inspec-core 5.22.95 → 5.24.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +9 -14
  3. data/inspec-core.gemspec +3 -3
  4. data/lib/inspec/archive/tar.rb +1 -0
  5. data/lib/inspec/base_cli.rb +10 -0
  6. data/lib/inspec/file_provider.rb +1 -0
  7. data/lib/inspec/resources/oracledb_session.rb +63 -8
  8. data/lib/inspec/version.rb +1 -1
  9. metadata +14 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a7b225f8fda920cb03f73a84eb1edc2b98339058c824f2323bee26995b37c74b
4
- data.tar.gz: 5b6eb547488c20ff9e8170066f0ba38871afeead368f91248254ccf171e33327
3
+ metadata.gz: 786e3d95992223676c73b03e4fabae1aa5d1700b274c8870fb557e0ed54c8308
4
+ data.tar.gz: 6b8adfc8bd4e8a133b4b63e79a2cfc4bf94f32535a31849d6a56bee08dba8d47
5
5
  SHA512:
6
- metadata.gz: 01e6f8d6a5749288c3a53d9fc0166d3b8e832437cbb63aa86dc67dfe09160a956c528a9fe06e43f7912b497d8201b99556d68f6b4569ba6ac044910db821fea0
7
- data.tar.gz: d6e5f9d3e5b5393d3cc0fbe9754ddba827cb1f12df3911fe1486dfe314b1386d5dca7b32a52509b65f9ad10cc6870ba0d990e63b5bb38456df98a57b82667fc2
6
+ metadata.gz: e93a90a68347246a6e39c9eabaed0bcdc4a473c9f9a9dd65906d48ff228bb9099abaf6693a5727df1aa59fb0be9f9c8a4c8f602c9282d15c958ab452042514b2
7
+ data.tar.gz: d86cd0720240d5d3844e294dd90465e0480b72dd9019cdd52af908728ecb395d7f1162029ea510b2083d6dba190e7222ee2feccec5f3fbf1aa837e33f82f6e9c
data/Gemfile CHANGED
@@ -27,6 +27,8 @@ group :omnibus do
27
27
  gem "appbundler"
28
28
  gem "ed25519" # ed25519 ssh key support done here as its a native gem we can't put in the gemspec
29
29
  gem "bcrypt_pbkdf" # ed25519 ssh key support done here as its a native gem we can't put in the gemspec
30
+ # pinning at < 0.6, 0.6 requires ruby 3.2+, InSpec5 does not support Ruby 3.2
31
+ gem "net-imap", ">= 0.2.5", "< 0.6"
30
32
  end
31
33
 
32
34
  group :test do
@@ -34,22 +36,21 @@ group :test do
34
36
  gem "concurrent-ruby"
35
37
  gem "json_schemer"
36
38
  gem "m"
37
- gem "minitest-sprint", "~> 1.0"
39
+ # 1.4.0+ requires min ruby 3.2, InSpec5 does not support Ruby 3.2
40
+ gem "minitest-sprint", "~> 1.3.0" , "< 1.4.0"
38
41
  gem "minitest", "5.15.0"
39
42
  gem "mocha"
40
- # Pinning this version as it breaking for ruby 3.1.0
41
43
  gem "nokogiri", "< 1.17.2"
42
- # Pinning this version as it breaking for ruby 3.0.0
43
- gem "pry-byebug", "< 3.12.0"
44
+ gem "pry-byebug"
44
45
  gem "pry"
45
46
  gem "rake"
46
47
  gem "simplecov"
47
48
  gem "simplecov_json_formatter"
48
49
  gem "webmock"
49
- gem "signet", "< 0.21.0" # 0.20.0+ requires min ruby 3.1
50
+ gem "signet", "< 0.22.0" # 0.20.0+ requires min ruby 3.1
50
51
  # Pinning to 1.15 as multi_json 1.16 require ruby 3.2 version
51
52
  # Ref: https://buildkite.com/chef-oss/inspec-inspec-inspec-5-verify/builds/647#019808ca-087b-43bc-b1f9-40a36f59c5f4
52
- gem "multi_json", "~> 1.15.0"
53
+ gem "multi_json", "~> 1.18.0"
53
54
  end
54
55
 
