inspec-core 5.24.7 → 6.6.0

data/lib/inspec/runner_rspec.rb

@@ -177,16 +177,18 @@ module Inspec
         next unless streaming_reporters.include? streaming_reporter_name
 
         # Activate the plugin so the formatter ID gets registered with RSpec, presumably
-        activator = reg.find_activator(plugin_type: :streaming_reporter, activator_name: streaming_reporter_name.to_sym)
-        activator.activate!
 
-        # We cannot pass in a nil output path. Rspec only accepts a valid string or a IO object.
-        if file_target&.[]("file").nil?
-          RSpec.configuration.add_formatter(activator.implementation_class)
-        else
-          RSpec.configuration.add_formatter(activator.implementation_class, file_target["file"])
-        end
-        @conf["reporter"].delete(streaming_reporter_name)
+        Inspec.with_feature("inspec-reporter-#{streaming_reporter_name}") {
+          activator = reg.find_activator(plugin_type: :streaming_reporter, activator_name: streaming_reporter_name.to_sym)
+          activator.activate!
+          # We cannot pass in a nil output path. Rspec only accepts a valid string or a IO object.
+          if file_target&.[]("file").nil?
+            RSpec.configuration.add_formatter(activator.implementation_class)
+          else
+            RSpec.configuration.add_formatter(activator.implementation_class, file_target["file"])
+          end
+          @conf["reporter"].delete(streaming_reporter_name)
+        }
       end
     end
 
@@ -196,6 +198,7 @@ module Inspec
     def configure_output
       RSpec.configuration.output_stream = $stdout
       @formatter = RSpec.configuration.add_formatter(Inspec::Formatters::Base)
+
       @formatter.enhanced_outcomes = @conf.final_options["enhanced_outcomes"]
       RSpec.configuration.add_formatter(Inspec::Formatters::ShowProgress, $stderr) if @conf[:show_progress]
       set_optional_formatters

data/lib/inspec/secrets/yaml.rb

@@ -18,7 +18,11 @@ module Secrets
     def initialize(target)
       # Ruby 3.1 treats YAML load as a dangerous operation by default, requiring us to declare date and time classes as permitted
       # It's not a valid option in 3.0.x
-      @inputs = ::YAML.load_file(target, permitted_classes: [Date, Time])
+      if Gem.ruby_version >= Gem::Version.new("3.1.0")
+        @inputs = ::YAML.load_file(target, permitted_classes: [Date, Time])
+      else
+        @inputs = ::YAML.load_file(target)
+      end
 
       # In case of empty yaml file raise the warning else raise the parsing error.
       if !@inputs || @inputs.empty?

data/lib/inspec/shell.rb

@@ -1,3 +1,6 @@
+require "chef-licensing"
+require "inspec/dist"
+
 autoload :Pry, "pry"
 
 module Inspec
@@ -10,6 +13,7 @@ module Inspec
     end
 
     def start
+      ChefLicensing.check_software_entitlement! if Inspec::Dist::EXEC_NAME == "inspec"
       # This will hold a single evaluation binding context as opened within
       # the instance_eval context of the anonymous class that the profile
       # context creates to evaluate each individual test file. We want to
@@ -18,6 +22,12 @@ module Inspec
       @ctx_binding = @runner.eval_with_virtual_profile("binding")
       configure_pry
       @ctx_binding.pry
+    rescue ChefLicensing::SoftwareNotEntitled
+      Inspec::Log.error "License is not entitled to use InSpec."
+      Inspec::UI.new.exit(:license_not_entitled)
+    rescue ChefLicensing::Error => e
+      Inspec::Log.error e.message
+      Inspec::UI.new.exit(:usage_error)
     end
 
     def configure_pry # rubocop:disable Metrics/AbcSize

data/lib/inspec/ui.rb

@@ -32,9 +32,13 @@ module Inspec
     EXIT_FATAL_DEPRECATION = 3
     EXIT_GEM_DEPENDENCY_LOAD_ERROR = 4
     EXIT_BAD_SIGNATURE = 5
+    EXIT_SIGNATURE_REQUIRED = 6
     EXIT_LICENSE_NOT_ACCEPTED = 172
+    EXIT_LICENSE_NOT_ENTITLED = 173
+    EXIT_LICENSE_NOT_SET = 174
     EXIT_FAILED_TESTS = 100
     EXIT_SKIPPED_TESTS = 101
+    EXIT_TERMINATED_BY_CTL_C = 130
 
     attr_reader :io
 

data/lib/inspec/utils/licensing_config.rb

@@ -0,0 +1,9 @@
+require_relative "../log"
+require "chef-licensing"
+ChefLicensing.configure do |config|
+  config.chef_product_name = "InSpec"
+  config.chef_entitlement_id = "3ff52c37-e41f-4f6c-ad4d-365192205968"
+  config.chef_executable_name = "inspec"
+  config.license_server_url = "https://services.chef.io/licensing"
+  config.logger = Inspec::Log
+end

data/lib/inspec/utils/profile_ast_helpers.rb

@@ -3,7 +3,8 @@ require "rubocop-ast"
 module Inspec
   class Profile
     class AstHelper
-      class CollectorBase < Parser::AST::Processor
+      class CollectorBase
+        include Parser::AST::Processor::Mixin
         include RuboCop::AST::Traversal
 
         attr_reader :memo
@@ -24,37 +25,6 @@ module Inspec
           @memo = memo
         end
 
