inspec-core 5.12.2 → 5.18.14

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b7242aa89bb64084dbeb75587b128af25c4967be0bc06ec8e9d8f386e821d36a
-  data.tar.gz: 876166ebb7e7ae59bb39fe1b9fd4523f45cdb6c22702f08e0074dad4662bf5bf
+  metadata.gz: ba97ee3e25e02fba9b85f797fa1a773d2e8fa7628112be422d187c0e46cfce40
+  data.tar.gz: a82f51e5c6ba3e1db8c4580f92a33d91bcc2e0c2a8339850e1f168c1569b8818
 SHA512:
-  metadata.gz: 155d7f957519b8358c1e8d92373f50b8839cb7f31ca3f32af953a556a2753f768b69b9a78dc7fa2b228ed30e2a26a5b33a393dbe472c501fcc1bda0b54a353f8
-  data.tar.gz: af8ec2a17788ba7add5c58c07c0e842b31e8a7a92f6afd38ca0e794c2d297dde6464e8dd9cf8d8a07374042a2437ec41685226be098004a4396160432d68a14f
+  metadata.gz: beb78893376f0b92b9cf33741f8fab471f66dd328fa1f28c87b05737da7f73266327eded07ca67f0b91a747625dfcb61011b42c06a25914d01f727b07a962456
+  data.tar.gz: 193aeef4576e2af4466a176b80e107cd45fe0c0c0f6db290d17696cec1eb7dbf6b58b555bf8c0df4b9bb4a9d5aa8d26f542993b5be1d600a296c3ec50e531d09

data/Gemfile

@@ -29,7 +29,7 @@ group :test do
   gem "json_schemer", ">= 0.2.1", "< 0.2.19"
   gem "m"
   gem "minitest-sprint", "~> 1.0"
-  gem "minitest", "~> 5.5"
+  gem "minitest", "5.15.0"
   gem "mocha", "~> 1.1"
   gem "nokogiri", "~> 1.9"
   gem "pry-byebug"

data/etc/deprecations.json

@@ -121,6 +121,10 @@
     "cli_option_target_id":{
       "action": "warn",
       "prefix": "The --target-id option is deprecated in InSpec 5. Its value will be ignored."
+    },
+    "renamed_to_inspec_export":{
+      "action": "ignore",
+      "prefix": "The `inspec json` command is deprecated in InSpec 5 and replaced with `inspec export` command."
     }
   }
 }

data/etc/keys/progress-2022-05-04.pem.pub

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8FWKhVwT5ilFdk5/schY
+J3X6DkDbZPul7MAKYuicmyvrk4VZFqFJYzUo9G+ZvtWCjCMZF3JLDbg0VJ+V3j2b
+A5MRUDMH1MtbQZS8u0AIUAitHsSiMgu4w/EHUSHODoDmbdaHT1xkFe9IxMSM1/AV
+/s5u2uAMuiayo+dGW5i9xf/LMZN1JCeX8Yqw85CpS01gMC2XxoUu5wGLwBwXkdql
++H3SaWRdDTtccgtu0Rxt9dzRtHAPNWKSLl9TScW6Qt/+7bgb3M6+7od/FuPziAS9
+1NGUiKL9vajpafxUJF8863q0l64dAXGWXVFed7/7GFiNVuLxBksPzK8VrkyCS214
+kQIDAQAB
+-----END PUBLIC KEY-----

data/inspec-core.gemspec

@@ -45,5 +45,5 @@ Gem::Specification.new do |spec|
   spec.add_dependency "semverse",           "~> 3.0"
   spec.add_dependency "multipart-post",     "~> 2.0"
 
