inspec-core 4.38.9 → 4.49.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +5 -1
- data/etc/deprecations.json +1 -1
- data/lib/inspec/base_cli.rb +11 -1
- data/lib/inspec/cached_fetcher.rb +2 -2
- data/lib/inspec/cli.rb +14 -4
- data/lib/inspec/control_eval_context.rb +64 -17
- data/lib/inspec/dsl.rb +18 -3
- data/lib/inspec/fetcher/url.rb +45 -3
- data/lib/inspec/fetcher.rb +3 -3
- data/lib/inspec/plugin/v1/registry.rb +6 -2
- data/lib/inspec/profile.rb +146 -6
- data/lib/inspec/resources/apache_conf.rb +8 -6
- data/lib/inspec/resources/cassandra.rb +64 -0
- data/lib/inspec/resources/cassandradb_conf.rb +47 -0
- data/lib/inspec/resources/cassandradb_session.rb +68 -0
- data/lib/inspec/resources/chrony_conf.rb +55 -0
- data/lib/inspec/resources/csv.rb +26 -3
- data/lib/inspec/resources/groups.rb +22 -3
- data/lib/inspec/resources/ibmdb2_conf.rb +57 -0
- data/lib/inspec/resources/ibmdb2_session.rb +69 -0
- data/lib/inspec/resources/mongodb_session.rb +88 -0
- data/lib/inspec/resources/mssql_sys_conf.rb +48 -0
- data/lib/inspec/resources/opa.rb +26 -0
- data/lib/inspec/resources/opa_api.rb +39 -0
- data/lib/inspec/resources/opa_cli.rb +43 -0
- data/lib/inspec/resources/oracle.rb +66 -0
- data/lib/inspec/resources/oracledb_conf.rb +40 -0
- data/lib/inspec/resources/oracledb_listener_conf.rb +123 -0
- data/lib/inspec/resources/oracledb_session.rb +23 -6
- data/lib/inspec/resources/postgres_session.rb +15 -10
- data/lib/inspec/resources/registry_key.rb +1 -1
- data/lib/inspec/resources/security_identifier.rb +8 -14
- data/lib/inspec/resources/security_policy.rb +4 -3
- data/lib/inspec/resources/service.rb +7 -1
- data/lib/inspec/resources/sybase_conf.rb +37 -0
- data/lib/inspec/resources/sybase_session.rb +111 -0
- data/lib/inspec/resources/users.rb +16 -2
- data/lib/inspec/resources/windows_firewall.rb +1 -1
- data/lib/inspec/resources/wmi.rb +1 -1
- data/lib/inspec/resources.rb +12 -0
- data/lib/inspec/run_data/profile.rb +0 -2
- data/lib/inspec/runner.rb +2 -0
- data/lib/inspec/utils/filter.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-init/templates/profiles/aws/inspec.yml +1 -1
- data/lib/plugins/inspec-init/templates/profiles/azure/inspec.yml +1 -1
- data/lib/plugins/inspec-init/templates/profiles/gcp/inspec.yml +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +16 -15
- metadata +18 -2
@@ -77,7 +77,7 @@ module Inspec::Resources
|
|
77
77
|
|
78
78
|
def load_firewall_profile(profile_name)
|
79
79
|
<<-EOH
|
80
|
-
|
80
|
+
Get-TypeData -TypeName System.Array | Remove-TypeData # workaround for PS bug here: https://bit.ly/2SRMQ8M
|
81
81
|
$profile = Get-NetFirewallProfile -Name "#{profile_name}"
|
82
82
|
$count = @($profile | Get-NetFirewallRule).Count
|
83
83
|
([PSCustomObject]@{
|
data/lib/inspec/resources/wmi.rb
CHANGED
@@ -36,7 +36,7 @@ module Inspec::Resources
|
|
36
36
|
end
|
37
37
|
end
|
38
38
|
|
39
|
-
# returns nil, if not
|
39
|
+
# returns nil, if not existent or value
|
40
40
|
def method_missing(*keys)
|
41
41
|
# catch behavior of rspec its implementation
|
42
42
|
# @see https://github.com/rspec/rspec-its/blob/v1.2.0/lib/rspec/its.rb#L110
|
data/lib/inspec/resources.rb
CHANGED
@@ -37,6 +37,9 @@ require "inspec/resources/chocolatey_package"
