inspec-core 5.17.4 → 5.21.29
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +20 -17
- data/etc/deprecations.json +4 -0
- data/inspec-core.gemspec +23 -23
- data/lib/inspec/base_cli.rb +7 -0
- data/lib/inspec/cli.rb +68 -11
- data/lib/inspec/dependencies/dependency_set.rb +6 -2
- data/lib/inspec/dsl.rb +24 -5
- data/lib/inspec/enhanced_outcomes.rb +19 -0
- data/lib/inspec/env_printer.rb +1 -1
- data/lib/inspec/errors.rb +2 -0
- data/lib/inspec/exceptions.rb +4 -0
- data/lib/inspec/fetcher/url.rb +1 -1
- data/lib/inspec/file_provider.rb +36 -0
- data/lib/inspec/formatters/base.rb +69 -16
- data/lib/inspec/iaf_file.rb +127 -0
- data/lib/inspec/plugin/v2/loader.rb +19 -8
- data/lib/inspec/plugin/v2/plugin_types/reporter.rb +1 -0
- data/lib/inspec/plugin/v2/plugin_types/streaming_reporter.rb +54 -0
- data/lib/inspec/profile.rb +17 -7
- data/lib/inspec/reporters/base.rb +1 -0
- data/lib/inspec/reporters/cli.rb +94 -3
- data/lib/inspec/reporters/json.rb +3 -1
- data/lib/inspec/reporters/yaml.rb +3 -1
- data/lib/inspec/reporters.rb +2 -1
- data/lib/inspec/resources/aide_conf.rb +4 -0
- data/lib/inspec/resources/apache.rb +4 -0
- data/lib/inspec/resources/apache_conf.rb +4 -0
- data/lib/inspec/resources/apt.rb +6 -1
- data/lib/inspec/resources/audit_policy.rb +5 -0
- data/lib/inspec/resources/auditd_conf.rb +4 -0
- data/lib/inspec/resources/bash.rb +4 -0
- data/lib/inspec/resources/bond.rb +4 -0
- data/lib/inspec/resources/bridge.rb +4 -0
- data/lib/inspec/resources/cassandradb_conf.rb +5 -0
- data/lib/inspec/resources/cassandradb_session.rb +8 -3
- data/lib/inspec/resources/chocolatey_package.rb +4 -0
- data/lib/inspec/resources/chrony_conf.rb +4 -0
- data/lib/inspec/resources/command.rb +5 -0
- data/lib/inspec/resources/cpan.rb +4 -0
- data/lib/inspec/resources/cran.rb +4 -0
- data/lib/inspec/resources/cron.rb +5 -0
- data/lib/inspec/resources/csv.rb +6 -1
- data/lib/inspec/resources/dh_params.rb +4 -0
- data/lib/inspec/resources/docker_container.rb +4 -0
- data/lib/inspec/resources/docker_image.rb +4 -0
- data/lib/inspec/resources/docker_plugin.rb +4 -0
- data/lib/inspec/resources/docker_service.rb +4 -0
- data/lib/inspec/resources/etc_group.rb +4 -0
- data/lib/inspec/resources/etc_hosts_allow_deny.rb +5 -0
- data/lib/inspec/resources/file.rb +7 -2
- data/lib/inspec/resources/filesystem.rb +4 -0
- data/lib/inspec/resources/gem.rb +4 -0
- data/lib/inspec/resources/groups.rb +4 -0
- data/lib/inspec/resources/grub_conf.rb +4 -0
- data/lib/inspec/resources/host.rb +4 -0
- data/lib/inspec/resources/http.rb +6 -2
- data/lib/inspec/resources/ibmdb2_conf.rb +8 -0
- data/lib/inspec/resources/ibmdb2_session.rb +12 -3
- data/lib/inspec/resources/iis_app.rb +4 -0
- data/lib/inspec/resources/iis_app_pool.rb +4 -0
- data/lib/inspec/resources/iis_site.rb +4 -0
