inspec-core 6.8.24 → 7.0.38.beta

data/lib/inspec/resources/podman_image.rb

@@ -1,108 +0,0 @@
-require "inspec/resources/command"
-require_relative "docker_object"
-require "inspec/utils/podman"
-
-module Inspec::Resources
-  class PodmanImage < Inspec.resource(1)
-    include Inspec::Resources::DockerObject
-    include Inspec::Utils::Podman
-
-    name "podman_image"
-    supports platform: "unix"
-
-    desc "InSpec core resource to retrieve information about podman image"
-
-    example <<~EXAMPLE
-      describe podman_image("docker.io/library/busybox") do
-        it { should exist }
-        its("repo_tags") { should include "docker.io/library/busybox:latest" }
-        its("size") { should eq 1636053 }
-        its("resource_id") { should eq "docker.io/library/busybox:latest" }
-      end
-
-      describe podman_image("docker.io/library/busybox:latest") do
-        it { should exist }
-      end
-
-      describe podman_image(repo: "docker.io/library/busybox", tag: "latest") do
-        it { should exist }
-      end
-
-      describe podman_image(id: "3c19bafed223") do
-        it { should exist }
-      end
-    EXAMPLE
-
-    attr_reader :opts, :image_info
-
-    def initialize(opts)
-      skip_resource "The `podman_image` resource is not yet available on your OS." unless inspec.os.unix?
-      opts = { image: opts } if opts.is_a?(String)
-      @opts = sanitize_options(opts)
-      raise Inspec::Exceptions::ResourceFailed, "Podman is not running. Please make sure it is installed and running." unless podman_running?
-
-      @image_info = get_image_info
-    end
-
-    LABELS = {
-      "id" => "ID",
-      "repo_tags" => "RepoTags",
-      "size" => "Size",
-      "digest" => "Digest",
-      "created_at" => "Created",
-      "version" => "Version",
-      "names_history" => "NamesHistory",
-      "repo_digests" => "RepoDigests",
-      "architecture" => "Architecture",
-      "os" => "Os",
-      "virtual_size" => "VirtualSize",
-    }.freeze
-
-    ## This creates all the required properties methods dynamically.
-    LABELS.each do |k, v|
-      define_method(k) do
-        image_info[k.to_s]
-      end
-    end
-
-    def exist?
-      ! image_info.empty?
-    end
-
-    def resource_id
-      opts[:id] || opts[:image] || ""
-    end
-
-    def to_s
-      "podman_image #{resource_id}"
-    end
-
-    private
-
-    def sanitize_options(opts)
-      opts.merge!(parse_components_from_image(opts[:image]))
-
-      # assume a "latest" tag if we don't have one
-      opts[:tag] ||= "latest"
-
-      # Assemble/reassemble the image from the repo and tag
-      opts[:image] = "#{opts[:repo]}:#{opts[:tag]}" unless opts[:repo].nil?
-
-      opts
-    end
-
-    def get_image_info
-      current_image = opts[:id] || opts[:image] || opts[:repo] + ":" + opts[:tag]
-      json_key_label = generate_go_template(LABELS)
-      podman_inspect_cmd = inspec.command("podman image inspect #{current_image} --format '{#{json_key_label}}'")
-
-      if podman_inspect_cmd.exit_status == 0
-        parse_command_output(podman_inspect_cmd.stdout)
-      elsif podman_inspect_cmd.stderr =~ /failed to find image/
-        {}
-      else
-        raise Inspec::Exceptions::ResourceFailed, "Unable to retrieve podman image information for #{current_image}.\nError message: #{podman_inspect_cmd.stderr}"
-      end
-    end
-  end
-end

