inspec-core 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +139 -140
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
@@ -1,9 +1,7 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# copyright: 2015, Dominik Richter
|
3
|
-
# author: Dominik Richter
|
4
|
-
# author: Christoph Hartmann
|
5
2
|
|
6
|
-
require
|
3
|
+
require "inspec/utils/parser"
|
4
|
+
require "hashie"
|
7
5
|
|
8
6
|
class SimpleConfig
|
9
7
|
include CommentParser
|
@@ -86,18 +84,18 @@ class SimpleConfig
|
|
86
84
|
if opts[:multiple_values]
|
87
85
|
@vals[line.strip] ||= []
|
88
86
|
else
|
89
|
-
@vals[line.strip] =
|
87
|
+
@vals[line.strip] = ""
|
90
88
|
end
|
91
89
|
end
|
92
90
|
|
93
91
|
def parse_rest(rest, opts)
|
94
92
|
line, idx_nl = parse_comment_line(rest, opts)
|
95
|
-
parse_params_line(line, opts)
|
96
|
-
parse_group_line(line, opts)
|
93
|
+
parse_params_line(line, opts) ||
|
94
|
+
parse_group_line(line, opts) ||
|
97
95
|
parse_implicit_assignment_line(line, opts)
|
98
96
|
|
99
97
|
# return whatever is left
|
100
|
-
rest[(idx_nl + 1)..-1] ||
|
98
|
+
rest[(idx_nl + 1)..-1] || ""
|
101
99
|
end
|
102
100
|
|
103
101
|
def is_empty_line(l)
|
@@ -106,9 +104,9 @@ class SimpleConfig
|
|
106
104
|
|
107
105
|
def default_options
|
108
106
|
{
|
109
|
-
quotes:
|
107
|
+
quotes: "",
|
110
108
|
multiline: false,
|
111
|
-
comment_char:
|
109
|
+
comment_char: "#",
|
112
110
|
line_separator: nil, # uses this char to seperate lines before parsing
|
113
111
|
assignment_regex: /^\s*([^=]*?)\s*=\s*(.*?)\s*$/,
|
114
112
|
group_re: /\[([^\]]+)\]\s*$/,
|
@@ -1,9 +1,6 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
# author: Christoph Hartmann
|
3
|
-
# author: Dominik Richter
|
4
1
|
class Spdx
|
5
2
|
def self.licenses
|
6
|
-
spdx_file = File.join(File.dirname(__FILE__),
|
3
|
+
spdx_file = File.join(File.dirname(__FILE__), "spdx.txt").freeze
|
7
4
|
File.read(spdx_file).split("\n")
|
8
5
|
end
|
9
6
|
|
File without changes
|
@@ -1,3 +1,3 @@
|
|
1
|
-
require
|
2
|
-
require
|
3
|
-
require
|
1
|
+
require "inspec/utils/telemetry/collector"
|
2
|
+
require "inspec/utils/telemetry/data_series"
|
3
|
+
require "inspec/utils/telemetry/global_methods"
|
@@ -1,14 +1,23 @@
|
|
1
|
-
require
|
2
|
-
require
|
1
|
+
require "inspec/config"
|
2
|
+
require "inspec/utils/telemetry/data_series"
|
3
|
+
require "singleton"
|
3
4
|
|
4
5
|
module Inspec::Telemetry
|
5
6
|
# A Singleton collection of data series objects.
|
6
7
|
class Collector
|
7
8
|
include Singleton
|
8
9
|
|
10
|
+
attr_reader :config
|
11
|
+
|
9
12
|
def initialize
|
10
13
|
@data_series = []
|
11
|
-
@
|
14
|
+
@telemetry_toggled_off = false
|
15
|
+
load_config
|
16
|
+
end
|
17
|
+
|
18
|
+
# Allow loading a configuration, useful when testing.
|
19
|
+
def load_config(config = Inspec::Config.cached)
|
20
|
+
@config = config
|
12
21
|
end
|
13
22
|
|
14
23
|
# Add a data series to the collection.
|
@@ -17,17 +26,20 @@ module Inspec::Telemetry
|
|
17
26
|
@data_series << data_series
|
18
27
|
end
|
19
28
|
|
20
|
-
#
|
21
|
-
#
|
29
|
+
# The loaded configuration should have a option to configure
|
30
|
+
# telemetry, if not default to false.
|
22
31
|
# @return [True, False]
|
23
32
|
def telemetry_enabled?