- data/lib/inspec/resources/inetd_conf.rb +4 -0
- data/lib/inspec/resources/interface.rb +4 -0
- data/lib/inspec/resources/ip6tables.rb +4 -0
- data/lib/inspec/resources/ipfilter.rb +4 -0
- data/lib/inspec/resources/ipnat.rb +4 -0
- data/lib/inspec/resources/iptables.rb +4 -0
- data/lib/inspec/resources/json.rb +4 -0
- data/lib/inspec/resources/kernel_module.rb +4 -0
- data/lib/inspec/resources/kernel_parameter.rb +4 -0
- data/lib/inspec/resources/key_rsa.rb +4 -0
- data/lib/inspec/resources/ksh.rb +4 -0
- data/lib/inspec/resources/limits_conf.rb +4 -0
- data/lib/inspec/resources/login_defs.rb +4 -0
- data/lib/inspec/resources/lxc.rb +65 -9
- data/lib/inspec/resources/mongodb.rb +4 -0
- data/lib/inspec/resources/mongodb_conf.rb +5 -0
- data/lib/inspec/resources/mongodb_session.rb +6 -1
- data/lib/inspec/resources/mount.rb +4 -0
- data/lib/inspec/resources/mssql_session.rb +4 -0
- data/lib/inspec/resources/mssql_sys_conf.rb +7 -0
- data/lib/inspec/resources/mysql_conf.rb +4 -0
- data/lib/inspec/resources/mysql_session.rb +8 -1
- data/lib/inspec/resources/nginx.rb +6 -1
- data/lib/inspec/resources/nginx_conf.rb +4 -0
- data/lib/inspec/resources/noop.rb +4 -0
- data/lib/inspec/resources/npm.rb +4 -0
- data/lib/inspec/resources/ntp_conf.rb +4 -0
- data/lib/inspec/resources/oneget.rb +4 -0
- data/lib/inspec/resources/opa_api.rb +10 -0
- data/lib/inspec/resources/opa_cli.rb +14 -0
- data/lib/inspec/resources/oracledb_conf.rb +5 -0
- data/lib/inspec/resources/oracledb_listener_conf.rb +4 -0
- data/lib/inspec/resources/oracledb_session.rb +23 -4
- data/lib/inspec/resources/os.rb +4 -0
- data/lib/inspec/resources/os_env.rb +4 -0
- data/lib/inspec/resources/package.rb +4 -0
- data/lib/inspec/resources/parse_config.rb +10 -1
- data/lib/inspec/resources/pip.rb +4 -0
- data/lib/inspec/resources/platform.rb +4 -0
- data/lib/inspec/resources/podman.rb +353 -0
- data/lib/inspec/resources/podman_container.rb +84 -0
- data/lib/inspec/resources/podman_image.rb +108 -0
- data/lib/inspec/resources/podman_network.rb +81 -0
- data/lib/inspec/resources/podman_pod.rb +101 -0
- data/lib/inspec/resources/podman_volume.rb +87 -0
- data/lib/inspec/resources/postfix_conf.rb +4 -0
- data/lib/inspec/resources/postgres_conf.rb +4 -0
- data/lib/inspec/resources/postgres_session.rb +8 -4
- data/lib/inspec/resources/powershell.rb +4 -0
- data/lib/inspec/resources/processes.rb +6 -4
- data/lib/inspec/resources/rabbitmq_config.rb +4 -0
- data/lib/inspec/resources/registry_key.rb +4 -0
- data/lib/inspec/resources/security_identifier.rb +4 -0
- data/lib/inspec/resources/security_policy.rb +4 -0
- data/lib/inspec/resources/service.rb +5 -1
- data/lib/inspec/resources/ssh_config.rb +4 -0
- data/lib/inspec/resources/sybase_conf.rb +4 -0
- data/lib/inspec/resources/sybase_session.rb +4 -0
