inspec-core 5.12.2 → 5.18.14
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/etc/deprecations.json +4 -0
- data/etc/keys/progress-2022-05-04.pem.pub +9 -0
- data/inspec-core.gemspec +1 -1
- data/lib/inspec/base_cli.rb +5 -0
- data/lib/inspec/cli.rb +64 -9
- data/lib/inspec/dependencies/dependency_set.rb +6 -2
- data/lib/inspec/dependency_loader.rb +5 -1
- data/lib/inspec/dsl.rb +18 -5
- data/lib/inspec/errors.rb +2 -0
- data/lib/inspec/exceptions.rb +2 -0
- data/lib/inspec/fetcher/url.rb +1 -1
- data/lib/inspec/file_provider.rb +36 -0
- data/lib/inspec/iaf_file.rb +127 -0
- data/lib/inspec/profile.rb +31 -14
- data/lib/inspec/resources/aide_conf.rb +4 -0
- data/lib/inspec/resources/apache.rb +4 -0
- data/lib/inspec/resources/apache_conf.rb +4 -0
- data/lib/inspec/resources/apt.rb +6 -1
- data/lib/inspec/resources/audit_policy.rb +5 -0
- data/lib/inspec/resources/auditd_conf.rb +4 -0
- data/lib/inspec/resources/bash.rb +4 -0
- data/lib/inspec/resources/bond.rb +4 -0
- data/lib/inspec/resources/bridge.rb +4 -0
- data/lib/inspec/resources/cassandradb_conf.rb +5 -0
- data/lib/inspec/resources/cassandradb_session.rb +8 -3
- data/lib/inspec/resources/chocolatey_package.rb +4 -0
- data/lib/inspec/resources/chrony_conf.rb +4 -0
- data/lib/inspec/resources/command.rb +5 -0
- data/lib/inspec/resources/cpan.rb +4 -0
- data/lib/inspec/resources/cran.rb +4 -0
- data/lib/inspec/resources/cron.rb +5 -0
- data/lib/inspec/resources/csv.rb +6 -1
- data/lib/inspec/resources/default_gateway.rb +61 -0
- data/lib/inspec/resources/dh_params.rb +4 -0
- data/lib/inspec/resources/docker_container.rb +4 -0
- data/lib/inspec/resources/docker_image.rb +4 -0
- data/lib/inspec/resources/docker_plugin.rb +4 -0
- data/lib/inspec/resources/docker_service.rb +4 -0
- data/lib/inspec/resources/etc_group.rb +4 -0
- data/lib/inspec/resources/etc_hosts_allow_deny.rb +5 -0
- data/lib/inspec/resources/file.rb +97 -1
- data/lib/inspec/resources/filesystem.rb +4 -0
- data/lib/inspec/resources/gem.rb +4 -0
- data/lib/inspec/resources/groups.rb +9 -0
- data/lib/inspec/resources/grub_conf.rb +4 -0
- data/lib/inspec/resources/host.rb +46 -3
- data/lib/inspec/resources/http.rb +4 -0
- data/lib/inspec/resources/ibmdb2_conf.rb +8 -0
- data/lib/inspec/resources/ibmdb2_session.rb +12 -3
- data/lib/inspec/resources/iis_app.rb +4 -0
- data/lib/inspec/resources/iis_app_pool.rb +4 -0
- data/lib/inspec/resources/iis_site.rb +4 -0
- data/lib/inspec/resources/inetd_conf.rb +4 -0
- data/lib/inspec/resources/interface.rb +4 -0
- data/lib/inspec/resources/ip6tables.rb +4 -0
- data/lib/inspec/resources/ipfilter.rb +4 -0
- data/lib/inspec/resources/ipnat.rb +4 -0
- data/lib/inspec/resources/iptables.rb +4 -0
- data/lib/inspec/resources/json.rb +4 -0
- data/lib/inspec/resources/kernel_module.rb +4 -0
- data/lib/inspec/resources/kernel_parameter.rb +4 -0
- data/lib/inspec/resources/key_rsa.rb +4 -0
- data/lib/inspec/resources/ksh.rb +4 -0
- data/lib/inspec/resources/limits_conf.rb +4 -0
- data/lib/inspec/resources/linux_audit_system.rb +81 -0
- data/lib/inspec/resources/login_defs.rb +4 -0
- data/lib/inspec/resources/mongodb.rb +4 -0
- data/lib/inspec/resources/mongodb_conf.rb +5 -0
- data/lib/inspec/resources/mongodb_session.rb +6 -1
- data/lib/inspec/resources/mount.rb +4 -0