-  spec.add_dependency "train-core", "~> 3.0"
+  spec.add_dependency "train-core", "~> 3.10"
 end

data/lib/inspec/base_cli.rb

@@ -138,6 +138,8 @@ module Inspec
         desc: "Provides path to Docker API endpoint (Docker)"
       option :ssh_config_file, type: :array,
         desc: "A list of paths to the ssh config file, e.g ~/.ssh/config or /etc/ssh/ssh_config"
+      option :podman_url, type: :string,
+        desc: "Provides path to Podman API endpoint"
     end
 
     def self.profile_options
@@ -323,6 +325,9 @@ module Inspec
 
     def pretty_handle_exception(exception)
       case exception
+      when Inspec::InvalidProfileSignature
+        $stderr.puts exception.message
+        Inspec::UI.new.exit(:bad_signature)
       when Inspec::Error
         $stderr.puts exception.message
         exit(1)

data/lib/inspec/cli.rb

@@ -5,6 +5,7 @@ require "inspec/dist"
 require "inspec/backend"
 require "inspec/dependencies/cache"
 require "inspec/utils/json_profile_summary"
+require "inspec/utils/yaml_profile_summary"
 
 module Inspec # TODO: move this somewhere "better"?
   autoload :BaseCLI,       "inspec/base_cli"
@@ -69,25 +70,77 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     desc: "A list of tags to filter controls and include only those. Ignore all other tests."
   profile_options
   def json(target)
-    require "json" unless defined?(JSON)
+    # This deprecation warning is ignored currently.
+    Inspec.deprecate(:renamed_to_inspec_export)
+    export(target, true)
+  end
 
+  desc "export PATH", "read the profile in PATH and generate a summary in the given format."
+  option :what, type: :string,
+    desc: "What to export: profile (default), readme, metadata."
+  option :format, type: :string,
+    desc: "The output format to use: json, raw, yaml. If valid format is not provided then it will use the default for the given 'what'."
+  option :output, aliases: :o, type: :string,
+    desc: "Save the created output to a path"
+  option :controls, type: :array,
+    desc: "For --what=profile, a list of controls to include. Ignore all other tests."
+  option :tags, type: :array,
+    desc: "For --what=profile, a list of tags to filter controls and include only those. Ignore all other tests."
+  profile_options
+  def export(target, as_json = false)
     o = config
     diagnose(o)
     o["log_location"] = $stderr
     configure_logger(o)
 
+    # using dup to resolve "can't modify frozen String" error.
+    what = o[:what].dup || "profile"
+    what.downcase!
+    raise Inspec::Error.new("Unrecognized option '#{what}' for --what - expected one of profile, readme, or metadata.") unless %w{profile readme metadata}.include?(what)
+
+    default_format_for_what = {
+      "profile" => "yaml",
+      "metadata" => "raw",
+      "readme" => "raw",
+    }
+    valid_formats_for_what = {
+      "profile" => %w{yaml json},
+      "metadata" => %w{yaml raw}, # not going to argue
+      "readme" => ["raw"],
+    }
+    format = o[:format] || default_format_for_what[what]
+    # default is json if we were called as old json command
+    format = "json" if as_json
+    raise Inspec::Error.new("Invalid option '#{format}' for --format and --what combination") unless format && valid_formats_for_what[what].include?(format)
+
     o[:backend] = Inspec::Backend.create(Inspec::Config.mock)
     o[:check_mode] = true
     o[:vendor_cache] = Inspec::Cache.new(o[:vendor_cache])
-
     profile = Inspec::Profile.for_target(target, o)
     dst = o[:output].to_s
 
