inspec-core 6.6.0 → 6.8.11

data/lib/plugins/inspec-parallel/lib/inspec-parallel/runner.rb

@@ -22,7 +22,10 @@ module InspecPlugins
 
       def run
         initiate_background_run if run_in_background # running a process as daemon changes parent process pid
+        original_stdout_stream = ChefLicensing::Config.output
         until invocations.empty? && @child_tracker.empty?
+          # Changing output to STDERR to avoid the output interruption between runs
+          ChefLicensing::Config.output = STDERR
           while should_start_more_jobs?
             if Inspec.locally_windows?
               spawn_another_process
@@ -35,6 +38,8 @@ module InspecPlugins
           cleanup_child_processes
           sleep 0.1
         end
+        # Reset output to the original STDOUT stream as a safe measure.
+        ChefLicensing::Config.output = original_stdout_stream
 
         # Requires renaming operations on windows only
         # Do Rename and delete operations after all child processes have exited successfully

data/lib/plugins/inspec-parallel/lib/inspec-parallel/super_reporter/status.rb

@@ -44,6 +44,7 @@ module InspecPlugins::Parallelism
         status_by_pid[pid][:last_control] = title
         status_by_pid[pid][:last_status] = status
 
+        sleep 0.5
         paint
       end
 

data/lib/plugins/inspec-sign/lib/inspec-sign/base.rb

@@ -32,15 +32,22 @@ module InspecPlugins
       def self.keygen(options)
         key = KEY_ALG.new KEY_BITS
 
-        path = File.join(Inspec.config_dir, "keys")
+        # config_dir is the directory where the keys will be stored.
+        # options["config_dir"] is passed explicitly only for testing purposes.
+        config_dir = options["config_dir"] || Inspec.config_dir
+        path = File.join(config_dir, "keys")
         FileUtils.mkdir_p(path)
 
         puts "Generating signing key in #{path}/#{options["keyname"]}.pem.key"
-        open "#{path}/#{options["keyname"]}.pem.key", "w" do |io|
+        # https://github.com/inspec/inspec/security/code-scanning/1
+        # https://github.com/inspec/inspec/security/code-scanning/2
+        # The following line was flagged by GitHub code scanning as a security vulnerability.
+        # Update the code to eliminate the vulnerability.
+        File.open("#{path}/#{options["keyname"]}.pem.key", "w") do |io|
           io.write key.to_pem
         end
         puts "Generating validation key in #{path}/#{options["keyname"]}.pem.pub"
-        open "#{path}/#{options["keyname"]}.pem.pub", "w" do |io|
+        File.open("#{path}/#{options["keyname"]}.pem.pub", "w") do |io|
           io.write key.public_key.to_pem
         end
       end
@@ -54,7 +61,7 @@ module InspecPlugins
         end
 
         puts "Signing #{profile_path} with key #{options["keyname"]}"
-        keypath = Inspec::IafFile.find_signing_key(options["keyname"])
+        keypath = Inspec::IafFile.find_signing_key(options["keyname"], options["config_dir"])
 
         # Read name and version from metadata and use them to form the filename
         profile_md = artifact.read_profile_metadata(profile_path)
@@ -67,7 +74,8 @@ module InspecPlugins
         # Generating tar.gz file using archive method of Inspec Cli
         Inspec::InspecCLI.new.archive(profile_path, "error")
         tarfile = "#{filename}.tar.gz"
-        tar_content = IO.binread(tarfile)
+        # Update IO.binread with File.binread because of https://github.com/inspec/inspec/security/code-scanning/3
+        tar_content = File.binread(tarfile)
         FileUtils.rm(tarfile)
 
         # Generate the signature
@@ -156,7 +164,7 @@ module InspecPlugins
           ui.exit(:usage_error)
         end
 
-        lines = IO.readlines(p)
+        lines = File.readlines(p)
         lines << "\nprofile_content_id: #{profile_content_id}\n"
 
