inspec-core 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +139 -140
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
@@ -57,6 +57,13 @@ module Inspec::Plugin::V2
|
|
57
57
|
@@plugin_type_classes[plugin_type_name]
|
58
58
|
end
|
59
59
|
|
60
|
+
def self.find_name_by_implementation_class(impl_class)
|
61
|
+
# This is super awkward
|
62
|
+
activators = Inspec::Plugin::V2::Registry.instance.find_activators
|
63
|
+
activator = activators.detect { |a| a.implementation_class == impl_class }
|
64
|
+
activator.plugin_name
|
65
|
+
end
|
66
|
+
|
60
67
|
#=====================================================================#
|
61
68
|
# DSL Methods
|
62
69
|
#=====================================================================#
|
@@ -71,7 +78,13 @@ module Inspec::Plugin::V2
|
|
71
78
|
# @returns [Symbol] Name of the plugin
|
72
79
|
def self.plugin_name(name = nil)
|
73
80
|
reg = Inspec::Plugin::V2::Registry.instance
|
74
|
-
|
81
|
+
if name.nil?
|
82
|
+
# If called from a Plugin definition class...
|
83
|
+
stat = reg.find_status_by_class(self)
|
84
|
+
return stat.name if stat
|
85
|
+
# Called from an implementation class
|
86
|
+
return find_name_by_implementation_class(self)
|
87
|
+
end
|
75
88
|
|
76
89
|
name = name.to_sym
|
77
90
|
|
@@ -83,7 +96,7 @@ module Inspec::Plugin::V2
|
|
83
96
|
# Under some testing situations, we may not pre-exist.
|
84
97
|
status = Inspec::Plugin::V2::Status.new
|
85
98
|
reg.register(name, status)
|
86
|
-
status.entry_point =
|
99
|
+
status.entry_point = "inline"
|
87
100
|
status.installation_type = :mock_inline
|
88
101
|
end
|
89
102
|
|
@@ -1,4 +1,4 @@
|
|
1
|
-
require
|
1
|
+
require "inspec/base_cli"
|
2
2
|
|
3
3
|
# The InSpec load order has this file being loaded before `inspec/base_cli` can
|
4
4
|
# finish being loaded. So, we must define Inspec::BaseCLI here first to avoid
|
@@ -12,8 +12,8 @@ module Inspec::Plugin::V2::PluginType
|
|
12
12
|
super(args, options, config)
|
13
13
|
class_options = config.fetch(:class_options, nil)
|
14
14
|
if class_options
|
15
|
-
Inspec::Log.init(class_options[
|
16
|
-
Inspec::Log.level = get_log_level(class_options[
|
15
|
+
Inspec::Log.init(class_options["log_location"]) if class_options.key?("log_location")
|
16
|
+
Inspec::Log.level = get_log_level(class_options["log_level"]) if class_options.key?("log_level")
|
17
17
|
end
|
18
18
|
end
|
19
19
|
|
@@ -41,9 +41,9 @@ module Inspec::Plugin::V2::PluginType
|
|
41
41
|
|
42
42
|
# Allow plugins to use inspec log settings
|
43
43
|
class_option :log_level, type: :string,
|
44
|
-
desc:
|
44
|
+
desc: "Set the log level: info (default), debug, warn, error"
|
45
45
|
|
46
46
|
class_option :log_location, type: :string,
|
47
|
-
desc:
|
47
|
+
desc: "Location to send diagnostic log messages to. (default: $stdout or Inspec::Log.error)"
|
48
48
|
end
|
49
49
|
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
module Inspec::Plugin::V2::PluginType
|
2
|
+
class Input < Inspec::Plugin::V2::PluginBase
|
3
|
+
register_plugin_type(:input)
