inspec-core 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +139 -140
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
data/lib/inspec/globals.rb
CHANGED
@@ -1,9 +1,9 @@
|
|
1
1
|
module Inspec
|
2
2
|
def self.config_dir
|
3
|
-
ENV[
|
3
|
+
ENV["INSPEC_CONFIG_DIR"] ? ENV["INSPEC_CONFIG_DIR"] : File.join(Dir.home, ".inspec")
|
4
4
|
end
|
5
5
|
|
6
6
|
def self.src_root
|
7
|
-
File.expand_path(File.join(__FILE__,
|
7
|
+
File.expand_path(File.join(__FILE__, "..", "..", ".."))
|
8
8
|
end
|
9
9
|
end
|
data/lib/inspec/impact.rb
CHANGED
@@ -1,13 +1,11 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
|
3
1
|
# Impact scores based off CVSS 3.0
|
4
2
|
module Inspec::Impact
|
5
3
|
IMPACT_SCORES = {
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
4
|
+
"none" => 0.0,
|
5
|
+
"low" => 0.1,
|
6
|
+
"medium" => 0.4,
|
7
|
+
"high" => 0.7,
|
8
|
+
"critical" => 0.9,
|
11
9
|
}.freeze
|
12
10
|
|
13
11
|
def self.impact_from_string(value)
|
@@ -1,8 +1,9 @@
|
|
1
|
-
require
|
2
|
-
require
|
3
|
-
require
|
4
|
-
require
|
5
|
-
require
|
1
|
+
require "forwardable"
|
2
|
+
require "singleton"
|
3
|
+
require "inspec/objects/input"
|
4
|
+
require "inspec/secrets"
|
5
|
+
require "inspec/exceptions"
|
6
|
+
require "inspec/plugin/v2"
|
6
7
|
|
7
8
|
module Inspec
|
8
9
|
# The InputRegistry's responsibilities include:
|
@@ -12,7 +13,7 @@ module Inspec
|
|
12
13
|
include Singleton
|
13
14
|
extend Forwardable
|
14
15
|
|
15
|
-
attr_reader :inputs_by_profile, :profile_aliases
|
16
|
+
attr_reader :inputs_by_profile, :profile_aliases, :plugins
|
16
17
|
def_delegator :inputs_by_profile, :each
|
17
18
|
def_delegator :inputs_by_profile, :[]
|
18
19
|
def_delegator :inputs_by_profile, :key?, :profile_known?
|
@@ -25,6 +26,14 @@ module Inspec
|
|
25
26
|
|
26
27
|
# this is a list of optional profile name overrides set in the inspec.yml
|
27
28
|
@profile_aliases = {}
|
29
|
+
|
30
|
+
# Upon creation, activate all input plugins
|
31
|
+
activators = Inspec::Plugin::V2::Registry.instance.find_activators(plugin_type: :input)
|
32
|
+
|
33
|
+
@plugins = activators.map do |activator|
|
34
|
+
activator.activate!
|
35
|
+
activator.implementation_class.new
|
36
|
+
end
|
28
37
|
end
|
29
38
|
|
30
39
|
#-------------------------------------------------------------#
|
@@ -35,32 +44,58 @@ module Inspec
|
|
35
44
|
@profile_aliases[name] = alias_name
|
36
45
|
end
|
37
46
|
|
47
|
+
# Returns an Hash, name => Input that have actually been mentioned
|
38
48
|
def list_inputs_for_profile(profile)
|
39
49
|
inputs_by_profile[profile] = {} unless profile_known?(profile)
|
40
50
|
inputs_by_profile[profile]