|
24
|
-
@
|
33
|
+
if @telemetry_toggled_off
|
34
|
+
false
|
35
|
+
else
|
36
|
+
config_telemetry_options.fetch("enable_telemetry", false)
|
37
|
+
end
|
25
38
|
end
|
26
39
|
|
27
40
|
# A way to disable the telemetry system.
|
28
|
-
# @return [True]
|
29
41
|
def disable_telemetry
|
30
|
-
@
|
42
|
+
@telemetry_toggled_off = true
|
31
43
|
end
|
32
44
|
|
33
45
|
# The entire data series collection.
|
@@ -52,9 +64,18 @@ module Inspec::Telemetry
|
|
52
64
|
end
|
53
65
|
|
54
66
|
# Blanks the contents of the data series collection.
|
67
|
+
# Reset telemetry toggle
|
55
68
|
# @return [True]
|
56
|
-
def reset
|
69
|
+
def reset!
|
57
70
|
@data_series = []
|
71
|
+
@telemetry_toggled_off = false
|
72
|
+
end
|
73
|
+
|
74
|
+
private
|
75
|
+
|
76
|
+
# Minimize exposure of Inspec::Config interface
|
77
|
+
def config_telemetry_options
|
78
|
+
config.telemetry_options
|
58
79
|
end
|
59
80
|
end
|
60
81
|
end
|
data/lib/inspec/version.rb
CHANGED
data/lib/matchers/matchers.rb
CHANGED
@@ -1,7 +1,4 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# copyright: 2015, Vulcano Security GmbH
|
3
|
-
# author: Dominik Richter
|
4
|
-
# author: Christoph Hartmann
|
5
2
|
|
6
3
|
RSpec::Matchers.define :be_readable do
|
7
4
|
match do |file|
|
@@ -17,7 +14,7 @@ RSpec::Matchers.define :be_readable do
|
|
17
14
|
end
|
18
15
|
|
19
16
|
description do
|
20
|
-
res =
|
17
|
+
res = "be readable"
|
21
18
|
res += " by #{@by}" unless @by.nil?
|
22
19
|
res += " by user #{@by_user}" unless @by_user.nil?
|
23
20
|
res
|
@@ -38,7 +35,7 @@ RSpec::Matchers.define :be_writable do
|
|
38
35
|
end
|
39
36
|
|
40
37
|
description do
|
41
|
-
res =
|
38
|
+
res = "be writable"
|
42
39
|
res += " by #{@by}" unless @by.nil?
|
43
40
|
res += " by user #{@by_user}" unless @by_user.nil?
|
44
41
|
res
|
@@ -59,7 +56,7 @@ RSpec::Matchers.define :be_executable do
|
|
59
56
|
end
|
60
57
|
|
61
58
|
description do
|
62
|
-
res =
|
59
|
+
res = "be executable"
|
63
60
|
res += " by #{@by}" unless @by.nil?
|
64
61
|
res += " by user #{@by_user}" unless @by_user.nil?
