inspec-core 5.17.4 → 5.21.29

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b31dbb074483f274162eeea0fde1b234cd19e1c65257e19f7d0bc2f46c375b70
-  data.tar.gz: 31756fedad66edc248e5ae7b1ca5ab08408f6d7d6e6ce6dfb9053d1323c1acac
+  metadata.gz: 7f6f86730baadd988c363a823e5e46ba68c318e48b27bbaaba614ce7c33bb71c
+  data.tar.gz: f02ca42e9d4e525b82e9cfa61a04b122dc3b09c1e3c96f2ec4440c3fb3053f25
 SHA512:
-  metadata.gz: e765163668a3799ae45fbe2a5ddd219832341c32b01b62422506324a62c44b99ad771f47c662be5abb1198fdd65969e2a038f54c5059841561edda42170f7631
-  data.tar.gz: bbbadea0724f15d1a67c895eab750eea1a660bfc2e65143af703f8b5a88eb9e0c9fde1f9c08356fd9e4b32d202d620902fbad8784618cc01eec866c20f5247c7
+  metadata.gz: 597fed943b00ed280a749f05c97d01e29b4d5a85034835e9f242990588b35b740bf56a886b65202777d68b79b5cbd1faf1a48a69c1a4f1f8a00a83ecdece3527
+  data.tar.gz: 13aa012d46677b3cd31614dcc118c62b1aa1656f3007d6b105f7822a3c25a45b1b1284eef9fb9e761cf5a03cd8209ffe8518d54ed355c189a2f141788a000694

data/Gemfile

@@ -23,13 +23,12 @@ group :omnibus do
 end
 
 group :test do
-  gem "chefstyle", "~> 2.0.3"
+  gem "chefstyle", "~> 2.2.2"
   gem "concurrent-ruby", "~> 1.0"
-  gem "html-proofer", platforms: :ruby # do not attempt to run proofer on windows
   gem "json_schemer", ">= 0.2.1", "< 0.2.19"
   gem "m"
   gem "minitest-sprint", "~> 1.0"
-  gem "minitest", "~> 5.5"
+  gem "minitest", "5.15.0"
   gem "mocha", "~> 1.1"
   gem "nokogiri", "~> 1.9"
   gem "pry-byebug"
@@ -39,26 +38,30 @@ group :test do
   gem "simplecov", "~> 0.21"
   gem "simplecov_json_formatter"
   gem "webmock", "~> 3.0"
+
+  if Gem.ruby_version >= Gem::Version.new("3.0.0")
+    # html-proofer has a dep on io-event, which is ruby-3 only
+    gem "html-proofer", "~> 3.19.4", platforms: :ruby # do not attempt to run proofer on windows. Pinned to 3.19.4 as test is breaking in updated versions.
+  end
 end
 
 group :deploy do
   gem "inquirer"
 end
 
-# Only include Test Kitchen support if we are on Ruby 2.7 or higher
-# as chef-zero support requires Ruby 2.6
-# See https://github.com/inspec/inspec/pull/5341
-if Gem.ruby_version >= Gem::Version.new("2.7.0")
-  group :kitchen do
-    gem "berkshelf"
-    gem "chef", ">= 16.0" # Required to allow net-ssh > 6
-    gem "test-kitchen", ">= 2.8"
-    gem "kitchen-inspec", ">= 2.0"
-    gem "kitchen-dokken", ">= 2.11"
-    gem "git"
+group :kitchen do
+  gem "berkshelf"
+
+  # Chef 18 requires ruby 3
+  if Gem.ruby_version >= Gem::Version.new("3.0.0")
+    gem "chef", ">= 17.0"
+  else
+    # Ruby 2.7 presumably - TODO remove this when 2.7 is sunsetted
+    gem "chef", "~> 16.0"
   end
-end
 
