inspec-core 6.8.24 → 7.0.38.beta

data/lib/inspec/plugin/v2/loader.rb

@@ -2,6 +2,7 @@ require "inspec/log"
 require "inspec/version"
 require "inspec/plugin/v2/config_file"
 require "inspec/plugin/v2/filter"
+require "inspec/plugin/v2/concerns/gem_spec_helper"
 
 module Inspec::Plugin::V2
   class Loader
@@ -10,6 +11,7 @@ module Inspec::Plugin::V2
     # For {inspec|train}_plugin_name?
     include Inspec::Plugin::V2::FilterPredicates
     extend Inspec::Plugin::V2::FilterPredicates
+    include Inspec::Plugin::V2::GemSpecHelper
 
     def initialize(options = {})
       @options = options
@@ -157,6 +159,33 @@ module Inspec::Plugin::V2
       self.class.list_managed_gems
     end
 
+    def self.find_gem_directory(gem_name, version = nil)
+      selected_gemspec = find_gemspec_of(gem_name, version)
+      selected_gemspec&.full_gem_path
+    end
+
+    def self.find_gemspec_directory(gem_name, version = nil)
+      selected_gemspec = find_gemspec_of(gem_name, version)
+      selected_gemspec&.loaded_from
+    end
+
+    def self.find_gemspec_of(gem_name, version = nil)
+      version = Gem::Version.new(version) if version && !version.is_a?(Gem::Version)
+
+      list_managed_gems
+        .select { |g| g.name == gem_name }
+        .sort_by(&:version)
+        .yield_self { |gems| version ? gems.find { |g| g.version == version } : gems.last }
+    end
+
+    def find_gemspec_directory(gem_name, version = nil)
+      self.class.find_gemspec_directory(gem_name, version)
+    end
+
+    def find_gem_directory(gem_name, version = nil)
+      self.class.find_gem_directory(gem_name, version)
+    end
+
     # Lists all plugin gems found in the plugin_gem_path.
     # This is simply all gems that begin with train- or inspec-
     # and are not on the exclusion list.
@@ -169,8 +198,6 @@ module Inspec::Plugin::V2
       self.class.list_managed_gems
     end
 
-    private
-
     # 'Activating' a gem adds it to the load path, so 'require "gemname"' will work.
     # Given a gem name, this activates the gem and all of its dependencies, respecting
     # version pinning needs.
@@ -208,13 +235,15 @@ module Inspec::Plugin::V2
         raise ex
       end
       solution.each do |activation_request|
-        next if activation_request.full_spec.activated?
+        requested_gemspec = activation_request.full_spec
+        next if requested_gemspec.activated?
 
-        activation_request.full_spec.activate
-        # TODO: If we are under Bundler, inform it that we loaded a gem
+        requested_gemspec.activate unless loaded_recent_most_version_of?(requested_gemspec)
       end
     end
 
+    private
+
     def annotate_status_after_loading(plugin_name)
       status = registry[plugin_name]
       return if status.api_generation == 2 # Gen2 have self-annotating superclasses

data/lib/inspec/plugin/v2/plugin_types/resource_pack.rb

@@ -0,0 +1,8 @@
+module Inspec::Plugin::V2::PluginType
+  class ResourcePack < Inspec::Plugin::V2::PluginBase
+    register_plugin_type(:resource_pack)
+
+    # TODO: Any DSL definitions would go here
+
+  end
+end

data/lib/inspec/plugin/v2.rb

@@ -13,6 +13,7 @@ module Inspec
       end
 
       class InstallError < Inspec::Plugin::V2::GemActionError; end
+      class InstallRequiredError < Inspec::Plugin::V2::InstallError; end
 
       class PluginExcludedError < Inspec::Plugin::V2::InstallError
         attr_accessor :details

data/lib/inspec/profile.rb

@@ -391,6 +391,16 @@ module Inspec
       included_tags
     end
 
+    # InSpec 7 introduced gem-based resource packs, so some "profiles" are now gem-based
+    # In this case, they are backed by a gem that contains an inspec.yml and a lib/PATH/plugin.rb
+    # which contains activator code which needs to be fired.
+    def activate_plugin_if_gem_based
+      return unless source_reader.is_a?(SourceReaders::GemReader)
+
+      reg = Inspec::Plugin::V2::Registry.instance
+      reg.find_activator(plugin_name: name.to_sym).activate!
+    end
+
     def load_libraries
       return @runner_context if @libraries_loaded
 

data/lib/inspec/profile_context.rb

@@ -121,6 +121,7 @@ module Inspec
       @control_subcontexts << context
     end
 
