RubyGems - inspec-core - Versions diffs - 5.12.2 → 5.18.14 - Mend

inspec-core 5.12.2 → 5.18.14

Files changed (140) hide show

checksums.yaml +4 -4
data/Gemfile +1 -1
data/etc/deprecations.json +4 -0
data/etc/keys/progress-2022-05-04.pem.pub +9 -0
data/inspec-core.gemspec +1 -1
data/lib/inspec/base_cli.rb +5 -0
data/lib/inspec/cli.rb +64 -9
data/lib/inspec/dependencies/dependency_set.rb +6 -2
data/lib/inspec/dependency_loader.rb +5 -1
data/lib/inspec/dsl.rb +18 -5
data/lib/inspec/errors.rb +2 -0
data/lib/inspec/exceptions.rb +2 -0
data/lib/inspec/fetcher/url.rb +1 -1
data/lib/inspec/file_provider.rb +36 -0
data/lib/inspec/iaf_file.rb +127 -0
data/lib/inspec/profile.rb +31 -14
data/lib/inspec/resources/aide_conf.rb +4 -0
data/lib/inspec/resources/apache.rb +4 -0
data/lib/inspec/resources/apache_conf.rb +4 -0
data/lib/inspec/resources/apt.rb +6 -1
data/lib/inspec/resources/audit_policy.rb +5 -0
data/lib/inspec/resources/auditd_conf.rb +4 -0
data/lib/inspec/resources/bash.rb +4 -0
data/lib/inspec/resources/bond.rb +4 -0
data/lib/inspec/resources/bridge.rb +4 -0
data/lib/inspec/resources/cassandradb_conf.rb +5 -0
data/lib/inspec/resources/cassandradb_session.rb +8 -3
data/lib/inspec/resources/chocolatey_package.rb +4 -0
data/lib/inspec/resources/chrony_conf.rb +4 -0
data/lib/inspec/resources/command.rb +5 -0
data/lib/inspec/resources/cpan.rb +4 -0
data/lib/inspec/resources/cran.rb +4 -0
data/lib/inspec/resources/cron.rb +5 -0
data/lib/inspec/resources/csv.rb +6 -1
data/lib/inspec/resources/default_gateway.rb +61 -0
data/lib/inspec/resources/dh_params.rb +4 -0
data/lib/inspec/resources/docker_container.rb +4 -0
data/lib/inspec/resources/docker_image.rb +4 -0
data/lib/inspec/resources/docker_plugin.rb +4 -0
data/lib/inspec/resources/docker_service.rb +4 -0
data/lib/inspec/resources/etc_group.rb +4 -0
data/lib/inspec/resources/etc_hosts_allow_deny.rb +5 -0
data/lib/inspec/resources/file.rb +97 -1
data/lib/inspec/resources/filesystem.rb +4 -0
data/lib/inspec/resources/gem.rb +4 -0
data/lib/inspec/resources/groups.rb +9 -0
data/lib/inspec/resources/grub_conf.rb +4 -0
data/lib/inspec/resources/host.rb +46 -3
data/lib/inspec/resources/http.rb +4 -0
data/lib/inspec/resources/ibmdb2_conf.rb +8 -0
data/lib/inspec/resources/ibmdb2_session.rb +12 -3
data/lib/inspec/resources/iis_app.rb +4 -0
data/lib/inspec/resources/iis_app_pool.rb +4 -0
data/lib/inspec/resources/iis_site.rb +4 -0
data/lib/inspec/resources/inetd_conf.rb +4 -0
data/lib/inspec/resources/interface.rb +4 -0
data/lib/inspec/resources/ip6tables.rb +4 -0
data/lib/inspec/resources/ipfilter.rb +4 -0
data/lib/inspec/resources/ipnat.rb +4 -0
data/lib/inspec/resources/iptables.rb +4 -0
data/lib/inspec/resources/json.rb +4 -0
data/lib/inspec/resources/kernel_module.rb +4 -0
data/lib/inspec/resources/kernel_parameter.rb +4 -0
data/lib/inspec/resources/key_rsa.rb +4 -0
data/lib/inspec/resources/ksh.rb +4 -0
data/lib/inspec/resources/limits_conf.rb +4 -0
data/lib/inspec/resources/linux_audit_system.rb +81 -0
data/lib/inspec/resources/login_defs.rb +4 -0
data/lib/inspec/resources/mongodb.rb +4 -0
data/lib/inspec/resources/mongodb_conf.rb +5 -0
data/lib/inspec/resources/mongodb_session.rb +6 -1
data/lib/inspec/resources/mount.rb +4 -0
data/lib/inspec/resources/mssql_session.rb +4 -0
data/lib/inspec/resources/mssql_sys_conf.rb +7 -0
data/lib/inspec/resources/mysql_conf.rb +4 -0
data/lib/inspec/resources/mysql_session.rb +8 -1
data/lib/inspec/resources/nginx.rb +6 -1
data/lib/inspec/resources/nginx_conf.rb +4 -0