- data/lib/inspec/resources/sys_info.rb +4 -0
- data/lib/inspec/resources/timezone.rb +4 -0
- data/lib/inspec/resources/users.rb +4 -0
- data/lib/inspec/resources/vbscript.rb +5 -0
- data/lib/inspec/resources/virtualization.rb +4 -0
- data/lib/inspec/resources/windows_feature.rb +5 -1
- data/lib/inspec/resources/windows_firewall.rb +4 -0
- data/lib/inspec/resources/windows_firewall_rule.rb +4 -0
- data/lib/inspec/resources/windows_hotfix.rb +4 -0
- data/lib/inspec/resources/windows_task.rb +4 -0
- data/lib/inspec/resources/wmi.rb +4 -0
- data/lib/inspec/resources/x509_certificate.rb +59 -0
- data/lib/inspec/resources/yum.rb +4 -0
- data/lib/inspec/resources/zfs_dataset.rb +4 -0
- data/lib/inspec/resources/zfs_pool.rb +4 -0
- data/lib/inspec/rule.rb +55 -18
- data/lib/inspec/run_data/control.rb +6 -0
- data/lib/inspec/run_data/statistics.rb +8 -2
- data/lib/inspec/runner.rb +18 -8
- data/lib/inspec/runner_rspec.rb +3 -2
- data/lib/inspec/schema/exec_json.rb +78 -2
- data/lib/inspec/schema/output_schema.rb +4 -1
- data/lib/inspec/schema/profile_json.rb +46 -0
- data/lib/inspec/schema.rb +91 -0
- data/lib/inspec/secrets/yaml.rb +7 -1
- data/lib/inspec/ui.rb +1 -0
- data/lib/inspec/utils/convert.rb +8 -0
- data/lib/inspec/utils/podman.rb +24 -0
- data/lib/inspec/utils/waivers/csv_file_reader.rb +34 -0
- data/lib/inspec/utils/waivers/excel_file_reader.rb +39 -0
- data/lib/inspec/utils/waivers/json_file_reader.rb +15 -0
- data/lib/inspec/utils/yaml_profile_summary.rb +34 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/inspec/waiver_file_reader.rb +61 -0
- data/lib/matchers/matchers.rb +7 -1
- data/lib/plugins/inspec-init/templates/profiles/alicloud/README.md +27 -0
- data/lib/plugins/inspec-init/templates/profiles/alicloud/controls/example.rb +10 -0
- data/lib/plugins/inspec-init/templates/profiles/alicloud/inputs.yml +1 -0
- data/lib/plugins/inspec-init/templates/profiles/alicloud/inspec.yml +14 -0
- data/lib/plugins/inspec-reporter-html2/README.md +1 -1
- data/lib/plugins/inspec-reporter-html2/templates/body.html.erb +11 -5
- data/lib/plugins/inspec-reporter-html2/templates/control.html.erb +11 -7
- data/lib/plugins/inspec-reporter-html2/templates/default.css +12 -0
- data/lib/plugins/inspec-reporter-html2/templates/profile.html.erb +1 -1
- data/lib/plugins/inspec-reporter-html2/templates/selector.html.erb +7 -1
- data/lib/plugins/{inspec-artifact/inspec-artifact.gemspec → inspec-sign/inspec-sign.gemspec} +2 -2
- data/lib/plugins/inspec-sign/lib/inspec-sign/base.rb +164 -0
- data/lib/plugins/{inspec-artifact/lib/inspec-artifact → inspec-sign/lib/inspec-sign}/cli.rb +14 -23
- data/lib/plugins/inspec-sign/lib/inspec-sign.rb +12 -0
- data/lib/plugins/inspec-streaming-reporter-progress-bar/lib/inspec-streaming-reporter-progress-bar/streaming_reporter.rb +39 -13