+    # Expects arrays of arrays of [[content, path, line]]
     def load_libraries(libs)
       lib_prefix = "libraries" + File::SEPARATOR
       autoloads = []
@@ -130,11 +131,20 @@ module Inspec
         next unless source.end_with?(".rb")
 
         path = source
+        # Create a list of files (presumably resources) to autoload by stripping the prefixes
+        # InSpec < 6: libraries/*.rb
+        # In InSpec 7, libraries can be installed under (for example)
+        # lib/inspec-test-resources/resources/demo_resource.rb
+
         if source.start_with?(lib_prefix)
           path = source.sub(lib_prefix, "")
           no_subdir = File.dirname(path) == "."
 
           autoloads.push(path) if no_subdir
+        elsif source.match(%r{^lib/.+/resources/.*\.rb})
+          # Gem Resource Pack
+          path = source.sub(%r{^lib/}, "")
+          autoloads.push(path)
         end
 
         @require_loader.add(path, content, source, line)

data/lib/inspec/reporters/automate.rb

@@ -66,9 +66,9 @@ module Inspec::Reporters
     # Then it downgrades the 160bit SHA1 to a 128bit
     # then we format it as a valid UUIDv5.
     def uuid_from_string(string)
-      hash = Digest::SHA256.new
+      hash = Digest::SHA1.new
       hash.update(string)
-      ary = hash.digest[0, 16].unpack("NnnnnN")
+      ary = hash.digest.unpack("NnnnnN")
       ary[2] = (ary[2] & 0x0FFF) | (5 << 12)
       ary[3] = (ary[3] & 0x3FFF) | 0x8000
       # rubocop:disable Style/FormatString

data/lib/inspec/resources/auditd.rb

@@ -193,7 +193,7 @@ module Inspec::Resources
     #
     # @return [Array[String,String]]
     def action_list_for(line)
-      action_list = line.scan(/-a ([^,\s]+),([^,\s]+)(?:\s|$)/).flatten
+      action_list = line.scan(/-a ([^,]+),([^ ]+)\s?/).flatten
 
       # Actions and lists can be in either order
       valid_actions = %w{never always}

data/lib/inspec/resources/groups.rb

@@ -200,8 +200,60 @@ module Inspec::Resources
   # implements generic unix groups via /etc/group
   class UnixGroup < GroupInfo
     def groups
+      get_group_info
+    end
+
+    private
+
+    def get_group_info
+      # First, try to fetch group info using getent
+      group_info = fetch_group_info_using_getent
+
+      return group_info unless group_info.empty?
+
+      # If getent fails, fallback to reading group info from /etc/group using inspec.etc_group.entries
+      Inspec::Log.debug("Falling back to reading group info from /etc/group as getent is unavailable or failed.")
       inspec.etc_group.entries
     end
+
+    # Fetches group information using the getent utility
+    def fetch_group_info_using_getent
+      # Find getent utility on the system
+      bin = find_getent_utility
+
+      # If getent is available, fetch group info
+      return [] unless bin
+
+      cmd = inspec.command("#{bin} group")
+      return parse_group_info(cmd) if cmd.exit_status.to_i == 0
+
+      # If getent fails, log the error and return an empty array
+      Inspec::Log.debug("Failed to execute #{bin} group: #{cmd.stderr}.")
+      []
+    end
+
+    # Parses group info from the command output
+    def parse_group_info(cmd)
+      cmd.stdout.strip.split("\n").map do |line|
+        name, password, gid, members = line.split(":")
+        {
+          "name" => name,
+          "password" => password,
+          "gid" => gid.to_i,
+          "members" => members,
+        }
+      end
+    end
+
+    # Checks if getent exists on the system
+    def find_getent_utility
+      %w{/usr/bin/getent /bin/getent getent}.each do |cmd|
+        return cmd if inspec.command(cmd).exist?
+      end
+      # Log debug information if getent is not found
+      Inspec::Log.debug("Could not find `getent` on your system.")
+      nil # Return nil if getent is not found
+    end
   end
 
