inspec-core 4.37.0 → 4.37.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/lib/inspec/fetcher/local.rb +1 -1
- data/lib/inspec/resources/http.rb +1 -1
- data/lib/inspec/resources/mssql_session.rb +1 -1
- data/lib/inspec/resources/mysql_session.rb +1 -1
- data/lib/inspec/resources/pip.rb +1 -1
- data/lib/inspec/resources/registry_key.rb +1 -1
- data/lib/inspec/resources/users.rb +1 -1
- data/lib/inspec/resources/windows_feature.rb +2 -1
- data/lib/inspec/runner.rb +1 -1
- data/lib/inspec/utils/erlang_parser.rb +2 -2
- data/lib/inspec/utils/filter.rb +7 -7
- data/lib/inspec/utils/nginx_parser.rb +3 -3
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +17 -0
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +21 -6
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +2 -3
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d915bf11e35804382285502f46a3a37b35017a10ab34c4e2f78d7420b0e3f589
|
|
4
|
+
data.tar.gz: b85a4f9cda0e1da7461b6d23248e935ceb6fbb2d9028f5bd9eec0683426c1ec3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e1925d3c20bcd18a711dfa9d2df7ff98bd522b4afd3fbc8f4c5bc16648e60101fd6984a5a3d4bebf568b2993ec29ecae1ca58380e8d1a5bb55498f335dd144ff
|
|
7
|
+
data.tar.gz: da6f422af63ddfa51d96b945cc8d34d0bc67d26557114367406108ff43bada35a2c9dd83e4c0c29081cb3a29fe6c545fcd7cf1e8a8d8a4618da1058b6e562883
|
data/Gemfile
CHANGED
|
@@ -28,7 +28,7 @@ group :omnibus do
|
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
group :test do
|
|
31
|
-
gem "chefstyle", "~>
|
|
31
|
+
gem "chefstyle", "~> 2.0.3"
|
|
32
32
|
gem "concurrent-ruby", "~> 1.0"
|
|
33
33
|
gem "html-proofer", platforms: :ruby # do not attempt to run proofer on windows
|
|
34
34
|
gem "json_schemer", ">= 0.2.1", "< 0.2.19"
|
data/lib/inspec/fetcher/local.rb
CHANGED
|
@@ -58,7 +58,7 @@ module Inspec::Resources
|
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
def query(q) # rubocop:disable Metrics/PerceivedComplexity
|
|
61
|
-
escaped_query = q.gsub(/\\/,
|
|
61
|
+
escaped_query = q.gsub(/\\/, "\\\\").gsub(/"/, '""').gsub(/\$/, '\\$')
|
|
62
62
|
# surpress 'x rows affected' in SQLCMD with 'set nocount on;'
|
|
63
63
|
cmd_string = "sqlcmd -Q \"set nocount on; #{escaped_query}\" -W -w 1024 -s ','"
|
|
64
64
|
cmd_string += " -U '#{@user}' -P '#{@password}'" unless @user.nil? || @password.nil?
|
|
@@ -75,7 +75,7 @@ module Inspec::Resources
|
|
|
75
75
|
def create_mysql_cmd(q, db = "")
|
|
76
76
|
# TODO: simple escape, must be handled by a library
|
|
77
77
|
# that does this securely
|
|
78
|
-
escaped_query = q.gsub(/\\/,
|
|
78
|
+
escaped_query = q.gsub(/\\/, "\\\\").gsub(/"/, '\\"').gsub(/\$/, '\\$')
|
|
79
79
|
|
|
80
80
|
# construct the query
|
|
81
81
|
command = "mysql"
|
data/lib/inspec/resources/pip.rb
CHANGED
|
@@ -117,7 +117,7 @@ module Inspec::Resources
|
|
|
117
117
|
if defined?(windows_paths["Python"]) && pipcmd.nil?
|
|
118
118
|
return nil if windows_paths["Pip"].nil?
