inspec-core 5.17.4 → 5.21.29
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +20 -17
- data/etc/deprecations.json +4 -0
- data/inspec-core.gemspec +23 -23
- data/lib/inspec/base_cli.rb +7 -0
- data/lib/inspec/cli.rb +68 -11
- data/lib/inspec/dependencies/dependency_set.rb +6 -2
- data/lib/inspec/dsl.rb +24 -5
- data/lib/inspec/enhanced_outcomes.rb +19 -0
- data/lib/inspec/env_printer.rb +1 -1
- data/lib/inspec/errors.rb +2 -0
- data/lib/inspec/exceptions.rb +4 -0
- data/lib/inspec/fetcher/url.rb +1 -1
- data/lib/inspec/file_provider.rb +36 -0
- data/lib/inspec/formatters/base.rb +69 -16
- data/lib/inspec/iaf_file.rb +127 -0
- data/lib/inspec/plugin/v2/loader.rb +19 -8
- data/lib/inspec/plugin/v2/plugin_types/reporter.rb +1 -0
- data/lib/inspec/plugin/v2/plugin_types/streaming_reporter.rb +54 -0
- data/lib/inspec/profile.rb +17 -7
- data/lib/inspec/reporters/base.rb +1 -0
- data/lib/inspec/reporters/cli.rb +94 -3
- data/lib/inspec/reporters/json.rb +3 -1
- data/lib/inspec/reporters/yaml.rb +3 -1
- data/lib/inspec/reporters.rb +2 -1
- data/lib/inspec/resources/aide_conf.rb +4 -0
- data/lib/inspec/resources/apache.rb +4 -0
- data/lib/inspec/resources/apache_conf.rb +4 -0
- data/lib/inspec/resources/apt.rb +6 -1
- data/lib/inspec/resources/audit_policy.rb +5 -0
- data/lib/inspec/resources/auditd_conf.rb +4 -0
- data/lib/inspec/resources/bash.rb +4 -0
- data/lib/inspec/resources/bond.rb +4 -0
- data/lib/inspec/resources/bridge.rb +4 -0
- data/lib/inspec/resources/cassandradb_conf.rb +5 -0
- data/lib/inspec/resources/cassandradb_session.rb +8 -3
- data/lib/inspec/resources/chocolatey_package.rb +4 -0
- data/lib/inspec/resources/chrony_conf.rb +4 -0
- data/lib/inspec/resources/command.rb +5 -0
- data/lib/inspec/resources/cpan.rb +4 -0
- data/lib/inspec/resources/cran.rb +4 -0
- data/lib/inspec/resources/cron.rb +5 -0
- data/lib/inspec/resources/csv.rb +6 -1
- data/lib/inspec/resources/dh_params.rb +4 -0
- data/lib/inspec/resources/docker_container.rb +4 -0
- data/lib/inspec/resources/docker_image.rb +4 -0
- data/lib/inspec/resources/docker_plugin.rb +4 -0
- data/lib/inspec/resources/docker_service.rb +4 -0
- data/lib/inspec/resources/etc_group.rb +4 -0
- data/lib/inspec/resources/etc_hosts_allow_deny.rb +5 -0
- data/lib/inspec/resources/file.rb +7 -2
- data/lib/inspec/resources/filesystem.rb +4 -0
- data/lib/inspec/resources/gem.rb +4 -0
- data/lib/inspec/resources/groups.rb +4 -0
- data/lib/inspec/resources/grub_conf.rb +4 -0
- data/lib/inspec/resources/host.rb +4 -0
- data/lib/inspec/resources/http.rb +6 -2
- data/lib/inspec/resources/ibmdb2_conf.rb +8 -0
- data/lib/inspec/resources/ibmdb2_session.rb +12 -3
- data/lib/inspec/resources/iis_app.rb +4 -0
- data/lib/inspec/resources/iis_app_pool.rb +4 -0
- data/lib/inspec/resources/iis_site.rb +4 -0
- data/lib/inspec/resources/inetd_conf.rb +4 -0
- data/lib/inspec/resources/interface.rb +4 -0