|
41
51
|
end
|
42
52
|
|
53
|
+
# Returns an Array of input names. This includes input names
|
54
|
+
# that plugins may be able to fetch, but have not actually been
|
55
|
+
# mentioned in the control code.
|
56
|
+
def list_potential_input_names_for_profile(profile_name)
|
57
|
+
input_names_from_dsl = inputs_by_profile[profile_name].keys
|
58
|
+
input_names_from_plugins = plugins.map { |plugin| plugin.list_inputs(profile_name) }
|
59
|
+
(input_names_from_dsl + input_names_from_plugins).flatten.uniq
|
60
|
+
end
|
61
|
+
|
43
62
|
#-------------------------------------------------------------#
|
44
63
|
# Support for Individual Inputs
|
45
64
|
#-------------------------------------------------------------#
|
46
65
|
|
47
66
|
def find_or_register_input(input_name, profile_name, options = {})
|
48
|
-
if profile_alias?(profile_name)
|
67
|
+
if profile_alias?(profile_name) && !profile_aliases[profile_name].nil?
|
49
68
|
alias_name = profile_name
|
50
69
|
profile_name = profile_aliases[profile_name]
|
51
70
|
handle_late_arriving_alias(alias_name, profile_name) if profile_known?(alias_name)
|
52
71
|
end
|
53
72
|
|
73
|
+
# Find or create the input
|
54
74
|
inputs_by_profile[profile_name] ||= {}
|
55
75
|
if inputs_by_profile[profile_name].key?(input_name)
|
56
76
|
inputs_by_profile[profile_name][input_name].update(options)
|
57
77
|
else
|
58
78
|
inputs_by_profile[profile_name][input_name] = Inspec::Input.new(input_name, options)
|
79
|
+
poll_plugins_for_update(profile_name, input_name)
|
59
80
|
end
|
60
81
|
|
61
82
|
inputs_by_profile[profile_name][input_name]
|
62
83
|
end
|
63
84
|
|
85
|
+
def poll_plugins_for_update(profile_name, input_name)
|
86
|
+
plugins.each do |plugin|
|
87
|
+
response = plugin.fetch(profile_name, input_name)
|
88
|
+
evt = Inspec::Input::Event.new(
|
89
|
+
action: :fetch,
|
90
|
+
provider: plugin.class.plugin_name,
|
91
|
+
priority: plugin.default_priority,
|
92
|
+
hit: !response.nil?
|
93
|
+
)
|
94
|
+
evt.value = response unless response.nil?
|
95
|
+
inputs_by_profile[profile_name][input_name].events << evt
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
64
99
|
# It is possible for a wrapper profile to create an input in metadata,
|
65
100
|
# referring to the child profile by an alias that has not yet been registered.
|
66
101
|
# The registry will then store the inputs under the alias, as if the alias
|
@@ -115,7 +150,7 @@ module Inspec
|
|
115
150
|
provider: :runner_api, # TODO: suss out if audit cookbook or kitchen-inspec or something unknown
|
116
151
|
priority: 40,
|
117
152
|
file: loc.path,
|
118
|
-
line: loc.lineno
|
153
|
+
line: loc.lineno
|
119
154
|
)
|
120
155
|
find_or_register_input(input_name, profile_name, event: evt)
|
121
156
|
end
|
@@ -135,7 +170,7 @@ module Inspec
|
|
135
170
|
if data.nil?
|
136
171
|
raise Inspec::Exceptions::SecretsBackendNotFound,
|
137
172
|
"Cannot find parser for inputs file '#{path}'. " \
|
138
|
-
|
173
|
+
"Check to make sure file has the appropriate extension."
|
139
174
|
end
|
140
175
|
|
141
176
|
next if data.inputs.nil?
|
@@ -144,7 +179,7 @@ module Inspec
|
|
144
179
|
value: input_value,
|
145
180
|
provider: :cli_files,
|
146
181
|
priority: 40,
|
147
|
-
file: path
|
182
|
+
file: path
|
148
183
|
# TODO: any way we could get a line number?
|
149
184
|
)
|
150
185
|
find_or_register_input(input_name, profile_name, event: evt)
|
@@ -156,13 +191,13 @@ module Inspec
|
|
156
191
|
unless File.exist?(path)
|
157
192
|
raise Inspec::Exceptions::InputsFileDoesNotExist,
|
158
193
|
"Cannot find input file '#{path}'. " \
|
159
|
-
|
194
|
+
"Check to make sure file exists."
