inspec-core 5.24.7 → 5.24.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +2 -2
  3. data/etc/deprecations.json +3 -0
  4. data/inspec-core.gemspec +2 -2
  5. data/lib/inspec/reporters/json.rb +12 -2
  6. data/lib/inspec/resources/package.rb +9 -2
  7. data/lib/inspec/rule.rb +15 -4
  8. data/lib/inspec/version.rb +1 -1
  9. data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +4 -0
  10. metadata +24 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1d51433ba0116888c84236e9e10a00eed659241c97bc52bc28adab5d166747b1
4
- data.tar.gz: fbcdb575d6d6e318080fe33c9480d97a886e18795f8d9d70b631744998985039
3
+ metadata.gz: 1888ced35cf8f2552c4d0dd9a6d92bf8d907dd2d3b7d0c441c55a7c46330ba86
4
+ data.tar.gz: 464cfb7ae426c21afec2a11581136c50f471c7ce5692c8b86542d7b6bc9904f7
5
5
  SHA512:
6
- metadata.gz: bd38bce6f7c2f0f53effda98239dc918e002c1f06266f32905fe464c22c4bcbc2c09a475c4b3e7eb9b902a50252b9f4c83978e1e857fb0bd0f78fb1e8ced781a
7
- data.tar.gz: b9ae97157012e01b7522afc285b307b4042178900c25ba7f9e72898d4aa1670d97906ba8e8b50bab0cf04645d809a6bad2229d567eb658b1a2f327b359b0014a
6
+ metadata.gz: 07365dac649550fb3e8e3b5153d655d68cfe0b3642ebbb123e5df7889a5cf5beac3aee258879240d014e1b26818ed32d2c588322db27c90a454be9fa14564881
7
+ data.tar.gz: c421f0e37cd71356c0ac8b162db049b3799d9e0d7433295c82541ea2ca7a3148c4c1dd05a3d35d287594ee6ab6f2bdf84ce25acea0cea9e48d7c51fd4cdf27d6
data/Gemfile CHANGED
@@ -28,7 +28,7 @@ group :omnibus do
28
28
  gem "ed25519" # ed25519 ssh key support done here as its a native gem we can't put in the gemspec
29
29
  gem "bcrypt_pbkdf" # ed25519 ssh key support done here as its a native gem we can't put in the gemspec
30
30
  # pinning at < 0.6, 0.6 requires ruby 3.2+, InSpec5 does not support Ruby 3.2
31
- gem "net-imap", ">= 0.2.5", "< 0.6"
31
+ gem "net-imap", ">= 0.5.14", "< 0.6"
32
32
  end
33
33
 
34
34
  group :test do
@@ -40,7 +40,7 @@ group :test do
40
40
  gem "minitest-sprint", "~> 1.3.0" , "< 1.4.0"
41
41
  gem "minitest", "5.15.0"
42
42
  gem "mocha"
43
- gem "nokogiri", "< 1.17.2"
43
+ gem "nokogiri", "~> 1.18.10"
44
44
  gem "pry-byebug"
45
45
  gem "pry"
46
46
  gem "rake"
data/etc/deprecations.json CHANGED
@@ -125,6 +125,9 @@
125
125
  "renamed_to_inspec_export":{
126
126
  "action": "ignore",
127
127
  "prefix": "The `inspec json` command is deprecated in InSpec 5 and replaced with `inspec export` command."
128
+ },
129
+ "cli_option_compliance_overwrite": {
130
+ "action": "warn"
128
131
  }
129
132
  }
130
133
  }
data/inspec-core.gemspec CHANGED
@@ -43,8 +43,8 @@ Gem::Specification.new do |spec|
43
43
  spec.add_dependency "tty-table", "~> 0.10"
44
44
  spec.add_dependency "tty-prompt", "~> 0.17"
45
45
  spec.add_dependency "tomlrb", ">= 1.2", "< 2.1"
46
- # Pinning to < 2.8.8 because public_suffix 7.0 requires Ruby 3.2 or higher, InSpec5 does not support Ruby 3.2
47
- spec.add_dependency "addressable", "< 2.8.8"
46
+ spec.add_dependency "addressable", "~> 2.9"
47
+ spec.add_dependency "public_suffix", ">= 2.0.2", "< 7.0" # public_suffix 7.x requires Ruby 3.2+
48
48
  spec.add_dependency "parslet", ">= 1.5", "< 3.0" # Pinned < 2.0, see #5389
49
49
  spec.add_dependency "semverse", "~> 3.0"
50
50
  spec.add_dependency "multipart-post", "~> 2.0"
data/lib/inspec/reporters/json.rb CHANGED
@@ -55,6 +55,11 @@ module Inspec::Reporters
55
55
  def extract_resource_id(r)
56
56
  # According to the RunData API, this is supposed to be an anonymous
57
57
  # class that represents a resource, with embedded instance methods....
58
+ # Prefer resource object if present and exposes resource_id
59
+ resource_candidate = r[:resource]
60
+ return resource_candidate.resource_id if resource_candidate.respond_to?(:resource_id)
61
+
62
+ # Fall back to resource_title
58
63
  resource_obj = r[:resource_title]
59
64
  return resource_obj.resource_id if resource_obj.respond_to?(:resource_id)
60
65
 
