inspec-core 5.22.65 → 6.6.0

data/lib/plugins/inspec-parallel/lib/inspec-parallel/runner.rb

@@ -0,0 +1,265 @@
+require "inspec/cli"
+require "concurrent"
+require_relative "super_reporter/base"
+
+module InspecPlugins
+  module Parallelism
+    class Runner
+      attr_accessor :invocations, :sub_cmd, :total_jobs, :run_in_background, :log_path
+
+      def initialize(invocations, cli_options, sub_cmd = "exec")
+        @invocations = invocations
+        @sub_cmd = sub_cmd
+        @total_jobs = cli_options["jobs"] || Concurrent.physical_processor_count
+        @child_tracker = {}
+        @child_tracker_persisted = {}
+        @run_in_background = cli_options["bg"]
+        unless run_in_background
+          @ui = InspecPlugins::Parallelism::SuperReporter.make(cli_options["ui"], total_jobs, invocations)
+        end
+        @log_path = cli_options["log_path"]
+      end
+
+      def run
+        initiate_background_run if run_in_background # running a process as daemon changes parent process pid
+        until invocations.empty? && @child_tracker.empty?
+          while should_start_more_jobs?
+            if Inspec.locally_windows?
+              spawn_another_process
+            else
+              fork_another_process
+            end
+          end
+
+          update_ui_poll_select
+          cleanup_child_processes
+          sleep 0.1
+        end
+
+        # Requires renaming operations on windows only
+        # Do Rename and delete operations after all child processes have exited successfully
+        rename_error_log_files if Inspec.locally_windows?
+        cleanup_empty_error_log_files
+        cleanup_daemon_process if run_in_background
+      end
+
+      def initiate_background_run
+        if Inspec.locally_windows?
+          Inspec::UI.new.exit(:usage_error)
+        else
+          Process.daemon(true, true)
+        end
+      end
+
+      def cleanup_daemon_process
+        current_process_id = Process.pid
+        Process.kill(9, current_process_id)
+        # DO NOT TRY TO REFACTOR IT THIS WAY
+        # Calling Process.kill(9,Process.pid) kills the "stopper" process itself, rather than the one it's trying to stop.
+      end
+
+      def cleanup_empty_error_log_files
+        logs_dir_path = log_path || Dir.pwd
+        error_files = Dir.glob("#{logs_dir_path}/logs/*.err")
+        error_files.each do |error_file|
+          if File.exist?(error_file) && !File.size?(error_file)
+            File.delete(error_file)
+          end
+        end
+      end
+
+      def kill_child_processes
+        @child_tracker.each do |pid, info|
+          Process.kill("SIGKILL", pid)
+        rescue Exception => e
+          $stderr.puts "Error while shutting down process #{pid}: #{e.message}"
+        end
+        # Waiting for child processes to die after they have been killed
+        wait_for_child_processes_to_die
+      end
+
+      def wait_for_child_processes_to_die
+        until @child_tracker.empty?
+          begin
+            exited_pid = Process.waitpid(-1, Process::WNOHANG)
+            @child_tracker.delete exited_pid if exited_pid && exited_pid > 0
+            sleep 1
+          rescue Errno::ECHILD
+            Inspec::Log.info "Processes shutdown complete!"
+          rescue Exception => e
+            Inspec::Log.debug "Error while waiting for child processes to shutdown: #{e.message}"
+          end
+        end
+      end
+
+      def rename_error_log_files
+        @child_tracker_persisted.each do |pid, info|
+          rename_error_log(info[:error_log_file], pid)
+        end
+      end
+
+      def should_start_more_jobs?
+        @child_tracker.length < total_jobs && !invocations.empty?
+      end
+
+      def spawn_another_process
+        invocation = invocations.shift[:value]
+
+        child_reader, parent_writer = IO.pipe
+        begin
+          logs_dir_path = log_path || Dir.pwd
+          log_dir = File.join(logs_dir_path, "logs")
+          FileUtils.mkdir_p(log_dir)
+          error_log_file = File.open("#{log_dir}/#{Time.now.nsec}.err", "a+")
+          cmd = "#{$0} #{sub_cmd} #{invocation}"
+          log_msg = "#{Time.now.iso8601} Start Time: #{Time.now}\n#{Time.now.iso8601} Arguments: #{invocation}\n"
+          child_pid = Process.spawn(cmd, out: parent_writer, err: error_log_file.path)
+
+          # Logging
+          create_logs(child_pid, log_msg)
+          @child_tracker[child_pid] = { io: child_reader }
+
+          # This is used to rename error log files after all child processes are exited
+          @child_tracker_persisted[child_pid] = { error_log_file: error_log_file }
+          @ui.child_spawned(child_pid, invocation)
+
+          # Close the file to unlock the error log files opened by processes
+          error_log_file.close
+        rescue StandardError => e
+          $stderr.puts "#{Time.now.iso8601} Error Message: #{e.message}"
+          $stderr.puts "#{Time.now.iso8601} Error Backtrace: #{e.backtrace}"
+        end
+      end
+
+      def fork_another_process
+        invocation = invocations.shift[:value] # Be sure to do this shift() in parent process
+        # thing_that_reads_from_the_child, thing_that_writes_to_the_parent = IO.pipe