|
160
195
|
end
|
161
196
|
|
162
197
|
unless File.readable?(path)
|
163
198
|
raise Inspec::Exceptions::InputsFileNotReadable,
|
164
199
|
"Cannot read input file '#{path}'. " \
|
165
|
-
|
200
|
+
"Check to make sure file is readable."
|
166
201
|
end
|
167
202
|
|
168
203
|
true
|
@@ -170,31 +205,46 @@ module Inspec
|
|
170
205
|
|
171
206
|
def bind_inputs_from_metadata(profile_name, profile_metadata_obj)
|
172
207
|
# TODO: move this into a core plugin
|
173
|
-
# TODO: add deprecation stuff
|
174
208
|
return if profile_metadata_obj.nil? # Metadata files are technically optional
|
175
209
|
|
176
|
-
if profile_metadata_obj.params.key?(:
|
177
|
-
profile_metadata_obj.params[:
|
178
|
-
input_options = input_orig.dup
|
179
|
-
input_name = input_options.delete(:name)
|
180
|
-
input_options.merge!({ priority: 30, provider: :profile_metadata, file: File.join(profile_name, 'inspec.yml') })
|
181
|
-
evt = Inspec::Input.infer_event(input_options)
|
182
|
-
|
183
|
-
# Profile metadata may set inputs in other profiles by naming them.
|
184
|
-
if input_options[:profile]
|
185
|
-
profile_name = input_options[:profile] || profile_name
|
186
|
-
# Override priority to force this to win. Allow user to set their own priority.
|
187
|
-
evt.priority = input_orig[:priority] || 35
|
188
|
-
end
|
189
|
-
find_or_register_input(input_name,
|
190
|
-
profile_name,
|
191
|
-
type: input_options[:type],
|
192
|
-
required: input_options[:required],
|
193
|
-
event: evt)
|
194
|
-
end
|
210
|
+
if profile_metadata_obj.params.key?(:inputs)
|
211
|
+
raw_inputs = profile_metadata_obj.params[:inputs]
|
195
212
|
elsif profile_metadata_obj.params.key?(:attributes)
|
196
|
-
Inspec
|
213
|
+
Inspec.deprecate(:attrs_rename_in_metadata, "Profile: '#{profile_name}'.")
|
214
|
+
raw_inputs = profile_metadata_obj.params[:attributes]
|
215
|
+
else
|
216
|
+
return
|
217
|
+
end
|
218
|
+
|
219
|
+
unless raw_inputs.is_a?(Array)
|
220
|
+
Inspec::Log.warn "Inputs must be defined as an Array in metadata files. Skipping definition from #{profile_name}."
|
221
|
+
return
|
222
|
+
end
|
223
|
+
|
224
|
+
raw_inputs.each { |i| handle_raw_input_from_metadata(i, profile_name) }
|
225
|
+
end
|
226
|
+
|
227
|
+
def handle_raw_input_from_metadata(input_orig, profile_name)
|
228
|
+
input_options = input_orig.dup
|
229
|
+
input_name = input_options.delete(:name)
|
230
|
+
input_options[:provider] = :profile_metadata
|
231
|
+
input_options[:file] = File.join(profile_name, "inspec.yml")
|
232
|
+
input_options[:priority] ||= 30
|
233
|
+
evt = Inspec::Input.infer_event(input_options)
|
234
|
+
|
235
|
+
# Profile metadata may set inputs in other profiles by naming them.
|
236
|
+
if input_options[:profile]