   # OSX uses opendirectory for groups, so `/etc/group` may not be fully accurate

data/lib/inspec/resources/port.rb

@@ -300,7 +300,7 @@ module Inspec::Resources
     def parse_netstat_line(line)
       # parse each line
       # 1 - Socket, 2 - Proto, 3 - Receive-Q, 4 - Send-Q, 5 - Local address, 6 - Foreign Address, 7 - State
-      parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)(?:\s+(\S+))?\s+(\S+)$/.match(line)
+      parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)?\s+(\S+)/.match(line)
       return {} if parsed.nil?
 
       # parse ip4 and ip6 addresses
@@ -488,7 +488,7 @@ module Inspec::Resources
       # 1 - Proto, 2 - Recv-Q, 3 - Send-Q, 4 - Local Address, 5 - Foreign Address, 6 - State, 7 - User, 8 - Inode, 9 - PID/Program name
       # * UDP lines have an empty State column and the Busybox variant lacks
       # the User and Inode columns.
-      reg = /^(?<proto>\S+)\s+(\S+)\s+(\S+)\s+(?<local_addr>\S+)\s+(?<foreign_addr>\S+)\s+(?:\S+\s+){0,2}(?<pid_prog>\S+)$/
+      reg =  /^(?<proto>\S+)\s+(\S+)\s+(\S+)\s+(?<local_addr>\S+)\s+(?<foreign_addr>\S+)\s+(\S+)?\s+((\S+)\s+(\S+)\s+)?(?<pid_prog>\S+)/
       parsed = reg.match(line)
 
       return {} if parsed.nil? || line.match(/^proto/i)

data/lib/inspec/resources/postgres_session.rb

@@ -1,7 +1,7 @@
 # copyright: 2015, Vulcano Security GmbH
 
 require "shellwords" unless defined?(Shellwords)
-require "cgi" unless defined?(CGI)
+
 module Inspec::Resources
   class Lines
     attr_reader :output, :exit_status
@@ -55,7 +55,7 @@ module Inspec::Resources
       psql_cmd = create_psql_cmd(query, db)
       cmd = inspec.command(psql_cmd, redact_regex: %r{(:\/\/[a-z]*:).*(@)})
       out = cmd.stdout + "\n" + cmd.stderr
-      if cmd.exit_status != 0 && ( out =~ /could not connect to/ || out =~ /password authentication failed/ ) && (out.downcase =~ /error:/ || out.downcase =~ /fatal:/)
+      if cmd.exit_status != 0 && ( out =~ /could not connect to/ || out =~ /password authentication failed/ ) && out.downcase =~ /error:/
         raise Inspec::Exceptions::ResourceFailed, "PostgreSQL connection error: #{out}"
       elsif cmd.exit_status != 0 && out.downcase =~ /error:/
         Lines.new(out, "PostgreSQL query with error: #{query}", cmd.exit_status)
@@ -74,10 +74,6 @@ module Inspec::Resources
       Shellwords.escape(query)
     end
 
-    def encoded_password(password)
-      CGI.escape(password)
-    end
-
     def create_psql_cmd(query, db = [])
       dbs = db.map { |x| "#{x}" }.join(" ")
 