data/lib/inspec/resources/noop.rb +4 -0
data/lib/inspec/resources/npm.rb +4 -0
data/lib/inspec/resources/ntp_conf.rb +4 -0
data/lib/inspec/resources/oneget.rb +4 -0
data/lib/inspec/resources/opa_api.rb +10 -0
data/lib/inspec/resources/opa_cli.rb +14 -0
data/lib/inspec/resources/oracledb_conf.rb +5 -0
data/lib/inspec/resources/oracledb_listener_conf.rb +4 -0
data/lib/inspec/resources/oracledb_session.rb +10 -0
data/lib/inspec/resources/os.rb +4 -0
data/lib/inspec/resources/os_env.rb +4 -0
data/lib/inspec/resources/package.rb +4 -0
data/lib/inspec/resources/parse_config.rb +10 -1
data/lib/inspec/resources/php_config.rb +72 -0
data/lib/inspec/resources/pip.rb +4 -0
data/lib/inspec/resources/platform.rb +4 -0
data/lib/inspec/resources/postfix_conf.rb +4 -0
data/lib/inspec/resources/postgres_conf.rb +4 -0
data/lib/inspec/resources/postgres_session.rb +8 -4
data/lib/inspec/resources/powershell.rb +4 -0
data/lib/inspec/resources/processes.rb +17 -4
data/lib/inspec/resources/rabbitmq_config.rb +4 -0
data/lib/inspec/resources/registry_key.rb +4 -0
data/lib/inspec/resources/security_identifier.rb +4 -0
data/lib/inspec/resources/security_policy.rb +4 -0
data/lib/inspec/resources/service.rb +80 -1
data/lib/inspec/resources/ssh_config.rb +4 -0
data/lib/inspec/resources/sybase_conf.rb +4 -0
data/lib/inspec/resources/sybase_session.rb +4 -0
data/lib/inspec/resources/sys_info.rb +4 -0
data/lib/inspec/resources/timezone.rb +4 -0
data/lib/inspec/resources/users.rb +4 -0
data/lib/inspec/resources/vbscript.rb +5 -0
data/lib/inspec/resources/virtualization.rb +4 -0
data/lib/inspec/resources/windows_feature.rb +5 -1
data/lib/inspec/resources/windows_firewall.rb +4 -0
data/lib/inspec/resources/windows_firewall_rule.rb +4 -0
data/lib/inspec/resources/windows_hotfix.rb +4 -0
data/lib/inspec/resources/windows_task.rb +4 -0
data/lib/inspec/resources/wmi.rb +4 -0
data/lib/inspec/resources/x509_certificate.rb +59 -0
data/lib/inspec/resources/x509_private_key.rb +93 -0
data/lib/inspec/resources/yum.rb +4 -0
data/lib/inspec/resources/zfs.rb +48 -0
data/lib/inspec/resources/zfs_dataset.rb +4 -0
data/lib/inspec/resources/zfs_pool.rb +4 -0
data/lib/inspec/rule.rb +1 -1
data/lib/inspec/secrets/yaml.rb +7 -1
data/lib/inspec/ui.rb +1 -0
data/lib/inspec/utils/yaml_profile_summary.rb +34 -0
data/lib/inspec/version.rb +1 -1
data/lib/plugins/inspec-reporter-html2/templates/body.html.erb +4 -4
data/lib/plugins/inspec-reporter-html2/templates/control.html.erb +1 -1
data/lib/plugins/inspec-reporter-html2/templates/profile.html.erb +1 -1
data/lib/plugins/{inspec-artifact/inspec-artifact.gemspec → inspec-sign/inspec-sign.gemspec} +2 -2
data/lib/plugins/inspec-sign/lib/inspec-sign/base.rb +161 -0
data/lib/plugins/{inspec-artifact/lib/inspec-artifact → inspec-sign/lib/inspec-sign}/cli.rb +14 -23
data/lib/plugins/inspec-sign/lib/inspec-sign.rb +12 -0
data/lib/source_readers/inspec.rb +8 -2
metadata +16 -8
data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +0 -187
data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +0 -12

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 5.12.2
+  version: 5.18.14
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-04-08 00:00:00.000000000 Z
+date: 2022-07-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -370,14 +370,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.10'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.10'
 description: InSpec provides a framework for creating end-to-end infrastructure tests.
