inspec-core 5.17.4 → 5.18.14
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/etc/deprecations.json +4 -0
- data/inspec-core.gemspec +1 -1
- data/lib/inspec/base_cli.rb +5 -0
- data/lib/inspec/cli.rb +62 -9
- data/lib/inspec/dependencies/dependency_set.rb +6 -2
- data/lib/inspec/dsl.rb +18 -5
- data/lib/inspec/errors.rb +2 -0
- data/lib/inspec/exceptions.rb +2 -0
- data/lib/inspec/fetcher/url.rb +1 -1
- data/lib/inspec/file_provider.rb +36 -0
- data/lib/inspec/iaf_file.rb +127 -0
- data/lib/inspec/profile.rb +17 -7
- data/lib/inspec/resources/aide_conf.rb +4 -0
- data/lib/inspec/resources/apache.rb +4 -0
- data/lib/inspec/resources/apache_conf.rb +4 -0
- data/lib/inspec/resources/apt.rb +6 -1
- data/lib/inspec/resources/audit_policy.rb +5 -0
- data/lib/inspec/resources/auditd_conf.rb +4 -0
- data/lib/inspec/resources/bash.rb +4 -0
- data/lib/inspec/resources/bond.rb +4 -0
- data/lib/inspec/resources/bridge.rb +4 -0
- data/lib/inspec/resources/cassandradb_conf.rb +5 -0
- data/lib/inspec/resources/cassandradb_session.rb +8 -3
- data/lib/inspec/resources/chocolatey_package.rb +4 -0
- data/lib/inspec/resources/chrony_conf.rb +4 -0
- data/lib/inspec/resources/command.rb +5 -0
- data/lib/inspec/resources/cpan.rb +4 -0
- data/lib/inspec/resources/cran.rb +4 -0
- data/lib/inspec/resources/cron.rb +5 -0
- data/lib/inspec/resources/csv.rb +6 -1
- data/lib/inspec/resources/dh_params.rb +4 -0
- data/lib/inspec/resources/docker_container.rb +4 -0
- data/lib/inspec/resources/docker_image.rb +4 -0
- data/lib/inspec/resources/docker_plugin.rb +4 -0
- data/lib/inspec/resources/docker_service.rb +4 -0
- data/lib/inspec/resources/etc_group.rb +4 -0
- data/lib/inspec/resources/etc_hosts_allow_deny.rb +5 -0
- data/lib/inspec/resources/file.rb +6 -1
- data/lib/inspec/resources/filesystem.rb +4 -0
- data/lib/inspec/resources/gem.rb +4 -0
- data/lib/inspec/resources/groups.rb +4 -0
- data/lib/inspec/resources/grub_conf.rb +4 -0
- data/lib/inspec/resources/host.rb +4 -0
- data/lib/inspec/resources/http.rb +4 -0
- data/lib/inspec/resources/ibmdb2_conf.rb +8 -0
- data/lib/inspec/resources/ibmdb2_session.rb +12 -3
- data/lib/inspec/resources/iis_app.rb +4 -0
- data/lib/inspec/resources/iis_app_pool.rb +4 -0
- data/lib/inspec/resources/iis_site.rb +4 -0
- data/lib/inspec/resources/inetd_conf.rb +4 -0
- data/lib/inspec/resources/interface.rb +4 -0
- data/lib/inspec/resources/ip6tables.rb +4 -0
- data/lib/inspec/resources/ipfilter.rb +4 -0
- data/lib/inspec/resources/ipnat.rb +4 -0
- data/lib/inspec/resources/iptables.rb +4 -0
- data/lib/inspec/resources/json.rb +4 -0
- data/lib/inspec/resources/kernel_module.rb +4 -0
- data/lib/inspec/resources/kernel_parameter.rb +4 -0
- data/lib/inspec/resources/key_rsa.rb +4 -0
- data/lib/inspec/resources/ksh.rb +4 -0
- data/lib/inspec/resources/limits_conf.rb +4 -0
- data/lib/inspec/resources/login_defs.rb +4 -0
- data/lib/inspec/resources/mongodb.rb +4 -0
- data/lib/inspec/resources/mongodb_conf.rb +5 -0
- data/lib/inspec/resources/mongodb_session.rb +6 -1
- data/lib/inspec/resources/mount.rb +4 -0
- data/lib/inspec/resources/mssql_session.rb +4 -0
- data/lib/inspec/resources/mssql_sys_conf.rb +7 -0
- data/lib/inspec/resources/mysql_conf.rb +4 -0
- data/lib/inspec/resources/mysql_session.rb +8 -1
- data/lib/inspec/resources/nginx.rb +6 -1
- data/lib/inspec/resources/nginx_conf.rb +4 -0