+        child_reader, parent_writer = IO.pipe
+        if (child_pid = Process.fork)
+          # In parent with newly forked child
+          parent_writer.close
+          @child_tracker[child_pid] = { io: child_reader }
+          @ui.child_forked(child_pid, invocation) unless run_in_background
+        else
+          # In child
+          child_reader.close
+          # replace stdout with writer
+          $stdout = parent_writer
+          create_logs(Process.pid, nil, $stderr)
+
+          begin
+            create_logs(
+              Process.pid,
+              "#{Time.now.iso8601} Start Time: #{Time.now}\n#{Time.now.iso8601} Arguments: #{invocation}\n"
+            )
+            runner_invocation(invocation)
+          rescue StandardError => e
+            $stderr.puts "#{Time.now.iso8601} Error Message: #{e.message}"
+            $stderr.puts "#{Time.now.iso8601} Error Backtrace: #{e.backtrace}"
+          end
+
+          # should be unreachable but child MUST exit
+          exit(42)
+        end
+      end
+
+      # Still in parent
+      # Loop over children and check for finished processes
+      def cleanup_child_processes
+        @child_tracker.each do |pid, info|
+          if Process.wait(pid, Process::WNOHANG)
+            # Expect to (probably) find EOF marker on the pipe, and close it if so
+            update_ui_poll_select(pid)
+
+            create_logs(pid, "#{Time.now.iso8601} Exit code: #{$?}\n")
+
+            # child exited - status in $?
+            @ui.child_exited(pid) unless run_in_background
+            @child_tracker.delete pid
+          end
+        end
+      end
+
+      def update_ui_poll_select(target_pid = nil)
+        # Focus on one pid's pipe if specified, otherwise poll all pipes
+        pipes_for_reading = target_pid ? [ @child_tracker[target_pid][:io] ] : @child_tracker.values.map { |i| i[:io] }
+        # Next line is due to a race between the close() and the wait()... shouldn't need it, but it fixes the race.
+        pipes_for_reading.reject!(&:closed?)
+        ready_pipes = IO.select(pipes_for_reading, [], [], 0.1)
+        return unless ready_pipes
+
+        ready_pipes[0].each do |pipe_ready_for_reading|
+          # If we weren't provided a PID, hackishly look up the pid from the matching IO.
+          pid = target_pid || @child_tracker.keys.detect { |p| @child_tracker[p][:io] == pipe_ready_for_reading }
+          begin
+            while (update_line = pipe_ready_for_reading.readline) && !pipe_ready_for_reading.closed?
+              if update_line =~ /EOF_MARKER/
+                pipe_ready_for_reading.close
+                break
+              elsif update_line =~ /WARN/ || update_line =~ /ERROR/ || update_line =~ /INFO/
+                create_logs(
+                  pid,
+                  "#{Time.now.iso8601} Extra log: #{update_line}\n"
+                )
+                break
+              end
+              update_ui_with_line(pid, update_line) unless run_in_background
+              # Only pull one line if we are doing normal updates; slurp the whole file
+              # if we are doing a final pull on a targeted PID
+              break unless target_pid
+            end
+          rescue EOFError
+            # On unix, readline throws an EOFError when we hit the end. On Windows, nothing apparently happens.
+            pipe_ready_for_reading.close
+            next
+          end
+        end
+        # TODO: loop over ready_pipes[2] and handle errors?
+      end
+
+      def update_ui_with_line(pid, update_line)
+        @ui.child_status_update_line(pid, update_line)
+      end
+
+      private
+
+      def runner_invocation(runner_option)
+        splitted_result = runner_option.split(" ")
+        profile_to_run = splitted_result[0]
+        splitted_result.delete_at(0)
+
+        # thor invocation
+        arguments = [sub_cmd, profile_to_run, splitted_result].flatten
+        Inspec::InspecCLI.start(arguments, enforce_license: true)
+      end
+
+      def create_logs(child_pid, run_log , stderr = nil)
+        logs_dir_path = log_path || Dir.pwd
+        log_dir = File.join(logs_dir_path, "logs")
+        FileUtils.mkdir_p(log_dir)
+
+        if stderr
+          log_file = File.join(log_dir, "#{child_pid}.err") unless File.exist?("#{child_pid}.err")
+          stderr.reopen(log_file, "a")
+        else
+          log_file = File.join(log_dir, "#{child_pid}.log") unless File.exist?("#{child_pid}.log")
+          File.write(log_file, run_log, mode: "a")
+        end
+      end
+
+      def rename_error_log(error_log_file, child_pid)
+        logs_dir_path = log_path || Dir.pwd
+        log_dir = File.join(logs_dir_path, "logs")
+        FileUtils.mkdir_p(log_dir)
+
+        if error_log_file.closed? && File.exist?(error_log_file.path)
+          begin
+            File.rename("#{error_log_file.path}", "#{log_dir}/#{child_pid}.err")
+          rescue
+            $stderr.puts "Cannot rename error log file #{error_log_file.path} for child pid #{child_pid}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/plugins/inspec-parallel/lib/inspec-parallel/super_reporter/base.rb