- data/lib/inspec/resources/mssql_session.rb +4 -0
- data/lib/inspec/resources/mssql_sys_conf.rb +7 -0
- data/lib/inspec/resources/mysql_conf.rb +4 -0
- data/lib/inspec/resources/mysql_session.rb +8 -1
- data/lib/inspec/resources/nginx.rb +6 -1
- data/lib/inspec/resources/nginx_conf.rb +4 -0
- data/lib/inspec/resources/noop.rb +4 -0
- data/lib/inspec/resources/npm.rb +4 -0
- data/lib/inspec/resources/ntp_conf.rb +4 -0
- data/lib/inspec/resources/oneget.rb +4 -0
- data/lib/inspec/resources/opa_api.rb +10 -0
- data/lib/inspec/resources/opa_cli.rb +14 -0
- data/lib/inspec/resources/oracledb_conf.rb +5 -0
- data/lib/inspec/resources/oracledb_listener_conf.rb +4 -0
- data/lib/inspec/resources/oracledb_session.rb +10 -0
- data/lib/inspec/resources/os.rb +4 -0
- data/lib/inspec/resources/os_env.rb +4 -0
- data/lib/inspec/resources/package.rb +4 -0
- data/lib/inspec/resources/parse_config.rb +10 -1
- data/lib/inspec/resources/php_config.rb +72 -0
- data/lib/inspec/resources/pip.rb +4 -0
- data/lib/inspec/resources/platform.rb +4 -0
- data/lib/inspec/resources/postfix_conf.rb +4 -0
- data/lib/inspec/resources/postgres_conf.rb +4 -0
- data/lib/inspec/resources/postgres_session.rb +8 -4
- data/lib/inspec/resources/powershell.rb +4 -0
- data/lib/inspec/resources/processes.rb +17 -4
- data/lib/inspec/resources/rabbitmq_config.rb +4 -0
- data/lib/inspec/resources/registry_key.rb +4 -0
- data/lib/inspec/resources/security_identifier.rb +4 -0
- data/lib/inspec/resources/security_policy.rb +4 -0
- data/lib/inspec/resources/service.rb +80 -1
- data/lib/inspec/resources/ssh_config.rb +4 -0
- data/lib/inspec/resources/sybase_conf.rb +4 -0
- data/lib/inspec/resources/sybase_session.rb +4 -0
- data/lib/inspec/resources/sys_info.rb +4 -0
- data/lib/inspec/resources/timezone.rb +4 -0
- data/lib/inspec/resources/users.rb +4 -0
- data/lib/inspec/resources/vbscript.rb +5 -0
- data/lib/inspec/resources/virtualization.rb +4 -0
- data/lib/inspec/resources/windows_feature.rb +5 -1
- data/lib/inspec/resources/windows_firewall.rb +4 -0
- data/lib/inspec/resources/windows_firewall_rule.rb +4 -0
- data/lib/inspec/resources/windows_hotfix.rb +4 -0
- data/lib/inspec/resources/windows_task.rb +4 -0
- data/lib/inspec/resources/wmi.rb +4 -0
- data/lib/inspec/resources/x509_certificate.rb +59 -0
- data/lib/inspec/resources/x509_private_key.rb +93 -0
- data/lib/inspec/resources/yum.rb +4 -0
- data/lib/inspec/resources/zfs.rb +48 -0
- data/lib/inspec/resources/zfs_dataset.rb +4 -0
- data/lib/inspec/resources/zfs_pool.rb +4 -0
- data/lib/inspec/rule.rb +1 -1
- data/lib/inspec/secrets/yaml.rb +7 -1
- data/lib/inspec/ui.rb +1 -0
- data/lib/inspec/utils/yaml_profile_summary.rb +34 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-reporter-html2/templates/body.html.erb +4 -4
- data/lib/plugins/inspec-reporter-html2/templates/control.html.erb +1 -1
- data/lib/plugins/inspec-reporter-html2/templates/profile.html.erb +1 -1
- data/lib/plugins/{inspec-artifact/inspec-artifact.gemspec → inspec-sign/inspec-sign.gemspec} +2 -2
- data/lib/plugins/inspec-sign/lib/inspec-sign/base.rb +161 -0
- data/lib/plugins/{inspec-artifact/lib/inspec-artifact → inspec-sign/lib/inspec-sign}/cli.rb +14 -23
- data/lib/plugins/inspec-sign/lib/inspec-sign.rb +12 -0
- data/lib/source_readers/inspec.rb +8 -2
- metadata +16 -8
