inspec-core 6.8.1 → 6.8.11

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/inspec/base_cli.rb +3 -0
  3. data/lib/inspec/resources/oracledb_session.rb +5 -8
  4. data/lib/inspec/resources/postgres_session.rb +1 -1
  5. data/lib/inspec/runner.rb +14 -2
  6. data/lib/inspec/utils/licensing_config.rb +14 -0
  7. data/lib/inspec/utils/telemetry/http.rb +2 -5
  8. data/lib/inspec/utils/telemetry.rb +3 -1
  9. data/lib/inspec/version.rb +1 -1
  10. data/lib/source_readers/inspec.rb +1 -1
  11. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 935114b2bfd94c210bbaa34c7dcb77185f41d3fe40f2460f0cc202fc81bcf229
4
- data.tar.gz: 1b32490bab8349155734d036c8690460436c13531318427a1a7cbbe4d1556479
3
+ metadata.gz: 6ef08c3443267ae12f42004936c21dd9c06a2a2405981efa57d5ab26a3a58e38
4
+ data.tar.gz: 16ba90c68c5f4168b1c1e3178b0b974992d27d5529ada5c34f51fda029539806
5
5
  SHA512:
6
- metadata.gz: ebc7bfa5348adaf7ef7f6fa066ced78691167acb491fa1d30dc70fba35125f7b44d9598be47b4868c280796e902e86ca8efcac1d4a71f294b5725b6f3c80a813
7
- data.tar.gz: 426261a3570f1db8a1a99f0a07cd6f92eea754943c4d6e904b8a73f7e7dea49bc1758989d94047ca1689efa1c78d2149ca532c345e380c595e103e799f29c1d4
6
+ metadata.gz: 6915602a57ac2c952ba963ded31d7e20a2aca7c0f8e49cf1f3109d85042864d7e69e390aa886937cd2d26a062716da9388a71bf9a67940578c4ccd783e8feb3d
7
+ data.tar.gz: ffb31db9833ffca067688360cdbd73eb8ddd8da55e0a0cbcc33c860a2475f43715fcd4603b04cab3adba771f9cfc6231a88ec594a2947b7d4781bf899123b575
data/lib/inspec/base_cli.rb CHANGED
@@ -54,6 +54,9 @@ module Inspec
54
54
  rescue ChefLicensing::LicenseKeyFetcher::LicenseKeyNotFetchedError
55
55
  Inspec::Log.error "#{Inspec::Dist::PRODUCT_NAME} cannot execute without valid licenses."
56
56
  Inspec::UI.new.exit(:license_not_set)
57
+ rescue ChefLicensing::SoftwareNotEntitled
58
+ Inspec::Log.error "License is not entitled to use InSpec."
59
+ Inspec::UI.new.exit(:license_not_entitled)
57
60
  rescue ChefLicensing::Error => e
58
61
  Inspec::Log.error e.message
59
62
  Inspec::UI.new.exit(:usage_error)
data/lib/inspec/resources/oracledb_session.rb CHANGED
@@ -57,7 +57,7 @@ module Inspec::Resources
57
57
  inspec_cmd = inspec.command(command)
58
58
  out = inspec_cmd.stdout + "\n" + inspec_cmd.stderr
59
59
 
60
- if inspec_cmd.exit_status != 0 || !inspec_cmd.stderr.empty? || out.downcase =~ /^error.*/
60
+ if inspec_cmd.exit_status != 0 || out.downcase =~ /^error.*/
61
61
  raise Inspec::Exceptions::ResourceFailed, "Oracle query with errors: #{out}"
62
62
  else
63
63
  begin
@@ -134,10 +134,8 @@ module Inspec::Resources
134
134
  end
135
135
 