@@ -0,0 +1,24 @@
+module InspecPlugins::Parallelism
+  class SuperReporter
+
+    def self.make(type, job_count, invocations)
+      Object.const_get("InspecPlugins::Parallelism::SuperReporter::" + (type[0].upcase + type[1..-1])).new(job_count, invocations)
+    end
+
+    class Base
+      def initialize(job_count, invocations); end
+
+      def child_spawned(pid, invocation); end
+
+      def child_forked(pid, invocation); end
+
+      def child_exited(pid); end
+
+      def child_status_update_line(pid, update_line); end
+    end
+
+    require_relative "text"
+    require_relative "status"
+    require_relative "silent"
+  end
+end

data/lib/plugins/inspec-parallel/lib/inspec-parallel/super_reporter/silent.rb

@@ -0,0 +1,7 @@
+module InspecPlugins::Parallelism
+  class SuperReporter
+    class Silent < InspecPlugins::Parallelism::SuperReporter::Base
+      # This is a silent super reporter with no reporting functionality.
+    end
+  end
+end

data/lib/plugins/inspec-parallel/lib/inspec-parallel/super_reporter/status.rb

@@ -0,0 +1,124 @@
+require "highline"
+
+module InspecPlugins::Parallelism
+  class SuperReporter
+    class Status < InspecPlugins::Parallelism::SuperReporter::Base
+
+      attr_reader :status_by_pid, :slots
+
+      def initialize(job_count, invocations)
+        @status_by_pid = {}
+        @slots = Array.new(job_count)
+        paint_header(job_count, invocations)
+        paint
+      end
+
+      # --------
+      # SuperReporter API
+      # --------
+      def child_spawned(pid, invocation)
+        new_child("spawned", pid, invocation)
+      end
+
+      def child_forked(pid, invocation)
+        new_child("forked", pid, invocation)
+      end
+
+      def child_exited(pid)
+        slots[status_by_pid[pid][:slot]] = "exited"
+
+        status_by_pid[pid][:pct] = 100.0
+        status_by_pid[pid][:slot] = nil
+        status_by_pid[pid][:exit] = $?
+
+        # TODO: consider holding slot in 100 status for UI grace
+
+        paint
+      end
+
+      def child_status_update_line(pid, update_line)
+        control_serial, status, control_count, title = update_line.split("/")
+        percent = 100.0 * control_serial.to_i / control_count.to_i.to_f
+
+        status_by_pid[pid][:pct] = percent
+        status_by_pid[pid][:last_control] = title
+        status_by_pid[pid][:last_status] = status
+
+        paint
+      end
+
+      # --------
+      # Utilities
+      # --------
+      private
+
+      def new_child(how, pid, invocation)
+        # Update status by PID with new info
+        status_by_pid[pid] = {
+          pct: 0.0,
+          inv: invocation,
+          how: how,
+        }
+
+        # Assign first empty slot
+        slots.each_index do |idx|
+          next unless slots[idx].nil? || slots[idx] == "exited"
+
+          slots[idx] = pid
+          status_by_pid[pid][:slot] = idx
+          break
+        end
+
+        # TODO: consider printing log message
+        paint
+      end
+
+      def terminal_width
+        return @terminal_width if @terminal_width
+
+        @highline ||= HighLine.new
+        width = @highline.output_cols.to_i
+        width = 80 if width < 1
+        @terminal_width = width
+      end
+
+      def paint
+        # Determine the width of a slot
+        slot_width = terminal_width / slots.length
+        line = ""
+        # Loop over slots
+        slots.each_index do |idx|
+          if slots[idx].nil?
+            # line += "idle".center(slot_width)
+            # Need to improve UI
+          elsif slots[idx] == "exited"
+            line += "Done".center(slot_width)
+          else
+            pid = slots[idx]
+            with_pid = format("%s: %0.1f%%", pid, status_by_pid[pid][:pct])
+            if with_pid.length <= slot_width - 2
+              line += with_pid.center(slot_width)
+            else
+              line += format("%0.1f%%", status_by_pid[pid][:pct]).center(slot_width)
+            end
+          end
+        end
+
+        print "\r" + (" " * terminal_width) + "\r"
+        print line
+      end
+
+      def paint_header(jobs, invocations)
+        puts "InSpec Parallel".center(terminal_width)
+        puts "Running #{invocations.length} invocations in #{jobs} slots".center(terminal_width)
+        puts "-" * terminal_width
+        slot_width = terminal_width / slots.length
+        slots.each_index do |idx|
+          print "Slot #{idx + 1}".center(slot_width)
+        end
+        puts
+        puts "-" * terminal_width
+      end
+    end
+  end
+end

data/lib/plugins/inspec-parallel/lib/inspec-parallel/super_reporter/text.rb

@@ -0,0 +1,23 @@
+module InspecPlugins::Parallelism
+  class SuperReporter
+    class Text < InspecPlugins::Parallelism::SuperReporter::Base
+      def child_spawned(pid, _inv)
+        puts "[#{Time.now.iso8601}] Spawned child PID #{pid}"
+      end
+
+      def child_forked(pid, _inv)
+        puts "[#{Time.now.iso8601}] Forked child PID #{pid}"
+      end
+
+      def child_exited(pid)
+        puts "[#{Time.now.iso8601}] Exited child PID #{pid} status #{$?}"
+      end
+
+      def child_status_update_line(pid, update_line)
+        control_serial, _status, control_count, _title = update_line.split("/")
+        percent = 100.0 * control_serial.to_i / control_count.to_i.to_f
+        puts "[#{Time.now.iso8601}] #{pid} " + format("%.1f%%", percent)
+      end
+    end
+  end
+end

