inspec-core 6.8.24 → 7.0.95

data/lib/inspec/resources/ibmdb2_conf.rb

@@ -1,65 +0,0 @@
-module Inspec::Resources
-  class Ibmdb2Conf < Inspec.resource(1)
-    name "ibmdb2_conf"
-
-    supports platform: "unix"
-    supports platform: "windows"
-
-    desc "Use the ibmdb2_conf InSpec audit resource to test the configuration values of IBM Db2 database."
-    example <<~EXAMPLE
-      describe ibmdb2_conf(db2_executable_file_path: "path_to_db2_binary", db_instance: "db2inst1") do
-        its("output") { should_not be_empty }
-        its("output") { should include("Audit buffer size (4KB) (AUDIT_BUF_SZ) = 0")}
-      end
-    EXAMPLE
-
-    attr_reader :output
-
-    def initialize(opts = {})
-      if inspec.os.platform?("unix")
-        @db2_executable_file_path = opts[:db2_executable_file_path]
-        @db_instance = opts[:db_instance]
-        raise Inspec::Exceptions::ResourceFailed, "Can't connect to IBM DB2 without db2_executable_file_path, db_instance options provided." if @db2_executable_file_path.nil? || @db_instance.nil?
-      end
-      @output = run_command
-    end
-
-    def resource_id
-      if inspec.os.platform?("windows")
-        "ibmdb2_conf"
-      else
-        "ibmdb2_conf:DatabaseInstance:#{@db_instance}"
-      end
-    end
-
-    def to_s
-      "IBM Db2 Conf"
-    end
-
-    private
-
-    def run_command
-      # attach to the db2 instance and get the configuration
-      if inspec.os.platform?("unix")
-        cmd = inspec.command("#{@db2_executable_file_path} attach to #{@db_instance}\; #{@db2_executable_file_path} get database manager configuration")
-        out = cmd.stdout + "\n" + cmd.stderr
-
-        # check if following specific error is there. Sourcing the db2profile to resolve the error.
-        if cmd.exit_status != 0 && out =~ /SQL10007N Message "-1390" could not be retrieved.  Reason code: "3"/
-          cmd = inspec.command(". ~/sqllib/db2profile\; #{@db2_executable_file_path} attach to #{@db_instance}\; #{@db2_executable_file_path} get database manager configuration")
-          out = cmd.stdout + "\n" + cmd.stderr
-        end
-      elsif inspec.os.platform?("windows")
-        # set-item command set the powershell to run the db2 commands.
-        cmd = inspec.command("set-item -path env:DB2CLP -value \"**$$**\"\; db2 get database manager configuration")
-        out = cmd.stdout + "\n" + cmd.stderr
-      end
-
-      if cmd.exit_status != 0 || out =~ /Can't connect to IBM Db2 server/ || out.downcase =~ /^error:.*/
-        raise Inspec::Exceptions::ResourceFailed, "IBM Db2 query with error: #{out}"
-      else
-        cmd.stdout.gsub(/\n|\r/, ",").split(",").reject { |n| n.nil? || n.empty? }.map { |n| n.strip.gsub!(/\s+/, " ") }
-      end
-    end
-  end
-end