136
136
  def escape_query(query)
137
- # https://github.com/inspec/inspec/security/code-scanning/7
138
- # https://github.com/inspec/inspec/security/code-scanning/8
139
- escaped_query = query.gsub(/["\\]/) { |match| match == '"' ? '\\"' : "\\\\" } # Escape backslashes and double quotes
140
- escaped_query.gsub!("$", '\\$') unless escaped_query.include? "\\$" # Escape dollar signs, but only if not already escaped
137
+ escaped_query = query.gsub(/\\\\/, "\\").gsub(/"/, '\\"')
138
+ escaped_query = escaped_query.gsub("$", '\\$') unless escaped_query.include? "\\$"
141
139
  escaped_query
142
140
  end
143
141
 
@@ -145,9 +143,8 @@ module Inspec::Resources
145
143
  output = stdout.split("oracle_query_string")[-1]
146
144
  # comma_query_sub replaces the csv delimiter "," in the output.
147
145
  # Handles CSV parsing of data like this (DROP,3) etc
148
- # Replace all occurrences of the target pattern using gsub instead of sub
149
- # Issue detected: https://github.com/inspec/inspec/security/code-scanning/9
150
- output = output.gsub(/\r/, "").strip.gsub(",", "comma_query_sub")
146
+
147
+ output = output.sub(/\r/, "").strip.gsub(",", "comma_query_sub")
151
148
  converter = ->(header) { header.downcase }
152
149
  CSV.parse(output, headers: true, header_converters: converter).map do |row|
153
150
  next if row.entries.flatten.empty?
data/lib/inspec/resources/postgres_session.rb CHANGED
@@ -55,7 +55,7 @@ module Inspec::Resources
55
55
  psql_cmd = create_psql_cmd(query, db)
56
56
  cmd = inspec.command(psql_cmd, redact_regex: %r{(:\/\/[a-z]*:).*(@)})
57
57
  out = cmd.stdout + "\n" + cmd.stderr
58
- if cmd.exit_status != 0 && ( out =~ /could not connect to/ || out =~ /password authentication failed/ ) && out.downcase =~ /error:/
58
+ if cmd.exit_status != 0 && ( out =~ /could not connect to/ || out =~ /password authentication failed/ ) && (out.downcase =~ /error:/ || out.downcase =~ /fatal:/)
59
59
  raise Inspec::Exceptions::ResourceFailed, "PostgreSQL connection error: #{out}"
60
60
  elsif cmd.exit_status != 0 && out.downcase =~ /error:/
61
61
  Lines.new(out, "PostgreSQL query with error: #{query}", cmd.exit_status)
data/lib/inspec/runner.rb CHANGED
@@ -168,7 +168,16 @@ module Inspec
168
168
  end
169
169
 
170
170
  def run(with = nil)
171
- ChefLicensing.check_software_entitlement! if Inspec::Dist::EXEC_NAME == "inspec"
171
+ product_dist_name = Inspec::Dist::PRODUCT_NAME
172
+ if Inspec::Dist::EXEC_NAME == "inspec"
173
+ if Inspec::Telemetry::RunContextProbe.guess_run_context == "test-kitchen"
174
+ product_dist_name = "Chef Workstation"
175
+ configure_licensing_config_for_kitchen(@conf)
176
+ # Persist the license key in file when passed via test-kitchen
177
+ ChefLicensing.fetch_and_persist if @conf[:chef_license_key]
178
+ end
179
+ ChefLicensing.check_software_entitlement!
180
+ end
172
181
 
