inspec-core 6.8.11 → 7.0.38.beta

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 6.8.11
+  version: 7.0.38.beta
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-11-05 00:00:00.000000000 Z
+date: 2025-03-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -472,6 +472,7 @@ files:
 - lib/inspec/feature/config.rb
 - lib/inspec/feature/runner.rb
 - lib/inspec/fetcher.rb
+- lib/inspec/fetcher/gem.rb
 - lib/inspec/fetcher/git.rb
 - lib/inspec/fetcher/local.rb
 - lib/inspec/fetcher/mock.rb
@@ -511,8 +512,10 @@ files:
 - lib/inspec/plugin/v1/registry.rb
 - lib/inspec/plugin/v2.rb
 - lib/inspec/plugin/v2/activator.rb
+- lib/inspec/plugin/v2/concerns/gem_spec_helper.rb
 - lib/inspec/plugin/v2/config_file.rb
 - lib/inspec/plugin/v2/filter.rb
+- lib/inspec/plugin/v2/gem_source_manager.rb
 - lib/inspec/plugin/v2/installer.rb
 - lib/inspec/plugin/v2/loader.rb
 - lib/inspec/plugin/v2/plugin_base.rb
@@ -521,6 +524,7 @@ files:
 - lib/inspec/plugin/v2/plugin_types/input.rb
 - lib/inspec/plugin/v2/plugin_types/mock.rb
 - lib/inspec/plugin/v2/plugin_types/reporter.rb
+- lib/inspec/plugin/v2/plugin_types/resource_pack.rb
 - lib/inspec/plugin/v2/plugin_types/streaming_reporter.rb
 - lib/inspec/plugin/v2/registry.rb
 - lib/inspec/plugin/v2/status.rb
@@ -563,13 +567,6 @@ files:
 - lib/inspec/resources/default_gateway.rb
 - lib/inspec/resources/dh_params.rb
 - lib/inspec/resources/directory.rb
-- lib/inspec/resources/docker.rb
-- lib/inspec/resources/docker_container.rb
-- lib/inspec/resources/docker_image.rb
-- lib/inspec/resources/docker_object.rb
-- lib/inspec/resources/docker_plugin.rb
-- lib/inspec/resources/docker_service.rb
-- lib/inspec/resources/elasticsearch.rb
 - lib/inspec/resources/etc_fstab.rb
 - lib/inspec/resources/etc_group.rb
 - lib/inspec/resources/etc_hosts.rb
@@ -585,8 +582,6 @@ files:
 - lib/inspec/resources/grub_conf.rb
 - lib/inspec/resources/host.rb
 - lib/inspec/resources/http.rb
-- lib/inspec/resources/ibmdb2_conf.rb
-- lib/inspec/resources/ibmdb2_session.rb
 - lib/inspec/resources/iis_app.rb
 - lib/inspec/resources/iis_app_pool.rb
 - lib/inspec/resources/iis_site.rb
@@ -612,9 +607,6 @@ files:
 - lib/inspec/resources/login_defs.rb
 - lib/inspec/resources/lxc.rb
 - lib/inspec/resources/mail_alias.rb
-- lib/inspec/resources/mongodb.rb
-- lib/inspec/resources/mongodb_conf.rb
-- lib/inspec/resources/mongodb_session.rb
 - lib/inspec/resources/mount.rb
 - lib/inspec/resources/mssql_session.rb
 - lib/inspec/resources/mssql_sys_conf.rb
@@ -645,12 +637,6 @@ files:
 - lib/inspec/resources/php_config.rb
 - lib/inspec/resources/pip.rb
 - lib/inspec/resources/platform.rb
-- lib/inspec/resources/podman.rb
-- lib/inspec/resources/podman_container.rb
-- lib/inspec/resources/podman_image.rb
-- lib/inspec/resources/podman_network.rb
-- lib/inspec/resources/podman_pod.rb
-- lib/inspec/resources/podman_volume.rb
 - lib/inspec/resources/port.rb
 - lib/inspec/resources/postfix_conf.rb
 - lib/inspec/resources/postgres.rb
@@ -661,8 +647,6 @@ files:
 - lib/inspec/resources/powershell.rb
 - lib/inspec/resources/ppa.rb
 - lib/inspec/resources/processes.rb
-- lib/inspec/resources/rabbitmq_conf.rb
-- lib/inspec/resources/rabbitmq_config.rb
 - lib/inspec/resources/registry_key.rb
 - lib/inspec/resources/routing_table.rb
 - lib/inspec/resources/runit_service.rb
@@ -672,13 +656,7 @@ files:
 - lib/inspec/resources/selinux.rb
 - lib/inspec/resources/service.rb
 - lib/inspec/resources/shadow.rb
-- lib/inspec/resources/ssh_config.rb
-- lib/inspec/resources/ssh_key.rb
-- lib/inspec/resources/sshd_active_config.rb
-- lib/inspec/resources/sshd_config.rb
 - lib/inspec/resources/ssl.rb
-- lib/inspec/resources/sybase_conf.rb
-- lib/inspec/resources/sybase_session.rb
 - lib/inspec/resources/sys_info.rb
 - lib/inspec/resources/systemd_service.rb