   You can use it for integration or even compliance testing. Create fully portable
   test profiles and use them in your workflow to ensure stability and security. Integrate
@@ -392,6 +392,7 @@ files:
 - Gemfile
 - LICENSE
 - etc/deprecations.json
+- etc/keys/progress-2022-05-04.pem.pub
 - etc/plugin_filters.json
 - inspec-core.gemspec
 - lib/bundles/README.md
@@ -443,6 +444,7 @@ files:
 - lib/inspec/formatters/json_rspec.rb
 - lib/inspec/formatters/show_progress.rb
 - lib/inspec/globals.rb
+- lib/inspec/iaf_file.rb
 - lib/inspec/impact.rb
 - lib/inspec/input.rb
 - lib/inspec/input_dsl_helpers.rb
@@ -520,6 +522,7 @@ files:
 - lib/inspec/resources/cron.rb
 - lib/inspec/resources/crontab.rb
 - lib/inspec/resources/csv.rb
+- lib/inspec/resources/default_gateway.rb
 - lib/inspec/resources/dh_params.rb
 - lib/inspec/resources/directory.rb
 - lib/inspec/resources/docker.rb
@@ -566,6 +569,7 @@ files:
 - lib/inspec/resources/ksh.rb
 - lib/inspec/resources/launchd_service.rb
 - lib/inspec/resources/limits_conf.rb
+- lib/inspec/resources/linux_audit_system.rb
 - lib/inspec/resources/linux_kernel_parameter.rb
 - lib/inspec/resources/login_defs.rb
 - lib/inspec/resources/lxc.rb
@@ -599,6 +603,7 @@ files:
 - lib/inspec/resources/parse_config.rb
 - lib/inspec/resources/parse_config_file.rb
 - lib/inspec/resources/passwd.rb
+- lib/inspec/resources/php_config.rb
 - lib/inspec/resources/pip.rb
 - lib/inspec/resources/platform.rb
 - lib/inspec/resources/port.rb
@@ -645,10 +650,12 @@ files:
 - lib/inspec/resources/windows_task.rb
 - lib/inspec/resources/wmi.rb
 - lib/inspec/resources/x509_certificate.rb
+- lib/inspec/resources/x509_private_key.rb
 - lib/inspec/resources/xinetd_conf.rb
 - lib/inspec/resources/xml.rb
 - lib/inspec/resources/yaml.rb
 - lib/inspec/resources/yum.rb
+- lib/inspec/resources/zfs.rb
 - lib/inspec/resources/zfs_dataset.rb
 - lib/inspec/resources/zfs_pool.rb
 - lib/inspec/rspec_extensions.rb
@@ -709,13 +716,10 @@ files:
 - lib/inspec/utils/telemetry/data_series.rb
 - lib/inspec/utils/telemetry/global_methods.rb
 - lib/inspec/utils/telemetry/run_context_probe.rb
+- lib/inspec/utils/yaml_profile_summary.rb
 - lib/inspec/version.rb
 - lib/matchers/matchers.rb
 - lib/plugins/README.md
-- lib/plugins/inspec-artifact/inspec-artifact.gemspec
-- lib/plugins/inspec-artifact/lib/inspec-artifact.rb
-- lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb
-- lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb
 - lib/plugins/inspec-compliance/README.md
 - lib/plugins/inspec-compliance/inspec-compliance.gemspec
 - lib/plugins/inspec-compliance/lib/inspec-compliance.rb
@@ -799,6 +803,10 @@ files:
 - lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit.rb
 - lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit/reporter.rb
 - lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit/version.rb
+- lib/plugins/inspec-sign/inspec-sign.gemspec
+- lib/plugins/inspec-sign/lib/inspec-sign.rb
+- lib/plugins/inspec-sign/lib/inspec-sign/base.rb
+- lib/plugins/inspec-sign/lib/inspec-sign/cli.rb
 - lib/plugins/inspec-streaming-reporter-progress-bar/README.md
 - lib/plugins/inspec-streaming-reporter-progress-bar/inspec-streaming-reporter-progress-bar.gemspec
 - lib/plugins/inspec-streaming-reporter-progress-bar/lib/inspec-streaming-reporter-progress-bar.rb

data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb DELETED Viewed

@@ -1,187 +0,0 @@
-require "base64" unless defined?(Base64)
-require "openssl" unless defined?(OpenSSL)
-require "pathname" unless defined?(Pathname)