@@ -62,8 +67,13 @@ module Inspec::Reporters
62
67
  if resource_obj.is_a?(String)
63
68
  orig_str = resource_obj
64
69
  # Try to trim off the resource class - eg "File /some/path" => "/some/path"
65
- trimmed_str = orig_str.sub(/^#{r[:resource_class]}/i, "").strip
66
- trimmed_str.empty? ? orig_str : trimmed_str
70
+ resource_class = r[:resource_class].to_s
71
+ trimmed_str = orig_str.sub(/^#{Regexp.escape(resource_class)}/i, "").strip
72
+
73
+ # Cap the resource_id to a reasonable length to avoid bloating reports
74
+ max_length = 256
75
+ candidate = trimmed_str.empty? ? orig_str : trimmed_str
76
+ candidate.length > max_length ? candidate[0, max_length] : candidate
67
77
  else
68
78
  # Boo, InSpec is crazy, and we don't know what it possibly could be.
69
79
  # Failsafe for resource_id is empty string.
data/lib/inspec/resources/package.rb CHANGED
@@ -376,8 +376,15 @@ module Inspec::Resources
376
376
  'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*',
377
377
  ]
378
378
 
379
- # add 64 bit search paths
380
- if inspec.os.arch == "x86_64"
379
+ # Add WOW6432Node paths for 32-bit apps on 64-bit Windows.
380
+ # Include these unless the system is explicitly 32-bit (i386) — on 32-bit
381
+ # Windows, WOW6432Node does not exist since all apps register under the
382
+ # main Uninstall key.
383
+ # When os.arch is nil (e.g., train falls back to read_cmd_os in a PowerShell
384
+ # WinRM session where %PROCESSOR_ARCHITECTURE% is not expanded), we still
385
+ # include the WOW6432Node paths since virtually all modern Windows systems
386
+ # are 64-bit.
387
+ unless inspec.os.arch == "i386"
381
388
  search_paths << 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*'
382
389
  search_paths << 'HKCU:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*'
383
390
  end
data/lib/inspec/rule.rb CHANGED
@@ -46,12 +46,23 @@ module Inspec
46
46
  return unless block_given?
47
47
 
48
48
  begin
49
- instance_eval(&block)
50
-
51
- # By applying waivers *after* the instance eval, we assure that
52
- # waivers have higher precedence than only_if.
49
+ # Pre-check: apply waivers before evaluating the control block.
50
+ # If the control is waived with run: false, skip the block entirely
51
+ # to avoid eager resource evaluation (e.g., `command('find /').stdout`
52
+ # executing expensive commands for waived controls).
53
53
  __apply_waivers
54
54
 
55
+ unless @__skip_rule[:result] && @__skip_rule[:type] == :waiver
56
+ instance_eval(&block)
57
+
58
+ # Re-apply waivers after instance eval. This is a no-op in practice:
59
+ # run:false waivers are already handled by the pre-check above (the
60
+ # unless guard prevents instance_eval from running at all), and
61
+ # run:true / no-run-key waivers do not set a skip flag. Kept for
62
+ # defensive correctness in case waiver state changes during eval.
63
+ __apply_waivers
64
+ end
65
+
55
66
  rescue SystemStackError, StandardError => e
56
67
  # We've encountered an exception while trying to eval the code inside the
57
68
  # control block. We need to prevent the exception from bubbling up, and
data/lib/inspec/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Inspec
2
- VERSION = "5.24.7".freeze
2
+ VERSION = "5.24.24".freeze
3
3
  end
data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb CHANGED
@@ -126,6 +126,10 @@ module InspecPlugins
126
126
  option :legacy, type: :boolean, default: false,
127
127
  desc: "Enable legacy functionality, activating both legacy export and legacy check."
128
128
  def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity
129
+ if options["overwrite"]
130
+ Inspec.deprecate(:cli_option_compliance_overwrite, "The --overwrite option is deprecated because it does not work with Automate as expected.")
131
+ end
132
+
129
133
  config = InspecPlugins::Compliance::Configuration.new
130
134
  return unless loggedin(config)
131
135
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.24.7
4
+ version: 5.24.24
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chef InSpec Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2026-02-26 00:00:00.000000000 Z
11
+ date: 2026-06-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-telemetry
@@ -318,16 +318,36 @@ dependencies:
318
318
  name: addressable
319
319
  requirement: !ruby/object:Gem::Requirement
320
320
  requirements:
321
+ - - "~>"
322
+ - !ruby/object:Gem::Version
323
+ version: '2.9'
324
+ type: :runtime
325
+ prerelease: false
326
+ version_requirements: !ruby/object:Gem::Requirement
327
+ requirements:
328
+ - - "~>"
329
+ - !ruby/object:Gem::Version
330
+ version: '2.9'
331
+ - !ruby/object:Gem::Dependency
332
+ name: public_suffix
333
+ requirement: !ruby/object:Gem::Requirement
334
+ requirements:
335
+ - - ">="
336
+ - !ruby/object:Gem::Version
337
+ version: 2.0.2
321
338
  - - "<"
322
339
  - !ruby/object:Gem::Version
323
- version: 2.8.8
340
+ version: '7.0'
324
341
  type: :runtime
325
342
  prerelease: false
326
343
  version_requirements: !ruby/object:Gem::Requirement
327
344
  requirements:
345
+ - - ">="
346
+ - !ruby/object:Gem::Version
347
+ version: 2.0.2
328
348
  - - "<"
329
349
  - !ruby/object:Gem::Version
330
- version: 2.8.8
350
+ version: '7.0'
331
351
  - !ruby/object:Gem::Dependency
332
352
  name: parslet
333
353
  requirement: !ruby/object:Gem::Requirement