 - lib/inspec/resources/sysv_service.rb
@@ -755,7 +733,6 @@ files:
 - lib/inspec/utils/object_traversal.rb
 - lib/inspec/utils/parser.rb
 - lib/inspec/utils/pkey_reader.rb
-- lib/inspec/utils/podman.rb
 - lib/inspec/utils/profile_ast_helpers.rb
 - lib/inspec/utils/run_data_filters.rb
 - lib/inspec/utils/simpleconfig.rb
@@ -890,6 +867,7 @@ files:
 - lib/plugins/shared/core_plugin_test_helper.rb
 - lib/plugins/things-for-train-integration.rb
 - lib/source_readers/flat.rb
+- lib/source_readers/gem.rb
 - lib/source_readers/inspec.rb
 homepage: https://github.com/inspec/inspec
 licenses:
@@ -906,9 +884,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 3.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubygems_version: 3.2.3
 signing_key: 

data/lib/inspec/resources/docker.rb

@@ -1,274 +0,0 @@
-#
-# Copyright 2017, Christoph Hartmann
-#
-
-require "inspec/resources/command"
-require "inspec/utils/filter"
-require "hashie/mash"
-
-module Inspec::Resources
-  class DockerContainerFilter
-    # use filtertable for containers
-    filter = FilterTable.create
-    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
-    filter.register_column(:commands, field: "command")
-      .register_column(:ids,            field: "id")
-      .register_column(:images,         field: "image")
-      .register_column(:labels,         field: "labels", style: :simple)
-      .register_column(:local_volumes,  field: "localvolumes")
-      .register_column(:mounts,         field: "mounts")
-      .register_column(:names,          field: "names")
-      .register_column(:networks,       field: "networks")
-      .register_column(:ports,          field: "ports")
-      .register_column(:running_for,    field: "runningfor")
-      .register_column(:sizes,          field: "size")
-      .register_column(:status,         field: "status")
-      .register_custom_matcher(:running?) do |x|
-        x.where { status.downcase.start_with?("up") }
-      end
-    filter.install_filter_methods_on_resource(self, :containers)
-
-    attr_reader :containers
-    def initialize(containers)
-      @containers = containers
-    end
-  end
-
-  class DockerImageFilter
-    filter = FilterTable.create
-    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
-    filter.register_column(:ids, field: "id")
-      .register_column(:repositories,  field: "repository")
-      .register_column(:tags,          field: "tag")
-      .register_column(:sizes,         field: "size")
-      .register_column(:digests,       field: "digest")
-      .register_column(:created,       field: "createdat")
-      .register_column(:created_since, field: "createdsize")
-    filter.install_filter_methods_on_resource(self, :images)
-
-    attr_reader :images
-    def initialize(images)
-      @images = images
-    end
-  end
-
-  class DockerPluginFilter
-    filter = FilterTable.create
-    filter.add(:ids, field: "id")
-      .add(:names,    field: "name")
-      .add(:versions, field: "version")
-      .add(:enabled,  field: "enabled")
-    filter.connect(self, :plugins)
-
-    attr_reader :plugins
-    def initialize(plugins)
-      @plugins = plugins
-    end
-  end
-
-  class DockerServiceFilter
-    filter = FilterTable.create
-    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
-    filter.register_column(:ids, field: "id")
-      .register_column(:names,    field: "name")
-      .register_column(:modes,    field: "mode")
-      .register_column(:replicas, field: "replicas")
-      .register_column(:images,   field: "image")
-      .register_column(:ports,    field: "ports")
-    filter.install_filter_methods_on_resource(self, :services)
-
-    attr_reader :services
-    def initialize(services)
-      @services = services
-    end
-  end
-