-if Gem.ruby_version < Gem::Version.new("2.7.0")
-  gem "activesupport", "6.1.4.4"
+  gem "test-kitchen", ">= 2.8"
+  gem "kitchen-inspec", ">= 2.0"
+  gem "kitchen-dokken", ">= 2.11"
+  gem "git"
 end

data/etc/deprecations.json

@@ -121,6 +121,10 @@
     "cli_option_target_id":{
       "action": "warn",
       "prefix": "The --target-id option is deprecated in InSpec 5. Its value will be ignored."
+    },
+    "renamed_to_inspec_export":{
+      "action": "ignore",
+      "prefix": "The `inspec json` command is deprecated in InSpec 5 and replaced with `inspec export` command."
     }
   }
 }

data/inspec-core.gemspec

@@ -18,32 +18,32 @@ Gem::Specification.new do |spec|
   # the gemfile and gemspec are necessary for appbundler so don't remove it
   spec.files =
     Dir.glob("{{lib,etc}/**/*,LICENSE,Gemfile,inspec-core.gemspec}")
-      .grep_v(%r{(?<!inspec-init/templates/profiles/)(aws|azure|gcp)})
+      .grep_v(%r{(?<!inspec-init/templates/profiles/)(aws|azure|gcp|alicloud)})
       .grep_v(%r{lib/plugins/.*/test/})
       .reject { |f| File.directory?(f) }
 
   # Implementation dependencies
-  spec.add_dependency "chef-telemetry",     "~> 1.0", ">= 1.0.8" # 1.0.8+ removes the http dep
-  spec.add_dependency "license-acceptance", ">= 0.2.13", "< 3.0"
-  spec.add_dependency "thor",               ">= 0.20", "< 2.0"
-  spec.add_dependency "method_source",      ">= 0.8", "< 2.0"
-  spec.add_dependency "rubyzip",            ">= 1.2.2", "< 3.0"
-  spec.add_dependency "rspec",              ">= 3.9", "<= 3.11"
-  spec.add_dependency "rspec-its",          "~> 1.2"
-  spec.add_dependency "pry",                "~> 0.13"
-  spec.add_dependency "hashie",             ">= 3.4", "< 5.0"
-  spec.add_dependency "mixlib-log",         "~> 3.0"
-  spec.add_dependency "sslshake",           "~> 1.2"
-  spec.add_dependency "parallel",           "~> 1.9"
-  spec.add_dependency "faraday",            ">= 0.9.0", "< 1.5"
-  spec.add_dependency "faraday_middleware", "~> 1.0"
-  spec.add_dependency "tty-table",          "~> 0.10"
-  spec.add_dependency "tty-prompt",         "~> 0.17"
-  spec.add_dependency "tomlrb",             ">= 1.2", "< 2.1"
-  spec.add_dependency "addressable",        "~> 2.4"
-  spec.add_dependency "parslet",            ">= 1.5", "< 2.0" # Pinned < 2.0, see #5389
-  spec.add_dependency "semverse",           "~> 3.0"
-  spec.add_dependency "multipart-post",     "~> 2.0"
+  spec.add_dependency "chef-telemetry",           "~> 1.0", ">= 1.0.8" # 1.0.8+ removes the http dep
+  spec.add_dependency "license-acceptance",       ">= 0.2.13", "< 3.0"
+  spec.add_dependency "thor",                     ">= 0.20", "< 2.0"
+  spec.add_dependency "method_source",            ">= 0.8", "< 2.0"
+  spec.add_dependency "rubyzip",                  ">= 1.2.2", "< 3.0"
+  spec.add_dependency "rspec",                    ">= 3.9", "<= 3.11"
+  spec.add_dependency "rspec-its",                "~> 1.2"
+  spec.add_dependency "pry",                      "~> 0.13"
+  spec.add_dependency "hashie",                   ">= 3.4", "< 5.0"
+  spec.add_dependency "mixlib-log",               "~> 3.0"
+  spec.add_dependency "sslshake",                 "~> 1.2"
+  spec.add_dependency "parallel",                 "~> 1.9"
+  spec.add_dependency "faraday",                  ">= 1", "< 3"
+  spec.add_dependency "faraday-follow_redirects", "~> 0.3"
+  spec.add_dependency "tty-table",                "~> 0.10"
+  spec.add_dependency "tty-prompt",               "~> 0.17"
+  spec.add_dependency "tomlrb",                   ">= 1.2", "< 2.1"
+  spec.add_dependency "addressable",              "~> 2.4"
+  spec.add_dependency "parslet",                  ">= 1.5", "< 2.0" # Pinned < 2.0, see #5389
+  spec.add_dependency "semverse",                 "~> 3.0"
+  spec.add_dependency "multipart-post",           "~> 2.0"
 