|
4
|
+
|
5
|
+
#====================================================================#
|
6
|
+
# Input plugin type API
|
7
|
+
#====================================================================#
|
8
|
+
# Implementation classes must implement these methods.
|
9
|
+
|
10
|
+
# When an input is obtained from the plugin, this number determines what
|
11
|
+
# precedence to assign to the input.
|
12
|
+
# @return Integer range 0-100. Higher priority means higher precedence
|
13
|
+
def default_priority
|
14
|
+
60
|
15
|
+
end
|
16
|
+
|
17
|
+
# Indicates an attempt is being made to read the value for an input.
|
18
|
+
# Return nil if the input is not supplied by the plugin, otherwise
|
19
|
+
# return the value.
|
20
|
+
# @return Object or nil
|
21
|
+
def fetch(_profile_name, _input_name)
|
22
|
+
raise NotImplementedError, "Plugin #{plugin_name} must implement the #fetch method"
|
23
|
+
end
|
24
|
+
|
25
|
+
# Given a profile name, list all input names for which the plugin
|
26
|
+
# would offer a response.
|
27
|
+
# @param String profile_name Name of the profile
|
28
|
+
# @return Array[String] List of input names for which the plugin
|
29
|
+
# would offer a response.
|
30
|
+
def list_inputs(_profile)
|
31
|
+
raise NotImplementedError, "Plugin #{plugin_name} must implement the #list_inputs method"
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -6,7 +6,7 @@ module Inspec::Plugin::V2::PluginType
|
|
6
6
|
# This is the API for the mock plugin type: when a mock plugin is
|
7
7
|
# activated, it is expected to be able to respond to this, and "do something"
|
8
8
|
def mock_hook
|
9
|
-
raise NotImplementedError,
|
9
|
+
raise NotImplementedError, "Mock plugins must implement mock_hook"
|
10
10
|
end
|
11
11
|
end
|
12
12
|
end
|
@@ -1,9 +1,9 @@
|
|
1
|
-
require
|
2
|
-
require
|
3
|
-
require
|
1
|
+
require "forwardable"
|
2
|
+
require "singleton"
|
3
|
+
require "train"
|
4
4
|
|
5
|
-
require_relative
|
6
|
-
require_relative
|
5
|
+
require_relative "status"
|
6
|
+
require_relative "activator"
|
7
7
|
|
8
8
|
module Inspec::Plugin::V2
|
9
9
|
class Registry
|
@@ -29,8 +29,8 @@ module Inspec::Plugin::V2
|
|
29
29
|
def loaded_plugin?(name)
|
30
30
|
# HACK: Status is normally the source of truth for loadedness, unless it is a train plugin; then the Train::Registry is the source of truth.
|
31
31
|
# Also, InSpec registry is keyed on Symbols; Train is keyed on Strings.
|
32
|
-
return registry.dig(name.to_sym, :loaded) unless name.to_s.start_with?(
|
33
|
-
Train::Plugins.registry.key?(name.to_s.sub(/^train-/,
|
32
|
+
return registry.dig(name.to_sym, :loaded) unless name.to_s.start_with?("train-")
|
33
|
+
Train::Plugins.registry.key?(name.to_s.sub(/^train-/, ""))
|
34
34
|
end
|
35
35
|
|
36
36
|
def loaded_count
|
data/lib/inspec/polyfill.rb
CHANGED
data/lib/inspec/profile.rb
CHANGED
@@ -1,25 +1,17 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
# Copyright 2015 Dominik Richter
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
require
|
7
|
-
require
|
8
|
-
require
|
9
|
-
require
|
10
|
-
require
|
11
|
-
require
|
12
|
-
require
|
13
|
-
require
|
14
|
-
require
|
15
|
-
require
|
16
|
-
require 'inspec/log'
|
17
|
-
require 'inspec/profile_context'
|
18
|
-
require 'inspec/runtime_profile'
|
19
|
-
require 'inspec/method_source'
|
20
|
-
require 'inspec/dependencies/cache'
|
21
|
-
require 'inspec/dependencies/lockfile'
|
22
|
-
require 'inspec/dependencies/dependency_set'
|
2
|
+
|
3
|
+
require "forwardable"
|
4
|
+
require "openssl"
|
5
|
+
require "pathname"
|
6
|
+
require "inspec/input_registry"
|
7
|
+
require "inspec/cached_fetcher" # TODO: split or rename
|
8
|
+
require "inspec/source_reader"
|
9
|
+
require "inspec/profile_context"
|
10
|
+
require "inspec/runtime_profile"
|
11
|
+
require "inspec/method_source"
|
12
|
+
require "inspec/dependencies/cache"
|
13
|
+
require "inspec/dependencies/lockfile"
|
14
|
+
require "inspec/dependencies/dependency_set"
|
23
15
|
|
24
16
|
module Inspec
|
25
17
|
class Profile
|
@@ -36,14 +28,14 @@ module Inspec
|
|
36
28
|
def self.copy_deps_into_cache(file_provider, opts)
|
37
29
|
# filter content
|
38
30
|
cache = file_provider.files.find_all do |entry|
|
39
|
-
entry.start_with?(
|
31
|
+
entry.start_with?("vendor")
|
40
32
|
end
|
41
33
|
content = Hash[cache.map { |x| [x, file_provider.binread(x)] }]
|
42
34
|
keys = content.keys
|
43
35
|
keys.each do |key|
|
44
36
|
next if content[key].nil?
