inspec-core 6.8.1 → 6.8.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/inspec/base_cli.rb +3 -0
  3. data/lib/inspec/resources/oracledb_session.rb +5 -8
  4. data/lib/inspec/resources/postgres_session.rb +1 -1
  5. data/lib/inspec/runner.rb +14 -2
  6. data/lib/inspec/utils/licensing_config.rb +14 -0
  7. data/lib/inspec/utils/telemetry/http.rb +2 -5
  8. data/lib/inspec/utils/telemetry.rb +3 -1
  9. data/lib/inspec/version.rb +1 -1
  10. data/lib/source_readers/inspec.rb +1 -1
  11. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 935114b2bfd94c210bbaa34c7dcb77185f41d3fe40f2460f0cc202fc81bcf229
4
- data.tar.gz: 1b32490bab8349155734d036c8690460436c13531318427a1a7cbbe4d1556479
3
+ metadata.gz: 6ef08c3443267ae12f42004936c21dd9c06a2a2405981efa57d5ab26a3a58e38
4
+ data.tar.gz: 16ba90c68c5f4168b1c1e3178b0b974992d27d5529ada5c34f51fda029539806
5
5
  SHA512:
6
- metadata.gz: ebc7bfa5348adaf7ef7f6fa066ced78691167acb491fa1d30dc70fba35125f7b44d9598be47b4868c280796e902e86ca8efcac1d4a71f294b5725b6f3c80a813
7
- data.tar.gz: 426261a3570f1db8a1a99f0a07cd6f92eea754943c4d6e904b8a73f7e7dea49bc1758989d94047ca1689efa1c78d2149ca532c345e380c595e103e799f29c1d4
6
+ metadata.gz: 6915602a57ac2c952ba963ded31d7e20a2aca7c0f8e49cf1f3109d85042864d7e69e390aa886937cd2d26a062716da9388a71bf9a67940578c4ccd783e8feb3d
7
+ data.tar.gz: ffb31db9833ffca067688360cdbd73eb8ddd8da55e0a0cbcc33c860a2475f43715fcd4603b04cab3adba771f9cfc6231a88ec594a2947b7d4781bf899123b575
data/lib/inspec/base_cli.rb CHANGED
@@ -54,6 +54,9 @@ module Inspec
54
54
  rescue ChefLicensing::LicenseKeyFetcher::LicenseKeyNotFetchedError
55
55
  Inspec::Log.error "#{Inspec::Dist::PRODUCT_NAME} cannot execute without valid licenses."
56
56
  Inspec::UI.new.exit(:license_not_set)
57
+ rescue ChefLicensing::SoftwareNotEntitled
58
+ Inspec::Log.error "License is not entitled to use InSpec."
59
+ Inspec::UI.new.exit(:license_not_entitled)
57
60
  rescue ChefLicensing::Error => e
58
61
  Inspec::Log.error e.message
59
62
  Inspec::UI.new.exit(:usage_error)
data/lib/inspec/resources/oracledb_session.rb CHANGED
@@ -57,7 +57,7 @@ module Inspec::Resources
57
57
  inspec_cmd = inspec.command(command)
58
58
  out = inspec_cmd.stdout + "\n" + inspec_cmd.stderr
59
59
 
60
- if inspec_cmd.exit_status != 0 || !inspec_cmd.stderr.empty? || out.downcase =~ /^error.*/
60
+ if inspec_cmd.exit_status != 0 || out.downcase =~ /^error.*/
61
61
  raise Inspec::Exceptions::ResourceFailed, "Oracle query with errors: #{out}"
62
62
  else
63
63
  begin
@@ -134,10 +134,8 @@ module Inspec::Resources
134
134
  end
135
135
 
