RubyGems - inspec-core - Versions diffs - 5.22.55 → 5.22.65 - Mend

inspec-core 5.22.55 → 5.22.65

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/Gemfile +15 -0
data/inspec-core.gemspec +3 -1
data/lib/inspec/resources/oracledb_session.rb +5 -8
data/lib/inspec/resources/postgres_session.rb +1 -1
data/lib/inspec/version.rb +1 -1
data/lib/plugins/inspec-compliance/README.md +11 -1
data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +4 -2
data/lib/source_readers/inspec.rb +1 -1
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5b84448a3befad076d31e888ef81ca567f4fb398dc73f215abebb8af76021bc5
-  data.tar.gz: 03b2b4ea7321ceba11f2f043c4dc76ede8652f3d24b0e9a7fcca08cd648572d0
+  metadata.gz: 5a7f8456410caebef0bb3dfdad7df4d9aac0e72d33effef12d1581c919be2e54
+  data.tar.gz: ca21ae25ee3c9d43e1820d45663b6232e0be0dd3c336305acf15628c1cc68c37
 SHA512:
-  metadata.gz: 819f0ccd7d978c1f71f3e3cfe22f922c4bcdf763a09b55e5d9fe4eb2406a2c759671af09987ba4267abcc4505f517d8c2f6e0bfe9bcc62bcfd05f91a17474ca9
-  data.tar.gz: 8920507c3d2cb040f21c5e6309defc3a32c1f4000ee4b4bccba793ce0038c8eac3c84aa2f7247833e57635ed757e3b8e5d8a4b1977b859a0fb975af31ca3aa54
+  metadata.gz: 0f822677d07b5c1d2c8b70f23ad6cf94f303686200cc9b68683fc54af2d0e362ae257278bdcb510febeefff2e1f163aadc42a019dbe39089444665d80c29da28
+  data.tar.gz: 6800aef92c54e66bc4fcf2fe604326c8caaae4514bbf2a11aa913d3a2f18a9f8d6775427d81fdc1bf1c59f25a588f36b94c59af4ab69f155634b47eaf3944015

data/Gemfile CHANGED Viewed

@@ -49,3 +49,18 @@ end
 group :deploy do
   gem "inquirer"
 end
+# Build is failing - see: https://buildkite.com/chef-oss/inspec-inspec-inspec-5-verify/builds/442
+# Error:
+# zeitwerk-2.7.1 requires Ruby >= 3.2, which is incompatible with the current version (Ruby 3.0.7p220)
+# Dependency chain:
+# zeitwerk → dry-configurable, dry-struct, dry-types → k8s-ruby → train-kubernetes
+# Pinning zeitwerk to ~> 2.6 to avoid Ruby >= 3.2 requirement.
+# Remove this pin when upgrading to Ruby 3.2 or higher.
+gem "zeitwerk", "~> 2.6.0", "< 2.7"
+# Pinning securerandom to < 0.4.0 as it is breaking the build because 0.4.0 is incompatible with the current version, ruby 3.0.x on CI
+# Remove this pin when upgrading to Ruby 3.1 or higher on CI.
+gem "securerandom", "< 0.4.0" if RUBY_VERSION < "3.1.0"

data/inspec-core.gemspec CHANGED Viewed

@@ -13,7 +13,9 @@ Gem::Specification.new do |spec|
   spec.license       = "Apache-2.0"
   spec.require_paths = ["lib"]
-  spec.required_ruby_version = ">= 2.7"
+  # We want to support ruby 3.0 as Chef is using ruby to support AIX and we want to make sure InSpec works with it. (Ref: https://github.com/chef/chef/pull/13207)
+  # TODO: Once we have Chef working fully with ruby 3.1 we can drop ruby 3.0
+  spec.required_ruby_version = ">= 3.0.3"
   # the gemfile and gemspec are necessary for appbundler so don't remove it
   spec.files =