data/lib/inspec/resources/podman_network.rb

@@ -1,81 +0,0 @@
-require "inspec/resources/command"
-require "inspec/utils/podman"
-module Inspec::Resources
-  class PodmanNetwork < Inspec.resource(1)
-    include Inspec::Utils::Podman
-
-    name "podman_network"
-
-    supports platform: "unix"
-
-    desc "InSpec core resource to retrive information about the given Podman network"
-
-    example <<~EXAMPLE
-      describe podman_network("podman") do
-        it { should exist }
-      end
-      describe podman_network("3a7c94d937d5f3a0f1a9b1610589945aedfbe56207fd5d32fc8154aa1a8b007f") do
-        its("driver") { should eq bridge }
-      end
-    EXAMPLE
-
-    LABELS = {
-      id: "ID",
-      name: "Name",
-      driver: "Driver",
-      labels: "Labels",
-      options: "Options",
-      ipam_options: "IPAMOptions",
-      internal: "Internal",
-      created: "Created",
-      ipv6_enabled: "IPv6Enabled",
-      dns_enabled: "DNSEnabled",
-      network_interface: "NetworkInterface",
-      subnets: "Subnets",
-    }.freeze
-
-    attr_reader :param, :network_info
-    def initialize(param)
-      skip_resource "The `podman_network` resource is not yet available on your OS." unless inspec.os.unix?
-
-      @param = param
-      raise Inspec::Exceptions::ResourceFailed, "Podman is not running. Please make sure it is installed and running." unless podman_running?
-
-      @network_info = get_network_info
-    end
-
-    ## This creates all the required properties methods dynamically.
-    LABELS.each do |k, v|
-      define_method(k) do
-        network_info[k.to_s]
-      end
-    end
-
-    def exist?
-      !network_info.empty?
-    end
-
-    def resource_id
-      id || param || ""
-    end
-
-    def to_s
-      "podman_network #{resource_id}"
-    end
-
-    private
-
-    def get_network_info
-      go_template_format = generate_go_template(LABELS)
-      result = inspec.command("podman network inspect #{param} --format '{#{go_template_format}}'")
-
-      if result.exit_status == 0
-        parse_command_output(result.stdout)
-      elsif result.stderr =~ /network not found/
-        {}
-      else
-        raise Inspec::Exceptions::ResourceFailed, "Unable to retrieve podman network information for #{param}.\nError message: #{result.stderr}"
-      end
-    end
-  end
-end

data/lib/inspec/resources/podman_pod.rb

@@ -1,101 +0,0 @@
-require "inspec/resources/command"
-require "inspec/utils/podman"
-
-module Inspec::Resources
-  class PodmanPod < Inspec.resource(1)
-    include Inspec::Utils::Podman
-
-    name "podman_pod"
-    supports platform: "unix"
-
-    desc "InSpec core resource to retrieve information about podman pod"
-
-    example <<~EXAMPLE
-      describe podman_pod("nginx-frontend") do
-        it { should exist }
-        its("id") { should eq "fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4" }
-        its("name") { should eq "nginx-frontend" }
-        its("created_at") { should eq "2022-07-14T15:47:47.978078124+05:30" }
-        its("create_command") { should include "new:nginx-frontend" }
-        its("state") { should eq "Running" }
-        its("hostname") { should eq "" }
-        its("create_cgroup") { should eq true }
-        its("cgroup_parent") { should eq "user.slice" }
-        its("cgroup_path") { should eq "user.slice/user-libpod_pod_fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4.slice" }
-        its("create_infra") { should eq true }
-        its("infra_container_id") { should eq "727538044b32a165934729dc2d47d9d5e981b6496aebfad7de470f7e76ea4251" }
-        its("infra_config") { should include "DNSOption" }
-        its("shared_namespaces") { should include "ipc" }
-        its("num_containers") { should eq 2 }
-        its("containers") { should_not be nil }
-      end
-
-      describe podman_pod("non-existing-pod") do
-        it { should_not exist }
-      end
-    EXAMPLE
-
-    attr_reader :pod_info, :pod_id
-
-    def initialize(pod_id)
-      skip_resource "The `podman_pod` resource is not yet available on your OS." unless inspec.os.unix?
-      raise Inspec::Exceptions::ResourceFailed, "Podman is not running. Please make sure it is installed and running." unless podman_running?
-
-      @pod_id = pod_id
-      @pod_info = get_pod_info
-    end
-
-    LABELS = {
-      "id" => "ID",
-      "name" => "Name",
-      "created_at" => "Created",
-      "create_command" => "CreateCommand",
-      "state" => "State",
-      "hostname" => "Hostname",
-      "create_cgroup" => "CreateCgroup",
-      "cgroup_parent" => "CgroupParent",
-      "cgroup_path" => "CgroupPath",
-      "create_infra" => "CreateInfra",
-      "infra_container_id" => "InfraContainerID",
-      "infra_config" => "InfraConfig",
-      "shared_namespaces" => "SharedNamespaces",
-      "num_containers" => "NumContainers",
-      "containers" => "Containers",
-    }.freeze
-
-    # This creates all the required properties methods dynamically.
-    LABELS.each do |k, _|
-      define_method(k) do
-        pod_info[k.to_s]
-      end
-    end
-
-    def exist?
-      !pod_info.empty?
-    end
-
-    def resource_id
-      pod_id
-    end
-
-    def to_s
-      "Podman Pod #{resource_id}"
-    end
-
-    private
-
-    def get_pod_info
-      json_key_label = generate_go_template(LABELS)
-
-      inspect_pod_cmd = inspec.command("podman pod inspect #{pod_id} --format '{#{json_key_label}}'")
-
-      if inspect_pod_cmd.exit_status == 0
-        parse_command_output(inspect_pod_cmd.stdout)
-      elsif inspect_pod_cmd.stderr =~ /no pod with name or ID/
-        {}
-      else
-        raise Inspec::Exceptions::ResourceFailed, "Unable to retrieve podman pod information for #{pod_id}.\nError message: #{inspect_pod_cmd.stderr}"
-      end
-    end
-  end
-end