-        def extract_node_value(node)
-          case node.class.to_s
-          when "RuboCop::AST::HashNode"
-            # Handle hash nodes
-            values = {}
-            node.children.each do |pair_node|
-              values.merge!(pair_node.key.value => extract_node_value(pair_node.value))
-            end
-            values
-          when "RuboCop::AST::ArrayNode"
-            # Handle array nodes
-            node.children.map { |element| extract_node_value(element) }
-          else
-            # Handle simple nodes (strings, numbers, symbols, booleans, nil, etc.)
-            if node.respond_to?(:type)
-              case node.type
-              when :true
-                true
-              when :false
-                false
-              when :nil
-                nil
-              else
-                node.respond_to?(:value) ? node.value : node
-              end
-            else
-              node.respond_to?(:value) ? node.value : node
-            end
-          end
-        end
-
         def collect_input(input_children)
           input_name = input_children.children[2].value
 
@@ -70,9 +40,15 @@ module Inspec
                 if VALID_INPUT_OPTIONS.include?(child_node.key.value)
                   if child_node.value.class == RuboCop::AST::Node && REQUIRED_VALUES_MAP.key?(child_node.value.type)
                     opts.merge!(child_node.key.value => REQUIRED_VALUES_MAP[child_node.value.type])
+                  elsif child_node.value.class == RuboCop::AST::HashNode
+                    # Here value will be a hash
+                    values = {}
+                    child_node.value.children.each do |grand_child_node|
+                      values.merge!(grand_child_node.key.value => grand_child_node.value.value)
+                    end
+                    opts.merge!(child_node.key.value => values)
                   else
-                    # Use the helper method to recursively extract values from any node type
-                    opts.merge!(child_node.key.value => extract_node_value(child_node.value))
+                    opts.merge!(child_node.key.value => child_node.value.value)
                   end
                 end
               end
@@ -338,11 +314,8 @@ module Inspec
             collectors.push InputCollectorWithinControlBlock.new(@memo)
             collectors.push TestsCollector.new(control_data) if include_tests
 
-            # Handle empty control blocks (e.g., control "id" do end)
-            if begin_block
-              begin_block.each_node do |node_within_control|
-                collectors.each { |collector| collector.process(node_within_control) }
-              end
+            begin_block.each_node do |node_within_control|
+              collectors.each { |collector| collector.process(node_within_control) }
             end
 
             memo[:controls].push control_data

data/lib/inspec/utils/waivers/csv_file_reader.rb

@@ -19,7 +19,7 @@ module Waivers
         row_hash.delete("control_id")
         row_hash.delete_if { |k, v| k.nil? || v.nil? }
 
-        waiver_data_hash[control_id] = row_hash if control_id && !(row_hash.nil? || row_hash.empty?)
+        waiver_data_hash[control_id] = row_hash if control_id && !row_hash.blank?
       end
 
       waiver_data_hash

data/lib/inspec/utils/waivers/excel_file_reader.rb

@@ -25,7 +25,7 @@ module Waivers
           row_hash.delete_if { |k, v| k.nil? || v.nil? }
         end
 
-        waiver_data_hash[control_id] = row_hash if control_id && !(row_hash.nil? || row_hash.empty?)
+        waiver_data_hash[control_id] = row_hash if control_id && !row_hash.blank?
       end
       waiver_data_hash
     rescue Exception => e

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "5.24.7".freeze
+  VERSION = "6.6.0".freeze
 end

data/lib/inspec/waiver_file_reader.rb

@@ -5,8 +5,6 @@ require "inspec/utils/waivers/json_file_reader"
 module Inspec
   class WaiverFileReader
 
-    SUPPORTED_FILE_EXTENSION = %w{.yaml .yml .csv .json}.freeze
-
     def self.fetch_waivers_by_profile(profile_id, files)
       read_waivers_from_file(profile_id, files) if @waivers_data.nil? || @waivers_data[profile_id].nil?
       @waivers_data[profile_id]
@@ -17,10 +15,14 @@ module Inspec
       output = {}
 
       files.each do |file_path|
-        next unless valid_waiver_file?(file_path)
+        data = read_from_file(file_path)
+        output.merge!(data) if !data.nil? && data.is_a?(Hash)
 
