inspec-core 4.56.58 → 5.7.9

data/lib/inspec/fetcher/git.rb

@@ -41,7 +41,6 @@ module Inspec::Fetcher
       @ref = opts[:ref]
       @remote_url = expand_local_path(remote_url)
       @repo_directory = nil
-      @resolved_ref = nil
       @relative_path = opts[:relative_path] if opts[:relative_path] && !opts[:relative_path].empty?
     end
 
@@ -71,7 +70,7 @@ module Inspec::Fetcher
           if @relative_path
             perform_relative_path_fetch(destination_path, working_dir)
           else
-            Inspec::Log.debug("Checkout of #{resolved_ref.nil? ? @remote_url : resolved_ref} successful. " \
+            Inspec::Log.debug("Checkout of #{resolved_ref} successful. " \
                               "Moving checkout to #{destination_path}")
             FileUtils.cp_r(working_dir + "/.", destination_path)
           end
@@ -81,14 +80,14 @@ module Inspec::Fetcher
     end
 
     def perform_relative_path_fetch(destination_path, working_dir)
-      Inspec::Log.debug("Checkout of #{resolved_ref.nil? ? @remote_url : resolved_ref} successful. " \
+      Inspec::Log.debug("Checkout of #{resolved_ref} successful. " \
                         "Moving #{@relative_path} to #{destination_path}")
       unless File.exist?("#{working_dir}/#{@relative_path}")
         # Cleanup the destination path - otherwise we'll have an empty dir
         # in the cache, which is enough to confuse the cache reader
         # This is a courtesy, assuming we're writing to the cache; if we're
         # vendoring to something more complex, don't bother.
-        FileUtils.rm_r(destination_path) if Dir.exist?(destination_path)
+        FileUtils.rmdir(destination_path) if Dir.empty?(destination_path)
 
         raise Inspec::FetcherFailure, "Cannot find relative path '#{@relative_path}' " \
                                       "within profile in git repo specified by '#{@remote_url}'"
@@ -97,16 +96,9 @@ module Inspec::Fetcher
     end
 
     def cache_key
-      cache_key = if @relative_path && !resolved_ref.nil?
-                    OpenSSL::Digest.hexdigest("SHA256", resolved_ref + @relative_path)
-                  elsif @relative_path && resolved_ref.nil?
-                    OpenSSL::Digest.hexdigest("SHA256", @remote_url + @relative_path)
-                  elsif resolved_ref.nil?
-                    OpenSSL::Digest.hexdigest("SHA256", @remote_url)
-                  else
-                    resolved_ref
-                  end
-      cache_key
+      return resolved_ref unless @relative_path
+
+      OpenSSL::Digest.hexdigest("SHA256", resolved_ref + @relative_path)
     end
 
     def archive_path
@@ -114,11 +106,7 @@ module Inspec::Fetcher
     end
 
     def resolved_source
-      if resolved_ref.nil?
-        source = { git: @remote_url }
-      else
-        source = { git: @remote_url, ref: resolved_ref }
-      end
+      source = { git: @remote_url, ref: resolved_ref }
       source[:relative_path] = @relative_path if @relative_path
       source
     end
@@ -137,27 +125,33 @@ module Inspec::Fetcher
                         elsif @tag
                           resolve_ref(@tag)
                         else
-                          resolve_ref
+                          resolve_ref(default_ref)
                         end
     end
 
-    def resolve_ref(ref_name = nil)
-      command_string = if ref_name.nil?
-                         # Running git ls-remote command helps to raise error if git URL is invalid and avoids cache_key creation
-                         "git ls-remote \"#{@remote_url}\""
-                       else
-                         "git ls-remote \"#{@remote_url}\" \"#{ref_name}*\""
-                       end
+    def default_ref
+      command_string = "git remote show #{@remote_url}"
       cmd = shellout(command_string)
-      raise(Inspec::FetcherFailure, "Profile git dependency failed for #{@remote_url} - error running '#{command_string}': #{cmd.stderr}") unless cmd.exitstatus == 0
-
-      if ref_name.nil?
-        ref = nil
+      unless cmd.exitstatus == 0
+        raise(Inspec::FetcherFailure, "Profile git dependency failed with default reference - #{@remote_url} - error running '#{command_string}': #{cmd.stderr}")
       else
-        ref = parse_ls_remote(cmd.stdout, ref_name)
+        ref = cmd.stdout.lines.detect { |l| l.include? "HEAD branch:" }&.split(":")&.last&.strip
         unless ref
-          raise Inspec::FetcherFailure, "Profile git dependency failed - unable to resolve #{ref_name} to a specific git commit for #{@remote_url}"
+          raise(Inspec::FetcherFailure, "Profile git dependency failed with default reference - #{@remote_url} - error running '#{command_string}': NULL reference")
         end
+
+        ref
+      end
+    end
+
+    def resolve_ref(ref_name)
+      command_string = "git ls-remote \"#{@remote_url}\" \"#{ref_name}*\""
+      cmd = shellout(command_string)
+      raise(Inspec::FetcherFailure, "Profile git dependency failed for #{@remote_url} - error running '#{command_string}': #{cmd.stderr}") unless cmd.exitstatus == 0
+
+      ref = parse_ls_remote(cmd.stdout, ref_name)
+      unless ref
+        raise Inspec::FetcherFailure, "Profile git dependency failed - unable to resolve #{ref_name} to a specific git commit for #{@remote_url}"
       end
 