136
136
  def escape_query(query)
137
- # https://github.com/inspec/inspec/security/code-scanning/7
138
- # https://github.com/inspec/inspec/security/code-scanning/8
139
- escaped_query = query.gsub(/["\\]/) { |match| match == '"' ? '\\"' : "\\\\" } # Escape backslashes and double quotes
140
- escaped_query.gsub!("$", '\\$') unless escaped_query.include? "\\$" # Escape dollar signs, but only if not already escaped
137
+ escaped_query = query.gsub(/\\\\/, "\\").gsub(/"/, '\\"')
138
+ escaped_query = escaped_query.gsub("$", '\\$') unless escaped_query.include? "\\$"
141
139
  escaped_query
142
140
  end
143
141
 
@@ -145,9 +143,8 @@ module Inspec::Resources
145
143
  output = stdout.split("oracle_query_string")[-1]
146
144
  # comma_query_sub replaces the csv delimiter "," in the output.
147
145
  # Handles CSV parsing of data like this (DROP,3) etc
148
- # Replace all occurrences of the target pattern using gsub instead of sub
149
- # Issue detected: https://github.com/inspec/inspec/security/code-scanning/9
150
- output = output.gsub(/\r/, "").strip.gsub(",", "comma_query_sub")
146
+
147
+ output = output.sub(/\r/, "").strip.gsub(",", "comma_query_sub")
151
148
  converter = ->(header) { header.downcase }
152
149
  CSV.parse(output, headers: true, header_converters: converter).map do |row|
153
150
  next if row.entries.flatten.empty?
data/lib/inspec/resources/postgres_session.rb CHANGED
@@ -55,7 +55,7 @@ module Inspec::Resources
55
55
  psql_cmd = create_psql_cmd(query, db)
56
56
  cmd = inspec.command(psql_cmd, redact_regex: %r{(:\/\/[a-z]*:).*(@)})
57
57
  out = cmd.stdout + "\n" + cmd.stderr
58
- if cmd.exit_status != 0 && ( out =~ /could not connect to/ || out =~ /password authentication failed/ ) && out.downcase =~ /error:/
58
+ if cmd.exit_status != 0 && ( out =~ /could not connect to/ || out =~ /password authentication failed/ ) && (out.downcase =~ /error:/ || out.downcase =~ /fatal:/)
59
59
  raise Inspec::Exceptions::ResourceFailed, "PostgreSQL connection error: #{out}"
60
60
  elsif cmd.exit_status != 0 && out.downcase =~ /error:/
61
61
  Lines.new(out, "PostgreSQL query with error: #{query}", cmd.exit_status)
data/lib/inspec/runner.rb CHANGED
@@ -168,7 +168,16 @@ module Inspec
168
168
  end
169
169
 
170
170
  def run(with = nil)
171
- ChefLicensing.check_software_entitlement! if Inspec::Dist::EXEC_NAME == "inspec"
171
+ product_dist_name = Inspec::Dist::PRODUCT_NAME
172
+ if Inspec::Dist::EXEC_NAME == "inspec"
173
+ if Inspec::Telemetry::RunContextProbe.guess_run_context == "test-kitchen"
174
+ product_dist_name = "Chef Workstation"
175
+ configure_licensing_config_for_kitchen(@conf)
176
+ # Persist the license key in file when passed via test-kitchen
177
+ ChefLicensing.fetch_and_persist if @conf[:chef_license_key]
178
+ end
179
+ ChefLicensing.check_software_entitlement!
180
+ end
172
181
 
