inspec-core 5.10.5 → 5.17.4

data/lib/inspec/resources/routing_table.rb

@@ -0,0 +1,137 @@
+require "inspec/resources/command"
+
+module Inspec::Resources
+  class Routingtable < Inspec.resource(1)
+    # resource internal name.
+    name "routing_table"
+
+    # Restrict to only run on the below platforms (if none were given,
+    # all OS's and cloud API's supported)
+    supports platform: "unix"
+    supports platform: "windows"
+
+    desc "Use the `routing_table` Chef InSpec audit resource to test the routing information parameters(destination, gateway and interface) present in the routing table."
+
+    example <<~EXAMPLE
+      describe routing_table do
+        it do
+          should have_entry(
+            :destination => '192.168.43.1/32',
+            :interface   => 'lxdbr0',
+            :gateway     => '172.31.80.1',
+          )
+        end
+      end
+
+      describe routing_table do
+        it { should have_entry(destination: '0.0.0.0', interface: 'eth0', gateway: '172.31.80.1') }
+      end
+    EXAMPLE
+
+    def initialize
+      skip_resource "The `routing_table` resource is not yet available on your OS." unless inspec.os.unix? || inspec.os.windows?
+      # fetch the routing information and store it in @routing_info (could be hash, tbd)
+      @routing_info = {}
+      fetch_routing_information
+    end
+
+    # resource appearance in test reports.
+    def to_s
+      "routing_table"
+    end
+
+    def has_entry?(input_route)
+      # check if the destination, gateway, interface exists as part of the routing_info
+      if input_route.key?(:destination) && input_route.key?(:gateway) && input_route.key?(:interface)
+        # check if there is key with destination's value in hash;
+        # if yes, check if destination and gateway is present else return false
+        @routing_info.key?(input_route[:destination]) ? @routing_info[input_route[:destination]].include?([input_route[:gateway], input_route[:interface]]) : false
+      else
+        raise Inspec::Exceptions::ResourceSkipped, "One or more missing key, have_entry? matcher expects a hash with 3 keys: destination, gateway and interface"
+      end
+    end
+
+    private
+
+    # fetches the routing information for the system
+    def fetch_routing_information
+      # check if netstat is available on the system
+      utility = find_netstat_or_error
+
+      # the command to fetch the routing information
+      fetch_route_cmd = "#{utility} -rn"
+
+      # execute the above netstat command
+      cmd = inspec.command(fetch_route_cmd)
+
+      # raise error if the exit status is not zero;
+      raise Inspec::Exceptions::ResourceFailed, "Executing netstat failed: #{cmd.stderr}" if cmd.exit_status.to_i != 0
+
+      # Todo:
+      # Improve logic to fetch destination, gateway & interface efficiently.
+      # The below logic assumes the following:
+      # 1. destination, gateway & interface header is present as Destination, Gateway & (Iface or Netif or Interface) respectively.
+      #    (Netif on BSD, Darwin,Iface on linux & Interface on Windows)
+      # 2. there is no blank data for any columns or the blank data are present after the interface column.
+
+      # cmd.stdout is the standard out of netstat -rn; split on new line to get the rows
+      raw_route_info = cmd.stdout.split("\n")
+
+      # since raw_route_info contains some row before the header (i.e. Destination Gateway ...); remove those rows
+      raw_route_info.shift until raw_route_info[0] =~ /Destination/i
+
+      # split each rows based on space to get the individual columns
+      # raw_route_info is now array of arrays with the routing information
+      raw_route_info.map! { |info| info.strip.split }
+
+      # these variables will store the indices where destination, gateway and interface are present
+      destination_index, gateway_index, interface_index = -1, -1, -1
+
+      # The headers in windows are as:
+      # Network Destination        Netmask          Gateway       Interface  Metric
+      # Splitting on space makes "Network Destination" to be two separate values as "Network" & "Destination"
+      # Remove "Network" value to apply the logic of finding index
+      raw_route_info[0].shift if inspec.os.windows?
+
+      # find the indices of destination, gateway and interface;
+      # because the position of gateway & interface varies with operating system
+      raw_route_info[0].each_with_index do |header, index|
+        if header =~ /Destination/i
+          destination_index = index
+        elsif header =~ /Gateway/i
+          gateway_index = index
+        elsif header =~ /Iface|Netif|Interface/i
+          interface_index = index
+        end
+      end
+
+      # remove the initial header consisting of Destination, Gateway, Mask, ... since this is of no use
+      raw_route_info.shift
+
+      # check the indices are assigned with some index and not -1
+      if destination_index != -1 && gateway_index != -1 && interface_index != -1
+        # iterate through the route_info; and find destination, gateway and interface from each row
+        raw_route_info.each do |info|
+          # if value exists at the destination_index, gateway_index, and interface_index; store the value in @routing_info
+          if !info[destination_index].nil? && !info[gateway_index].nil? && !info[interface_index].nil?
+            # if the destination_key is already present, append the gateway & interface; else create new array and add them
+            if @routing_info.key?(info[destination_index])
+              @routing_info[info[destination_index]] << [info[gateway_index], info[interface_index]]
+            else
+              @routing_info[info[destination_index]] = [[info[gateway_index], info[interface_index]]]
+            end
+          end
+        end
+      end
+    end
+
+    # check if netstat is available on the system
+    def find_netstat_or_error
+      %w{/usr/sbin/netstat /sbin/netstat /usr/bin/netstat /bin/netstat netstat}.each do |cmd|
+        return cmd if inspec.command(cmd).exist?
+      end
+
+      raise Inspec::Exceptions::ResourceFailed, "Could not find `netstat` utility to view routing table information"
+    end
+  end
+end

