inspec-core 5.17.4 → 5.18.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/etc/deprecations.json +4 -0
- data/inspec-core.gemspec +1 -1
- data/lib/inspec/base_cli.rb +5 -0
- data/lib/inspec/cli.rb +62 -9
- data/lib/inspec/dependencies/dependency_set.rb +6 -2
- data/lib/inspec/dsl.rb +18 -5
- data/lib/inspec/errors.rb +2 -0
- data/lib/inspec/exceptions.rb +2 -0
- data/lib/inspec/fetcher/url.rb +1 -1
- data/lib/inspec/file_provider.rb +36 -0
- data/lib/inspec/iaf_file.rb +127 -0
- data/lib/inspec/profile.rb +17 -7
- data/lib/inspec/resources/aide_conf.rb +4 -0
- data/lib/inspec/resources/apache.rb +4 -0
- data/lib/inspec/resources/apache_conf.rb +4 -0
- data/lib/inspec/resources/apt.rb +6 -1
- data/lib/inspec/resources/audit_policy.rb +5 -0
- data/lib/inspec/resources/auditd_conf.rb +4 -0
- data/lib/inspec/resources/bash.rb +4 -0
- data/lib/inspec/resources/bond.rb +4 -0
- data/lib/inspec/resources/bridge.rb +4 -0
- data/lib/inspec/resources/cassandradb_conf.rb +5 -0
- data/lib/inspec/resources/cassandradb_session.rb +8 -3
- data/lib/inspec/resources/chocolatey_package.rb +4 -0
- data/lib/inspec/resources/chrony_conf.rb +4 -0
- data/lib/inspec/resources/command.rb +5 -0
- data/lib/inspec/resources/cpan.rb +4 -0
- data/lib/inspec/resources/cran.rb +4 -0
- data/lib/inspec/resources/cron.rb +5 -0
- data/lib/inspec/resources/csv.rb +6 -1
- data/lib/inspec/resources/dh_params.rb +4 -0
- data/lib/inspec/resources/docker_container.rb +4 -0
- data/lib/inspec/resources/docker_image.rb +4 -0
- data/lib/inspec/resources/docker_plugin.rb +4 -0
- data/lib/inspec/resources/docker_service.rb +4 -0
- data/lib/inspec/resources/etc_group.rb +4 -0
- data/lib/inspec/resources/etc_hosts_allow_deny.rb +5 -0
- data/lib/inspec/resources/file.rb +6 -1
- data/lib/inspec/resources/filesystem.rb +4 -0
- data/lib/inspec/resources/gem.rb +4 -0
- data/lib/inspec/resources/groups.rb +4 -0
- data/lib/inspec/resources/grub_conf.rb +4 -0
- data/lib/inspec/resources/host.rb +4 -0
- data/lib/inspec/resources/http.rb +4 -0
- data/lib/inspec/resources/ibmdb2_conf.rb +8 -0
- data/lib/inspec/resources/ibmdb2_session.rb +12 -3
- data/lib/inspec/resources/iis_app.rb +4 -0
- data/lib/inspec/resources/iis_app_pool.rb +4 -0
- data/lib/inspec/resources/iis_site.rb +4 -0
- data/lib/inspec/resources/inetd_conf.rb +4 -0
- data/lib/inspec/resources/interface.rb +4 -0
- data/lib/inspec/resources/ip6tables.rb +4 -0
- data/lib/inspec/resources/ipfilter.rb +4 -0
- data/lib/inspec/resources/ipnat.rb +4 -0
- data/lib/inspec/resources/iptables.rb +4 -0
- data/lib/inspec/resources/json.rb +4 -0
- data/lib/inspec/resources/kernel_module.rb +4 -0
- data/lib/inspec/resources/kernel_parameter.rb +4 -0
- data/lib/inspec/resources/key_rsa.rb +4 -0
- data/lib/inspec/resources/ksh.rb +4 -0
- data/lib/inspec/resources/limits_conf.rb +4 -0
- data/lib/inspec/resources/login_defs.rb +4 -0
- data/lib/inspec/resources/mongodb.rb +4 -0
- data/lib/inspec/resources/mongodb_conf.rb +5 -0
- data/lib/inspec/resources/mongodb_session.rb +6 -1
- data/lib/inspec/resources/mount.rb +4 -0
- data/lib/inspec/resources/mssql_session.rb +4 -0
- data/lib/inspec/resources/mssql_sys_conf.rb +7 -0
- data/lib/inspec/resources/mysql_conf.rb +4 -0
- data/lib/inspec/resources/mysql_session.rb +8 -1
- data/lib/inspec/resources/nginx.rb +6 -1
- data/lib/inspec/resources/nginx_conf.rb +4 -0