- data/lib/source_readers/inspec.rb +8 -2
- metadata +33 -15
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +0 -187
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +0 -12
data/lib/inspec/resources/lxc.rb
CHANGED
@@ -9,14 +9,26 @@ module Inspec::Resources
|
|
9
9
|
describe lxc("ubuntu-container") do
|
10
10
|
it { should exist }
|
11
11
|
it { should be_running }
|
12
|
+
its("name") { should eq "ubuntu-container" }
|
13
|
+
its("status") { should cmp "Running" }
|
14
|
+
its("type") { should eq "container" }
|
15
|
+
its("architecture") { should eq "x86_64" }
|
16
|
+
its("pid") { should eq 1378 }
|
17
|
+
its("created_at") { should eq "2022/08/16 12:07 UTC" }
|
18
|
+
its("last_used_at") { should eq "2022/08/17 05:06 UTC" }
|
19
|
+
its("resources") { should include "Disk usage" }
|
12
20
|
end
|
13
21
|
EXAMPLE
|
14
22
|
|
23
|
+
attr_reader :container_info, :container_name
|
24
|
+
|
15
25
|
# Resource initialization.
|
16
26
|
def initialize(container_name)
|
17
27
|
@container_name = container_name
|
18
28
|
|
19
29
|
raise Inspec::Exceptions::ResourceSkipped, "The `lxc` resource is not supported on your OS yet." unless inspec.os.linux?
|
30
|
+
|
31
|
+
@container_info = populate_container_info
|
20
32
|
end
|
21
33
|
|
22
34
|
def resource_id
|
@@ -28,17 +40,60 @@ module Inspec::Resources
|
|
28
40
|
end
|
29
41
|
|
30
42
|
def exists?
|
31
|
-
|
43
|
+
!@container_info.empty?
|
32
44
|
end
|
33
45
|
|
34
46
|
def running?
|
35
|
-
container_info
|
36
|
-
|
47
|
+
@container_info.key?("Status") && @container_info["Status"].casecmp("Running") == 0
|
48
|
+
end
|
49
|
+
|
50
|
+
def name
|
51
|
+
@container_info["Name"]
|
52
|
+
end
|
53
|
+
|
54
|
+
def status
|
55
|
+
@container_info["Status"]
|
56
|
+
end
|
57
|
+
|
58
|
+
def type
|
59
|
+
@container_info["Type"]
|
60
|
+
end
|
61
|
+
|
62
|
+
def architecture
|
63
|
+
@container_info["Architecture"]
|
64
|
+
end
|
65
|
+
|
66
|
+
def pid
|
67
|
+
@container_info["PID"]
|
68
|
+
end
|
69
|
+
|
70
|
+
def created_at
|
71
|
+
@container_info["Created"]
|
72
|
+
end
|
73
|
+
|
74
|
+
def last_used_at
|
75
|
+
@container_info["Last Used"]
|
76
|
+
end
|
77
|
+
|
78
|
+
def resources
|
79
|
+
@container_info["Resources"]
|
37
80
|
end
|
38
81
|
|
39
82
|
private
|
40
83
|
|
41
|
-
|
84
|
+
def populate_container_info
|
85
|
+
lxc_util = find_lxc_or_error
|
86
|
+
lxc_info_cmd = inspec.command("#{lxc_util} info #{@container_name}")
|
87
|
+
|
88
|
+
if lxc_info_cmd.exit_status.to_i == 0
|
89
|
+
parse_command_output(lxc_info_cmd.stdout)
|
90
|
+
elsif lxc_info_cmd.stderr =~ /Error: Instance not found/
|
91
|
+
{}
|
92
|
+
else
|
93
|
+
raise Inspec::Exceptions::ResourceFailed, "Unable to retrieve information for #{container_name}.\n#{lxc_info_cmd.stderr}"
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
42
97
|
def find_lxc_or_error
|
43
98
|
%w{/usr/sbin/lxc /sbin/lxc lxc}.each do |cmd|
|
44
99
|
return cmd if inspec.command(cmd).exist?
