inspec-core 5.17.4 → 5.21.29

data/lib/plugins/inspec-streaming-reporter-progress-bar/lib/inspec-streaming-reporter-progress-bar/streaming_reporter.rb

@@ -20,6 +20,9 @@ module InspecPlugins::StreamingReporterProgressBar
         "passed" => "\033[0;1;32m",
         "skipped" => "\033[0;37m",
         "reset" => "\033[0m",
+        "error" => "\033[34m",
+        "not_applicable" => "\033[36m",
+        "not_reviewed" => "\033[33m",
       }.freeze
 
       # Most currently available Windows terminals have poor support
@@ -28,6 +31,9 @@ module InspecPlugins::StreamingReporterProgressBar
         "failed" => "[FAIL]",
         "skipped" => "[SKIP]",
         "passed" => "[PASS]",
+        "error" => "  [ERROR]  ",
+        "not_applicable" => "  [N/A]    ",
+        "not_reviewed" => "  [N/R]    ",
       }.freeze
     else
       # Extended colors for everyone else
@@ -36,6 +42,9 @@ module InspecPlugins::StreamingReporterProgressBar
         "passed" => "\033[38;5;41m",
         "skipped" => "\033[38;5;247m",
         "reset" => "\033[0m",
+        "error" => "\033[0;38;5;21m",
+        "not_applicable" => "\033[0;38;5;117m",
+        "not_reviewed" => "\033[0;38;5;214m",
       }.freeze
 
       # Groovy UTF-8 characters for everyone else...
@@ -44,6 +53,9 @@ module InspecPlugins::StreamingReporterProgressBar
         "failed" => "× [FAILED] ",
         "skipped" => "↺ [SKIPPED]",
         "passed" => "✔ [PASSED] ",
+        "error" => "× [ERROR]  ",
+        "not_applicable" => "  [N/A]    ",
+        "not_reviewed" => "  [N/R]    ",
       }.freeze
     end
 
@@ -71,29 +83,43 @@ module InspecPlugins::StreamingReporterProgressBar
       control_id = notification.example.metadata[:id]
       title = notification.example.metadata[:title]
       full_description = notification.example.metadata[:full_description]
-      control_impact = notification.example.metadata[:impact]
+
+      # No-op exception occurs in case of not_applicable_if
+      if (full_description.include? "No-op") && notification.example.exception
+        full_description += notification.example.exception.message
+      end
+
       set_status_mapping(control_id, status)
-      show_progress(control_id, title, full_description, control_impact) if control_ended?(control_id)
+      collect_notifications(notification, control_id, status)
+      control_ended = control_ended?(control_id)
+      if control_ended
+        control_outcome = add_enhanced_outcomes(control_id) if enhanced_outcomes
+        show_progress(control_id, title, full_description, control_outcome)
+      end
     end
 
-    def show_progress(control_id, title, full_description, control_impact)
+    def show_progress(control_id, title, full_description, control_outcome)
       @bar ||= ProgressBar.new(controls_count, :bar, :counter, :percentage)
       sleep 0.1
       @bar.increment!
-      @bar.puts format_it(control_id, title, full_description, control_impact)
+      @bar.puts format_it(control_id, title, full_description, control_outcome)
     rescue StandardError => e
       raise "Exception in Progress Bar streaming reporter: #{e}"
     end
 
-    def format_it(control_id, title, full_description, control_impact)
-      control_status = if @status_mapping[control_id].include? "failed"
-                         "failed"
-                       elsif @status_mapping[control_id].include? "passed"
-                         "passed"
-                       else
-                         @status_mapping[control_id].include? "skipped"
-                         "skipped"
-                       end
+    def format_it(control_id, title, full_description, control_outcome)
+      if control_outcome
+        control_status = control_outcome
+      else
+        control_status = if @status_mapping[control_id].include? "failed"
+                           "failed"
+                         elsif @status_mapping[control_id].include? "passed"
+                           "passed"
+                         else
+                           @status_mapping[control_id].include? "skipped"
+                           "skipped"
+                         end
+      end
       indicator = INDICATORS[control_status]
       message_to_format = ""
       message_to_format += "#{indicator}  "

data/lib/source_readers/inspec.rb

@@ -12,7 +12,7 @@ module SourceReaders
       nil
     end
 
-    attr_reader :metadata, :tests, :libraries, :data_files, :target
+    attr_reader :metadata, :metadata_src, :tests, :libraries, :data_files, :target, :readme
 