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +0 -187
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +0 -12
|
@@ -31,6 +31,11 @@ module Inspec::Resources
|
|
|
31
31
|
super(@conf_path)
|
|
32
32
|
end
|
|
33
33
|
|
|
34
|
+
# if system unables to determine the cassandra conf path the @conf_path can be nil so in that case sending "" string as resource_id
|
|
35
|
+
def resource_id
|
|
36
|
+
@conf_path || "cassandradb_conf"
|
|
37
|
+
end
|
|
38
|
+
|
|
34
39
|
private
|
|
35
40
|
|
|
36
41
|
def parse(content)
|
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
module Inspec::Resources
|
|
2
2
|
class Lines
|
|
3
|
-
attr_reader :output
|
|
3
|
+
attr_reader :output, :exit_status
|
|
4
4
|
|
|
5
|
-
def initialize(raw, desc)
|
|
5
|
+
def initialize(raw, desc, exit_status)
|
|
6
6
|
@output = raw
|
|
7
7
|
@desc = desc
|
|
8
|
+
@exit_status = exit_status
|
|
8
9
|
end
|
|
9
10
|
|
|
10
11
|
def to_s
|
|
@@ -40,10 +41,14 @@ module Inspec::Resources
|
|
|
40
41
|
if cmd.exit_status != 0 || out =~ /Unable to connect to any servers/ || out.downcase =~ /^error:.*/
|
|
41
42
|
raise Inspec::Exceptions::ResourceFailed, "Cassandra query with errors: #{out}"
|
|
42
43
|
else
|
|
43
|
-
Lines.new(cmd.stdout.strip, "Cassandra query: #{q}")
|
|
44
|
+
Lines.new(cmd.stdout.strip, "Cassandra query: #{q}", cmd.exit_status)
|
|
44
45
|
end
|
|
45
46
|
end
|
|
46
47
|
|
|
48
|
+
def resource_id
|
|
49
|
+
"cassandradb_session:User:#{@user}:Host:#{host}"
|
|
50
|
+
end
|
|
51
|
+
|
|
47
52
|
def to_s
|
|
48
53
|
"Cassandra DB Session"
|
|
49
54
|
end
|
|
@@ -93,6 +93,11 @@ module Inspec::Resources
|
|
|
93
93
|
res.exit_status.to_i == 0
|
|
94
94
|
end
|
|
95
95
|
|
|
96
|
+
# to_s method outputs the command which we are using here as UUID to identify resource and also it take cares of Redact output
|
|
97
|
+
def resource_id
|
|
98
|
+
to_s || "command"
|
|
99
|
+
end
|
|
100
|
+
|
|
96
101
|
def to_s
|
|
97
102
|
output = "Command: `#{@command}`"
|
|
98
103
|
# Redact output if the `redact_regex` option is passed
|
data/lib/inspec/resources/csv.rb
CHANGED
|
@@ -19,7 +19,8 @@ module Inspec::Resources
|
|
|
19
19
|
|
|
20
20
|
def initialize(path, headers = true)
|
|
21
21
|
@headers = headers
|
|
22
|
-
|
|
22
|
+
@path = path
|
|
23
|
+
super(@path)
|
|
23
24
|
end
|
|
24
25
|
|
|
25
26
|
# override the parse method from JsonConfig
|
|
@@ -68,6 +69,10 @@ module Inspec::Resources
|
|
|
68
69
|
end
|
|
69
70
|
end
|
|
70
71
|
|
|
72
|
+
def resource_id
|
|
73
|
+
@path || "csv"
|
|
74
|
+
end
|
|
75
|
+
|
|
71
76
|
private
|
|
72
77
|
|
|
73
78
|
# used by JsonConfig to build up a full to_s method
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
require "inspec/resources/command"
|
|
2
|
+
require_relative "routing_table"
|
|
3
|
+
|
|
4
|
+
module Inspec::Resources
|
|
5
|
+
class Defaultgateway < Routingtable
|
|
6
|
+
# resource internal name.
|
|
7
|
+
name "default_gateway"
|
|
8
|
+
|
|
9
|
+
# Restrict to only run on the below platforms (if none were given,
|
|
10
|
+
# all OS's and cloud API's supported)
|
|
11
|
+
supports platform: "unix"
|
|
12
|
+
supports platform: "windows"
|
|
13
|
+
|
|
14
|
+
desc "Use the `default_gateway` Chef InSpec audit resource to test the assigned ip address and interface for the default route."