|
|
119
119
|
|
|
120
|
-
pipdir = windows_paths["Python"].split(
|
|
120
|
+
pipdir = windows_paths["Python"].split("\\")
|
|
121
121
|
# remove python.exe
|
|
122
122
|
pipdir.pop
|
|
123
123
|
pipcmd = pipdir.push("Scripts").push("pip.exe").join("/")
|
|
@@ -611,7 +611,7 @@ module Inspec::Resources
|
|
|
611
611
|
# @see https://msdn.microsoft.com/en-us/library/aa394153(v=vs.85).aspx
|
|
612
612
|
class WindowsUser < UserInfo
|
|
613
613
|
def parse_windows_account(username)
|
|
614
|
-
account = username.split(
|
|
614
|
+
account = username.split("\\")
|
|
615
615
|
name = account.pop
|
|
616
616
|
domain = account.pop unless account.empty?
|
|
617
617
|
[name, domain]
|
|
@@ -79,10 +79,11 @@ module Inspec::Resources
|
|
|
79
79
|
result = cmd.stdout
|
|
80
80
|
feature_name_regex = /Feature Name : (.*)(\r\n|\n)/
|
|
81
81
|
description_regex = /Description : (.*)(\r\n|\n)/
|
|
82
|
+
state_regex = /State : (.*)(\r\n|\n)/
|
|
82
83
|
feature_info = {
|
|
83
84
|
name: result.match(feature_name_regex).captures[0].chomp,
|
|
84
85
|
description: result.match(description_regex).captures[0].chomp,
|
|
85
|
-
installed:
|
|
86
|
+
installed: result.match(state_regex).captures[0].chomp == 'Enabled',
|
|
86
87
|
}
|
|
87
88
|
end
|
|
88
89
|
|
data/lib/inspec/runner.rb
CHANGED
|
@@ -243,7 +243,7 @@ module Inspec
|
|
|
243
243
|
# to provide access to local profiles that add resources.
|
|
244
244
|
@depends.each do |dep|
|
|
245
245
|
# support for windows paths
|
|
246
|
-
dep = dep.tr(
|
|
246
|
+
dep = dep.tr("\\", "/")
|
|
247
247
|
Inspec::Profile.for_path(dep, { profile_context: ctx }).load_libraries
|
|
248
248
|
end
|
|
249
249
|
|
|
@@ -52,13 +52,13 @@ class ErlangParser < Parslet::Parser
|
|
|
52
52
|
|
|
53
53
|
rule(:stringS) do
|
|
54
54
|
str("'") >> (
|
|
55
|
-
str(
|
|
55
|
+
str("\\") >> any | str("'").absent? >> any
|
|
56
56
|
).repeat.as(:string) >> str("'") >> filler?
|
|
57
57
|
end
|
|
58
58
|
|
|
59
59
|
rule(:stringD) do
|
|
60
60
|
str('"') >> (
|
|
61
|
-
str(
|
|
61
|
+
str("\\") >> any | str('"').absent? >> any
|
|
62
62
|
).repeat.as(:string) >> str('"') >> filler?
