inspec-core 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +139 -140
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
@@ -1,6 +1,5 @@
|
|
1
|
-
|
2
|
-
require
|
3
|
-
require 'semverse'
|
1
|
+
require "inspec/cached_fetcher"
|
2
|
+
require "semverse"
|
4
3
|
|
5
4
|
module Inspec
|
6
5
|
#
|
@@ -9,7 +8,7 @@ module Inspec
|
|
9
8
|
#
|
10
9
|
class Requirement
|
11
10
|
def self.from_metadata(dep, cache, opts)
|
12
|
-
raise
|
11
|
+
raise "Cannot load empty dependency." if dep.nil? || dep.empty?
|
13
12
|
|
14
13
|
req_path = opts[:cwd]
|
15
14
|
|
@@ -82,13 +81,13 @@ module Inspec
|
|
82
81
|
|
83
82
|
def to_hash
|
84
83
|
h = {
|
85
|
-
|
86
|
-
|
87
|
-
|
84
|
+
"name" => name,
|
85
|
+
"resolved_source" => resolved_source,
|
86
|
+
"version_constraints" => version_constraints,
|
88
87
|
}
|
89
88
|
|
90
89
|
if !dependencies.empty?
|
91
|
-
h[
|
90
|
+
h["dependencies"] = dependencies.map(&:to_hash)
|
92
91
|
end
|
93
92
|
|
94
93
|
h
|
@@ -1,7 +1,5 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require 'inspec/log'
|
4
|
-
require 'inspec/errors'
|
1
|
+
require "inspec/log"
|
2
|
+
require "inspec/errors"
|
5
3
|
|
6
4
|
module Inspec
|
7
5
|
#
|
@@ -37,7 +35,7 @@ module Inspec
|
|
37
35
|
deps.each do |dep|
|
38
36
|
if seen_items_local.include?(dep.name)
|
39
37
|
problem_cookbook = if top_level
|
40
|
-
|
38
|
+
"the inspec.yml for this profile."
|
41
39
|
else
|
42
40
|
"the dependency information for #{path_string.split(' ').last}"
|
43
41
|
end
|
@@ -49,7 +47,7 @@ module Inspec
|
|
49
47
|
end
|
50
48
|
|
51
49
|
# Here deps is an Array of Inspec::Requirement
|
52
|
-
def resolve(deps, top_level = true, seen_items = {}, path_string =
|
50
|
+
def resolve(deps, top_level = true, seen_items = {}, path_string = "") # rubocop:disable Metrics/AbcSize
|
53
51
|
graph = {}
|
54
52
|
if top_level
|
55
53
|
Inspec::Log.debug("Starting traversal of dependencies #{deps.map(&:to_s)}")
|
@@ -81,7 +79,7 @@ module Inspec
|
|
81
79
|
end
|
82
80
|
end
|
83
81
|
|
84
|
-
Inspec::Log.debug(
|
82
|
+
Inspec::Log.debug("Dependency traversal complete.") if top_level
|
85
83
|
graph
|
86
84
|
end
|
87
85
|
end
|
data/lib/inspec/describe.rb
CHANGED
@@ -1,7 +1,3 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
# author: Dominik Richter
|
3
|
-
# author: Christoph Hartmann
|
4
|
-
|
5
1
|
module Inspec
|
6
2
|
class DescribeBase
|
7
3
|
def initialize(action)
|
@@ -17,11 +13,11 @@ module Inspec
|
|
17
13
|
def one(&block)
|
18
14
|
return unless block_given?