-require "set" unless defined?(Set)
-require "tempfile" unless defined?(Tempfile)
-require "yaml"
-require "inspec/dist"
-require "inspec/utils/json_profile_summary"
-module InspecPlugins
-  module Artifact
-    class Base
-      include Inspec::Dist
-      KEY_BITS = 2048
-      KEY_ALG = OpenSSL::PKey::RSA
-      INSPEC_PROFILE_VERSION_1 = "INSPEC-PROFILE-1".freeze
-      INSPEC_REPORT_VERSION_1 = "INSPEC-REPORT-1".freeze
-      ARTIFACT_DIGEST = OpenSSL::Digest::SHA512
-      ARTIFACT_DIGEST_NAME = "SHA512".freeze
-      VALID_PROFILE_VERSIONS = Set.new [INSPEC_PROFILE_VERSION_1]
-      VALID_PROFILE_DIGESTS = Set.new [ARTIFACT_DIGEST_NAME]
-      SIGNED_PROFILE_SUFFIX = "iaf".freeze
-      SIGNED_REPORT_SUFFIX = "iar".freeze
-      def self.keygen(options)
-        key = KEY_ALG.new KEY_BITS
-        puts "Generating private key"
-        open "#{options["keyname"]}.pem.key", "w" do |io|
-          io.write key.to_pem
-        end
-        puts "Generating public key"
-        open "#{options["keyname"]}.pem.pub", "w" do |io|
-          io.write key.public_key.to_pem
-        end
-      end
-      def self.profile_sign(options)
-        artifact = new
-        path_to_profile = options["profile"]
-        # Write inspec.json file within artifact
-        write_inspec_json(path_to_profile, options)
-        Dir.mktmpdir do |workdir|
-          puts "Signing #{options["profile"]} with key #{options["keyname"]}"
-          profile_md = artifact.read_profile_metadata(path_to_profile)
-          artifact_filename = "#{profile_md["name"]}-#{profile_md["version"]}.#{SIGNED_PROFILE_SUFFIX}"
-          tarfile = artifact.profile_compress(path_to_profile, profile_md, workdir)
-          content = IO.binread(tarfile)
-          signing_key = KEY_ALG.new File.read "#{options["keyname"]}.pem.key"
-          sha = ARTIFACT_DIGEST.new
-          signature = signing_key.sign sha, content
-          # convert the signature to Base64
-          signature_base64 = Base64.encode64(signature)
-          tar_content = IO.binread(tarfile)
-          File.open(artifact_filename, "wb") do |f|
-            f.puts(INSPEC_PROFILE_VERSION_1)
-            f.puts(options["keyname"])
-            f.puts(ARTIFACT_DIGEST_NAME)
-            f.puts(signature_base64)
-            f.puts("") # newline separates artifact header with body
-            f.write(tar_content)
-          end
-          puts "Successfully generated #{artifact_filename}"
-        end
-        # Cleanup
-        File.delete("#{path_to_profile}/inspec.json")
-      end
-      def self.profile_verify(options)
-        artifact = new
-        file_to_verifiy = options["infile"]
-        puts "Verifying #{file_to_verifiy}"
-        artifact.verify(file_to_verifiy) do ||
-          puts "Artifact is valid"
-        end
-      end
-      def self.profile_install(options)
-        artifact = new
-        puts "Installing profile"
-        file_to_verifiy = options["infile"]
-        dest_dir = options["destdir"]
-        artifact.verify(file_to_verifiy) do |content|
-          Dir.mktmpdir do |workdir|
-            tmpfile = Pathname.new(workdir).join("artifact_to_install.tar.gz")
-            File.write(tmpfile, content)
-            puts "Installing to #{dest_dir}"
-            `tar xzf #{tmpfile} -C #{dest_dir}`
-          end
-        end
-      end
-      def read_profile_metadata(path_to_profile)
-        begin
-          p = Pathname.new(path_to_profile)
-          p = p.join("inspec.yml")
-          unless p.exist?