|
237
|
+
profile_name = input_options[:profile] || profile_name
|
238
|
+
# Override priority to force this to win. Allow user to set their own priority.
|
239
|
+
evt.priority = input_orig[:priority] || 35
|
197
240
|
end
|
241
|
+
find_or_register_input(
|
242
|
+
input_name,
|
243
|
+
profile_name,
|
244
|
+
type: input_options[:type],
|
245
|
+
required: input_options[:required],
|
246
|
+
event: evt
|
247
|
+
)
|
198
248
|
end
|
199
249
|
|
200
250
|
#-------------------------------------------------------------#
|
@@ -214,6 +264,7 @@ module Inspec
|
|
214
264
|
:find_or_register_input,
|
215
265
|
:register_profile_alias,
|
216
266
|
:list_inputs_for_profile,
|
267
|
+
:list_potential_input_names_for_profile,
|
217
268
|
:bind_profile_inputs,
|
218
269
|
].each do |meth|
|
219
270
|
define_singleton_method(meth) do |*args|
|
@@ -1,8 +1,5 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
# author: Victoria Jeffrey
|
4
|
-
require 'inspec/plugin/v1/plugin_types/resource'
|
5
|
-
require 'inspec/dsl_shared'
|
1
|
+
require "inspec/plugin/v1/plugin_types/resource"
|
2
|
+
require "inspec/dsl_shared"
|
6
3
|
|
7
4
|
module Inspec
|
8
5
|
#
|
@@ -51,7 +48,7 @@ module Inspec
|
|
51
48
|
# Provide the local binding for this context which is necessary for
|
52
49
|
# calls to `require` to create all dependent objects in the correct
|
53
50
|
# context.
|
54
|
-
res.instance_variable_set(
|
51
|
+
res.instance_variable_set("@inspec_binding", res.instance_eval("binding"))
|
55
52
|
res
|
56
53
|
end
|
57
54
|
end
|
data/lib/inspec/log.rb
CHANGED
data/lib/inspec/metadata.rb
CHANGED
@@ -1,11 +1,12 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# Copyright 2015 Dominik Richter
|
3
2
|
|
4
|
-
require
|
5
|
-
require
|
6
|
-
require
|
7
|
-
require
|
8
|
-
|
3
|
+
require "logger"
|
4
|
+
require "rubygems/version"
|
5
|
+
require "rubygems/requirement"
|
6
|
+
require "semverse"
|
7
|
+
|
8
|
+
require "inspec/version"
|
9
|
+
require "inspec/utils/spdx"
|
9
10
|
|
10
11
|
module Inspec
|
11
12
|
# Extract metadata.rb information
|
@@ -18,7 +19,7 @@ module Inspec
|
|
18
19
|
def initialize(ref, logger = nil)
|
19
20
|
@ref = ref
|
20
21
|
@logger = logger || Logger.new(nil)
|
21
|
-
@content =
|
22
|
+
@content = ""
|
22
23
|
@params = {}
|
23
24
|
@missing_methods = []
|
24
25
|
end
|
@@ -78,12 +79,12 @@ module Inspec
|
|
78
79
|
|
79
80
|
if %r{[\/\\]} =~ params[:name]
|
80
81
|
errors.push("The profile name (#{params[:name]}) contains a slash" \
|
81
|
-
|
82
|
+
" which is not permitted. Please remove all slashes from `inspec.yml`.")
|
82
83
|
end
|
83
84
|
|
84
85
|
# if version is set, ensure it is correct
|
85
86
|
if !params[:version].nil? && !valid_version?(params[:version])
|
86
|
-
errors.push(
|
87
|
+
errors.push("Version needs to be in SemVer format")
|
87
88
|
end
|
88
89
|
|
89
90
|
%w{title summary maintainer copyright license}.each do |field|
|
@@ -143,8 +144,8 @@ module Inspec
|
|
143
144
|
x
|
144
145
|
when Array
|
145
146
|
logger.warn(
|
146
|
-
|
147
|
-
|
147
|
+
"Failed to read supports entry that is an array. Please use "\
|
148
|
+
"the `supports: {os-family: xyz}` syntax."