-    # Write JSON
-    Inspec::Utils::JsonProfileSummary.produce_json(
-      info: profile.info,
-      write_path: dst
-    )
+    case what
+    when "profile"
+      if format == "json"
+        require "json" unless defined?(JSON)
+        # Write JSON
+        Inspec::Utils::JsonProfileSummary.produce_json(
+          info: profile.info,
+          write_path: dst
+        )
+      elsif format == "yaml"
+        Inspec::Utils::YamlProfileSummary.produce_yaml(
+          info: profile.info,
+          write_path: dst
+        )
+      end
+    when "readme"
+      out = dst.empty? ? $stdout : File.open(dst, "w")
+      out.write(profile.readme)
+    when "metadata"
+      out = dst.empty? ? $stdout : File.open(dst, "w")
+      out.write(profile.metadata_src)
+    end
   rescue StandardError => e
     pretty_handle_exception(e)
   end
@@ -95,6 +148,8 @@ class Inspec::InspecCLI < Inspec::BaseCLI
   desc "check PATH", "verify all tests at the specified PATH"
   option :format, type: :string,
     desc: "The output format to use doc (default), json. If valid format is not provided then it will use the default."
+  option :with_cookstyle, type: :boolean,
+    desc: "Enable or disable cookstyle checks.", default: false
   profile_options
   def check(path) # rubocop:disable Metrics/AbcSize,Metrics/MethodLength
     o = config
@@ -187,12 +242,12 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     desc: "Fallback to using local archives if fetching fails."
   option :ignore_errors, type: :boolean, default: false,
     desc: "Ignore profile warnings."
-  def archive(path)
+  def archive(path, log_level = nil)
     o = config
     diagnose(o)
 
     o[:logger] = Logger.new($stdout)
-    o[:logger].level = get_log_level(o[:log_level])
+    o[:logger].level = get_log_level(log_level || o[:log_level])
     o[:backend] = Inspec::Backend.create(Inspec::Config.mock)
 
     # Force vendoring with overwrite when archiving

data/lib/inspec/dependencies/dependency_set.rb

@@ -25,7 +25,9 @@ module Inspec
     def self.from_array(dependencies, cwd, cache, backend)
       dep_list = {}
       dependencies.each do |d|
-        dep_list[d.name] = d
+        # if depedent profile does not have a source version then only name is used in dependency hash
+        key_name = (d.source_version ? "#{d.name}-#{d.source_version}" : "#{d.name}") rescue "#{d.name}"
+        dep_list[key_name] = d
       end
       new(cwd, cache, dep_list, backend)
     end
@@ -39,7 +41,9 @@ module Inspec
     def self.flatten_dep_tree(dep_tree)
       dep_list = {}
       dep_tree.each do |d|
-        dep_list[d.name] = d
+        # if depedent profile does not have a source version then only name is used in dependency hash
+        key_name = (d.source_version ? "#{d.name}-#{d.source_version}" : "#{d.name}") rescue d.name
+        dep_list[key_name] = d
         dep_list.merge!(flatten_dep_tree(d.dependencies))
       end
       dep_list

data/lib/inspec/dependency_loader.rb

@@ -50,7 +50,11 @@ module Inspec
     end
 
     def gem_version_installed?(name, version)
-      list_installed_gems.any? { |s| s.name == name && Gem::Requirement.new(version.split(",")) =~ s.version }
+      if version.nil?
+        list_installed_gems.any? { |s| s.name == name }
+      else
+        list_installed_gems.any? { |s| s.name == name && Gem::Requirement.new(version.split(",")) =~ s.version }
+      end
     end
 
     private

data/lib/inspec/dsl.rb

@@ -6,13 +6,13 @@ require "inspec/utils/deprecated_cloud_resources_list"
 module Inspec::DSL
   attr_accessor :backend
 
-  def require_controls(id, &block)
-    opts = { profile_id: id, include_all: false, backend: @backend, conf: @conf, dependencies: @dependencies }
+  def require_controls(id, version = nil, &block)
+    opts = { profile_id: id, include_all: false, backend: @backend, conf: @conf, dependencies: @dependencies, profile_version: version }
     ::Inspec::DSL.load_spec_files_for_profile(self, opts, &block)
   end
 
-  def include_controls(id, &block)
-    opts = { profile_id: id, include_all: true, backend: @backend, conf: @conf, dependencies: @dependencies }
+  def include_controls(id, version = nil, &block)
+    opts = { profile_id: id, include_all: true, backend: @backend, conf: @conf, dependencies: @dependencies, profile_version: version }
     ::Inspec::DSL.load_spec_files_for_profile(self, opts, &block)
   end
 