@@ -86,14 +82,14 @@ module Inspec::Resources
         # Socket connection only enabled for non-windows platforms
         # Windows does not support unix domain sockets
         option_port = @port.nil? ? "" : "-p #{@port}" # add explicit port if specified
-        "psql -d postgresql://#{@user}:#{encoded_password(@pass)}@/#{dbs}?host=#{@socket_path} #{option_port} -A -t -w -c #{escaped_query(query)}"
+        "psql -d postgresql://#{@user}:#{@pass}@/#{dbs}?host=#{@socket_path} #{option_port} -A -t -w -c #{escaped_query(query)}"
       else
         # Host in connection string establishes tcp/ip connection
         if inspec.os.windows?
           warn "Socket based connection not supported in windows, connecting using host" if @socket_path
-          "psql -d postgresql://#{@user}:#{encoded_password(@pass)}@#{@host}:#{@port}/#{dbs} -A -t -w -c \"#{query}\""
+          "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c \"#{query}\""
         else
-          "psql -d postgresql://#{@user}:#{encoded_password(@pass)}@#{@host}:#{@port}/#{dbs} -A -t -w -c #{escaped_query(query)}"
+          "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c #{escaped_query(query)}"
         end
       end
     end

data/lib/inspec/resources/yum.rb

@@ -121,7 +121,7 @@ module Inspec::Resources
     # extracts the shortname from a repo id
     # e.g. extras/7/x86_64 -> extras
     def shortname(id)
-      val = %r{^([^/]+)/.*$}.match(id)
+      val = %r{^\s*([^/]*?)/(.*?)\s*$}.match(id)
       val.nil? ? nil : val[1]
     end
 

data/lib/inspec/resources.rb

@@ -30,12 +30,6 @@ require "inspec/resources/cron"
 require "inspec/resources/timezone"
 require "inspec/resources/dh_params"
 require "inspec/resources/directory"
-require "inspec/resources/docker"
-require "inspec/resources/docker_container"
-require "inspec/resources/docker_image"
-require "inspec/resources/docker_plugin"
-require "inspec/resources/docker_service"
-require "inspec/resources/elasticsearch"
 require "inspec/resources/etc_fstab"
 require "inspec/resources/etc_group"
 require "inspec/resources/etc_hosts_allow_deny"
@@ -48,8 +42,6 @@ require "inspec/resources/groups"
 require "inspec/resources/grub_conf"
 require "inspec/resources/host"
 require "inspec/resources/http"
-require "inspec/resources/ibmdb2_conf"
-require "inspec/resources/ibmdb2_session"
 require "inspec/resources/iis_app"
 require "inspec/resources/iis_app_pool"
 require "inspec/resources/iis_site"
@@ -64,9 +56,6 @@ require "inspec/resources/key_rsa"
 require "inspec/resources/ksh"
 require "inspec/resources/limits_conf"
 require "inspec/resources/login_defs"
-require "inspec/resources/mongodb"
-require "inspec/resources/mongodb_conf"
-require "inspec/resources/mongodb_session"
 require "inspec/resources/mount"
 require "inspec/resources/mssql_session"
 require "inspec/resources/mssql_sys_conf"
@@ -102,15 +91,12 @@ require "inspec/resources/postgres_ident_conf"
 require "inspec/resources/postgres_session"
 require "inspec/resources/powershell"
 require "inspec/resources/processes"
-require "inspec/resources/rabbitmq_config"
 require "inspec/resources/registry_key"
 require "inspec/resources/security_identifier"
 require "inspec/resources/security_policy"
 require "inspec/resources/selinux"
 require "inspec/resources/service"
 require "inspec/resources/shadow"
-require "inspec/resources/ssh_config"
-require "inspec/resources/ssh_key"
 require "inspec/resources/ssl"
 require "inspec/resources/sys_info"
 require "inspec/resources/toml"

data/lib/inspec/runner.rb

@@ -115,7 +115,8 @@ module Inspec
         next unless profile.supports_platform?
 
         write_lockfile(profile) if @create_lockfile
-        profile.locked_dependencies
+        # TODO: InSpec 8: Replace with Profile OnLoad event handling
+        profile.locked_dependencies # Only need to do this once, this recurses down
         profile.load_gem_dependencies
         profile_context = profile.load_libraries
 
@@ -125,6 +126,9 @@ module Inspec
              " on unsupported platform: '#{@backend.platform.name}/#{@backend.platform.release}'."
             next
           end
+          # TODO: InSpec 8: Replace with Profile OnLoad event handling
+          requirement.profile.load_gem_dependencies
+          requirement.profile.load_libraries
           @test_collector.add_profile(requirement.profile)
         end
 