55
56
  group :deploy do
@@ -64,11 +65,5 @@ end
64
65
  # Remove this pin when upgrading to Ruby 3.2 or higher.
65
66
  gem "zeitwerk", "~> 2.6.0", "< 2.7"
66
67
 
67
- # Pinning dry-core,dry-core,dry-types to < 1.1.0 as it is breaking the build because 1.1.0 is incompatible with the current version, ruby 3.0.x on CI
68
- gem "dry-types", "<= 1.7.2" if RUBY_VERSION < "3.1.0"
69
- gem "dry-core", "> 1.0.0", "< 1.1.0" if RUBY_VERSION < "3.1.0"
70
- gem "dry-inflector", "<= 1.1.0" if RUBY_VERSION < "3.1.0"
71
-
72
- # Pinning securerandom to < 0.4.0 as it is breaking the build because 0.4.0 is incompatible with the current version, ruby 3.0.x on CI
73
- # Remove this pin when upgrading to Ruby 3.1 or higher on CI.
74
- gem "securerandom", "< 0.4.0" if RUBY_VERSION < "3.1.0"
68
+ # Pinning connection_pool to < 3.0.0 as 3.0.0+ requires Ruby >= 3.2.0
69
+ gem "connection_pool", ">= 2.5", "< 3.0"
data/inspec-core.gemspec CHANGED
@@ -43,7 +43,8 @@ Gem::Specification.new do |spec|
43
43
  spec.add_dependency "tty-table", "~> 0.10"
44
44
  spec.add_dependency "tty-prompt", "~> 0.17"
45
45
  spec.add_dependency "tomlrb", ">= 1.2", "< 2.1"
46
- spec.add_dependency "addressable", "~> 2.4"
46
+ # Pinning to < 2.8.8 because public_suffix 7.0 requires Ruby 3.2 or higher, InSpec5 does not support Ruby 3.2
47
+ spec.add_dependency "addressable", "< 2.8.8"
47
48
  spec.add_dependency "parslet", ">= 1.5", "< 3.0" # Pinned < 2.0, see #5389
48
49
  spec.add_dependency "semverse", "~> 3.0"
49
50
  spec.add_dependency "multipart-post", "~> 2.0"
@@ -53,6 +54,5 @@ Gem::Specification.new do |spec|
53
54
  # However, it has been moved to 'inspec-core.gemspec' due to a dependency on the 'ast' gem,
54
55
  # which was causing a LoadError ('cannot load such file -- ast') for users/applications using 'inspec-core'.
55
56
  spec.add_dependency "cookstyle"
56
-
57
- spec.add_dependency "train-core", "~> 3.12.13" # Adding tight version constraint for train as it is compatible with Ruby 3.0.x
57
+ spec.add_dependency "train-core", "~> 3.16", ">= 3.16.1"
58
58
  end
data/lib/inspec/archive/tar.rb CHANGED
@@ -1,4 +1,5 @@
1
1
  require "rubygems/package" unless defined?(Gem::Package)
2
+ require "rubygems/package/tar_writer" unless defined?(Gem::Package::TarWriter)
2
3
 
3
4
  module Inspec::Archive
4
5
  class TarArchiveGenerator
data/lib/inspec/base_cli.rb CHANGED
@@ -140,6 +140,16 @@ module Inspec
140
140
  desc: "A list of paths to the ssh config file, e.g ~/.ssh/config or /etc/ssh/ssh_config."
141
141
  option :podman_url, type: :string,
142
142
  desc: "Provides the path to the Podman API endpoint. Defaults to unix:///run/user/$UID/podman/podman.sock for rootless container, unix:///run/podman/podman.sock for rootful container (for this you need to execute inspec as root user)."
143
+ option :socks_proxy, type: :string,
144
+ desc: "SOCKS5H proxy URL to tunnel the WinRM connection (e.g., socks5h://proxy-host:1080)."
145
+ option :socks_user, type: :string,
146
+ desc: "Username for authenticating with the SOCKS5 proxy."
147
+ option :socks_password, type: :string, lazy_default: -1,
148
+ desc: "Password for authenticating with the SOCKS5 proxy."
149
+ option :kerberos_realm, type: :string,
150
+ desc: "Kerberos realm used for authentication."
151
+ option :kerberos_service, type: :string,
152
+ desc: "Kerberos service principal name (e.g., HTTP, HOST)."
143
153
  end
144
154
 