-  # This resource helps to parse information from the docker host
-  # For compatability with Serverspec we also offer the following resouses:
-  # - docker_container
-  # - docker_image
-  class Docker < Inspec.resource(1)
-    name "docker"
-    supports platform: "unix"
-    desc "
-      A resource to retrieve information about docker
-    "
-
-    example <<~EXAMPLE
-      describe docker.containers do
-        its('images') { should_not include 'u12:latest' }
-      end
-
-      describe docker.images do
-        its('repositories') { should_not include 'inssecure_image' }
-      end
-
-      describe docker.plugins.where { name == 'rexray/ebs' } do
-        it { should exist }
-      end
-
-      describe docker.services do
-        its('images') { should_not include 'inssecure_image' }
-      end
-
-      describe docker.version do
-        its('Server.Version') { should cmp >= '1.12'}
-        its('Client.Version') { should cmp >= '1.12'}
-      end
-
-      describe docker.object(id) do
-        its('Configuration.Path') { should eq 'value' }
-      end
-
-      docker.containers.ids.each do |id|
-        # call docker inspect for a specific container id
-        describe docker.object(id) do
-          its(%w(HostConfig Privileged)) { should cmp false }
-          its(%w(HostConfig Privileged)) { should_not cmp true }
-        end
-      end
-    EXAMPLE
-
-    def containers
-      DockerContainerFilter.new(parse_containers)
-    end
-
-    def images
-      DockerImageFilter.new(parse_images)
-    end
-
-    def plugins
-      DockerPluginFilter.new(parse_plugins)
-    end
-
-    def services
-      DockerServiceFilter.new(parse_services)
-    end
-
-    def version
-      return @version if defined?(@version)
-
-      data = {}
-      cmd = inspec.command("docker version --format '{{ json . }}'")
-      data = JSON.parse(cmd.stdout) if cmd.exit_status == 0
-      @version = Hashie::Mash.new(data)
-    rescue JSON::ParserError => _e
-      Hashie::Mash.new({})
-    end
-
-    def info
-      return @info if defined?(@info)
-
-      data = {}
-      # docke info format is only supported for Docker 17.03+
-      cmd = inspec.command("docker info --format '{{ json . }}'")
-      data = JSON.parse(cmd.stdout) if cmd.exit_status == 0
-      @info = Hashie::Mash.new(data)
-    rescue JSON::ParserError => _e
-      Hashie::Mash.new({})
-    end
-
-    # returns information about docker objects
-    def object(id)
-      return @inspect if defined?(@inspect)
-
-      data = JSON.parse(inspec.command("docker inspect #{id}").stdout)
-      data = data[0] if data.is_a?(Array)
-      @inspect = Hashie::Mash.new(data)
-    rescue JSON::ParserError => _e
-      Hashie::Mash.new({})
-    end
-
-    def to_s
-      "Docker Host"
-    end
-
-    private
-
-    def parse_json_command(labels, subcommand)
-      # build command
-      format = labels.map { |label| "\"#{label}\": {{json .#{label}}}" }
-      raw = inspec.command("docker #{subcommand} --format '{#{format.join(", ")}}'").stdout
-      output = []
-      # since docker is not outputting valid json, we need to parse each row
-      raw.each_line do |entry|
-        # convert all keys to lower_case to work well with ruby and filter table
-        row = JSON.parse(entry).map do |key, value|
-          [key.downcase, value]
-        end.to_h
-
-        # ensure all keys are there
-        row = ensure_keys(row, labels)
-
-        # strip off any linked container names
-        # Depending on how it was linked, the actual container name may come before
-        # or after the link information, so we'll just look for the first name that
-        # does not include a slash since that is not a valid character in a container name
-        if row["names"]