-  spec.add_dependency "train-core", "~> 3.0"
+  spec.add_dependency "train-core", "~> 3.10"
 end

data/lib/inspec/base_cli.rb

@@ -138,6 +138,8 @@ module Inspec
         desc: "Provides path to Docker API endpoint (Docker)"
       option :ssh_config_file, type: :array,
         desc: "A list of paths to the ssh config file, e.g ~/.ssh/config or /etc/ssh/ssh_config"
+      option :podman_url, type: :string,
+        desc: "Provides path to Podman API endpoint"
     end
 
     def self.profile_options
@@ -203,6 +205,8 @@ module Inspec
         long_desc: "Maximum seconds to allow commands to run during execution. A timed out command is considered an error."
       option :reporter_include_source, type: :boolean, default: false,
         desc: "Include full source code of controls in the CLI report"
+      option :enhanced_outcomes, type: :boolean,
+        desc: "Show enhanced outcomes in output"
     end
 
     def self.help(*args)
@@ -323,6 +327,9 @@ module Inspec
 
     def pretty_handle_exception(exception)
       case exception
+      when Inspec::InvalidProfileSignature
+        $stderr.puts exception.message
+        Inspec::UI.new.exit(:bad_signature)
       when Inspec::Error
         $stderr.puts exception.message
         exit(1)

data/lib/inspec/cli.rb

@@ -5,6 +5,7 @@ require "inspec/dist"
 require "inspec/backend"
 require "inspec/dependencies/cache"
 require "inspec/utils/json_profile_summary"
+require "inspec/utils/yaml_profile_summary"
 
 module Inspec # TODO: move this somewhere "better"?
   autoload :BaseCLI,       "inspec/base_cli"
@@ -69,25 +70,77 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     desc: "A list of tags to filter controls and include only those. Ignore all other tests."
   profile_options
   def json(target)
-    require "json" unless defined?(JSON)
+    # This deprecation warning is ignored currently.
+    Inspec.deprecate(:renamed_to_inspec_export)
+    export(target, true)
+  end
 
+  desc "export PATH", "read the profile in PATH and generate a summary in the given format."
+  option :what, type: :string,
+    desc: "What to export: profile (default), readme, metadata."
+  option :format, type: :string,
+    desc: "The output format to use: json, raw, yaml. If valid format is not provided then it will use the default for the given 'what'."
+  option :output, aliases: :o, type: :string,
+    desc: "Save the created output to a path"
+  option :controls, type: :array,
+    desc: "For --what=profile, a list of controls to include. Ignore all other tests."
+  option :tags, type: :array,
+    desc: "For --what=profile, a list of tags to filter controls and include only those. Ignore all other tests."
+  profile_options
+  def export(target, as_json = false)
     o = config
     diagnose(o)
     o["log_location"] = $stderr
     configure_logger(o)
 
