RubyGems - inspec-core - Versions diffs - 4.41.20 → 4.52.9 - Mend

inspec-core 4.41.20 → 4.52.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

checksums.yaml +4 -4
data/Gemfile +4 -0
data/etc/deprecations.json +1 -1
data/lib/bundles/inspec-supermarket/README.md +21 -2
data/lib/bundles/inspec-supermarket/cli.rb +20 -3
data/lib/bundles/inspec-supermarket/target.rb +3 -2
data/lib/inspec/base_cli.rb +12 -0
data/lib/inspec/cli.rb +21 -4
data/lib/inspec/control_eval_context.rb +40 -39
data/lib/inspec/dsl.rb +18 -3
data/lib/inspec/globals.rb +5 -0
data/lib/inspec/plugin/v1/registry.rb +1 -1
data/lib/inspec/profile.rb +115 -2
data/lib/inspec/resources/auditd.rb +5 -4
data/lib/inspec/resources/cassandra.rb +64 -0
data/lib/inspec/resources/cassandradb_conf.rb +47 -0
data/lib/inspec/resources/cassandradb_session.rb +68 -0
data/lib/inspec/resources/chrony_conf.rb +55 -0
data/lib/inspec/resources/csv.rb +26 -3
data/lib/inspec/resources/groups.rb +22 -3
data/lib/inspec/resources/http.rb +135 -54
data/lib/inspec/resources/ibmdb2_conf.rb +57 -0
data/lib/inspec/resources/ibmdb2_session.rb +69 -0
data/lib/inspec/resources/mssql_sys_conf.rb +48 -0
data/lib/inspec/resources/opa.rb +4 -1
data/lib/inspec/resources/oracle.rb +66 -0
data/lib/inspec/resources/oracledb_conf.rb +40 -0
data/lib/inspec/resources/oracledb_listener_conf.rb +123 -0
data/lib/inspec/resources/oracledb_session.rb +25 -6
data/lib/inspec/resources/packages.rb +21 -0
data/lib/inspec/resources/postgres_session.rb +15 -4
data/lib/inspec/resources/service.rb +59 -10
data/lib/inspec/resources/ssl.rb +7 -0
data/lib/inspec/resources/sybase_conf.rb +37 -0
data/lib/inspec/resources/sybase_session.rb +111 -0
data/lib/inspec/resources/users.rb +16 -2
data/lib/inspec/resources/windows_firewall.rb +1 -1
data/lib/inspec/resources.rb +9 -0
data/lib/inspec/run_data/profile.rb +0 -2
data/lib/inspec/version.rb +1 -1
metadata +14 -2