|
19
15
|
instance_eval(&block)
|
20
|
-
@action.call(
|
16
|
+
@action.call("describe.one", @checks, nil)
|
21
17
|
end
|
22
18
|
|
23
19
|
def describe(*args, &block)
|
24
|
-
@checks.push([
|
20
|
+
@checks.push(["describe", args, block])
|
25
21
|
end
|
26
22
|
end
|
27
23
|
end
|
data/lib/inspec/dist.rb
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Inspec
|
4
|
+
module Dist
|
5
|
+
# When referencing a product directly, like InSpec
|
6
|
+
PRODUCT_NAME = "Chef InSpec"
|
7
|
+
|
8
|
+
# The inspec executable
|
9
|
+
EXEC_NAME = "inspec"
|
10
|
+
|
11
|
+
# The name of the server product
|
12
|
+
SERVER_PRODUCT_NAME = "Chef Server"
|
13
|
+
|
14
|
+
# name of the automate product
|
15
|
+
AUTOMATE_PRODUCT_NAME = "Chef Automate"
|
16
|
+
|
17
|
+
# name of the compliance product
|
18
|
+
COMPLIANCE_PRODUCT_NAME = "Chef Compliance"
|
19
|
+
end
|
20
|
+
end
|
data/lib/inspec/dsl.rb
CHANGED
@@ -1,9 +1,6 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# copyright: 2015, Dominik Richter
|
3
|
-
|
4
|
-
|
5
|
-
require 'inspec/log'
|
6
|
-
require 'inspec/plugin/v2'
|
2
|
+
require "inspec/log"
|
3
|
+
require "inspec/plugin/v2"
|
7
4
|
|
8
5
|
module Inspec::DSL
|
9
6
|
def require_controls(id, &block)
|
@@ -20,7 +17,7 @@ module Inspec::DSL
|
|
20
17
|
alias include_rules include_controls
|
21
18
|
|
22
19
|
def require_resource(options = {})
|
23
|
-
raise
|
20
|
+
raise "You must specify a specific resource name when calling require_resource()" if options[:resource].nil?
|
24
21
|
|
25
22
|
from_profile = options[:profile] || profile_name
|
26
23
|
target_name = options[:as] || options[:resource]
|
@@ -84,7 +81,7 @@ module Inspec::DSL
|
|
84
81
|
# remove all rules that were not registered
|
85
82
|
context.all_rules.each do |r|
|
86
83
|
id = Inspec::Rule.rule_id(r)
|
87
|
-
fid = Inspec::Rule.profile_id(r) +
|
84
|
+
fid = Inspec::Rule.profile_id(r) + "/" + id
|
88
85
|
unless include_ctx.rules[id] || include_ctx.rules[fid]
|
89
86
|
context.remove_rule(fid)
|
90
87
|
end
|
data/lib/inspec/dsl_shared.rb
CHANGED
@@ -1,4 +1,3 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
module Inspec
|
3
2
|
#
|
4
3
|
# Contains methods we would like in multiple DSL
|
@@ -10,7 +9,7 @@ module Inspec
|
|
10
9
|
alias __ruby_require require
|
11
10
|
|
12
11
|
def require(path)
|
13
|
-
rbpath = path +
|
12
|
+
rbpath = path + ".rb"
|
14
13
|
return __ruby_require(path) if !@require_loader.exists?(rbpath)
|
15
14
|
return false if @require_loader.loaded?(rbpath)
|
16
15
|
|
data/lib/inspec/env_printer.rb
CHANGED
@@ -1,16 +1,15 @@
|
|
1
|
-
|
2
|
-
require
|
3
|
-
require
|
4
|
-
require 'shellwords'
|
1
|
+
require "inspec/shell_detector"
|
2
|
+
require "erb"
|
3
|
+
require "shellwords"
|
5
4
|
|
6
5
|
module Inspec
|
7
6
|
class EnvPrinter
|
8
7
|
attr_reader :shell
|
9
8
|
|
10
9
|
EVAL_COMMANDS = {
|
11
|
-
|
12
|
-
|
13
|
-
|
10
|
+
"bash" => 'eval \"$(inspec env bash)\"',
|
11
|
+
"fish" => "inspec env fish > ~/.config/fish/completions/inspec.fish",
|
12
|
+
"zsh" => 'eval \"$(inspec env zsh)\"',
|
14
13
|
}.freeze
|
15
14
|
|
16
15
|
def initialize(command_class, shell = nil)
|
@@ -36,7 +35,7 @@ module Inspec
|
|
36
35
|
private
|
37
36
|
|
38
37
|
def print_completion_for_shell
|
39
|
-
erb = ERB.new(File.read(completion_template_path), nil,
|
38
|
+
erb = ERB.new(File.read(completion_template_path), nil, "-")
|
40
39
|
puts erb.result(TemplateContext.new(@command_class).get_bindings)
|
41
40
|
end
|
42
41
|
|
@@ -49,7 +48,7 @@ module Inspec
|
|
49
48
|
end
|
50
49
|
|
51
50
|
def completion_dir
|
52
|
-
File.join(File.dirname(__FILE__),
|
51
|
+
File.join(File.dirname(__FILE__), "completions")
|
53
52
|
end
|
54
53
|
|
55
54
|
def completion_template_path
|
@@ -57,7 +56,7 @@ module Inspec
|
|
57
56
|
end
|
58
57
|
|
59
58
|
def shells_with_completions
|
60
|
-
Dir.glob("#{completion_dir}/*.sh.erb").map { |f| File.basename(f,
|
59
|
+
Dir.glob("#{completion_dir}/*.sh.erb").map { |f| File.basename(f, ".sh.erb") }
|
61
60
|
end
|
62
61
|
|
63
62
|
def print_usage_guidance
|
@@ -91,7 +90,7 @@ module Inspec
|
|
91
90
|
|
92
91
|
def exit_no_shell
|
93
92
|
if @detected
|
94
|
-
$stderr.puts
|
93
|
+
$stderr.puts "# Unable to automatically detect shell and no shell was provided."