data/lib/inspec/resources/service.rb

@@ -182,7 +182,9 @@ module Inspec::Resources
       when "aix"
         SrcMstr.new(inspec)
       when "amazon"
-        if os[:release] =~ /^20\d\d/
+        # If `initctl` exists on the system, use `Upstart`. Else use `Systemd` since all-new Amazon Linux supports `systemctl`.
+        # This way, it is not dependent on the version of Amazon Linux.
+        if inspec.command("initctl").exist? || inspec.command("/sbin/initctl").exist?
           Upstart.new(inspec, service_ctl)
         else
           Systemd.new(inspec, service_ctl)
@@ -271,6 +273,30 @@ module Inspec::Resources
       info[:startname]
     end
 
+    # matcher equivalent to startmode property; compares start-up mode
+    # supported only on windows.
+    def has_start_mode?(mode)
+      raise Inspec::Exceptions::ResourceSkipped, "The `has_start_mode` matcher is not supported on your OS yet." unless inspec.os.windows?
+
+      mode == startmode
+    end
+
+    # matcher to check if the service is monitored by the given monitoring tool/software
+    def monitored_by?(monitoring_tool)
+      # Currently supported monitoring tools are: monit & god
+      # To add support for new monitoring tools, extend the case statement with additional monitoring tool and
+      # add the definition and logic in a new class (inheriting the base class MonitoringTool: optional)
+      case monitoring_tool
+      when "monit"
+        current_monitoring_tool = Monit.new(inspec, @service_name)
+      when "god"
+        current_monitoring_tool = God.new(inspec, @service_name)
+      else
+        puts "The monitoring tool #{monitoring_tool} is not yet supported by InSpec."
+      end
+      current_monitoring_tool.is_service_monitored?
+    end
+
     def to_s
       "Service #{@service_name}"
     end
@@ -537,9 +563,22 @@ module Inspec::Resources
     end
 
     def info(service_name)
+      # `service -l` lists all files in /etc/rc.d and the local startup directories
+      # % service -l
+      # accounting
+      # addswap
+      # adjkerntz
+      # apm
+      # archdep
+      cmd = inspec.command("#{service_ctl} -l")
+      return nil if cmd.exit_status != 0
+
+      # search for the service
+      srv = /^#{service_name}$/.match(cmd.stdout)
+      return nil if srv.nil? || srv[0].nil?
+
       # check if service is enabled
       cmd = inspec.command("#{service_ctl} #{service_name} enabled")
-
       enabled = cmd.exit_status == 0
 
