inspec-core 5.17.4 → 5.18.14
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/etc/deprecations.json +4 -0
- data/inspec-core.gemspec +1 -1
- data/lib/inspec/base_cli.rb +5 -0
- data/lib/inspec/cli.rb +62 -9
- data/lib/inspec/dependencies/dependency_set.rb +6 -2
- data/lib/inspec/dsl.rb +18 -5
- data/lib/inspec/errors.rb +2 -0
- data/lib/inspec/exceptions.rb +2 -0
- data/lib/inspec/fetcher/url.rb +1 -1
- data/lib/inspec/file_provider.rb +36 -0
- data/lib/inspec/iaf_file.rb +127 -0
- data/lib/inspec/profile.rb +17 -7
- data/lib/inspec/resources/aide_conf.rb +4 -0
- data/lib/inspec/resources/apache.rb +4 -0
- data/lib/inspec/resources/apache_conf.rb +4 -0
- data/lib/inspec/resources/apt.rb +6 -1
- data/lib/inspec/resources/audit_policy.rb +5 -0
- data/lib/inspec/resources/auditd_conf.rb +4 -0
- data/lib/inspec/resources/bash.rb +4 -0
- data/lib/inspec/resources/bond.rb +4 -0
- data/lib/inspec/resources/bridge.rb +4 -0
- data/lib/inspec/resources/cassandradb_conf.rb +5 -0
- data/lib/inspec/resources/cassandradb_session.rb +8 -3
- data/lib/inspec/resources/chocolatey_package.rb +4 -0
- data/lib/inspec/resources/chrony_conf.rb +4 -0
- data/lib/inspec/resources/command.rb +5 -0
- data/lib/inspec/resources/cpan.rb +4 -0
- data/lib/inspec/resources/cran.rb +4 -0
- data/lib/inspec/resources/cron.rb +5 -0
- data/lib/inspec/resources/csv.rb +6 -1
- data/lib/inspec/resources/dh_params.rb +4 -0
- data/lib/inspec/resources/docker_container.rb +4 -0
- data/lib/inspec/resources/docker_image.rb +4 -0
- data/lib/inspec/resources/docker_plugin.rb +4 -0
- data/lib/inspec/resources/docker_service.rb +4 -0
- data/lib/inspec/resources/etc_group.rb +4 -0
- data/lib/inspec/resources/etc_hosts_allow_deny.rb +5 -0
- data/lib/inspec/resources/file.rb +6 -1
- data/lib/inspec/resources/filesystem.rb +4 -0
- data/lib/inspec/resources/gem.rb +4 -0
- data/lib/inspec/resources/groups.rb +4 -0
- data/lib/inspec/resources/grub_conf.rb +4 -0
- data/lib/inspec/resources/host.rb +4 -0
- data/lib/inspec/resources/http.rb +4 -0
- data/lib/inspec/resources/ibmdb2_conf.rb +8 -0
- data/lib/inspec/resources/ibmdb2_session.rb +12 -3
- data/lib/inspec/resources/iis_app.rb +4 -0
- data/lib/inspec/resources/iis_app_pool.rb +4 -0
- data/lib/inspec/resources/iis_site.rb +4 -0
- data/lib/inspec/resources/inetd_conf.rb +4 -0
- data/lib/inspec/resources/interface.rb +4 -0
- data/lib/inspec/resources/ip6tables.rb +4 -0
- data/lib/inspec/resources/ipfilter.rb +4 -0
- data/lib/inspec/resources/ipnat.rb +4 -0
- data/lib/inspec/resources/iptables.rb +4 -0
- data/lib/inspec/resources/json.rb +4 -0
- data/lib/inspec/resources/kernel_module.rb +4 -0
- data/lib/inspec/resources/kernel_parameter.rb +4 -0
- data/lib/inspec/resources/key_rsa.rb +4 -0
- data/lib/inspec/resources/ksh.rb +4 -0
- data/lib/inspec/resources/limits_conf.rb +4 -0