- data/lib/inspec/resources/noop.rb +4 -0
- data/lib/inspec/resources/npm.rb +4 -0
- data/lib/inspec/resources/ntp_conf.rb +4 -0
- data/lib/inspec/resources/oneget.rb +4 -0
- data/lib/inspec/resources/opa_api.rb +10 -0
- data/lib/inspec/resources/opa_cli.rb +14 -0
- data/lib/inspec/resources/oracledb_conf.rb +5 -0
- data/lib/inspec/resources/oracledb_listener_conf.rb +4 -0
- data/lib/inspec/resources/oracledb_session.rb +10 -0
- data/lib/inspec/resources/os.rb +4 -0
- data/lib/inspec/resources/os_env.rb +4 -0
- data/lib/inspec/resources/package.rb +4 -0
- data/lib/inspec/resources/parse_config.rb +10 -1
- data/lib/inspec/resources/pip.rb +4 -0
- data/lib/inspec/resources/platform.rb +4 -0
- data/lib/inspec/resources/postfix_conf.rb +4 -0
- data/lib/inspec/resources/postgres_conf.rb +4 -0
- data/lib/inspec/resources/postgres_session.rb +8 -4
- data/lib/inspec/resources/powershell.rb +4 -0
- data/lib/inspec/resources/processes.rb +6 -4
- data/lib/inspec/resources/rabbitmq_config.rb +4 -0
- data/lib/inspec/resources/registry_key.rb +4 -0
- data/lib/inspec/resources/security_identifier.rb +4 -0
- data/lib/inspec/resources/security_policy.rb +4 -0
- data/lib/inspec/resources/service.rb +4 -0
- data/lib/inspec/resources/ssh_config.rb +4 -0
- data/lib/inspec/resources/sybase_conf.rb +4 -0
- data/lib/inspec/resources/sybase_session.rb +4 -0
- data/lib/inspec/resources/sys_info.rb +4 -0
- data/lib/inspec/resources/timezone.rb +4 -0
- data/lib/inspec/resources/users.rb +4 -0
- data/lib/inspec/resources/vbscript.rb +5 -0
- data/lib/inspec/resources/virtualization.rb +4 -0
- data/lib/inspec/resources/windows_feature.rb +5 -1
- data/lib/inspec/resources/windows_firewall.rb +4 -0
- data/lib/inspec/resources/windows_firewall_rule.rb +4 -0
- data/lib/inspec/resources/windows_hotfix.rb +4 -0
- data/lib/inspec/resources/windows_task.rb +4 -0
- data/lib/inspec/resources/wmi.rb +4 -0
- data/lib/inspec/resources/x509_certificate.rb +59 -0
- data/lib/inspec/resources/yum.rb +4 -0
- data/lib/inspec/resources/zfs_dataset.rb +4 -0
- data/lib/inspec/resources/zfs_pool.rb +4 -0
- data/lib/inspec/rule.rb +1 -1
- data/lib/inspec/secrets/yaml.rb +7 -1
- data/lib/inspec/ui.rb +1 -0
- data/lib/inspec/utils/yaml_profile_summary.rb +34 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-reporter-html2/templates/body.html.erb +4 -4
- data/lib/plugins/inspec-reporter-html2/templates/control.html.erb +1 -1
- data/lib/plugins/inspec-reporter-html2/templates/profile.html.erb +1 -1
- data/lib/plugins/{inspec-artifact/inspec-artifact.gemspec → inspec-sign/inspec-sign.gemspec} +2 -2
- data/lib/plugins/inspec-sign/lib/inspec-sign/base.rb +161 -0
- data/lib/plugins/{inspec-artifact/lib/inspec-artifact → inspec-sign/lib/inspec-sign}/cli.rb +14 -23
- data/lib/plugins/inspec-sign/lib/inspec-sign.rb +12 -0
- data/lib/source_readers/inspec.rb +8 -2
- metadata +10 -8
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +0 -187
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +0 -12
data/lib/inspec/resources/npm.rb
CHANGED
|
@@ -6,6 +6,12 @@ module Inspec::Resources
|
|
|
6
6
|
supports platform: "unix"
|
|
7
7
|
supports platform: "windows"
|
|
8
8
|
|
|
9
|
+
example <<~EXAMPLE
|
|
10
|
+
describe opa_api(url: "localhost:8181/v1/data/example/violation", data: "input.json") do
|
|
11
|
+
its(["result"]) { should eq 'value' }
