inspec-core 5.17.4 → 5.21.29

data/lib/inspec/resources/lxc.rb

@@ -9,14 +9,26 @@ module Inspec::Resources
       describe lxc("ubuntu-container") do
         it { should exist }
         it { should be_running }
+        its("name") { should eq "ubuntu-container" }
+        its("status") { should cmp "Running" }
+        its("type") { should eq "container" }
+        its("architecture") { should eq "x86_64" }
+        its("pid") { should eq 1378 }
+        its("created_at") { should eq "2022/08/16 12:07 UTC" }
+        its("last_used_at") { should eq "2022/08/17 05:06 UTC" }
+        its("resources") { should include "Disk usage" }
       end
     EXAMPLE
 
+    attr_reader :container_info, :container_name
+
     # Resource initialization.
     def initialize(container_name)
       @container_name = container_name
 
       raise Inspec::Exceptions::ResourceSkipped, "The `lxc` resource is not supported on your OS yet." unless inspec.os.linux?
+
+      @container_info = populate_container_info
     end
 
     def resource_id
@@ -28,17 +40,60 @@ module Inspec::Resources
     end
 
     def exists?
-      lxc_info_cmd.exit_status.to_i == 0
+      !@container_info.empty?
     end
 
     def running?
-      container_info = lxc_info_cmd.stdout.split(":").map(&:strip)
-      container_info[0] == "Status" && container_info[1] == "Running"
+      @container_info.key?("Status") && @container_info["Status"].casecmp("Running") == 0
+    end
+
+    def name
+      @container_info["Name"]
+    end
+
+    def status
+      @container_info["Status"]
+    end
+
+    def type
+      @container_info["Type"]
+    end
+
+    def architecture
+      @container_info["Architecture"]
+    end
+
+    def pid
+      @container_info["PID"]
+    end
+
+    def created_at
+      @container_info["Created"]
+    end
+
+    def last_used_at
+      @container_info["Last Used"]
+    end
+
+    def resources
+      @container_info["Resources"]
     end
 
     private
 
-    # Method to find lxc
+    def populate_container_info
+      lxc_util = find_lxc_or_error
+      lxc_info_cmd = inspec.command("#{lxc_util} info #{@container_name}")
+
+      if lxc_info_cmd.exit_status.to_i == 0
+        parse_command_output(lxc_info_cmd.stdout)
+      elsif lxc_info_cmd.stderr =~ /Error: Instance not found/
+        {}
+      else
+        raise Inspec::Exceptions::ResourceFailed, "Unable to retrieve information for #{container_name}.\n#{lxc_info_cmd.stderr}"
+      end
+    end
+
     def find_lxc_or_error
       %w{/usr/sbin/lxc /sbin/lxc lxc}.each do |cmd|
         return cmd if inspec.command(cmd).exist?
@@ -47,11 +102,12 @@ module Inspec::Resources
       raise Inspec::Exceptions::ResourceFailed, "Could not find `lxc`"
     end
 
-    def lxc_info_cmd
-      bin = find_lxc_or_error
-      info_cmd = "info #{@container_name} | grep -i Status"
-      lxc_cmd = format("%s %s", bin, info_cmd).strip
-      inspec.command(lxc_cmd)
+    def parse_command_output(output)
+      require "yaml" unless defined?(YAML)
+      YAML.load(output)
+    rescue Psych::SyntaxError => e
+      warn "Could not parse the command output.\n#{e.message}"
+      {}
     end
   end
 end

data/lib/inspec/resources/mongodb.rb

@@ -19,6 +19,10 @@ module Inspec::Resources
       end
     end
 
+    def resource_id
+      @conf_path
+    end
+
     def to_s
       "MongoDB"
     end

data/lib/inspec/resources/mongodb_conf.rb

@@ -24,6 +24,11 @@ module Inspec::Resources
       super(@conf_path)
     end
 
+    # set resource_id to "" if system is not able to determine the @conf_path
+    def resource_id
+      @conf_path || "mongodb_conf"
+    end
+
     private
 
     def parse(content)

data/lib/inspec/resources/mongodb_session.rb

@@ -4,9 +4,10 @@ module Inspec::Resources
   class Lines
     attr_reader :params
 
