inspec-core 5.22.55 → 5.22.65

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +15 -0
  3. data/inspec-core.gemspec +3 -1
  4. data/lib/inspec/resources/oracledb_session.rb +5 -8
  5. data/lib/inspec/resources/postgres_session.rb +1 -1
  6. data/lib/inspec/version.rb +1 -1
  7. data/lib/plugins/inspec-compliance/README.md +11 -1
  8. data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +4 -2
  9. data/lib/source_readers/inspec.rb +1 -1
  10. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5b84448a3befad076d31e888ef81ca567f4fb398dc73f215abebb8af76021bc5
4
- data.tar.gz: 03b2b4ea7321ceba11f2f043c4dc76ede8652f3d24b0e9a7fcca08cd648572d0
3
+ metadata.gz: 5a7f8456410caebef0bb3dfdad7df4d9aac0e72d33effef12d1581c919be2e54
4
+ data.tar.gz: ca21ae25ee3c9d43e1820d45663b6232e0be0dd3c336305acf15628c1cc68c37
5
5
  SHA512:
6
- metadata.gz: 819f0ccd7d978c1f71f3e3cfe22f922c4bcdf763a09b55e5d9fe4eb2406a2c759671af09987ba4267abcc4505f517d8c2f6e0bfe9bcc62bcfd05f91a17474ca9
7
- data.tar.gz: 8920507c3d2cb040f21c5e6309defc3a32c1f4000ee4b4bccba793ce0038c8eac3c84aa2f7247833e57635ed757e3b8e5d8a4b1977b859a0fb975af31ca3aa54
6
+ metadata.gz: 0f822677d07b5c1d2c8b70f23ad6cf94f303686200cc9b68683fc54af2d0e362ae257278bdcb510febeefff2e1f163aadc42a019dbe39089444665d80c29da28
7
+ data.tar.gz: 6800aef92c54e66bc4fcf2fe604326c8caaae4514bbf2a11aa913d3a2f18a9f8d6775427d81fdc1bf1c59f25a588f36b94c59af4ab69f155634b47eaf3944015
data/Gemfile CHANGED
@@ -49,3 +49,18 @@ end
49
49
  group :deploy do
50
50
  gem "inquirer"
51
51
  end
52
+
53
+ # Build is failing - see: https://buildkite.com/chef-oss/inspec-inspec-inspec-5-verify/builds/442
54
+ # Error:
55
+ # zeitwerk-2.7.1 requires Ruby >= 3.2, which is incompatible with the current version (Ruby 3.0.7p220)
56
+
57
+ # Dependency chain:
58
+ # zeitwerk → dry-configurable, dry-struct, dry-types → k8s-ruby → train-kubernetes
59
+
60
+ # Pinning zeitwerk to ~> 2.6 to avoid Ruby >= 3.2 requirement.
61
+ # Remove this pin when upgrading to Ruby 3.2 or higher.
62
+ gem "zeitwerk", "~> 2.6.0", "< 2.7"
63
+
64
+ # Pinning securerandom to < 0.4.0 as it is breaking the build because 0.4.0 is incompatible with the current version, ruby 3.0.x on CI
65
+ # Remove this pin when upgrading to Ruby 3.1 or higher on CI.
66
+ gem "securerandom", "< 0.4.0" if RUBY_VERSION < "3.1.0"
data/inspec-core.gemspec CHANGED
@@ -13,7 +13,9 @@ Gem::Specification.new do |spec|
13
13
  spec.license = "Apache-2.0"
14
14
  spec.require_paths = ["lib"]
15
15
 
16
- spec.required_ruby_version = ">= 2.7"
16
+ # We want to support ruby 3.0 as Chef is using ruby to support AIX and we want to make sure InSpec works with it. (Ref: https://github.com/chef/chef/pull/13207)
17
+ # TODO: Once we have Chef working fully with ruby 3.1 we can drop ruby 3.0
18
+ spec.required_ruby_version = ">= 3.0.3"
17
19
 
18
20
  # the gemfile and gemspec are necessary for appbundler so don't remove it
19
21
  spec.files =
data/lib/inspec/resources/oracledb_session.rb CHANGED
@@ -57,7 +57,7 @@ module Inspec::Resources
57
57
  inspec_cmd = inspec.command(command)
58
58
  out = inspec_cmd.stdout + "\n" + inspec_cmd.stderr
59
59
 
60
- if inspec_cmd.exit_status != 0 || !inspec_cmd.stderr.empty? || out.downcase =~ /^error.*/
60
+ if inspec_cmd.exit_status != 0 || out.downcase =~ /^error.*/
61
61
  raise Inspec::Exceptions::ResourceFailed, "Oracle query with errors: #{out}"
62
62
  else
63
63
  begin
@@ -134,10 +134,8 @@ module Inspec::Resources
134
134
  end
135
135
 
136
136
  def escape_query(query)
137
- # https://github.com/inspec/inspec/security/code-scanning/7
138
- # https://github.com/inspec/inspec/security/code-scanning/8
139
- escaped_query = query.gsub(/["\\]/) { |match| match == '"' ? '\\"' : "\\\\" } # Escape backslashes and double quotes
140
- escaped_query.gsub!("$", '\\$') unless escaped_query.include? "\\$" # Escape dollar signs, but only if not already escaped
137
+ escaped_query = query.gsub(/\\\\/, "\\").gsub(/"/, '\\"')
138
+ escaped_query = escaped_query.gsub("$", '\\$') unless escaped_query.include? "\\$"
141
139
  escaped_query
142
140
  end
143
141
 
