inspec-core 6.8.24 → 7.0.38.beta

data/lib/source_readers/gem.rb

@@ -0,0 +1,67 @@
+require "inspec/fetcher"
+require "inspec/metadata"
+
+module SourceReaders
+  class GemReader < Inspec.source_reader(1)
+    name "gem"
+    priority 20
+
+    def self.resolve(target)
+      return new(target) unless target.files.grep(/gemspec/).empty?
+
+      nil
+    end
+
+    attr_reader :metadata, :metadata_src, :tests, :libraries, :data_files, :target, :readme
+
+    # This creates a new instance of an InSpec Gem-packaged profile source reader
+    # As of July 2024 only resource packs, not controls, may be packaged as gems
+    #
+    # @param [FileProvider] target An instance of a FileProvider object that can list files and read them
+    def initialize(target)
+      @target     = target
+      @metadata   = load_metadata(target.files.grep("inspec.yml").first)
+      @tests      = {} # TODO - one day support controls?
+      @libraries  = load_libs
+      @data_files = {}
+      @readme     = load_readme
+    end
+
+    private
+
+    def load_metadata(metadata_source)
+      @metadata_src = @target.read(metadata_source)
+      Inspec::Metadata.from_ref(
+        metadata_source,
+        @metadata_src,
+        nil
+      )
+    rescue Psych::SyntaxError => e
+      raise "Unable to parse inspec.yml: line #{e.line}, #{e.problem} #{e.context}"
+    rescue => e
+      raise "Unable to parse #{metadata_source}: #{e.class} -- #{e.message}"
+    end
+
+    def find_all(regexp)
+      @target.files.grep(regexp)
+    end
+
+    def load_all(regexp)
+      find_all(regexp)
+        .map { |path| file = @target.read(path); [path, file] if file }
+        .compact
+        .to_h
+    end
+
+    def load_libs
+      # Legacy resource packs (inspec-gcp, inspec-aws, etc) have resources in old locations
+      load_all(%r{^libraries/.*\.rb$})
+      # New resource packs have them here
+      load_all(%r{^lib/.*/resources/.*\.rb$})
+    end
+
+    def load_readme
+      load_all(/README.md/)
+    end
+  end
+end