|
|
15
|
+
|
|
16
|
+
example <<~EXAMPLE
|
|
17
|
+
describe default_gateway do
|
|
18
|
+
its(:ipaddress) { should eq '172.31.80.1' }
|
|
19
|
+
end
|
|
20
|
+
describe default_gateway do
|
|
21
|
+
its("interface") { should eq 'eth0' }
|
|
22
|
+
end
|
|
23
|
+
EXAMPLE
|
|
24
|
+
|
|
25
|
+
def initialize
|
|
26
|
+
skip_resource "The `default_gateway` resource is not yet available on your OS." unless inspec.os.unix? || inspec.os.windows?
|
|
27
|
+
# invoke the routing_table initialize; which populates the @routing_info
|
|
28
|
+
super()
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
# resource appearance in test reports.
|
|
32
|
+
def to_s
|
|
33
|
+
"default_gateway"
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
# fetches the ipaddress assigned to the default gateway
|
|
37
|
+
# default gateway's destination is either `default` or `0.0.0.0`
|
|
38
|
+
def ipaddress
|
|
39
|
+
# @routing_info is the hash populated in routing_table resource
|
|
40
|
+
# @routing_info contain values as:
|
|
41
|
+
# {
|
|
42
|
+
# destination1: [ [gateway1x, interface1x], [gateway1y, interface1y] ],
|
|
43
|
+
# destination2: [gateway2, interface2]
|
|
44
|
+
# }
|
|
45
|
+
%w{default 0.0.0.0}.each do |destination|
|
|
46
|
+
return @routing_info[destination][0][0] if @routing_info.key?(destination)
|
|
47
|
+
end
|
|
48
|
+
# raise exception because no destination with value default or 0.0.0.0 is found in the routing table
|
|
49
|
+
raise Inspec::Exceptions::ResourceFailed, "No routing found as part of default gateway"
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
# fetches the interface assigned to the default gateway
|
|
53
|
+
def interface
|
|
54
|
+
%w{default 0.0.0.0}.each do |destination|
|
|
55
|
+
return @routing_info[destination][0][1] if @routing_info.key?(destination)
|
|
56
|
+
end
|
|
57
|
+
# raise exception because no destination with value default or 0.0.0.0 is found in the routing table
|
|
58
|
+
raise Inspec::Exceptions::ResourceFailed, "No routing found as part of default gateway"
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
end
|
|
@@ -37,6 +37,10 @@ module Inspec::Resources
|
|
|
37
37
|
"hosts.allow Configuration"
|
|
38
38
|
end
|
|
39
39
|
|
|
40
|
+
def resource_id
|
|
41
|
+
@conf_path
|
|
42
|
+
end
|
|
43
|
+
|
|
40
44
|
private
|
|
41
45
|
|
|
42
46
|
def read_content
|
|
@@ -110,5 +114,6 @@ module Inspec::Resources
|
|
|
110
114
|
def to_s
|
|
111
115
|
"hosts.deny Configuration"
|
|
112
116
|
end
|
|
117
|
+
|
|
113
118
|
end
|
|
114
119
|
end
|
|
@@ -35,11 +35,12 @@ module Inspec::Resources
|
|
|
35
35
|
end
|
|
36
36
|
EXAMPLE
|
|
37
37
|
|
|
38
|
-
attr_reader :file, :mount_options
|
|
38
|
+
attr_reader :file, :mount_options, :path
|
|
39
39
|
def initialize(path)
|
|
40
40
|
# select permissions style
|
|
41
41
|
@perms_provider = select_file_perms_style(inspec.os)
|
|
42
42
|
@file = inspec.backend.file(path)
|
|
43
|
+
@path = path
|
|
43
44
|
end
|
|
44
45
|
|
|
45
46
|
%w{
|
|
@@ -181,6 +182,34 @@ module Inspec::Resources
|
|
|
181
182
|
inv_mode & file.mode != 0
|
|
182
183
|
end
|
|
183
184
|
|
|
185
|
+
def immutable?