145
155
  def self.profile_options
data/lib/inspec/file_provider.rb CHANGED
@@ -1,4 +1,5 @@
1
1
  require "rubygems/package" unless defined?(Gem::Package)
2
+ require "rubygems/package/tar_header" unless defined?(Gem::Package::TarHeader)
2
3
  require "pathname" unless defined?(Pathname)
3
4
  require "zlib" unless defined?(Zlib)
4
5
  require "zip" unless defined?(Zip)
data/lib/inspec/resources/oracledb_session.rb CHANGED
@@ -13,14 +13,29 @@ module Inspec::Resources
13
13
  supports platform: "windows"
14
14
  desc "Use the oracledb_session InSpec resource to test commands against an Oracle database"
15
15
  example <<~EXAMPLE
16
+ # Using password
16
17
  sql = oracledb_session(user: 'my_user', pass: 'password')
17
18
  describe sql.query(\"SELECT UPPER(VALUE) AS VALUE FROM V$PARAMETER WHERE UPPER(NAME)='AUDIT_SYS_OPERATIONS'\").row(0).column('value') do
18
19
  its('value') { should eq 'TRUE' }
19
20
  end
21
+
22
+ # CHEF-28019: Using TNS alias (recommended for TCPS/SSL connections)
23
+ sql = oracledb_session(
24
+ user: 'my_user',
25
+ password: 'password',
26
+ tns_alias: 'MYDB_TCPS',
27
+ env: {
28
+ 'TNS_ADMIN' => '/path/to/tnsnames',
29
+ 'LD_LIBRARY_PATH' => '/opt/oracle/instantclient'
30
+ }
31
+ )
32
+ describe sql.query('SELECT * FROM dual').row(0).column('dummy') do
33
+ its('value') { should eq 'X' }
34
+ end
20
35
  EXAMPLE
21
36
 
22
37
  attr_reader :bin, :db_role, :host, :password, :port, :service,
23
- :su_user, :user
38
+ :su_user, :user, :tns_alias, :env_vars
24
39
 
25
40
  def initialize(opts = {})
26
41
  @user = opts[:user]
@@ -37,6 +52,11 @@ module Inspec::Resources
37
52
  @db_role = opts[:as_db_role]
38
53
  @sqlcl_bin = opts[:sqlcl_bin] || nil
39
54
  @sqlplus_bin = opts[:sqlplus_bin] || "sqlplus"
55
+
56
+ # CHEF-28019: Support for TNS alias and environment variables
57
+ @tns_alias = opts[:tns_alias]
58
+ @env_vars = opts[:env] || {}
59
+
40
60
  skip_resource "Option 'as_os_user' not available in Windows" if inspec.os.windows? && su_user
41
61
  fail_resource "Can't run Oracle checks without authentication" unless su_user || (user || password)
42
62
  end
@@ -77,8 +97,10 @@ module Inspec::Resources
77
97
  end
78
98
 
79
99
  def resource_id
80
- if @user
81
- "#{@host}-#{@port}-#{@user}"
100
+ if @tns_alias && !@tns_alias.empty?
101
+ "#{@tns_alias}-#{@user}" # e.g., "XEPDB1_TCPS-USER"
102
+ elsif @user
103
+ "#{@host}-#{@port}-#{@user}" # e.g., "localhost-1521-USER"
82
104
  elsif @su_user
83
105
  "#{@host}-#{@port}-#{@su_user}"
84
106
  else
@@ -88,10 +110,9 @@ module Inspec::Resources
88
110
 
89
111
  private
90
112
 
91
- # 3 commands
92
- # regular user password
93
- # using a db_role
94
- # su, using a db_role
113
+ # CHEF-28019: Build command with support for TNS alias and environment variables
114
+ # Existing behavior: regular user/password, using db_role, or su with db_role
115
+ # Added New behavior: TNS alias connections with optional env vars
95
116
  def command_builder(format_options, query)
96
117
  if @db_role.nil? || @su_user.nil?
97
118
  verified_query = verify_query(query)
@@ -116,7 +137,11 @@ module Inspec::Resources
116
137
  sql_postfix = %{ <<'EOC'\n#{format_options}\n#{verified_query}\nEXIT\n'EOC'} if shell_is_csh
117
138
  end
118
139
 
