inspec-core 5.18.14 → 5.21.29

data/lib/inspec/reporters/cli.rb

@@ -9,6 +9,9 @@ module Inspec::Reporters
         "passed" => "\033[0;1;32m",
         "skipped" => "\033[0;37m",
         "reset" => "\033[0m",
+        "error" => "\033[34m",
+        "not_applicable" => "\033[36m",
+        "not_reviewed" => "\033[33m",
       }.freeze
 
       # Most currently available Windows terminals have poor support
@@ -18,6 +21,9 @@ module Inspec::Reporters
         "skipped" => "[SKIP]",
         "passed" => "[PASS]",
         "unknown" => "[UNKN]",
+        "error" => "[ERR]",
+        "not_applicable" => "[N/A]",
+        "not_reviewed" => "[N/R]",
       }.freeze
     else
       # Extended colors for everyone else
@@ -26,6 +32,9 @@ module Inspec::Reporters
         "passed" => "\033[38;5;41m",
         "skipped" => "\033[38;5;247m",
         "reset" => "\033[0m",
+        "error" => "\033[0;38;5;21m",
+        "not_applicable" => "\033[0;38;5;117m",
+        "not_reviewed" => "\033[0;38;5;214m",
       }.freeze
 
       # Groovy UTF-8 characters for everyone else...
@@ -35,6 +44,9 @@ module Inspec::Reporters
         "skipped" => "↺",
         "passed" => "✔",
         "unknown" => "?",
+        "error" => "ERR",
+        "not_applicable" => "N/A",
+        "not_reviewed" => "N/R",
       }.freeze
     end
 
@@ -63,7 +75,11 @@ module Inspec::Reporters
       end
 
       output("")
-      print_profile_summary
+      if enhanced_outcomes
+        print_control_outcomes_summary
+      else
+        print_profile_summary
+      end
       print_tests_summary
     end
 
@@ -88,6 +104,7 @@ module Inspec::Reporters
     def print_standard_control_results(profile)
       standard_controls_from_profile(profile).each do |control_from_profile|
         control = Control.new(control_from_profile)
+        control.enhanced_outcomes = enhanced_outcomes
         next if control.results.nil?
 
         output(format_control_header(control))
@@ -122,7 +139,7 @@ module Inspec::Reporters
     end
 
     def format_control_header(control)
-      impact = control.impact_string
+      impact = enhanced_outcomes ? control.impact_string_for_enhanced_outcomes : control.impact_string
       format_message(
         color: impact,
         indicator: impact,
@@ -292,6 +309,68 @@ module Inspec::Reporters
       }
     end
 
+    def control_outcomes_summary
+      failed = 0
+      passed = 0
+      error = 0
+      not_reviewed = 0
+      not_applicable = 0
+
+      all_unique_controls.each do |control|
+        next if control[:status].empty?
+
+        if control[:status] == "failed"
+          failed += 1
+        elsif control[:status] == "error"
+          error += 1
+        elsif control[:status] == "not_reviewed"
+          not_reviewed += 1
+        elsif control[:status] == "not_applicable"
+          not_applicable += 1
+        else
+          passed += 1
+        end
+      end
+
+      total = failed + passed + error + not_reviewed + not_applicable
+
+      {
+        "total" => total,
+        "failed" => failed,
+        "passed" => passed,
+        "error" => error,
+        "not_reviewed" => not_reviewed,
+        "not_applicable" => not_applicable,
+      }
+    end
+
+    def print_control_outcomes_summary
+      summary = control_outcomes_summary
+      return unless summary["total"] > 0
+
+      success_str = summary["passed"] == 1 ? "1 successful control" : "#{summary["passed"]} successful controls"
+      failed_str  = summary["failed"] == 1 ? "1 control failure" : "#{summary["failed"]} control failures"
+      error_str = summary["error"] == 1 ? "1 control has error" : "#{summary["error"]} controls have error"
+      not_rev_str = summary["not_reviewed"] == 1 ? "1 control not reviewed" : "#{summary["not_reviewed"]} controls not reviewed"
+      not_app_str = summary["not_applicable"] == 1 ? "1 control not applicable" : "#{summary["not_applicable"]} controls not applicable"
+
+      success_color = summary["passed"] > 0 ? "passed" : "no_color"
+      failed_color = summary["failed"] > 0 ? "failed" : "no_color"
+      error_color = summary["error"] > 0 ? "error" : "no_color"
+      not_rev_color = summary["not_reviewed"] > 0 ? "not_reviewed" : "no_color"
+      not_app_color = summary["not_applicable"] > 0 ? "not_applicable" : "no_color"
+
+      s = format(
+        "Profile Summary: %s, %s, %s, %s, %s",
+        format_with_color(success_color, success_str),
+        format_with_color(failed_color, failed_str),
+        format_with_color(not_rev_color, not_rev_str),
+        format_with_color(not_app_color, not_app_str),
+        format_with_color(error_color, error_str)
+      )
+      output(s) if summary["total"] > 0
+    end
+
     def print_profile_summary
       summary = profile_summary
       return unless summary["total"] > 0
@@ -350,6 +429,7 @@ module Inspec::Reporters
 
     class Control
       attr_reader :data
+      attr_accessor :enhanced_outcomes
 
       def initialize(control_hash)
         @data = control_hash
@@ -379,6 +459,10 @@ module Inspec::Reporters
         id.start_with?("(generated from ")
       end
 