data/lib/inspec/resources/sybase_session.rb ADDED Viewed

@@ -0,0 +1,111 @@
+require "inspec/resources/command"
+require "inspec/utils/database_helpers"
+require "hashie/mash"
+require "csv" unless defined?(CSV)
+require "tempfile" unless defined?(Tempfile)
+module Inspec::Resources
+  # STABILITY: Experimental
+  # This resource needs further testing and refinement
+  #
+  class SybaseSession < Inspec.resource(1)
+    name "sybase_session"
+    supports platform: "unix"
+    # supports platform: "windows" # TODO
+    desc "Use the sybase_session InSpec resource to test commands against an Sybase database"
+    example <<~EXAMPLE
+      sql = sybase_session(username: 'my_user', password: 'password', server: 'SYBASE', database: 'pubs2')
+      describe sql.query(\"SELECT * FROM authors\").row(0).column('au_lname') do
+        its('value') { should eq 'Smith' }
+      end
+    EXAMPLE
+    # TODO: allow to set -I interfaces file
+    # TODO: allow to customize -s column separator
+    attr_reader :bin, :col_sep, :database, :password, :server, :sybase_home, :username
+    def initialize(opts = {})
+      @username = opts[:username]
+      @password = opts[:password]
+      @database = opts[:database]
+      @server = opts[:server]
+      @sybase_home = opts[:sybase_home] || "/opt/sap"
+      @bin = opts[:bin] || "isql"
+      @col_sep = "|"
+      fail_resource "Can't run Sybase checks without authentication" unless username && password
+      fail_resource "You must provide a server name for the session" unless server
+      fail_resource "You must provide a database name for the session" unless database
+      fail_resource "Cannot find #{bin} CLI tool" unless inspec.command(bin).exist?
+    end
+    def query(sql)
+      # We must write the SQl to a temp file on the remote target
+      # try to get a temp path
+      sql_file_path = upload_sql_file(sql)
+      # isql reuires that we have a matching locale set, but does not support C.UTF-8. en_US.UTF-8 is the least evil.
+      command = "LANG=en_US.UTF-8 SYBASE=#{sybase_home} #{bin} -s\"#{col_sep}\" -w80000 -S #{server} -U #{username} -D #{database} -P \"#{password}\" < #{sql_file_path}"
+      isql_cmd = inspec.command(command)
+      # Check for isql errors
+      res = isql_cmd.exit_status
+      raise Inspec::Exceptions::ResourceFailed.new("isql exited with code #{res} and stderr '#{isql_cmd.stderr}', stdout '#{isql_cmd.stdout}'") unless res == 0
+      # isql is ill-behaved, and returns 0 on error
+      raise Inspec::Exceptions::ResourceFailed.new("isql exited with error '#{isql_cmd.stderr}', stdout '#{isql_cmd.stdout}'") unless isql_cmd.stderr == ""
+      # check stdout for error messages when stderr is empty "Msg 102, Level 15, State 181:\nServer 'SYBASE', Line 1:\nIncorrect syntax near '.'.\n"
+      raise Inspec::Exceptions::ResourceFailed.new("isql exited with error #{isql_cmd.stdout}") if isql_cmd.stdout.match?(/Msg\s\d+,\sLevel\s\d+,\sState\s\d+/)
+      # Clean up temporary file
+      rm_cmd = inspec.command("rm #{sql_file_path}")
+      res = rm_cmd.exit_status # TODO: handle
+      raise Inspec::Exceptions::ResourceFailed.new("Unable to delete temproary SQL input file at #{sql_file_path}: #{rm_cmd.stderr}") unless res == 0
+      DatabaseHelper::SQLQueryResult.new(isql_cmd, parse_csv_result(isql_cmd.stdout))
+    end
+    def to_s
+      "Sybase Session"
+    end
+    private
+    def parse_csv_result(stdout)
+      output = stdout.gsub(/\r/, "").strip
+      lines = output.lines
+      # Remove second row (all dashes) and last 2 rows (blank and summary lines)
+      trimmed_output = ([lines[0]] << lines.slice(2..-3)).join("")
+      header_converter = Proc.new do |header|
+        # This is here to suppress a warning from Hashie::Mash when it encounters a
+        # header column that ends up with the name "default", which happens when using the
+        # sybase_conf resource. It does mean that aly query whose output field includes the name
+        # Default (exactly) will get renamed to default_value, but that seems unlikely.
+        if header.match?(/^Default\s+$/)
+          "default_value"
+        else
+          header.downcase.strip
+        end
+      end
+      field_converter = ->(field) { field&.strip }
+      CSV.parse(trimmed_output, headers: true, header_converters: header_converter, converters: field_converter, col_sep: col_sep).map { |row| Hashie::Mash.new(row.to_h) }
+    end
+    def upload_sql_file(sql)
+      remote_temp_dir = "/tmp"
+      remote_file_path = nil
+      local_temp_file = Tempfile.new(["sybase", ".sql"])
+      begin
+        local_temp_file.write("#{sql}\n")
+        local_temp_file.write("go\n")
+        local_temp_file.flush
+        filename = File.basename(local_temp_file.path)
+        remote_file_path = "#{remote_temp_dir}/#{filename}"
+        inspec.backend.upload([local_temp_file.path], remote_temp_dir)
+      ensure
+        local_temp_file.close
+        local_temp_file.unlink
+      end
+      remote_file_path
+    end
+  end
+end

data/lib/inspec/resources/users.rb CHANGED Viewed

@@ -204,7 +204,9 @@ module Inspec::Resources
     alias group groupname
     def groups
-      identity[:groups] unless identity.nil?
+      unless identity.nil?
+        inspec.os.windows? ? UserGroups.new(identity[:groups]) : identity[:groups]
+      end
     end
     def home
@@ -314,6 +316,18 @@ module Inspec::Resources
     end
   end
+  # Class defined to compare for groups without case-sensitivity
+  class UserGroups < Array
+    def initialize(user_groups)
+      @user_groups = user_groups
+      super
+    end
+    def include?(group)
+      !(@user_groups.select { |user_group| user_group.casecmp?(group) }.empty?)
+    end
+  end
   # This is an abstract class that every user provoider has to implement.
   # A user provider implements a system abstracts and helps the InSpec resource
   # hand-over system specific behavior to those providers
@@ -622,7 +636,7 @@ module Inspec::Resources
       name, _domain = parse_windows_account(username)
       return if collect_user_details.nil?
-      res = collect_user_details.select { |user| user[:username] == name }
+      res = collect_user_details.select { |user| user[:username].casecmp? name }
       res[0] unless res.empty?
     end

data/lib/inspec/resources/windows_firewall.rb CHANGED Viewed

@@ -77,7 +77,7 @@ module Inspec::Resources
     def load_firewall_profile(profile_name)
       <<-EOH
-        Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M
+        Get-TypeData -TypeName System.Array | Remove-TypeData # workaround for PS bug here: https://bit.ly/2SRMQ8M
         $profile = Get-NetFirewallProfile -Name "#{profile_name}"
         $count = @($profile | Get-NetFirewallRule).Count
         ([PSCustomObject]@{