@@ -85,7 +85,20 @@ module Inspec::DSL
   def self.load_spec_files_for_profile(bind_context, opts, &block)
     dependencies = opts[:dependencies]
     profile_id = opts[:profile_id]
-    dep_entry = dependencies.list[profile_id]
+    profile_version = opts[:profile_version]
+
+    new_profile_id = nil
+    if profile_version
+      new_profile_id = "#{profile_id}-#{profile_version}"
+    else
+      dependencies.list.keys.each do |key|
+        # If dep profile does not contain a source version, key does not contain a version as well. In that case new_profile_id will be always nil and instead profile_id would be used to fetch profile from dependency list.
+        profile_id_key = key.split("-")
+        profile_id_key.pop
+        new_profile_id = key if profile_id_key.join("-") == profile_id
+      end
+    end
+    dep_entry = new_profile_id ? dependencies.list[new_profile_id] : dependencies.list[profile_id]
 
     if dep_entry.nil?
       raise <<~EOF

data/lib/inspec/errors.rb

@@ -22,4 +22,6 @@ module Inspec
     attr_accessor :gem_name
     attr_accessor :version
   end
+
+  class InvalidProfileSignature < Error; end
 end

data/lib/inspec/exceptions.rb

@@ -8,5 +8,7 @@ module Inspec
     class ResourceFailed < StandardError; end
     class ResourceSkipped < StandardError; end
     class SecretsBackendNotFound < ArgumentError; end
+    class ProfileValidationKeyNotFound < ArgumentError; end
+    class ProfileSigningKeyNotFound < ArgumentError; end
   end
 end

data/lib/inspec/fetcher/url.rb

@@ -262,7 +262,7 @@ module Inspec::Fetcher
 
       open(target, opts)
 
-    rescue SocketError, Errno::ECONNREFUSED, OpenURI::HTTPError => e
+    rescue SocketError, Net::OpenTimeout, Errno::ECONNREFUSED, OpenURI::HTTPError => e
       raise Inspec::FetcherFailure, "Profile URL dependency #{target} could not be fetched: #{e.message}"
     end
 

data/lib/inspec/file_provider.rb

@@ -2,6 +2,7 @@ require "rubygems/package" unless defined?(Gem::Package)
 require "pathname" unless defined?(Pathname)
 require "zlib" unless defined?(Zlib)
 require "zip" unless defined?(Zip)
+require "inspec/iaf_file"
 
 module Inspec
   class FileProvider
@@ -14,6 +15,13 @@ module Inspec
         TarProvider.new(path)
       elsif File.exist?(path) && path.end_with?(".zip")
         ZipProvider.new(path)
+      elsif File.exist?(path) && path.end_with?(".iaf")
+        iaf_file = IafFile.new(path)
+        if iaf_file.valid?
+          IafProvider.new(path)
+        else
+          raise Inspec::InvalidProfileSignature, "Profile signature is invalid."
+        end
       elsif File.exist?(path)
         DirProvider.new(path)
       else
@@ -216,6 +224,34 @@ module Inspec
     end
   end # class TarProvider
 
+  class IafProvider < TarProvider
+    attr_reader :files
+
+    def initialize(path)
+      f = File.open(path, "rb")
+      version = f.readline.strip!
+      if version == "INSPEC-PROFILE-1"
+        while f.readline != "\n" do end
+        content = f.read
+        f.close
+      elsif version == "INSPEC-PROFILE-2"
+        f.readline.strip!
+        content = f.read
+        f.close
+        content = content.slice(490, content.length).lstrip
+      else
+        raise Inspec::InvalidProfileSignature, "Unrecognized IAF version."
+      end
+
+      tmpfile = nil
+      Dir.mktmpdir do |workdir|
+        tmpfile = Pathname.new(workdir).join("temp_profile.tar.gz")
+        File.open(tmpfile, "wb") { |fl| fl.write(content) }
+        super(tmpfile)
+      end
+    end
+  end # class IafProvider
+
   class RelativeFileProvider
     BLACKLIST_FILES = [
       "/pax_global_header",