-    def initialize(raw, desc)
+    def initialize(raw, desc, exit_status = nil)
       @params = raw
       @desc = desc
+      @exit_status = exit_status
     end
 
     def to_s
@@ -62,6 +63,10 @@ module Inspec::Resources
       raise Inspec::Exceptions::ResourceFailed, "Can't run MongoDB command Error: #{e.message}"
     end
 
+    def resource_id
+      "mongodb_session:User:#{@user}:Host:#{@host}:Database:#{@database}"
+    end
+
     private
 
     def create_session

data/lib/inspec/resources/mount.rb

@@ -51,6 +51,10 @@ module Inspec::Resources
       @mount_options[name]
     end
 
+    def resource_id
+      @path || "mount"
+    end
+
     def to_s
       "Mount #{@path}"
     end

data/lib/inspec/resources/mssql_session.rb

@@ -80,6 +80,10 @@ module Inspec::Resources
       end
     end
 
+    def resource_id
+      "mssql_session:User:#{@user}:Host:#{@host}:Database:#{@db_name}:Instance:#{@instance}"
+    end
+
     def to_s
       "MSSQL session"
     end

data/lib/inspec/resources/mssql_sys_conf.rb

@@ -19,6 +19,8 @@ module Inspec::Resources
     attr_reader :mssql_session, :sql_query
 
     def initialize(conf_param_name, opts = {})
+      @conf_param_name = conf_param_name
+      @opts = opts
       opts[:username] ||= "SA"
       @mssql_session = inspec.mssql_session(opts)
       setting = conf_param_name.to_s.gsub("_", " ").split.map(&:capitalize).join(" ")
@@ -37,6 +39,11 @@ module Inspec::Resources
       "MsSql DB Configuration"
     end
 
+    def resource_id
+      username = @opts[:username] || "SA"
+      "#{@conf_param_name}-#{username}"
+    end
+
     private
 
     def determine_system_configurations(setting)

data/lib/inspec/resources/mysql_conf.rb

@@ -121,6 +121,10 @@ module Inspec::Resources
       @files_contents[path] ||= read_file_content(path)
     end
 
+    def resource_id
+      @conf_path || "mysql_conf"
+    end
+
     def to_s
       "MySQL Configuration"
     end

data/lib/inspec/resources/mysql_session.rb

@@ -43,6 +43,7 @@ module Inspec::Resources
       @host = host
       @port = port
       @socket = socket
+      @db = nil
       init_fallback if user.nil? || pass.nil?
       raise Inspec::Exceptions::ResourceFailed, "Can't run MySQL SQL checks without authentication." if @user.nil? || @pass.nil?
 
@@ -52,7 +53,9 @@ module Inspec::Resources
     def query(q, db = "")
       raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
 
-      mysql_cmd = create_mysql_cmd(q, db)
+      @db = db
+      mysql_cmd = create_mysql_cmd(q, @db)
+
       cmd = if !@pass.nil?
               inspec.command(mysql_cmd, redact_regex: /(mysql -u\w+ -p).+(\s-(h|S).*)/)
             else
@@ -66,6 +69,10 @@ module Inspec::Resources
       end
     end
 
+    def resource_id
+      "mysql_session:User:#{@user}:Host:#{@host}:Database:#{@db}"
+    end
+
     def to_s
       "MySQL Session"
     end

data/lib/inspec/resources/nginx.rb

@@ -18,12 +18,13 @@ module Inspec::Resources
         its('modules') { should include 'my_module' }
       end
     EXAMPLE
-    attr_reader :params, :bin_dir
+    attr_reader :params, :bin_dir, :nginx_path
 
     def initialize(nginx_path = "/usr/sbin/nginx")
       return skip_resource "The `nginx` resource is not yet available on your OS." if inspec.os.windows?
       return skip_resource "The `nginx` binary not found in the path provided." unless inspec.command(nginx_path).exist?
 