       ref
@@ -206,14 +200,7 @@ module Inspec::Fetcher
 
     def checkout(dir = @repo_directory)
       clone(dir)
-      # In case of branch, tag or git reference is not provided by User the resolved_ref will always be nil
-      # and will always checkout the default HEAD branch, else it will checkout specific branch, tag or git reference.
-      if resolved_ref.nil?
-        git_cmd("checkout", dir)
-      else
-        git_cmd("checkout #{resolved_ref}", dir)
-      end
-
+      git_cmd("checkout #{resolved_ref}", dir)
       @repo_directory
     end
 
@@ -221,8 +208,6 @@ module Inspec::Fetcher
       cmd = shellout("git #{cmd}", cwd: dir)
       cmd.error!
       cmd.status
-    rescue Mixlib::ShellOut::ShellCommandFailed => e
-      raise Inspec::FetcherFailure, "Error while running git command. #{e.message} "
     rescue Errno::ENOENT
       raise Inspec::FetcherFailure, "Profile git dependency failed for #{@remote_url} - to use git sources, you must have git installed."
     end

data/lib/inspec/fetcher/url.rb

@@ -262,7 +262,7 @@ module Inspec::Fetcher
 
       open(target, opts)
 
-    rescue SocketError, Net::OpenTimeout, Errno::ECONNREFUSED, OpenURI::HTTPError => e
+    rescue SocketError, Errno::ECONNREFUSED, OpenURI::HTTPError => e
       raise Inspec::FetcherFailure, "Profile URL dependency #{target} could not be fetched: #{e.message}"
     end
 

data/lib/inspec/formatters/base.rb

@@ -15,6 +15,8 @@ module Inspec::Formatters
       @profiles = []
       @profiles_info = nil
       @backend = nil
+      @all_controls_count = nil
+      @control_checks_count_map = {}
     end
 
     # RSpec Override: #dump_summary
@@ -81,6 +83,26 @@ module Inspec::Formatters
       @profiles.push(profile)
     end
 
+    # These control count related methods are called via runner rspec library of inspec
+    # And these are used within streaming plugins to determine end of control
+    ######### Start of control count related methods
+    def set_controls_count(controls_count)
+      @all_controls_count = controls_count
+    end
+
+    def set_control_checks_count_map(mapping)
+      @control_checks_count_map = mapping
+    end
+
+    def get_controls_count
+      @all_controls_count
+    end
+
+    def get_control_checks_count_map
+      @control_checks_count_map
+    end
+    ######### end of control count related methods
+
     # Return all the collected output to the caller
     def results
       run_data

data/lib/inspec/metadata.rb

@@ -41,6 +41,7 @@ module Inspec
       description
       version
       inspec_version
+      entitlement_id
     }.each do |name|
       define_method name.to_sym do |arg|
         params[name.to_sym] = arg
@@ -51,6 +52,10 @@ module Inspec
       params[:depends] || []
     end
 
+    def gem_dependencies
+      params[:gem_dependencies] || []
+    end
+
     def supports(sth, version = nil)
       # Ignore supports with metadata.rb. This file is legacy and the way it
       # it handles `supports` deprecated. A deprecation warning will be printed
@@ -94,6 +99,10 @@ module Inspec
         errors.push("Version needs to be in SemVer format")
       end
 