|
@@ -47,11 +102,12 @@ module Inspec::Resources
|
|
47
102
|
raise Inspec::Exceptions::ResourceFailed, "Could not find `lxc`"
|
48
103
|
end
|
49
104
|
|
50
|
-
def
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
105
|
+
def parse_command_output(output)
|
106
|
+
require "yaml" unless defined?(YAML)
|
107
|
+
YAML.load(output)
|
108
|
+
rescue Psych::SyntaxError => e
|
109
|
+
warn "Could not parse the command output.\n#{e.message}"
|
110
|
+
{}
|
55
111
|
end
|
56
112
|
end
|
57
113
|
end
|
@@ -4,9 +4,10 @@ module Inspec::Resources
|
|
4
4
|
class Lines
|
5
5
|
attr_reader :params
|
6
6
|
|
7
|
-
def initialize(raw, desc)
|
7
|
+
def initialize(raw, desc, exit_status = nil)
|
8
8
|
@params = raw
|
9
9
|
@desc = desc
|
10
|
+
@exit_status = exit_status
|
10
11
|
end
|
11
12
|
|
12
13
|
def to_s
|
@@ -62,6 +63,10 @@ module Inspec::Resources
|
|
62
63
|
raise Inspec::Exceptions::ResourceFailed, "Can't run MongoDB command Error: #{e.message}"
|
63
64
|
end
|
64
65
|
|
66
|
+
def resource_id
|
67
|
+
"mongodb_session:User:#{@user}:Host:#{@host}:Database:#{@database}"
|
68
|
+
end
|
69
|
+
|
65
70
|
private
|
66
71
|
|
67
72
|
def create_session
|
@@ -19,6 +19,8 @@ module Inspec::Resources
|
|
19
19
|
attr_reader :mssql_session, :sql_query
|
20
20
|
|
21
21
|
def initialize(conf_param_name, opts = {})
|
22
|
+
@conf_param_name = conf_param_name
|
23
|
+
@opts = opts
|
22
24
|
opts[:username] ||= "SA"
|
23
25
|
@mssql_session = inspec.mssql_session(opts)
|
24
26
|
setting = conf_param_name.to_s.gsub("_", " ").split.map(&:capitalize).join(" ")
|
@@ -37,6 +39,11 @@ module Inspec::Resources
|
|
37
39
|
"MsSql DB Configuration"
|
38
40
|
end
|
39
41
|
|
42
|
+
def resource_id
|
43
|
+
username = @opts[:username] || "SA"
|
44
|
+
"#{@conf_param_name}-#{username}"
|
45
|
+
end
|
46
|
+
|
40
47
|
private
|
41
48
|
|
42
49
|
def determine_system_configurations(setting)
|
@@ -43,6 +43,7 @@ module Inspec::Resources
|
|
43
43
|
@host = host
|
44
44
|
@port = port
|
45
45
|
@socket = socket
|
46
|
+
@db = nil
|
46
47
|
init_fallback if user.nil? || pass.nil?
|
47
48
|
raise Inspec::Exceptions::ResourceFailed, "Can't run MySQL SQL checks without authentication." if @user.nil? || @pass.nil?
|
48
49
|
|
@@ -52,7 +53,9 @@ module Inspec::Resources
|
|
52
53
|
def query(q, db = "")
|
53
54
|
raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
|
54
55
|
|
55
|
-
|
56
|
+
@db = db
|
57
|
+
mysql_cmd = create_mysql_cmd(q, @db)
|
58
|
+
|
56
59
|
cmd = if !@pass.nil?
|
57
60
|
inspec.command(mysql_cmd, redact_regex: /(mysql -u\w+ -p).+(\s-(h|S).*)/)
|
58
61
|
else
|
@@ -66,6 +69,10 @@ module Inspec::Resources
|
|
66
69
|
end
|
67
70
|
end
|
68
71
|
|
72
|
+
def resource_id
|
73
|
+
"mysql_session:User:#{@user}:Host:#{@host}:Database:#{@db}"
|
74
|
+
end
|
75
|
+
|
69
76
|
def to_s
|
70
77
|
"MySQL Session"
|
71
78
|
end
|
@@ -18,12 +18,13 @@ module Inspec::Resources
|
|
18
18
|
its('modules') { should include 'my_module' }
|
19
19
|
end
|
20
20
|
EXAMPLE
|
21
|
-
attr_reader :params, :bin_dir
|
21
|
+
attr_reader :params, :bin_dir, :nginx_path
|
22
22
|
|
23
23
|
def initialize(nginx_path = "/usr/sbin/nginx")
|
24
24
|
return skip_resource "The `nginx` resource is not yet available on your OS." if inspec.os.windows?
|
25
25
|
return skip_resource "The `nginx` binary not found in the path provided." unless inspec.command(nginx_path).exist?