     # This create a new instance of an InSpec profile source reader
     #
@@ -24,14 +24,16 @@ module SourceReaders
       @tests      = load_tests
       @libraries  = load_libs
       @data_files = load_data_files
+      @readme     = load_readme
     end
 
     private
 
     def load_metadata(metadata_source)
+      @metadata_src = @target.read(metadata_source)
       Inspec::Metadata.from_ref(
         metadata_source,
-        @target.read(metadata_source),
+        @metadata_src,
         nil
       )
     rescue Psych::SyntaxError => e
@@ -62,5 +64,9 @@ module SourceReaders
     def load_data_files
       load_all(%r{^files/})
     end
+
+    def load_readme
+      load_all(/README.md/)
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 5.17.4
+  version: 5.21.29
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-05-24 00:00:00.000000000 Z
+date: 2023-01-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -226,34 +226,34 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.9.0
+        version: '1'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.9.0
+        version: '1'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '3'
 - !ruby/object:Gem::Dependency
-  name: faraday_middleware
+  name: faraday-follow_redirects
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '0.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '0.3'
 - !ruby/object:Gem::Dependency
   name: tty-table
   requirement: !ruby/object:Gem::Requirement
@@ -370,14 +370,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.10'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.10'
 description: InSpec provides a framework for creating end-to-end infrastructure tests.
   You can use it for integration or even compliance testing. Create fully portable
   test profiles and use them in your workflow to ensure stability and security. Integrate
@@ -429,6 +429,7 @@ files:
 - lib/inspec/dist.rb
 - lib/inspec/dsl.rb
 - lib/inspec/dsl_shared.rb
+- lib/inspec/enhanced_outcomes.rb
 - lib/inspec/env_printer.rb
 - lib/inspec/errors.rb
 - lib/inspec/exceptions.rb
@@ -444,6 +445,7 @@ files:
 - lib/inspec/formatters/json_rspec.rb
 - lib/inspec/formatters/show_progress.rb
 - lib/inspec/globals.rb
+- lib/inspec/iaf_file.rb
 - lib/inspec/impact.rb
 - lib/inspec/input.rb
 - lib/inspec/input_dsl_helpers.rb
@@ -605,6 +607,12 @@ files:
 - lib/inspec/resources/php_config.rb
 - lib/inspec/resources/pip.rb
 - lib/inspec/resources/platform.rb
+- lib/inspec/resources/podman.rb
+- lib/inspec/resources/podman_container.rb
+- lib/inspec/resources/podman_image.rb
+- lib/inspec/resources/podman_network.rb
+- lib/inspec/resources/podman_pod.rb
+- lib/inspec/resources/podman_volume.rb
 - lib/inspec/resources/port.rb
 - lib/inspec/resources/postfix_conf.rb
 - lib/inspec/resources/postgres.rb
@@ -706,6 +714,7 @@ files:
 - lib/inspec/utils/object_traversal.rb
 - lib/inspec/utils/parser.rb
 - lib/inspec/utils/pkey_reader.rb
+- lib/inspec/utils/podman.rb
 - lib/inspec/utils/run_data_filters.rb
 - lib/inspec/utils/simpleconfig.rb
 - lib/inspec/utils/spdx.rb
@@ -715,13 +724,14 @@ files:
 - lib/inspec/utils/telemetry/data_series.rb
 - lib/inspec/utils/telemetry/global_methods.rb
 - lib/inspec/utils/telemetry/run_context_probe.rb
+- lib/inspec/utils/waivers/csv_file_reader.rb
+- lib/inspec/utils/waivers/excel_file_reader.rb
+- lib/inspec/utils/waivers/json_file_reader.rb
+- lib/inspec/utils/yaml_profile_summary.rb
 - lib/inspec/version.rb
+- lib/inspec/waiver_file_reader.rb
 - lib/matchers/matchers.rb
 - lib/plugins/README.md
-- lib/plugins/inspec-artifact/inspec-artifact.gemspec
-- lib/plugins/inspec-artifact/lib/inspec-artifact.rb
-- lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb
-- lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb
 - lib/plugins/inspec-compliance/README.md
 - lib/plugins/inspec-compliance/inspec-compliance.gemspec
 - lib/plugins/inspec-compliance/lib/inspec-compliance.rb
@@ -760,6 +770,10 @@ files:
 - lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/reporter.erb
 - lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/streaming_reporter.erb
 - lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.erb
+- lib/plugins/inspec-init/templates/profiles/alicloud/README.md
+- lib/plugins/inspec-init/templates/profiles/alicloud/controls/example.rb
+- lib/plugins/inspec-init/templates/profiles/alicloud/inputs.yml
+- lib/plugins/inspec-init/templates/profiles/alicloud/inspec.yml
 - lib/plugins/inspec-init/templates/profiles/aws/README.md
 - lib/plugins/inspec-init/templates/profiles/aws/controls/example.rb
 - lib/plugins/inspec-init/templates/profiles/aws/inputs.yml
@@ -805,6 +819,10 @@ files:
 - lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit.rb
 - lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit/reporter.rb
 - lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit/version.rb
+- lib/plugins/inspec-sign/inspec-sign.gemspec
+- lib/plugins/inspec-sign/lib/inspec-sign.rb
+- lib/plugins/inspec-sign/lib/inspec-sign/base.rb
+- lib/plugins/inspec-sign/lib/inspec-sign/cli.rb
 - lib/plugins/inspec-streaming-reporter-progress-bar/README.md
 - lib/plugins/inspec-streaming-reporter-progress-bar/inspec-streaming-reporter-progress-bar.gemspec
 - lib/plugins/inspec-streaming-reporter-progress-bar/lib/inspec-streaming-reporter-progress-bar.rb