|
65
62
|
res
|
@@ -95,7 +92,7 @@ RSpec::Matchers.define :be_enabled do
|
|
95
92
|
end
|
96
93
|
|
97
94
|
chain :with_level do |_level|
|
98
|
-
raise
|
95
|
+
raise "[UNSUPPORTED] with level is not supported"
|
99
96
|
end
|
100
97
|
|
101
98
|
failure_message do |service|
|
@@ -107,12 +104,12 @@ end
|
|
107
104
|
# Deprecated: You should not use this matcher anymore
|
108
105
|
RSpec::Matchers.define :be_running do
|
109
106
|
match do |service|
|
110
|
-
Inspec.deprecate(:serverspec_compatibility,
|
107
|
+
Inspec.deprecate(:serverspec_compatibility, "The service `be_running?` matcher is deprecated.")
|
111
108
|
service.running? == true
|
112
109
|
end
|
113
110
|
|
114
111
|
chain :under do |_under|
|
115
|
-
raise
|
112
|
+
raise "[UNSUPPORTED] under is not supported"
|
116
113
|
end
|
117
114
|
|
118
115
|
failure_message do |service|
|
@@ -127,7 +124,7 @@ RSpec::Matchers.define :be_reachable do
|
|
127
124
|
end
|
128
125
|
|
129
126
|
chain :with do |_attr|
|
130
|
-
raise
|
127
|
+
raise "[UNSUPPORTED] `with` is not supported in combination with `be_reachable`"
|
131
128
|
end
|
132
129
|
|
133
130
|
failure_message do |host|
|
@@ -218,13 +215,13 @@ RSpec::Matchers.define :cmp do |first_expected| # rubocop:disable Metrics/BlockL
|
|
218
215
|
def float?(value)
|
219
216
|
Float(value)
|
220
217
|
true
|
221
|
-
rescue ArgumentError
|
218
|
+
rescue ArgumentError, TypeError
|
222
219
|
false
|
223
220
|
end
|
224
221
|
|
225
222
|
def octal?(value)
|
226
223
|
return false unless value.is_a?(String)
|
227
|
-
!(value =~ /\A0+\
|
224
|
+
!(value =~ /\A0+[0-7]+\Z/).nil?
|
228
225
|
end
|
229
226
|
|
230
227
|
def boolean?(value)
|
@@ -240,33 +237,33 @@ RSpec::Matchers.define :cmp do |first_expected| # rubocop:disable Metrics/BlockL
|
|
240
237
|
|
241
238
|
# expects that the values have been checked with boolean?
|
242
239
|
def to_boolean(value)
|
243
|
-
value.casecmp(
|
240
|
+
value.casecmp("true") == 0
|
244
241
|
end
|
245
242
|
|
246
243
|
def try_match(actual, op, expected) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize
|
247
244
|
# if actual and expected are strings
|
248
245
|
if expected.is_a?(String) && actual.is_a?(String)
|
249
246
|
return actual.casecmp(expected) == 0 if op == :==
|
250
|
-
return Gem::Version.new(actual).
|
247
|
+
return Gem::Version.new(actual).send(op, Gem::Version.new(expected)) if
|
251
248
|
version?(expected) && version?(actual)
|
252
249
|
elsif expected.is_a?(Regexp) && (actual.is_a?(String) || actual.is_a?(Integer))
|
253
250
|
return !actual.to_s.match(expected).nil?
|
254
251
|
elsif expected.is_a?(String) && integer?(expected) && actual.is_a?(Integer)
|
255
|
-
return actual.
|
252
|
+
return actual.send(op, expected.to_i)
|
256
253
|
elsif expected.is_a?(String) && boolean?(expected) && [true, false].include?(actual)
|
257
|
-
return actual.
|
254
|
+
return actual.send(op, to_boolean(expected))
|
258
255
|
elsif expected.is_a?(Integer) && integer?(actual)
|
259
|
-
return actual.to_i.
|
256
|
+
return actual.to_i.send(op, expected)
|
260
257
|
elsif expected.is_a?(Float) && float?(actual)
|
261
|
-
return actual.to_f.