+    # using dup to resolve "can't modify frozen String" error.
+    what = o[:what].dup || "profile"
+    what.downcase!
+    raise Inspec::Error.new("Unrecognized option '#{what}' for --what - expected one of profile, readme, or metadata.") unless %w{profile readme metadata}.include?(what)
+
+    default_format_for_what = {
+      "profile" => "yaml",
+      "metadata" => "raw",
+      "readme" => "raw",
+    }
+    valid_formats_for_what = {
+      "profile" => %w{yaml json},
+      "metadata" => %w{yaml raw}, # not going to argue
+      "readme" => ["raw"],
+    }
+    format = o[:format] || default_format_for_what[what]
+    # default is json if we were called as old json command
+    format = "json" if as_json
+    raise Inspec::Error.new("Invalid option '#{format}' for --format and --what combination") unless format && valid_formats_for_what[what].include?(format)
+
     o[:backend] = Inspec::Backend.create(Inspec::Config.mock)
     o[:check_mode] = true
     o[:vendor_cache] = Inspec::Cache.new(o[:vendor_cache])
-
     profile = Inspec::Profile.for_target(target, o)
     dst = o[:output].to_s
 
-    # Write JSON
-    Inspec::Utils::JsonProfileSummary.produce_json(
-      info: profile.info,
-      write_path: dst
-    )
+    case what
+    when "profile"
+      if format == "json"
+        require "json" unless defined?(JSON)
+        # Write JSON
+        Inspec::Utils::JsonProfileSummary.produce_json(
+          info: profile.info,
+          write_path: dst
+        )
+      elsif format == "yaml"
+        Inspec::Utils::YamlProfileSummary.produce_yaml(
+          info: profile.info,
+          write_path: dst
+        )
+      end
+    when "readme"
+      out = dst.empty? ? $stdout : File.open(dst, "w")
+      out.write(profile.readme)
+    when "metadata"
+      out = dst.empty? ? $stdout : File.open(dst, "w")
+      out.write(profile.metadata_src)
+    end
   rescue StandardError => e
     pretty_handle_exception(e)
   end
@@ -189,12 +242,12 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     desc: "Fallback to using local archives if fetching fails."
   option :ignore_errors, type: :boolean, default: false,
     desc: "Ignore profile warnings."
-  def archive(path)
+  def archive(path, log_level = nil)
     o = config
     diagnose(o)
 
     o[:logger] = Logger.new($stdout)
-    o[:logger].level = get_log_level(o[:log_level])
+    o[:logger].level = get_log_level(log_level || o[:log_level])
     o[:backend] = Inspec::Backend.create(Inspec::Config.mock)
 
     # Force vendoring with overwrite when archiving
@@ -362,6 +415,8 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     desc: "Load one or more input files, a YAML file with values for the shell to use"
   option :input, type: :array, banner: "name1=value1 name2=value2",
     desc: "Specify one or more inputs directly on the command line to the shell, as --input NAME=VALUE. Accepts single-quoted YAML and JSON structures."
+  option :enhanced_outcomes, type: :boolean,
+    desc: "Show enhanced outcomes in output"
   def shell_func
     o = config
     deprecate_target_id(config)
@@ -408,11 +463,13 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     pretty_handle_exception(e)
   end
 
+  option :enhanced_outcomes, type: :boolean,
+    desc: "Show enhanced outcomes output"
   desc "schema NAME", "print the JSON schema", hide: true
   def schema(name)
     require "inspec/schema/output_schema"
-
-    puts Inspec::Schema::OutputSchema.json(name)
+    o = config
+    puts Inspec::Schema::OutputSchema.json(name, o)
   rescue StandardError => e
     puts e
     puts "Valid schemas are #{Inspec::Schema::OutputSchema.names.join(", ")}"