- data/lib/inspec/resources/login_defs.rb +4 -0
- data/lib/inspec/resources/mongodb.rb +4 -0
- data/lib/inspec/resources/mongodb_conf.rb +5 -0
- data/lib/inspec/resources/mongodb_session.rb +6 -1
- data/lib/inspec/resources/mount.rb +4 -0
- data/lib/inspec/resources/mssql_session.rb +4 -0
- data/lib/inspec/resources/mssql_sys_conf.rb +7 -0
- data/lib/inspec/resources/mysql_conf.rb +4 -0
- data/lib/inspec/resources/mysql_session.rb +8 -1
- data/lib/inspec/resources/nginx.rb +6 -1
- data/lib/inspec/resources/nginx_conf.rb +4 -0
- data/lib/inspec/resources/noop.rb +4 -0
- data/lib/inspec/resources/npm.rb +4 -0
- data/lib/inspec/resources/ntp_conf.rb +4 -0
- data/lib/inspec/resources/oneget.rb +4 -0
- data/lib/inspec/resources/opa_api.rb +10 -0
- data/lib/inspec/resources/opa_cli.rb +14 -0
- data/lib/inspec/resources/oracledb_conf.rb +5 -0
- data/lib/inspec/resources/oracledb_listener_conf.rb +4 -0
- data/lib/inspec/resources/oracledb_session.rb +10 -0
- data/lib/inspec/resources/os.rb +4 -0
- data/lib/inspec/resources/os_env.rb +4 -0
- data/lib/inspec/resources/package.rb +4 -0
- data/lib/inspec/resources/parse_config.rb +10 -1
- data/lib/inspec/resources/pip.rb +4 -0
- data/lib/inspec/resources/platform.rb +4 -0
- data/lib/inspec/resources/postfix_conf.rb +4 -0
- data/lib/inspec/resources/postgres_conf.rb +4 -0
- data/lib/inspec/resources/postgres_session.rb +8 -4
- data/lib/inspec/resources/powershell.rb +4 -0
- data/lib/inspec/resources/processes.rb +6 -4
- data/lib/inspec/resources/rabbitmq_config.rb +4 -0
- data/lib/inspec/resources/registry_key.rb +4 -0
- data/lib/inspec/resources/security_identifier.rb +4 -0
- data/lib/inspec/resources/security_policy.rb +4 -0
- data/lib/inspec/resources/service.rb +4 -0
- data/lib/inspec/resources/ssh_config.rb +4 -0
- data/lib/inspec/resources/sybase_conf.rb +4 -0
- data/lib/inspec/resources/sybase_session.rb +4 -0
- data/lib/inspec/resources/sys_info.rb +4 -0
- data/lib/inspec/resources/timezone.rb +4 -0
- data/lib/inspec/resources/users.rb +4 -0
- data/lib/inspec/resources/vbscript.rb +5 -0
- data/lib/inspec/resources/virtualization.rb +4 -0
- data/lib/inspec/resources/windows_feature.rb +5 -1
- data/lib/inspec/resources/windows_firewall.rb +4 -0
- data/lib/inspec/resources/windows_firewall_rule.rb +4 -0
- data/lib/inspec/resources/windows_hotfix.rb +4 -0
- data/lib/inspec/resources/windows_task.rb +4 -0
- data/lib/inspec/resources/wmi.rb +4 -0
- data/lib/inspec/resources/x509_certificate.rb +59 -0
- data/lib/inspec/resources/yum.rb +4 -0
- data/lib/inspec/resources/zfs_dataset.rb +4 -0
- data/lib/inspec/resources/zfs_pool.rb +4 -0
- data/lib/inspec/rule.rb +1 -1
- data/lib/inspec/secrets/yaml.rb +7 -1
- data/lib/inspec/ui.rb +1 -0
- data/lib/inspec/utils/yaml_profile_summary.rb +34 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-reporter-html2/templates/body.html.erb +4 -4
