inspec-core 5.22.50 → 6.8.1

data/lib/inspec/utils/telemetry/base.rb

@@ -0,0 +1,149 @@
+# frozen_string_literal: true
+require "chef-licensing"
+require "securerandom" unless defined?(SecureRandom)
+require "digest" unless defined?(Digest)
+require_relative "../../dist"
+module Inspec
+  class Telemetry
+    class Base
+      VERSION = 2.0
+      TYPE = "job"
+      JOB_TYPE = "InSpec"
+
+      attr_accessor :scratch
+
+      def fetch_license_ids
+        Inspec::Log.debug "Fetching license IDs for telemetry"
+        @license_keys ||= ChefLicensing.license_keys
+      end
+
+      def create_wrapper
+        Inspec::Log.debug "Initialising wrapper for telemetry"
+        {
+          version: VERSION,
+          createdTimeUTC: Time.now.getutc.iso8601,
+          environment: Inspec::Telemetry::RunContextProbe.guess_run_context,
+          licenseIds: fetch_license_ids,
+          source: "#{Inspec::Dist::EXEC_NAME}:#{Inspec::VERSION}",
+          type: TYPE,
+        }
+      end
+
+      def note_feature_usage(feature_name)
+        @scratch ||= {}
+        @scratch[:features] ||= []
+        @scratch[:features] << feature_name
+      end
+
+      def run_starting(_opts = {})
+        Inspec::Log.debug "Initiating telemetry for InSpec"
+        @scratch ||= {}
+        @scratch[:features] ||= []
+        @scratch[:run_start_time] = Time.now.getutc.iso8601
+      end
+
+      def run_ending(opts)
+        note_per_run_features(opts)
+
+        payload = create_wrapper
+
+        train_platform = opts[:runner].backend.backend.platform
+        payload[:platform] = train_platform.name
+
+        payload[:jobs] = [{
+                            type: JOB_TYPE,
+
+                            # Target platform info
+                            environment: {
+                              host: obscure(URI(opts[:runner].backend.backend.uri).host) || "unknown",
+                              os: train_platform.name,
+                              version: train_platform.release,
+                              architecture: train_platform.arch || "",
+                              id: train_platform.uuid,
+                            },
+
+                            runtime: Inspec::VERSION,
+                            content: [],  # one content == one profile
+                            steps: [],    # one step == one control
+                          }]
+
+        opts[:run_data][:profiles].each do |profile|
+          payload[:jobs][0][:content] << {
+            name: obscure(profile[:name]),
+            version: profile[:version],
+            sha256: profile[:sha256],
+            maintainer: profile[:maintainer] || "",
+            type: "profile",
+          }
+
+          profile[:controls].each do |control|
+            payload[:jobs][0][:steps] << {
+              id: obscure(control[:id]),
+              name: "inspec-control",
+              description: control[:desc] || "",
+              target: {
+                mode: opts[:runner].backend.backend.backend_type,
+                id: opts[:runner].backend.backend.platform.uuid,
+              },
+              resources: [],
+              features: [],
+              tags: format_control_tags(control[:tags]),
+            }
+
+            control[:results]&.each do |resource_block|
+              payload[:jobs][0][:steps].last[:resources] << {
+                type: "inspec-resource",
+                name: resource_block[:resource_class],
+                id: obscure(resource_block[:resource_title].respond_to?(:resource_id) ? resource_block[:resource_title].resource_id : nil) || "unknown",
+              }
+            end
+
+            # Per-control features.
+            payload[:jobs][0][:steps].last[:features] = scratch[:features].dup
+          end
+        end
+
+        Inspec::Log.debug "Final data for telemetry upload -> #{payload}"
+        Inspec::Log.debug "Finishing telemetry for InSpec"
+        # Return payload object for testing
+        payload
+      end
+
+      def format_control_tags(tags)
+        tags_list = []
+        tags.each do |key, value|
+          tags_list << { name: key.to_s, value: (value || "").to_s }
+        end
+        tags_list
+      end
+
+      # Hash text if non-nil
+      def obscure(cleartext)
+        return nil if cleartext.nil?
+        return nil if cleartext.empty?
+
+        Digest::SHA2.new(256).hexdigest(cleartext)
+      end
+
+      def note_per_run_features(opts)
+        note_all_invoked_features
+        note_gem_dependency_usage(opts)
+      end
+
+      def note_all_invoked_features
+        Inspec::Feature.list_all_invoked_features.each do |feature|
+          Inspec::Telemetry.note_feature_usage(feature.to_s)
+        end
+      end
+
+      def note_gem_dependency_usage(opts)
+        unless opts[:runner].target_profiles.map do |tp|
+          tp.metadata.gem_dependencies + \
+              tp.locked_dependencies.list.map { |_k, v| v.profile.metadata.gem_dependencies }.flatten
+        end.flatten.empty?
+          Inspec::Telemetry.note_feature_usage("inspec-gem-deps-in-profiles")
+        end
+      end
+    end
+  end
+end