@@ -168,16 +172,7 @@ module Inspec
     end
 
     def run(with = nil)
-      product_dist_name = Inspec::Dist::PRODUCT_NAME
-      if Inspec::Dist::EXEC_NAME == "inspec"
-        if Inspec::Telemetry::RunContextProbe.guess_run_context == "test-kitchen"
-          product_dist_name = "Chef Workstation"
-          configure_licensing_config_for_kitchen(@conf)
-          # Persist the license key in file when passed via test-kitchen
-          ChefLicensing.fetch_and_persist if @conf[:chef_license_key]
-        end
-        ChefLicensing.check_software_entitlement!
-      end
+      ChefLicensing.check_software_entitlement! if Inspec::Dist::EXEC_NAME == "inspec"
 
       # Validate if profiles are signed and verified
       # Additional check is required to provide error message in case of inspec exec command (exec command can use multiple profiles as well)
@@ -192,11 +187,8 @@ module Inspec
       Inspec::Telemetry.run_starting(runner: self, conf: @conf)
       load
       run_tests(with)
-    rescue ChefLicensing::LicenseKeyFetcher::LicenseKeyNotFetchedError
-      Inspec::Log.error "#{product_dist_name} cannot execute without valid licenses."
-      Inspec::UI.new.exit(:license_not_set)
     rescue ChefLicensing::SoftwareNotEntitled
-      Inspec::Log.error "License is not entitled to use #{product_dist_name}."
+      Inspec::Log.error "License is not entitled to use InSpec."
       Inspec::UI.new.exit(:license_not_entitled)
     rescue ChefLicensing::Error => e
       Inspec::Log.error e.message

data/lib/inspec/source_reader.rb

@@ -24,3 +24,5 @@ end
 
 require "source_readers/inspec"
 require "source_readers/flat"
+require "source_readers/gem"
+

data/lib/inspec/ui.rb

@@ -39,6 +39,7 @@ module Inspec
     EXIT_FAILED_TESTS = 100
     EXIT_SKIPPED_TESTS = 101
     EXIT_TERMINATED_BY_CTL_C = 130
+    EXIT_GEM_DEPENDENCY_NOT_FOUND = 201
 
     attr_reader :io
 

data/lib/inspec/utils/deprecation/config_file.rb

@@ -7,6 +7,7 @@ module Inspec
   module Deprecation
     class ConfigFile
       GroupEntry = Struct.new(:name, :action, :prefix, :suffix, :exit_status)
+      FallbackEntry = Struct.new(:resource_name_regex, :gem_name, :message)
 
       # What actions may you specify to be taken when a deprecation is encountered?
       VALID_ACTIONS = [
@@ -20,7 +21,7 @@ module Inspec
       # and pass validation.
       VALID_GROUP_FIELDS = %w{action suffix prefix exit_status comment}.freeze
 
-      attr_reader :groups, :unknown_group_action
+      attr_reader :fallback_resource_packs, :groups, :unknown_group_action
 
       def initialize(io = nil)
         io ||= open_default_config_io
@@ -31,6 +32,7 @@ module Inspec
         end
 
         @groups = {}
+        @fallback_resource_packs = []
         @unknown_group_action = :warn
         validate!
         silence_deprecations_from_cli
@@ -83,14 +85,25 @@ module Inspec
         @raw_data["groups"].each do |group_name, group_info|
           validate_group_entry(group_name, group_info)
         end
+
+        unless @raw_data.key?("fallback_resource_packs")
+          raise Inspec::Deprecation::InvalidConfigFileError, "Missing fallback_resource_packs field"
+        end
+        unless @raw_data["fallback_resource_packs"].is_a?(Hash)
+          raise Inspec::Deprecation::InvalidConfigFileError, "fallback_resource_packs field must be a Hash"
+        end
+
+        @raw_data["fallback_resource_packs"].each do |fallback_pat, fallback_info|
+          validate_fallback(fallback_pat, fallback_info)
+        end
       end
 