- data/lib/inspec/resources/ip6tables.rb +4 -0
- data/lib/inspec/resources/ipfilter.rb +4 -0
- data/lib/inspec/resources/ipnat.rb +4 -0
- data/lib/inspec/resources/iptables.rb +4 -0
- data/lib/inspec/resources/json.rb +4 -0
- data/lib/inspec/resources/kernel_module.rb +4 -0
- data/lib/inspec/resources/kernel_parameter.rb +4 -0
- data/lib/inspec/resources/key_rsa.rb +4 -0
- data/lib/inspec/resources/ksh.rb +4 -0
- data/lib/inspec/resources/limits_conf.rb +4 -0
- data/lib/inspec/resources/login_defs.rb +4 -0
- data/lib/inspec/resources/lxc.rb +65 -9
- data/lib/inspec/resources/mongodb.rb +4 -0
- data/lib/inspec/resources/mongodb_conf.rb +5 -0
- data/lib/inspec/resources/mongodb_session.rb +6 -1
- data/lib/inspec/resources/mount.rb +4 -0
- data/lib/inspec/resources/mssql_session.rb +4 -0
- data/lib/inspec/resources/mssql_sys_conf.rb +7 -0
- data/lib/inspec/resources/mysql_conf.rb +4 -0
- data/lib/inspec/resources/mysql_session.rb +8 -1
- data/lib/inspec/resources/nginx.rb +6 -1
- data/lib/inspec/resources/nginx_conf.rb +4 -0
- data/lib/inspec/resources/noop.rb +4 -0
- data/lib/inspec/resources/npm.rb +4 -0
- data/lib/inspec/resources/ntp_conf.rb +4 -0
- data/lib/inspec/resources/oneget.rb +4 -0
- data/lib/inspec/resources/opa_api.rb +10 -0
- data/lib/inspec/resources/opa_cli.rb +14 -0
- data/lib/inspec/resources/oracledb_conf.rb +5 -0
- data/lib/inspec/resources/oracledb_listener_conf.rb +4 -0
- data/lib/inspec/resources/oracledb_session.rb +23 -4
- data/lib/inspec/resources/os.rb +4 -0
- data/lib/inspec/resources/os_env.rb +4 -0
- data/lib/inspec/resources/package.rb +4 -0
- data/lib/inspec/resources/parse_config.rb +10 -1
- data/lib/inspec/resources/pip.rb +4 -0
- data/lib/inspec/resources/platform.rb +4 -0
- data/lib/inspec/resources/podman.rb +353 -0
- data/lib/inspec/resources/podman_container.rb +84 -0
- data/lib/inspec/resources/podman_image.rb +108 -0
- data/lib/inspec/resources/podman_network.rb +81 -0
- data/lib/inspec/resources/podman_pod.rb +101 -0
- data/lib/inspec/resources/podman_volume.rb +87 -0
- data/lib/inspec/resources/postfix_conf.rb +4 -0
- data/lib/inspec/resources/postgres_conf.rb +4 -0
- data/lib/inspec/resources/postgres_session.rb +8 -4
- data/lib/inspec/resources/powershell.rb +4 -0
- data/lib/inspec/resources/processes.rb +6 -4
- data/lib/inspec/resources/rabbitmq_config.rb +4 -0
- data/lib/inspec/resources/registry_key.rb +4 -0
- data/lib/inspec/resources/security_identifier.rb +4 -0
- data/lib/inspec/resources/security_policy.rb +4 -0
- data/lib/inspec/resources/service.rb +5 -1
- data/lib/inspec/resources/ssh_config.rb +4 -0
- data/lib/inspec/resources/sybase_conf.rb +4 -0
- data/lib/inspec/resources/sybase_session.rb +4 -0
- data/lib/inspec/resources/sys_info.rb +4 -0
- data/lib/inspec/resources/timezone.rb +4 -0
- data/lib/inspec/resources/users.rb +4 -0
- data/lib/inspec/resources/vbscript.rb +5 -0
- data/lib/inspec/resources/virtualization.rb +4 -0