- data/lib/plugins/inspec-reporter-html2/templates/control.html.erb +1 -1
- data/lib/plugins/inspec-reporter-html2/templates/profile.html.erb +1 -1
- data/lib/plugins/{inspec-artifact/inspec-artifact.gemspec → inspec-sign/inspec-sign.gemspec} +2 -2
- data/lib/plugins/inspec-sign/lib/inspec-sign/base.rb +161 -0
- data/lib/plugins/{inspec-artifact/lib/inspec-artifact → inspec-sign/lib/inspec-sign}/cli.rb +14 -23
- data/lib/plugins/inspec-sign/lib/inspec-sign.rb +12 -0
- data/lib/source_readers/inspec.rb +8 -2
- metadata +10 -8
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +0 -187
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +0 -12
|
@@ -93,6 +93,11 @@ module Inspec::Resources
|
|
|
93
93
|
res.exit_status.to_i == 0
|
|
94
94
|
end
|
|
95
95
|
|
|
96
|
+
# to_s method outputs the command which we are using here as UUID to identify resource and also it take cares of Redact output
|
|
97
|
+
def resource_id
|
|
98
|
+
to_s || "command"
|
|
99
|
+
end
|
|
100
|
+
|
|
96
101
|
def to_s
|
|
97
102
|
output = "Command: `#{@command}`"
|
|
98
103
|
# Redact output if the `redact_regex` option is passed
|
data/lib/inspec/resources/csv.rb
CHANGED
|
@@ -19,7 +19,8 @@ module Inspec::Resources
|
|
|
19
19
|
|
|
20
20
|
def initialize(path, headers = true)
|
|
21
21
|
@headers = headers
|
|
22
|
-
|
|
22
|
+
@path = path
|
|
23
|
+
super(@path)
|
|
23
24
|
end
|
|
24
25
|
|
|
25
26
|
# override the parse method from JsonConfig
|
|
@@ -68,6 +69,10 @@ module Inspec::Resources
|
|
|
68
69
|
end
|
|
69
70
|
end
|
|
70
71
|
|
|
72
|
+
def resource_id
|
|
73
|
+
@path || "csv"
|
|
74
|
+
end
|
|
75
|
+
|
|
71
76
|
private
|
|
72
77
|
|
|
73
78
|
# used by JsonConfig to build up a full to_s method
|
|
@@ -37,6 +37,10 @@ module Inspec::Resources
|
|
|
37
37
|
"hosts.allow Configuration"
|
|
38
38
|
end
|
|
39
39
|
|
|
40
|
+
def resource_id
|
|
41
|
+
@conf_path
|
|
42
|
+
end
|
|
43
|
+
|
|
40
44
|
private
|
|
41
45
|
|
|
42
46
|
def read_content
|
|
@@ -110,5 +114,6 @@ module Inspec::Resources
|
|
|
110
114
|
def to_s
|
|
111
115
|
"hosts.deny Configuration"
|
|
112
116
|
end
|
|
117
|
+
|
|
113
118
|
end
|
|
114
119
|
end
|
|
@@ -35,11 +35,12 @@ module Inspec::Resources
|
|
|
35
35
|
end
|
|
36
36
|
EXAMPLE
|
|
37
37
|
|
|
38
|
-
attr_reader :file, :mount_options
|
|
38
|
+
attr_reader :file, :mount_options, :path
|
|
39
39
|
def initialize(path)
|
|
40
40
|
# select permissions style
|
|
41
41
|
@perms_provider = select_file_perms_style(inspec.os)
|
|
42
42
|
@file = inspec.backend.file(path)
|
|
43
|
+
@path = path
|
|
43
44
|
end
|
|
44
45
|
|
|
45
46
|
%w{
|
|
@@ -217,6 +218,10 @@ module Inspec::Resources
|
|
|
217
218
|
end
|
|
218
219
|
end
|
|
219
220
|
|
|
221
|
+
def resource_id
|
|
222
|
+
path
|
|
223
|
+
end
|
|
224
|
+
|
|
220
225
|
private
|
|
221