data/lib/plugins/inspec-parallel/lib/inspec-parallel/validator.rb

@@ -0,0 +1,170 @@
+require "inspec/cli"
+module InspecPlugins
+  module Parallelism
+    class Validator
+
+      # TODO: make this list dynamic so plugins can self-declare
+      PARALLEL_SAFE_REPORTERS = [
+        "automate",      # Performs HTTP transactions, silent on STDOUT
+        "child-status",  # Writes dedicated protocol to STDOUT, expected by parent
+      ].freeze
+
+      attr_accessor :invocations, :sub_cmd, :thor_options_for_sub_cmd, :aliases_mapping, :cli_options, :config_content, :stdin_config
+
+      def initialize(invocations, cli_options, sub_cmd = "exec")
+        @invocations = invocations
+        @sub_cmd = sub_cmd
+        @thor_options_for_sub_cmd = Inspec::InspecCLI.commands[sub_cmd].options
+        @aliases_mapping = create_aliases_mapping
+        @cli_options = cli_options
+        @config_content = nil
+        @stdin_config = nil
+      end
+
+      def validate
+        invocations.each do |invocation_data|
+          invocation_data[:validation_errors] = []
+
+          convert_cli_to_thor_options(invocation_data)
+          check_for_spurious_options(invocation_data)
+          check_for_required_fields(invocation_data)
+          check_for_reporter_options(invocation_data)
+
+        end
+      end
+
+      def validate_log_path
+        return [] unless cli_options["log_path"]
+
+        if File.directory?(cli_options["log_path"])
+          []
+        else
+          [true, "Log path #{cli_options["log_path"]} is not accessible"]
+        end
+      end
+
+      private
+
+      def create_aliases_mapping
+        alias_mapping = {}
+        thor_options_for_sub_cmd.each do |_, sub_cmd_option|
+          aliases = sub_cmd_option.aliases
+          unless aliases.empty?
+            alias_mapping[aliases[0]] = sub_cmd_option.name
+          end
+        end
+        alias_mapping
+      end
+
+      def check_for_spurious_options(invocation_data)
+        # LIMITATION: Assume the first arg is the profile name, and there is exactly one of them.
+        invalid_options = invocation_data[:thor_args][1..-1]
+        invocation_data[:validation_errors].push "No such option: #{invalid_options}" unless invalid_options.empty?
+      end
+
+      def check_for_required_fields(invocation_data)
+        required_fields = thor_options_for_sub_cmd.collect { |_, thor_option| thor_option.name if thor_option.required }.compact
+        option_keys = invocation_data[:thor_opts].keys
+        invocation_data[:thor_opts].keys.map { |key| option_keys.push(aliases_mapping[key.to_sym]) if aliases_mapping[key.to_sym] }
+        if !required_fields.empty? && (option_keys & required_fields).empty?
+          invocation_data[:validation_errors].push "No value provided for required options: #{required_fields}"
+        end
+      end
+
+      def check_for_reporter_options(invocation_data)
+        # if no reporter option, that's an error
+        unless invocation_data[:thor_opts].include?("reporter")
+          # Check for config reporter validation only if --reporter option is missing from options file
+          return if check_reporter_options_in_config(invocation_data)
+
+          invocation_data[:validation_errors] << "A --reporter option must be specified for each invocation in the options file"
+          return
+        end
+
+        have_child_status_reporter = false
+
+        # Reporter option is formatted as an array
+        invocation_data[:thor_opts]["reporter"].each do |reporter_spec|