|
148
149
|
)
|
149
150
|
nil
|
150
151
|
when nil then nil
|
@@ -182,14 +183,14 @@ module Inspec
|
|
182
183
|
# unit tests that look for warning sequences
|
183
184
|
return if original_target.to_s.empty?
|
184
185
|
metadata.params[:title] = "tests from #{original_target}"
|
185
|
-
metadata.params[:name] = metadata.params[:title].gsub(%r{[\/\\]},
|
186
|
+
metadata.params[:name] = metadata.params[:title].gsub(%r{[\/\\]}, ".")
|
186
187
|
end
|
187
188
|
|
188
189
|
def self.finalize(metadata, profile_id, options, logger = nil)
|
189
190
|
return nil if metadata.nil?
|
190
191
|
param = metadata.params || {}
|
191
192
|
options ||= {}
|
192
|
-
param[
|
193
|
+
param["version"] = param["version"].to_s unless param["version"].nil?
|
193
194
|
metadata.params = symbolize_keys(param)
|
194
195
|
metadata.params[:supports] = finalize_supports(metadata.params[:supports], logger)
|
195
196
|
finalize_name(metadata, profile_id, options[:target])
|
@@ -198,8 +199,8 @@ module Inspec
|
|
198
199
|
end
|
199
200
|
|
200
201
|
def self.from_yaml(ref, content, profile_id, logger = nil)
|
202
|
+
require "erb"
|
201
203
|
res = Metadata.new(ref, logger)
|
202
|
-
require 'erb'
|
203
204
|
res.params = YAML.load(ERB.new(content).result)
|
204
205
|
res.content = content
|
205
206
|
finalize(res, profile_id, {}, logger)
|
@@ -216,9 +217,9 @@ module Inspec
|
|
216
217
|
# NOTE there doesn't have to exist an actual file, it may come from an
|
217
218
|
# archive (i.e., content)
|
218
219
|
case File.basename(ref)
|
219
|
-
when
|
220
|
+
when "inspec.yml"
|
220
221
|
from_yaml(ref, content, profile_id, logger)
|
221
|
-
when
|
222
|
+
when "metadata.rb"
|
222
223
|
from_ruby(ref, content, profile_id, logger)
|
223
224
|
else
|
224
225
|
logger ||= Logger.new(nil)
|
data/lib/inspec/method_source.rb
CHANGED
@@ -1,21 +1,17 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
# author: Dominik Richter
|
3
|
-
# author: Christoph Hartmann
|
4
|
-
|
5
1
|
module Inspec
|
6
2
|
module MethodSource
|
7
3
|
def self.code_at(location, source_reader)
|
8
4
|
# TODO: logger for these cases
|
9
|
-
return
|
10
|
-
return
|
5
|
+
return "" if location.nil? || location[:ref].nil? || location[:line].nil?
|
6
|
+
return "" unless source_reader && source_reader.target
|
11
7
|
|
12
8
|
# TODO: Non-controls still need more detection
|
13
9
|
ref = location[:ref]
|
14
|
-
ref = ref.sub(source_reader.target.prefix,
|
10
|
+
ref = ref.sub(source_reader.target.prefix, "")
|
15
11
|
src = source_reader.tests[ref]
|
16
|
-
return
|
12
|
+
return "" if src.nil?