226
|
|
|
222
227
|
def file_permission_granted?(access_type, by_usergroup, by_specific_user)
|
data/lib/inspec/resources/gem.rb
CHANGED
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
module Inspec::Resources
|
|
2
2
|
class Lines
|
|
3
|
-
attr_reader :output
|
|
3
|
+
attr_reader :output, :exit_status
|
|
4
4
|
|
|
5
|
-
def initialize(raw, desc)
|
|
5
|
+
def initialize(raw, desc, exit_status)
|
|
6
6
|
@output = raw
|
|
7
7
|
@desc = desc
|
|
8
|
+
@exit_status = exit_status
|
|
8
9
|
end
|
|
9
10
|
|
|
10
11
|
def to_s
|
|
@@ -58,7 +59,15 @@ module Inspec::Resources
|
|
|
58
59
|
if cmd.exit_status != 0 || out =~ /Can't connect to IBM Db2 / || out.downcase =~ /^error:.*/
|
|
59
60
|
raise Inspec::Exceptions::ResourceFailed, "IBM Db2 connection error: #{out}"
|
|
60
61
|
else
|
|
61
|
-
Lines.new(cmd.stdout.strip, "IBM Db2 Query: #{q}")
|
|
62
|
+
Lines.new(cmd.stdout.strip, "IBM Db2 Query: #{q}", cmd.exit_status)
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
def resource_id
|
|
67
|
+
if inspec.os.platform?("windows")
|
|
68
|
+
"ibmdb2_session:DatabaseName#{@db_name}"
|
|
69
|
+
else
|
|
70
|
+
"ibmdb2_session:DatabaseInstance:#{@db_instance}:DatabaseName#{@db_name}"
|
|
62
71
|
end
|
|
63
72
|
end
|
|
64
73
|
|
|
@@ -62,6 +62,10 @@ module Inspec::Resources
|
|
|
62
62
|
@ip6tables_cache = cmd.stdout.split("\n").map(&:strip)
|
|
63
63
|
end
|
|
64
64
|
|
|
65
|
+
def resource_id
|
|
66
|
+
format("Ip6tables %s %s", @table && "table: #{@table}", @chain && "chain: #{@chain}").strip
|
|
67
|
+
end
|
|
68
|
+
|
|
65
69
|
def to_s
|
|
66
70
|
format("Ip6tables %s %s", @table && "table: #{@table}", @chain && "chain: #{@chain}").strip
|
|
67
71
|
end
|
|
@@ -69,6 +69,10 @@ module Inspec::Resources
|
|
|
69
69
|
end
|
|
70
70
|
end
|
|
71
71
|
|
|
72
|
+
def resource_id
|
|
73
|
+
format("Iptables %s %s", @table && "table: #{@table}", @chain && "chain: #{@chain}").strip
|
|
74
|
+
end
|
|
75
|
+
|
|
72
76
|
def to_s
|
|
73
77
|
format("Iptables %s %s", @table && "table: #{@table}", @chain && "chain: #{@chain}").strip
|
|
74
78
|
end
|
data/lib/inspec/resources/ksh.rb
CHANGED
|
@@ -4,9 +4,10 @@ module Inspec::Resources
|
|
|
4
4
|
class Lines
|
|
5
5
|
attr_reader :params
|
|
6
6
|
|
|
7
|
-
def initialize(raw, desc)
|
|
7
|
+
def initialize(raw, desc, exit_status = nil)
|
|
8
8
|
@params = raw
|
|
9
9
|
@desc = desc
|
|
10
|
+
@exit_status = exit_status
|
|
10
11
|
end
|
|
11
12
|
|
|
12
13
|
def to_s
|
|
@@ -62,6 +63,10 @@ module Inspec::Resources
|
|
|
62
63
|
raise Inspec::Exceptions::ResourceFailed, "Can't run MongoDB command Error: #{e.message}"
|
|
63
64
|
end
|
|
64
65
|
|
|
66
|
+
def resource_id
|
|
67
|
+
"mongodb_session:User:#{@user}:Host:#{@host}:Database:#{@database}"
|
|
68
|
+
end
|
|
69
|
+
|
|
65
70
|
private
|
|
66
71
|
|
|
67
72
|
def create_session
|