+          reporter_name, file_output = reporter_spec.split(":")
+
+          have_child_status_reporter = true if reporter_name == "child-status"
+
+          # if there is a reporter option, each entry must either write to a file or
+          # else be the special child-status reporter or the automate reporter
+          next if PARALLEL_SAFE_REPORTERS.include?(reporter_name)
+
+          unless file_output
+            invocation_data[:validation_errors] << "The #{reporter_name} reporter requires being directed to a file, like #{reporter_name}:filename.out"
+          end
+        end
+
+        # if there is no child-status reporter, add one to the raw value and the parsed array
+        unless have_child_status_reporter
+          # Eww
+          invocation_data[:thor_opts]["reporter"] << "child-status"
+          invocation_data[:value].gsub!("--reporter ", "--reporter child-status ")
+        end
+      end
+
+      def check_reporter_options_in_config(invocation_data)
+        config_opts = invocation_data[:thor_opts]["config"] || invocation_data[:thor_opts]["json_config"]
+        cfg_io = check_for_piped_config_from_stdin(config_opts)
+
+        if cfg_io == STDIN
+          # Scenario of using config from STDIN
+          @config_content ||= cfg_io.read
+        else
+          if config_opts.nil?
+            # Scenario of using default config.json file when path not provided
+            default_path = File.join(Inspec.config_dir, "config.json")
+            config_opts = default_path
+            return unless File.exist?(config_opts)
+          elsif !File.exist?(config_opts)
+            invocation_data[:validation_errors] << "Could not read configuration file at #{config_opts}"
+            return
+          end
+          @config_content = File.open(config_opts).read
+        end
+
+        reporter_config = JSON.parse(config_content)["reporter"] unless config_content.nil? || config_content.empty?
+        unless reporter_config
+          invocation_data[:validation_errors] << "Config should have reporter option specified for each invocation which is not using --reporter option in options file"
+        end
+        @config_content
+      end
+
+      def check_for_piped_config_from_stdin(config_opts)
+        return nil unless config_opts
+        return nil unless config_opts == "-"
+
+        @stdin_config ||= STDIN
+      end
+
+      ## Utility functions
+
+      # Parse the invocation string using Thor into Thor options
+      # This approach was reverse engineered from studying
+      # https://github.com/rails/thor/blob/ab3b5be455791f4efb79f0efb4f88cc6b59c8ccf/lib/thor/base.rb#L53
+
+      def convert_cli_to_thor_options(invocation_data)
+        invocation_words = invocation_data[:value].split(" ")
+
+        # LIMITATION: this approach is limited to having exactly one profile in the invocation
+        args = [invocation_words.shift] # That is, the profile path
+
+        # Here we're piggybacking on on a hook used by the start() method, and provides the
+        # specifics for the subcommand
+        config = { command_options: thor_options_for_sub_cmd }
+
+        # This performs the parse
+        thor = Inspec::InspecCLI.new(args, invocation_words, config)
+
+        # A hash (with indifferent access) of option names to option config data
+        invocation_data[:thor_opts] = thor.options
+
+        # A list of everything else it could not parse, including the profile
+        invocation_data[:thor_args] = thor.args
+      end
+    end
+  end
+end