data/lib/source_readers/inspec.rb

@@ -66,7 +66,7 @@ module SourceReaders
     end
 
     def load_readme
-      load_all(/README(\.md)?$/)
+      load_all(/README.md/)
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 6.8.24
+  version: 7.0.38.beta
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2025-01-23 00:00:00.000000000 Z
+date: 2025-03-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -472,6 +472,7 @@ files:
 - lib/inspec/feature/config.rb
 - lib/inspec/feature/runner.rb
 - lib/inspec/fetcher.rb
+- lib/inspec/fetcher/gem.rb
 - lib/inspec/fetcher/git.rb
 - lib/inspec/fetcher/local.rb
 - lib/inspec/fetcher/mock.rb
@@ -511,8 +512,10 @@ files:
 - lib/inspec/plugin/v1/registry.rb
 - lib/inspec/plugin/v2.rb
 - lib/inspec/plugin/v2/activator.rb
+- lib/inspec/plugin/v2/concerns/gem_spec_helper.rb
 - lib/inspec/plugin/v2/config_file.rb
 - lib/inspec/plugin/v2/filter.rb
+- lib/inspec/plugin/v2/gem_source_manager.rb
 - lib/inspec/plugin/v2/installer.rb
 - lib/inspec/plugin/v2/loader.rb
 - lib/inspec/plugin/v2/plugin_base.rb
@@ -521,6 +524,7 @@ files:
 - lib/inspec/plugin/v2/plugin_types/input.rb
 - lib/inspec/plugin/v2/plugin_types/mock.rb
 - lib/inspec/plugin/v2/plugin_types/reporter.rb
+- lib/inspec/plugin/v2/plugin_types/resource_pack.rb
 - lib/inspec/plugin/v2/plugin_types/streaming_reporter.rb
 - lib/inspec/plugin/v2/registry.rb
 - lib/inspec/plugin/v2/status.rb
@@ -563,13 +567,6 @@ files:
 - lib/inspec/resources/default_gateway.rb
 - lib/inspec/resources/dh_params.rb
 - lib/inspec/resources/directory.rb
-- lib/inspec/resources/docker.rb
-- lib/inspec/resources/docker_container.rb
-- lib/inspec/resources/docker_image.rb
-- lib/inspec/resources/docker_object.rb
-- lib/inspec/resources/docker_plugin.rb
-- lib/inspec/resources/docker_service.rb
-- lib/inspec/resources/elasticsearch.rb
 - lib/inspec/resources/etc_fstab.rb
 - lib/inspec/resources/etc_group.rb
 - lib/inspec/resources/etc_hosts.rb
@@ -585,8 +582,6 @@ files:
 - lib/inspec/resources/grub_conf.rb
 - lib/inspec/resources/host.rb
 - lib/inspec/resources/http.rb
-- lib/inspec/resources/ibmdb2_conf.rb
-- lib/inspec/resources/ibmdb2_session.rb
 - lib/inspec/resources/iis_app.rb
 - lib/inspec/resources/iis_app_pool.rb
 - lib/inspec/resources/iis_site.rb
@@ -612,9 +607,6 @@ files:
 - lib/inspec/resources/login_defs.rb
 - lib/inspec/resources/lxc.rb
 - lib/inspec/resources/mail_alias.rb
-- lib/inspec/resources/mongodb.rb
-- lib/inspec/resources/mongodb_conf.rb
-- lib/inspec/resources/mongodb_session.rb
 - lib/inspec/resources/mount.rb
 - lib/inspec/resources/mssql_session.rb
 - lib/inspec/resources/mssql_sys_conf.rb
@@ -645,12 +637,6 @@ files:
 - lib/inspec/resources/php_config.rb
 - lib/inspec/resources/pip.rb
 - lib/inspec/resources/platform.rb
-- lib/inspec/resources/podman.rb
-- lib/inspec/resources/podman_container.rb
-- lib/inspec/resources/podman_image.rb
-- lib/inspec/resources/podman_network.rb
-- lib/inspec/resources/podman_pod.rb
-- lib/inspec/resources/podman_volume.rb
 - lib/inspec/resources/port.rb
 - lib/inspec/resources/postfix_conf.rb
 - lib/inspec/resources/postgres.rb
@@ -661,8 +647,6 @@ files:
 - lib/inspec/resources/powershell.rb
 - lib/inspec/resources/ppa.rb
 - lib/inspec/resources/processes.rb
-- lib/inspec/resources/rabbitmq_conf.rb
-- lib/inspec/resources/rabbitmq_config.rb
 - lib/inspec/resources/registry_key.rb
 - lib/inspec/resources/routing_table.rb
 - lib/inspec/resources/runit_service.rb
@@ -672,13 +656,7 @@ files:
 - lib/inspec/resources/selinux.rb
 - lib/inspec/resources/service.rb
 - lib/inspec/resources/shadow.rb
-- lib/inspec/resources/ssh_config.rb
-- lib/inspec/resources/ssh_key.rb
-- lib/inspec/resources/sshd_active_config.rb
-- lib/inspec/resources/sshd_config.rb
 - lib/inspec/resources/ssl.rb
-- lib/inspec/resources/sybase_conf.rb
-- lib/inspec/resources/sybase_session.rb
 - lib/inspec/resources/sys_info.rb
 - lib/inspec/resources/systemd_service.rb
 - lib/inspec/resources/sysv_service.rb
@@ -734,7 +712,6 @@ files:
 - lib/inspec/utils/convert.rb
 - lib/inspec/utils/database_helpers.rb
 - lib/inspec/utils/deprecated_cloud_resources_list.rb
-- lib/inspec/utils/deprecated_core_resources_list.rb
 - lib/inspec/utils/deprecation.rb
 - lib/inspec/utils/deprecation/config_file.rb
 - lib/inspec/utils/deprecation/deprecator.rb
@@ -756,7 +733,6 @@ files:
 - lib/inspec/utils/object_traversal.rb
 - lib/inspec/utils/parser.rb
 - lib/inspec/utils/pkey_reader.rb
-- lib/inspec/utils/podman.rb
 - lib/inspec/utils/profile_ast_helpers.rb
 - lib/inspec/utils/run_data_filters.rb
 - lib/inspec/utils/simpleconfig.rb
@@ -891,6 +867,7 @@ files:
 - lib/plugins/shared/core_plugin_test_helper.rb
 - lib/plugins/things-for-train-integration.rb
 - lib/source_readers/flat.rb
+- lib/source_readers/gem.rb
 - lib/source_readers/inspec.rb
 homepage: https://github.com/inspec/inspec
 licenses:
@@ -907,9 +884,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 3.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubygems_version: 3.2.3
 signing_key: 