-          row["names"] = row["names"].split(",").find { |c| !c.include?("/") }
-        end
-
-        # Split labels on ',' or set to empty array
-        # Allows for `docker.containers.where { labels.include?('app=redis') }`
-        row["labels"] = row.key?("labels") ? row["labels"].split(",") : []
-
-        output.push(row)
-      end
-
-      output
-    rescue JSON::ParserError => _e
-      warn "Could not parse `docker #{subcommand}` output"
-      []
-    end
-
-    def parse_containers
-      # @see https://github.com/moby/moby/issues/20625, works for docker 1.13+
-      # raw_containers = inspec.command('docker ps -a --no-trunc --format \'{{ json . }}\'').stdout
-      # therefore we stick with older approach
-      labels = %w{Command CreatedAt ID Image Labels Mounts Names Ports RunningFor Size Status}
-
-      # Networks LocalVolumes work with 1.13+ only
-      if !version.empty? && Gem::Version.new(version["Client"]["Version"]) >= Gem::Version.new("1.13")
-        labels.push("Networks")
-        labels.push("LocalVolumes")
-      end
-      parse_json_command(labels, "ps -a --no-trunc")
-    end
-
-    def parse_services
-      parse_json_command(%w{ID Name Mode Replicas Image Ports}, "service ls")
-    end
-
-    def ensure_keys(entry, labels)
-      labels.each do |key|
-        entry[key.downcase] = nil unless entry.key?(key.downcase)
-      end
-      entry
-    end
-
-    def parse_images
-      # docker does not support the `json .` function here, therefore we need to emulate that behavior.
-      raw_images = inspec.command('docker images -a --no-trunc --format \'{ "id": {{json .ID}}, "repository": {{json .Repository}}, "tag": {{json .Tag}}, "size": {{json .Size}}, "digest": {{json .Digest}}, "createdat": {{json .CreatedAt}}, "createdsize": {{json .CreatedSince}} }\'').stdout
-      c_images = []
-      raw_images.each_line do |entry|
-        c_images.push(JSON.parse(entry))
-      end
-      c_images
-    rescue JSON::ParserError => _e
-      warn "Could not parse `docker images` output"
-      []
-    end
-
-    def parse_plugins
-      plugins = inspec.command('docker plugin ls --format \'{"id": {{json .ID}}, "name": "{{ with split .Name ":"}}{{index . 0}}{{end}}", "version": "{{ with split .Name ":"}}{{index . 1}}{{end}}", "enabled": {{json .Enabled}} }\'').stdout
-      c_plugins = []
-      plugins.each_line do |entry|
-        c_plugins.push(JSON.parse(entry))
-      end
-      c_plugins
-    rescue JSON::ParserError => _e
-      warn "Could not parse `docker plugin ls` output"
-      []
-    end
-  end
-end

data/lib/inspec/resources/docker_container.rb

@@ -1,116 +0,0 @@
-#
-# Copyright 2017, Christoph Hartmann
-
-require "inspec/resources/docker"
-require_relative "docker_object"
-
-module Inspec::Resources
-  class DockerContainer < Inspec.resource(1)
-    include Inspec::Resources::DockerObject
-
-    name "docker_container"
-    supports platform: "unix"
-    desc ""
-    example <<~EXAMPLE
-      describe docker_container('an-echo-server') do
-        it { should exist }
-        it { should be_running }
-        its('id') { should_not eq '' }
-        its('image') { should eq 'busybox:latest' }
-        its('repo') { should eq 'busybox' }
-        its('tag') { should eq 'latest' }
-        its('ports') { should eq [] }
-        its('command') { should eq 'nc -ll -p 1234 -e /bin/cat' }
-        its('labels') { should include 'app=example' }
-      end
-
-      describe docker_container(id: 'e2c52a183358') do
-        it { should exist }
-        it { should be_running }
-      end
-    EXAMPLE
-
-    def initialize(opts = {})
-      # if a string is provided, we expect it is the name
-      if opts.is_a?(String)
-        @opts = { name: opts }
-      else
-        @opts = opts
-      end
-    end
-
-    def running?