+      if params[:entitlement_id] && params[:entitlement_id].strip.empty?
+        errors.push("Entitlement ID should not be blank.")
+      end
+
       unless supports_runtime?
         warnings.push("The current inspec version #{Inspec::VERSION} cannot satisfy profile inspec_version constraint #{params[:inspec_version]}")
       end
@@ -109,6 +118,33 @@ module Inspec
         warnings.push("License '#{params[:license]}' needs to be in SPDX format or marked as 'Proprietary'. See https://spdx.org/licenses/.")
       end
 
+      # If gem_dependencies is set, it must be an array of hashes with keys name and optional version
+      unless params[:gem_dependencies].nil?
+        list = params[:gem_dependencies]
+        if list.is_a?(Array) && list.all? { |e| e.is_a? Hash }
+          list.each do |entry|
+            errors.push("gem_dependencies entries must all have a 'name' field") unless entry.key?(:name)
+            if entry[:version]
+              orig = entry[:version]
+              begin
+                # Split on commas as we may have a complex dep
+                orig.split(",").map { |c| Gem::Requirement.parse(c) }
+              rescue Gem::Requirement::BadRequirementError
+                errors.push "Unparseable gem dependency '#{orig}' for #{entry[:name]}"
+              rescue Inspec::GemDependencyInstallError => e
+                errors.push e.message
+              end
+            end
+            extra = (entry.keys - %i{name version})
+            unless extra.empty?
+              warnings.push "Unknown gem_dependencies key(s) #{extra.join(",")} seen for entry '#{entry[:name]}'"
+            end
+          end
+        else
+          errors.push("gem_dependencies must be a List of Hashes")
+        end
+      end
+
       [errors, warnings]
     end
 

data/lib/inspec/plugin/v2/plugin_types/streaming_reporter.rb

@@ -1,10 +1,53 @@
 module Inspec::Plugin::V2::PluginType
-  class StreamingReporter < Inspec::Plugin::V2::PluginBase # TBD Superclass may need to change
+  class StreamingReporter < Inspec::Plugin::V2::PluginBase
     register_plugin_type(:streaming_reporter)
 
     #====================================================================#
     #                StreamingReporter plugin type API
     #====================================================================#
     # Implementation classes must implement these methods.
+
+    def initialize_streaming_reporter
+      @running_controls_list = []
+      @control_checks_count_map = {}
+      @controls_count = nil
+    end
+
+    private
+
+    # method to identify when the control started running
+    # this will be useful in executing operations on control's level start
+    def control_started?(control_id)
+      if @running_controls_list.include? control_id
+        false
+      else
+        @running_controls_list.push(control_id)
+        true
+      end
+    end
+
+    # method to identify when the control ended running
+    # this will be useful in executing operations on control's level end
+    def control_ended?(control_id)
+      set_control_checks_count_map_value
+      unless @control_checks_count_map[control_id].nil?
+        @control_checks_count_map[control_id] -= 1
+        @control_checks_count_map[control_id] == 0
+      else
+        false
+      end
+    end
+
+    # method to identify total no. of controls
+    def controls_count
+      @controls_count ||= RSpec.configuration.formatters.grep(Inspec::Formatters::Base).first.get_controls_count
+    end
+
+    # this method is used in the logic of determining end of control
+    def set_control_checks_count_map_value
+      if @control_checks_count_map.empty?
+        @control_checks_count_map = RSpec.configuration.formatters.grep(Inspec::Formatters::Base).first.get_control_checks_count_map
+      end
+    end
   end
 end

data/lib/inspec/profile.rb

@@ -13,6 +13,8 @@ require "inspec/dependencies/cache"
 require "inspec/dependencies/lockfile"
 require "inspec/dependencies/dependency_set"
 require "inspec/utils/json_profile_summary"
+require "inspec/dependency_loader"
+require "inspec/dependency_installer"
 
 module Inspec
   class Profile
@@ -103,7 +105,6 @@ module Inspec
       @check_mode = options[:check_mode] || false
       @parent_profile = options[:parent_profile]
       @legacy_profile_path = options[:profiles_path] || false
-      @check_cookstyle = options[:with_cookstyle]
       Metadata.finalize(@source_reader.metadata, @profile_id, options)
 
       # if a backend has already been created, clone it so each profile has its own unique backend object
@@ -379,6 +380,66 @@ module Inspec
       @runner_context
     end
 