173
182
  # Validate if profiles are signed and verified
174
183
  # Additional check is required to provide error message in case of inspec exec command (exec command can use multiple profiles as well)
@@ -183,8 +192,11 @@ module Inspec
183
192
  Inspec::Telemetry.run_starting(runner: self, conf: @conf)
184
193
  load
185
194
  run_tests(with)
195
+ rescue ChefLicensing::LicenseKeyFetcher::LicenseKeyNotFetchedError
196
+ Inspec::Log.error "#{product_dist_name} cannot execute without valid licenses."
197
+ Inspec::UI.new.exit(:license_not_set)
186
198
  rescue ChefLicensing::SoftwareNotEntitled
187
- Inspec::Log.error "License is not entitled to use InSpec."
199
+ Inspec::Log.error "License is not entitled to use #{product_dist_name}."
188
200
  Inspec::UI.new.exit(:license_not_entitled)
189
201
  rescue ChefLicensing::Error => e
190
202
  Inspec::Log.error e.message
data/lib/inspec/utils/licensing_config.rb CHANGED
@@ -7,3 +7,17 @@ ChefLicensing.configure do |config|
7
7
  config.license_server_url = "https://services.chef.io/licensing"
8
8
  config.logger = Inspec::Log
9
9
  end
10
+
11
+ def configure_licensing_config_for_kitchen(opts = {})
12
+ ChefLicensing.configure do |config|
13
+ # Reset entitlement ID to the ID of Chef Workstation
14
+ config.chef_entitlement_id = "x6f3bc76-a94f-4b6c-bc97-4b7ed2b045c0"
15
+ # Reset Chef License server via kitchen when passed in kitchen.yml
16
+ opts["chef_license_server"] = opts["chef_license_server"].join(",") if opts["chef_license_server"].is_a? Array
17
+ unless opts["chef_license_server"].nil? || opts["chef_license_server"].empty?
18
+ ENV["CHEF_LICENSE_SERVER"] = opts["chef_license_server"]
19
+ end
20
+ end
21
+ # Reset Chef License key via kitchen when passed in kitchen.yml
22
+ ENV["CHEF_LICENSE_KEY"] = opts["chef_license_key"] if opts["chef_license_key"]
23
+ end
data/lib/inspec/utils/telemetry/http.rb CHANGED
@@ -6,11 +6,8 @@ module Inspec
6
6
  class Telemetry
7
7
  class HTTP < Base
8
8
  TELEMETRY_JOBS_PATH = "v1/job"
9
- TELEMETRY_URL = if ChefLicensing::Config.license_server_url&.match?("acceptance")
10
- ENV["CHEF_TELEMETRY_URL"]
11
- else
12
- "https://services.chef.io/telemetry/"
13
- end
9
+ # Allow dev/CI to override the telemetry URL to a staging service
10
+ TELEMETRY_URL = ENV["CHEF_TELEMETRY_URL"] || "https://services.chef.io/telemetry/"
14
11
  def run_ending(opts)
15
12
  payload = super
16
13
  response = connection.post(TELEMETRY_JOBS_PATH) do |req|
data/lib/inspec/utils/telemetry.rb CHANGED
@@ -18,10 +18,12 @@ module Inspec
18
18
  # Don't perform telemetry action for other InSpec distros
19
19
  # Don't perform telemetry action if running under Automate - Automate does LDC tracking for us
20
20
  # Don't perform telemetry action if license is a commercial license
21
+ # Don't perform telemetry action if running under Test Kitchen
21
22
 
22
23
  if Inspec::Dist::EXEC_NAME != "inspec" ||
23
24
  Inspec::Telemetry::RunContextProbe.under_automate? ||
24
- license&.license_type&.downcase == "commercial"
25
+ license&.license_type&.downcase == "commercial" ||
26
+ Inspec::Telemetry::RunContextProbe.guess_run_context == "test-kitchen"
25
27
 
26
28
  Inspec::Log.debug "Determined telemetry operation is not applicable and hence aborting it."
27
29
  return Inspec::Telemetry::Null
data/lib/inspec/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Inspec
2
- VERSION = "6.8.1".freeze
2
+ VERSION = "6.8.11".freeze
3
3
  end
data/lib/source_readers/inspec.rb CHANGED
@@ -66,7 +66,7 @@ module SourceReaders
66
66
  end
67
67
 
68
68
  def load_readme
69
- load_all(/README.md/)
69
+ load_all(/README(\.md)?$/)
70
70
  end
71
71
  end
72
72
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.8.1
4
+ version: 6.8.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chef InSpec Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-25 00:00:00.000000000 Z
11
+ date: 2024-11-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-telemetry