inspec-core 7.0.38.beta → 7.0.95

data/lib/inspec/waiver_file_reader.rb

@@ -5,6 +5,8 @@ require "inspec/utils/waivers/json_file_reader"
 module Inspec
   class WaiverFileReader
 
+    SUPPORTED_FILE_EXTENSION = %w{.yaml .yml .csv .json}.freeze
+
     def self.fetch_waivers_by_profile(profile_id, files)
       read_waivers_from_file(profile_id, files) if @waivers_data.nil? || @waivers_data[profile_id].nil?
       @waivers_data[profile_id]
@@ -15,14 +17,10 @@ module Inspec
       output = {}
 
       files.each do |file_path|
-        data = read_from_file(file_path)
-        output.merge!(data) if !data.nil? && data.is_a?(Hash)
+        next unless valid_waiver_file?(file_path)
 
-        if data.nil?
-          raise Inspec::Exceptions::WaiversFileNotReadable,
-              "Cannot find parser for waivers file." \
-              "Check to make sure file has the appropriate extension."
-        end
+        data = parse_waiver_file(file_path)
+        output.merge!(data) if data.is_a?(Hash)
       rescue Inspec::Exceptions::WaiversFileNotReadable, Inspec::Exceptions::WaiversFileInvalidFormatting => e
         Inspec::Log.error "Error reading waivers file #{file_path}. #{e.message}"
         Inspec::UI.new.exit(:usage_error)
@@ -31,21 +29,38 @@ module Inspec
       @waivers_data[profile_id] = output
     end
 
-    def self.read_from_file(file_path)
-      data = nil
-      file_extension = File.extname(file_path)
-      if [".yaml", ".yml"].include? file_extension
-        data = Secrets::YAML.resolve(file_path)
-        data = data.inputs unless data.nil?
+    def self.valid_waiver_file?(file_path)
+      # Check if the file is readable
+      file_extension = File.extname(file_path).downcase
+      unless SUPPORTED_FILE_EXTENSION.include?(file_extension)
+        raise Inspec::Exceptions::WaiversFileNotReadable,
+              "Unsupported file extension for '#{file_path}'. Allowed waiver file extensions: #{SUPPORTED_FILE_EXTENSION.join(", ")}"
+      end
+
+      # Check if the file is empty
+      if File.zero?(file_path)
+        Inspec::Log.warn "Waivers file '#{file_path}' is empty. Skipping waivers."
+        return false
+      end
+
+      true
+    end
+
+    def self.parse_waiver_file(file_path)
+      file_extension = File.extname(file_path).downcase
+
+      case file_extension
+      when ".yaml", ".yml"
+        data = Secrets::YAML.resolve(file_path)&.inputs
         validate_json_yaml(data)
-      elsif file_extension == ".csv"
+      when ".csv"
         data = Waivers::CSVFileReader.resolve(file_path)
-        headers = Waivers::CSVFileReader.headers
-        validate_csv_headers(headers)
-      elsif file_extension == ".json"
+        validate_csv_headers(Waivers::CSVFileReader.headers)
+      when ".json"
         data = Waivers::JSONFileReader.resolve(file_path)
-        validate_json_yaml(data) unless data.nil?
+        validate_json_yaml(data)
       end
+
       data
     end
 
@@ -81,6 +96,8 @@ module Inspec
     end
 
     def self.validate_json_yaml(data)
+      return if data.nil?
+
       missing_required_field = false
       data.each do |key, value|
         # In case of yaml or json we need to validate headers/parametes for each value

data/lib/inspec.rb

@@ -1,4 +1,6 @@
 # copyright: 2015, Dominik Richter
+# Copyright © 2015-2025 Progress Software Corporation and/or its subsidiaries or affiliates.
+# All Rights Reserved.
 
 libdir = File.dirname(__FILE__)
 $LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)

data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb

@@ -425,8 +425,10 @@ module InspecPlugins
                  "our apologies for the misunderstanding, and open an issue " \
                  "at https://github.com/inspec/inspec/issues/new")
         ui.exit Inspec::UI::EXIT_PLUGIN_ERROR
-      rescue Inspec::Plugin::V2::InstallError
-        raise if Inspec::Log.level == :debug
+      rescue Inspec::Plugin::V2::InstallError => e
+        # This change is required for Ruby 3.3 upgrade
+        # Using Inspec::Log::level breaks with error `undefined method nil` in Ruby log library
+        Inspec::Log.debug e.backtrace
 
         results = installer.search(plugin_name, exact: true)
         source_host = URI(options[:source] || "https://rubygems.org/").host

data/lib/plugins/shared/core_plugin_test_helper.rb

@@ -12,7 +12,7 @@ require "tmpdir" unless defined?(Dir.mktmpdir)
 require "pathname" unless defined?(Pathname)
 require "forwardable" unless defined?(Forwardable)
 
-require "functional/helper"
+require_relative "../../../test/functional/helper"
 require "inspec/plugin/v2"
 
 # Configure Minitest to expose things like `let`

data/lib/source_readers/inspec.rb

@@ -66,7 +66,7 @@ module SourceReaders
     end
 
     def load_readme
-      load_all(/README.md/)
+      load_all(/README(\.md)?$/)
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 7.0.38.beta
+  version: 7.0.95
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2025-03-05 00:00:00.000000000 Z
+date: 2025-10-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -59,7 +59,7 @@ dependencies:
         version: '0.20'
     - - "<"
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: 1.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -69,7 +69,7 @@ dependencies:
         version: '0.20'
     - - "<"
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: 1.5.0
 - !ruby/object:