data/lib/inspec/resources/docker.rb

@@ -1,274 +0,0 @@
-#
-# Copyright 2017, Christoph Hartmann
-#
-
-require "inspec/resources/command"
-require "inspec/utils/filter"
-require "hashie/mash"
-
-module Inspec::Resources
-  class DockerContainerFilter
-    # use filtertable for containers
-    filter = FilterTable.create
-    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
-    filter.register_column(:commands, field: "command")
-      .register_column(:ids,            field: "id")
-      .register_column(:images,         field: "image")
-      .register_column(:labels,         field: "labels", style: :simple)
-      .register_column(:local_volumes,  field: "localvolumes")
-      .register_column(:mounts,         field: "mounts")
-      .register_column(:names,          field: "names")
-      .register_column(:networks,       field: "networks")
-      .register_column(:ports,          field: "ports")
-      .register_column(:running_for,    field: "runningfor")
-      .register_column(:sizes,          field: "size")
-      .register_column(:status,         field: "status")
-      .register_custom_matcher(:running?) do |x|
-        x.where { status.downcase.start_with?("up") }
-      end
-    filter.install_filter_methods_on_resource(self, :containers)
-
-    attr_reader :containers
-    def initialize(containers)
-      @containers = containers
-    end
-  end
-
-  class DockerImageFilter
-    filter = FilterTable.create
-    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
-    filter.register_column(:ids, field: "id")
-      .register_column(:repositories,  field: "repository")
-      .register_column(:tags,          field: "tag")
-      .register_column(:sizes,         field: "size")
-      .register_column(:digests,       field: "digest")
-      .register_column(:created,       field: "createdat")
-      .register_column(:created_since, field: "createdsize")
-    filter.install_filter_methods_on_resource(self, :images)
-
-    attr_reader :images
-    def initialize(images)
-      @images = images
-    end
-  end
-
-  class DockerPluginFilter
-    filter = FilterTable.create
-    filter.add(:ids, field: "id")
-      .add(:names,    field: "name")
-      .add(:versions, field: "version")
-      .add(:enabled,  field: "enabled")
-    filter.connect(self, :plugins)
-
-    attr_reader :plugins
-    def initialize(plugins)
-      @plugins = plugins
-    end
-  end
-
-  class DockerServiceFilter
-    filter = FilterTable.create
-    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
-    filter.register_column(:ids, field: "id")
-      .register_column(:names,    field: "name")
-      .register_column(:modes,    field: "mode")
-      .register_column(:replicas, field: "replicas")
-      .register_column(:images,   field: "image")
-      .register_column(:ports,    field: "ports")
-    filter.install_filter_methods_on_resource(self, :services)
-
-    attr_reader :services
-    def initialize(services)
-      @services = services
-    end
-  end
-
-  # This resource helps to parse information from the docker host
-  # For compatability with Serverspec we also offer the following resouses:
-  # - docker_container
-  # - docker_image
-  class Docker < Inspec.resource(1)
-    name "docker"
-    supports platform: "unix"
-    desc "
-      A resource to retrieve information about docker
-    "
-
-    example <<~EXAMPLE
-      describe docker.containers do
-        its('images') { should_not include 'u12:latest' }
-      end
-
-      describe docker.images do
-        its('repositories') { should_not include 'inssecure_image' }
-      end
-
-      describe docker.plugins.where { name == 'rexray/ebs' } do
-        it { should exist }
-      end
-
-      describe docker.services do
-        its('images') { should_not include 'inssecure_image' }
-      end
-
-      describe docker.version do
-        its('Server.Version') { should cmp >= '1.12'}
-        its('Client.Version') { should cmp >= '1.12'}
-      end
-
-      describe docker.object(id) do
-        its('Configuration.Path') { should eq 'value' }
-      end
-
-      docker.containers.ids.each do |id|
-        # call docker inspect for a specific container id
-        describe docker.object(id) do
-          its(%w(HostConfig Privileged)) { should cmp false }
-          its(%w(HostConfig Privileged)) { should_not cmp true }
-        end
-      end
-    EXAMPLE
-
-    def containers
-      DockerContainerFilter.new(parse_containers)
-    end
-
-    def images
-      DockerImageFilter.new(parse_images)
-    end
-
-    def plugins
-      DockerPluginFilter.new(parse_plugins)
-    end
-
-    def services
-      DockerServiceFilter.new(parse_services)