@@ -145,9 +143,8 @@ module Inspec::Resources
145
143
  output = stdout.split("oracle_query_string")[-1]
146
144
  # comma_query_sub replaces the csv delimiter "," in the output.
147
145
  # Handles CSV parsing of data like this (DROP,3) etc
148
- # Replace all occurrences of the target pattern using gsub instead of sub
149
- # Issue detected: https://github.com/inspec/inspec/security/code-scanning/9
150
- output = output.gsub(/\r/, "").strip.gsub(",", "comma_query_sub")
146
+
147
+ output = output.sub(/\r/, "").strip.gsub(",", "comma_query_sub")
151
148
  converter = ->(header) { header.downcase }
152
149
  CSV.parse(output, headers: true, header_converters: converter).map do |row|
153
150
  next if row.entries.flatten.empty?
data/lib/inspec/resources/postgres_session.rb CHANGED
@@ -55,7 +55,7 @@ module Inspec::Resources
55
55
  psql_cmd = create_psql_cmd(query, db)
56
56
  cmd = inspec.command(psql_cmd, redact_regex: %r{(:\/\/[a-z]*:).*(@)})
57
57
  out = cmd.stdout + "\n" + cmd.stderr
58
- if cmd.exit_status != 0 && ( out =~ /could not connect to/ || out =~ /password authentication failed/ ) && out.downcase =~ /error:/
58
+ if cmd.exit_status != 0 && ( out =~ /could not connect to/ || out =~ /password authentication failed/ ) && (out.downcase =~ /error:/ || out.downcase =~ /fatal:/)
59
59
  raise Inspec::Exceptions::ResourceFailed, "PostgreSQL connection error: #{out}"
60
60
  elsif cmd.exit_status != 0 && out.downcase =~ /error:/
61
61
  Lines.new(out, "PostgreSQL query with error: #{query}", cmd.exit_status)
data/lib/inspec/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Inspec
2
- VERSION = "5.22.55".freeze
2
+ VERSION = "5.22.65".freeze
3
3
  end
data/lib/plugins/inspec-compliance/README.md CHANGED
@@ -14,8 +14,18 @@ To use the CLI, this InSpec add-on adds the following commands:
14
14
  * `$ inspec automate profiles` - list all available Compliance profiles
15
15
  * `$ inspec exec compliance://profile` - runs a Compliance profile
16
16
  * `$ inspec automate upload path/to/local/profile` - uploads a local profile to Chef Automate/Chef Compliance
17
+ * `$ inspec automate upload path/to/local/profile --legacy` - uploads a local profile to Chef Automate/Chef Compliance using legacy functionalities of inspec check and inspec export
18
+
19
+ *Options*:
20
+ ```
21
+ [--overwrite], [--no-overwrite] # Overwrite existing profile on Server.
22
+ [--owner=OWNER] # Owner that should own the profile
23
+ [--legacy], [--no-legacy] # Enable legacy functionality, activating both legacy export and legacy check.
24
+
25
+ uploads a local profile to Chef Automate
26
+ ```
17
27
  * `$ inspec automate logout` - logout of Chef Automate/Chef Compliance
18
-
28
+
19
29
  Similar to these CLI commands are:
20
30
 
21
31
  * `$ inspec compliance login` - authentication of the API token against Chef Automate/Chef Compliance
data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb CHANGED
@@ -123,6 +123,8 @@ module InspecPlugins
123
123
  desc: "Overwrite existing profile on Server."
124
124
  option :owner, type: :string, required: false,
125
125
  desc: "Owner that should own the profile"
126
+ option :legacy, type: :boolean, default: false,
127
+ desc: "Enable legacy functionality, activating both legacy export and legacy check."
126
128
  def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity
127
129
  config = InspecPlugins::Compliance::Configuration.new
128
130
  return unless loggedin(config)
@@ -155,7 +157,7 @@ module InspecPlugins
155
157
  puts msg
156
158
  }
157
159
 
158
- result = profile.check
160
+ result = options["legacy"] ? profile.legacy_check : profile.check
159
161
  unless result[:summary][:valid]
160
162
  error.call("Profile check failed. Please fix the profile before upload.")
161
163
  else
@@ -191,7 +193,7 @@ module InspecPlugins
191
193
  generated = true
192
194
  archive_path = Dir::Tmpname.create([profile_name, ".tar.gz"]) {}
193
195
  puts "Generate temporary profile archive at #{archive_path}"
194
- profile.archive({ output: archive_path, ignore_errors: false, overwrite: true })
196
+ profile.archive({ output: archive_path, ignore_errors: false, overwrite: true, legacy_export: options["legacy"] })
195
197
  else
196
198
  archive_path = path
197
199
  end
data/lib/source_readers/inspec.rb CHANGED
@@ -66,7 +66,7 @@ module SourceReaders
66
66
  end
67
67
 
68
68
  def load_readme
69
- load_all(/README.md/)
69
+ load_all(/README(\.md)?$/)
70
70
  end
71
71
  end
72
72
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.22.55
4
+ version: 5.22.65
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chef InSpec Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-29 00:00:00.000000000 Z
11
+ date: 2024-12-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-telemetry
@@ -861,7 +861,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
861
861
  requirements:
862
862
  - - ">="
863
863
  - !ruby/object:Gem::Version
864
- version: '2.7'
864
+ version: 3.0.3
865
865
  required_rubygems_version: !ruby/object:Gem::Requirement
866
866
  requirements:
867
867
  - - ">="