data/lib/inspec/resources/oracledb_session.rb CHANGED Viewed

@@ -57,7 +57,7 @@ module Inspec::Resources
       inspec_cmd = inspec.command(command)
       out = inspec_cmd.stdout + "\n" + inspec_cmd.stderr
-      if inspec_cmd.exit_status != 0 || !inspec_cmd.stderr.empty? || out.downcase =~ /^error.*/
+      if inspec_cmd.exit_status != 0 || out.downcase =~ /^error.*/
         raise Inspec::Exceptions::ResourceFailed, "Oracle query with errors: #{out}"
       else
         begin
@@ -134,10 +134,8 @@ module Inspec::Resources
     end
     def escape_query(query)
-      # https://github.com/inspec/inspec/security/code-scanning/7
-      # https://github.com/inspec/inspec/security/code-scanning/8
-      escaped_query = query.gsub(/["\\]/) { |match| match == '"' ? '\\"' : "\\\\" } # Escape backslashes and double quotes
-      escaped_query.gsub!("$", '\\$') unless escaped_query.include? "\\$" # Escape dollar signs, but only if not already escaped
+      escaped_query = query.gsub(/\\\\/, "\\").gsub(/"/, '\\"')
+      escaped_query = escaped_query.gsub("$", '\\$') unless escaped_query.include? "\\$"
       escaped_query
     end
@@ -145,9 +143,8 @@ module Inspec::Resources
       output = stdout.split("oracle_query_string")[-1]
       # comma_query_sub replaces the csv delimiter "," in the output.
       # Handles CSV parsing of data like this (DROP,3) etc
-      # Replace all occurrences of the target pattern using gsub instead of sub
-      # Issue detected: https://github.com/inspec/inspec/security/code-scanning/9
-      output = output.gsub(/\r/, "").strip.gsub(",", "comma_query_sub")
+      output = output.sub(/\r/, "").strip.gsub(",", "comma_query_sub")
       converter = ->(header) { header.downcase }
       CSV.parse(output, headers: true, header_converters: converter).map do |row|
         next if row.entries.flatten.empty?

data/lib/inspec/resources/postgres_session.rb CHANGED Viewed

@@ -55,7 +55,7 @@ module Inspec::Resources
       psql_cmd = create_psql_cmd(query, db)
       cmd = inspec.command(psql_cmd, redact_regex: %r{(:\/\/[a-z]*:).*(@)})
       out = cmd.stdout + "\n" + cmd.stderr
-      if cmd.exit_status != 0 && ( out =~ /could not connect to/ || out =~ /password authentication failed/ ) && out.downcase =~ /error:/
+      if cmd.exit_status != 0 && ( out =~ /could not connect to/ || out =~ /password authentication failed/ ) && (out.downcase =~ /error:/ || out.downcase =~ /fatal:/)
         raise Inspec::Exceptions::ResourceFailed, "PostgreSQL connection error: #{out}"
       elsif cmd.exit_status != 0 && out.downcase =~ /error:/
         Lines.new(out, "PostgreSQL query with error: #{query}", cmd.exit_status)

data/lib/inspec/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "5.22.55".freeze
+  VERSION = "5.22.65".freeze
 end

data/lib/plugins/inspec-compliance/README.md CHANGED Viewed

@@ -14,8 +14,18 @@ To use the CLI, this InSpec add-on adds the following commands:
  * `$ inspec automate profiles` - list all available Compliance profiles
  * `$ inspec exec compliance://profile` - runs a Compliance profile
  * `$ inspec automate upload path/to/local/profile` - uploads a local profile to Chef Automate/Chef Compliance
+ * `$ inspec automate upload path/to/local/profile --legacy` - uploads a local profile to Chef Automate/Chef Compliance using legacy functionalities of inspec check and inspec export
+    *Options*:
+    ```
+      [--overwrite], [--no-overwrite]  # Overwrite existing profile on Server.
+      [--owner=OWNER]                  # Owner that should own the profile
+      [--legacy], [--no-legacy]        # Enable legacy functionality, activating both legacy export and legacy check.
+    uploads a local profile to Chef Automate
+    ```
  * `$ inspec automate logout` - logout of Chef Automate/Chef Compliance
  Similar to these CLI commands are:
  * `$ inspec compliance login` - authentication of the API token against Chef Automate/Chef Compliance

data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb CHANGED Viewed

@@ -123,6 +123,8 @@ module InspecPlugins
         desc: "Overwrite existing profile on Server."
       option :owner, type: :string, required: false,
         desc: "Owner that should own the profile"
+      option :legacy, type: :boolean, default: false,
+        desc: "Enable legacy functionality, activating both legacy export and legacy check."
       def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity
         config = InspecPlugins::Compliance::Configuration.new
         return unless loggedin(config)
@@ -155,7 +157,7 @@ module InspecPlugins
           puts msg
         }
-        result = profile.check
+        result = options["legacy"] ? profile.legacy_check : profile.check
         unless result[:summary][:valid]
           error.call("Profile check failed. Please fix the profile before upload.")
         else
@@ -191,7 +193,7 @@ module InspecPlugins
           generated = true
           archive_path = Dir::Tmpname.create([profile_name, ".tar.gz"]) {}
           puts "Generate temporary profile archive at #{archive_path}"
-          profile.archive({ output: archive_path, ignore_errors: false, overwrite: true })
+          profile.archive({ output: archive_path, ignore_errors: false, overwrite: true, legacy_export: options["legacy"] })
         else
           archive_path = path
         end

data/lib/source_readers/inspec.rb CHANGED Viewed

@@ -66,7 +66,7 @@ module SourceReaders
     end
     def load_readme
-      load_all(/README.md/)
+      load_all(/README(\.md)?$/)
     end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 5.22.55
+  version: 5.22.65
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-07-29 00:00:00.000000000 Z
+date: 2024-12-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -861,7 +861,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.7'
+      version: 3.0.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="