173
182
  # Validate if profiles are signed and verified
174
183
  # Additional check is required to provide error message in case of inspec exec command (exec command can use multiple profiles as well)
@@ -183,8 +192,11 @@ module Inspec
183
192
  Inspec::Telemetry.run_starting(runner: self, conf: @conf)
184
193
  load
185
194
  run_tests(with)
195
+ rescue ChefLicensing::LicenseKeyFetcher::LicenseKeyNotFetchedError
196
+ Inspec::Log.error "#{product_dist_name} cannot execute without valid licenses."
197
+ Inspec::UI.new.exit(:license_not_set)
186
198
  rescue ChefLicensing::SoftwareNotEntitled
187
- Inspec::Log.error "License is not entitled to use InSpec."
199
+ Inspec::Log.error "License is not entitled to use #{product_dist_name}."
188
200
  Inspec::UI.new.exit(:license_not_entitled)
189
201
  rescue ChefLicensing::Error => e
190
202
  Inspec::Log.error e.message
data/lib/inspec/utils/licensing_config.rb CHANGED
@@ -7,3 +7,17 @@ ChefLicensing.configure do |config|
7
7
  config.license_server_url = "https://services.chef.io/licensing"
8
8
  config.logger = Inspec::Log
9
9
  end
10
+
11
+ def configure_licensing_config_for_kitchen(opts = {})
12
+ ChefLicensing.configure do |config|
13
+ # Reset entitlement ID to the ID of Chef Workstation
14
+ config.chef_entitlement_id = "x6f3bc76-a94f-4b6c-bc97-4b7ed2b045c0"
15
+ # Reset Chef License server via kitchen when passed in kitchen.yml
16
+ opts["chef_license_server"] = opts["chef_license_server"].join(",") if opts["chef_license_server"].is_a? Array
17
+ unless opts["chef_license_server"].nil? || opts["chef_license_server"].empty?
18
+ ENV["CHEF_LICENSE_SERVER"] = opts["chef_license_server"]
19
+ end
20
+ end
21
+ # Reset Chef License key via kitchen when passed in kitchen.yml
22
+ ENV["CHEF_LICENSE_KEY"] = opts["chef_license_key"] if opts["chef_license_key"]
23
+ end
data/lib/inspec/utils/telemetry/http.rb CHANGED
@@ -6,11 +6,8 @@ module Inspec
6
6
  class Telemetry
7
7
  class HTTP < Base
8
8
  TELEMETRY_JOBS_PATH = "v1/job"
9
- TELEMETRY_URL = if ChefLicensing::Config.license_server_url&.match?("acceptance")
10
- ENV["CHEF_TELEMETRY_URL"]
11
- else
12
- "https://services.chef.io/telemetry/"
13
- end
9
+ # Allow dev/CI to override the telemetry URL to a staging service
10
+ TELEMETRY_URL = ENV["CHEF_TELEMETRY_URL"] || "https://services.chef.io/telemetry/"
14
11
  def run_ending(opts)
15
12
  payload = super
16
13
  response = connection.post(TELEMETRY_JOBS_PATH) do |req|
data/lib/inspec/utils/telemetry.rb CHANGED
@@ -18,10 +18,12 @@ module Inspec
18
18
  # Don't perform telemetry action for other InSpec distros
19
19
  # Don't perform telemetry action if running under Automate - Automate does LDC tracking for us
20
20
  # Don't perform telemetry action if license is a commercial license
21
+ # Don't perform telemetry action if running under Test Kitchen
21
22
 
22
23
  if Inspec::Dist::EXEC_NAME != "inspec" ||
23
24
  Inspec::Telemetry::RunContextProbe.under_automate? ||
24
- license&.license_type&.downcase == "commercial"
25
+ license&.license_type&.downcase == "commercial" ||
26
+ Inspec::Telemetry::RunContextProbe.guess_run_context == "test-kitchen"
25
27
 
26
28
  Inspec::Log.debug "Determined telemetry operation is not applicable and hence aborting it."
27
29
  return Inspec::Telemetry::Null
data/lib/inspec/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Inspec
2
- VERSION = "6.8.1".freeze
2
+ VERSION = "6.8.11".freeze
3
3
  end
data/lib/source_readers/inspec.rb CHANGED
@@ -66,7 +66,7 @@ module SourceReaders
66
66
  end
67
67
 
68
68
  def load_readme
69
- load_all(/README.md/)
69
+ load_all(/README(\.md)?$/)
70
70
  end
71
71
  end
72
72
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.8.1
4
+ version: 6.8.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chef InSpec Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-25 00:00:00.000000000 Z
11
+ date: 2024-11-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-telemetry