inspec-core 4.49.0 → 4.50.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/inspec/cli.rb +12 -3
- data/lib/inspec/globals.rb +5 -0
- data/lib/inspec/profile.rb +2 -0
- data/lib/inspec/resources/http.rb +107 -55
- data/lib/inspec/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 506be4d9918c8af46f6b3784e8a18550cee990ad73c7c731bb1afea7197c5370
|
|
4
|
+
data.tar.gz: b48fa274325e96ac07185653b2eeb997ed5ea6fa39f570b0400706331a3b4d52
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4eb19bed92e35c49395e513e263f3afdb3f59abcf873b88f0c7dc07775a64c4e6aea3db57f069b19be73e9aa92de106db95ecb4b60fc3fc4c5b080f4fc97df6c
|
|
7
|
+
data.tar.gz: e8eac56320e4c0e36078bdcef95dde1b6ec710d7bfdba1bbd4f8301ee0f5799c5a913f96edc5c31ba78c2dcc3647e671454b30ac430729943a0dca071191aa63
|
data/lib/inspec/cli.rb
CHANGED
|
@@ -122,8 +122,13 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
|
122
122
|
end
|
|
123
123
|
puts
|
|
124
124
|
|
|
125
|
+
enable_offenses = !Inspec.locally_windows? # See 5723
|
|
125
126
|
if result[:errors].empty? && result[:warnings].empty? && result[:offenses].empty?
|
|
126
|
-
|
|
127
|
+
if enable_offenses
|
|
128
|
+
ui.plain_line("No errors, warnings, or offenses")
|
|
129
|
+
else
|
|
130
|
+
ui.plain_line("No errors or warnings")
|
|
131
|
+
end
|
|
127
132
|
else
|
|
128
133
|
item_msg = lambda { |item|
|
|
129
134
|
pos = [item[:file], item[:line], item[:column]].compact.join(":")
|
|
@@ -135,7 +140,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
|
135
140
|
|
|
136
141
|
puts
|
|
137
142
|
|
|
138
|
-
|
|
143
|
+
if enable_offenses && !result[:offenses].empty?
|
|
139
144
|
puts "Offenses:\n"
|
|
140
145
|
result[:offenses].each { |item| ui.cyan(" #{Inspec::UI::GLYPHS[:script_x]} #{item_msg.call(item)}\n\n") }
|
|
141
146
|
end
|
|
@@ -143,7 +148,11 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
|
143
148
|
offenses = ui.cyan("#{result[:offenses].length} offenses", print: false)
|
|
144
149
|
errors = ui.red("#{result[:errors].length} errors", print: false)
|
|
145
150
|
warnings = ui.yellow("#{result[:warnings].length} warnings", print: false)
|
|
146
|
-
|
|
151
|
+
if enable_offenses
|
|
152
|
+
ui.plain_line("Summary: #{errors}, #{warnings}, #{offenses}")
|
|
153
|
+
else
|
|
154
|
+
ui.plain_line("Summary: #{errors}, #{warnings}")
|
|
155
|
+
end
|
|
147
156
|
end
|
|
148
157
|
end
|
|
149
158
|
|
data/lib/inspec/globals.rb
CHANGED
data/lib/inspec/profile.rb
CHANGED
|
@@ -450,6 +450,8 @@ module Inspec
|
|
|
450
450
|
|
|
451
451
|
def cookstyle_linting_check
|
|
452
452
|
msgs = []
|
|
453
|
+
return msgs if Inspec.locally_windows? # See #5723
|
|
454
|
+
|
|
453
455
|
output = cookstyle_rake_output.split("Offenses:").last
|
|
454
456
|
msgs = output.split("\n").select { |x| x =~ /[A-Z]:/ } unless output.nil?
|
|
455
457
|
msgs
|
|
@@ -11,6 +11,7 @@ module Inspec::Resources
|
|
|
11
11
|
class Http < Inspec.resource(1)
|
|
12
12
|
name "http"
|
|
13
13
|
supports platform: "unix"
|
|
14
|
+
supports platform: "windows"
|
|
14
15
|
desc "Use the http InSpec audit resource to test http call."
|
|
15
16
|
example <<~EXAMPLE
|
|
16
17
|
describe http('http://localhost:8080/ping', auth: {user: 'user', pass: 'test'}, params: {format: 'html'}) do
|
|
@@ -104,6 +105,7 @@ module Inspec::Resources
|
|
|
104
105
|
opts[:data]
|
|
105
106
|
end
|
|
106
107
|
|
|
108
|
+
# not supported on Windows
|
|
107
109
|
def open_timeout
|
|
108
110
|
opts.fetch(:open_timeout, 60)
|
|
109
111
|
end
|
|
@@ -117,7 +119,7 @@ module Inspec::Resources
|
|
|
117
119
|
end
|
|
118
120
|
|
|
119
121
|
def max_redirects
|
|
120
|
-
opts.fetch(:max_redirects,
|
|
122
|
+
opts.fetch(:max_redirects, nil)
|
|
121
123
|
end
|
|
122
124
|
end
|
|
123
125
|
|
|
@@ -141,7 +143,7 @@ module Inspec::Resources
|
|
|
141
143
|
|
|
142
144
|
conn = Faraday.new(url: url, headers: request_headers, params: params, ssl: { verify: ssl_verify? }) do |builder|
|
|
143
145
|
builder.request :url_encoded
|
|
144
|
-
builder.use FaradayMiddleware::FollowRedirects, limit: max_redirects
|
|
146
|
+
builder.use FaradayMiddleware::FollowRedirects, limit: max_redirects unless max_redirects.nil?