-    end
-
-    def version
-      return @version if defined?(@version)
-
-      data = {}
-      cmd = inspec.command("docker version --format '{{ json . }}'")
-      data = JSON.parse(cmd.stdout) if cmd.exit_status == 0
-      @version = Hashie::Mash.new(data)
-    rescue JSON::ParserError => _e
-      Hashie::Mash.new({})
-    end
-
-    def info
-      return @info if defined?(@info)
-
-      data = {}
-      # docke info format is only supported for Docker 17.03+
-      cmd = inspec.command("docker info --format '{{ json . }}'")
-      data = JSON.parse(cmd.stdout) if cmd.exit_status == 0
-      @info = Hashie::Mash.new(data)
-    rescue JSON::ParserError => _e
-      Hashie::Mash.new({})
-    end
-
-    # returns information about docker objects
-    def object(id)
-      return @inspect if defined?(@inspect)
-
-      data = JSON.parse(inspec.command("docker inspect #{id}").stdout)
-      data = data[0] if data.is_a?(Array)
-      @inspect = Hashie::Mash.new(data)
-    rescue JSON::ParserError => _e
-      Hashie::Mash.new({})
-    end
-
-    def to_s
-      "Docker Host"
-    end
-
-    private
-
-    def parse_json_command(labels, subcommand)
-      # build command
-      format = labels.map { |label| "\"#{label}\": {{json .#{label}}}" }
-      raw = inspec.command("docker #{subcommand} --format '{#{format.join(", ")}}'").stdout
-      output = []
-      # since docker is not outputting valid json, we need to parse each row
-      raw.each_line do |entry|
-        # convert all keys to lower_case to work well with ruby and filter table
-        row = JSON.parse(entry).map do |key, value|
-          [key.downcase, value]
-        end.to_h
-
-        # ensure all keys are there
-        row = ensure_keys(row, labels)
-
-        # strip off any linked container names
-        # Depending on how it was linked, the actual container name may come before
-        # or after the link information, so we'll just look for the first name that
-        # does not include a slash since that is not a valid character in a container name
-        if row["names"]
-          row["names"] = row["names"].split(",").find { |c| !c.include?("/") }
-        end
-
-        # Split labels on ',' or set to empty array
-        # Allows for `docker.containers.where { labels.include?('app=redis') }`
-        row["labels"] = row.key?("labels") ? row["labels"].split(",") : []
-
-        output.push(row)
-      end
-
-      output
-    rescue JSON::ParserError => _e
-      warn "Could not parse `docker #{subcommand}` output"
-      []
-    end
-
-    def parse_containers
-      # @see https://github.com/moby/moby/issues/20625, works for docker 1.13+
-      # raw_containers = inspec.command('docker ps -a --no-trunc --format \'{{ json . }}\'').stdout
-      # therefore we stick with older approach
-      labels = %w{Command CreatedAt ID Image Labels Mounts Names Ports RunningFor Size Status}
-
-      # Networks LocalVolumes work with 1.13+ only
-      if !version.empty? && Gem::Version.new(version["Client"]["Version"]) >= Gem::Version.new("1.13")
-        labels.push("Networks")
-        labels.push("LocalVolumes")
-      end
-      parse_json_command(labels, "ps -a --no-trunc")
-    end
-
-    def parse_services
-      parse_json_command(%w{ID Name Mode Replicas Image Ports}, "service ls")
-    end
-
-    def ensure_keys(entry, labels)
-      labels.each do |key|
-        entry[key.downcase] = nil unless entry.key?(key.downcase)
-      end
-      entry
-    end
-
-    def parse_images
-      # docker does not support the `json .` function here, therefore we need to emulate that behavior.
-      raw_images = inspec.command('docker images -a --no-trunc --format \'{ "id": {{json .ID}}, "repository": {{json .Repository}}, "tag": {{json .Tag}}, "size": {{json .Size}}, "digest": {{json .Digest}}, "createdat": {{json .CreatedAt}}, "createdsize": {{json .CreatedSince}} }\'').stdout
-      c_images = []
-      raw_images.each_line do |entry|
-        c_images.push(JSON.parse(entry))
-      end
-      c_images
-    rescue JSON::ParserError => _e
-      warn "Could not parse `docker images` output"
-      []
-    end
-
-    def parse_plugins
-      plugins = inspec.command('docker plugin ls --format \'{"id": {{json .ID}}, "name": "{{ with split .Name ":"}}{{index . 0}}{{end}}", "version": "{{ with split .Name ":"}}{{index . 1}}{{end}}", "enabled": {{json .Enabled}} }\'').stdout
-      c_plugins = []
-      plugins.each_line do |entry|
-        c_plugins.push(JSON.parse(entry))
-      end
-      c_plugins
-    rescue JSON::ParserError => _e
-      warn "Could not parse `docker plugin ls` output"
-      []
-    end
-  end
-end