data/lib/inspec/resources/podman_volume.rb

@@ -1,87 +0,0 @@
-require "inspec/resources/command"
-require "inspec/utils/podman"
-
-module Inspec::Resources
-  class PodmanVolume < Inspec.resource(1)
-    include Inspec::Utils::Podman
-
-    name "podman_volume"
-    supports platform: "unix"
-
-    desc "InSpec core resource to retrieve information about podman volume"
-
-    example <<~EXAMPLE
-      describe podman_volume("my_volume") do
-        it { should exist }
-        its("name") { should eq "my_volume" }
-        its("driver") { should eq "local" }
-        its("mountpoint") { should eq "/var/home/core/.local/share/containers/storage/volumes/my_volume/_data" }
-        its("created_at") { should eq "2022-07-14T13:21:19.965421792+05:30" }
-        its("labels") { should eq({}) }
-        its("scope") { should eq "local" }
-        its("options") { should eq({}) }
-        its("mount_count") { should eq 0 }
-        its("needs_copy_up") { should eq true }
-        its("needs_chown") { should eq true }
-      end
-    EXAMPLE
-
-    attr_reader :volume_info, :volume_name
-
-    def initialize(volume_name)
-      skip_resource "The `podman_volume` resource is not yet available on your OS." unless inspec.os.unix?
-      raise Inspec::Exceptions::ResourceFailed, "Podman is not running. Please make sure it is installed and running." unless podman_running?
-
-      @volume_name = volume_name
-      @volume_info = get_volume_info
-    end
-
-    LABELS = {
-      "name" => "Name",
-      "driver" => "Driver",
-      "mountpoint" => "Mountpoint",
-      "created_at" => "CreatedAt",
-      "labels" => "Labels",
-      "scope" => "Scope",
-      "options" => "Options",
-      "mount_count" => "MountCount",
-      "needs_copy_up" => "NeedsCopyUp",
-      "needs_chown" => "NeedsChown",
-    }.freeze
-
-    # This creates all the required properties methods dynamically.
-    LABELS.each do |k, _|
-      define_method(k) do
-        volume_info[k.to_s]
-      end
-    end
-
-    def exist?
-      !volume_info.empty?
-    end
-
-    def resource_id
-      volume_name
-    end
-
-    def to_s
-      "podman_volume #{resource_id}"
-    end
-
-    private
-
-    def get_volume_info
-      json_key_label = generate_go_template(LABELS)
-
-      inspect_volume_cmd = inspec.command("podman volume inspect #{volume_name} --format '{#{json_key_label}}'")
-
-      if inspect_volume_cmd.exit_status == 0
-        parse_command_output(inspect_volume_cmd.stdout)
-      elsif inspect_volume_cmd.stderr =~ /inspecting object: no such/
-        {}
-      else
-        raise Inspec::Exceptions::ResourceFailed, "Unable to retrieve podman volume information for #{volume_name}.\nError message: #{inspect_volume_cmd.stderr}"
-      end
-    end
-  end
-end