+    def collect_gem_dependencies(profile_context)
+      gem_dependencies = []
+      all_profiles = []
+      profile_context.dependencies.list.values.each do |requirement|
+        all_profiles << requirement.profile
+      end
+      all_profiles << self
+      all_profiles.each do |profile|
+        gem_dependencies << profile.metadata.gem_dependencies unless profile.metadata.gem_dependencies.empty?
+      end
+      gem_dependencies.flatten.uniq
+    end
+
+    # Loads the required gems specified in the Profile's metadata file from default inspec gems path i.e. ~/.inspec/gems
+    # else installs and loads them.
+    def load_gem_dependencies
+      gem_dependencies = collect_gem_dependencies(load_libraries)
+      gem_dependencies.each do |gem_data|
+        dependency_loader = DependencyLoader.new
+        if dependency_loader.gem_version_installed?(gem_data[:name], gem_data[:version]) ||
+            dependency_loader.gem_installed?(gem_data[:name])
+          load_gem_dependency(gem_data)
+        else
+          if Inspec::Config.cached[:auto_install_gems]
+            install_gem_dependency(gem_data)
+            load_gem_dependency(gem_data)
+          else
+            ui = Inspec::UI.new
+            gem_dependencies.each { |gem_dependency| ui.list_item("#{gem_dependency[:name]} #{gem_dependency[:version]}") }
+            choice = ui.prompt.select("Would you like to install profile gem dependencies listed above?", %w{Yes No})
+            if choice == "Yes"
+              Inspec::Config.cached[:auto_install_gems] = true
+              load_gem_dependencies
+            else
+              ui.error "Unable to resolve above listed profile gem dependencies."
+              Inspec::UI.new.exit(:gem_dependency_load_error)
+            end
+          end
+        end
+      end
+    end
+
+    # Requires gem_data as argument.
+    # gem_dta example: { name: "gem_name", version: "0.0.1"}
+    def load_gem_dependency(gem_data)
+      dependency_loader = DependencyLoader.new(nil, [gem_data])
+      dependency_loader.load
+    rescue Inspec::GemDependencyLoadError => e
+      raise e.message
+    end
+
+    # Requires gem_data as argument.
+    # gem_dta example: { name: "gem_name", version: "0.0.1"}
+    def install_gem_dependency(gem_data)
+      gem_dependency = DependencyInstaller.new(nil, [gem_data])
+      gem_dependency.install
+    rescue Inspec::GemDependencyInstallError => e
+      raise e.message
+    end
+
     def to_s
       "Inspec::Profile<#{name}>"
     end
@@ -594,13 +655,12 @@ module Inspec
       end
 
       # Running cookstyle to check for code offenses
-      if @check_cookstyle
-        cookstyle_linting_check.each do |lint_output|
-          data = lint_output.split(":")
-          msg = "#{data[-2]}:#{data[-1]}"
-          offense.call(data[0], data[1], data[2], nil, msg)
-        end
+      cookstyle_linting_check.each do |lint_output|
+        data = lint_output.split(":")
+        msg = "#{data[-2]}:#{data[-1]}"
+        offense.call(data[0], data[1], data[2], nil, msg)
       end
+
       # profile is valid if we could not find any error & offenses
       result[:summary][:valid] = result[:errors].empty? && result[:offenses].empty?
 
@@ -617,6 +677,7 @@ module Inspec
     end
 
     # generates a archive of a folder profile
+    # assumes that the profile was checked before
     def archive(opts)
       # check if file exists otherwise overwrite the archive
       dst = archive_name(opts)
@@ -633,34 +694,31 @@ module Inspec
       # TODO ignore all .files, but add the files to debug output
 
       # Generate temporary inspec.json for archive
-      if opts[:export]
-        Inspec::Utils::JsonProfileSummary.produce_json(
-          info: info, # TODO: conditionalize and call info_from_parse
-          write_path: "#{root_path}inspec.json",
-          suppress_output: true
-        )
-      end
+      Inspec::Utils::JsonProfileSummary.produce_json(
+        info: info,
+        write_path: "#{root_path}inspec.json",
+        suppress_output: true
+      )
 
       # display all files that will be part of the archive
       @logger.debug "Add the following files to archive:"
       files.each { |f| @logger.debug "    " + f }
-      @logger.debug "    inspec.json" if opts[:export]
+      @logger.debug "    inspec.json"
 