|
|
145
147
|
builder.adapter Faraday.default_adapter
|
|
146
148
|
end
|
|
147
149
|
|
|
@@ -162,98 +164,148 @@ module Inspec::Resources
|
|
|
162
164
|
attr_reader :inspec
|
|
163
165
|
|
|
164
166
|
def initialize(inspec, http_method, url, opts)
|
|
165
|
-
|
|
167
|
+
http_cmd = inspec.os.windows? ? "Invoke-WebRequest" : "curl"
|
|
168
|
+
unless inspec.command(http_cmd).exist?
|
|
166
169
|
raise Inspec::Exceptions::ResourceSkipped,
|
|
167
|
-
"
|
|
170
|
+
"#{http_cmd} is not available on the target machine"
|
|
168
171
|
end
|
|
169
|
-
|
|
170
|
-
@ran_curl = false
|
|
172
|
+
@ran_http = false
|
|
171
173
|
@inspec = inspec
|
|
172
174
|
super(http_method, url, opts)
|
|
173
175
|
end
|
|
174
176
|
|
|
175
177
|
def status
|
|
176
|
-
|
|
178
|
+
run_http
|
|
177
179
|
@status
|
|
178
180
|
end
|
|
179
181
|
|
|
180
182
|
def body
|
|
181
|
-
|
|
183
|
+
run_http
|
|
182
184
|
@body&.strip
|
|
183
185
|
end
|
|
184
186
|
|
|
185
187
|
def response_headers
|
|
186
|
-
|
|
188
|
+
run_http
|
|
187
189
|
@response_headers
|
|
188
190
|
end
|
|
189
191
|
|
|
190
192
|
private
|
|
191
193
|
|
|
192
|
-
def
|
|
193
|
-
return if @
|
|
194
|
+
def run_http
|
|
195
|
+
return if @ran_http
|
|
194
196
|
|
|
195
|
-
cmd_result = inspec.command(
|
|
197
|
+
cmd_result = inspec.command(http_command)
|
|
196
198
|
response = cmd_result.stdout
|
|
197
|
-
@
|
|
199
|
+
@ran_http = true
|
|
198
200
|
return if response.nil? || cmd_result.exit_status != 0
|
|
199
201
|
|
|
200
|
-
|
|
201
|
-
|
|
202
|
+
if inspec.os.windows?
|
|
203
|
+
response = JSON.parse(response)
|
|
202
204
|
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
loop do
|
|
206
|
-
break unless remainder =~ %r{^HTTP/}
|
|
205
|
+
@status = response["StatusCode"]
|
|
206
|
+
@body = response["Content"]
|
|
207
207
|
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
208
|
+
@response_headers = {}
|
|
209
|
+
response["Headers"].each do |name, value|
|
|
210
|
+
@response_headers["#{name}"] = value
|
|
211
|
+
end
|
|
212
|
+
else
|
|
213
|
+
# strip any carriage returns to normalize output
|
|
214
|
+
response.delete!("\r")
|
|
215
|
+
|
|
216
|
+
# split the prelude (status line and headers) and the body
|
|
217
|
+
prelude, remainder = response.split("\n\n", 2)
|
|
218
|
+
loop do
|
|
219
|
+
break unless remainder =~ %r{^HTTP/}
|
|
220
|
+
|
|
221
|
+
prelude, remainder = remainder.split("\n\n", 2)
|
|
222
|
+
end
|
|
223
|
+
@body = remainder
|
|
224
|
+
prelude = prelude.lines
|
|
225
|
+
|
|
226
|
+
# grab the status off of the first line of the prelude
|
|
227
|
+
status_line = prelude.shift
|
|
228
|
+
@status = status_line.split(" ", 3)[1].to_i
|
|
229
|
+
|
|
230
|
+
# parse the rest of the prelude which will be all the HTTP headers
|
|
231
|
+
@response_headers = {}
|
|
232
|
+
prelude.each do |line|
|
|
233
|
+
line.strip!
|
|
234
|
+
key, value = line.split(":", 2)
|
|
235
|
+
@response_headers[key] = value.strip
|
|
236
|
+
end
|
|
223
237
|
end
|
|
224
238
|
end
|
|
225
239
|
|
|
226
|
-
def
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
# Use curl's --head option when the method requested is HEAD. Otherwise,
|
|
230
|
-
# the user may experience a timeout when curl does not properly close
|
|
231
|
-
# the connection after the response is received.
|
|
232
|
-
if http_method.casecmp("HEAD") == 0
|
|
233
|
-
cmd << "--head"
|
|
240
|
+
def http_command # rubocop:disable Metrics/AbcSize
|
|
241
|
+
if inspec.os.windows?