data/lib/inspec/utils/telemetry/http.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+require_relative "base"
+require "faraday" unless defined?(Faraday)
+require "inspec/utils/licensing_config"
+module Inspec
+  class Telemetry
+    class HTTP < Base
+      TELEMETRY_JOBS_PATH = "v1/job"
+      TELEMETRY_URL = if ChefLicensing::Config.license_server_url&.match?("acceptance")
+                        ENV["CHEF_TELEMETRY_URL"]
+                      else
+                        "https://services.chef.io/telemetry/"
+                      end
+      def run_ending(opts)
+        payload = super
+        response = connection.post(TELEMETRY_JOBS_PATH) do |req|
+          req.body = payload.to_json
+        end
+        if response.success?
+          Inspec::Log.debug "HTTP connection with Telemetry Client successful."
+          Inspec::Log.debug "HTTP response from Telemetry Client -> #{response.to_hash}"
+          true
+        else
+          Inspec::Log.debug "HTTP connection with Telemetry Client faced an error."
+          Inspec::Log.debug "HTTP error -> #{response.to_hash[:body]["error"]}" if response.to_hash[:body] && response.to_hash[:body]["error"]
+          false
+        end
+      rescue Faraday::ConnectionFailed
+        Inspec::Log.debug "HTTP connection failure with telemetry url -> #{TELEMETRY_URL}"
+      end
+
+      def connection
+        Faraday.new(url: TELEMETRY_URL) do |config|
+          config.request :json
+          config.response :json
+        end
+      end
+    end
+  end
+end

data/lib/inspec/utils/telemetry/null.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+require_relative "base"
+module Inspec
+  class Telemetry
+    class Null < Base
+      def run_starting(_opts); end
+      def run_ending(_opts); end
+    end
+  end
+end
+

data/lib/inspec/utils/telemetry/run_context_probe.rb

@@ -1,9 +1,21 @@
 module Inspec
-  module Telemetry
+  class Telemetry
     # Guesses the run context of InSpec - how were we invoked?
     # All stack values here are determined experimentally
 
     class RunContextProbe
+      # Guess if we are running under Automate
+      def self.under_automate?
+        # Currently assume we are under automate if we have an automate-based reporter
+        Inspec::Config.cached[:reporter]
+          .keys
+          .map(&:to_s)
+          .any? { |n| n =~ /automate/ }
+      end
+
+      # Guess, using stack introspection, if we were called under
+      # test-kitchen, cli, audit-cookbook, or otherwise.
+      # TODO add compliance-phase of chef-infra
       def self.guess_run_context(stack = nil)
         stack ||= caller_locations
         return "test-kitchen" if kitchen?(stack)