|
45
37
|
# remove prefix
|
46
|
-
rel = Pathname.new(key).relative_path_from(Pathname.new(
|
38
|
+
rel = Pathname.new(key).relative_path_from(Pathname.new("vendor")).to_s
|
47
39
|
tar = Pathname.new(opts[:vendor_cache].path).join(rel)
|
48
40
|
|
49
41
|
FileUtils.mkdir_p tar.dirname.to_s
|
@@ -113,7 +105,7 @@ module Inspec
|
|
113
105
|
# we share the backend between profiles.
|
114
106
|
#
|
115
107
|
# This will cause issues if a profile attempts to load a file via `inspec.profile.file`
|
116
|
-
train_options = options.reject { |k, _| k ==
|
108
|
+
train_options = options.reject { |k, _| k == "target" } # See https://github.com/chef/inspec/pull/1646
|
117
109
|
@backend = options[:backend].nil? ? Inspec::Backend.create(Inspec::Config.new(train_options)) : options[:backend].dup
|
118
110
|
@runtime_profile = RuntimeProfile.new(self)
|
119
111
|
@backend.profile = @runtime_profile
|
@@ -124,7 +116,7 @@ module Inspec
|
|
124
116
|
options[:runner_conf] ||= Inspec::Config.cached
|
125
117
|
|
126
118
|
if options[:runner_conf].key?(:attrs)
|
127
|
-
Inspec.deprecate(:rename_attributes_to_inputs,
|
119
|
+
Inspec.deprecate(:rename_attributes_to_inputs, "Use --input-file on the command line instead of --attrs.")
|
128
120
|
options[:runner_conf][:input_file] = options[:runner_conf].delete(:attrs)
|
129
121
|
end
|
130
122
|
|
@@ -174,7 +166,7 @@ module Inspec
|
|
174
166
|
if @supports_platform.nil?
|
175
167
|
@supports_platform = metadata.supports_platform?(@backend)
|
176
168
|
end
|
177
|
-
if @backend.backend.class.to_s ==
|
169
|
+
if @backend.backend.class.to_s == "Train::Transports::Mock::Connection"
|
178
170
|
@supports_platform = true
|
179
171
|
end
|
180
172
|
|
@@ -214,7 +206,7 @@ module Inspec
|
|
214
206
|
include_list.each_with_index do |inclusion, index|
|
215
207
|
next if inclusion.is_a?(Regexp)
|
216
208
|
# Insist the user wrap the regex in slashes to demarcate it as a regex
|
217
|
-
next unless inclusion.start_with?(
|
209
|
+
next unless inclusion.start_with?("/") && inclusion.end_with?("/")
|
218
210
|
inclusion = inclusion[1..-2] # Trim slashes
|
219
211
|
begin
|
220
212
|
re = Regexp.new(inclusion)
|
@@ -244,14 +236,14 @@ module Inspec
|
|
244
236
|
# this metadata if the parent profile is supported.
|
245
237
|
if supports_platform? && !d.supports_platform?
|
246
238
|
# since ruby 1.9 hashes are ordered so we can just use index values here
|
247
|
-
metadata.dependencies[i][:status] =
|
239
|
+
metadata.dependencies[i][:status] = "skipped"
|
248
240
|
msg = "Skipping profile: '#{d.name}' on unsupported platform: '#{d.backend.platform.name}/#{d.backend.platform.release}'."