|
|
242
|
+
load_powershell_command
|
|
234
243
|
else
|
|
235
|
-
cmd
|
|
244
|
+
cmd = ["curl -i"]
|
|
245
|
+
|
|
246
|
+
# Use curl's --head option when the method requested is HEAD. Otherwise,
|
|
247
|
+
# the user may experience a timeout when curl does not properly close
|
|
248
|
+
# the connection after the response is received.
|
|
249
|
+
if http_method.casecmp("HEAD") == 0
|
|
250
|
+
cmd << "--head"
|
|
251
|
+
else
|
|
252
|
+
cmd << "-X #{http_method}"
|
|
253
|
+
end
|
|
254
|
+
|
|
255
|
+
cmd << "--connect-timeout #{open_timeout}"
|
|
256
|
+
cmd << "--max-time #{open_timeout + read_timeout}"
|
|
257
|
+
cmd << "--user \'#{username}:#{password}\'" unless username.nil? || password.nil?
|
|
258
|
+
cmd << "--insecure" unless ssl_verify?
|
|
259
|
+
cmd << "--data #{Shellwords.shellescape(request_body)}" unless request_body.nil?
|
|
260
|
+
cmd << "--location" unless max_redirects.nil?
|
|
261
|
+
cmd << "--max-redirs #{max_redirects}" unless max_redirects.nil?
|
|
262
|
+
|
|
263
|
+
request_headers.each do |k, v|
|
|
264
|
+
cmd << "-H '#{k}: #{v}'"
|
|
265
|
+
end
|
|
266
|
+
|
|
267
|
+
if params.nil?
|
|
268
|
+
cmd << "'#{url}'"
|
|
269
|
+
else
|
|
270
|
+
cmd << "'#{url}?#{params.map { |e| e.join("=") }.join("&")}'"
|
|
271
|
+
end
|
|
272
|
+
|
|
273
|
+
cmd.join(" ")
|
|
236
274
|
end
|
|
275
|
+
end
|
|
237
276
|
|
|
238
|
-
|
|
239
|
-
cmd
|
|
240
|
-
cmd << "
|
|
241
|
-
|
|
242
|
-
cmd << "
|
|
243
|
-
|
|
244
|
-
cmd << "
|
|
245
|
-
|
|
277
|
+
def load_powershell_command
|
|
278
|
+
cmd = ["Invoke-WebRequest"]
|
|
279
|
+
cmd << "-Method #{http_method}"
|
|
280
|
+
# Missing connect-timeout
|
|
281
|
+
cmd << "-TimeoutSec #{open_timeout + read_timeout}"
|
|
282
|
+
# Insecure not supported simply https://stackoverflow.com/questions/11696944/powershell-v3-invoke-webrequest-https-error
|
|
283
|
+
cmd << "-MaximumRedirection #{max_redirects}" unless max_redirects.nil?
|
|
284
|
+
request_headers["Authorization"] = """ '\"Basic ' + [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(\"#{username}:#{password}\")) +'\"' """ unless username.nil? || password.nil?
|
|
285
|
+
request_header_string = nil
|
|
246
286
|
request_headers.each do |k, v|
|
|
247
|
-
|
|
287
|
+
request_header_string << " #{k} = #{v}"
|
|
248
288
|
end
|
|
249
|
-
|
|
289
|
+
cmd << "-Headers @{#{request_header_string.join(";")}}" unless request_header_string.nil?
|
|
250
290
|
if params.nil?
|
|
251
291
|
cmd << "'#{url}'"
|
|
252
292
|
else
|
|
253
293
|
cmd << "'#{url}?#{params.map { |e| e.join("=") }.join("&")}'"
|
|
254
294
|
end
|
|
255
|
-
|
|
256
|
-
|
|
295
|
+
command = cmd.join(" ")
|
|
296
|
+
body = "\'#{request_body}\'"
|
|
297
|
+
script = <<-EOH
|
|
298
|
+
$body = #{body.strip unless request_body.nil?}
|
|
299
|
+
$Body = $body | ConvertFrom-Json
|
|
300
|
+
#convert to hashtable
|
|
301
|
+
$HashTable = @{}
|
|
302
|
+
foreach ($property in $Body.PSObject.Properties) {
|
|
303
|
+
$HashTable[$property.Name] = $property.Value
|
|
304
|
+
}
|
|
305
|
+
$response = #{command} -Body $HashTable
|
|
306
|
+
$response | Select-Object -Property * | ConvertTo-json # We use `Select-Object -Property * ` to get around an odd PowerShell error
|
|
307
|
+
EOH
|
|
308
|
+
script.strip
|
|
257
309
|
end
|
|
258
310
|
end
|
|
259
311
|
end
|
data/lib/inspec/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.50.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chef InSpec Team
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-11-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: chef-telemetry
|