+      def status
+        data[:status]
+      end
+
       def title_for_report
         # if this is an anonymous control, just grab the resource title from any result entry
         return results.first[:resource_title] if anonymous?
@@ -392,10 +476,17 @@ module Inspec::Reporters
         # append a failure summary if appropriate.
         title_for_report += " (#{failure_count} failed)" if failure_count > 0
         title_for_report += " (#{skipped_count} skipped)" if skipped_count > 0
-
         title_for_report
       end
 
+      def impact_string_for_enhanced_outcomes
+        if impact.nil?
+          "unknown"
+        else
+          status
+        end
+      end
+
       def impact_string
         if anonymous?
           nil

data/lib/inspec/reporters/json.rb

@@ -114,7 +114,7 @@ module Inspec::Reporters
 
     def profile_controls(profile)
       (profile[:controls] || []).map { |c|
-        {
+        control_hash = {
           id:     c[:id],
           title:  c[:title],
           desc:   c.dig(:descriptions, :default),
@@ -130,6 +130,8 @@ module Inspec::Reporters
           waiver_data: c[:waiver_data] || {},
           results: profile_results(c),
         }
+        control_hash.merge!({ status: c[:status] }) if enhanced_outcomes
+        control_hash
       }
     end
 

data/lib/inspec/reporters/yaml.rb

@@ -3,7 +3,9 @@ require "yaml"
 module Inspec::Reporters
   class Yaml < Base
     def render
-      output(Inspec::Reporters::Json.new({ run_data: run_data }).report.to_yaml, false)
+      json_reporter_obj = Inspec::Reporters::Json.new({ run_data: run_data })
+      json_reporter_obj.enhanced_outcomes = enhanced_outcomes
+      output(json_reporter_obj.report.to_yaml, false)
     end
 
     def report

data/lib/inspec/reporters.rb

@@ -7,7 +7,7 @@ require "inspec/reporters/yaml"
 
 module Inspec::Reporters
   # rubocop:disable Metrics/CyclomaticComplexity
-  def self.render(reporter, run_data)
+  def self.render(reporter, run_data, enhanced_outcomes = false)
     name, config = reporter.dup
     config[:run_data] = run_data
     case name
@@ -29,6 +29,7 @@ module Inspec::Reporters
       activator.activate!
       reporter = activator.implementation_class.new(config)
     end
+    reporter.enhanced_outcomes = enhanced_outcomes
 
     # optional send_report method on reporter
     return reporter.send_report if defined?(reporter.send_report)

data/lib/inspec/resources/file.rb

@@ -66,7 +66,7 @@ module Inspec::Resources
     def user_permissions
       return {} unless exist?
 
-      return skip_reource"`user_permissions` is not supported on your OS yet." unless inspec.os.windows?
+      return skip_resource "`user_permissions` is not supported on your OS yet." unless inspec.os.windows?
 
       @perms_provider.user_permissions(file)
     end

data/lib/inspec/resources/http.rb

@@ -4,7 +4,7 @@
 
 require "inspec/resources/command"
 require "faraday" unless defined?(Faraday)
-require "faraday_middleware"
+require "faraday/follow_redirects"
 require "hashie"
 
 module Inspec::Resources
@@ -153,7 +153,7 @@ module Inspec::Resources
 
           conn = Faraday.new(url: url, headers: request_headers, params: params, ssl: { verify: ssl_verify? }) do |builder|
             builder.request :url_encoded
-            builder.use FaradayMiddleware::FollowRedirects, limit: max_redirects unless max_redirects.nil?
+            builder.use Faraday::FollowRedirects::Middleware, limit: max_redirects unless max_redirects.nil?
             builder.adapter Faraday.default_adapter
           end
 

data/lib/inspec/resources/lxc.rb

@@ -9,14 +9,26 @@ module Inspec::Resources
       describe lxc("ubuntu-container") do
         it { should exist }
         it { should be_running }
+        its("name") { should eq "ubuntu-container" }
+        its("status") { should cmp "Running" }
+        its("type") { should eq "container" }
+        its("architecture") { should eq "x86_64" }
+        its("pid") { should eq 1378 }
+        its("created_at") { should eq "2022/08/16 12:07 UTC" }
+        its("last_used_at") { should eq "2022/08/17 05:06 UTC" }
+        its("resources") { should include "Disk usage" }
       end
     EXAMPLE
 