|
249
241
|
metadata.dependencies[i][:skip_message] = msg
|
250
242
|
next
|
251
243
|
elsif metadata.dependencies[i]
|
252
244
|
# Currently wrapper profiles will load all dependencies, and then we
|
253
245
|
# load them again when we dive down. This needs to be re-done.
|
254
|
-
metadata.dependencies[i][:status] =
|
246
|
+
metadata.dependencies[i][:status] = "loaded"
|
255
247
|
end
|
256
248
|
c = d.load_libraries
|
257
249
|
@runner_context.add_resources(c)
|
@@ -315,11 +307,11 @@ module Inspec
|
|
315
307
|
res[:parent_profile] = parent_profile unless parent_profile.nil?
|
316
308
|
|
317
309
|
if !supports_platform?
|
318
|
-
res[:status] =
|
310
|
+
res[:status] = "skipped"
|
319
311
|
msg = "Skipping profile: '#{name}' on unsupported platform: '#{backend.platform.name}/#{backend.platform.release}'."
|
320
312
|
res[:skip_message] = msg
|
321
313
|
else
|
322
|
-
res[:status] =
|
314
|
+
res[:status] = "loaded"
|
323
315
|
end
|
324
316
|
|
325
317
|
# convert legacy os-* supports to their platform counterpart
|
@@ -380,23 +372,23 @@ module Inspec
|
|
380
372
|
m_warnings.each { |msg| warn.call(meta_path, 0, 0, nil, msg) }
|
381
373
|
m_unsupported = metadata.unsupported
|
382
374
|
m_unsupported.each { |u| warn.call(meta_path, 0, 0, nil, "doesn't support: #{u}") }
|
383
|
-
@logger.info
|
375
|
+
@logger.info "Metadata OK." if m_errors.empty? && m_unsupported.empty?
|
384
376
|
|
385
377
|
# only run the vendor check if the legacy profile-path is not used as argument
|
386
378
|
if @legacy_profile_path == false
|
387
379
|
# verify that a lockfile is present if we have dependencies
|
388
380
|
if !metadata.dependencies.empty?
|
389
|
-
error.call(meta_path, 0, 0, nil,
|
381
|
+
error.call(meta_path, 0, 0, nil, "Your profile needs to be vendored with `inspec vendor`.") if !lockfile_exists?
|
390
382
|
end
|
391
383
|
|
392
384
|
if lockfile_exists?
|
393
385
|
# verify if metadata and lockfile are out of sync
|
394
386
|
if lockfile.deps.size != metadata.dependencies.size
|
395
|
-
error.call(meta_path, 0, 0, nil,
|
387
|
+
error.call(meta_path, 0, 0, nil, "inspec.yml and inspec.lock are out-of-sync. Please re-vendor with `inspec vendor`.")
|
396
388
|
end
|
397
389
|
|
398
390
|
# verify if metadata and lockfile have the same dependency names
|
399
|
-
metadata.dependencies.each
|
391
|
+
metadata.dependencies.each do |dep|
|
400
392
|
# Skip if the dependency does not specify a name
|
401
393
|
next if dep[:name].nil?
|
402
394
|
|
@@ -404,7 +396,7 @@ module Inspec
|
|
404
396
|
if !lockfile.deps.map { |x| x[:name] }.include? dep[:name]
|
405
397
|
error.call(meta_path, 0, 0, nil, "Cannot find #{dep[:name]} in lockfile. Please re-vendor with `inspec vendor`.")
|
406
398
|
end
|
407
|
-
|
399
|
+
end
|
408
400
|
end
|
409
401
|
end
|
410
402
|
|
@@ -414,28 +406,28 @@ module Inspec
|
|
414
406
|
count = controls_count
|
415
407
|
result[:summary][:controls] = count
|
416
408
|
if count == 0
|
417
|
-
warn.call(nil, nil, nil, nil,
|
409
|
+
warn.call(nil, nil, nil, nil, "No controls or tests were defined.")
|
418
410
|
else
|
419
411
|
@logger.info("Found #{count} controls.")
|
420
412
|
end
|
421
413
|
|
422
414
|
# iterate over hash of groups
|
423
|
-
params[:controls].each
|
415
|
+
params[:controls].each do |id, control|
|
424
416
|
sfile = control[:source_location][:ref]
|
425
417
|
sline = control[:source_location][:line]
|
426
|
-
error.call(sfile, sline, nil, id,
|
427
|
-
next if id.start_with?