data/lib/plugins/inspec-parallel/lib/inspec-parallel.rb

@@ -0,0 +1,18 @@
+module InspecPlugins
+  module Parallelism
+    class Plugin < ::Inspec.plugin(2)
+      plugin_name :"inspec-parallel"
+
+      cli_command :parallel do
+        require_relative "inspec-parallel/cli"
+        InspecPlugins::Parallelism::CLI
+      end
+
+      streaming_reporter :"child-status" do
+        require_relative "inspec-parallel/child_status_reporter"
+        InspecPlugins::Parallelism::StreamingReporter
+      end
+
+    end
+  end
+end

data/lib/plugins/inspec-sign/lib/inspec-sign/base.rb

@@ -36,15 +36,11 @@ module InspecPlugins
         FileUtils.mkdir_p(path)
 
         puts "Generating signing key in #{path}/#{options["keyname"]}.pem.key"
-        # https://github.com/inspec/inspec/security/code-scanning/1
-        # https://github.com/inspec/inspec/security/code-scanning/2
-        # The following line was flagged by GitHub code scanning as a security vulnerability.
-        # Update the code to eliminate the vulnerability.
-        File.open("#{path}/#{options["keyname"]}.pem.key", "w") do |io|
+        open "#{path}/#{options["keyname"]}.pem.key", "w" do |io|
           io.write key.to_pem
         end
         puts "Generating validation key in #{path}/#{options["keyname"]}.pem.pub"
-        File.open("#{path}/#{options["keyname"]}.pem.pub", "w") do |io|
+        open "#{path}/#{options["keyname"]}.pem.pub", "w" do |io|
           io.write key.public_key.to_pem
         end
       end
@@ -71,8 +67,7 @@ module InspecPlugins
         # Generating tar.gz file using archive method of Inspec Cli
         Inspec::InspecCLI.new.archive(profile_path, "error")
         tarfile = "#{filename}.tar.gz"
-        # Update IO.binread with File.binread because of https://github.com/inspec/inspec/security/code-scanning/3
-        tar_content = File.binread(tarfile)
+        tar_content = IO.binread(tarfile)
         FileUtils.rm(tarfile)
 
         # Generate the signature
@@ -97,12 +92,16 @@ module InspecPlugins
         Inspec::UI.new.exit(:usage_error)
       end
 
-      def self.profile_verify(signed_profile_path)
+      def self.profile_verify(signed_profile_path, silent = false)
         file_to_verify = signed_profile_path
-        puts "Verifying #{file_to_verify}"
+        puts "Verifying #{file_to_verify}" unless silent
 
         iaf_file = Inspec::IafFile.new(file_to_verify)
         if iaf_file.valid?
+          # Signed profile verification is called from runner and not from CLI
+          # Do not exit and do not print logs
+          return if silent
+
           puts "Detected format version '#{iaf_file.version}'"
           puts "Attempting to verify using key '#{iaf_file.key_name}'"
           puts "Profile is valid."
@@ -157,7 +156,7 @@ module InspecPlugins
           ui.exit(:usage_error)
         end
 
-        lines = File.readlines(p)
+        lines = IO.readlines(p)
         lines << "\nprofile_content_id: #{profile_content_id}\n"
 
         File.open("#{p}", "w" ) do |f|