|
|
63
63
|
end
|
|
64
64
|
|
data/lib/inspec/utils/filter.rb
CHANGED
|
@@ -375,13 +375,13 @@ module FilterTable
|
|
|
375
375
|
methods_to_install_on_resource_class = @filter_methods + @custom_properties.keys
|
|
376
376
|
methods_to_install_on_resource_class.each do |method_name|
|
|
377
377
|
resource_class.send(:define_method, method_name) do |*args, &block|
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
378
|
+
|
|
379
|
+
# self here is the resource instance
|
|
380
|
+
filter_table_instance = table_class.new(self, send(raw_data_fetcher_method_name), " with")
|
|
381
|
+
filter_table_instance.send(method_name, *args, &block)
|
|
382
|
+
rescue Inspec::Exceptions::ResourceFailed, Inspec::Exceptions::ResourceSkipped => e
|
|
383
|
+
FilterTable::ExceptionCatcher.new(resource_class, e)
|
|
384
|
+
|
|
385
385
|
end
|
|
386
386
|
end
|
|
387
387
|
end
|
|
@@ -31,19 +31,19 @@ class NginxParser < Parslet::Parser
|
|
|
31
31
|
|
|
32
32
|
rule(:standard_value) do
|
|
33
33
|
((match(/[#;{'"]/).absent? >> any) >> (
|
|
34
|
-
str(
|
|
34
|
+
str("\\") >> any | match('[#;{]|\s').absent? >> any
|
|
35
35
|
).repeat).as(:value) >> space.repeat
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
rule(:single_quoted_value) do
|
|
39
39
|
str("'") >> (
|
|
40
|
-
str(
|
|
40
|
+
str("\\") >> any | str("'").absent? >> any
|
|
41
41
|
).repeat.as(:value) >> str("'") >> space.repeat
|
|
42
42
|
end
|
|
43
43
|
|
|
44
44
|
rule(:double_quoted_value) do
|
|
45
45
|
str('"') >> (
|
|
46
|
-
str(
|
|
46
|
+
str("\\") >> any | str('"').absent? >> any
|
|
47
47
|
).repeat.as(:value) >> str('"') >> space.repeat
|
|
48
48
|
end
|
|
49
49
|
|
data/lib/inspec/version.rb
CHANGED
|
@@ -170,6 +170,23 @@ module InspecPlugins
|
|
|
170
170
|
[success, msg, access_token]
|
|
171
171
|
end
|
|
172
172
|
|
|
173
|
+
# Use API access token to validate login using version API
|
|
174
|
+
def self.authenticate_login_using_version_api(url, api_token, insecure)
|
|
175
|
+
uri = URI.parse("#{url}/version")
|
|
176
|
+
req = Net::HTTP::Get.new(uri.path)
|
|
177
|
+
req["api-token"] = api_token
|
|
178
|
+
response = InspecPlugins::Compliance::HTTP.send_request(uri, req, insecure)
|
|
179
|
+
|
|
180
|
+
if response.code == "200"
|
|
181
|
+
msg = "Successfully Logged In"
|
|
182
|
+
success = true
|
|
183
|
+
else
|
|
184
|
+
success = false
|
|
185
|
+
msg = "Failed to authenticate to #{url} \n\Response code: #{response.code}\nBody: #{response.body}"
|
|
186
|
+
end
|
|
187
|
+
[success, msg]
|
|
188
|
+
end
|
|
189
|
+
|
|
173
190
|
# Use username and password to get an API access token
|
|
174
191
|
def self.get_token_via_password(url, username, password, insecure)
|
|
175
192
|
uri = URI.parse("#{url}/login")
|
|
@@ -33,7 +33,8 @@ module InspecPlugins
|
|
|
33
33
|
|
|
34
34
|
options["url"] = options["server"] + "/api/v0"
|
|
35
35
|
token = options["dctoken"] || options["token"]
|
|
36
|
-
|
|
36
|
+
success, msg = API::Login.authenticate_login(options)
|
|
37
|
+
success ? store_access_token(options, token) : msg
|
|
37
38
|
end
|
|
38
39
|
|
|
39
40
|
def self.store_access_token(options, token)
|
|
@@ -52,7 +53,7 @@ module InspecPlugins
|
|
|
52
53
|
config["version"] = "0"
|
|
53
54
|
|
|
54
55
|
config.store
|
|
55
|
-
config
|
|
56
|
+
API::Login.configuration_stored_message(config)
|