- data/lib/inspec/resources/noop.rb +4 -0
- data/lib/inspec/resources/npm.rb +4 -0
- data/lib/inspec/resources/ntp_conf.rb +4 -0
- data/lib/inspec/resources/oneget.rb +4 -0
- data/lib/inspec/resources/opa_api.rb +10 -0
- data/lib/inspec/resources/opa_cli.rb +14 -0
- data/lib/inspec/resources/oracledb_conf.rb +5 -0
- data/lib/inspec/resources/oracledb_listener_conf.rb +4 -0
- data/lib/inspec/resources/oracledb_session.rb +10 -0
- data/lib/inspec/resources/os.rb +4 -0
- data/lib/inspec/resources/os_env.rb +4 -0
- data/lib/inspec/resources/package.rb +4 -0
- data/lib/inspec/resources/parse_config.rb +10 -1
- data/lib/inspec/resources/pip.rb +4 -0
- data/lib/inspec/resources/platform.rb +4 -0
- data/lib/inspec/resources/postfix_conf.rb +4 -0
- data/lib/inspec/resources/postgres_conf.rb +4 -0
- data/lib/inspec/resources/postgres_session.rb +8 -4
- data/lib/inspec/resources/powershell.rb +4 -0
- data/lib/inspec/resources/processes.rb +6 -4
- data/lib/inspec/resources/rabbitmq_config.rb +4 -0
- data/lib/inspec/resources/registry_key.rb +4 -0
- data/lib/inspec/resources/security_identifier.rb +4 -0
- data/lib/inspec/resources/security_policy.rb +4 -0
- data/lib/inspec/resources/service.rb +4 -0
- data/lib/inspec/resources/ssh_config.rb +4 -0
- data/lib/inspec/resources/sybase_conf.rb +4 -0
- data/lib/inspec/resources/sybase_session.rb +4 -0
- data/lib/inspec/resources/sys_info.rb +4 -0
- data/lib/inspec/resources/timezone.rb +4 -0
- data/lib/inspec/resources/users.rb +4 -0
- data/lib/inspec/resources/vbscript.rb +5 -0
- data/lib/inspec/resources/virtualization.rb +4 -0
- data/lib/inspec/resources/windows_feature.rb +5 -1
- data/lib/inspec/resources/windows_firewall.rb +4 -0
- data/lib/inspec/resources/windows_firewall_rule.rb +4 -0
- data/lib/inspec/resources/windows_hotfix.rb +4 -0
- data/lib/inspec/resources/windows_task.rb +4 -0
- data/lib/inspec/resources/wmi.rb +4 -0
- data/lib/inspec/resources/x509_certificate.rb +59 -0
- data/lib/inspec/resources/yum.rb +4 -0
- data/lib/inspec/resources/zfs_dataset.rb +4 -0
- data/lib/inspec/resources/zfs_pool.rb +4 -0
- data/lib/inspec/rule.rb +1 -1
- data/lib/inspec/secrets/yaml.rb +7 -1
- data/lib/inspec/ui.rb +1 -0
- data/lib/inspec/utils/yaml_profile_summary.rb +34 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-reporter-html2/templates/body.html.erb +4 -4
- data/lib/plugins/inspec-reporter-html2/templates/control.html.erb +1 -1
- data/lib/plugins/inspec-reporter-html2/templates/profile.html.erb +1 -1
- data/lib/plugins/{inspec-artifact/inspec-artifact.gemspec → inspec-sign/inspec-sign.gemspec} +2 -2
- data/lib/plugins/inspec-sign/lib/inspec-sign/base.rb +161 -0
- data/lib/plugins/{inspec-artifact/lib/inspec-artifact → inspec-sign/lib/inspec-sign}/cli.rb +14 -23
- data/lib/plugins/inspec-sign/lib/inspec-sign.rb +12 -0
- data/lib/source_readers/inspec.rb +8 -2
- metadata +10 -8
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +0 -187
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +0 -12
data/lib/inspec/resources/npm.rb
CHANGED
|
@@ -6,6 +6,12 @@ module Inspec::Resources
|
|
|
6
6
|
supports platform: "unix"
|
|
7
7
|
supports platform: "windows"
|
|
8
8
|
|
|
9
|
+
example <<~EXAMPLE
|
|
10
|
+
describe opa_api(url: "localhost:8181/v1/data/example/violation", data: "input.json") do
|
|
11
|
+
its(["result"]) { should eq 'value' }
|
