PasswdParser
|
|
9
7
|
# @return [Array] Collection of passwd entries
|
10
8
|
def parse_passwd(content)
|
11
9
|
content.to_s.split("\n").map do |line|
|
12
|
-
next if line[0] ==
|
10
|
+
next if line[0] == "#"
|
13
11
|
parse_passwd_line(line)
|
14
12
|
end.compact
|
15
13
|
end
|
@@ -19,15 +17,15 @@ module PasswdParser
|
|
19
17
|
# @param [String] line a line of /etc/passwd
|
20
18
|
# @return [Hash] Map of entries in this line
|
21
19
|
def parse_passwd_line(line)
|
22
|
-
x = line.split(
|
20
|
+
x = line.split(":")
|
23
21
|
{
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
22
|
+
"user" => x.at(0),
|
23
|
+
"password" => x.at(1),
|
24
|
+
"uid" => x.at(2),
|
25
|
+
"gid" => x.at(3),
|
26
|
+
"desc" => x.at(4),
|
27
|
+
"home" => x.at(5),
|
28
|
+
"shell" => x.at(6),
|
31
29
|
}
|
32
30
|
end
|
33
31
|
end
|
@@ -44,7 +42,7 @@ module CommentParser
|
|
44
42
|
idx_comment = raw.index(opts[:comment_char])
|
45
43
|
idx_nl = raw.length if idx_nl.nil?
|
46
44
|
idx_comment = idx_nl + 1 if idx_comment.nil?
|
47
|
-
line =
|
45
|
+
line = ""
|
48
46
|
|
49
47
|
# is a comment inside this line
|
50
48
|
if idx_comment < idx_nl && idx_comment != 0
|
@@ -70,11 +68,11 @@ module LinuxMountParser
|
|
70
68
|
if includes_whitespaces?(mount_line)
|
71
69
|
# Device-/Sharenames and Mountpoints including whitespaces require special treatment:
|
72
70
|
# We use the keyword ' type ' to split up and rebuild the desired array of fields
|
73
|
-
type_split = mount_line.split(
|
71
|
+
type_split = mount_line.split(" type ")
|
74
72
|
fs_path = type_split[0]
|
75
73
|
other_opts = type_split[1]
|
76
74
|
fs, path = fs_path.match(%r{^(.+?)\son\s(/.+?)$}).captures
|
77
|
-
mount = [fs,
|
75
|
+
mount = [fs, "on", path, "type"]
|
78
76
|
mount.concat(other_opts.scan(/\S+/))
|
79
77
|
else
|
80
78
|
# ... otherwise we just split the fields by whitespaces
|
@@ -86,12 +84,12 @@ module LinuxMountParser
|
|
86
84
|
|
87
85
|
if compatibility == false
|
88
86
|
# parse options as array
|
89
|
-
mount_options[:options] = mount[5].gsub(/\(|\)/,
|
87
|
+
mount_options[:options] = mount[5].gsub(/\(|\)/, "").split(",")
|
90
88
|
else
|
91
|
-
Inspec.deprecate(:mount_parser_serverspec_compat,
|
89
|
+
Inspec.deprecate(:mount_parser_serverspec_compat, "Parsing mount options in this fashion is deprecated")
|
92
90
|
mount_options[:options] = {}
|
93
|
-
mount[5].gsub(/\(|\)/,
|
94
|
-
name, val = option.split(
|
91
|
+
mount[5].gsub(/\(|\)/, "").split(",").each do |option|
|
92
|
+
name, val = option.split("=")
|
95
93
|
if val.nil?
|
96
94
|
val = true
|
97
95
|
elsif val =~ /^\d+$/
|
@@ -108,7 +106,7 @@ module LinuxMountParser
|
|
108
106
|
# Device-/Sharename or Mountpoint includes whitespaces?
|
109
107
|
def includes_whitespaces?(mount_line)
|
110
108
|
ws = mount_line.match(/^(.+)\son\s(.+)\stype\s.*$/)
|
111
|
-
ws.captures[0].include?(
|
109
|
+
ws.captures[0].include?(" ") || ws.captures[1].include?(" ")
|
112
110
|
end
|
113
111
|
end
|
114
112
|
|
@@ -118,8 +116,8 @@ module BsdMountParser
|
|
118
116
|
def parse_mount_options(mount_line, _compatibility = false)
|
119
117
|
return {} if mount_line.nil? || mount_line.empty?