|
95
94
|
end
|
96
95
|
$stderr.puts <<~EOF
|
97
96
|
#
|
@@ -109,7 +108,7 @@ module Inspec
|
|
109
108
|
@command_class = command_class
|
110
109
|
end
|
111
110
|
|
112
|
-
def get_bindings # rubocop:disable
|
111
|
+
def get_bindings # rubocop:disable Naming/AccessorMethodName
|
113
112
|
binding
|
114
113
|
end
|
115
114
|
|
data/lib/inspec/errors.rb
CHANGED
data/lib/inspec/exceptions.rb
CHANGED
data/lib/inspec/expect.rb
CHANGED
@@ -1,9 +1,6 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# copyright: 2016, Chef Software Inc.
|
3
|
-
# author: Dominik Richter
|
4
|
-
# author: Christoph Hartmann
|
5
2
|
|
6
|
-
require
|
3
|
+
require "rspec/expectations"
|
7
4
|
|
8
5
|
module Inspec
|
9
6
|
class Expect
|
@@ -25,11 +22,11 @@ module Inspec
|
|
25
22
|
def example_group
|
26
23
|
that = self
|
27
24
|
|
28
|
-
opts = {
|
25
|
+
opts = { "caller" => calls[0][3] } # TODO: this needs overhaul. no magic #s
|
29
26
|
if !calls[0][3].nil? && !calls[0][3].empty? &&
|
30
|
-
|
31
|
-
opts[
|
32
|
-
opts[
|
27
|
+
(m = calls[0][3][0].match(/^([^:]*):(\d+):/))
|
28
|
+
opts["file_path"] = m[0]
|
29
|
+
opts["line_number"] = m[1]
|
33
30
|
end
|
34
31
|
|
35
32
|
RSpec::Core::ExampleGroup.describe(that.value, opts) do
|
data/lib/inspec/fetcher.rb
CHANGED
@@ -1,8 +1,4 @@
|
|
1
|
-
|
2
|
-
# author: Dominik Richter
|
3
|
-
# author: Christoph Hartmann
|
4
|
-
|
5
|
-
require 'inspec/plugin/v1'
|
1
|
+
require "inspec/plugin/v1"
|
6
2
|
|
7
3
|
module Inspec
|
8
4
|
class FetcherRegistry < PluginRegistry
|
@@ -33,15 +29,16 @@ module Inspec
|
|
33
29
|
|
34
30
|
def self.fetcher(version)
|
35
31
|
if version != 1
|
36
|
-
raise
|
32
|
+
raise "Only fetcher version 1 is supported!"