|
26
26
|
|
27
|
+
@nginx_path = nginx_path
|
27
28
|
cmd = inspec.command("#{nginx_path} -V 2>&1")
|
28
29
|
if cmd.exit_status != 0
|
29
30
|
return skip_resource "Error using the command nginx -V"
|
@@ -59,6 +60,10 @@ module Inspec::Resources
|
|
59
60
|
@data.scan(/--with-(\S+)_module/).flatten
|
60
61
|
end
|
61
62
|
|
63
|
+
def resource_id
|
64
|
+
nginx_path || "nginx"
|
65
|
+
end
|
66
|
+
|
62
67
|
def to_s
|
63
68
|
"Nginx Environment"
|
64
69
|
end
|
data/lib/inspec/resources/npm.rb
CHANGED
@@ -6,6 +6,12 @@ module Inspec::Resources
|
|
6
6
|
supports platform: "unix"
|
7
7
|
supports platform: "windows"
|
8
8
|
|
9
|
+
example <<~EXAMPLE
|
10
|
+
describe opa_api(url: "localhost:8181/v1/data/example/violation", data: "input.json") do
|
11
|
+
its(["result"]) { should eq 'value' }
|
12
|
+
end
|
13
|
+
EXAMPLE
|
14
|
+
|
9
15
|
def initialize(opts = {})
|
10
16
|
@url = opts[:url] || nil
|
11
17
|
@data = opts[:data] || nil
|
@@ -18,6 +24,10 @@ module Inspec::Resources
|
|
18
24
|
@content["result"]
|
19
25
|
end
|
20
26
|
|
27
|
+
def resource_id
|
28
|
+
@url || "opa_api"
|
29
|
+
end
|
30
|
+
|
21
31
|
def to_s
|
22
32
|
"OPA api"
|
23
33
|
end
|
@@ -6,6 +6,12 @@ module Inspec::Resources
|
|
6
6
|
supports platform: "unix"
|
7
7
|
supports platform: "windows"
|
8
8
|
|
9
|
+
example <<~EXAMPLE
|
10
|
+
describe opa_cli(policy: "example.rego", data: "input.json", query: "data.example.allow") do
|
11
|
+
its(["result"]) { should eq "value" }
|
12
|
+
end
|
13
|
+
EXAMPLE
|
14
|
+
|
9
15
|
def initialize(opts = {})
|
10
16
|
@opa_executable_path = opts[:opa_executable_path] || "opa" # if this path is not provided then we will assume that it's been set in the ENV PATH
|
11
17
|
@policy = opts[:policy] || nil
|
@@ -22,6 +28,14 @@ module Inspec::Resources
|
|
22
28
|
@content["result"][0]["expressions"][0]["value"] if @content["result"][0]["expressions"][0]["text"].include?("allow")
|
23
29
|
end
|
24
30
|
|
31
|
+
def resource_id
|
32
|
+
if @policy.nil? && @query.nil?
|
33
|
+
"opa_cli"
|
34
|
+
else
|
35
|
+
"#{@policy}:#{@query}"
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
25
39
|
def to_s
|
26
40
|
"OPA cli"
|
27
41
|
end
|
@@ -17,6 +17,7 @@ module Inspec::Resources
|
|
17
17
|
|
18
18
|
def initialize(opts = {})
|
19
19
|
@oracledb_session = inspec.oracledb_session(opts)
|
20
|
+
@opts = opts
|
20
21
|
end
|
21
22
|
|
22
23
|
def method_missing(name)
|
@@ -28,6 +29,10 @@ module Inspec::Resources
|
|
28
29
|
"Oracle DB Configuration"
|
29
30
|
end
|
30
31
|
|
32
|
+
def resource_id
|
33
|
+
@opts[:user] || ""
|
34
|
+
end
|
35
|
+
|
31
36
|
private
|
32
37
|
|
33
38
|
def determine_database_setting(setting)
|
@@ -76,6 +76,16 @@ module Inspec::Resources
|
|
76
76
|
"Oracle Session"
|
77
77
|
end
|
78
78
|
|
79
|
+
def resource_id
|
80
|
+
if @user
|
81
|
+
"#{@host}-#{@port}-#{@user}"
|
82
|
+
elsif @su_user
|
83
|
+
"#{@host}-#{@port}-#{@su_user}"
|
84
|
+
else
|
85
|
+
""
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
79
89
|
private
|
80
90
|
|
81
91
|
# 3 commands
|
@@ -91,22 +101,31 @@ module Inspec::Resources
|
|
91
101
|
verified_query = verify_query(escaped_query)
|
92
102
|
end
|
93
103
|
|
94
|
-
sql_prefix, sql_postfix = "", ""
|
104
|
+
sql_prefix, sql_postfix, oracle_echo_str = "", "", ""
|
95
105
|
if inspec.os.windows?
