inspec-core 5.22.58 → 5.22.72

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 02f7fb4aedd2162975d1cbf01938cc2e749fb4a935dbe1d52b4e6ecee3bb360f
-  data.tar.gz: 277ae958544f136bf8f2444d839dfc45d378506be00c587689813b98cd798439
+  metadata.gz: 1561e49537c4bd8b615a78d099d922a0915c71429fcdfb4ca6197105712ca3aa
+  data.tar.gz: d756477c4172ff54a6a69f6905c0f0034b484f9ca38b45fda8a7d6efa7c5f748
 SHA512:
-  metadata.gz: 484a35f9b50804ebcd94b3234881ebc2d4dc5518bd9df66c9af42f37c314586f8b6305972045e9c23f2d3e04fdbba95de9ed386ce3c4e0ce95fc54bc002cdc38
-  data.tar.gz: 31c1e550ab9532a8ddc5c3447dec9a518b7699cb39c979a28cbf5b53eab860abfd4589b220331ef98a0e8b937ebdae1e0840e534a454f2e6050d674adcdf4810
+  metadata.gz: 93849cdca52ac4bc4bec15aebd4933e623229f4c10378fb2d85316c6496d45cc9ebe7ed2e1c1aa4f1a296779237cb06b204f5d61af8f7d1a7b2642c9a9e4720a
+  data.tar.gz: 54988d5e27e76412c03eca453f7887414a536ee16607fbf2c1ecd7e502136f555700bba9c88e59967ab6857fa198c4138b517090183f31b72e88f54a46926669

data/Gemfile

@@ -12,7 +12,7 @@ gem "inspec-bin", path: "./inspec-bin"
 # ffi version v1.17.0 is breaking verify pipeline as it requires
 # rubygems version to be upgraded to >= 3.3.22 Ref:https://buildkite.com/chef/inspec-inspec-main-verify-private/builds/812#018fe177-2ccb-45ed-a25e-213c8a6453df/698-707
 
-gem "ffi", ">= 1.15.5", "< 1.18.0"
+gem "ffi", ">= 1.15.5", "< 1.17.0"
 
 # We have a build issue 2023-11-13 with unf_ext 0.0.9 so we are pinning to 0.0.8.2
 # See https://github.com/knu/ruby-unf_ext/issues/74 https://buildkite.com/chef/inspec-inspec-inspec-5-omnibus-release/builds/22
@@ -37,7 +37,8 @@ group :test do
   gem "minitest-sprint", "~> 1.0"
   gem "minitest", "5.15.0"
   gem "mocha"
-  gem "nokogiri"
+  # Pinning this version as it breaking for ruby 3.1.0
+  gem "nokogiri", "< 1.17.2"
   gem "pry-byebug"
   gem "pry"
   gem "rake"
@@ -49,3 +50,23 @@ end
 group :deploy do
   gem "inquirer"
 end
+
+# Build is failing - see: https://buildkite.com/chef-oss/inspec-inspec-inspec-5-verify/builds/442
+# Error:
+# zeitwerk-2.7.1 requires Ruby >= 3.2, which is incompatible with the current version (Ruby 3.0.7p220)
+
+# Dependency chain:
+# zeitwerk → dry-configurable, dry-struct, dry-types → k8s-ruby → train-kubernetes
+
+# Pinning zeitwerk to ~> 2.6 to avoid Ruby >= 3.2 requirement.
+# Remove this pin when upgrading to Ruby 3.2 or higher.
+gem "zeitwerk", "~> 2.6.0", "< 2.7"
+
+# Pinning dry-core,dry-core,dry-types to < 1.1.0 as it is breaking the build because 1.1.0 is incompatible with the current version, ruby 3.0.x on CI
+gem "dry-types", "<= 1.7.2" if RUBY_VERSION < "3.1.0"
+gem "dry-core", "> 1.0.0", "< 1.1.0" if RUBY_VERSION < "3.1.0"
+gem "dry-inflector", "<= 1.1.0" if RUBY_VERSION < "3.1.0"
+
+# Pinning securerandom to < 0.4.0 as it is breaking the build because 0.4.0 is incompatible with the current version, ruby 3.0.x on CI
+# Remove this pin when upgrading to Ruby 3.1 or higher on CI.
+gem "securerandom", "< 0.4.0" if RUBY_VERSION < "3.1.0"