|
17
13
|
|
18
|
-
::MethodSource.expression_at(src.lines, location[:line]).force_encoding(
|
14
|
+
::MethodSource.expression_at(src.lines, location[:line]).force_encoding("utf-8")
|
19
15
|
rescue SyntaxError => e
|
20
16
|
raise ::MethodSource::SourceNotFoundError,
|
21
17
|
"Could not parse source at #{location[:ref]}:#{location[:line]}: #{e.message}"
|
data/lib/inspec/objects.rb
CHANGED
@@ -1,14 +1,12 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
|
3
1
|
module Inspec
|
4
|
-
autoload :Input,
|
5
|
-
autoload :Tag,
|
6
|
-
autoload :Control,
|
7
|
-
autoload :Describe,
|
8
|
-
autoload :EachLoop,
|
9
|
-
autoload :List,
|
10
|
-
autoload :OrTest,
|
11
|
-
autoload :RubyHelper,
|
12
|
-
autoload :Test,
|
13
|
-
autoload :Value,
|
2
|
+
autoload :Input, "inspec/objects/input"
|
3
|
+
autoload :Tag, "inspec/objects/tag"
|
4
|
+
autoload :Control, "inspec/objects/control"
|
5
|
+
autoload :Describe, "inspec/objects/describe"
|
6
|
+
autoload :EachLoop, "inspec/objects/each_loop"
|
7
|
+
autoload :List, "inspec/objects/list"
|
8
|
+
autoload :OrTest, "inspec/objects/or_test"
|
9
|
+
autoload :RubyHelper, "inspec/objects/ruby_helper"
|
10
|
+
autoload :Test, "inspec/objects/test"
|
11
|
+
autoload :Value, "inspec/objects/value"
|
14
12
|
end
|
@@ -1,5 +1,3 @@
|
|
1
|
-
# encoding:utf-8
|
2
|
-
|
3
1
|
module Inspec
|
4
2
|
class Control
|
5
3
|
attr_accessor :id, :title, :descriptions, :impact, :tests, :tags, :refs, :only_if
|
@@ -34,7 +32,7 @@ module Inspec
|
|
34
32
|
res.push " title #{title.inspect}" unless title.to_s.empty?
|
35
33
|
descriptions.each do |label, text|
|
36
34
|
if label == :default
|
37
|
-
next if text.nil?
|
35
|
+
next if text.nil? || (text == "") # don't render empty/nil desc
|
38
36
|
res.push " desc #{prettyprint_text(text, 2)}"
|
39
37
|
else
|
40
38
|
res.push " desc #{label.to_s.inspect}, #{prettyprint_text(text, 2)}"
|
@@ -45,7 +43,7 @@ module Inspec
|
|
45
43
|
refs.each { |t| res.push(" ref #{print_ref(t)}") }
|
46
44
|
res.push " only_if { #{only_if} }" if only_if
|
47
45
|
tests.each { |t| res.push(indent(t.to_ruby, 2)) }
|
48
|
-
res.push
|
46
|
+
res.push "end"
|
49
47
|
res.join("\n")
|
50
48
|
end
|
51
49
|
|
@@ -54,7 +52,7 @@ module Inspec
|
|
54
52
|
def print_ref(x)
|
55
53
|
return x.inspect if x.is_a?(String)
|
56
54
|
raise "Cannot process the ref: #{x}" unless x.is_a?(Hash)
|
57
|
-
|
55
|
+
"(" + x.inspect + ")"
|
58
56
|
end
|
59
57
|
|
60
58
|
# Pretty-print a text block of InSpec code
|
@@ -65,13 +63,13 @@ module Inspec
|
|
65
63
|
def prettyprint_text(s, depth)
|
66
64
|
txt = s.to_s.inspect.gsub('\n', "\n")
|
67
65
|
return txt if !txt.include?("\n")
|
68
|
-
middle = indent(txt[1..-2], depth+2)
|
69
|
-
txt[0] + "\n" + middle + "\n" +
|
66
|
+
middle = indent(txt[1..-2], depth + 2)
|
67
|
+
txt[0] + "\n" + middle + "\n" + " " * depth + txt[-1]
|
70
68
|
end
|
71
69
|
|
72
70
|
def indent(txt, d)
|
73
|
-
dt =
|
74
|
-
dt + txt.gsub("\n", "\n"+dt)
|
71
|
+
dt = " " * d
|
72
|
+
dt + txt.gsub("\n", "\n" + dt)
|
75
73
|
end
|
76
74
|
end
|
77
75
|
end
|