|
96
106
|
sql_prefix = %{@'\n#{format_options}\n#{verified_query}\nEXIT\n'@ | }
|
97
107
|
else
|
98
108
|
sql_postfix = %{ <<'EOC'\n#{format_options}\n#{verified_query}\nEXIT\nEOC}
|
109
|
+
# oracle_query_string is echoed to be able to extract the query output clearly
|
110
|
+
oracle_echo_str = %{echo 'oracle_query_string';}
|
111
|
+
end
|
112
|
+
|
113
|
+
# Resetting sql_postfix if system is using AIX OS and C shell installation for oracle
|
114
|
+
if inspec.os.aix?
|
115
|
+
command_to_fetch_shell = @su_user ? %{su - #{@su_user} -c "env | grep SHELL"} : %{env | grep SHELL}
|
116
|
+
shell_is_csh = inspec.command(command_to_fetch_shell).stdout&.include? "/csh"
|
117
|
+
sql_postfix = %{ <<'EOC'\n#{format_options}\n#{verified_query}\nEXIT\n'EOC'} if shell_is_csh
|
99
118
|
end
|
100
119
|
|
101
120
|
if @db_role.nil?
|
102
|
-
%{#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service}#{sql_postfix}}
|
121
|
+
%{#{oracle_echo_str}#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service}#{sql_postfix}}
|
103
122
|
elsif @su_user.nil?
|
104
|
-
%{#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service} as #{@db_role}#{sql_postfix}}
|
123
|
+
%{#{oracle_echo_str}#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service} as #{@db_role}#{sql_postfix}}
|
105
124
|
else
|
106
125
|
# oracle_query_string is echoed to be able to extract the query output clearly
|
107
126
|
# su - su_user in certain versions of oracle returns a message
|
108
127
|
# Example of msg with query output: The Oracle base remains unchanged with value /oracle\n\nVALUE\n3\n
|
109
|
-
%{su - #{@su_user} -c "
|
128
|
+
%{su - #{@su_user} -c "#{oracle_echo_str} env ORACLE_SID=#{@service} #{@bin} / as #{@db_role}#{sql_postfix}"}
|
110
129
|
end
|
111
130
|
end
|
112
131
|
|
data/lib/inspec/resources/os.rb
CHANGED
@@ -68,6 +68,10 @@ module Inspec::Resources
|
|
68
68
|
end
|
69
69
|
end
|
70
70
|
|
71
|
+
def resource_id
|
72
|
+
@content || "parse_config"
|
73
|
+
end
|
74
|
+
|
71
75
|
def to_s
|
72
76
|
"Parse Config #{@conf_path}"
|
73
77
|
end
|
@@ -104,8 +108,13 @@ module Inspec::Resources
|
|
104
108
|
EXAMPLE
|
105
109
|
|
106
110
|
def initialize(path, opts = nil)
|
111
|
+
@path = path
|
107
112
|
super(nil, opts)
|
108
|
-
parse_file(path)
|
113
|
+
parse_file(@path)
|
114
|
+
end
|
115
|
+
|
116
|
+
def resource_id
|
117
|
+
@path || "parse_config_file"
|
109
118
|
end
|
110
119
|
|
111
120
|
def to_s
|
data/lib/inspec/resources/pip.rb
CHANGED