|
|
37
37
|
require "inspec/resources/command"
|
38
38
|
require "inspec/resources/cran"
|
39
39
|
require "inspec/resources/cpan"
|
40
|
+
require "inspec/resources/cassandradb_session"
|
41
|
+
require "inspec/resources/cassandradb_conf"
|
42
|
+
require "inspec/resources/cassandra"
|
40
43
|
require "inspec/resources/crontab"
|
41
44
|
require "inspec/resources/dh_params"
|
42
45
|
require "inspec/resources/directory"
|
@@ -58,6 +61,8 @@ require "inspec/resources/groups"
|
|
58
61
|
require "inspec/resources/grub_conf"
|
59
62
|
require "inspec/resources/host"
|
60
63
|
require "inspec/resources/http"
|
64
|
+
require "inspec/resources/ibmdb2_conf"
|
65
|
+
require "inspec/resources/ibmdb2_session"
|
61
66
|
require "inspec/resources/iis_app"
|
62
67
|
require "inspec/resources/iis_app_pool"
|
63
68
|
require "inspec/resources/iis_site"
|
@@ -73,8 +78,10 @@ require "inspec/resources/limits_conf"
|
|
73
78
|
require "inspec/resources/login_defs"
|
74
79
|
require "inspec/resources/mongodb"
|
75
80
|
require "inspec/resources/mongodb_conf"
|
81
|
+
require "inspec/resources/mongodb_session"
|
76
82
|
require "inspec/resources/mount"
|
77
83
|
require "inspec/resources/mssql_session"
|
84
|
+
require "inspec/resources/mssql_sys_conf"
|
78
85
|
require "inspec/resources/mysql"
|
79
86
|
require "inspec/resources/mysql_conf"
|
80
87
|
require "inspec/resources/mysql_session"
|
@@ -83,6 +90,11 @@ require "inspec/resources/nginx_conf"
|
|
83
90
|
require "inspec/resources/npm"
|
84
91
|
require "inspec/resources/ntp_conf"
|
85
92
|
require "inspec/resources/oneget"
|
93
|
+
require "inspec/resources/oracle"
|
94
|
+
require "inspec/resources/oracledb_conf"
|
95
|
+
require "inspec/resources/oracledb_listener_conf"
|
96
|
+
require "inspec/resources/opa_cli"
|
97
|
+
require "inspec/resources/opa_api"
|
86
98
|
require "inspec/resources/oracledb_session"
|
87
99
|
require "inspec/resources/os"
|
88
100
|
require "inspec/resources/os_env"
|
@@ -49,7 +49,6 @@ module Inspec
|
|
49
49
|
end
|
50
50
|
|
51
51
|
class Profile
|
52
|
-
# Good candidate for keyword_init, but that is not in 2.4
|
53
52
|
Dependency = Struct.new(
|
54
53
|
:name, :path, :status, :status_message, :git, :url, :compliance, :supermarket, :branch, :tag, :commit, :version, :relative_path
|
55
54
|
) do
|
@@ -71,7 +70,6 @@ module Inspec
|
|
71
70
|
end
|
72
71
|
end
|
73
72
|
|
74
|
-
# Good candidate for keyword_init, but that is not in 2.4
|
75
73
|
Group = Struct.new(
|
76
74
|
:title, :controls, :id
|
77
75
|
) do
|
data/lib/inspec/runner.rb
CHANGED
@@ -50,6 +50,7 @@ module Inspec
|
|
50
50
|
@conf[:logger] ||= Logger.new(nil)
|
51
51
|
@target_profiles = []
|
52
52
|
@controls = @conf[:controls] || []
|
53
|
+
@tags = @conf[:tags] || []
|
53
54
|
@depends = @conf[:depends] || []
|
54
55
|
@create_lockfile = @conf[:create_lockfile]
|
55
56
|
@cache = Inspec::Cache.new(@conf[:vendor_cache])
|
@@ -199,6 +200,7 @@ module Inspec
|
|
199
200
|
vendor_cache: @cache,
|
200
201
|
backend: @backend,
|
201
202
|
controls: @controls,
|
203
|
+
tags: @tags,
|
202
204
|
runner_conf: @conf)
|
203
205
|
raise "Could not resolve #{target} to valid input." if profile.nil?