data/lib/inspec/utils/telemetry.rb

@@ -1,3 +1,74 @@
-require "inspec/utils/telemetry/collector"
-require "inspec/utils/telemetry/data_series"
-require "inspec/utils/telemetry/global_methods"
+require "time" unless defined?(Time.zone_offset)
+require "chef-licensing"
+require_relative "telemetry/null"
+require_relative "telemetry/http"
+require_relative "telemetry/run_context_probe"
+
+module Inspec
+  class Telemetry
+
+    @@instance = nil
+    @@config = nil
+
+    def self.instance
+      @@instance ||= determine_backend_class.new
+    end
+
+    def self.determine_backend_class
+      # Don't perform telemetry action for other InSpec distros
+      # Don't perform telemetry action if running under Automate - Automate does LDC tracking for us
+      # Don't perform telemetry action if license is a commercial license
+
+      if Inspec::Dist::EXEC_NAME != "inspec" ||
+          Inspec::Telemetry::RunContextProbe.under_automate? ||
+          license&.license_type&.downcase == "commercial"
+
+        Inspec::Log.debug "Determined telemetry operation is not applicable and hence aborting it."
+        return Inspec::Telemetry::Null
+      end
+
+      if Inspec::Dist::EXEC_NAME == "inspec" && telemetry_disabled?
+        # Issue a warning if an InSpec user is explicitly trying to opt out of telemetry using cli option
+        Inspec::Log.warn "Telemetry opt-out is not permissible."
+      end
+
+      Inspec::Log.debug "Determined HTTP instance for telemetry"
+
+      Inspec::Telemetry::HTTP
+    end
+
+    def self.license
+      Inspec::Log.debug "Fetching license context for telemetry check"
+      @license = ChefLicensing.license_context
+    end
+
+    ######
+    # These class methods make it convenient to call from anywhere within the InSpec codebase.
+    ######
+    def self.run_starting(opts)
+      @@config ||= opts[:conf]
+      instance.run_starting(opts)
+    rescue StandardError => e
+      Inspec::Log.debug "Encountered error in Telemetry start run call -> #{e.message}"
+    end
+
+    def self.run_ending(opts)
+      @@config ||= opts[:conf]
+      instance.run_ending(opts)
+    rescue StandardError => e
+      Inspec::Log.debug "Encountered error in Telemetry end run call -> #{e.message}"
+    end
+
+    def self.note_feature_usage(feature_name)
+      instance.note_feature_usage(feature_name)
+    end
+
+    def self.config
+      @@config
+    end
+
+    def self.telemetry_disabled?
+      config.telemetry_options["enable_telemetry"].nil? ? false : !config.telemetry_options["enable_telemetry"]
+    end
+  end
+end

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "5.22.50".freeze
+  VERSION = "6.8.1".freeze
 end

data/lib/inspec/waiver_file_reader.rb

@@ -15,49 +15,90 @@ module Inspec
       output = {}
 
       files.each do |file_path|
-        file_extension = File.extname(file_path)
-        data = nil
-        if [".yaml", ".yml"].include? file_extension
-          data = Secrets::YAML.resolve(file_path)
-          unless data.nil?
-            data = data.inputs
-            validate_json_yaml(data)
-          end
-        elsif file_extension == ".csv"
-          data = Waivers::CSVFileReader.resolve(file_path)
-          headers = Waivers::CSVFileReader.headers
-          validate_headers(headers)
-        elsif file_extension == ".json"
-          data = Waivers::JSONFileReader.resolve(file_path)
-          validate_json_yaml(data) unless data.nil?
-        end
+        data = read_from_file(file_path)
         output.merge!(data) if !data.nil? && data.is_a?(Hash)
 
         if data.nil?
           raise Inspec::Exceptions::WaiversFileNotReadable,
-              "Cannot find parser for waivers file '#{file_path}'. " \
+              "Cannot find parser for waivers file." \
               "Check to make sure file has the appropriate extension."
         end
+      rescue Inspec::Exceptions::WaiversFileNotReadable, Inspec::Exceptions::WaiversFileInvalidFormatting => e
+        Inspec::Log.error "Error reading waivers file #{file_path}. #{e.message}"
+        Inspec::UI.new.exit(:usage_error)
       end
 