data/lib/inspec/resources.rb CHANGED Viewed

@@ -37,6 +37,9 @@ require "inspec/resources/chocolatey_package"
 require "inspec/resources/command"
 require "inspec/resources/cran"
 require "inspec/resources/cpan"
+require "inspec/resources/cassandradb_session"
+require "inspec/resources/cassandradb_conf"
+require "inspec/resources/cassandra"
 require "inspec/resources/crontab"
 require "inspec/resources/dh_params"
 require "inspec/resources/directory"
@@ -58,6 +61,8 @@ require "inspec/resources/groups"
 require "inspec/resources/grub_conf"
 require "inspec/resources/host"
 require "inspec/resources/http"
+require "inspec/resources/ibmdb2_conf"
+require "inspec/resources/ibmdb2_session"
 require "inspec/resources/iis_app"
 require "inspec/resources/iis_app_pool"
 require "inspec/resources/iis_site"
@@ -76,6 +81,7 @@ require "inspec/resources/mongodb_conf"
 require "inspec/resources/mongodb_session"
 require "inspec/resources/mount"
 require "inspec/resources/mssql_session"
+require "inspec/resources/mssql_sys_conf"
 require "inspec/resources/mysql"
 require "inspec/resources/mysql_conf"
 require "inspec/resources/mysql_session"
@@ -84,6 +90,9 @@ require "inspec/resources/nginx_conf"
 require "inspec/resources/npm"
 require "inspec/resources/ntp_conf"
 require "inspec/resources/oneget"
+require "inspec/resources/oracle"
+require "inspec/resources/oracledb_conf"
+require "inspec/resources/oracledb_listener_conf"
 require "inspec/resources/opa_cli"
 require "inspec/resources/opa_api"
 require "inspec/resources/oracledb_session"

data/lib/inspec/run_data/profile.rb CHANGED Viewed

@@ -49,7 +49,6 @@ module Inspec
     end
     class Profile
-      # Good candidate for keyword_init, but that is not in 2.4
       Dependency = Struct.new(
         :name, :path, :status, :status_message, :git, :url, :compliance, :supermarket, :branch, :tag, :commit, :version, :relative_path
       ) do
@@ -71,7 +70,6 @@ module Inspec
         end
       end
-      # Good candidate for keyword_init, but that is not in 2.4
       Group = Struct.new(
         :title, :controls, :id
       ) do

data/lib/inspec/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "4.41.20".freeze
+  VERSION = "4.52.9".freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 4.41.20
+  version: 4.52.9
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-09-01 00:00:00.000000000 Z
+date: 2021-12-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -505,7 +505,11 @@ files:
 - lib/inspec/resources/bond.rb
 - lib/inspec/resources/bridge.rb
 - lib/inspec/resources/bsd_service.rb
+- lib/inspec/resources/cassandra.rb
+- lib/inspec/resources/cassandradb_conf.rb
+- lib/inspec/resources/cassandradb_session.rb
 - lib/inspec/resources/chocolatey_package.rb
+- lib/inspec/resources/chrony_conf.rb
 - lib/inspec/resources/command.rb
 - lib/inspec/resources/cpan.rb
 - lib/inspec/resources/cran.rb
@@ -535,6 +539,8 @@ files:
 - lib/inspec/resources/grub_conf.rb
 - lib/inspec/resources/host.rb
 - lib/inspec/resources/http.rb
+- lib/inspec/resources/ibmdb2_conf.rb
+- lib/inspec/resources/ibmdb2_session.rb
 - lib/inspec/resources/iis_app.rb
 - lib/inspec/resources/iis_app_pool.rb
 - lib/inspec/resources/iis_site.rb
@@ -559,6 +565,7 @@ files:
 - lib/inspec/resources/mongodb_session.rb
 - lib/inspec/resources/mount.rb
 - lib/inspec/resources/mssql_session.rb
+- lib/inspec/resources/mssql_sys_conf.rb
 - lib/inspec/resources/mysql.rb
 - lib/inspec/resources/mysql_conf.rb
 - lib/inspec/resources/mysql_session.rb
@@ -571,6 +578,9 @@ files:
 - lib/inspec/resources/opa.rb
 - lib/inspec/resources/opa_api.rb
 - lib/inspec/resources/opa_cli.rb
+- lib/inspec/resources/oracle.rb
+- lib/inspec/resources/oracledb_conf.rb
+- lib/inspec/resources/oracledb_listener_conf.rb
 - lib/inspec/resources/oracledb_session.rb
 - lib/inspec/resources/os.rb
 - lib/inspec/resources/os_env.rb
@@ -604,6 +614,8 @@ files:
 - lib/inspec/resources/ssh_config.rb
 - lib/inspec/resources/sshd_config.rb
 - lib/inspec/resources/ssl.rb
+- lib/inspec/resources/sybase_conf.rb
+- lib/inspec/resources/sybase_session.rb
 - lib/inspec/resources/sys_info.rb
 - lib/inspec/resources/systemd_service.rb
 - lib/inspec/resources/sysv_service.rb