|
37
33
|
end
|
38
34
|
Inspec::Plugins::Fetcher
|
39
35
|
end
|
40
36
|
end
|
41
37
|
|
42
|
-
require
|
43
|
-
require
|
44
|
-
require
|
38
|
+
# TODO: remove. require up, not down.
|
39
|
+
require "fetchers/local"
|
40
|
+
require "fetchers/url"
|
41
|
+
require "fetchers/git"
|
45
42
|
|
46
43
|
# TODO: Remove in 4.0 when Compliance fetcher plugin is created
|
47
|
-
require
|
44
|
+
require "plugins/inspec-compliance/lib/inspec-compliance/api"
|
data/lib/inspec/file_provider.rb
CHANGED
@@ -1,7 +1,7 @@
|
|
1
|
-
|
2
|
-
require
|
3
|
-
require
|
4
|
-
require
|
1
|
+
require "rubygems/package"
|
2
|
+
require "pathname"
|
3
|
+
require "zlib"
|
4
|
+
require "zip"
|
5
5
|
|
6
6
|
module Inspec
|
7
7
|
class FileProvider
|
@@ -10,9 +10,9 @@ module Inspec
|
|
10
10
|
MockProvider.new(path)
|
11
11
|
elsif File.directory?(path)
|
12
12
|
DirProvider.new(path)
|
13
|
-
elsif File.exist?(path) && path.end_with?(
|
13
|
+
elsif File.exist?(path) && path.end_with?(".tar.gz", "tgz")
|
14
14
|
TarProvider.new(path)
|
15
|
-
elsif File.exist?(path) && path.end_with?(
|
15
|
+
elsif File.exist?(path) && path.end_with?(".zip")
|
16
16
|
ZipProvider.new(path)
|
17
17
|
elsif File.exist?(path)
|
18
18
|
DirProvider.new(path)
|
@@ -72,7 +72,7 @@ module Inspec
|
|
72
72
|
@files = if File.file?(path)
|
73
73
|
[path]
|
74
74
|
else
|
75
|
-
Dir[File.join(Shellwords.shellescape(path),
|
75
|
+
Dir[File.join(Shellwords.shellescape(path), "**", "*")]
|
76
76
|
end
|
77
77
|
@path = path
|
78
78
|
end
|
@@ -99,13 +99,13 @@ module Inspec
|
|
99
99
|
@files = []
|
100
100
|
walk_zip(@path) do |io|
|
101
101
|
while (entry = io.get_next_entry)
|
102
|
-
name = entry.name.sub(%r{/+$},
|
103
|
-
@files.push(name) unless name.empty? || name.squeeze(
|
102
|
+
name = entry.name.sub(%r{/+$}, "")
|
103
|
+
@files.push(name) unless name.empty? || name.squeeze("/") =~ %r{\.{2}(?:/|\z)}
|
104
104
|
end
|
105
105
|
end
|
106
106
|
end
|
107
107
|
|
108
|
-
def extract(destination_path =
|
108
|
+
def extract(destination_path = ".")
|
109
109
|
FileUtils.mkdir_p(destination_path)
|
110
110
|
|
111
111
|
Zip::File.open(@path) do |archive|
|
@@ -156,17 +156,17 @@ module Inspec
|
|
156
156
|
@files = tar.find_all(&:file?)
|
157
157
|
|
158
158
|
# delete all entries with no name
|
159
|
-
@files = @files.find_all { |x| !x.full_name.empty? && x.full_name.squeeze(
|
159
|
+
@files = @files.find_all { |x| !x.full_name.empty? && x.full_name.squeeze("/") !~ %r{\.{2}(?:/|\z)} }
|
160
160
|
|
161
161
|
# delete all entries that have a PaxHeader
|
162
|
-
@files = @files.delete_if { |x| x.full_name.include?(
|
162
|
+
@files = @files.delete_if { |x| x.full_name.include?("PaxHeader/") }
|
163
163
|
|
164
164
|
# replace all items of the array simply with the relative filename of the file
|
165
|
-
@files.map! { |x| Pathname.new(x.full_name).relative_path_from(Pathname.new(
|
165
|
+
@files.map! { |x| Pathname.new(x.full_name).relative_path_from(Pathname.new(".")).to_s }
|
166
166
|
end
|
167
167
|
end
|
168
168
|
|
169
|
-
def extract(destination_path =
|
169
|
+
def extract(destination_path = ".")
|
170
170
|
FileUtils.mkdir_p(destination_path)
|
171
171
|
|
172
172
|
walk_tar(@path) do |files|
|
@@ -179,7 +179,7 @@ module Inspec
|
|
179
179
|
FileUtils.remove_entry(final_path) if File.exist?(final_path)
|
180
180
|
|
181
181
|
FileUtils.mkdir_p(File.dirname(final_path))
|
182
|
-
File.open(final_path,
|
182
|
+
File.open(final_path, "wb") { |f| f.write(file.read) }
|
183
183
|
end
|
184
184
|
end
|
185
185
|
end
|
@@ -214,8 +214,8 @@ module Inspec
|
|
214
214
|
|
215
215
|
class RelativeFileProvider
|
216
216
|
BLACKLIST_FILES = [
|
217
|
-
|
218
|
-
|
217
|
+
"/pax_global_header",
|
218
|
+
"pax_global_header",
|
219
219
|
].freeze
|
220
220
|
|
221
221
|
attr_reader :files
|
@@ -239,7 +239,7 @@ module Inspec
|
|
239
239
|
.map { |x| x[prefix.length..-1] }
|
240
240
|
.map do |x|
|
241
241
|
path = Pathname.new(x)
|
242
|
-
path.absolute? ? path.to_s : path.relative_path_from(Pathname.new(
|
242
|
+
path.absolute? ? path.to_s : path.relative_path_from(Pathname.new(".")).to_s
|
243
243
|
end
|
244
244
|
end
|
245
245
|
|
@@ -259,7 +259,7 @@ module Inspec
|
|
259
259
|
private
|
260
260
|
|
261
261
|
def get_prefix(fs)
|
262
|
-
return
|
262
|
+
return "" if fs.empty?