data/lib/inspec/dependencies/dependency_set.rb

@@ -25,7 +25,9 @@ module Inspec
     def self.from_array(dependencies, cwd, cache, backend)
       dep_list = {}
       dependencies.each do |d|
-        dep_list[d.name] = d
+        # if depedent profile does not have a source version then only name is used in dependency hash
+        key_name = (d.source_version ? "#{d.name}-#{d.source_version}" : "#{d.name}") rescue "#{d.name}"
+        dep_list[key_name] = d
       end
       new(cwd, cache, dep_list, backend)
     end
@@ -39,7 +41,9 @@ module Inspec
     def self.flatten_dep_tree(dep_tree)
       dep_list = {}
       dep_tree.each do |d|
-        dep_list[d.name] = d
+        # if depedent profile does not have a source version then only name is used in dependency hash
+        key_name = (d.source_version ? "#{d.name}-#{d.source_version}" : "#{d.name}") rescue d.name
+        dep_list[key_name] = d
         dep_list.merge!(flatten_dep_tree(d.dependencies))
       end
       dep_list

data/lib/inspec/dsl.rb

@@ -6,13 +6,13 @@ require "inspec/utils/deprecated_cloud_resources_list"
 module Inspec::DSL
   attr_accessor :backend
 
-  def require_controls(id, &block)
-    opts = { profile_id: id, include_all: false, backend: @backend, conf: @conf, dependencies: @dependencies }
+  def require_controls(id, version = nil, &block)
+    opts = { profile_id: id, include_all: false, backend: @backend, conf: @conf, dependencies: @dependencies, profile_version: version }
     ::Inspec::DSL.load_spec_files_for_profile(self, opts, &block)
   end
 
-  def include_controls(id, &block)
-    opts = { profile_id: id, include_all: true, backend: @backend, conf: @conf, dependencies: @dependencies }
+  def include_controls(id, version = nil, &block)
+    opts = { profile_id: id, include_all: true, backend: @backend, conf: @conf, dependencies: @dependencies, profile_version: version }
     ::Inspec::DSL.load_spec_files_for_profile(self, opts, &block)
   end
 
@@ -85,7 +85,26 @@ module Inspec::DSL
   def self.load_spec_files_for_profile(bind_context, opts, &block)
     dependencies = opts[:dependencies]
     profile_id = opts[:profile_id]
-    dep_entry = dependencies.list[profile_id]
+    profile_version = opts[:profile_version]
+
+    new_profile_id = nil
+    if profile_version
+      new_profile_id = "#{profile_id}-#{profile_version}"
+    else
+      # This scary regex is used to match version following semantic Versioning (SemVer). Thanks to https://ihateregex.io/expr/semver/
+      regex_for_semver = /(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?/
+      dependencies.list.keys.each do |key|
+        # 1. Fetching VERSION from a profile dependency name which is in a format NAME-VERSION.
+        # 2. Matching original profile dependency name with profile name used with include or require control DSL.
+        fetching_semver = key.match(regex_for_semver).to_s
+        unless fetching_semver.nil? || fetching_semver.empty?
+          profile_id_key = key.split("-#{fetching_semver}")[0]
+          new_profile_id = key if profile_id_key == profile_id
+        end
+      end
+    end
+    # If dep profile does not contain a source version, key does not contain a version as well. In that case new_profile_id will be always nil and instead profile_id would be used to fetch profile from dependency list.
+    dep_entry = new_profile_id ? dependencies.list[new_profile_id] : dependencies.list[profile_id]
 
     if dep_entry.nil?
       raise <<~EOF

data/lib/inspec/enhanced_outcomes.rb

@@ -0,0 +1,19 @@
+module Inspec
+  module EnhancedOutcomes
+
+    def self.determine_status(results, impact)
+      # No-op exception occurs in case of not_applicable_if
+      if results.any? { |r| !r[:exception].nil? && !r[:backtrace].nil? && r[:resource_class] != "noop" }
+        "error"
+      elsif !impact.nil? && impact.to_f == 0.0
+        "not_applicable"
+      elsif results.all? { |r| r[:status] == "skipped" }
+        "not_reviewed"
+      elsif results.any? { |r| r[:status] == "failed" }
+        "failed"
+      else
+        "passed"
+      end
+    end
+  end
+end