|
|
12
|
+
end
|
|
13
|
+
EXAMPLE
|
|
14
|
+
|
|
9
15
|
def initialize(opts = {})
|
|
10
16
|
@url = opts[:url] || nil
|
|
11
17
|
@data = opts[:data] || nil
|
|
@@ -18,6 +24,10 @@ module Inspec::Resources
|
|
|
18
24
|
@content["result"]
|
|
19
25
|
end
|
|
20
26
|
|
|
27
|
+
def resource_id
|
|
28
|
+
@url || "opa_api"
|
|
29
|
+
end
|
|
30
|
+
|
|
21
31
|
def to_s
|
|
22
32
|
"OPA api"
|
|
23
33
|
end
|
|
@@ -6,6 +6,12 @@ module Inspec::Resources
|
|
|
6
6
|
supports platform: "unix"
|
|
7
7
|
supports platform: "windows"
|
|
8
8
|
|
|
9
|
+
example <<~EXAMPLE
|
|
10
|
+
describe opa_cli(policy: "example.rego", data: "input.json", query: "data.example.allow") do
|
|
11
|
+
its(["result"]) { should eq "value" }
|
|
12
|
+
end
|
|
13
|
+
EXAMPLE
|
|
14
|
+
|
|
9
15
|
def initialize(opts = {})
|
|
10
16
|
@opa_executable_path = opts[:opa_executable_path] || "opa" # if this path is not provided then we will assume that it's been set in the ENV PATH
|
|
11
17
|
@policy = opts[:policy] || nil
|
|
@@ -22,6 +28,14 @@ module Inspec::Resources
|
|
|
22
28
|
@content["result"][0]["expressions"][0]["value"] if @content["result"][0]["expressions"][0]["text"].include?("allow")
|
|
23
29
|
end
|
|
24
30
|
|
|
31
|
+
def resource_id
|
|
32
|
+
if @policy.nil? && @query.nil?
|
|
33
|
+
"opa_cli"
|
|
34
|
+
else
|
|
35
|
+
"#{@policy}:#{@query}"
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
25
39
|
def to_s
|
|
26
40
|
"OPA cli"
|
|
27
41
|
end
|
|
@@ -17,6 +17,7 @@ module Inspec::Resources
|
|
|
17
17
|
|
|
18
18
|
def initialize(opts = {})
|
|
19
19
|
@oracledb_session = inspec.oracledb_session(opts)
|
|
20
|
+
@opts = opts
|
|
20
21
|
end
|
|
21
22
|
|
|
22
23
|
def method_missing(name)
|
|
@@ -28,6 +29,10 @@ module Inspec::Resources
|
|
|
28
29
|
"Oracle DB Configuration"
|
|
29
30
|
end
|
|
30
31
|
|
|
32
|
+
def resource_id
|
|
33
|
+
@opts[:user] || ""
|
|
34
|
+
end
|
|
35
|
+
|
|
31
36
|
private
|
|
32
37
|
|
|
33
38
|
def determine_database_setting(setting)
|
data/lib/inspec/resources/os.rb
CHANGED
|
@@ -68,6 +68,10 @@ module Inspec::Resources
|
|
|
68
68
|
end
|
|
69
69
|
end
|
|
70
70
|
|
|
71
|
+
def resource_id
|
|
72
|
+
@content || "parse_config"
|
|
73
|
+
end
|
|
74
|
+
|
|
71
75
|
def to_s
|
|
72
76
|
"Parse Config #{@conf_path}"
|
|
73
77
|
end
|
|
@@ -104,8 +108,13 @@ module Inspec::Resources
|
|
|
104
108
|
EXAMPLE
|
|
105
109
|
|
|
106
110
|
def initialize(path, opts = nil)
|
|
111
|
+
@path = path
|
|
107
112
|
super(nil, opts)
|
|
108
|
-
parse_file(path)
|
|
113
|
+
parse_file(@path)
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
def resource_id
|
|
117
|
+
@path || "parse_config_file"
|
|
109
118
|
end
|
|
110
119
|
|
|
111
120
|
def to_s
|
data/lib/inspec/resources/pip.rb
CHANGED
|
@@ -4,9 +4,9 @@ require "shellwords" unless defined?(Shellwords)
|
|
|
4
4
|
|
|
5
5
|
module Inspec::Resources
|
|
6
6
|
class Lines
|
|
7
|
-
attr_reader :output
|
|
7
|
+
attr_reader :output, :exit_status
|
|
8
8
|
|
|
9
|
-
def initialize(raw, desc)
|
|
9
|
+
def initialize(raw, desc, exit_status)
|
|
10
10
|
@output = raw
|
|
11
11
|
@desc = desc
|
|
12
12
|
end
|
|
@@ -58,12 +58,16 @@ module Inspec::Resources
|
|
|
58
58
|
if cmd.exit_status != 0 && ( out =~ /could not connect to/ || out =~ /password authentication failed/ ) && out.downcase =~ /error:/
|
|
59
59
|