-      status.downcase.start_with?("up") if object_info.entries.length == 1
-    end
-
-    # has_volume? matcher checks if the volume specified in source path of host is mounted in destination path of docker
-    def has_volume?(destination, source)
-      # volume_info is the hash which contains the low-level information about the container
-      # if Mounts key is not present or is nil; raise exception
-      raise Inspec::Exceptions::ResourceFailed, "Could not find any mounted volumes for your container" unless volume_info.Mounts[0]
-
-      # Iterate through the list of mounted volumes and check if it matches with the given destination and source
-      # is_mounted flag is used to handle to return explict boolean values of true or false
-      is_mounted = false
-      volume_info.Mounts.detect { |mount| is_mounted = mount.Destination == destination && mount.Source == source }
-      is_mounted
-    end
-
-    def status
-      object_info.status[0] if object_info.entries.length == 1
-    end
-
-    def labels
-      object_info.labels
-    end
-
-    def ports
-      object_info.ports[0] if object_info.entries.length == 1
-    end
-
-    def command
-      return unless object_info.entries.length == 1
-
-      cmd = object_info.commands[0]
-      cmd.slice(1, cmd.length - 2)
-    end
-
-    def image
-      object_info.images[0] if object_info.entries.length == 1
-    end
-
-    def repo
-      parse_components_from_image(image)[:repo] if object_info.entries.size == 1
-    end
-
-    def tag
-      parse_components_from_image(image)[:tag] if object_info.entries.size == 1
-    end
-
-    def to_s
-      name = @opts[:name] || @opts[:id]
-      "Docker Container #{name}"
-    end
-
-    def resource_id
-      object_info.ids[0] || @opts[:id] || @opts[:name] || ""
-    end
-
-    private
-
-    def object_info
-      return @info if defined?(@info)
-
-      opts = @opts
-      @info = inspec.docker.containers.where { names == opts[:name] || (!id.nil? && !opts[:id].nil? && (id == opts[:id] || id.start_with?(opts[:id]))) }
-    end
-
-    # volume_info returns the low-level information obtained on docker inspect [container_name/id]
-    def volume_info
-      return @mount_info if defined?(@mount_info)
-
-      # Check for either docker inspect [container_name] or docker inspect [container_id]
-      @mount_info = inspec.docker.object(@opts[:name] || @opts[:id])
-    end
-  end
-end

data/lib/inspec/resources/docker_image.rb

@@ -1,141 +0,0 @@
-#
-# Copyright 2017, Christoph Hartmann
-
-require "inspec/resources/docker"
-require_relative "docker_object"
-
-module Inspec::Resources
-  class DockerImage < Inspec.resource(1)
-    include Inspec::Resources::DockerObject
-
-    name "docker_image"
-    supports platform: "unix"
-    desc ""
-    example <<~EXAMPLE
-      describe docker_image('alpine:latest') do
-        it { should exist }
-        its('id') { should_not eq '' }
-        its('image') { should eq 'alpine:latest' }
-        its('repo') { should eq 'alpine' }
-        its('tag') { should eq 'latest' }
-      end
-
-      describe docker_image('alpine:latest') do
-        it { should exist }
-      end
-
-      describe docker_image(id: '4a415e366388') do
-        it { should exist }
-      end
-    EXAMPLE
-
-    def initialize(opts = {})
-      # do sanitizion of input values
-      o = opts.dup
-      o = { image: opts } if opts.is_a?(String)
-      @opts = sanitize_options(o)
-    end
-
-    def image
-      "#{repo}:#{tag}" if object_info.entries.size == 1
-    end
-
-    def repo
-      object_info.repositories[0] if object_info.entries.size == 1
-    end
-
-    def tag
-      object_info.tags[0] if object_info.entries.size == 1
-    end
-
-    # method_missing handles when hash_keys are invoked to check information obtained on docker inspect [image_name]
-    def method_missing(*hash_keys)