- data/lib/inspec/resources/windows_feature.rb +5 -1
- data/lib/inspec/resources/windows_firewall.rb +4 -0
- data/lib/inspec/resources/windows_firewall_rule.rb +4 -0
- data/lib/inspec/resources/windows_hotfix.rb +4 -0
- data/lib/inspec/resources/windows_task.rb +4 -0
- data/lib/inspec/resources/wmi.rb +4 -0
- data/lib/inspec/resources/x509_certificate.rb +59 -0
- data/lib/inspec/resources/yum.rb +4 -0
- data/lib/inspec/resources/zfs_dataset.rb +4 -0
- data/lib/inspec/resources/zfs_pool.rb +4 -0
- data/lib/inspec/rule.rb +55 -18
- data/lib/inspec/run_data/control.rb +6 -0
- data/lib/inspec/run_data/statistics.rb +8 -2
- data/lib/inspec/runner.rb +18 -8
- data/lib/inspec/runner_rspec.rb +3 -2
- data/lib/inspec/schema/exec_json.rb +78 -2
- data/lib/inspec/schema/output_schema.rb +4 -1
- data/lib/inspec/schema/profile_json.rb +46 -0
- data/lib/inspec/schema.rb +91 -0
- data/lib/inspec/secrets/yaml.rb +7 -1
- data/lib/inspec/ui.rb +1 -0
- data/lib/inspec/utils/convert.rb +8 -0
- data/lib/inspec/utils/podman.rb +24 -0
- data/lib/inspec/utils/waivers/csv_file_reader.rb +34 -0
- data/lib/inspec/utils/waivers/excel_file_reader.rb +39 -0
- data/lib/inspec/utils/waivers/json_file_reader.rb +15 -0
- data/lib/inspec/utils/yaml_profile_summary.rb +34 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/inspec/waiver_file_reader.rb +61 -0
- data/lib/matchers/matchers.rb +7 -1
- data/lib/plugins/inspec-init/templates/profiles/alicloud/README.md +27 -0
- data/lib/plugins/inspec-init/templates/profiles/alicloud/controls/example.rb +10 -0
- data/lib/plugins/inspec-init/templates/profiles/alicloud/inputs.yml +1 -0
- data/lib/plugins/inspec-init/templates/profiles/alicloud/inspec.yml +14 -0
- data/lib/plugins/inspec-reporter-html2/README.md +1 -1
- data/lib/plugins/inspec-reporter-html2/templates/body.html.erb +11 -5
- data/lib/plugins/inspec-reporter-html2/templates/control.html.erb +11 -7
- data/lib/plugins/inspec-reporter-html2/templates/default.css +12 -0
- data/lib/plugins/inspec-reporter-html2/templates/profile.html.erb +1 -1
- data/lib/plugins/inspec-reporter-html2/templates/selector.html.erb +7 -1
- data/lib/plugins/{inspec-artifact/inspec-artifact.gemspec → inspec-sign/inspec-sign.gemspec} +2 -2
- data/lib/plugins/inspec-sign/lib/inspec-sign/base.rb +164 -0
- data/lib/plugins/{inspec-artifact/lib/inspec-artifact → inspec-sign/lib/inspec-sign}/cli.rb +14 -23
- data/lib/plugins/inspec-sign/lib/inspec-sign.rb +12 -0
- data/lib/plugins/inspec-streaming-reporter-progress-bar/lib/inspec-streaming-reporter-progress-bar/streaming_reporter.rb +39 -13
- data/lib/source_readers/inspec.rb +8 -2
- metadata +33 -15
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +0 -187
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +0 -12
@@ -1,10 +1,11 @@
|
|
1
1
|
module Inspec::Resources
|
2
2
|
class Lines
|
3
|
-
attr_reader :output
|
3
|
+
attr_reader :output, :exit_status