|
204
206
|
|
data/lib/inspec/utils/filter.rb
CHANGED
data/lib/inspec/version.rb
CHANGED
@@ -232,10 +232,10 @@ module InspecPlugins
|
|
232
232
|
|
233
233
|
# Already installed?
|
234
234
|
if registry.known_plugin?(plugin_name.to_sym)
|
235
|
-
ui.
|
236
|
-
|
237
|
-
|
238
|
-
ui.exit Inspec::UI::
|
235
|
+
ui.bold("Plugin already installed - #{plugin_name} - Use '#{EXEC_NAME} " \
|
236
|
+
"plugin list' to see previously installed plugin - " \
|
237
|
+
"installation failed.\n")
|
238
|
+
ui.exit Inspec::UI::EXIT_NORMAL
|
239
239
|
end
|
240
240
|
|
241
241
|
# Can we figure out how to load it?
|
@@ -391,19 +391,20 @@ module InspecPlugins
|
|
391
391
|
they_explicitly_asked_for_a_version = !options[:version].nil?
|
392
392
|
what_we_would_install_is_already_installed = pre_installed_versions.include?(requested_version)
|
393
393
|
if what_we_would_install_is_already_installed && they_explicitly_asked_for_a_version
|
394
|
-
ui.
|
394
|
+
ui.bold("Plugin already installed at requested version - plugin " \
|
395
395
|
"#{plugin_name} #{requested_version} - refusing to install.\n")
|
396
|
+
ui.exit Inspec::UI::EXIT_NORMAL
|
396
397
|
elsif what_we_would_install_is_already_installed && !they_explicitly_asked_for_a_version
|
397
398
|
ui.red("Plugin already installed at latest version - plugin " \
|
398
399
|
"#{plugin_name} #{requested_version} - refusing to install.\n")
|
399
|
-
|
400
|
-
# There are existing versions installed, but none of them are what was requested
|
401
|
-
ui.red("Update required - plugin #{plugin_name}, requested " \
|
402
|
-
"#{requested_version}, have " \
|
403
|
-
"#{pre_installed_versions.join(", ")}; use `inspec " \
|
404
|
-
"plugin update` - refusing to install.\n")
|
400
|
+
ui.exit Inspec::UI::EXIT_NORMAL
|
405
401
|
end
|
406
402
|
|
403
|
+
# There are existing versions installed, but none of them are what was requested
|
404
|
+
ui.red("Update required - plugin #{plugin_name}, requested " \
|
405
|
+
"#{requested_version}, have " \
|
406
|
+
"#{pre_installed_versions.join(", ")}; use `inspec " \
|
407
|
+
"plugin update` - refusing to install.\n")
|
407
408
|
ui.exit Inspec::UI::EXIT_PLUGIN_ERROR
|
408
409
|
end
|
409
410
|
|
@@ -433,7 +434,7 @@ module InspecPlugins
|
|
433
434
|
"version #{options[:version]} found on #{source_host} - " \
|
434
435
|
"installation failed.\n")
|
435
436
|
else
|
436
|
-
ui.red("Unknown error
|
437
|
+
ui.red("Unknown error occurred - installation failed.\n")
|
437
438
|
end
|
438
439
|
ui.exit Inspec::UI::EXIT_USAGE_ERROR
|
439
440
|
end
|
@@ -457,15 +458,15 @@ module InspecPlugins
|
|
457
458
|
end
|
458
459
|
end
|
459
460
|
|
460
|
-
# Check for latest version (and implicitly,
|
461
|
+
# Check for latest version (and implicitly, existence)
|
461
462
|
latest_version = installer.search(plugin_name, exact: true, scope: :latest)
|
462
463
|
latest_version = latest_version[plugin_name]&.last
|
463
464
|
|
464
465
|
if pre_update_versions.include?(latest_version)
|
465
|
-
ui.plain_line("#{ui.