data/lib/inspec/iaf_file.rb

@@ -0,0 +1,127 @@
+require "base64" unless defined?(Base64)
+require "openssl" unless defined?(OpenSSL)
+require "set" unless defined?(Set)
+require "uri" unless defined?(URI)
+
+module Inspec
+  class IafFile
+    KEY_ALG = OpenSSL::PKey::RSA
+    INSPEC_PROFILE_VERSION_1 = "INSPEC-PROFILE-1".freeze
+    INSPEC_PROFILE_VERSION_2 = "INSPEC-PROFILE-2".freeze
+
+    ARTIFACT_DIGEST = OpenSSL::Digest::SHA512
+    ARTIFACT_DIGEST_NAME = "SHA512".freeze
+
+    VALID_PROFILE_VERSIONS = Set.new [INSPEC_PROFILE_VERSION_1, INSPEC_PROFILE_VERSION_2]
+    VALID_PROFILE_DIGESTS = Set.new [ARTIFACT_DIGEST_NAME]
+
+    def self.find_validation_key(keyname)
+      [
+        ".",
+        File.join(Inspec.config_dir, "keys"),
+        File.join(Inspec.src_root, "etc", "keys"),
+      ].each do |path|
+        filename = File.join(path, "#{keyname}.pem.pub")
+        return filename if File.exist?(filename)
+      rescue ArgumentError => e
+        puts e
+        raise Inspec::Exceptions::ProfileValidationKeyNotFound.new("Validation key #{keyname} not found")
+      end
+
+      # Retry if we can fetch it from github
+      return find_validation_key(keyname) if fetch_validation_key_from_github(keyname)
+
+      raise Inspec::Exceptions::ProfileValidationKeyNotFound.new("Validation key #{keyname} not found")
+    end
+
+    def self.find_signing_key(keyname)
+      [".", File.join(Inspec.config_dir, "keys")].each do |path|
+        filename = File.join(path, "#{keyname}.pem.key")
+        return filename if File.exist?(filename)
+      end
+      raise Inspec::Exceptions::ProfileSigningKeyNotFound.new("Signing key #{keyname} not found")
+    end
+
+    def self.fetch_validation_key_from_github(keyname)
+      URI.open("https://raw.githubusercontent.com/inspec/inspec/main/etc/keys/#{keyname}.pem.pub") do |r|
+        puts "Fetching validation key '#{keyname}' from github"
+        dir = File.join(Inspec.config_dir, "keys")
+        FileUtils.mkdir_p dir
+        key_file = File.join(dir, "#{keyname}.pem.pub")
+        File.open(key_file, "w") do |f|
+          r.each_line do |line|
+            f.puts line
+          end
+        end
+      end
+      true
+    rescue OpenURI::HTTPError
+      false
+    end
+
+    attr_reader :key_name, :version
+
+    def initialize(path)
+      @path = path
+      @key_name = nil
+    end
+
+    def valid?
+      header = []
+      valid = true
+      f = File.open(@path, "rb")
+      @version = f.readline.strip!
+      if version == INSPEC_PROFILE_VERSION_1
+        header << version
+        header << f.readline.strip!
+        header << f.readline.strip!
+
+        file_sig = ""
+        # the signature is multi-line
+        while (line = f.readline) != "\n"
+          file_sig += line
+        end
+        header << file_sig.strip!
+        f.close
+
+        f = File.open(@path, "rb")
+        while f.readline != "\n" do end
+        content = f.read
+        f.close
+      elsif version == INSPEC_PROFILE_VERSION_2
+        header << version
+        header << f.readline.strip!
+        content = f.read
+        f.close
+
+        header_content = content.unpack("h*").pack("H*")
+        header << header_content.slice(0, 100).rstrip
+        header << header_content.slice(100, 20).rstrip
+        header << header_content.slice(120, 370).rstrip + "\n" # \n at the end is require in this field
+        content = content.slice(490, content.length).lstrip
+      else
+        valid = false
+      end
+
+      @key_name = header[2]
+      validation_key_path = Inspec::IafFile.find_validation_key(@key_name)
+
+      unless valid_header?(header)
+        valid = false
+      end
+
+      verification_key = KEY_ALG.new File.read validation_key_path
+      signature = Base64.decode64(header[4])
+      digest = ARTIFACT_DIGEST.new
+      unless verification_key.verify digest, signature, content
+        valid = false
+      end
+
+      valid
+    end
+
+    def valid_header?(header)
+      VALID_PROFILE_VERSIONS.member?(header[0]) && VALID_PROFILE_DIGESTS.member?(header[3])
+    end
+  end
+end