-      archive_files = opts[:export] ? files.push("inspec.json") : files
       if opts[:zip]
         # generate zip archive
         require "inspec/archive/zip"
         zag = Inspec::Archive::ZipArchiveGenerator.new
-        zag.archive(root_path, archive_files, dst)
+        zag.archive(root_path, files.push("inspec.json"), dst)
       else
         # generate tar archive
         require "inspec/archive/tar"
         tag = Inspec::Archive::TarArchiveGenerator.new
-        tag.archive(root_path, archive_files, dst)
+        tag.archive(root_path, files.push("inspec.json"), dst)
       end
 
       # Cleanup
-      FileUtils.rm_f("#{root_path}inspec.json") if opts[:export]
+      FileUtils.rm_f("#{root_path}inspec.json")
 
       @logger.info "Finished archive generation."
       true
@@ -758,12 +816,10 @@ module Inspec
         return Pathname.new(name)
       end
 
-      # Using metadata to fetch basic info of name and version
-      metadata = @source_reader.metadata.params
-      name = metadata[:name] ||
+      name = params[:name] ||
         raise("Cannot create an archive without a profile name! Please "\
              "specify the name in metadata or use --output to create the archive.")
-      version = metadata[:version] ||
+      version = params[:version] ||
         raise("Cannot create an archive without a profile version! Please "\
              "specify the version in metadata or use --output to create the archive.")
       ext = opts[:zip] ? "zip" : "tar.gz"
@@ -780,6 +836,7 @@ module Inspec
     end
 
     def load_checks_params(params)
+      load_gem_dependencies
       load_libraries
       tests = collect_tests
       params[:controls] = controls = {}
@@ -791,12 +848,7 @@ module Inspec
         f = load_rule_filepath(prefix, rule)
         load_rule(rule, f, controls, groups)
       end
-      if @profile_id.nil?
-        # identifying inputs using profile name
-        params[:inputs] = Inspec::InputRegistry.list_inputs_for_profile(params[:name])
-      else
-        params[:inputs] = Inspec::InputRegistry.list_inputs_for_profile(@profile_id)
-      end
+      params[:inputs] = Inspec::InputRegistry.list_inputs_for_profile(@profile_id)
       params
     end
 

data/lib/inspec/reporters/automate.rb

@@ -21,7 +21,7 @@ module Inspec::Reporters
       final_report[:type] = "inspec_report"
 
       final_report[:end_time] = Time.now.utc.strftime("%FT%TZ")
-      final_report[:node_uuid] = report[:platform][:target_id] || @config["node_uuid"] || @config["target_id"]
+      final_report[:node_uuid] = @config["node_uuid"] || report[:platform][:target_id]
       raise Inspec::ReporterError, "Cannot find a UUID for your node. Please specify one via json-config." if final_report[:node_uuid].nil?
 
       final_report[:report_uuid] = @config["report_uuid"] || uuid_from_string(final_report[:end_time] + final_report[:node_uuid])

data/lib/inspec/reporters/cli.rb

@@ -76,7 +76,7 @@ module Inspec::Reporters
       }
       header["Failure Message"] = profile[:status_message] if profile[:status] == "failed"
       header["Target"] = run_data[:platform][:target] unless run_data[:platform][:target].nil?
-      header["Target ID"] = @config["target_id"] unless @config["target_id"].nil?
+      header["Target ID"] = run_data[:platform][:target_id] || ""
 
       pad = header.keys.max_by(&:length).length + 1
       header.each do |title, value|

data/lib/inspec/reporters/json.rb

@@ -29,28 +29,48 @@ module Inspec::Reporters
       {
         name:      run_data[:platform][:name],
         release:   run_data[:platform][:release],
-        target_id: run_data[:platform][:target_id] || @config["target_id"],
+        target_id: run_data[:platform][:target_id] || "",
       }.reject { |_k, v| v.nil? }
     end
 
     def profile_results(control)
       (control[:results] || []).map { |r|
         {
-          status:       r[:status],
-          code_desc:    r[:code_desc],
-          run_time:     r[:run_time],
-          start_time:   r[:start_time],
-          resource:     r[:resource],
-          skip_message: r[:skip_message],
-          message:      r[:message],
-          exception:    r[:exception],
-          backtrace:    r[:backtrace],
-          resource_class: r[:resource_class],
+          status:          r[:status],
+          code_desc:       r[:code_desc],
+          run_time:        r[:run_time],
+          start_time:      r[:start_time],
+          resource:        r[:resource],
+          skip_message:    r[:skip_message],
+          message:         r[:message],
+          exception:       r[:exception],
+          backtrace:       r[:backtrace],
+          resource_class:  r[:resource_class],
           resource_params: r[:resource_params].to_s,
+          resource_id:     extract_resource_id(r),
         }.reject { |_k, v| v.nil? }
       }
     end
 