+      @nginx_path = nginx_path
       cmd = inspec.command("#{nginx_path} -V 2>&1")
       if cmd.exit_status != 0
         return skip_resource "Error using the command nginx -V"
@@ -59,6 +60,10 @@ module Inspec::Resources
       @data.scan(/--with-(\S+)_module/).flatten
     end
 
+    def resource_id
+      nginx_path || "nginx"
+    end
+
     def to_s
       "Nginx Environment"
     end

data/lib/inspec/resources/nginx_conf.rb

@@ -50,6 +50,10 @@ module Inspec::Resources
 
     def_delegators :http, :servers, :locations
 
+    def resource_id
+      @conf_path || "nginx_conf"
+    end
+
     def to_s
       "nginx_conf #{@conf_path}"
     end

data/lib/inspec/resources/noop.rb

@@ -2,6 +2,10 @@ module Inspec::Resources
   class Noop < Inspec.resource(1)
     name "noop"
 
+    def resource_id
+      "No-op"
+    end
+
     def to_s
       "No-op"
     end

data/lib/inspec/resources/npm.rb

@@ -61,6 +61,10 @@ module Inspec::Resources
       info[:version]
     end
 
+    def resource_id
+      @package_name || "npm"
+    end
+
     def to_s
       "Npm Package #{@package_name}"
     end

data/lib/inspec/resources/ntp_conf.rb

@@ -30,6 +30,10 @@ module Inspec::Resources
       param
     end
 
+    def resource_id
+      @conf_path || "ntp_conf"
+    end
+
     def to_s
       "ntp.conf"
     end

data/lib/inspec/resources/oneget.rb

@@ -64,6 +64,10 @@ module Inspec::Resources
       info[:version]
     end
 
+    def resource_id
+      @package_name || "oneget"
+    end
+
     def to_s
       "OneGet Package #{@package_name}"
     end

data/lib/inspec/resources/opa_api.rb

@@ -6,6 +6,12 @@ module Inspec::Resources
     supports platform: "unix"
     supports platform: "windows"
 
+    example <<~EXAMPLE
+      describe opa_api(url: "localhost:8181/v1/data/example/violation", data: "input.json") do
+        its(["result"]) { should eq 'value' }
+      end
+    EXAMPLE
+
     def initialize(opts = {})
       @url = opts[:url] || nil
       @data = opts[:data] || nil
@@ -18,6 +24,10 @@ module Inspec::Resources
       @content["result"]
     end
 
+    def resource_id
+      @url || "opa_api"
+    end
+
     def to_s
       "OPA api"
     end

data/lib/inspec/resources/opa_cli.rb

@@ -6,6 +6,12 @@ module Inspec::Resources
     supports platform: "unix"
     supports platform: "windows"
 
+    example <<~EXAMPLE
+      describe opa_cli(policy: "example.rego", data: "input.json", query: "data.example.allow") do
+        its(["result"]) { should eq "value" }
+      end
+    EXAMPLE
+
     def initialize(opts = {})
       @opa_executable_path = opts[:opa_executable_path] || "opa" # if this path is not provided then we will assume that it's been set in the ENV PATH
       @policy = opts[:policy] || nil
@@ -22,6 +28,14 @@ module Inspec::Resources
       @content["result"][0]["expressions"][0]["value"] if @content["result"][0]["expressions"][0]["text"].include?("allow")
     end
 
+    def resource_id
+      if @policy.nil? && @query.nil?
+        "opa_cli"
+      else
+        "#{@policy}:#{@query}"
+      end
+    end
+
     def to_s
       "OPA cli"
     end

data/lib/inspec/resources/oracledb_conf.rb

@@ -17,6 +17,7 @@ module Inspec::Resources
 
     def initialize(opts = {})
       @oracledb_session = inspec.oracledb_session(opts)
+      @opts = opts
     end
 
     def method_missing(name)
@@ -28,6 +29,10 @@ module Inspec::Resources
       "Oracle DB Configuration"
     end
 
+    def resource_id
+      @opts[:user] || ""
+    end
+
     private
 
     def determine_database_setting(setting)

data/lib/inspec/resources/oracledb_listener_conf.rb

@@ -73,6 +73,10 @@ module Inspec::Resources
       "Oracle Listener Configuration"
     end
 
+    def resource_id
+      @conf_path
+    end
+
     private
 
     def read_content

data/lib/inspec/resources/oracledb_session.rb

@@ -76,6 +76,16 @@ module Inspec::Resources
       "Oracle Session"
     end
 
+    def resource_id
+      if @user
+        "#{@host}-#{@port}-#{@user}"
+      elsif @su_user
+        "#{@host}-#{@port}-#{@su_user}"
+      else
+        ""
+      end
+    end
+
     private
 