       # check if the service is running
@@ -880,4 +919,53 @@ module Inspec::Resources
       Runit.new(inspec, service_ctl)
     end
   end
+
+  # Helper class for monitored_by matcher
+  class MonitoringTool
+    attr_reader :inspec, :service_name
+    def initialize(inspec, service_name)
+      @inspec = inspec
+      @service_name ||= service_name
+    end
+
+    def find_utility_or_error(utility_name)
+      [ "/usr/sbin/#{utility_name}" , "/sbin/#{utility_name}" , "/usr/bin/#{utility_name}" , "/bin/#{utility_name}" , "#{utility_name}" ].each do |cmd|
+        return cmd if inspec.command(cmd).exist?
+      end
+
+      raise Inspec::Exceptions::ResourceFailed, "Could not find `#{utility_name}`"
+    end
+  end
+
+  class Monit < MonitoringTool
+    def is_service_monitored?
+      utility = find_utility_or_error("monit")
+      utility_cmd = inspec.command("#{utility} summary")
+
+      raise Inspec::Exceptions::ResourceFailed, "Executing #{utility} summary failed: #{utility_cmd.stderr}" if utility_cmd.exit_status.to_i != 0
+
+      monitoring_info = utility_cmd.stdout.split("\n")
+      monitoring_info.map! { |info| info.strip.squeeze(" ") }
+      is_monitored = false
+      monitoring_info.each do |info|
+        if info =~ /^#{service_name} OK.*/
+          is_monitored = true
+          break
+        end
+      end
+      is_monitored
+    end
+  end
+
+  class God < MonitoringTool
+    def is_service_monitored?
+      utility = find_utility_or_error("god")
+      utility_cmd = inspec.command("#{utility} status #{service_name}")
+
+      raise Inspec::Exceptions::ResourceFailed, "Executing #{utility} status #{service_name} failed: #{utility_cmd.stderr}" if utility_cmd.exit_status.to_i != 0
+
+      monitoring_info = utility_cmd.stdout.strip
+      monitoring_info =~ /^#{service_name}: up/
+    end
+  end
 end

data/lib/inspec/resources/user.rb

@@ -1 +1,13 @@
 require "inspec/resources/users"
+# user resource belong_to matcher for serverspec compatibility
+RSpec::Matchers.define :belong_to_primary_group do |group|
+  match do |user|
+    user.belongs_to_primary_group?(group)
+  end
+end
+
+RSpec::Matchers.define :belong_to_group do |group|
+  match do |user|
+    user.belongs_to_group?(group)
+  end
+end

data/lib/inspec/resources/users.rb

@@ -137,20 +137,17 @@ module Inspec::Resources
   #   its('badpasswordattempts') { should eq 0 }
   # end
   #
-  # The following  Serverspec  matchers are deprecated in favor for direct value access
+  # The following  Serverspec  matchers were deprecated in favor for direct value access
+  # but are made available as part of Serverspec compatibility in March, 2022.
   #
   # describe user('root') do
   #   it { should belong_to_group 'root' }
+  #   it { should belong_to_primary_group 'root' }
   #   it { should have_uid 0 }
   #   it { should have_home_directory '/root' }
   #   it { should have_login_shell '/bin/bash' }
   #   its('minimum_days_between_password_change') { should eq 0 }
   #   its('maximum_days_between_password_change') { should eq 99 }
-  # end
-  #
-  # ServerSpec tests that are not supported:
-  #
-  # describe user('root') do
   #   it { should have_authorized_key 'ssh-rsa ADg54...3434 user@example.local' }
   #   its(:encrypted_password) { should eq 1234 }
   # end
@@ -258,36 +255,56 @@ module Inspec::Resources
 
     # implement 'mindays' method to be compatible with serverspec
     def minimum_days_between_password_change
-      Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `minimum_days_between_password_change` property is deprecated. Please use `mindays`.")
       mindays
     end
 
     # implement 'maxdays' method to be compatible with serverspec
     def maximum_days_between_password_change
-      Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `maximum_days_between_password_change` property is deprecated. Please use `maxdays`.")
       maxdays
     end
 
     # implements rspec has matcher, to be compatible with serverspec
     # @see: https://github.com/rspec/rspec-expectations/blob/master/lib/rspec/matchers/built_in/has.rb
+    # has_uid matcher: compatibility with serverspec
     def has_uid?(compare_uid)
-      Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `has_uid?` matcher is deprecated.")
       uid == compare_uid
     end
 
+    # has_home_directory matcher: compatibility with serverspec
     def has_home_directory?(compare_home)
-      Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `has_home_directory?` matcher is deprecated. Please use `its('home')`.")
       home == compare_home
     end
 
+    # has_login_shell matcher: compatibility with serverspec
     def has_login_shell?(compare_shell)
-      Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `has_login_shell?` matcher is deprecated. Please use `its('shell')`.")
       shell == compare_shell
     end
 