data/lib/inspec/env_printer.rb

@@ -35,7 +35,7 @@ module Inspec
     private
 
     def print_completion_for_shell
-      erb = ERB.new(File.read(completion_template_path), nil, "-")
+      erb = ERB.new(File.read(completion_template_path), trim_mode: "-")
       puts erb.result(TemplateContext.new(@command_class).get_bindings)
     end
 

data/lib/inspec/errors.rb

@@ -22,4 +22,6 @@ module Inspec
     attr_accessor :gem_name
     attr_accessor :version
   end
+
+  class InvalidProfileSignature < Error; end
 end

data/lib/inspec/exceptions.rb

@@ -8,5 +8,9 @@ module Inspec
     class ResourceFailed < StandardError; end
     class ResourceSkipped < StandardError; end
     class SecretsBackendNotFound < ArgumentError; end
+    class ProfileValidationKeyNotFound < ArgumentError; end
+    class ProfileSigningKeyNotFound < ArgumentError; end
+    class WaiversFileNotReadable < ArgumentError; end
+    class WaiversFileDoesNotExist < ArgumentError; end
   end
 end

data/lib/inspec/fetcher/url.rb

@@ -262,7 +262,7 @@ module Inspec::Fetcher
 
       open(target, opts)
 
-    rescue SocketError, Errno::ECONNREFUSED, OpenURI::HTTPError => e
+    rescue SocketError, Net::OpenTimeout, Errno::ECONNREFUSED, OpenURI::HTTPError => e
       raise Inspec::FetcherFailure, "Profile URL dependency #{target} could not be fetched: #{e.message}"
     end
 

data/lib/inspec/file_provider.rb

@@ -2,6 +2,7 @@ require "rubygems/package" unless defined?(Gem::Package)
 require "pathname" unless defined?(Pathname)
 require "zlib" unless defined?(Zlib)
 require "zip" unless defined?(Zip)
+require "inspec/iaf_file"
 
 module Inspec
   class FileProvider
@@ -14,6 +15,13 @@ module Inspec
         TarProvider.new(path)
       elsif File.exist?(path) && path.end_with?(".zip")
         ZipProvider.new(path)
+      elsif File.exist?(path) && path.end_with?(".iaf")
+        iaf_file = IafFile.new(path)
+        if iaf_file.valid?
+          IafProvider.new(path)
+        else
+          raise Inspec::InvalidProfileSignature, "Profile signature is invalid."
+        end
       elsif File.exist?(path)
         DirProvider.new(path)
       else
@@ -216,6 +224,34 @@ module Inspec
     end
   end # class TarProvider
 
+  class IafProvider < TarProvider
+    attr_reader :files
+
+    def initialize(path)
+      f = File.open(path, "rb")
+      version = f.readline.strip!
+      if version == "INSPEC-PROFILE-1"
+        while f.readline != "\n" do end
+        content = f.read
+        f.close
+      elsif version == "INSPEC-PROFILE-2"
+        f.readline.strip!
+        content = f.read
+        f.close
+        content = content.slice(490, content.length).lstrip
+      else
+        raise Inspec::InvalidProfileSignature, "Unrecognized IAF version."
+      end
+
+      tmpfile = nil
+      Dir.mktmpdir do |workdir|
+        tmpfile = Pathname.new(workdir).join("temp_profile.tar.gz")
+        File.open(tmpfile, "wb") { |fl| fl.write(content) }
+        super(tmpfile)
+      end
+    end
+  end # class IafProvider
+
   class RelativeFileProvider
     BLACKLIST_FILES = [
       "/pax_global_header",

data/lib/inspec/formatters/base.rb

@@ -1,12 +1,13 @@
 require "rspec/core"
 require "rspec/core/formatters/base_formatter"
 require "set" unless defined?(Set)
+require "inspec/enhanced_outcomes"
 
 module Inspec::Formatters
   class Base < RSpec::Core::Formatters::BaseFormatter
     RSpec::Core::Formatters.register self, :close, :dump_summary, :stop
 