data/lib/inspec/profile.rb

@@ -105,6 +105,7 @@ module Inspec
       @check_mode = options[:check_mode] || false
       @parent_profile = options[:parent_profile]
       @legacy_profile_path = options[:profiles_path] || false
+      @check_cookstyle = options[:with_cookstyle]
       Metadata.finalize(@source_reader.metadata, @profile_id, options)
 
       # if a backend has already been created, clone it so each profile has its own unique backend object
@@ -349,22 +350,24 @@ module Inspec
     def load_libraries
       return @runner_context if @libraries_loaded
 
-      locked_dependencies.dep_list.each_with_index do |(_name, dep), i|
+      locked_dependencies.dep_list.each_with_index do |(_name, dep), index|
         d = dep.profile
         # this will force a dependent profile load so we are only going to add
         # this metadata if the parent profile is supported.
         if @supports_platform && !d.supports_platform?
           # since ruby 1.9 hashes are ordered so we can just use index values here
           # TODO: NO! this is a violation of encapsulation to an extreme
-          metadata.dependencies[i][:status] = "skipped"
-          msg = "Skipping profile: '#{d.name}' on unsupported platform: '#{d.backend.platform.name}/#{d.backend.platform.release}'."
-          metadata.dependencies[i][:status_message] = msg
-          metadata.dependencies[i][:skip_message] = msg # Repeat as skip_message for backward compatibility
+          if metadata.dependencies[index]
+            metadata.dependencies[index][:status] = "skipped"
+            msg = "Skipping profile: '#{d.name}' on unsupported platform: '#{d.backend.platform.name}/#{d.backend.platform.release}'."
+            metadata.dependencies[index][:status_message] = msg
+            metadata.dependencies[index][:skip_message] = msg # Repeat as skip_message for backward compatibility
+          end
           next
-        elsif metadata.dependencies[i]
+        elsif metadata.dependencies[index]
           # Currently wrapper profiles will load all dependencies, and then we
           # load them again when we dive down. This needs to be re-done.
-          metadata.dependencies[i][:status] = "loaded"
+          metadata.dependencies[index][:status] = "loaded"
         end
 
         # rubocop:disable Layout/ExtraSpacing
@@ -409,7 +412,7 @@ module Inspec
           else
             ui = Inspec::UI.new
             gem_dependencies.each { |gem_dependency| ui.list_item("#{gem_dependency[:name]} #{gem_dependency[:version]}") }
-            choice = ui.prompt.select("Would you like to install profile gem dependencies listed above?", %w{Yes No})
+            choice = ui.prompt.select("The above listed gem dependencies are required to run the profile. Would you like to install them ?", %w{Yes No})
             if choice == "Yes"
               Inspec::Config.cached[:auto_install_gems] = true
               load_gem_dependencies
@@ -655,12 +658,13 @@ module Inspec
       end
 
       # Running cookstyle to check for code offenses
-      cookstyle_linting_check.each do |lint_output|
-        data = lint_output.split(":")
-        msg = "#{data[-2]}:#{data[-1]}"
-        offense.call(data[0], data[1], data[2], nil, msg)
+      if @check_cookstyle
+        cookstyle_linting_check.each do |lint_output|
+          data = lint_output.split(":")
+          msg = "#{data[-2]}:#{data[-1]}"
+          offense.call(data[0], data[1], data[2], nil, msg)
+        end
       end
-
       # profile is valid if we could not find any error & offenses
       result[:summary][:valid] = result[:errors].empty? && result[:offenses].empty?
 