data/lib/inspec/resources/ibmdb2_session.rb

@@ -1,78 +0,0 @@
-module Inspec::Resources
-  class Lines
-    attr_reader :output, :exit_status
-
-    def initialize(raw, desc, exit_status)
-      @output = raw
-      @desc = desc
-      @exit_status = exit_status
-    end
-
-    def to_s
-      @desc
-    end
-  end
-
-  class Ibmdb2Session < Inspec.resource(1)
-    name "ibmdb2_session"
-
-    supports platform: "unix"
-    supports platform: "windows"
-
-    desc "Use the ibmdb2_session InSpec audit resource to test SQL commands run against a IBM Db2 database."
-    example <<~EXAMPLE
-      describe ibmdb2_session(db2_executable_file_path: "path_to_db2_binary", db_instance: "db2inst1", db_name: "sample").query('list database directory') do
-        its('output') { should_not match(/sample/) }
-      end
-    EXAMPLE
-
-    def initialize(opts = {})
-      @db_name = opts[:db_name]
-      if inspec.os.platform?("unix")
-        @db2_executable_file_path = opts[:db2_executable_file_path]
-        @db_instance = opts[:db_instance]
-        raise Inspec::Exceptions::ResourceFailed, "Can't run IBM DB2 queries without db2_executable_file_path, db_instance, db_name options provided." if @db2_executable_file_path.nil? || @db_instance.nil? || @db_name.nil?
-      elsif inspec.os.platform?("windows")
-        raise Inspec::Exceptions::ResourceFailed, "Can't run IBM DB2 queries without db_name option provided." if @db_name.nil?
-      end
-    end
-
-    def query(q)
-      raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
-
-      if inspec.os.platform?("unix")
-        # connect to the db and query on the database
-        cmd = inspec.command("#{@db2_executable_file_path} attach to #{@db_instance}\; #{@db2_executable_file_path} connect to #{@db_name}\; #{@db2_executable_file_path} #{q}\;")
-        out = cmd.stdout + "\n" + cmd.stderr
-
-        # check if following specific error is there. Sourcing the db2profile to resolve the error.
-        if cmd.exit_status != 0 && out =~ /SQL10007N Message "-1390" could not be retrieved.  Reason code: "3"/
-          cmd = inspec.command(". ~/sqllib/db2profile\; #{@db2_executable_file_path} attach to #{@db_instance}\; #{@db2_executable_file_path} connect to #{@db_name}\; #{@db2_executable_file_path} \"#{q}\"\;")
-          out = cmd.stdout + "\n" + cmd.stderr
-        end
-      elsif inspec.os.platform?("windows")
-        # set-item command set the powershell to run the db2 commands.
-        cmd = inspec.command("set-item -path env:DB2CLP -value \"**$$**\"\; db2 connect to #{@db_name}\; db2 \"#{q}\"\;")
-        out = cmd.stdout + "\n" + cmd.stderr
-      end
-
-      if cmd.exit_status != 0 || out =~ /Can't connect to IBM Db2 / || out.downcase =~ /^error:.*/
-        raise Inspec::Exceptions::ResourceFailed, "IBM Db2 connection error: #{out}"
-      else
-        Lines.new(cmd.stdout.strip, "IBM Db2 Query: #{q}", cmd.exit_status)
-      end
-    end
-
-    def resource_id
-      if inspec.os.platform?("windows")
-        "ibmdb2_session:DatabaseName#{@db_name}"
-      else
-        "ibmdb2_session:DatabaseInstance:#{@db_instance}:DatabaseName#{@db_name}"
-      end
-    end
-
-    def to_s
-      "IBM Db2 Session"
-    end
-  end
-end

data/lib/inspec/resources/mongodb.rb

@@ -1,69 +0,0 @@
-module Inspec::Resources
-  class Mongodb < Inspec.resource(1)
-    name "mongodb"
-    supports platform: "unix"
-    supports platform: "windows"
-
-    desc "The 'mongodb' resource is a helper for the 'mongodb_conf' & 'mongodb_session' resources.  Please use those instead."
-
-    attr_reader :conf_path
-
-    def initialize
-      case inspec.os[:family]
-      when "debian", "fedora", "redhat", "linux", "suse"
-        init_linux
-      when "darwin"
-        init_macos
-      when "windows"
-        init_windows
-      end
-    end
-
-    def resource_id
-      @conf_path
-    end
-
-    def to_s
-      "MongoDB"
-    end
-
-    private
-
-    def init_linux
-      @conf_path = "/etc/mongod.conf"
-    end
-
-    def init_macos
-      @conf_path = "/usr/local/etc/mongod.conf"
-    end
-
-    def init_windows
-      dir = "C:\\Program Files\\MongoDB\\Server"
-      @version = version_from_dir(dir)
-      unless @version.to_s.empty?
-        @conf_path = "#{dir}\\#{@version}\\bin\\mongod.cfg"
-      end
-    end
-
-    def version_from_dir(dir)
-      dirs = inspec.command("Get-ChildItem -Path \"#{dir}\" -Name").stdout
-      entries = dirs.lines.count
-      case entries
-      when 0
-        warn "Could not determine version of installed MongoDB by inspecting #{dir}"
-        nil
-      when 1
-        dir_to_version(dirs)
-      else
-        warn "Multiple versions of MongoDB installed or incorrect base dir #{dir}"
-        first = dir_to_version(dirs.lines.first)
-        warn "Using the first version found: #{first}"
-        first
-      end
-    end
-
-    def dir_to_version(dir)
-      dir.chomp.split("/").last
-    end
-  end
-end