data/lib/inspec/resources/rabbitmq_conf.rb

@@ -1,2 +0,0 @@
-# This is just here to make the dynamic loader happy.
-require "inspec/resources/rabbitmq_config"

data/lib/inspec/resources/rabbitmq_config.rb

@@ -1,56 +0,0 @@
-require "inspec/utils/erlang_parser"
-require "inspec/utils/file_reader"
-
-module Inspec::Resources
-  class RabbitmqConfig < Inspec.resource(1)
-    name "rabbitmq_conf" # TODO: this is an alias. do we want this?
-    name "rabbitmq_config"
-    supports platform: "unix"
-    desc "Use the rabbitmq_config InSpec resource to test configuration data "\
-         "for the RabbitMQ service located in /etc/rabbitmq/rabbitmq.config on "\
-         "Linux and UNIX platforms."
-    example <<~EXAMPLE
-      describe rabbitmq_config.params('rabbit', 'ssl_listeners') do
-        it { should cmp 5671 }
-      end
-    EXAMPLE
-
-    include FileReader
-
-    def initialize(conf_path = nil)
-      @conf_path = conf_path || "/etc/rabbitmq/rabbitmq.config"
-      @content = read_file_content(@conf_path, allow_empty: true)
-    end
-
-    def params(*opts)
-      opts.inject(read_params) do |res, nxt|
-        res.respond_to?(:key) ? res[nxt] : nil
-      end
-    end
-
-    def to_s
-      "rabbitmq_config #{@conf_path}"
-    end
-
-    def resource_id
-      @conf_path
-    end
-
-    private
-
-    def read_content
-      return @content if defined?(@content)
-
-      @content = read_file_content(@conf_path, allow_empty: true)
-    end
-
-    def read_params
-      return @params if defined?(@params)
-      return @params = {} if read_content.nil?
-
-      @params = ErlangConfigFile.parse(read_content)
-    rescue Parslet::ParseFailed
-      raise "Cannot parse RabbitMQ config: \"#{read_content}\""
-    end
-  end
-end