|
12
|
+
end
|
|
13
|
+
EXAMPLE
|
|
14
|
+
|
|
9
15
|
def initialize(opts = {})
|
|
10
16
|
@url = opts[:url] || nil
|
|
11
17
|
@data = opts[:data] || nil
|
|
@@ -18,6 +24,10 @@ module Inspec::Resources
|
|
|
18
24
|
@content["result"]
|
|
19
25
|
end
|
|
20
26
|
|
|
27
|
+
def resource_id
|
|
28
|
+
@url || "opa_api"
|
|
29
|
+
end
|
|
30
|
+
|
|
21
31
|
def to_s
|
|
22
32
|
"OPA api"
|
|
23
33
|
end
|
|
@@ -6,6 +6,12 @@ module Inspec::Resources
|
|
|
6
6
|
supports platform: "unix"
|
|
7
7
|
supports platform: "windows"
|
|
8
8
|
|
|
9
|
+
example <<~EXAMPLE
|
|
10
|
+
describe opa_cli(policy: "example.rego", data: "input.json", query: "data.example.allow") do
|
|
11
|
+
its(["result"]) { should eq "value" }
|
|
12
|
+
end
|
|
13
|
+
EXAMPLE
|
|
14
|
+
|
|
9
15
|
def initialize(opts = {})
|
|
10
16
|
@opa_executable_path = opts[:opa_executable_path] || "opa" # if this path is not provided then we will assume that it's been set in the ENV PATH
|
|
11
17
|
@policy = opts[:policy] || nil
|
|
@@ -22,6 +28,14 @@ module Inspec::Resources
|
|
|
22
28
|
@content["result"][0]["expressions"][0]["value"] if @content["result"][0]["expressions"][0]["text"].include?("allow")
|
|
23
29
|
end
|
|
24
30
|
|
|
31
|
+
def resource_id
|
|
32
|
+
if @policy.nil? && @query.nil?
|
|
33
|
+
"opa_cli"
|
|
34
|
+
else
|
|
35
|
+
"#{@policy}:#{@query}"
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
25
39
|
def to_s
|
|
26
40
|
"OPA cli"
|
|
27
41
|
end
|
|
@@ -17,6 +17,7 @@ module Inspec::Resources
|
|
|
17
17
|
|
|
18
18
|
def initialize(opts = {})
|
|
19
19
|
@oracledb_session = inspec.oracledb_session(opts)
|
|
20
|
+
@opts = opts
|
|
20
21
|
end
|
|
21
22
|
|
|
22
23
|
def method_missing(name)
|
|
@@ -28,6 +29,10 @@ module Inspec::Resources
|
|
|
28
29
|
"Oracle DB Configuration"
|
|
29
30
|
end
|
|
30
31
|
|
|
32
|
+
def resource_id
|
|
33
|
+
@opts[:user] || ""
|
|
34
|
+
end
|
|
35
|
+
|
|
31
36
|
private
|
|
32
37
|
|
|
33
38
|
def determine_database_setting(setting)
|
data/lib/inspec/resources/os.rb
CHANGED
|
@@ -68,6 +68,10 @@ module Inspec::Resources
|
|
|
68
68
|
end
|
|
69
69
|
end
|
|
70
70
|
|
|
71
|
+
def resource_id
|
|
72
|
+
@content || "parse_config"
|
|
73
|
+
end
|
|
74
|
+
|
|
71
75
|
def to_s
|
|
72
76
|
"Parse Config #{@conf_path}"
|
|
73
77
|
end
|
|
@@ -104,8 +108,13 @@ module Inspec::Resources
|
|
|
104
108
|
EXAMPLE
|
|
105
109
|
|
|
106
110
|
def initialize(path, opts = nil)
|
|
111
|
+
@path = path
|
|
107
112
|
super(nil, opts)
|
|
108
|
-
parse_file(path)
|
|
113
|
+
parse_file(@path)
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
def resource_id
|
|
117
|
+
@path || "parse_config_file"
|
|
109
118
|
end
|
|
110
119
|
|
|
111
120
|
def to_s
|
data/lib/inspec/resources/pip.rb
CHANGED
|
@@ -4,9 +4,9 @@ require "shellwords" unless defined?(Shellwords)
|
|
|
4
4
|
|
|
5
5
|
module Inspec::Resources
|
|
6
6
|
class Lines
|
|
7
|
-
attr_reader :output
|
|
7
|
+
attr_reader :output, :exit_status
|
|
8
8
|
|
|
9
|
-
def initialize(raw, desc)
|
|
9
|
+
def initialize(raw, desc, exit_status)
|
|
10
10
|
@output = raw
|
|
11
11
|
@desc = desc
|
|
12
12
|
end
|
|
@@ -58,12 +58,16 @@ module Inspec::Resources
|
|
|
58
58
|
if cmd.exit_status != 0 && ( out =~ /could not connect to/ || out =~ /password authentication failed/ ) && out.downcase =~ /error:/
|
|
59
59
|