-    attr_accessor :backend, :run_data
+    attr_accessor :backend, :run_data, :enhanced_outcomes
 
     def initialize(output)
       super(output)
@@ -17,6 +18,7 @@ module Inspec::Formatters
       @backend = nil
       @all_controls_count = nil
       @control_checks_count_map = {}
+      @enhanced_outcomes = nil
     end
 
     # RSpec Override: #dump_summary
@@ -50,7 +52,6 @@ module Inspec::Formatters
           else
             hash[:message] = exception_message(e)
           end
-
           next if e.is_a? RSpec::Expectations::ExpectationNotMetError
 
           hash[:exception] = e.class.name
@@ -68,6 +69,8 @@ module Inspec::Formatters
       # flesh out the profiles key with additional profile information
       run_data[:profiles] = profiles_info
 
+      add_enhanced_outcomes_to_controls if enhanced_outcomes
+
       # add the platform information for this particular target
       run_data[:platform] = {
         name: platform(:name),
@@ -110,6 +113,20 @@ module Inspec::Formatters
 
     private
 
+    def add_enhanced_outcomes_to_controls
+      all_unique_controls.each do |control|
+        control[:status] = determine_control_enhanced_outcome(control)
+      end
+    end
+
+    def determine_control_enhanced_outcome(control)
+      if control[:results]
+        Inspec::EnhancedOutcomes.determine_status(control[:results], control[:impact])
+      else
+        "passed"
+      end
+    end
+
     def all_unique_controls
       unique_controls = Set.new
       run_data[:profiles].each do |profile|
@@ -120,25 +137,59 @@ module Inspec::Formatters
     end
 
     def statistics
+      error = 0
+      not_applicable = 0
+      not_reviewed = 0
       failed = 0
-      skipped = 0
       passed = 0
+      skipped = 0
+      enhanced_outcomes_summary = {}
+      if enhanced_outcomes
+        all_unique_controls.each do |control|
+
+          if control[:status] == "error"
+            error += 1
+          elsif control[:status] == "not_applicable"
+            not_applicable += 1
+          elsif control[:status] == "not_reviewed"
+            not_reviewed += 1
+          elsif control[:status] == "failed"
+            failed += 1
+          elsif control[:status] == "passed"
+            passed += 1
+          end
 
-      all_unique_controls.each do |control|
-        next unless control[:results]
-
-        if control[:results].any? { |r| r[:status] == "failed" }
-          failed += 1
-        elsif control[:results].any? { |r| r[:status] == "skipped" }
-          skipped += 1
-        else
-          passed += 1
-        end
-      end
+          # added this additionally because stats summary is also used for determining exit code in runner rspec
+          skipped += 1 if control[:results].any? { |r| r[:status] == "skipped" }
 
-      total = failed + passed + skipped
+        end
+        total = error + not_applicable + not_reviewed + failed + passed
+        enhanced_outcomes_summary = {
+          not_applicable: {
+            total: not_applicable,
+          },
+          not_reviewed: {
+            total: not_reviewed,
+          },
+          error: {
+            total: error,
+          },
+        }
+      else
+        all_unique_controls.each do |control|
+          next unless control[:results]
 
-      {
+          if control[:results].any? { |r| r[:status] == "failed" }
+            failed += 1
+          elsif control[:results].any? { |r| r[:status] == "skipped" }
+            skipped += 1
+          else
+            passed += 1
+          end
+        end
+        total = failed + passed + skipped
+      end
+      final_summary = {
         total: total,
         passed: {
           total: passed,
@@ -150,6 +201,8 @@ module Inspec::Formatters
           total: failed,
         },
       }
+
+      final_summary.merge!(enhanced_outcomes_summary)
     end
 
     def exception_message(exception)