     # 3 commands
@@ -91,22 +101,31 @@ module Inspec::Resources
         verified_query = verify_query(escaped_query)
       end
 
-      sql_prefix, sql_postfix = "", ""
+      sql_prefix, sql_postfix, oracle_echo_str = "", "", ""
       if inspec.os.windows?
         sql_prefix = %{@'\n#{format_options}\n#{verified_query}\nEXIT\n'@ | }
       else
         sql_postfix = %{ <<'EOC'\n#{format_options}\n#{verified_query}\nEXIT\nEOC}
+        # oracle_query_string is echoed to be able to extract the query output clearly
+        oracle_echo_str = %{echo 'oracle_query_string';}
+      end
+
+      # Resetting sql_postfix if system is using AIX OS and C shell installation for oracle
+      if inspec.os.aix?
+        command_to_fetch_shell = @su_user ? %{su - #{@su_user} -c "env | grep SHELL"} : %{env | grep SHELL}
+        shell_is_csh = inspec.command(command_to_fetch_shell).stdout&.include? "/csh"
+        sql_postfix = %{ <<'EOC'\n#{format_options}\n#{verified_query}\nEXIT\n'EOC'} if shell_is_csh
       end
 
       if @db_role.nil?
-        %{#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service}#{sql_postfix}}
+        %{#{oracle_echo_str}#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service}#{sql_postfix}}
       elsif @su_user.nil?
-        %{#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service} as #{@db_role}#{sql_postfix}}
+        %{#{oracle_echo_str}#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service} as #{@db_role}#{sql_postfix}}
       else
         # oracle_query_string is echoed to be able to extract the query output clearly
         # su - su_user in certain versions of oracle returns a message
         # Example of msg with query output: The Oracle base remains unchanged with value /oracle\n\nVALUE\n3\n
-        %{su - #{@su_user} -c "echo 'oracle_query_string'; env ORACLE_SID=#{@service} #{@bin} / as #{@db_role}#{sql_postfix}"}
+        %{su - #{@su_user} -c "#{oracle_echo_str} env ORACLE_SID=#{@service} #{@bin} / as #{@db_role}#{sql_postfix}"}
       end
     end
 

data/lib/inspec/resources/os.rb

@@ -27,6 +27,10 @@ module Inspec::Resources
       end
     end
 
+    def resource_id
+      @platform.name || "OS"
+    end
+
     def to_s
       "Operating System Detection"
     end

data/lib/inspec/resources/os_env.rb

@@ -47,6 +47,10 @@ module Inspec::Resources
       @content = value_for(@osenv, @target) unless @osenv.nil?
     end
 
+    def resource_id
+      @osenv || ""
+    end
+
     def to_s
       if @osenv.nil?
         "Environment variables"

data/lib/inspec/resources/package.rb

@@ -96,6 +96,10 @@ module Inspec::Resources
       @latest_version ||= ( @pkgman.latest_version(@package_name) || info[:latest_version] )
     end
 
+    def resource_id
+      @package_name || "System Package"
+    end
+
     def to_s
       "System Package #{@package_name}"
     end

data/lib/inspec/resources/parse_config.rb

@@ -68,6 +68,10 @@ module Inspec::Resources
       end
     end
 
+    def resource_id
+      @content || "parse_config"
+    end
+
     def to_s
       "Parse Config #{@conf_path}"
     end
@@ -104,8 +108,13 @@ module Inspec::Resources
     EXAMPLE
 
     def initialize(path, opts = nil)
+      @path = path
       super(nil, opts)
-      parse_file(path)
+      parse_file(@path)
+    end
+
+    def resource_id
+      @path || "parse_config_file"
     end
 
     def to_s

data/lib/inspec/resources/pip.rb

@@ -56,6 +56,10 @@ module Inspec::Resources
       info[:version]
     end
 
+    def resource_id
+      @package_name || "pip"
+    end
+
     def to_s
       "Pip Package #{@package_name}"
     end

data/lib/inspec/resources/platform.rb

@@ -93,6 +93,10 @@ module Inspec::Resources
       key.to_s.tr("-", "_").to_sym
     end
 
+    def resource_id
+      @platform.name || "platform"
+    end
+
     def to_s
       "Platform Detection"
     end