|
4
4
|
|
5
|
-
def initialize(raw, desc)
|
5
|
+
def initialize(raw, desc, exit_status)
|
6
6
|
@output = raw
|
7
7
|
@desc = desc
|
8
|
+
@exit_status = exit_status
|
8
9
|
end
|
9
10
|
|
10
11
|
def to_s
|
@@ -40,10 +41,14 @@ module Inspec::Resources
|
|
40
41
|
if cmd.exit_status != 0 || out =~ /Unable to connect to any servers/ || out.downcase =~ /^error:.*/
|
41
42
|
raise Inspec::Exceptions::ResourceFailed, "Cassandra query with errors: #{out}"
|
42
43
|
else
|
43
|
-
Lines.new(cmd.stdout.strip, "Cassandra query: #{q}")
|
44
|
+
Lines.new(cmd.stdout.strip, "Cassandra query: #{q}", cmd.exit_status)
|
44
45
|
end
|
45
46
|
end
|
46
47
|
|
48
|
+
def resource_id
|
49
|
+
"cassandradb_session:User:#{@user}:Host:#{host}"
|
50
|
+
end
|
51
|
+
|
47
52
|
def to_s
|
48
53
|
"Cassandra DB Session"
|
49
54
|
end
|
@@ -93,6 +93,11 @@ module Inspec::Resources
|
|
93
93
|
res.exit_status.to_i == 0
|
94
94
|
end
|
95
95
|
|
96
|
+
# to_s method outputs the command which we are using here as UUID to identify resource and also it take cares of Redact output
|
97
|
+
def resource_id
|
98
|
+
to_s || "command"
|
99
|
+
end
|
100
|
+
|
96
101
|
def to_s
|
97
102
|
output = "Command: `#{@command}`"
|
98
103
|
# Redact output if the `redact_regex` option is passed
|
data/lib/inspec/resources/csv.rb
CHANGED
@@ -19,7 +19,8 @@ module Inspec::Resources
|
|
19
19
|
|
20
20
|
def initialize(path, headers = true)
|
21
21
|
@headers = headers
|
22
|
-
|
22
|
+
@path = path
|
23
|
+
super(@path)
|
23
24
|
end
|
24
25
|
|
25
26
|
# override the parse method from JsonConfig
|
@@ -68,6 +69,10 @@ module Inspec::Resources
|
|
68
69
|
end
|
69
70
|
end
|
70
71
|
|
72
|
+
def resource_id
|
73
|
+
@path || "csv"
|
74
|
+
end
|
75
|
+
|
71
76
|
private
|
72
77
|
|
73
78
|
# used by JsonConfig to build up a full to_s method
|
@@ -37,6 +37,10 @@ module Inspec::Resources
|
|
37
37
|
"hosts.allow Configuration"
|
38
38
|
end
|
39
39
|
|
40
|
+
def resource_id
|
41
|
+
@conf_path
|
42
|
+
end
|
43
|
+
|
40
44
|
private
|
41
45
|
|
42
46
|
def read_content
|
@@ -110,5 +114,6 @@ module Inspec::Resources
|
|
110
114
|
def to_s
|
111
115
|
"hosts.deny Configuration"
|
112
116
|
end
|
117
|
+
|
113
118
|
end
|
114
119
|
end
|
@@ -35,11 +35,12 @@ module Inspec::Resources
|
|
35
35
|
end
|
36
36
|
EXAMPLE
|
37
37
|
|
38
|
-
attr_reader :file, :mount_options
|
38
|
+
attr_reader :file, :mount_options, :path
|
39
39
|
def initialize(path)
|
40
40
|
# select permissions style
|
41
41
|
@perms_provider = select_file_perms_style(inspec.os)
|
42
42
|
@file = inspec.backend.file(path)
|
43
|
+
@path = path
|
43
44
|
end
|
44
45
|
|
45
46
|
%w{
|
@@ -65,7 +66,7 @@ module Inspec::Resources
|
|
65
66
|
def user_permissions
|
66
67
|
return {} unless exist?
|
67
68
|
|
68
|
-
return
|
69
|
+
return skip_resource "`user_permissions` is not supported on your OS yet." unless inspec.os.windows?