|
|
186
|
+
raise Inspec::Exceptions::ResourceSkipped, "The `be_immutable` matcher is not supported on your OS yet." unless inspec.os.unix?
|
|
187
|
+
|
|
188
|
+
if inspec.os.linux?
|
|
189
|
+
file_info = LinuxImmutableFlagCheck.new(inspec, file)
|
|
190
|
+
else
|
|
191
|
+
file_info = UnixImmutableFlagCheck.new(inspec, file)
|
|
192
|
+
end
|
|
193
|
+
|
|
194
|
+
file_info.is_immutable?
|
|
195
|
+
end
|
|
196
|
+
|
|
197
|
+
# parse the json file content and returns the content
|
|
198
|
+
def content_as_json
|
|
199
|
+
require "json" unless defined?(JSON)
|
|
200
|
+
JSON.parse(file.content)
|
|
201
|
+
rescue => e
|
|
202
|
+
raise Inspec::Exceptions::ResourceFailed, "Unable to parse the given JSON file: #{e.message}"
|
|
203
|
+
end
|
|
204
|
+
|
|
205
|
+
# parse the yaml file content and returns the content
|
|
206
|
+
def content_as_yaml
|
|
207
|
+
require "yaml" unless defined?(YAML)
|
|
208
|
+
YAML.load(file.content)
|
|
209
|
+
rescue => e
|
|
210
|
+
raise Inspec::Exceptions::ResourceFailed, "Unable to parse the given YAML file: #{e.message}"
|
|
211
|
+
end
|
|
212
|
+
|
|
184
213
|
def to_s
|
|
185
214
|
if file
|
|
186
215
|
"File #{source_path}"
|
|
@@ -189,6 +218,10 @@ module Inspec::Resources
|
|
|
189
218
|
end
|
|
190
219
|
end
|
|
191
220
|
|
|
221
|
+
def resource_id
|
|
222
|
+
path
|
|
223
|
+
end
|
|
224
|
+
|
|
192
225
|
private
|
|
193
226
|
|
|
194
227
|
def file_permission_granted?(access_type, by_usergroup, by_specific_user)
|
|
@@ -373,4 +406,67 @@ module Inspec::Resources
|
|
|
373
406
|
end
|
|
374
407
|
end
|
|
375
408
|
end
|
|
409
|
+
|
|
410
|
+
# Helper class for immutable matcher.
|
|
411
|
+
class ImmutableFlagCheck
|
|
412
|
+
attr_reader :inspec, :file_path
|
|
413
|
+
def initialize(inspec, file)
|
|
414
|
+
@inspec = inspec
|
|
415
|
+
@file_path = file.path
|
|
416
|
+
end
|
|
417
|
+
|
|
418
|
+
def find_utility_or_error(utility_name)
|
|
419
|
+
[
|
|
420
|
+
"/usr/sbin/#{utility_name}",
|
|
421
|
+
"/sbin/#{utility_name}",
|
|
422
|
+
"/usr/bin/#{utility_name}",
|
|
423
|
+
"/bin/#{utility_name}",
|
|
424
|
+
"#{utility_name}",
|
|
425
|
+
].each do |cmd|
|
|
426
|
+
return cmd if inspec.command(cmd).exist?
|
|
427
|
+
end
|
|
428
|
+
|
|
429
|
+
raise Inspec::Exceptions::ResourceFailed, "Could not find `#{utility_name}`"
|
|
430
|
+
end
|
|
431
|
+
end
|
|
432
|
+
|
|
433
|
+
class LinuxImmutableFlagCheck < ImmutableFlagCheck
|
|
434
|
+
def is_immutable?