-    def has_authorized_key?(_compare_key)
-      Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `has_authorized_key?` matcher is deprecated. There is no currently implemented alternative")
-      raise NotImplementedError
+    # has_authorized_key matcher: compatibility with serverspec
+    def has_authorized_key?(compare_key)
+      # get_authorized_keys returns the list of key, check if given key is included.
+      get_authorized_keys.include?(compare_key)
+    end
+
+    # belongs_to_primary_group matcher: compatibility with serverspec
+    def belongs_to_primary_group?(group_name)
+      groupname == group_name
+    end
+
+    # belongs_to_group matcher: compatibility with serverspec
+    def belongs_to_group?(group_name)
+      groups.include?(group_name)
+    end
+
+    # encrypted_password property: compatibility with serverspec
+    # it allows to run test against the hashed passwords of the given user
+    # applicable for unix/linux systems with getent utility.
+    def encrypted_password
+      raise Inspec::Exceptions::ResourceSkipped, "encrypted_password property is not applicable for your system" if inspec.os.windows? || inspec.os.darwin?
+
+      # shadow_information returns array of the information from the shadow file
+      # the value at 1st index is the encrypted_password information
+      shadow_information[1]
     end
 
     def to_s
@@ -314,6 +331,54 @@ module Inspec::Resources
 
       @cred_cache = @user_provider.credentials(@username) unless @user_provider.nil?
     end
+
+    # helper method for has_authorized_key matcher
+    # get_authorized_keys return the key/keys stored in the authorized_keys path
+    def get_authorized_keys
+      # cat is used in unix system to display content of file; similarly type is used for windows
+      bin = inspec.os.windows? ? "type" : "cat"
+
+      # auth_path gets assigned with the valid path for authorized_keys
+      auth_path = ""
+
+      # possible paths where authorized_keys are stored
+      # inspec.command is used over inspec.file because inspec.file requires absolute path
+      %w{~/.ssh/authorized_keys ~/.ssh/authorized_keys2}.each do |path|
+        if inspec.command("#{bin} #{path}").exit_status == 0
+          auth_path = path
+          break
+        end
+      end
+
+      # if auth_path is empty, no valid path was found, hence raise exception
+      raise Inspec::Exceptions::ResourceSkipped, "Can't find any valid path for authorized_keys" if auth_path.empty?
+
+      # authorized_keys are obtained in the standard output;
+      # split keys on newline if more than one keys are part of authorized_keys
+      inspec.command("#{bin} #{auth_path}").stdout.split("\n").map(&:strip)
+    end
+
+    # Helper method for encrypted_password property
+    def shadow_information
+      # check if getent is available on the system
+      bin = find_getent_utility
+
+      # fetch details of the passwd file for the current user using getent
+      cmd = inspec.command("#{bin} shadow #{@username}")
+      raise Inspec::Exceptions::ResourceFailed, "Executing #{bin} shadow #{@username} failed: #{cmd.stderr}" if cmd.exit_status.to_i != 0
+
+      # shadow information are : separated values, split and return
+      cmd.stdout.split(":").map(&:strip)
+    end
+
+    # check if getent exist in the system
+    def find_getent_utility
+      %w{/usr/bin/getent /bin/getent getent}.each do |cmd|
+        return cmd if inspec.command(cmd).exist?
+      end
+
+      raise Inspec::Exceptions::ResourceFailed, "Could not find `getent` on your system."
+    end
   end
 