data/inspec-core.gemspec

@@ -36,7 +36,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "rspec-its",                "~> 1.2"
   spec.add_dependency "pry",                      "~> 0.13"
   spec.add_dependency "hashie",                   ">= 3.4", "< 6.0"
-  spec.add_dependency "mixlib-log",               "~> 3.0"
+  spec.add_dependency "mixlib-log",               "~> 3.0", "< 3.2"
   spec.add_dependency "sslshake",                 "~> 1.2"
   spec.add_dependency "parallel",                 "~> 1.9"
   spec.add_dependency "faraday",                  ">= 1", "< 3"

data/lib/inspec/resources/groups.rb

@@ -200,8 +200,60 @@ module Inspec::Resources
   # implements generic unix groups via /etc/group
   class UnixGroup < GroupInfo
     def groups
+      get_group_info
+    end
+
+    private
+
+    def get_group_info
+      # First, try to fetch group info using getent
+      group_info = fetch_group_info_using_getent
+
+      return group_info unless group_info.empty?
+
+      # If getent fails, fallback to reading group info from /etc/group using inspec.etc_group.entries
+      Inspec::Log.debug("Falling back to reading group info from /etc/group as getent is unavailable or failed.")
       inspec.etc_group.entries
     end
+
+    # Fetches group information using the getent utility
+    def fetch_group_info_using_getent
+      # Find getent utility on the system
+      bin = find_getent_utility
+
+      # If getent is available, fetch group info
+      return [] unless bin
+
+      cmd = inspec.command("#{bin} group")
+      return parse_group_info(cmd) if cmd.exit_status.to_i == 0
+
+      # If getent fails, log the error and return an empty array
+      Inspec::Log.debug("Failed to execute #{bin} group: #{cmd.stderr}.")
+      []
+    end
+
+    # Parses group info from the command output
+    def parse_group_info(cmd)
+      cmd.stdout.strip.split("\n").map do |line|
+        name, password, gid, members = line.split(":")
+        {
+          "name" => name,
+          "password" => password,
+          "gid" => gid.to_i,
+          "members" => members,
+        }
+      end
+    end
+
+    # Checks if getent exists on the system
+    def find_getent_utility
+      %w{/usr/bin/getent /bin/getent getent}.each do |cmd|
+        return cmd if inspec.command(cmd).exist?
+      end
+      # Log debug information if getent is not found
+      Inspec::Log.debug("Could not find `getent` on your system.")
+      nil # Return nil if getent is not found
+    end
   end
 
   # OSX uses opendirectory for groups, so `/etc/group` may not be fully accurate

data/lib/inspec/resources/postgres_session.rb

@@ -1,7 +1,7 @@
 # copyright: 2015, Vulcano Security GmbH
 
 require "shellwords" unless defined?(Shellwords)
-
+require "cgi" unless defined?(CGI)
 module Inspec::Resources
   class Lines
     attr_reader :output, :exit_status
@@ -74,6 +74,10 @@ module Inspec::Resources
       Shellwords.escape(query)
     end
 
+    def encoded_password(password)
+      CGI.escape(password)
+    end
+
     def create_psql_cmd(query, db = [])
       dbs = db.map { |x| "#{x}" }.join(" ")
 