|
258
|
+
return actual.to_f.send(op, expected)
|
262
259
|
elsif actual.is_a?(Symbol) && expected.is_a?(String)
|
263
|
-
return actual.to_s
|
260
|
+
return try_match(actual.to_s, op, expected)
|
264
261
|
elsif octal?(expected) && actual.is_a?(Integer)
|
265
|
-
return actual.
|
262
|
+
return actual.send(op, expected.to_i(8))
|
266
263
|
end
|
267
264
|
|
268
265
|
# fallback to simple operation
|
269
|
-
actual.
|
266
|
+
actual.send(op, expected)
|
270
267
|
rescue NameError => _
|
271
268
|
false
|
272
269
|
rescue ArgumentError
|
@@ -289,18 +286,18 @@ RSpec::Matchers.define :cmp do |first_expected| # rubocop:disable Metrics/BlockL
|
|
289
286
|
end
|
290
287
|
|
291
288
|
def format_expectation(negate)
|
292
|
-
return
|
293
|
-
negate_str = negate ?
|
289
|
+
return "expected: " + @expected.inspect if @operation == :== && !negate
|
290
|
+
negate_str = negate ? "not " : ""
|
294
291
|
"expected it #{negate_str}to be #{@operation} #{@expected.inspect}"
|
295
292
|
end
|
296
293
|
|
297
294
|
failure_message do |actual|
|
298
|
-
actual = (
|
295
|
+
actual = ("0" + actual.to_s(8)) if octal?(@expected)
|
299
296
|
"\n" + format_expectation(false) + "\n got: #{actual.inspect}\n\n(compared using `cmp` matcher)\n"
|
300
297
|
end
|
301
298
|
|
302
299
|
failure_message_when_negated do |actual|
|
303
|
-
actual = (
|
300
|
+
actual = ("0" + actual.to_s(8)).inspect if octal?(@expected)
|
304
301
|
"\n" + format_expectation(true) + "\n got: #{actual.inspect}\n\n(compared using `cmp` matcher)\n"
|
305
302
|
end
|
306
303
|
|
@@ -1,41 +1,48 @@
|
|
1
|
-
require
|
2
|
-
require
|
3
|
-
require
|
4
|
-
require
|
5
|
-
require
|
6
|
-
require
|
1
|
+
require "base64"
|
2
|
+
require "openssl"
|
3
|
+
require "pathname"
|
4
|
+
require "set"
|
5
|
+
require "tempfile"
|
6
|
+
require "yaml"
|
7
|
+
require "inspec/dist"
|
7
8
|
|
8
9
|
module InspecPlugins
|
9
10
|
module Artifact
|
10
11
|
class Base
|
11
|
-
|
12
|
-
KEY_ALG=OpenSSL::PKey::RSA
|
12
|
+
include Inspec::Dist
|
13
13
|
|
14
|
-
|
15
|
-
|
14
|
+
KEY_BITS = 2048
|
15
|
+
KEY_ALG = OpenSSL::PKey::RSA
|
16
16
|
|
17
|
-
|
18
|
-
|
17
|
+
INSPEC_PROFILE_VERSION_1 = "INSPEC-PROFILE-1".freeze
|
18
|
+
INSPEC_REPORT_VERSION_1 = "INSPEC-REPORT-1".freeze
|
19
19
|
|
20
|
-
|
21
|
-
|
20
|
+
ARTIFACT_DIGEST = OpenSSL::Digest::SHA512
|
21
|
+
ARTIFACT_DIGEST_NAME = "SHA512".freeze
|
22
22
|
|
23
|
-
|
24
|
-
|
23
|
+
VALID_PROFILE_VERSIONS = Set.new [INSPEC_PROFILE_VERSION_1]
|
24
|
+
VALID_PROFILE_DIGESTS = Set.new [ARTIFACT_DIGEST_NAME]
|
25
|
+
|
26
|
+
SIGNED_PROFILE_SUFFIX = "iaf".freeze
|
27
|
+
SIGNED_REPORT_SUFFIX = "iar".freeze
|
25
28
|
|
26
29
|
def self.keygen(options)
|
27
30
|
key = KEY_ALG.new KEY_BITS
|
28
|
-
puts
|
29
|
-