   # Class defined to compare for groups without case-sensitivity

data/lib/inspec/resources/x509_private_key.rb

@@ -0,0 +1,93 @@
+require "inspec/resources/file"
+
+module Inspec::Resources
+  class X509PrivateKey < Inspec.resource(1)
+    # Resource internal name.
+    name "x509_private_key"
+
+    # Restrict to only run on the below platforms (if none were given,
+    # all OS's and cloud API's supported)
+    supports platform: "unix"
+    supports platform: "windows"
+
+    desc "Use the x509_private_key InSpec audit resource to test the x509 private key"
+
+    example <<~EXAMPLE
+      # With passphrase
+      describe x509_private_key("/home/openssl_activity/alice_private.pem", "password@123") do
+        it { should be_valid }
+        it { should be_encrypted }
+        it { should have_matching_certificate("/home/openssl_activity/alice_certificate.crt") }
+      end
+
+      # Without passphrase
+      describe x509_private_key("/home/openssl_activity/bob_private.pem") do
+        it { should be_valid }
+        it { should_not be_encrypted }
+        it { should have_matching_certificate("/home/openssl_activity/bob_certificate.crt") }
+      end
+    EXAMPLE
+
+    # Resource initialization.
+    attr_reader :secret_key_path, :passphrase, :openssl_utility
+
+    def initialize(secret_key_path, passphrase = nil)
+      @openssl_utility = check_openssl_or_error
+      @secret_key_path = secret_key_path
+      @passphrase = passphrase
+    end
+
+    # Resource appearance in test reports.
+    def to_s
+      "x509_private_key"
+    end
+
+    # Matcher to check if the given key is valid.
+    def valid?
+      # Below is the command to check if the key is valid.
+      openssl_key_validity_cmd = "#{openssl_utility} rsa -in #{secret_key_path} -check -noout"
+
+      # Additionally, if key is password protected, passphrase needs to be given with -passin argument
+      openssl_key_validity_cmd.concat(" -passin pass:#{passphrase}") if passphrase
+
+      openssl_key_validity = inspec.command(openssl_key_validity_cmd)
+      openssl_key_validity.exit_status.to_i == 0
+    end
+
+    # Matcher to check if the given key is encrypted.
+    def encrypted?
+      raise Inspec::Exceptions::ResourceFailed, "The given secret key #{secret_key_path} does not exist." unless inspec.file(secret_key_path).exist?
+
+      # All encrypted keys have the header of Proc-Type: 4,ENCRYPTED
+      key_file = inspec.file(secret_key_path)
+      key_file.content =~ /Proc-Type: 4,ENCRYPTED/
+    end
+
+    # Matcher to verify if the private key maatches the certificate
+    def has_matching_certificate?(cert_file_or_path)
+      cert_hash_cmd = "openssl x509 -noout -modulus -in #{cert_file_or_path} | openssl md5"
+      cert_hash = inspec.command(cert_hash_cmd)
+
+      raise Inspec::Exceptions::ResourceFailed, "Executing #{cert_hash_cmd} failed: #{cert_hash.stderr}" if cert_hash.exit_status.to_i != 0
+
+      key_hash_cmd = "openssl rsa -noout -modulus -in #{secret_key_path}"
+      passphrase ? key_hash_cmd.concat(" -passin pass:#{passphrase} | openssl md5") : key_hash_cmd.concat(" | openssl md5")
+      key_hash = inspec.command(key_hash_cmd)
+
+      raise Inspec::Exceptions::ResourceFailed, "Executing #{key_hash_cmd} failed: #{key_hash.stderr}" if key_hash.exit_status.to_i != 0
+
+      cert_hash.stdout == key_hash.stdout
+    end
+
+    private
+
+    # This resource requires openssl to be available on the system
+    def check_openssl_or_error
+      %w{/usr/sbin/openssl /usr/bin/openssl /sbin/openssl /bin/openssl openssl}.each do |cmd|
+        return cmd if inspec.command(cmd).exist?
+      end
+
+      raise Inspec::Exceptions::ResourceFailed, "Could not find `openssl` on your system."
+    end
+  end
+end

data/lib/inspec/resources/zfs.rb

@@ -0,0 +1,48 @@
+require "inspec/resources/zfs_pool"
+
+module Inspec::Resources
+  class Zfs < ZfsPool
+    # resource's internal name.
+    name "zfs"
+
+    # Restrict to only run on the below platforms
+    supports platform: "unix"
+
+    desc "Use the zfs InSpec audit resource to test if the named ZFS Pool is present and/or has certain properties."
+
+    example <<~EXAMPLE
+      describe zfs("new-pool") do
+        it { should exist }
+        it { should have_property({ "failmode" => "wait", "capacity" => "0" }) }
+      end
+    EXAMPLE
+
+    # Resource initialization is done in the parent class i.e. ZfsPool
+
+    # Unique identity for the resource.
+    def resource_id
+      # @zfs_pool is the zfs pool name assigned during initialization in the parent class i.e. ZfsPool
+      @zfs_pool
+    end
+
+    # Resource appearance in test reports.
+    def to_s
+      "zfs #{resource_id}"
+    end
+
+    # The below matcher checks if the given properties are valid properties of the zfs pool.
+    def has_property?(properties_hash)
+      raise Inspec::Exceptions::ResourceSkipped, "Provide a valid key-value pair of the zfs properties." if properties_hash.empty?
+
+      # Transform all the key & values provided by user to string,
+      # since hash keys can be symbols or strings & values can be integers or strings.
+      # @params is a hash populated in the parent class with the properties(key-value) of the current zfs pool.
+      # and the key-value in @params are of string type.
+      properties_hash.transform_keys(&:to_s)
+      properties_hash.transform_values(&:to_s)
+
+      # check if the given properties is a subset of @params
+      properties_hash <= @params
+    end
+  end
+end