-        data = parse_waiver_file(file_path)
-        output.merge!(data) if data.is_a?(Hash)
+        if data.nil?
+          raise Inspec::Exceptions::WaiversFileNotReadable,
+              "Cannot find parser for waivers file." \
+              "Check to make sure file has the appropriate extension."
+        end
       rescue Inspec::Exceptions::WaiversFileNotReadable, Inspec::Exceptions::WaiversFileInvalidFormatting => e
         Inspec::Log.error "Error reading waivers file #{file_path}. #{e.message}"
         Inspec::UI.new.exit(:usage_error)
@@ -29,38 +31,21 @@ module Inspec
       @waivers_data[profile_id] = output
     end
 
-    def self.valid_waiver_file?(file_path)
-      # Check if the file is readable
-      file_extension = File.extname(file_path).downcase
-      unless SUPPORTED_FILE_EXTENSION.include?(file_extension)
-        raise Inspec::Exceptions::WaiversFileNotReadable,
-              "Unsupported file extension for '#{file_path}'. Allowed waiver file extensions: #{SUPPORTED_FILE_EXTENSION.join(", ")}"
-      end
-
-      # Check if the file is empty
-      if File.zero?(file_path)
-        Inspec::Log.warn "Waivers file '#{file_path}' is empty. Skipping waivers."
-        return false
-      end
-
-      true
-    end
-
-    def self.parse_waiver_file(file_path)
-      file_extension = File.extname(file_path).downcase
-
-      case file_extension
-      when ".yaml", ".yml"
-        data = Secrets::YAML.resolve(file_path)&.inputs
+    def self.read_from_file(file_path)
+      data = nil
+      file_extension = File.extname(file_path)
+      if [".yaml", ".yml"].include? file_extension
+        data = Secrets::YAML.resolve(file_path)
+        data = data.inputs unless data.nil?
         validate_json_yaml(data)
-      when ".csv"
+      elsif file_extension == ".csv"
         data = Waivers::CSVFileReader.resolve(file_path)
-        validate_csv_headers(Waivers::CSVFileReader.headers)
-      when ".json"
+        headers = Waivers::CSVFileReader.headers
+        validate_csv_headers(headers)
+      elsif file_extension == ".json"
         data = Waivers::JSONFileReader.resolve(file_path)
-        validate_json_yaml(data)
+        validate_json_yaml(data) unless data.nil?
       end
-
       data
     end
 
@@ -96,8 +81,6 @@ module Inspec
     end
 
     def self.validate_json_yaml(data)
-      return if data.nil?
-
       missing_required_field = false
       data.each do |key, value|
         # In case of yaml or json we need to validate headers/parametes for each value

data/lib/inspec.rb

@@ -4,6 +4,7 @@ libdir = File.dirname(__FILE__)
 $LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
 
 require "inspec/version"
+require "inspec/utils/licensing_config"
 require "inspec/exceptions"
 require "inspec/utils/deprecation"
 require "inspec/profile"
@@ -30,4 +31,4 @@ require "inspec/source_reader"
 require "inspec/resource"
 
 require "inspec/dependency_loader"
-require "inspec/dependency_installer"
+require "inspec/dependency_installer"

data/lib/matchers/matchers.rb

@@ -299,9 +299,9 @@ RSpec::Matchers.define :cmp do |first_expected| # rubocop:disable Metrics/BlockL
     end
   end
 
-  def format_actual(actual, negate = false)
+  def format_actual(actual)
     actual = "0%o" % actual if octal?(@expected) && !actual.nil?
-    "\n%s\n     got: %s\n\n(compared using `cmp` matcher)\n" % [format_expectation(negate), actual]
+    "\n%s\n     got: %s\n\n(compared using `cmp` matcher)\n" % [format_expectation(false), actual]
   end
 
   def format_expectation(negate)
@@ -316,7 +316,7 @@ RSpec::Matchers.define :cmp do |first_expected| # rubocop:disable Metrics/BlockL
   end
 
   failure_message_when_negated do |actual|
-    format_actual actual, true
+    format_actual actual
   end
 
   description do

data/lib/plugins/inspec-compliance/README.md

@@ -14,18 +14,8 @@ To use the CLI, this InSpec add-on adds the following commands:
  * `$ inspec automate profiles` - list all available Compliance profiles
  * `$ inspec exec compliance://profile` - runs a Compliance profile
  * `$ inspec automate upload path/to/local/profile` - uploads a local profile to Chef Automate/Chef Compliance
- * `$ inspec automate upload path/to/local/profile --legacy` - uploads a local profile to Chef Automate/Chef Compliance using legacy functionalities of inspec check and inspec export
-
-    *Options*:
-    ```
-      [--overwrite], [--no-overwrite]  # Overwrite existing profile on Server.
-      [--owner=OWNER]                  # Owner that should own the profile
-      [--legacy], [--no-legacy]        # Enable legacy functionality, activating both legacy export and legacy check.
-
-    uploads a local profile to Chef Automate
-    ```
  * `$ inspec automate logout` - logout of Chef Automate/Chef Compliance
-
+ 
  Similar to these CLI commands are:
 
  * `$ inspec compliance login` - authentication of the API token against Chef Automate/Chef Compliance