|
418
|
+
error.call(sfile, sline, nil, id, "Avoid controls with empty IDs") if id.nil? || id.empty?
|
419
|
+
next if id.start_with? "(generated "
|
428
420
|
warn.call(sfile, sline, nil, id, "Control #{id} has no title") if control[:title].to_s.empty?
|
429
421
|
warn.call(sfile, sline, nil, id, "Control #{id} has no descriptions") if control[:descriptions][:default].to_s.empty?
|
430
422
|
warn.call(sfile, sline, nil, id, "Control #{id} has impact > 1.0") if control[:impact].to_f > 1.0
|
431
423
|
warn.call(sfile, sline, nil, id, "Control #{id} has impact < 0.0") if control[:impact].to_f < 0.0
|
432
|
-
warn.call(sfile, sline, nil, id, "Control #{id} has no tests defined") if control[:checks].nil?
|
433
|
-
|
424
|
+
warn.call(sfile, sline, nil, id, "Control #{id} has no tests defined") if control[:checks].nil? || control[:checks].empty?
|
425
|
+
end
|
434
426
|
|
435
427
|
# profile is valid if we could not find any error
|
436
428
|
result[:summary][:valid] = result[:errors].empty?
|
437
429
|
|
438
|
-
@logger.info
|
430
|
+
@logger.info "Control definitions OK." if result[:warnings].empty?
|
439
431
|
result
|
440
432
|
end
|
441
433
|
|
@@ -461,22 +453,22 @@ module Inspec
|
|
461
453
|
# TODO ignore all .files, but add the files to debug output
|
462
454
|
|
463
455
|
# display all files that will be part of the archive
|
464
|
-
@logger.debug
|
465
|
-
files.each { |f| @logger.debug
|
456
|
+
@logger.debug "Add the following files to archive:"
|
457
|
+
files.each { |f| @logger.debug " " + f }
|
466
458
|
|
467
459
|
if opts[:zip]
|
468
460
|
# generate zip archive
|
469
|
-
require
|
461
|
+
require "inspec/archive/zip"
|
470
462
|
zag = Inspec::Archive::ZipArchiveGenerator.new
|
471
463
|
zag.archive(root_path, files, dst)
|
472
464
|
else
|
473
465
|
# generate tar archive
|
474
|
-
require
|
466
|
+
require "inspec/archive/tar"
|
475
467
|
tag = Inspec::Archive::TarArchiveGenerator.new
|
476
468
|
tag.archive(root_path, files, dst)
|
477
469
|
end
|
478
470
|
|
479
|
-
@logger.info
|
471
|
+
@logger.info "Finished archive generation."
|
480
472
|
true
|
481
473
|
end
|
482
474
|
|
@@ -485,11 +477,11 @@ module Inspec
|
|
485
477
|
end
|
486
478
|
|
487
479
|
def lockfile_exists?
|
488
|
-
@source_reader.target.files.include?(
|
480
|
+
@source_reader.target.files.include?("inspec.lock")
|
489
481
|
end
|
490
482
|
|
491
483
|
def lockfile_path
|
492
|
-
File.join(cwd,
|
484
|
+
File.join(cwd, "inspec.lock")
|
493
485
|
end
|
494
486
|
|
495
487
|
def root_path
|
@@ -506,12 +498,12 @@ module Inspec
|
|
506
498
|
# tarballs.
|
507
499
|
#
|
508
500
|
def cwd
|
509
|
-
@target.is_a?(String) && File.directory?(@target) ? @target :
|
501
|
+
@target.is_a?(String) && File.directory?(@target) ? @target : "./"
|
510
502
|
end
|
511
503
|
|
512
504
|
def lockfile
|
513
505
|
@lockfile ||= if lockfile_exists?