+    def extract_resource_id(r)
+      # According to the RunData API, this is supposed to be an anonymous
+      # class that represents a resource, with embedded instance methods....
+      resource_obj = r[:resource_title]
+      return resource_obj.resource_id if resource_obj.respond_to?(:resource_id)
+
+      # But sometimes, it isn't, and has been collapsed into the to_s stringification of the resource.
+      if resource_obj.is_a?(String)
+        orig_str = resource_obj
+        # Try to trim off the resource class - eg "File /some/path" => "/some/path"
+        trimmed_str = orig_str.sub(/^#{r[:resource_class]}/i, "").strip
+        trimmed_str.empty? ? orig_str : trimmed_str
+      else
+        # Boo, InSpec is crazy, and we don't know what it possibly could be.
+        # Failsafe for resource_id is empty string.
+        ""
+      end
+    end
+
     def profiles
       run_data[:profiles].map do |p|
         res = {

data/lib/inspec/resource.rb

@@ -34,6 +34,12 @@ module Inspec
       Inspec::Resource.support_registry[key].push(criteria)
     end
 
+    def resource_id(value = nil)
+      @resource_id = value if value
+      @resource_id = ""    if @resource_id.nil?
+      @resource_id
+    end
+
     # TODO: this is pretty terrible and is only here to work around
     # the idea that we've trained resource authors to make initialize
     # methods w/o calling super.

data/lib/inspec/resources/cassandradb_session.rb

@@ -1,11 +1,10 @@
 module Inspec::Resources
   class Lines
-    attr_reader :output, :exit_status
+    attr_reader :output
 
-    def initialize(raw, desc, exit_status)
+    def initialize(raw, desc)
       @output = raw
       @desc = desc
-      @exit_status = exit_status
     end
 
     def to_s
@@ -41,7 +40,7 @@ module Inspec::Resources
       if cmd.exit_status != 0 || out =~ /Unable to connect to any servers/ || out.downcase =~ /^error:.*/
         raise Inspec::Exceptions::ResourceFailed, "Cassandra query with errors: #{out}"
       else
-        Lines.new(cmd.stdout.strip, "Cassandra query: #{q}", cmd.exit_status)
+        Lines.new(cmd.stdout.strip, "Cassandra query: #{q}")
       end
     end
 

data/lib/inspec/resources/cron.rb

@@ -0,0 +1,49 @@
+require "inspec/resources/crontab"
+
+module Inspec::Resources
+  class Cron < Crontab
+    name "cron"
+    supports platform: "unix"
+    desc "Use the cron InSpec audit resource to test entires in the crontab file for a given user. This also can be used as alias to crontab resource."
+    example <<~EXAMPLE
+      describe cron do
+         it { should have_entry '* * * * * /usr/local/bin/foo' }
+      end
+
+      describe cron(user: "username") do
+        its(:table) { should match /you can use regexp/ }
+      end
+    EXAMPLE
+
+    def initialize(opts = nil)
+      super
+      @params = read_cron_contents
+    end
+
+    def read_cron_contents
+      result = inspec.command(crontab_cmd)
+      if result.exit_status == 0
+        result.stdout.lines.map { |l| parse_comment_line(l, comment_char: "#", standalone_comments: false)[0].strip }
+      else
+        error = result.stdout + "\n" + result.stderr
+        raise Inspec::Exceptions::ResourceFailed, "Error while executing #{crontab_cmd} command: #{error}"
+      end
+    end
+
+    def table
+      @params.reject(&:empty?).join("\n")
+    end
+
+    def has_entry?(rule)
+      @params.include?(rule)
+    end
+
+    def to_s
+      if is_user_crontab?
+        "cron for user #{@user}"
+      else
+        "cron for current user"
+      end
+    end
+  end
+end

data/lib/inspec/resources/file.rb

@@ -65,7 +65,7 @@ module Inspec::Resources
     def user_permissions
       return {} unless exist?
 
-      return skip_resource "`user_permissions` is not supported on your OS yet." unless inspec.os.windows?
+      return skip_reource"`user_permissions` is not supported on your OS yet." unless inspec.os.windows?
 
       @perms_provider.user_permissions(file)
     end