       def validate_file_version
         unless @raw_data.key?("file_version")
           raise Inspec::Deprecation::InvalidConfigFileError, "Missing file_version field"
         end
-        unless @raw_data["file_version"] == "1.0.0"
-          raise Inspec::Deprecation::InvalidConfigFileError, "Unrecognized file_version '#{@raw_data["file_version"]}' - supported versions: 1.0.0"
+        unless @raw_data["file_version"] == "2.0.0"
+          raise Inspec::Deprecation::InvalidConfigFileError, "Unrecognized file_version '#{@raw_data["file_version"]}' - supported versions: 2.0.0"
         end
       end
 
@@ -125,6 +138,29 @@ module Inspec
 
         groups[name.to_sym] = entry
       end
+
+      def validate_fallback(pattern, raw_info)
+        fallback = FallbackEntry.new
+        begin
+          fallback.resource_name_regex = Regexp.new(pattern)
+        rescue RegexpError
+          raise Inspec::Deprecation::InvalidConfigFileError, "Invalid regular expression in resource pack fallback definition '#{pattern}'"
+        end
+
+        unless raw_info["gem"]
+          raise Inspec::Deprecation::InvalidConfigFileError, "fallback_resource_packs missing gem name for pattern '#{pattern}'"
+        end
+
+        fallback.gem_name = raw_info["gem"]
+
+        unless raw_info["message"]
+          raise Inspec::Deprecation::InvalidConfigFileError, "fallback_resource_packs missing message for pattern '#{pattern}'"
+        end
+
+        fallback.message = raw_info["message"]
+
+        fallback_resource_packs.push fallback
+      end
     end
   end
 end

data/lib/inspec/utils/deprecation/deprecator.rb

@@ -4,11 +4,12 @@ require "inspec/log"
 module Inspec
   module Deprecation
     class Deprecator
-      attr_reader :config, :groups
+      attr_reader :config, :fallback_resource_packs, :groups
 
       def initialize(opts = {})
         @config = Inspec::Deprecation::ConfigFile.new(opts[:config_io])
         @groups = @config.groups
+        @fallback_resource_packs = @config.fallback_resource_packs
       end
 
       def handle_deprecation(group_name, message, opts = {})
@@ -21,6 +22,13 @@ module Inspec
         send(action_method, group_name.to_sym, assembled_message, group)
       end
 
+      # Given a resource name, suggest a gem nam to load and or install
+      def match_gem_for_fallback_resource_name(resource_name)
+        fallback = fallback_resource_packs.find { |fb| fb.resource_name_regex.match(resource_name) }
+        # We have a message here but can't pass it back?
+        fallback&.gem_name
+      end
+
       private
 
       def create_group_entry_for_unknown_group(group_name)
@@ -61,8 +69,7 @@ module Inspec
 
         suffix += (" (used at " + opts[:used_at_stack_frame].path + ":" + opts[:used_at_stack_frame].lineno.to_s + ")") if opts.key?(:used_at_stack_frame)
 
-        keyword = group.name.to_s == "core_resource_moved_to_rp" ? "CHANGE NOTICE: " : "DEPRECATION: "
-        keyword + prefix + message + suffix
+        "DEPRECATION: " + prefix + message + suffix
       end
 
       def called_from_control?

data/lib/inspec/utils/licensing_config.rb

@@ -4,20 +4,6 @@ ChefLicensing.configure do |config|
   config.chef_product_name = "InSpec"
   config.chef_entitlement_id = "3ff52c37-e41f-4f6c-ad4d-365192205968"
   config.chef_executable_name = "inspec"
-  config.license_server_url = ENV["CHEF_LICENSE_SERVER"] || "https://services.chef.io/licensing"
+  config.license_server_url = "https://services.chef.io/licensing"
   config.logger = Inspec::Log
 end
-
-def configure_licensing_config_for_kitchen(opts = {})
-  ChefLicensing.configure do |config|
-    # Reset entitlement ID to the ID of Chef Workstation
-    config.chef_entitlement_id = "x6f3bc76-a94f-4b6c-bc97-4b7ed2b045c0"
-    # Reset Chef License server via kitchen when passed in kitchen.yml
-    opts["chef_license_server"] = opts["chef_license_server"].join(",") if opts["chef_license_server"].is_a? Array
-    unless opts["chef_license_server"].nil? || opts["chef_license_server"].empty?
-      ENV["CHEF_LICENSE_SERVER"] = opts["chef_license_server"]
-    end
-  end
-  # Reset Chef License key via kitchen when passed in kitchen.yml
-  ENV["CHEF_LICENSE_KEY"] = opts["chef_license_key"] if opts["chef_license_key"]
-end