|
514
|
-
Inspec::Lockfile.from_content(@source_reader.target.read(
|
506
|
+
Inspec::Lockfile.from_content(@source_reader.target.read("inspec.lock"))
|
515
507
|
else
|
516
508
|
generate_lockfile
|
517
509
|
end
|
@@ -550,14 +542,14 @@ module Inspec
|
|
550
542
|
|
551
543
|
res = OpenSSL::Digest::SHA256.new
|
552
544
|
files = source_reader.tests.to_a + source_reader.libraries.to_a +
|
553
|
-
|
554
|
-
|
555
|
-
|
545
|
+
source_reader.data_files.to_a +
|
546
|
+
[["inspec.yml", source_reader.metadata.content]] +
|
547
|
+
[["inspec.lock.deps", YAML.dump(deps)]]
|
556
548
|
|
557
549
|
files.sort_by { |a| a[0] }
|
558
550
|
.map { |f| res << f[0] << "\0" << f[1] << "\0" }
|
559
551
|
|
560
|
-
res.digest.unpack(
|
552
|
+
res.digest.unpack("H*")[0]
|
561
553
|
end
|
562
554
|
|
563
555
|
private
|
@@ -573,13 +565,13 @@ module Inspec
|
|
573
565
|
end
|
574
566
|
|
575
567
|
name = params[:name] ||
|
576
|
-
|
577
|
-
|
568
|
+
raise("Cannot create an archive without a profile name! Please "\
|
569
|
+
"specify the name in metadata or use --output to create the archive.")
|
578
570
|
version = params[:version] ||
|
579
|
-
|
580
|
-
|
581
|
-
ext = opts[:zip] ?
|
582
|
-
slug = name.downcase.strip.tr(
|
571
|
+
raise("Cannot create an archive without a profile version! Please "\
|
572
|
+
"specify the version in metadata or use --output to create the archive.")
|
573
|
+
ext = opts[:zip] ? "zip" : "tar.gz"
|
574
|
+
slug = name.downcase.strip.tr(" ", "-").gsub(/[^\w-]/, "_")
|
583
575
|
Pathname.new(Dir.pwd).join("#{slug}-#{version}.#{ext}")
|
584
576
|
end
|
585
577
|
|
@@ -596,7 +588,7 @@ module Inspec
|
|
596
588
|
tests = collect_tests
|
597
589
|
params[:controls] = controls = {}
|
598
590
|
params[:groups] = groups = {}
|
599
|
-
prefix = @source_reader.target.prefix ||
|
591
|
+
prefix = @source_reader.target.prefix || ""
|
600
592
|
tests&.each do |rule|
|
601
593
|
next if rule.nil?
|
602
594
|
f = load_rule_filepath(prefix, rule)
|
@@ -1,33 +1,30 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
require
|
5
|
-
require
|
6
|
-
require
|
7
|
-
require
|
8
|
-
require
|
9
|
-
require 'inspec/require_loader'
|
10
|
-
require 'securerandom'
|
11
|
-
require 'inspec/objects/input'
|
1
|
+
require "inspec/log"
|
2
|
+
require "inspec/rule"
|
3
|
+
require "inspec/resource"
|
4
|
+
require "inspec/library_eval_context"
|
5
|
+
require "inspec/control_eval_context"
|
6
|
+
require "inspec/require_loader"
|
7
|
+
require "securerandom"
|
8
|
+
require "inspec/objects/input"
|
12
9
|
|
13
10
|
module Inspec
|
14
11
|
class ProfileContext
|
15
12
|
def self.for_profile(profile, backend)
|
16
|
-
new(profile.name, backend, {
|
13
|
+
new(profile.name, backend, { "profile" => profile, "check_mode" => profile.check_mode })
|
17
14
|
end
|
18
15
|
|
19
16
|
attr_reader :backend, :profile_name, :profile_id, :resource_registry
|
20
17
|
attr_accessor :rules
|
21
18
|
def initialize(profile_id, backend, conf)
|
22
19
|
if backend.nil?
|
23
|
-
raise
|
24
|
-
|
20
|
+
raise "ProfileContext is initiated with a backend == nil. " \
|
21
|
+
"This is a backend error which must be fixed upstream."