raise Inspec::Exceptions::ResourceFailed, "PostgreSQL connection error: #{out}"
|
|
60
60
|
elsif cmd.exit_status != 0 && out.downcase =~ /error:/
|
|
61
|
-
Lines.new(out, "PostgreSQL query with error: #{query}")
|
|
61
|
+
Lines.new(out, "PostgreSQL query with error: #{query}", cmd.exit_status)
|
|
62
62
|
else
|
|
63
|
-
Lines.new(cmd.stdout.strip, "PostgreSQL query: #{query}")
|
|
63
|
+
Lines.new(cmd.stdout.strip, "PostgreSQL query: #{query}", cmd.exit_status)
|
|
64
64
|
end
|
|
65
65
|
end
|
|
66
66
|
|
|
67
|
+
def resource_id
|
|
68
|
+
"postgress_session:User:#{@user}:Host:#{@host}"
|
|
69
|
+
end
|
|
70
|
+
|
|
67
71
|
private
|
|
68
72
|
|
|
69
73
|
def escaped_query(query)
|
|
@@ -43,7 +43,7 @@ module Inspec::Resources
|
|
|
43
43
|
|
|
44
44
|
all_cmds = ps_axo
|
|
45
45
|
@list = all_cmds.find_all do |hm|
|
|
46
|
-
hm[:command] =~ grep
|
|
46
|
+
hm[:command] =~ grep || hm[:process_name] =~ grep
|
|
47
47
|
end
|
|
48
48
|
end
|
|
49
49
|
|
|
@@ -84,6 +84,7 @@ module Inspec::Resources
|
|
|
84
84
|
.register_column(:time, field: "time")
|
|
85
85
|
.register_column(:users, field: "user")
|
|
86
86
|
.register_column(:commands, field: "command")
|
|
87
|
+
.register_column(:process_name, field: "process_name")
|
|
87
88
|
.install_filter_methods_on_resource(self, :filtered_processes)
|
|
88
89
|
|
|
89
90
|
private
|
|
@@ -98,9 +99,9 @@ module Inspec::Resources
|
|
|
98
99
|
if os.linux?
|
|
99
100
|
command, regex, field_map = ps_configuration_for_linux
|
|
100
101
|
elsif os.windows?
|
|
101
|
-
command = '$Proc = Get-Process -IncludeUserName |
|
|
102
|
+
command = '$Proc = Get-Process -IncludeUserName | Select-Object PriorityClass,Id,CPU,PM,VirtualMemorySize,NPM,SessionId,Responding,StartTime,TotalProcessorTime,UserName,Path,ProcessName | ConvertTo-Csv -NoTypeInformation;$Proc.Replace("""","").Replace("`r`n","`n")'
|
|
102
103
|
# Wanted to use /(?:^|,)([^,]*)/; works on rubular.com not sure why here?
|
|
103
|
-
regex = /^(
|
|
104
|
+
regex = /^(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*)$/
|
|
104
105
|
field_map = {
|
|
105
106
|
pid: 2,
|
|
106
107
|
cpu: 3,
|
|
@@ -113,6 +114,7 @@ module Inspec::Resources
|
|
|
113
114
|
time: 10,
|
|
114
115
|
user: 11,
|
|
115
116
|
command: 12,
|
|
117
|
+
process_name: 13,
|
|
116
118
|
}
|
|
117
119
|
else
|
|
118
120
|
command = "ps axo pid,pcpu,pmem,vsz,rss,tty,stat,start,time,user,command"
|
|
@@ -204,7 +206,7 @@ module Inspec::Resources
|
|
|
204
206
|
|
|
205
207
|
# build a hash of process data that we'll turn into a struct for FilterTable
|
|
206
208
|
process_data = {}
|
|
207
|
-
%i{label pid cpu mem vsz rss tty stat start time user command}.each do |param|
|
|
209
|
+
%i{label pid cpu mem vsz rss tty stat start time user command process_name}.each do |param|
|
|
208
210
|
# not all operating systems support all fields, so skip the field if we don't have it
|
|
209
211
|
process_data[param] = line[field_map[param]] if field_map.key?(param)
|
|
210
212
|
end
|
|
@@ -51,6 +51,11 @@ module Inspec::Resources
|
|
|
51
51
|
@result ||= parse_stdout
|
|
52
52
|
end
|
|
53
53
|
|
|
54
|
+
# vbscript can be of multiple lines so that can't be used as UUID so using the hardcoded string.
|
|
55
|
+
def resource_id
|
|
56
|
+
"Windows VBScript"
|
|
57
|
+
end
|
|
58
|
+
|
|
54
59
|
def to_s
|
|
55
60
|
"Windows VBScript"
|
|
56
61
|
end
|