data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb

@@ -1,187 +0,0 @@
-require "base64" unless defined?(Base64)
-require "openssl" unless defined?(OpenSSL)
-require "pathname" unless defined?(Pathname)
-require "set" unless defined?(Set)
-require "tempfile" unless defined?(Tempfile)
-require "yaml"
-require "inspec/dist"
-require "inspec/utils/json_profile_summary"
-
-module InspecPlugins
-  module Artifact
-    class Base
-      include Inspec::Dist
-
-      KEY_BITS = 2048
-      KEY_ALG = OpenSSL::PKey::RSA
-
-      INSPEC_PROFILE_VERSION_1 = "INSPEC-PROFILE-1".freeze
-      INSPEC_REPORT_VERSION_1 = "INSPEC-REPORT-1".freeze
-
-      ARTIFACT_DIGEST = OpenSSL::Digest::SHA512
-      ARTIFACT_DIGEST_NAME = "SHA512".freeze
-
-      VALID_PROFILE_VERSIONS = Set.new [INSPEC_PROFILE_VERSION_1]
-      VALID_PROFILE_DIGESTS = Set.new [ARTIFACT_DIGEST_NAME]
-
-      SIGNED_PROFILE_SUFFIX = "iaf".freeze
-      SIGNED_REPORT_SUFFIX = "iar".freeze
-
-      def self.keygen(options)
-        key = KEY_ALG.new KEY_BITS
-        puts "Generating private key"
-        open "#{options["keyname"]}.pem.key", "w" do |io|
-          io.write key.to_pem
-        end
-        puts "Generating public key"
-        open "#{options["keyname"]}.pem.pub", "w" do |io|
-          io.write key.public_key.to_pem
-        end
-      end
-
-      def self.profile_sign(options)
-        artifact = new
-        path_to_profile = options["profile"]
-
-        # Write inspec.json file within artifact
-        write_inspec_json(path_to_profile, options)
-
-        Dir.mktmpdir do |workdir|
-          puts "Signing #{options["profile"]} with key #{options["keyname"]}"
-          profile_md = artifact.read_profile_metadata(path_to_profile)
-          artifact_filename = "#{profile_md["name"]}-#{profile_md["version"]}.#{SIGNED_PROFILE_SUFFIX}"
-          tarfile = artifact.profile_compress(path_to_profile, profile_md, workdir)
-          content = IO.binread(tarfile)
-          signing_key = KEY_ALG.new File.read "#{options["keyname"]}.pem.key"
-          sha = ARTIFACT_DIGEST.new
-          signature = signing_key.sign sha, content
-          # convert the signature to Base64
-          signature_base64 = Base64.encode64(signature)
-          tar_content = IO.binread(tarfile)
-          File.open(artifact_filename, "wb") do |f|
-            f.puts(INSPEC_PROFILE_VERSION_1)
-            f.puts(options["keyname"])
-            f.puts(ARTIFACT_DIGEST_NAME)
-            f.puts(signature_base64)
-            f.puts("") # newline separates artifact header with body
-            f.write(tar_content)
-          end
-          puts "Successfully generated #{artifact_filename}"
-        end
-
-        # Cleanup
-        File.delete("#{path_to_profile}/inspec.json")
-      end
-
-      def self.profile_verify(options)
-        artifact = new
-        file_to_verifiy = options["infile"]
-        puts "Verifying #{file_to_verifiy}"
-        artifact.verify(file_to_verifiy) do ||
-          puts "Artifact is valid"
-        end
-      end
-
-      def self.profile_install(options)
-        artifact = new
-        puts "Installing profile"
-        file_to_verifiy = options["infile"]
-        dest_dir = options["destdir"]
-        artifact.verify(file_to_verifiy) do |content|
-          Dir.mktmpdir do |workdir|
-            tmpfile = Pathname.new(workdir).join("artifact_to_install.tar.gz")