|
25
22
|
end
|
26
23
|
@profile_id = profile_id
|
27
24
|
@backend = backend
|
28
25
|
@conf = conf.dup
|
29
|
-
@profile_name = @conf[
|
30
|
-
@skip_only_if_eval = @conf[
|
26
|
+
@profile_name = @conf.key?("profile") ? @conf["profile"].profile_name : @profile_id
|
27
|
+
@skip_only_if_eval = @conf["check_mode"]
|
31
28
|
@rules = {}
|
32
29
|
@control_subcontexts = []
|
33
30
|
@lib_subcontexts = []
|
@@ -47,10 +44,10 @@ module Inspec
|
|
47
44
|
end
|
48
45
|
|
49
46
|
def dependencies
|
50
|
-
if @conf[
|
47
|
+
if @conf["profile"].nil?
|
51
48
|
{}
|
52
49
|
else
|
53
|
-
@conf[
|
50
|
+
@conf["profile"].locked_dependencies
|
54
51
|
end
|
55
52
|
end
|
56
53
|
|
@@ -70,15 +67,15 @@ module Inspec
|
|
70
67
|
end
|
71
68
|
|
72
69
|
def profile_supports_platform?
|
73
|
-
return true if @conf[
|
70
|
+
return true if @conf["profile"].nil?
|
74
71
|
|
75
|
-
@conf[
|
72
|
+
@conf["profile"].supports_platform?
|
76
73
|
end
|
77
74
|
|
78
75
|
def profile_supports_inspec_version?
|
79
|
-
return true if @conf[
|
76
|
+
return true if @conf["profile"].nil?
|
80
77
|
|
81
|
-
@conf[
|
78
|
+
@conf["profile"].supports_runtime?
|
82
79
|
end
|
83
80
|
|
84
81
|
def remove_rule(id)
|
@@ -119,15 +116,15 @@ module Inspec
|
|
119
116
|
end
|
120
117
|
|
121
118
|
def load_libraries(libs)
|
122
|
-
lib_prefix =
|
119
|
+
lib_prefix = "libraries" + File::SEPARATOR
|
123
120
|
autoloads = []
|
124
121
|
|
125
122
|
libs.sort_by! { |l| l[1] } # Sort on source path so load order is deterministic
|
126
123
|
libs.each do |content, source, line|
|
127
124
|
path = source
|
128
125
|
if source.start_with?(lib_prefix)
|
129
|
-
path = source.sub(lib_prefix,
|
130
|
-
autoloads.push(path) if File.dirname(path) ==
|
126
|
+
path = source.sub(lib_prefix, "")
|
127
|
+
autoloads.push(path) if File.dirname(path) == "."
|
131
128
|
end
|
132
129
|
|
133
130
|
@require_loader.add(path, content, source, line)
|
@@ -135,7 +132,7 @@ module Inspec
|
|
135
132
|
|
136
133
|
# load all files directly that are flat inside the libraries folder
|
137
134
|
autoloads.each do |path|
|
138
|
-
next unless path.end_with?(
|
135
|
+
next unless path.end_with?(".rb")
|
139
136
|
load_library_file(*@require_loader.load(path)) unless @require_loader.loaded?(path)
|
140
137
|
end
|
141
138
|
reload_dsl
|
@@ -160,7 +157,7 @@ module Inspec
|
|
160
157
|
elsif source.nil? && line.nil?
|
161
158
|
context.instance_eval(content)
|
162
159
|
else
|
163
|
-
context.instance_eval(content, source ||
|
160
|
+
context.instance_eval(content, source || "unknown", line || 1)
|
164
161
|
end
|
165
162
|
end
|
166
163
|
|
@@ -173,9 +170,9 @@ module Inspec
|
|
173
170
|
def register_rule(r)
|
174
171
|
# get the full ID
|
175
172
|
file = if @current_load.nil?
|
176
|
-
|
173
|
+
"unknown"
|
177
174
|
else
|
178
|
-
@current_load[:file] ||
|
175
|
+
@current_load[:file] || "unknown"
|
179
176
|
end
|
180
177
|
r.instance_variable_set(:@__file, file)
|
181
178
|
r.instance_variable_set(:@__group_title, current_load[:title])
|
@@ -198,7 +195,7 @@ module Inspec
|
|
198
195
|
|
199
196
|
def full_id(pid, rid)
|
200
197
|
return rid.to_s if pid.to_s.empty?
|
201
|
-
pid.to_s +
|
198
|
+
pid.to_s + "/" + rid.to_s
|
202
199
|
end
|
203
200
|
end
|
204
201
|
end
|