|
466
|
+
ui.plain_line("#{ui.bold("Already installed at latest version:", print: false)} " \
|
466
467
|
"#{plugin_name} is at #{latest_version}, which the " \
|
467
468
|
"latest - refusing to update")
|
468
|
-
ui.exit Inspec::UI::
|
469
|
+
ui.exit Inspec::UI::EXIT_NORMAL
|
469
470
|
end
|
470
471
|
end
|
471
472
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.49.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chef InSpec Team
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-10-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: chef-telemetry
|
@@ -505,7 +505,11 @@ files:
|
|
505
505
|
- lib/inspec/resources/bond.rb
|
506
506
|
- lib/inspec/resources/bridge.rb
|
507
507
|
- lib/inspec/resources/bsd_service.rb
|
508
|
+
- lib/inspec/resources/cassandra.rb
|
509
|
+
- lib/inspec/resources/cassandradb_conf.rb
|
510
|
+
- lib/inspec/resources/cassandradb_session.rb
|
508
511
|
- lib/inspec/resources/chocolatey_package.rb
|
512
|
+
- lib/inspec/resources/chrony_conf.rb
|
509
513
|
- lib/inspec/resources/command.rb
|
510
514
|
- lib/inspec/resources/cpan.rb
|
511
515
|
- lib/inspec/resources/cran.rb
|
@@ -535,6 +539,8 @@ files:
|
|
535
539
|
- lib/inspec/resources/grub_conf.rb
|
536
540
|
- lib/inspec/resources/host.rb
|
537
541
|
- lib/inspec/resources/http.rb
|
542
|
+
- lib/inspec/resources/ibmdb2_conf.rb
|
543
|
+
- lib/inspec/resources/ibmdb2_session.rb
|
538
544
|
- lib/inspec/resources/iis_app.rb
|
539
545
|
- lib/inspec/resources/iis_app_pool.rb
|
540
546
|
- lib/inspec/resources/iis_site.rb
|
@@ -556,8 +562,10 @@ files:
|
|
556
562
|
- lib/inspec/resources/login_defs.rb
|
557
563
|
- lib/inspec/resources/mongodb.rb
|
558
564
|
- lib/inspec/resources/mongodb_conf.rb
|
565
|
+
- lib/inspec/resources/mongodb_session.rb
|
559
566
|
- lib/inspec/resources/mount.rb
|
560
567
|
- lib/inspec/resources/mssql_session.rb
|
568
|
+
- lib/inspec/resources/mssql_sys_conf.rb
|
561
569
|
- lib/inspec/resources/mysql.rb
|
562
570
|
- lib/inspec/resources/mysql_conf.rb
|
563
571
|
- lib/inspec/resources/mysql_session.rb
|
@@ -567,6 +575,12 @@ files:
|
|
567
575
|
- lib/inspec/resources/npm.rb
|
568
576
|
- lib/inspec/resources/ntp_conf.rb
|
569
577
|
- lib/inspec/resources/oneget.rb
|
578
|
+
- lib/inspec/resources/opa.rb
|
579
|
+
- lib/inspec/resources/opa_api.rb
|
580
|
+
- lib/inspec/resources/opa_cli.rb
|
581
|
+
- lib/inspec/resources/oracle.rb
|
582
|
+
- lib/inspec/resources/oracledb_conf.rb
|
583
|
+
- lib/inspec/resources/oracledb_listener_conf.rb
|
570
584
|
- lib/inspec/resources/oracledb_session.rb
|
571
585
|
- lib/inspec/resources/os.rb
|
572
586
|
- lib/inspec/resources/os_env.rb
|
@@ -600,6 +614,8 @@ files:
|
|
600
614
|
- lib/inspec/resources/ssh_config.rb
|
601
615
|
- lib/inspec/resources/sshd_config.rb
|
602
616
|
- lib/inspec/resources/ssl.rb
|
617
|
+
- lib/inspec/resources/sybase_conf.rb
|
618
|
+
- lib/inspec/resources/sybase_session.rb
|
603
619
|
- lib/inspec/resources/sys_info.rb
|
604
620
|
- lib/inspec/resources/systemd_service.rb
|
605
621
|
- lib/inspec/resources/sysv_service.rb
|