@@ -82,14 +86,14 @@ module Inspec::Resources
         # Socket connection only enabled for non-windows platforms
         # Windows does not support unix domain sockets
         option_port = @port.nil? ? "" : "-p #{@port}" # add explicit port if specified
-        "psql -d postgresql://#{@user}:#{@pass}@/#{dbs}?host=#{@socket_path} #{option_port} -A -t -w -c #{escaped_query(query)}"
+        "psql -d postgresql://#{@user}:#{encoded_password(@pass)}@/#{dbs}?host=#{@socket_path} #{option_port} -A -t -w -c #{escaped_query(query)}"
       else
         # Host in connection string establishes tcp/ip connection
         if inspec.os.windows?
           warn "Socket based connection not supported in windows, connecting using host" if @socket_path
-          "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c \"#{query}\""
+          "psql -d postgresql://#{@user}:#{encoded_password(@pass)}@#{@host}:#{@port}/#{dbs} -A -t -w -c \"#{query}\""
         else
-          "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c #{escaped_query(query)}"
+          "psql -d postgresql://#{@user}:#{encoded_password(@pass)}@#{@host}:#{@port}/#{dbs} -A -t -w -c #{escaped_query(query)}"
         end
       end
     end

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "5.22.58".freeze
+  VERSION = "5.22.72".freeze
 end

data/lib/plugins/inspec-compliance/README.md

@@ -14,8 +14,18 @@ To use the CLI, this InSpec add-on adds the following commands:
  * `$ inspec automate profiles` - list all available Compliance profiles
  * `$ inspec exec compliance://profile` - runs a Compliance profile
  * `$ inspec automate upload path/to/local/profile` - uploads a local profile to Chef Automate/Chef Compliance
+ * `$ inspec automate upload path/to/local/profile --legacy` - uploads a local profile to Chef Automate/Chef Compliance using legacy functionalities of inspec check and inspec export
+
+    *Options*:
+    ```
+      [--overwrite], [--no-overwrite]  # Overwrite existing profile on Server.
+      [--owner=OWNER]                  # Owner that should own the profile
+      [--legacy], [--no-legacy]        # Enable legacy functionality, activating both legacy export and legacy check.
+
+    uploads a local profile to Chef Automate
+    ```
  * `$ inspec automate logout` - logout of Chef Automate/Chef Compliance
- 
+
  Similar to these CLI commands are:
 
  * `$ inspec compliance login` - authentication of the API token against Chef Automate/Chef Compliance

data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb

@@ -123,6 +123,8 @@ module InspecPlugins
         desc: "Overwrite existing profile on Server."
       option :owner, type: :string, required: false,
         desc: "Owner that should own the profile"
+      option :legacy, type: :boolean, default: false,
+        desc: "Enable legacy functionality, activating both legacy export and legacy check."
       def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity
         config = InspecPlugins::Compliance::Configuration.new
         return unless loggedin(config)
@@ -155,7 +157,7 @@ module InspecPlugins
           puts msg
         }
 
-        result = profile.check
+        result = options["legacy"] ? profile.legacy_check : profile.check
         unless result[:summary][:valid]
           error.call("Profile check failed. Please fix the profile before upload.")
         else
@@ -191,7 +193,7 @@ module InspecPlugins
           generated = true
           archive_path = Dir::Tmpname.create([profile_name, ".tar.gz"]) {}
           puts "Generate temporary profile archive at #{archive_path}"
-          profile.archive({ output: archive_path, ignore_errors: false, overwrite: true })
+          profile.archive({ output: archive_path, ignore_errors: false, overwrite: true, legacy_export: options["legacy"] })
         else
           archive_path = path
         end

data/lib/source_readers/inspec.rb

@@ -66,7 +66,7 @@ module SourceReaders
     end
 
     def load_readme
-      load_all(/README.md/)
+      load_all(/README(\.md)?$/)
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 5.22.58
+  version: 5.22.72
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-08-27 00:00:00.000000000 Z
+date: 2025-03-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -185,6 +185,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -192,6 +195,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.2'
 - !ruby/object:Gem::Dependency
   name: sslshake
   requirement: !ruby/object:Gem::Requirement