-      # User can test the low-level inspect information in three ways:
-      # Way 1: Serverspec style: its(['Config.Cmd']) { should include some_value }
-      #        here, the value for hash_keys recieved is [:[], "Config.Cmd"]
-      # Way 2: InSpec style: its(['Config','Cmd']) { should include some_value }
-      #        here, the value for hash_keys recieved is [:[], "Config", "Cmd"]
-      # Way 3: Mix of both: its(['GraphDriver.Data','MergedDir']) { should include some_value }
-      #        here, the value for hash_keys recieved is [:[], "GraphDriver.Data", "MergedDir"]
-
-      # hash_keys are passed to this method to evaluate the value
-      image_hash_inspection(hash_keys)
-    end
-
-    # inspection property allows to test any of the hash key-value pairs as part of the image_inspect_info
-    def inspection
-      image_inspect_info
-    end
-
-    def to_s
-      img = @opts[:image] || @opts[:id]
-      "Docker Image #{img}"
-    end
-
-    def resource_id
-      object_info.ids[0] || @opts[:id] || @opts[:image] || ""
-    end
-
-    private
-
-    def sanitize_options(opts)
-      opts.merge!(parse_components_from_image(opts[:image]))
-
-      # assume a "latest" tag if we don't have one
-      opts[:tag] ||= "latest"
-
-      # if the ID isn't nil and doesn't contain a hash indicator (indicated by the presence
-      # of a colon, which separates the indicator from the actual hash), we assume it's sha256.
-      opts[:id] = "sha256:" + opts[:id] unless opts[:id].nil? || opts[:id].include?(":")
-
-      # Assemble/reassemble the image from the repo and tag
-      opts[:image] = "#{opts[:repo]}:#{opts[:tag]}" unless opts[:repo].nil?
-
-      # return the santized opts back to the caller
-      opts
-    end
-
-    def object_info
-      return @info if defined?(@info)
-
-      opts = @opts
-      @info = inspec.docker.images.where do
-        (repository == opts[:repo] && tag == opts[:tag]) || (!id.nil? && !opts[:id].nil? && (id == opts[:id] || id.start_with?(opts[:id])))
-      end
-    end
-
-    # image_inspect_info returns the complete inspect hash_values of the image
-    def image_inspect_info
-      return @inspect_info if defined?(@inspect_info)
-
-      @inspect_info = inspec.docker.object(@opts[:image] || (!@opts[:id].nil? && @opts[:id]))
-    end
-
-    # image_hash_inspection formats the input hash_keys and checks if any value exists for such keys in @inspect_info(image_inspect_info)
-    def image_hash_inspection(hash_keys)
-      # The hash_keys recieved are in three formats as mentioned in method_missing
-      # The hash_keys recieved must be in array format [] and the zeroth index must be :[]
-      # Check for the conditions and remove the zeroth element from the hash_keys
-
-      hash_keys.shift if hash_keys.is_a?(Array) && hash_keys[0] == :[]
-
-      # When received hash_keys in Serverspec style or mix of both
-      # The hash_keys are to be splitted at '.' (dot) and flatten it so that it doesn't become array of arrays
-      # After splitting and flattening is done, hash_keys is now an array with individual keys
-      hash_keys = hash_keys.map { |key| key.split(".") }.flatten
-
-      # image_inspect_info returns the complete inspect hash_values of the image
-      # dig() finds the nested value specified by the sequence of the key object by calling dig at each step.
-      # hash_keys is the key object. If one of the key is bad, value will be nil.
-      hash_value = image_inspect_info.dig(*hash_keys)
-
-      # If one of the key is bad, hash_value will be nil, so raise exception which throws it in rescue block
-      # else return hash_value
-      raise Inspec::Exceptions::ResourceFailed if hash_value.nil?
-
-      hash_value
-    rescue
-      raise Inspec::Exceptions::ResourceFailed, "#{hash_keys.join(".")} is not a valid key for your image or has nil value."
-    end
-  end
-end