119
- if @db_role.nil?
140
+ # CHEF-28019: New path for TNS alias connections
141
+ if @tns_alias && !@tns_alias.to_s.empty?
142
+ build_tns_command(format_options, verified_query, oracle_echo_str)
143
+ # Original paths preserved
144
+ elsif @db_role.nil?
120
145
  %{#{oracle_echo_str}#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service}#{sql_postfix}}
121
146
  elsif @su_user.nil?
122
147
  %{#{oracle_echo_str}#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service} as #{@db_role}#{sql_postfix}}
@@ -153,5 +178,35 @@ module Inspec::Resources
153
178
  Hashie::Mash.new([revised_row].to_h)
154
179
  end
155
180
  end
181
+
182
+ # CHEF-28019: Build TNS alias command with environment variables
183
+ def build_tns_command(format_options, verified_query, oracle_echo_str)
184
+ env_prefix = build_env_prefix
185
+ connect_string = build_connect_string
186
+ heredoc_content = "connect #{connect_string}\n#{format_options}\n#{verified_query}\nEXIT"
187
+
188
+ if @su_user
189
+ cmd = %{su - #{@su_user} -c "#{oracle_echo_str} #{env_prefix} #{@bin} -s /nolog <<'INSPECSQL'\n#{heredoc_content}\nINSPECSQL"}
190
+ else
191
+ cmd = %{#{oracle_echo_str}#{bin} -s /nolog <<'INSPECSQL'\n#{heredoc_content}\nINSPECSQL}
192
+ cmd = "#{env_prefix} #{cmd}" unless env_prefix.empty?
193
+ end
194
+
195
+ cmd
196
+ end
197
+
198
+ # CHEF-28019: Build Oracle connect string for TNS alias
199
+ def build_connect_string
200
+ connect_str = "#{@user}/#{@password}@#{@tns_alias}"
201
+ connect_str += " as #{@db_role}" if @db_role && !@su_user
202
+ connect_str
203
+ end
204
+
205
+ # CHEF-28019: Build environment variable prefix
206
+ def build_env_prefix
207
+ return "" if @env_vars.nil? || @env_vars.empty?
208
+
209
+ @env_vars.map { |k, v| "#{k}='#{v}'" }.join(" ")
210
+ end
156
211
  end
157
212
  end
data/lib/inspec/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Inspec
2
- VERSION = "5.22.95".freeze
2
+ VERSION = "5.24.5".freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.22.95
4
+ version: 5.24.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chef InSpec Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2025-08-04 00:00:00.000000000 Z
11
+ date: 2026-01-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-telemetry
@@ -318,16 +318,16 @@ dependencies:
318
318
  name: addressable
319
319
  requirement: !ruby/object:Gem::Requirement
320
320
  requirements:
321
- - - "~>"
321
+ - - "<"
322
322
  - !ruby/object:Gem::Version
323
- version: '2.4'
323
+ version: 2.8.8
324
324
  type: :runtime
325
325
  prerelease: false
326
326
  version_requirements: !ruby/object:Gem::Requirement
327
327
  requirements:
328
- - - "~>"
328
+ - - "<"
329
329
  - !ruby/object:Gem::Version
330
- version: '2.4'
330
+ version: 2.8.8
331
331
  - !ruby/object:Gem::Dependency
332
332
  name: parslet
333
333
  requirement: !ruby/object:Gem::Requirement
@@ -396,14 +396,20 @@ dependencies:
396
396
  requirements:
397
397
  - - "~>"
398
398
  - !ruby/object:Gem::Version
399
- version: 3.12.13
399
+ version: '3.16'
400
+ - - ">="
401
+ - !ruby/object:Gem::Version
402
+ version: 3.16.1
400
403
  type: :runtime
401
404
  prerelease: false
402
405
  version_requirements: !ruby/object:Gem::Requirement
403
406
  requirements:
404
407
  - - "~>"
405
408
  - !ruby/object:Gem::Version
406
- version: 3.12.13
409
+ version: '3.16'
410
+ - - ">="
411
+ - !ruby/object:Gem::Version
412
+ version: 3.16.1
407
413
  description: InSpec provides a framework for creating end-to-end infrastructure tests.
408
414
  You can use it for integration or even compliance testing. Create fully portable
409
415
  test profiles and use them in your workflow to ensure stability and security. Integrate