data/lib/inspec/resources/docker_container.rb

@@ -1,116 +0,0 @@
-#
-# Copyright 2017, Christoph Hartmann
-
-require "inspec/resources/docker"
-require_relative "docker_object"
-
-module Inspec::Resources
-  class DockerContainer < Inspec.resource(1)
-    include Inspec::Resources::DockerObject
-
-    name "docker_container"
-    supports platform: "unix"
-    desc ""
-    example <<~EXAMPLE
-      describe docker_container('an-echo-server') do
-        it { should exist }
-        it { should be_running }
-        its('id') { should_not eq '' }
-        its('image') { should eq 'busybox:latest' }
-        its('repo') { should eq 'busybox' }
-        its('tag') { should eq 'latest' }
-        its('ports') { should eq [] }
-        its('command') { should eq 'nc -ll -p 1234 -e /bin/cat' }
-        its('labels') { should include 'app=example' }
-      end
-
-      describe docker_container(id: 'e2c52a183358') do
-        it { should exist }
-        it { should be_running }
-      end
-    EXAMPLE
-
-    def initialize(opts = {})
-      # if a string is provided, we expect it is the name
-      if opts.is_a?(String)
-        @opts = { name: opts }
-      else
-        @opts = opts
-      end
-    end
-
-    def running?
-      status.downcase.start_with?("up") if object_info.entries.length == 1
-    end
-
-    # has_volume? matcher checks if the volume specified in source path of host is mounted in destination path of docker
-    def has_volume?(destination, source)
-      # volume_info is the hash which contains the low-level information about the container
-      # if Mounts key is not present or is nil; raise exception
-      raise Inspec::Exceptions::ResourceFailed, "Could not find any mounted volumes for your container" unless volume_info.Mounts[0]
-
-      # Iterate through the list of mounted volumes and check if it matches with the given destination and source
-      # is_mounted flag is used to handle to return explict boolean values of true or false
-      is_mounted = false
-      volume_info.Mounts.detect { |mount| is_mounted = mount.Destination == destination && mount.Source == source }
-      is_mounted
-    end
-
-    def status
-      object_info.status[0] if object_info.entries.length == 1
-    end
-
-    def labels
-      object_info.labels
-    end
-
-    def ports
-      object_info.ports[0] if object_info.entries.length == 1
-    end
-
-    def command
-      return unless object_info.entries.length == 1
-
-      cmd = object_info.commands[0]
-      cmd.slice(1, cmd.length - 2)
-    end
-
-    def image
-      object_info.images[0] if object_info.entries.length == 1
-    end
-
-    def repo
-      parse_components_from_image(image)[:repo] if object_info.entries.size == 1
-    end
-
-    def tag
-      parse_components_from_image(image)[:tag] if object_info.entries.size == 1
-    end
-
-    def to_s
-      name = @opts[:name] || @opts[:id]
-      "Docker Container #{name}"
-    end
-
-    def resource_id
-      object_info.ids[0] || @opts[:id] || @opts[:name] || ""
-    end
-
-    private
-
-    def object_info
-      return @info if defined?(@info)
-
-      opts = @opts
-      @info = inspec.docker.containers.where { names == opts[:name] || (!id.nil? && !opts[:id].nil? && (id == opts[:id] || id.start_with?(opts[:id]))) }
-    end
-
-    # volume_info returns the low-level information obtained on docker inspect [container_name/id]
-    def volume_info
-      return @mount_info if defined?(@mount_info)
-
-      # Check for either docker inspect [container_name] or docker inspect [container_id]
-      @mount_info = inspec.docker.object(@opts[:name] || @opts[:id])
-    end
-  end
-end