-            File.write(tmpfile, content)
-            puts "Installing to #{dest_dir}"
-            `tar xzf #{tmpfile} -C #{dest_dir}`
-          end
-        end
-      end
-
-      def read_profile_metadata(path_to_profile)
-        begin
-          p = Pathname.new(path_to_profile)
-          p = p.join("inspec.yml")
-          unless p.exist?
-            raise "#{path_to_profile} doesn't appear to be a valid #{PRODUCT_NAME} profile"
-          end
-
-          yaml = YAML.load_file(p.to_s)
-          yaml = yaml.to_hash
-
-          unless yaml.key? "name"
-            raise "Profile is invalid, name is not defined"
-          end
-
-          unless yaml.key? "version"
-            raise "Profile is invalid, version is not defined"
-          end
-        rescue => e
-          # rewrap it and pass it up to the CLI
-          raise "Error reading #{PRODUCT_NAME} profile metadata: #{e}"
-        end
-
-        yaml
-      end
-
-      def profile_compress(path_to_profile, profile_md, workdir)
-        profile_name = profile_md["name"]
-        profile_version = profile_md["version"]
-        outfile_name = "#{workdir}/#{profile_name}-#{profile_version}.tar.gz"
-        `tar czf #{outfile_name} -C #{path_to_profile} .`
-        outfile_name
-      end
-
-      def valid_header?(file_alg, file_version, file_keyname)
-        public_keyfile = "#{file_keyname}.pem.pub"
-        puts "Looking for #{public_keyfile} to verify artifact"
-        unless File.exist? public_keyfile
-          raise "Can't find #{public_keyfile}"
-        end
-
-        raise "Invalid artifact digest algorithm detected" unless VALID_PROFILE_DIGESTS.member?(file_alg)
-        raise "Invalid artifact version detected" unless VALID_PROFILE_VERSIONS.member?(file_version)
-      end
-
-      def verify(file_to_verifiy, &content_block)
-        f = File.open(file_to_verifiy, "r")
-        file_version = f.readline.strip!
-        file_keyname = f.readline.strip!
-        file_alg = f.readline.strip!
-
-        file_sig = ""
-        # the signature is multi-line
-        while (line = f.readline) != "\n"
-          file_sig += line
-        end
-        file_sig.strip!
-        f.close
-
-        valid_header?(file_alg, file_version, file_keyname)
-
-        public_keyfile = "#{file_keyname}.pem.pub"
-        verification_key = KEY_ALG.new File.read public_keyfile
-
-        f = File.open(file_to_verifiy, "r")
-        while f.readline != "\n" do end
-        content = f.read
-
-        signature = Base64.decode64(file_sig)
-        digest = ARTIFACT_DIGEST.new
-        if verification_key.verify digest, signature, content
-          content_block.yield(content)
-        else
-          raise "Artifact is invalid"
-        end
-      end
-
-      def self.write_inspec_json(root_path, opts)
-        profile = Inspec::Profile.for_path(root_path, opts)
-        Inspec::Utils::JsonProfileSummary.produce_json(
-          info: profile.info,
-          write_path: "#{root_path}/inspec.json",
-          suppress_output: true
-        )
-      end
-    end
-  end
-end

data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb

@@ -1,12 +0,0 @@
-module InspecPlugins
-  module Artifact
-    class Plugin < Inspec.plugin(2)
-      plugin_name :'inspec-artifact'
-
-      cli_command :artifact do
-        require_relative "inspec-artifact/cli"
-        InspecPlugins::Artifact::CLI
-      end
-    end
-  end
-end