|
69
70
|
|
70
71
|
@perms_provider.user_permissions(file)
|
71
72
|
end
|
@@ -217,6 +218,10 @@ module Inspec::Resources
|
|
217
218
|
end
|
218
219
|
end
|
219
220
|
|
221
|
+
def resource_id
|
222
|
+
path
|
223
|
+
end
|
224
|
+
|
220
225
|
private
|
221
226
|
|
222
227
|
def file_permission_granted?(access_type, by_usergroup, by_specific_user)
|
data/lib/inspec/resources/gem.rb
CHANGED
@@ -4,7 +4,7 @@
|
|
4
4
|
|
5
5
|
require "inspec/resources/command"
|
6
6
|
require "faraday" unless defined?(Faraday)
|
7
|
-
require "
|
7
|
+
require "faraday/follow_redirects"
|
8
8
|
require "hashie"
|
9
9
|
|
10
10
|
module Inspec::Resources
|
@@ -83,6 +83,10 @@ module Inspec::Resources
|
|
83
83
|
@response = nil
|
84
84
|
end
|
85
85
|
|
86
|
+
def resource_id
|
87
|
+
@url
|
88
|
+
end
|
89
|
+
|
86
90
|
private
|
87
91
|
|
88
92
|
def params
|
@@ -149,7 +153,7 @@ module Inspec::Resources
|
|
149
153
|
|
150
154
|
conn = Faraday.new(url: url, headers: request_headers, params: params, ssl: { verify: ssl_verify? }) do |builder|
|
151
155
|
builder.request :url_encoded
|
152
|
-
builder.use
|
156
|
+
builder.use Faraday::FollowRedirects::Middleware, limit: max_redirects unless max_redirects.nil?
|
153
157
|
builder.adapter Faraday.default_adapter
|
154
158
|
end
|
155
159
|
|
@@ -1,10 +1,11 @@
|
|
1
1
|
module Inspec::Resources
|
2
2
|
class Lines
|
3
|
-
attr_reader :output
|
3
|
+
attr_reader :output, :exit_status
|
4
4
|
|
5
|
-
def initialize(raw, desc)
|
5
|
+
def initialize(raw, desc, exit_status)
|
6
6
|
@output = raw
|
7
7
|
@desc = desc
|
8
|
+
@exit_status = exit_status
|
8
9
|
end
|
9
10
|
|
10
11
|
def to_s
|
@@ -58,7 +59,15 @@ module Inspec::Resources
|
|
58
59
|
if cmd.exit_status != 0 || out =~ /Can't connect to IBM Db2 / || out.downcase =~ /^error:.*/
|
59
60
|
raise Inspec::Exceptions::ResourceFailed, "IBM Db2 connection error: #{out}"
|
60
61
|
else
|
61
|
-
Lines.new(cmd.stdout.strip, "IBM Db2 Query: #{q}")
|
62
|
+
Lines.new(cmd.stdout.strip, "IBM Db2 Query: #{q}", cmd.exit_status)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
def resource_id
|
67
|
+
if inspec.os.platform?("windows")
|
68
|
+
"ibmdb2_session:DatabaseName#{@db_name}"
|
69
|
+
else
|
70
|
+
"ibmdb2_session:DatabaseInstance:#{@db_instance}:DatabaseName#{@db_name}"
|
62
71
|
end
|
63
72
|
end
|
64
73
|
|
@@ -62,6 +62,10 @@ module Inspec::Resources
|
|
62
62
|
@ip6tables_cache = cmd.stdout.split("\n").map(&:strip)
|
63
63
|
end
|
64
64
|
|
65
|
+
def resource_id
|
66
|
+
format("Ip6tables %s %s", @table && "table: #{@table}", @chain && "chain: #{@chain}").strip
|
67
|
+
end
|
68
|
+
|
65
69
|
def to_s
|
66
70
|
format("Ip6tables %s %s", @table && "table: #{@table}", @chain && "chain: #{@chain}").strip
|
67
71
|
end
|
@@ -69,6 +69,10 @@ module Inspec::Resources
|
|
69
69
|
end
|
70
70
|
end
|
71
71
|
|
72
|
+
def resource_id
|
73
|
+
format("Iptables %s %s", @table && "table: #{@table}", @chain && "chain: #{@chain}").strip
|
74
|
+
end
|
75
|
+
|
72
76
|
def to_s
|
73
77
|
format("Iptables %s %s", @table && "table: #{@table}", @chain && "chain: #{@chain}").strip
|
74
78
|
end
|
data/lib/inspec/resources/ksh.rb
CHANGED