+    attr_reader :container_info, :container_name
+
     # Resource initialization.
     def initialize(container_name)
       @container_name = container_name
 
       raise Inspec::Exceptions::ResourceSkipped, "The `lxc` resource is not supported on your OS yet." unless inspec.os.linux?
+
+      @container_info = populate_container_info
     end
 
     def resource_id
@@ -28,17 +40,60 @@ module Inspec::Resources
     end
 
     def exists?
-      lxc_info_cmd.exit_status.to_i == 0
+      !@container_info.empty?
     end
 
     def running?
-      container_info = lxc_info_cmd.stdout.split(":").map(&:strip)
-      container_info[0] == "Status" && container_info[1] == "Running"
+      @container_info.key?("Status") && @container_info["Status"].casecmp("Running") == 0
+    end
+
+    def name
+      @container_info["Name"]
+    end
+
+    def status
+      @container_info["Status"]
+    end
+
+    def type
+      @container_info["Type"]
+    end
+
+    def architecture
+      @container_info["Architecture"]
+    end
+
+    def pid
+      @container_info["PID"]
+    end
+
+    def created_at
+      @container_info["Created"]
+    end
+
+    def last_used_at
+      @container_info["Last Used"]
+    end
+
+    def resources
+      @container_info["Resources"]
     end
 
     private
 
-    # Method to find lxc
+    def populate_container_info
+      lxc_util = find_lxc_or_error
+      lxc_info_cmd = inspec.command("#{lxc_util} info #{@container_name}")
+
+      if lxc_info_cmd.exit_status.to_i == 0
+        parse_command_output(lxc_info_cmd.stdout)
+      elsif lxc_info_cmd.stderr =~ /Error: Instance not found/
+        {}
+      else
+        raise Inspec::Exceptions::ResourceFailed, "Unable to retrieve information for #{container_name}.\n#{lxc_info_cmd.stderr}"
+      end
+    end
+
     def find_lxc_or_error
       %w{/usr/sbin/lxc /sbin/lxc lxc}.each do |cmd|
         return cmd if inspec.command(cmd).exist?
@@ -47,11 +102,12 @@ module Inspec::Resources
       raise Inspec::Exceptions::ResourceFailed, "Could not find `lxc`"
     end
 
-    def lxc_info_cmd
-      bin = find_lxc_or_error
-      info_cmd = "info #{@container_name} | grep -i Status"
-      lxc_cmd = format("%s %s", bin, info_cmd).strip
-      inspec.command(lxc_cmd)
+    def parse_command_output(output)
+      require "yaml" unless defined?(YAML)
+      YAML.load(output)
+    rescue Psych::SyntaxError => e
+      warn "Could not parse the command output.\n#{e.message}"
+      {}
     end
   end
 end

data/lib/inspec/resources/oracledb_session.rb

@@ -101,22 +101,31 @@ module Inspec::Resources
         verified_query = verify_query(escaped_query)
       end
 
-      sql_prefix, sql_postfix = "", ""
+      sql_prefix, sql_postfix, oracle_echo_str = "", "", ""
       if inspec.os.windows?
         sql_prefix = %{@'\n#{format_options}\n#{verified_query}\nEXIT\n'@ | }
       else
         sql_postfix = %{ <<'EOC'\n#{format_options}\n#{verified_query}\nEXIT\nEOC}
+        # oracle_query_string is echoed to be able to extract the query output clearly
+        oracle_echo_str = %{echo 'oracle_query_string';}
+      end
+
+      # Resetting sql_postfix if system is using AIX OS and C shell installation for oracle
+      if inspec.os.aix?
+        command_to_fetch_shell = @su_user ? %{su - #{@su_user} -c "env | grep SHELL"} : %{env | grep SHELL}
+        shell_is_csh = inspec.command(command_to_fetch_shell).stdout&.include? "/csh"
+        sql_postfix = %{ <<'EOC'\n#{format_options}\n#{verified_query}\nEXIT\n'EOC'} if shell_is_csh
       end
 
       if @db_role.nil?
-        %{#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service}#{sql_postfix}}
+        %{#{oracle_echo_str}#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service}#{sql_postfix}}
       elsif @su_user.nil?
-        %{#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service} as #{@db_role}#{sql_postfix}}
+        %{#{oracle_echo_str}#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service} as #{@db_role}#{sql_postfix}}
       else
         # oracle_query_string is echoed to be able to extract the query output clearly
         # su - su_user in certain versions of oracle returns a message
         # Example of msg with query output: The Oracle base remains unchanged with value /oracle\n\nVALUE\n3\n
-        %{su - #{@su_user} -c "echo 'oracle_query_string'; env ORACLE_SID=#{@service} #{@bin} / as #{@db_role}#{sql_postfix}"}
+        %{su - #{@su_user} -c "#{oracle_echo_str} env ORACLE_SID=#{@service} #{@bin} / as #{@db_role}#{sql_postfix}"}
       end
     end