|
|
435
|
+
# Check if lsattr is available. In general, all linux system has lsattr & chattr
|
|
436
|
+
# This logic check is valid for immutable flag set with chattr
|
|
437
|
+
utility = find_utility_or_error("lsattr")
|
|
438
|
+
utility_cmd = inspec.command("#{utility} #{file_path}")
|
|
439
|
+
|
|
440
|
+
raise Inspec::Exceptions::ResourceFailed, "Executing #{utility} #{file_path} failed: #{utility_cmd.stderr}" if utility_cmd.exit_status.to_i != 0
|
|
441
|
+
|
|
442
|
+
# General output for lsattr file_name is:
|
|
443
|
+
# ----i---------e----- file_name
|
|
444
|
+
# The fifth char resembles the immutable flag. Total 20 flags are allowed.
|
|
445
|
+
lsattr_info = utility_cmd.stdout.strip.squeeze(" ")
|
|
446
|
+
lsattr_info =~ /^.{4}i.{15} .*/
|
|
447
|
+
end
|
|
448
|
+
end
|
|
449
|
+
|
|
450
|
+
class UnixImmutableFlagCheck < ImmutableFlagCheck
|
|
451
|
+
def is_immutable?
|
|
452
|
+
# Check if chflags is available on the system. Most unix-like system comes with chflags.
|
|
453
|
+
# This logic check is valid for immutable flag set with chflags
|
|
454
|
+
find_utility_or_error("chflags")
|
|
455
|
+
|
|
456
|
+
# In general ls -lO is used to check immutable flag set by chflags
|
|
457
|
+
utility_cmd = inspec.command("ls -lO #{file_path}")
|
|
458
|
+
|
|
459
|
+
# But on some bsd system (eg: freebsd) ls -lo is used instead of ls -lO
|
|
460
|
+
utility_cmd = inspec.command("ls -lo #{file_path}") if utility_cmd.exit_status.to_i != 0
|
|
461
|
+
|
|
462
|
+
raise Inspec::Exceptions::ResourceFailed, "Executing ls -lo #{file_path} and ls -lO #{file_path} failed: #{utility_cmd.stderr}" if utility_cmd.exit_status.to_i != 0
|
|
463
|
+
|
|
464
|
+
# General output for ls -lO file_name is:
|
|
465
|
+
# -rw-r--r-- 1 current_user 1083951318 uchg 0 Apr 6 12:45 file_name
|
|
466
|
+
# The schg flag and the uchg flag represents the immutable flags
|
|
467
|
+
# uchg => user immutable flag, schg => system immutable flag.
|
|
468
|
+
file_info = utility_cmd.stdout.strip.split
|
|
469
|
+
file_info.include?("uchg") || file_info.include?("schg")
|
|
470
|
+
end
|
|
471
|
+
end
|
|
376
472
|
end
|
data/lib/inspec/resources/gem.rb
CHANGED
|
@@ -145,10 +145,19 @@ module Inspec::Resources
|
|
|
145
145
|
true
|
|
146
146
|
end
|
|
147
147
|
|
|
148
|
+
# matcher equivalent to gid property.
|
|
149
|
+
def has_gid?(gid_value)
|
|
150
|
+
gid_value == gid
|
|
151
|
+
end
|
|
152
|
+
|
|
148
153
|
def to_s
|
|
149
154
|
"Group #{@group}"
|
|
150
155
|
end
|
|
151
156
|
|
|
157
|
+
def resource_id
|
|
158
|
+
gid ? "#{@group}-#{gid}" : ""
|
|
159
|
+
end
|
|
160
|
+
|
|
152
161
|
private
|
|
153
162
|
|
|
154
163
|
def flatten_entry(group_info, prop)
|
|
@@ -113,6 +113,16 @@ module Inspec::Resources
|
|
|
113
113
|
resolve.nil? || resolve.empty? ? nil : resolve
|
|
114
114
|
end
|
|
115
115
|
|
|
116
|
+
# returns an array of the ipv4 addresses
|
|
117
|
+
def ipv4_address
|
|
118
|
+
ipaddress.select { |ip| ip.match(Resolv::IPv4::Regex) }
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
# returns an array of the ipv6 addresses
|
|
122
|
+
def ipv6_address
|
|
123
|
+
ipaddress.select { |ip| ip.match(Resolv::IPv6::Regex) }
|
|
124
|
+
end
|
|
125
|
+
|
|
116
126
|
def to_s
|
|
117
127
|
resource_name = "Host #{hostname}"
|
|
118
128
|
resource_name += " port #{port} proto #{protocol}" if port
|
|
@@ -120,6 +130,10 @@ module Inspec::Resources
|
|
|
120
130
|
resource_name
|
|
121
131
|
end
|
|
122
132
|
|
|
133
|
+
def resource_id
|
|
134
|
+
port ? "#{hostname}-#{port}-#{protocol}" : hostname
|
|
135
|
+
end
|
|
136
|
+
|
|
123
137
|
private
|
|
124
138
|
|
|
125
139
|
def ping
|
|
@@ -296,15 +310,44 @@ module Inspec::Resources
|
|
|
296
310
|
end
|
|
297
311
|
|
|
298
312
|
def resolve(hostname)
|
|
313
|
+
addresses = []