data/lib/inspec/resources/ssh_config.rb

@@ -1,215 +0,0 @@
-# copyright: 2015, Vulcano Security GmbH
-
-require "inspec/utils/simpleconfig"
-require "inspec/utils/file_reader"
-
-module Inspec::Resources
-  class SshConfig < Inspec.resource(1)
-    name "ssh_config"
-    supports platform: "unix"
-    supports platform: "windows"
-    desc "Use the `ssh_config` InSpec audit resource to test OpenSSH client configuration data located at `/etc/ssh/ssh_config` on Linux and Unix platforms."
-    example <<~EXAMPLE
-      describe ssh_config do
-        its('cipher') { should contain '3des' }
-        its('port') { should eq '22' }
-        its('hostname') { should include('example.com') }
-      end
-    EXAMPLE
-
-    include FileReader
-
-    def initialize(conf_path = nil, type = nil)
-      @conf_path = conf_path || ssh_config_file("ssh_config")
-      typename = (@conf_path.include?("sshd") ? "Server" : "Client")
-      @type = type || "SSH #{typename} configuration #{conf_path}"
-      read_content
-    end
-
-    def content
-      read_content
-    end
-
-    def params(*opts)
-      opts.inject(read_params) do |res, nxt|
-        res.respond_to?(:key) ? res[nxt] : nil
-      end
-    end
-
-    def convert_hash(hash)
-      new_hash = {}
-      hash.each { |k, v| new_hash[k.downcase] ||= v }
-      new_hash
-    end
-
-    def method_missing(name)
-      param = read_params[name.to_s.downcase]
-      return nil if param.nil?
-      return param[0] if param.length == 1
-
-      param
-    end
-
-    def to_s
-      "SSH Configuration"
-    end
-
-    def resource_id
-      @conf_path || "SSH Configuration"
-    end
-
-    private
-
-    def read_content
-      return @content if defined?(@content)
-
-      @content = read_file_content(@conf_path)
-    end
-
-    def read_params
-      return @params if defined?(@params)
-      return @params = {} if read_content.nil?
-
-      conf =
-        SimpleConfig.new(
-          read_content,
-          assignment_regex: /^\s*(\S+?)\s+(.*?)\s*$/,
-          multiple_values: true
-        )
-      @params = convert_hash(conf.params)
-    end
-
-    def ssh_config_file(type)
-      if inspec.os.windows?
-        programdata = inspec.os_env("programdata").content
-        return "#{programdata}\\ssh\\#{type}"
-      end
-
-      "/etc/ssh/#{type}"
-    end
-  end
-
-  class SshdConfig < SshConfig
-    name "sshd_config"
-    supports platform: "unix"
-    supports platform: "windows"
-    desc "Use the sshd_config InSpec audit resource to test configuration data for the Open SSH daemon located at /etc/ssh/sshd_config on Linux and UNIX platforms. sshd---the Open SSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command execution, and data exchanges."
-    example <<~EXAMPLE
-      describe sshd_config do
-        its('Protocol') { should eq '2' }
-      end
-    EXAMPLE
-
-    def initialize(path = nil)
-      super(path || ssh_config_file("sshd_config"))
-    end
-
-    def to_s
-      "SSHD Configuration"
-    end
-
-    private
-
-    def ssh_config_file(type)
-      if inspec.os.windows?
-        programdata = inspec.os_env("programdata").content
-        return "#{programdata}\\ssh\\#{type}"
-      end
-
-      "/etc/ssh/#{type}"
-    end
-  end
-
-  class SshdActiveConfig < SshdConfig
-    name "sshd_active_config"
-    supports platform: "unix"
-    supports platform: "windows"
-    desc "Use the sshd_active_config InSpec audit resource to test configuration data for the Open SSH daemon located at /etc/ssh/sshd_config on Linux and UNIX platforms. sshd---the Open SSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command execution, and data exchanges."
-    example <<~EXAMPLE
-      describe sshd_active_config do
-        its('Protocol') { should eq '2' }
-      end
-    EXAMPLE
-
-    attr_reader :active_path
-
-    def initialize
-      @active_path = dynamic_sshd_config_path
-      super(@active_path)
-    end
-
-    def to_s
-      "SSHD Active Configuration (active path: #{@conf_path})"
-    end
-
-    private
-
-    def ssh_config_file(type)
-      if inspec.os.windows?
-        programdata = inspec.os_env("programdata").content
-        return "#{programdata}\\ssh\\#{type}"
-      end
-
-      "/etc/ssh/#{type}"
-    end
-
-    def dynamic_sshd_config_path
-      if inspec.os.windows?
-        script = <<-EOH
-          $sshdPath = (Get-Command sshd.exe).Source
-          if ($sshdPath -ne $null) {
-            Write-Output $sshdPath
-          } else {
-            Write-Error "sshd.exe not found"
-          }
-        EOH
-        sshd_path_result = inspec.powershell(script).stdout.strip
-        sshd_path = "\"#{sshd_path_result}\""
-        if !sshd_path_result.empty? && sshd_path_result != "sshd.exe not found"
-          command_output = inspec.command("sudo #{sshd_path} -dd 2>&1").stdout
-          dynamic_path =
-            command_output
-              .lines
-              .find { |line| line.include?("filename") }
-              &.split("filename")
-              &.last
-              &.strip
-          env_var_name = dynamic_path.match(/__(.*?)__/)[1]
-          if env_var_name?
-            dynamic_path =
-              dynamic_path.gsub(
-                /__#{env_var_name}__/,
-                inspec.os_env(env_var_name).content
-              )
-          end
-        else
-          Inspec::Log.error("sshd.exe not found using PowerShell script block.")
-          return nil
-        end
-      elsif inspec.os.unix?
-        sshd_path = "/usr/sbin/sshd"
-        command_output = inspec.command("sudo #{sshd_path} -dd 2>&1").stdout
-        dynamic_path =
-          command_output
-            .lines
-            .find { |line| line.include?("filename") }
-            &.split("filename")
-            &.last
-            &.strip
-      else
-        Inspec::Log.error(
-          "Unable to determine sshd configuration path on Windows using -T flag."
-        )
-        return nil
-      end
-
-      if dynamic_path.nil? || dynamic_path.empty?
-        Inspec::Log.warn(
-          "No active SSHD configuration found. Using default configuration."
-        )
-        return ssh_config_file("sshd_config")
-      end
-      dynamic_path
-    end
-  end
-end