|
120
118
|
|
121
|
-
mount = mount_line.chomp.split(
|
122
|
-
options = mount[3].tr(
|
119
|
+
mount = mount_line.chomp.split(" ", 4)
|
120
|
+
options = mount[3].tr("()", "").split(", ")
|
123
121
|
|
124
122
|
# parse device and type
|
125
123
|
{ device: mount[0], type: options.shift, options: options }
|
@@ -140,15 +138,15 @@ module SolarisNetstatParser
|
|
140
138
|
ports = []
|
141
139
|
cache_name_line = nil
|
142
140
|
|
143
|
-
content.each_line
|
141
|
+
content.each_line do |line|
|
144
142
|
# find header, its delimiter
|
145
143
|
if line =~ /TCP:|UDP:|SCTP:/
|
146
144
|
# get protocol
|
147
|
-
protocol = line.split(
|
145
|
+
protocol = line.split(":")[0].chomp.strip.downcase
|
148
146
|
|
149
147
|
# determine version tcp, tcp6, udp, udp6
|
150
|
-
proto_version = line.split(
|
151
|
-
protocol +=
|
148
|
+
proto_version = line.split(":")[1].chomp.strip
|
149
|
+
protocol += "6" if proto_version == "IPv6"
|
152
150
|
|
153
151
|
# reset names cache
|
154
152
|
column_widths = nil
|
@@ -168,19 +166,19 @@ module SolarisNetstatParser
|
|
168
166
|
|
169
167
|
# parse the header names
|
170
168
|
# TODO: names should be optional
|
171
|
-
names = split_columns(column_widths, cache_name_line).to_a.map { |v| v.chomp.strip.downcase.tr(
|
169
|
+
names = split_columns(column_widths, cache_name_line).to_a.map { |v| v.chomp.strip.downcase.tr(" ", "-").gsub(/[^\w-]/, "_") }
|
172
170
|
info = {
|
173
|
-
|
171
|
+
"protocol" => protocol.downcase,
|
174
172
|
}
|
175
173
|
|
176
174
|
# generate hash for each line and use the names as keys
|
177
|
-
names.each_index
|
175
|
+
names.each_index do |i|
|
178
176
|
info[names[i]] = port[i] if i != 0
|
179
|
-
|
177
|
+
end
|
180
178
|
|
181
179
|
ports.push(info)
|
182
180
|
end
|
183
|
-
|
181
|
+
end
|
184
182
|
ports
|
185
183
|
end
|
186
184
|
|
@@ -200,12 +198,12 @@ module SolarisNetstatParser
|
|
200
198
|
# generate regex based on columns
|
201
199
|
sep = '\\s'
|
202
200
|
length = columns.length
|
203
|
-
arr = columns.map.with_index
|
201
|
+
arr = columns.map.with_index do |x, i|
|
204
202
|
reg = "(.{#{x}})#{sep}" # add seperator between columns
|
205
203
|
reg = "(.{,#{x}})#{sep}" if i == length - 2 # make the pre-last one optional
|
206
204
|
reg = "(.{,#{x}})" if i == length - 1 # use , to say max value
|
207
205
|
reg
|
208
|
-
|
206
|
+
end
|
209
207
|
# extracts the columns
|
210
208
|
line.match(Regexp.new(arr.join))
|
211
209
|
end
|
@@ -232,38 +230,38 @@ module XinetdParser
|
|
232
230
|
rest = raw + "\n"
|
233
231
|
until rest.empty?
|
234
232
|
# extract content line
|
235
|
-
nl = rest.index("\n") || (rest.length-1)
|
236
|
-
comment = rest.index(
|
233
|
+
nl = rest.index("\n") || (rest.length - 1)
|
234
|
+
comment = rest.index("#") || (rest.length - 1)
|
237
235
|
dst_idx = comment < nl ? comment : nl
|
238
|
-
inner_line = dst_idx == 0 ?
|
236
|
+
inner_line = dst_idx == 0 ? "" : rest[0..dst_idx - 1].strip
|
239
237
|
# update unparsed content
|
240
|
-
rest = rest[nl+1..-1]
|
238
|
+
rest = rest[nl + 1..-1]
|
241
239
|
next if inner_line.empty?
|
242
240
|
|
243
|
-
if inner_line ==
|
244
|
-
if cur_group ==
|
241
|
+
if inner_line == "}"
|
242
|
+
if cur_group == "defaults"
|
245
243
|
res[cur_group] = SimpleConfig.new(simple_conf.join("\n"))
|
246
244
|
else
|
247
245
|
res[cur_group] ||= []
|
248
246
|
res[cur_group].push(SimpleConfig.new(simple_conf.join("\n")))
|
249
247
|
end
|
250
248
|
cur_group = nil
|
251
|
-
elsif rest.lstrip[0] ==
|
249
|
+
elsif rest.lstrip[0] == "{"
|
252
250
|
cur_group = inner_line
|
253
251
|
simple_conf = []
|
254
|
-
rest = rest[rest.index("\n")+1..-1]
|
252
|
+
rest = rest[rest.index("\n") + 1..-1]
|
255
253
|
elsif cur_group.nil?
|
256
254
|
# parse all included files
|
257
255
|
others = xinetd_include_dir(inner_line[/includedir (.+)/, 1])
|
258
256
|
|
259
257
|
# complex merging of included configurations, as multiple services
|
260
258
|
# may be defined with the same name but different configuration
|
261
|
-
others.each
|
262
|
-
ores.each
|
259
|
+
others.each do |ores|
|
260
|
+
ores.each do |k, v|
|
263
261
|
res[k] ||= []
|
264
262
|
res[k].concat(v)
|
265
|
-
|
266
|
-
|
263
|
+
end
|
264
|
+
end
|
267
265
|
else
|
268
266
|
simple_conf.push(inner_line)
|
269
267
|
end
|
@@ -272,3 +270,5 @@ module XinetdParser
|
|
272
270
|
res
|
273
271
|
end
|
274
272
|
end
|
273
|
+
|
274
|
+
require "inspec/utils/simpleconfig"
|
@@ -1,15 +1,17 @@
|
|
1
|
+
require "inspec/objects/input"
|
2
|
+
|
1
3
|
module PkeyReader
|
2
4
|
def read_pkey(filecontent, passphrase)
|
3
5
|
raise_if_unset(passphrase)
|
4
6
|
|
5
7
|
OpenSSL::PKey.read(filecontent, passphrase)
|
6
8
|
rescue OpenSSL::PKey::PKeyError
|
7
|
-
raise Inspec::Exceptions::ResourceFailed,
|
9
|
+
raise Inspec::Exceptions::ResourceFailed, "passphrase error"
|
8
10
|
end
|
9
11
|
|
10
12
|
def raise_if_unset(passphrase)
|
11
13
|
if passphrase.is_a? Inspec::Input::NO_VALUE_SET
|
12
|
-
raise Inspec::Exceptions::ResourceFailed,
|
14
|
+
raise Inspec::Exceptions::ResourceFailed, "Please provide a value for input for openssl key passphrase"
|
13
15
|
end
|
14
16
|
end
|
15
17
|
end
|