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "5.10.5".freeze
+  VERSION = "5.17.4".freeze
 end

data/lib/plugins/inspec-streaming-reporter-progress-bar/lib/inspec-streaming-reporter-progress-bar/streaming_reporter.rb

@@ -41,9 +41,9 @@ module InspecPlugins::StreamingReporterProgressBar
       # Groovy UTF-8 characters for everyone else...
       # ...even though they probably only work on Mac
       INDICATORS = {
-        "failed" => "×",
-        "skipped" => "↺",
-        "passed" => "✔",
+        "failed" => "× [FAILED] ",
+        "skipped" => "↺ [SKIPPED]",
+        "passed" => "✔ [PASSED] ",
       }.freeze
     end
 
@@ -54,58 +54,69 @@ module InspecPlugins::StreamingReporterProgressBar
     end
 
     def example_passed(notification)
-      control_id = notification.example.metadata[:id]
-      set_status_mapping(control_id, "passed")
-      show_progress(control_id) if control_ended?(control_id)
+      set_example(notification, "passed")
     end
 
     def example_failed(notification)
-      control_id = notification.example.metadata[:id]
-      set_status_mapping(control_id, "failed")
-      show_progress(control_id) if control_ended?(control_id)
+      set_example(notification, "failed")
     end
 
     def example_pending(notification)
-      control_id = notification.example.metadata[:id]
-      set_status_mapping(control_id, "skipped")
-      show_progress(control_id) if control_ended?(control_id)
+      set_example(notification, "skipped")
     end
 
     private
 
-    def show_progress(control_id)
+    def set_example(notification, status)
+      control_id = notification.example.metadata[:id]
+      title = notification.example.metadata[:title]
+      full_description = notification.example.metadata[:full_description]
+      control_impact = notification.example.metadata[:impact]
+      set_status_mapping(control_id, status)
+      show_progress(control_id, title, full_description, control_impact) if control_ended?(control_id)
+    end
+
+    def show_progress(control_id, title, full_description, control_impact)
       @bar ||= ProgressBar.new(controls_count, :bar, :counter, :percentage)
       sleep 0.1
       @bar.increment!
-      @bar.puts format_it(control_id)
-    rescue Exception => ex
-      raise "Exception in Progress Bar streaming reporter: #{ex}"
+      @bar.puts format_it(control_id, title, full_description, control_impact)
+    rescue StandardError => e
+      raise "Exception in Progress Bar streaming reporter: #{e}"
     end
 
-    def format_it(control_id)
+    def format_it(control_id, title, full_description, control_impact)
       control_status = if @status_mapping[control_id].include? "failed"
                          "failed"
-                       elsif @status_mapping[control_id].include? "skipped"
-                         "skipped"
                        elsif @status_mapping[control_id].include? "passed"
                          "passed"
+                       else
+                         @status_mapping[control_id].include? "skipped"
+                         "skipped"
                        end
-
       indicator = INDICATORS[control_status]
       message_to_format = ""
       message_to_format += "#{indicator}  "
-      message_to_format += control_id.to_s.lstrip.force_encoding(Encoding::UTF_8)
+      message_to_format += "#{control_id.to_s.strip.dup.force_encoding(Encoding::UTF_8)}  "
+      message_to_format += "#{title.gsub(/\n*\s+/, " ").to_s.force_encoding(Encoding::UTF_8)}  " if title
+      message_to_format += "#{full_description.gsub(/\n*\s+/, " ").to_s.force_encoding(Encoding::UTF_8)}  " unless title
       format_with_color(control_status, message_to_format)
+    rescue Exception => e
+      raise "Exception in show_progress: #{e}"
     end
 
     def format_with_color(color_name, text)
       "#{COLORS[color_name]}#{text}#{COLORS["reset"]}"
+    rescue StandardError => e
+      raise "Exception in format_with_color: #{e}"
     end
 
     # status mapping with control id to decide the final state of the control
     def set_status_mapping(control_id, status)
       @status_mapping[control_id] = [] if @status_mapping[control_id].nil?
       @status_mapping[control_id].push(status)
+    rescue StandardError => e
+      raise "Exception in format_with_color: #{e}"
     end
 
   end