data/lib/inspec/utils/parser.rb

@@ -72,23 +72,15 @@ module Inspec
         if includes_whitespaces?(mount_line)
           # Device-/Sharenames and Mountpoints including whitespaces require special treatment:
           # We use the keyword ' type ' to split up and rebuild the desired array of fields
-          # Split the mount line by the keyword ' type '
-          fs_path, other_opts = mount_line.split(" type ", 2)
-
-          # Manually split fs_path into the filesystem and path parts
-          fs, path = fs_path.split(" on ", 2)
-
-          # Start building the mount array
+          type_split = mount_line.split(" type ")
+          fs_path = type_split[0]
+          other_opts = type_split[1]
+          fs, path = fs_path.match(%r{^(.+?)\son\s(/.+?)$}).captures
           mount = [fs, "on", path, "type"]
-
-          # Split the remaining options by spaces
-          other_opts = other_opts.split(/\s+/)
-
-          # Concatenate the options to the mount array
-          mount.concat(other_opts)
+          mount.concat(other_opts.scan(/\S+/))
         else
-          # If no whitespace, simply split by spaces
-          mount = mount_line.split(/\s+/)
+          # ... otherwise we just split the fields by whitespaces
+          mount = mount_line.scan(/\S+/)
         end
 
         # parse device and type
@@ -117,10 +109,8 @@ module Inspec
 
       # Device-/Sharename or Mountpoint includes whitespaces?
       def includes_whitespaces?(mount_line)
-        # Split the mount_line by " on "
-        parts = mount_line.split(" on ")
-        # Check if either part contains spaces
-        parts.any? { |part| part.include?(" ") }
+        ws = mount_line.match(/^(.+)\son\s(.+)\stype\s.*$/)
+        ws.captures[0].include?(" ") || ws.captures[1].include?(" ")
       end
     end
 

data/lib/inspec/utils/telemetry.rb

@@ -18,12 +18,10 @@ module Inspec
       # Don't perform telemetry action for other InSpec distros
       # Don't perform telemetry action if running under Automate - Automate does LDC tracking for us
       # Don't perform telemetry action if license is a commercial license
-      # Don't perform telemetry action if running under Test Kitchen
 
       if Inspec::Dist::EXEC_NAME != "inspec" ||
           Inspec::Telemetry::RunContextProbe.under_automate? ||
-          license&.license_type&.downcase == "commercial" ||
-          Inspec::Telemetry::RunContextProbe.guess_run_context == "test-kitchen"
+          license&.license_type&.downcase == "commercial"
 
         Inspec::Log.debug "Determined telemetry operation is not applicable and hence aborting it."
         return Inspec::Telemetry::Null

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "6.8.24".freeze
+  VERSION = "7.0.38.beta".freeze
 end

data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb

@@ -425,10 +425,8 @@ module InspecPlugins
                  "our apologies for the misunderstanding, and open an issue " \
                  "at https://github.com/inspec/inspec/issues/new")
         ui.exit Inspec::UI::EXIT_PLUGIN_ERROR
-      rescue Inspec::Plugin::V2::InstallError => e
-        # This change is compatible with various versions of Ruby, including Ruby 3.3
-        # Using Inspec::Log::level breaks with error `undefined method nil` in Ruby log library
-        Inspec::Log.debug e.backtrace
+      rescue Inspec::Plugin::V2::InstallError
+        raise if Inspec::Log.level == :debug
 
         results = installer.search(plugin_name, exact: true)
         source_host = URI(options[:source] || "https://rubygems.org/").host