data/lib/inspec/resources/mongodb_conf.rb

@@ -1,44 +0,0 @@
-require "inspec/resources/json"
-require "inspec/resources/mongodb"
-
-module Inspec::Resources
-  class MongodbConf < JsonConfig
-    name "mongodb_conf"
-    supports platform: "unix"
-    supports platform: "windows"
-    desc "Use the mongodb_conf InSpec audit resource to test the contents of the configuration file for MongoDB, typically located at `/etc/mongod.conf` or `C:\\Program Files\\MongoDB\\Server\\<version>\\bin\\mongod.cfg`, depending on the platform."
-    example <<~EXAMPLE
-      describe mongodb_conf do
-        its(["storage", "dbPath"]) { should eq "/var/lib/mongodb" }
-        its(["net", "port"]) { should eq 27017 }
-      end
-    EXAMPLE
-
-    def initialize(conf_path = nil)
-      @conf_path = conf_path || inspec.mongodb.conf_path
-
-      if @conf_path.nil?
-        return skip_resource "MongoDB conf path is not set."
-      end
-
-      super(@conf_path)
-    end
-
-    # set resource_id to "" if system is not able to determine the @conf_path
-    def resource_id
-      @conf_path || "mongodb_conf"
-    end
-
-    private
-
-    def parse(content)
-      YAML.load(content)
-    rescue => e
-      raise Inspec::Exceptions::ResourceFailed, "Unable to parse `mongod.conf` or `mongod.cfg` file: #{e.message}"
-    end
-
-    def resource_base_name
-      "MongoDB Configuration"
-    end
-  end
-end

data/lib/inspec/resources/mongodb_session.rb

@@ -1,98 +0,0 @@
-require "mongo"
-
-module Inspec::Resources
-  class Lines
-    attr_reader :params
-
-    def initialize(raw, desc, exit_status = nil)
-      @params = raw
-      @desc = desc
-      @exit_status = exit_status
-    end
-
-    def to_s
-      @desc
-    end
-  end
-
-  class MongodbSession < Inspec.resource(1)
-    name "mongodb_session"
-    supports platform: "unix"
-    supports platform: "windows"
-
-    desc "Use the mongodb_session InSpec audit resource to run MongoDB command against a MongoDB Database."
-    example <<~EXAMPLE
-      # default values:
-      # host: "127.0.0.1"
-      # port: "27017"
-      # auth_source - default to database name
-      # auth_mech - :scram
-
-      describe mongodb_session(user: "foo", password: "bar", database: "test").query(usersInfo: "ian").params["users"].first["roles"].first do
-        its(["role"]) { should eq "readWrite" }
-      end
-    EXAMPLE
-    attr_reader :user, :host, :port, :database, :params
-
-    def initialize(opts = {})
-      @user = opts[:user] || nil
-      @password = opts[:password] || nil
-      @host = opts[:host] || "127.0.0.1"
-      @port = opts[:port] || "27017"
-      @database = opts[:database] || nil
-      @auth_mech = opts[:auth_mech] || :scram
-      @auth_source = opts[:auth_source] || @database
-      @ssl = opts[:ssl] || false
-      @ssl_cert = opts[:ssl_cert] || nil
-      @ssl_key = opts[:ssl_key] || nil
-      @ssl_ca_cert = opts[:ssl_ca_cert] || nil
-      @auth_mech_properties = opts[:auth_mech_properties] || {}
-      @client = nil
-
-      fail_resource "Can't run MongoDB checks without authentication." unless user && @password
-      fail_resource "You must provide a database name for the session." unless database
-
-      create_session
-    end
-
-    def query(command)
-      raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
-
-      Lines.new(@client.command(command).documents.first, "MongoDB query: #{command}")
-    rescue => e
-      raise Inspec::Exceptions::ResourceFailed, "Can't run MongoDB command Error: #{e.message}"
-    end
-
-    def resource_id
-      "mongodb_session:User:#{@user}:Host:#{@host}:Database:#{@database}"
-    end
-
-    private
-
-    def create_session
-      raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
-
-      options = { user: "#{user}",
-        password: "#{@password}",
-        database: "#{database}",
-        auth_source: "#{@auth_source}",
-        auth_mech: @auth_mech,
-        }
-      options[:auth_mech_properties] = @auth_mech_properties unless @auth_mech_properties.empty?
-      options[:ssl] = @ssl
-      opitons[:ssl_key] = @ssl_key unless @ssl_key.nil?
-      options[:ssl_cert] = @ssl_cert unless @ssl_cert.nil?
-      options[:ssl_ca_cert] = @ssl_ca_cert unless @ssl_ca_cert.nil?
-
-      # Setting the logger level to INFO as mongo gem version 2.13.2 is using DEBUG as the log level Ref: https://github.com/mongodb/mongo-ruby-driver/blob/v2.13.2/lib/mongo/logger.rb#L79
-      # Latest version of the mongo gem don't have this issue as it set to INFO level Ref: https://github.com/mongodb/mongo-ruby-driver/blob/master/lib/mongo/logger.rb#L82
-      # We pinned the version to 2.13.2 as the latest version of the mongo gem has broken symlink https://jira.mongodb.org/browse/RUBY-2546 which causes omnibus build failure.
-      # Once we get the latest version working we can remove logger level set here.
-      Mongo::Logger.logger.level = Logger::INFO
-      @client = Mongo::Client.new([ "#{host}:#{port}" ], options)
-
-    rescue => e
-      raise Inspec::Exceptions::ResourceFailed, "Can't run MongoDB command. Error: #{e.message}"
-    end
-  end
-end