@@ -744,6 +748,14 @@ module Inspec
       @source_reader.target.files
     end
 
+    def readme
+      @source_reader.readme&.values&.first
+    end
+
+    def metadata_src
+      @source_reader.metadata_src
+    end
+
     #
     # TODO(ssd): Relative path handling really needs to be carefully
     # thought through, especially with respect to relative paths in
@@ -848,7 +860,12 @@ module Inspec
         f = load_rule_filepath(prefix, rule)
         load_rule(rule, f, controls, groups)
       end
-      params[:inputs] = Inspec::InputRegistry.list_inputs_for_profile(@profile_id)
+      if @profile_id.nil?
+        # identifying inputs using profile name
+        params[:inputs] = Inspec::InputRegistry.list_inputs_for_profile(params[:name])
+      else
+        params[:inputs] = Inspec::InputRegistry.list_inputs_for_profile(@profile_id)
+      end
       params
     end
 

data/lib/inspec/resources/aide_conf.rb

@@ -48,6 +48,10 @@ module Inspec::Resources
 
     filter.install_filter_methods_on_resource(self, :params)
 
+    def resource_id
+      @conf_path || "aide_conf"
+    end
+
     def to_s
       "AIDE Config"
     end

data/lib/inspec/resources/apache.rb

@@ -40,6 +40,10 @@ module Inspec::Resources
       end
     end
 
+    def resource_id
+      @conf_path || "apache"
+    end
+
     def to_s
       "Apache Environment"
     end

data/lib/inspec/resources/apache_conf.rb

@@ -124,6 +124,10 @@ module Inspec::Resources
       @params["ServerRoot"] || @params["serverroot"]
     end
 
+    def resource_id
+      @conf_path || "apache_conf"
+    end
+
     def to_s
       "Apache Config #{conf_path}"
     end

data/lib/inspec/resources/apt.rb

@@ -39,10 +39,11 @@ module Inspec::Resources
     EXAMPLE
 
     def initialize(ppa_name)
+      @ppa_name = ppa_name
       @deb_url = nil
       # check if the os is ubuntu or debian
       if inspec.os.debian?
-        @deb_url = determine_ppa_url(ppa_name)
+        @deb_url = determine_ppa_url(@ppa_name)
       else
         # this resource is only supported on ubuntu and debian
         skip_resource "The `apt` resource is not supported on your OS yet."
@@ -61,6 +62,10 @@ module Inspec::Resources
       actives.size == 1 && actives[0] = true
     end
 
+    def resource_id
+      @deb_url || @ppa_name || "apt repository"
+    end
+
     def to_s
       "Apt Repository #{@deb_url}"
     end

data/lib/inspec/resources/audit_policy.rb

@@ -57,6 +57,11 @@ module Inspec::Resources
       values
     end
 
+    # Since this resource does not have any unique identifier for resource, sending the Auditpol command as UUID.
+    def resource_id
+      "audit_policy"
+    end
+
     def to_s
       "Audit Policy"
     end

data/lib/inspec/resources/auditd_conf.rb

@@ -27,6 +27,10 @@ module Inspec::Resources
       read_params[name.to_s]
     end
 
+    def resource_id
+      @conf_path || "auditd_conf"
+    end
+
     def to_s
       "Audit Daemon Config"
     end

data/lib/inspec/resources/bash.rb

@@ -28,6 +28,10 @@ module Inspec::Resources
       super(CommandWrapper.wrap(command, options))
     end
 
+    def resource_id
+      @raw_command || "bash"
+    end
+
     def to_s
       "Bash command #{@raw_command}"
     end