|
56
57
|
end
|
|
57
58
|
|
|
58
59
|
def self.verify_thor_options(o)
|
|
@@ -74,7 +75,8 @@ module InspecPlugins
|
|
|
74
75
|
|
|
75
76
|
options["url"] = options["server"] + "/compliance"
|
|
76
77
|
token = options["dctoken"] || options["token"]
|
|
77
|
-
|
|
78
|
+
success, msg = API::Login.authenticate_login(options)
|
|
79
|
+
success ? store_access_token(options, token) : msg
|
|
78
80
|
end
|
|
79
81
|
|
|
80
82
|
def self.store_access_token(options, token)
|
|
@@ -99,7 +101,7 @@ module InspecPlugins
|
|
|
99
101
|
config["version"] = InspecPlugins::Compliance::API.version(config)
|
|
100
102
|
|
|
101
103
|
config.store
|
|
102
|
-
config
|
|
104
|
+
API::Login.configuration_stored_message(config)
|
|
103
105
|
end
|
|
104
106
|
|
|
105
107
|
# Automate login requires `--ent`, `--user`, and either `--token` or `--dctoken`
|
|
@@ -126,7 +128,8 @@ module InspecPlugins
|
|
|
126
128
|
options["url"] = options["server"] + "/api"
|
|
127
129
|
|
|
128
130
|
if options["user"] && options["token"]
|
|
129
|
-
|
|
131
|
+
success, msg = API::Login.authenticate_login(options)
|
|
132
|
+
success ? compliance_store_access_token(options, options["token"]) : msg
|
|
130
133
|
elsif options["user"] && options["password"]
|
|
131
134
|
compliance_login_user_pass(options)
|
|
132
135
|
elsif options["refresh_token"]
|
|
@@ -171,7 +174,7 @@ module InspecPlugins
|
|
|
171
174
|
config["version"] = InspecPlugins::Compliance::API.version(config)
|
|
172
175
|
|
|
173
176
|
config.store
|
|
174
|
-
config
|
|
177
|
+
API::Login.configuration_stored_message(config)
|
|
175
178
|
end
|
|
176
179
|
|
|
177
180
|
# Compliance login requires `--user` or `--refresh_token`
|
|
@@ -192,6 +195,18 @@ module InspecPlugins
|
|
|
192
195
|
raise ArgumentError, error_msg.join("\n") unless error_msg.empty?
|
|
193
196
|
end
|
|
194
197
|
end
|
|
198
|
+
|
|
199
|
+
def self.authenticate_login(options)
|
|
200
|
+
InspecPlugins::Compliance::API.authenticate_login_using_version_api(
|
|
201
|
+
options["url"],
|
|
202
|
+
options["token"],
|
|
203
|
+
options["insecure"]
|
|
204
|
+
)
|
|
205
|
+
end
|
|
206
|
+
|
|
207
|
+
def self.configuration_stored_message(config)
|
|
208
|
+
"Stored configuration for Chef #{config["server_type"].capitalize}: #{config["server"]}' with user: '#{config["user"]}'"
|
|
209
|
+
end
|
|
195
210
|
end
|
|
196
211
|
end
|
|
197
212
|
end
|
|
@@ -34,9 +34,8 @@ module InspecPlugins
|
|
|
34
34
|
desc: "Enterprise for #{AUTOMATE_PRODUCT_NAME} reporting (#{AUTOMATE_PRODUCT_NAME} Only)"
|
|
35
35
|
def login(server)
|
|
36
36
|
options["server"] = server
|
|
37
|
-
InspecPlugins::Compliance::API.login(options)
|
|
38
|
-
|
|
39
|
-
puts "Stored configuration for Chef #{config["server_type"].capitalize}: #{config["server"]}' with user: '#{config["user"]}'"
|
|
37
|
+
login_response = InspecPlugins::Compliance::API.login(options)
|
|
38
|
+
puts login_response
|
|
40
39
|
end
|
|
41
40
|
|
|
42
41
|
desc "profiles", "list all available profiles in #{AUTOMATE_PRODUCT_NAME}"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.37.
|
|
4
|
+
version: 4.37.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chef InSpec Team
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-05-
|
|
11
|
+
date: 2021-05-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: chef-telemetry
|