data/lib/inspec/resources/opa.rb

@@ -1,26 +0,0 @@
-require "inspec/resources/json"
-
-module Inspec::Resources
-  class Opa < JsonConfig
-    name "opa"
-    supports platform: "unix"
-    supports platform: "windows"
-
-    def initialize(content)
-      @content = content
-      super({ content: @content })
-    end
-
-    def result
-      @content == {} || @content["result"].empty? ? nil : @content
-    end
-
-    private
-
-    def parse(content)
-      @content = YAML.load(content)
-    rescue => e
-      raise Inspec::Exceptions::ResourceFailed, "Unable to parse OPA query output: #{e.message}"
-    end
-  end
-end

data/lib/inspec/resources/opa_api.rb

@@ -1,49 +0,0 @@
-require "inspec/resources/opa"
-
-module Inspec::Resources
-  class OpaApi < Opa
-    name "opa_api"
-    supports platform: "unix"
-    supports platform: "windows"
-
-    example <<~EXAMPLE
-      describe opa_api(url: "localhost:8181/v1/data/example/violation", data: "input.json") do
-        its(["result"]) { should eq 'value' }
-      end
-    EXAMPLE
-
-    def initialize(opts = {})
-      @url = opts[:url] || nil
-      @data = opts[:data] || nil
-      fail_resource "OPA url and data are mandatory." if @url.nil? || @url.empty? || @data.nil? || @data.empty?
-      @content = load_result
-      super(@content)
-    end
-
-    def allow
-      @content["result"]
-    end
-
-    def resource_id
-      @url || "opa_api"
-    end
-
-    def to_s
-      "OPA api"
-    end
-
-    private
-
-    def load_result
-      raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
-
-      result = inspec.command("curl -X POST #{@url} -d @#{@data} -H 'Content-Type: application/json'")
-      if result.exit_status == 0
-        result.stdout.gsub("\n", "")
-      else
-        error = result.stdout + "\n" + result.stderr
-        raise Inspec::Exceptions::ResourceFailed, "Error while executing OPA query: #{error}"
-      end
-    end
-  end
-end

data/lib/inspec/resources/opa_cli.rb

@@ -1,57 +0,0 @@
-require "inspec/resources/opa"
-
-module Inspec::Resources
-  class OpaCli < Opa
-    name "opa_cli"
-    supports platform: "unix"
-    supports platform: "windows"
-
-    example <<~EXAMPLE
-      describe opa_cli(policy: "example.rego", data: "input.json", query: "data.example.allow") do
-        its(["result"]) { should eq "value" }
-      end
-    EXAMPLE
-
-    def initialize(opts = {})
-      @opa_executable_path = opts[:opa_executable_path] || "opa" # if this path is not provided then we will assume that it's been set in the ENV PATH
-      @policy = opts[:policy] || nil
-      @data = opts[:data] || nil
-      @query = opts[:query] || nil
-      if (@policy.nil? || @policy.empty?) || (@data.nil? || @data.empty?) || (@query.nil? || @query.empty?)
-        fail_resource "OPA policy, data and query are mandatory."
-      end
-      @content = load_result
-      super(@content)
-    end
-
-    def allow
-      @content["result"][0]["expressions"][0]["value"] if @content["result"][0]["expressions"][0]["text"].include?("allow")
-    end
-
-    def resource_id
-      if @policy.nil? && @query.nil?
-        "opa_cli"
-      else
-        "#{@policy}:#{@query}"
-      end
-    end
-
-    def to_s
-      "OPA cli"
-    end
-
-    private
-
-    def load_result
-      raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
-
-      result = inspec.command("#{@opa_executable_path} eval -i '#{@data}' -d '#{@policy}' '#{@query}'")
-      if result.exit_status == 0
-        result.stdout.gsub("\n", "")
-      else
-        error = result.stdout + "\n" + result.stderr
-        raise Inspec::Exceptions::ResourceFailed, "Error while executing OPA query: #{error}"
-      end
-    end
-  end
-end