         File.open("#{p}", "w" ) do |f|

data/lib/source_readers/inspec.rb

@@ -66,7 +66,7 @@ module SourceReaders
     end
 
     def load_readme
-      load_all(/README.md/)
+      load_all(/README(\.md)?$/)
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 6.6.0
+  version: 6.8.11
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-11-09 00:00:00.000000000 Z
+date: 2024-11-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -119,7 +119,7 @@ dependencies:
         version: '3.9'
     - - "<="
       - !ruby/object:Gem::Version
-        version: '3.12'
+        version: '3.14'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -129,7 +129,7 @@ dependencies:
         version: '3.9'
     - - "<="
       - !ruby/object:Gem::Version
-        version: '3.12'
+        version: '3.14'
 - !ruby/object:Gem::Dependency
   name: rspec-its
   requirement: !ruby/object:Gem::Requirement
@@ -364,6 +364,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: cookstyle
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: train-core
   requirement: !ruby/object:Gem::Requirement
@@ -384,14 +398,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.7.5
+        version: 1.0.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.7.5
+        version: 1.0.2
 description: |+
   InSpec provides a framework for creating end-to-end infrastructure tests. You can use it for integration or even compliance testing. Create fully portable test profiles and use them in your workflow to ensure stability and security. Integrate InSpec in your change lifecycle for local testing, CI/CD, and deployment verification.
   This has local support only. See the `inspec` gem for full support.
@@ -659,6 +673,8 @@ files:
 - lib/inspec/resources/service.rb
 - lib/inspec/resources/shadow.rb
 - lib/inspec/resources/ssh_config.rb
+- lib/inspec/resources/ssh_key.rb
+- lib/inspec/resources/sshd_active_config.rb
 - lib/inspec/resources/sshd_config.rb
 - lib/inspec/resources/ssl.rb
 - lib/inspec/resources/sybase_conf.rb
@@ -746,9 +762,9 @@ files:
 - lib/inspec/utils/spdx.rb
 - lib/inspec/utils/spdx.txt
 - lib/inspec/utils/telemetry.rb
-- lib/inspec/utils/telemetry/collector.rb
-- lib/inspec/utils/telemetry/data_series.rb
-- lib/inspec/utils/telemetry/global_methods.rb
+- lib/inspec/utils/telemetry/base.rb
+- lib/inspec/utils/telemetry/http.rb
+- lib/inspec/utils/telemetry/null.rb
 - lib/inspec/utils/telemetry/run_context_probe.rb
 - lib/inspec/utils/waivers/csv_file_reader.rb
 - lib/inspec/utils/waivers/excel_file_reader.rb
@@ -887,14 +903,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.7'
+      version: 3.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.2.3
 signing_key: 
 specification_version: 4
 summary: Infrastructure and compliance testing. Core library.

data/lib/inspec/utils/telemetry/collector.rb

@@ -1,81 +0,0 @@
-require "inspec/config"
-require "inspec/utils/telemetry/data_series"
-require "singleton" unless defined?(Singleton)
-
-module Inspec::Telemetry
-  # A Singleton collection of data series objects.
-  class Collector
-    include Singleton
-
-    attr_reader :config
-
-    def initialize
-      @data_series = []
-      @telemetry_toggled_off = false
-      load_config
-    end
-
-    # Allow loading a configuration, useful when testing.
-    def load_config(config = Inspec::Config.cached)
-      @config = config
-    end
-
-    # Add a data series to the collection.
-    # @return [True]
-    def add_data_series(data_series)
-      @data_series << data_series
-    end
-
-    # The loaded configuration should have a option to configure
-    # telemetry, if not default to false.
-    # @return [True, False]
-    def telemetry_enabled?
-      if @telemetry_toggled_off
-        false
-      else
-        config_telemetry_options.fetch("enable_telemetry", false)
-      end
-    end
-
-    # A way to disable the telemetry system.
-    def disable_telemetry
-      @telemetry_toggled_off = true
-    end
-
-    # The entire data series collection.
-    # @return [Array]
-    def list_data_series
-      @data_series
-    end
-
-    # Finds the data series object with the specified name and returns it.
-    # If it does not exist then creates a new data series with that name
-    # and returns it.
-    # @return [Inspec::Telemetry::DataSeries]
-    def find_or_create_data_series(name)
-      ds = @data_series.select { |data_series| data_series.name.eql?(name) }
-      if ds.empty?
-        new_data_series = Inspec::Telemetry::DataSeries.new(name)
-        @data_series << new_data_series
-        new_data_series
-      else
-        ds.first
-      end
-    end
-
-    # Blanks the contents of the data series collection.
-    # Reset telemetry toggle
-    # @return [True]
-    def reset!
-      @data_series = []
-      @telemetry_toggled_off = false
-    end
-
-    private
-
-    # Minimize exposure of Inspec::Config interface
-    def config_telemetry_options
-      config.telemetry_options
-    end
-  end
-end

data/lib/inspec/utils/telemetry/data_series.rb

@@ -1,44 +0,0 @@
-require "json" unless defined?(JSON)
-
-module Inspec; end
-
-# A minimal Dataseries Object
-# Stores the name of the data series and an array of data.
-# Stored data should be a object that supports #to_s
-module Inspec::Telemetry
-  class DataSeries
-    def initialize(name)
-      @name = name
-      @enabled = true
-      @data ||= []
-    end
-
-    attr_reader :data, :name
-
-    # This needs to also be set by configuration.
-    def enabled?
-      @enabled
-    end
-
-    def disable
-      @enabled = false
-    end
-
-    def <<(appending_data)
-      data << appending_data
-    end
-
-    alias push <<
-
-    def to_h
-      {
-        name: @name,
-        data: @data,
-      }
-    end
-
-    def to_json
-      to_h.to_json
-    end
-  end
-end

data/lib/inspec/utils/telemetry/global_methods.rb

@@ -1,22 +0,0 @@
-require "inspec/utils/telemetry/collector"
-
-module Inspec
-  # A Global method to add a data series object to the Telemetry Collection.
-  # `data_series_name`s are unique, so `:dependency_group` will always return
-  # the same object.
-  # `data_point` is optional, you may also supply a block with several data points.
-  # All data points should allow #to_s
-  def self.record_telemetry_data(data_series_name, data_point = nil)
-    coll = Inspec::Telemetry::Collector.instance
-    return unless coll.telemetry_enabled?
-
-    ds = coll.find_or_create_data_series(data_series_name)
-    return unless ds.enabled?
-
-    if block_given?
-      ds << yield
-    else
-      ds << data_point
-    end
-  end
-end