open "#{options['keyname']}.pem.key",
|
30
|
-
|
31
|
-
|
31
|
+
puts "Generating private key"
|
32
|
+
open "#{options['keyname']}.pem.key", "w" do |io|
|
33
|
+
io.write key.to_pem
|
34
|
+
end
|
35
|
+
puts "Generating public key"
|
36
|
+
open "#{options['keyname']}.pem.pub", "w" do |io|
|
37
|
+
io.write key.public_key.to_pem
|
38
|
+
end
|
32
39
|
end
|
33
40
|
|
34
41
|
def self.profile_sign(options)
|
35
42
|
artifact = new
|
36
43
|
Dir.mktmpdir do |workdir|
|
37
44
|
puts "Signing #{options['profile']} with key #{options['keyname']}"
|
38
|
-
path_to_profile = options[
|
45
|
+
path_to_profile = options["profile"]
|
39
46
|
profile_md = artifact.read_profile_metadata(path_to_profile)
|
40
47
|
artifact_filename = "#{profile_md['name']}-#{profile_md['version']}.#{SIGNED_PROFILE_SUFFIX}"
|
41
48
|
tarfile = artifact.profile_compress(path_to_profile, profile_md, workdir)
|
@@ -46,12 +53,12 @@ module InspecPlugins
|
|
46
53
|
# convert the signature to Base64
|
47
54
|
signature_base64 = Base64.encode64(signature)
|
48
55
|
tar_content = IO.binread(tarfile)
|
49
|
-
File.open(artifact_filename,
|
56
|
+
File.open(artifact_filename, "wb") do |f|
|
50
57
|
f.puts(INSPEC_PROFILE_VERSION_1)
|
51
|
-
f.puts(options[
|
58
|
+
f.puts(options["keyname"])
|
52
59
|
f.puts(ARTIFACT_DIGEST_NAME)
|
53
60
|
f.puts(signature_base64)
|
54
|
-
f.puts(
|
61
|
+
f.puts("") # newline separates artifact header with body
|
55
62
|
f.write(tar_content)
|
56
63
|
end
|
57
64
|
puts "Successfully generated #{artifact_filename}"
|
@@ -60,21 +67,21 @@ module InspecPlugins
|
|
60
67
|
|
61
68
|
def self.profile_verify(options)
|
62
69
|
artifact = new
|
63
|
-
file_to_verifiy = options[
|
70
|
+
file_to_verifiy = options["infile"]
|
64
71
|
puts "Verifying #{file_to_verifiy}"
|
65
72
|
artifact.verify(file_to_verifiy) do ||
|
66
|
-
puts
|
73
|
+
puts "Artifact is valid"
|
67
74
|
end
|
68
75
|
end
|
69
76
|
|
70
77
|
def self.profile_install(options)
|
71
78
|
artifact = new
|
72
|
-
puts
|
73
|
-
file_to_verifiy = options[
|
74
|
-
dest_dir = options[
|
79
|
+
puts "Installing profile"
|
80
|
+
file_to_verifiy = options["infile"]
|
81
|
+
dest_dir = options["destdir"]
|
75
82
|
artifact.verify(file_to_verifiy) do |content|
|
76
83
|
Dir.mktmpdir do |workdir|
|
77
|
-
tmpfile = Pathname.new(workdir).join(
|
84
|
+
tmpfile = Pathname.new(workdir).join("artifact_to_install.tar.gz")
|
78
85
|
File.write(tmpfile, content)
|
79
86
|
puts "Installing to #{dest_dir}"
|
80
87
|
`tar xzf #{tmpfile} -C #{dest_dir}`
|
@@ -85,31 +92,31 @@ module InspecPlugins
|
|
85
92
|
def read_profile_metadata(path_to_profile)
|
86
93
|
begin
|
87
94
|
p = Pathname.new(path_to_profile)
|
88
|
-
p = p.join(
|
95
|
+
p = p.join("inspec.yml")
|
89
96
|
if not p.exist?