-            raise "#{path_to_profile} doesn't appear to be a valid #{PRODUCT_NAME} profile"
-          end
-          yaml = YAML.load_file(p.to_s)
-          yaml = yaml.to_hash
-          unless yaml.key? "name"
-            raise "Profile is invalid, name is not defined"
-          end
-          unless yaml.key? "version"
-            raise "Profile is invalid, version is not defined"
-          end
-        rescue => e
-          # rewrap it and pass it up to the CLI
-          raise "Error reading #{PRODUCT_NAME} profile metadata: #{e}"
-        end
-        yaml
-      end
-      def profile_compress(path_to_profile, profile_md, workdir)
-        profile_name = profile_md["name"]
-        profile_version = profile_md["version"]
-        outfile_name = "#{workdir}/#{profile_name}-#{profile_version}.tar.gz"
-        `tar czf #{outfile_name} -C #{path_to_profile} .`
-        outfile_name
-      end
-      def valid_header?(file_alg, file_version, file_keyname)
-        public_keyfile = "#{file_keyname}.pem.pub"
-        puts "Looking for #{public_keyfile} to verify artifact"
-        unless File.exist? public_keyfile
-          raise "Can't find #{public_keyfile}"
-        end
-        raise "Invalid artifact digest algorithm detected" unless VALID_PROFILE_DIGESTS.member?(file_alg)
-        raise "Invalid artifact version detected" unless VALID_PROFILE_VERSIONS.member?(file_version)
-      end
-      def verify(file_to_verifiy, &content_block)
-        f = File.open(file_to_verifiy, "r")
-        file_version = f.readline.strip!
-        file_keyname = f.readline.strip!
-        file_alg = f.readline.strip!
-        file_sig = ""
-        # the signature is multi-line
-        while (line = f.readline) != "\n"
-          file_sig += line
-        end
-        file_sig.strip!
-        f.close
-        valid_header?(file_alg, file_version, file_keyname)
-        public_keyfile = "#{file_keyname}.pem.pub"
-        verification_key = KEY_ALG.new File.read public_keyfile
-        f = File.open(file_to_verifiy, "r")
-        while f.readline != "\n" do end
-        content = f.read
-        signature = Base64.decode64(file_sig)
-        digest = ARTIFACT_DIGEST.new
-        if verification_key.verify digest, signature, content
-          content_block.yield(content)
-        else
-          raise "Artifact is invalid"
-        end
-      end
-      def self.write_inspec_json(root_path, opts)
-        profile = Inspec::Profile.for_path(root_path, opts)
-        Inspec::Utils::JsonProfileSummary.produce_json(
-          info: profile.info,
-          write_path: "#{root_path}/inspec.json",
-          suppress_output: true
-        )
-      end
-    end
-  end
-end

data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb DELETED Viewed

@@ -1,12 +0,0 @@
-module InspecPlugins
-  module Artifact
-    class Plugin < Inspec.plugin(2)
-      plugin_name :'inspec-artifact'
-      cli_command :artifact do
-        require_relative "inspec-artifact/cli"
-        InspecPlugins::Artifact::CLI
-      end
-    end
-  end
-end