raise Inspec::Exceptions::ResourceFailed, "PostgreSQL connection error: #{out}"
|
|
60
60
|
elsif cmd.exit_status != 0 && out.downcase =~ /error:/
|
|
61
|
-
Lines.new(out, "PostgreSQL query with error: #{query}")
|
|
61
|
+
Lines.new(out, "PostgreSQL query with error: #{query}", cmd.exit_status)
|
|
62
62
|
else
|
|
63
|
-
Lines.new(cmd.stdout.strip, "PostgreSQL query: #{query}")
|
|
63
|
+
Lines.new(cmd.stdout.strip, "PostgreSQL query: #{query}", cmd.exit_status)
|
|
64
64
|
end
|
|
65
65
|
end
|
|
66
66
|
|
|
67
|
+
def resource_id
|
|
68
|
+
"postgress_session:User:#{@user}:Host:#{@host}"
|
|
69
|
+
end
|
|
70
|
+
|
|
67
71
|
private
|
|
68
72
|
|
|
69
73
|
def escaped_query(query)
|
|
@@ -43,7 +43,7 @@ module Inspec::Resources
|
|
|
43
43
|
|
|
44
44
|
all_cmds = ps_axo
|
|
45
45
|
@list = all_cmds.find_all do |hm|
|
|
46
|
-
hm[:command] =~ grep
|
|
46
|
+
hm[:command] =~ grep || hm[:process_name] =~ grep
|
|
47
47
|
end
|
|
48
48
|
end
|
|
49
49
|
|
|
@@ -84,6 +84,7 @@ module Inspec::Resources
|
|
|
84
84
|
.register_column(:time, field: "time")
|
|
85
85
|
.register_column(:users, field: "user")
|
|
86
86
|
.register_column(:commands, field: "command")
|
|
87
|
+
.register_column(:process_name, field: "process_name")
|
|
87
88
|
.install_filter_methods_on_resource(self, :filtered_processes)
|
|
88
89
|
|
|
89
90
|
private
|
|
@@ -98,9 +99,9 @@ module Inspec::Resources
|
|
|
98
99
|
if os.linux?
|
|
99
100
|
command, regex, field_map = ps_configuration_for_linux
|
|
100
101
|
elsif os.windows?
|
|
101
|
-
command = '$Proc = Get-Process -IncludeUserName |
|
|
102
|
+
command = '$Proc = Get-Process -IncludeUserName | Select-Object PriorityClass,Id,CPU,PM,VirtualMemorySize,NPM,SessionId,Responding,StartTime,TotalProcessorTime,UserName,Path,ProcessName | ConvertTo-Csv -NoTypeInformation;$Proc.Replace("""","").Replace("`r`n","`n")'
|
|
102
103
|
# Wanted to use /(?:^|,)([^,]*)/; works on rubular.com not sure why here?
|
|
103
|
-
regex = /^(
|
|
104
|
+
regex = /^(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*)$/
|
|
104
105
|
field_map = {
|
|
105
106
|
pid: 2,
|
|
106
107
|
cpu: 3,
|
|
@@ -113,6 +114,7 @@ module Inspec::Resources
|
|
|
113
114
|
time: 10,
|
|
114
115
|
user: 11,
|
|
115
116
|
command: 12,
|
|
117
|
+
process_name: 13,
|
|
116
118
|
}
|
|
117
119
|
else
|
|
118
120
|
command = "ps axo pid,pcpu,pmem,vsz,rss,tty,stat,start,time,user,command"
|
|
@@ -204,7 +206,7 @@ module Inspec::Resources
|
|
|
204
206
|
|
|
205
207
|
# build a hash of process data that we'll turn into a struct for FilterTable
|
|
206
208
|
process_data = {}
|
|
207
|
-
%i{label pid cpu mem vsz rss tty stat start time user command}.each do |param|
|
|
209
|
+
%i{label pid cpu mem vsz rss tty stat start time user command process_name}.each do |param|
|
|
208
210
|
# not all operating systems support all fields, so skip the field if we don't have it
|
|
209
211
|
process_data[param] = line[field_map[param]] if field_map.key?(param)
|
|
210
212
|
end
|
|
@@ -51,6 +51,11 @@ module Inspec::Resources
|
|
|
51
51
|
@result ||= parse_stdout
|
|
52
52
|
end
|
|
53
53
|
|
|
54
|
+
# vbscript can be of multiple lines so that can't be used as UUID so using the hardcoded string.
|
|
55
|
+
def resource_id
|
|
56
|
+
"Windows VBScript"
|
|
57
|
+
end
|
|
58
|
+
|
|
54
59
|
def to_s
|
|
55
60
|
"Windows VBScript"
|
|
56
61
|
end
|