|
90
|
-
raise "#{path_to_profile} doesn't appear to be a valid
|
97
|
+
raise "#{path_to_profile} doesn't appear to be a valid #{PRODUCT_NAME} profile"
|
91
98
|
end
|
92
99
|
yaml = YAML.load_file(p.to_s)
|
93
100
|
yaml = yaml.to_hash
|
94
101
|
|
95
|
-
if not yaml.key?
|
96
|
-
raise
|
102
|
+
if not yaml.key? "name"
|
103
|
+
raise "Profile is invalid, name is not defined"
|
97
104
|
end
|
98
105
|
|
99
|
-
if not yaml.key?
|
100
|
-
raise
|
106
|
+
if not yaml.key? "version"
|
107
|
+
raise "Profile is invalid, version is not defined"
|
101
108
|
end
|
102
109
|
rescue => e
|
103
110
|
# rewrap it and pass it up to the CLI
|
104
|
-
raise "Error reading
|
111
|
+
raise "Error reading #{PRODUCT_NAME} profile metadata: #{e}"
|
105
112
|
end
|
106
113
|
|
107
114
|
yaml
|
108
115
|
end
|
109
116
|
|
110
117
|
def profile_compress(path_to_profile, profile_md, workdir)
|
111
|
-
profile_name = profile_md[
|
112
|
-
profile_version = profile_md[
|
118
|
+
profile_name = profile_md["name"]
|
119
|
+
profile_version = profile_md["version"]
|
113
120
|
outfile_name = "#{workdir}/#{profile_name}-#{profile_version}.tar.gz"
|
114
121
|
`tar czf #{outfile_name} -C #{path_to_profile} .`
|
115
122
|
outfile_name
|
@@ -122,17 +129,17 @@ module InspecPlugins
|
|
122
129
|
raise "Can't find #{public_keyfile}"
|
123
130
|
end
|
124
131
|
|
125
|
-
raise
|
126
|
-
raise
|
132
|
+
raise "Invalid artifact digest algorithm detected" if !VALID_PROFILE_DIGESTS.member?(file_alg)
|
133
|
+
raise "Invalid artifact version detected" if !VALID_PROFILE_VERSIONS.member?(file_version)
|
127
134
|
end
|
128
135
|
|
129
136
|
def verify(file_to_verifiy, &content_block)
|
130
|
-
f = File.open(file_to_verifiy,
|
137
|
+
f = File.open(file_to_verifiy, "r")
|
131
138
|
file_version = f.readline.strip!
|
132
139
|
file_keyname = f.readline.strip!
|
133
140
|
file_alg = f.readline.strip!
|
134
141
|
|
135
|
-
file_sig =
|
142
|
+
file_sig = ""
|
136
143
|
# the signature is multi-line
|
137
144
|
while (line = f.readline) != "\n"
|
138
145
|
file_sig += line
|
@@ -145,7 +152,7 @@ module InspecPlugins
|
|
145
152
|
public_keyfile = "#{file_keyname}.pem.pub"
|
146
153
|
verification_key = KEY_ALG.new File.read public_keyfile
|
147
154
|
|
148
|
-
f = File.open(file_to_verifiy,
|
155
|
+
f = File.open(file_to_verifiy, "r")
|
149
156
|
while f.readline != "\n" do end
|
150
157
|
content = f.read
|
151
158
|
|
@@ -154,7 +161,7 @@ module InspecPlugins
|
|
154
161
|
if verification_key.verify digest, signature, content
|
155
162
|
content_block.yield(content)
|
156
163
|
else
|
157
|
-
puts
|
164
|
+
puts "Artifact is invalid"
|
158
165
|
end
|
159
166
|
end
|
160
167
|
end
|