|
263
263
|
|
264
264
|
# filter backlisted files
|
265
265
|
fs -= BLACKLIST_FILES
|
@@ -288,15 +288,15 @@ module Inspec
|
|
288
288
|
end
|
289
289
|
|
290
290
|
def get_files_prefix(fs)
|
291
|
-
return
|
291
|
+
return "" if fs.empty?
|
292
292
|
|
293
293
|
file = fs[0]
|
294
294
|
bn = File.basename(file)
|
295
295
|
# no more prefixes
|
296
|
-
return
|
296
|
+
return "" if bn == file
|
297
297
|
|
298
298
|
i = file.rindex(bn)
|
299
|
-
pre = file[0..i-1]
|
299
|
+
pre = file[0..i - 1]
|
300
300
|
|
301
301
|
rest = fs.find_all { |f| !f.start_with?(pre) }
|
302
302
|
return pre if rest.empty?
|
@@ -304,8 +304,8 @@ module Inspec
|
|
304
304
|
new_pre = get_prefix(rest)
|
305
305
|
return new_pre if pre.start_with? new_pre
|
306
306
|
# edge case: completely different prefixes; retry prefix detection
|
307
|
-
a = File.dirname(pre +
|
308
|
-
b = File.dirname(new_pre +
|
307
|
+
a = File.dirname(pre + "a")
|
308
|
+
b = File.dirname(new_pre + "b")
|
309
309
|
get_prefix([a, b])
|
310
310
|
end
|
311
311
|
end
|
data/lib/inspec/formatters.rb
CHANGED
@@ -1,3 +1,3 @@
|
|
1
|
-
require
|
2
|
-
require
|
3
|
-
require
|
1
|
+
require "inspec/formatters/base"
|
2
|
+
require "inspec/formatters/json_rspec"
|
3
|
+
require "inspec/formatters/show_progress"
|
@@ -1,5 +1,5 @@
|
|
1
|
-
require
|
2
|
-
require
|
1
|
+
require "rspec/core"
|
2
|
+
require "rspec/core/formatters/base_formatter"
|
3
3
|
|
4
4
|
module Inspec::Formatters
|
5
5
|
class Base < RSpec::Core::Formatters::BaseFormatter
|
@@ -43,7 +43,7 @@ module Inspec::Formatters
|
|
43
43
|
next unless e
|
44
44
|
|
45
45
|
if example.metadata[:sensitive]
|
46
|
-
hash[:message] =
|
46
|
+
hash[:message] = "*** sensitive output suppressed ***"
|
47
47
|
else
|
48
48
|
hash[:message] = exception_message(e)
|
49
49
|
end
|
@@ -101,9 +101,9 @@ module Inspec::Formatters
|
|
101
101
|
|
102
102
|
all_unique_controls.each do |control|
|
103
103
|
next unless control[:results]
|
104
|
-
if control[:results].any? { |r| r[:status] ==
|
104
|
+
if control[:results].any? { |r| r[:status] == "failed" }
|
105
105
|
failed += 1
|
106
|
-
elsif control[:results].any? { |r| r[:status] ==
|
106
|
+
elsif control[:results].any? { |r| r[:status] == "skipped" }
|
107
107
|
skipped += 1
|
108
108
|
else
|
109
109
|
passed += 1
|
@@ -162,8 +162,8 @@ module Inspec::Formatters
|
|
162
162
|
res[:profile_id] = pid
|
163
163
|
end
|
164
164
|
|
165
|
-
if res[:status] ==
|
166
|
-
res[:status] =
|
165
|
+
if res[:status] == "pending"
|
166
|
+
res[:status] = "skipped"
|
167
167
|
res[:skip_message] = example.metadata[:description]
|
168
168
|
res[:resource] = example.metadata[:described_class].to_s
|
169
169
|
end
|
@@ -173,7 +173,7 @@ module Inspec::Formatters
|
|
173
173
|
|
174
174
|
def format_expectation_message(example)
|
175
175
|
if (example.metadata[:example_group][:description_args].first == example.metadata[:example_group][:described_class]) ||
|
176
|
-
|
176
|
+
example.metadata[:example_group][:described_class].nil?
|
177
177
|
example.metadata[:description]
|
178
178
|
else
|
179
179
|
"#{example.metadata[:example_group][:description]} #{example.metadata[:description]}"
|