|
@@ -19,6 +19,8 @@ module Inspec::Resources
|
|
|
19
19
|
attr_reader :mssql_session, :sql_query
|
|
20
20
|
|
|
21
21
|
def initialize(conf_param_name, opts = {})
|
|
22
|
+
@conf_param_name = conf_param_name
|
|
23
|
+
@opts = opts
|
|
22
24
|
opts[:username] ||= "SA"
|
|
23
25
|
@mssql_session = inspec.mssql_session(opts)
|
|
24
26
|
setting = conf_param_name.to_s.gsub("_", " ").split.map(&:capitalize).join(" ")
|
|
@@ -37,6 +39,11 @@ module Inspec::Resources
|
|
|
37
39
|
"MsSql DB Configuration"
|
|
38
40
|
end
|
|
39
41
|
|
|
42
|
+
def resource_id
|
|
43
|
+
username = @opts[:username] || "SA"
|
|
44
|
+
"#{@conf_param_name}-#{username}"
|
|
45
|
+
end
|
|
46
|
+
|
|
40
47
|
private
|
|
41
48
|
|
|
42
49
|
def determine_system_configurations(setting)
|
|
@@ -43,6 +43,7 @@ module Inspec::Resources
|
|
|
43
43
|
@host = host
|
|
44
44
|
@port = port
|
|
45
45
|
@socket = socket
|
|
46
|
+
@db = nil
|
|
46
47
|
init_fallback if user.nil? || pass.nil?
|
|
47
48
|
raise Inspec::Exceptions::ResourceFailed, "Can't run MySQL SQL checks without authentication." if @user.nil? || @pass.nil?
|
|
48
49
|
|
|
@@ -52,7 +53,9 @@ module Inspec::Resources
|
|
|
52
53
|
def query(q, db = "")
|
|
53
54
|
raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
|
|
54
55
|
|
|
55
|
-
|
|
56
|
+
@db = db
|
|
57
|
+
mysql_cmd = create_mysql_cmd(q, @db)
|
|
58
|
+
|
|
56
59
|
cmd = if !@pass.nil?
|
|
57
60
|
inspec.command(mysql_cmd, redact_regex: /(mysql -u\w+ -p).+(\s-(h|S).*)/)
|
|
58
61
|
else
|
|
@@ -66,6 +69,10 @@ module Inspec::Resources
|
|
|
66
69
|
end
|
|
67
70
|
end
|
|
68
71
|
|
|
72
|
+
def resource_id
|
|
73
|
+
"mysql_session:User:#{@user}:Host:#{@host}:Database:#{@db}"
|
|
74
|
+
end
|
|
75
|
+
|
|
69
76
|
def to_s
|
|
70
77
|
"MySQL Session"
|
|
71
78
|
end
|
|
@@ -18,12 +18,13 @@ module Inspec::Resources
|
|
|
18
18
|
its('modules') { should include 'my_module' }
|
|
19
19
|
end
|
|
20
20
|
EXAMPLE
|
|
21
|
-
attr_reader :params, :bin_dir
|
|
21
|
+
attr_reader :params, :bin_dir, :nginx_path
|
|
22
22
|
|
|
23
23
|
def initialize(nginx_path = "/usr/sbin/nginx")
|
|
24
24
|
return skip_resource "The `nginx` resource is not yet available on your OS." if inspec.os.windows?
|
|
25
25
|
return skip_resource "The `nginx` binary not found in the path provided." unless inspec.command(nginx_path).exist?
|
|
26
26
|
|
|
27
|
+
@nginx_path = nginx_path
|
|
27
28
|
cmd = inspec.command("#{nginx_path} -V 2>&1")
|
|
28
29
|
if cmd.exit_status != 0
|
|
29
30
|
return skip_resource "Error using the command nginx -V"
|
|
@@ -59,6 +60,10 @@ module Inspec::Resources
|
|
|
59
60
|
@data.scan(/--with-(\S+)_module/).flatten
|
|
60
61
|
end
|
|
61
62
|
|
|
63
|
+
def resource_id
|
|
64
|
+
nginx_path || "nginx"
|
|
65
|
+
end
|
|
66
|
+
|
|
62
67
|
def to_s
|
|
63
68
|
"Nginx Environment"
|
|
64
69
|
end
|