       @waivers_data[profile_id] = output
     end
 
-    def self.validate_headers(headers, json_yaml = false)
-      required_fields = json_yaml ? %w{justification} : %w{control_id justification}
-      all_fields = %w{control_id justification expiration_date run}
+    def self.read_from_file(file_path)
+      data = nil
+      file_extension = File.extname(file_path)
+      if [".yaml", ".yml"].include? file_extension
+        data = Secrets::YAML.resolve(file_path)
+        data = data.inputs unless data.nil?
+        validate_json_yaml(data)
+      elsif file_extension == ".csv"
+        data = Waivers::CSVFileReader.resolve(file_path)
+        headers = Waivers::CSVFileReader.headers
+        validate_csv_headers(headers)
+      elsif file_extension == ".json"
+        data = Waivers::JSONFileReader.resolve(file_path)
+        validate_json_yaml(data) unless data.nil?
+      end
+      data
+    end
+
+    def self.all_fields
+      %w{control_id justification expiration_date run}
+    end
+
+    def self.validate_csv_headers(headers)
+      invalid_headers_info = fetch_invalid_headers_info(headers)
+      # Warn if blank column found in csv file
+      Inspec::Log.warn "Invalid column headers: Column can't be nil" if invalid_headers_info[:blank_column]
+      # Warn if extra header found in csv file
+      Inspec::Log.warn "Extra header/s #{invalid_headers_info[:extra_headers]}" unless invalid_headers_info[:extra_headers].empty?
+      unless invalid_headers_info[:missing_required_fields].empty?
+        raise Inspec::Exceptions::WaiversFileInvalidFormatting,
+        "Missing required header/s #{invalid_headers_info[:missing_required_fields]}. Fix headers in file to proceed."
+      end
+    end
 
-      Inspec::Log.warn "Missing column headers: #{(required_fields - headers)}" unless (required_fields - headers).empty?
-      Inspec::Log.warn "Invalid column header: Column can't be nil" if headers.include? nil
-      Inspec::Log.warn "Extra column headers: #{(headers - all_fields)}" unless (headers - all_fields).empty?
+    def self.fetch_invalid_headers_info(headers, json_yaml = false)
+      required_fields = json_yaml ? %w{justification} : %w{control_id justification}
+      data = {}
+      data[:missing_required_fields] = []
+      # Finds missing required fields
+      unless (required_fields - headers).empty?
+        data[:missing_required_fields] = required_fields - headers
+      end
+      # If column with no header found set the blank_column flag. Only applicable for csv
+      data[:blank_column] = headers.include?(nil) ? true : false
+      # Find extra headers/parameters
+      data[:extra_headers] = (headers - all_fields)
+      data
     end
 
     def self.validate_json_yaml(data)
-      headers = []
-      data.each_value do |value|
-        headers.push value.keys
+      missing_required_field = false
+      data.each do |key, value|
+        # In case of yaml or json we need to validate headers/parametes for each value
+        invalid_headers_info = fetch_invalid_headers_info(value.keys, true)
+        # WARN in case of extra parameters found in each waived control
+        Inspec::Log.warn "Control ID #{key}: extra parameter/s #{invalid_headers_info[:extra_headers]}" unless invalid_headers_info[:extra_headers].empty?
+        unless invalid_headers_info[:missing_required_fields].empty?
+          missing_required_field = true
+          # Log error for each waived control
+          Inspec::Log.error "Control ID #{key}: missing required parameter/s #{invalid_headers_info[:missing_required_fields]}"
+        end
+      end
+
+      # Raise error if any of the waived control has missing required filed
+      if missing_required_field
+        raise Inspec::Exceptions::WaiversFileInvalidFormatting,
+             "Missing required parameter [justification]. Fix parameters in file to proceed."
       end
-      validate_headers(headers.flatten.uniq, true)
     end
   end
 end

data/lib/inspec.rb

@@ -4,6 +4,7 @@ libdir = File.dirname(__FILE__)
 $LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
 
 require "inspec/version"
+require "inspec/utils/licensing_config"
 require "inspec/exceptions"
 require "inspec/utils/deprecation"
 require "inspec/profile"
@@ -18,7 +19,6 @@ require "inspec/rspec_extensions"
 require "inspec/globals"
 require "inspec/impact"
 require "inspec/utils/telemetry"
-require "inspec/utils/telemetry/global_methods"
 
 require "inspec/plugin/v2"
 require "inspec/plugin/v1"
@@ -30,4 +30,4 @@ require "inspec/source_reader"
 require "inspec/resource"
 
 require "inspec/dependency_loader"
-require "inspec/dependency_installer"
+require "inspec/dependency_installer"