|
|
314
|
+
# -Type A is the DNS query for IPv4 server Address.
|
|
299
315
|
cmd = inspec.command("Resolve-DnsName –Type A #{hostname} | ConvertTo-Json")
|
|
300
316
|
begin
|
|
301
|
-
|
|
317
|
+
resolve_ipv4 = JSON.parse(cmd.stdout)
|
|
302
318
|
rescue JSON::ParserError => _e
|
|
303
319
|
return nil
|
|
304
320
|
end
|
|
305
321
|
|
|
306
|
-
|
|
307
|
-
|
|
322
|
+
resolve_ipv4 = resolve_ipv4.inject(:merge) if resolve_ipv4.is_a?(Array)
|
|
323
|
+
|
|
324
|
+
# Append the ipv4 addresses
|
|
325
|
+
resolve_ipv4.each_value do |ip|
|
|
326
|
+
matched = ip.to_s.chomp.match(Resolv::IPv4::Regex)
|
|
327
|
+
next if matched.nil? || addresses.include?(matched.to_s)
|
|
328
|
+
|
|
329
|
+
addresses << matched.to_s
|
|
330
|
+
end
|
|
331
|
+
|
|
332
|
+
# -Type AAAA is the DNS query for IPv6 server Address.
|
|
333
|
+
cmd = inspec.command("Resolve-DnsName –Type AAAA #{hostname} | ConvertTo-Json")
|
|
334
|
+
begin
|
|
335
|
+
resolve_ipv6 = JSON.parse(cmd.stdout)
|
|
336
|
+
rescue JSON::ParserError => _e
|
|
337
|
+
return nil
|
|
338
|
+
end
|
|
339
|
+
|
|
340
|
+
resolve_ipv6 = resolve_ipv6.inject(:merge) if resolve_ipv6.is_a?(Array)
|
|
341
|
+
|
|
342
|
+
# Append the ipv6 addresses
|
|
343
|
+
resolve_ipv6.each_value do |ip|
|
|
344
|
+
matched = ip.to_s.chomp.match(Resolv::IPv6::Regex)
|
|
345
|
+
next if matched.nil? || addresses.include?(matched.to_s)
|
|
346
|
+
|
|
347
|
+
addresses << matched.to_s
|
|
348
|
+
end
|
|
349
|
+
|
|
350
|
+
addresses
|
|
308
351
|
end
|
|
309
352
|
end
|
|
310
353
|
end
|
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
module Inspec::Resources
|
|
2
2
|
class Lines
|
|
3
|
-
attr_reader :output
|
|
3
|
+
attr_reader :output, :exit_status
|
|
4
4
|
|
|
5
|
-
def initialize(raw, desc)
|
|
5
|
+
def initialize(raw, desc, exit_status)
|
|
6
6
|
@output = raw
|
|
7
7
|
@desc = desc
|
|
8
|
+
@exit_status = exit_status
|
|
8
9
|
end
|
|
9
10
|
|
|
10
11
|
def to_s
|
|
@@ -58,7 +59,15 @@ module Inspec::Resources
|
|
|
58
59
|
if cmd.exit_status != 0 || out =~ /Can't connect to IBM Db2 / || out.downcase =~ /^error:.*/
|
|
59
60
|
raise Inspec::Exceptions::ResourceFailed, "IBM Db2 connection error: #{out}"
|
|
60
61
|
else
|
|
61
|
-
Lines.new(cmd.stdout.strip, "IBM Db2 Query: #{q}")
|
|
62
|
+
Lines.new(cmd.stdout.strip, "IBM Db2 Query: #{q}", cmd.exit_status)
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
def resource_id
|
|
67
|
+
if inspec.os.platform?("windows")
|
|
68
|
+
"ibmdb2_session:DatabaseName#{@db_name}"
|
|
69
|
+
else
|
|
70
|
+
"ibmdb2_session:DatabaseInstance:#{@db_instance}:DatabaseName#{@db_name}"
|
|
62
71
|
end
|
|
63
72
|
end
|
|
64
73
|
|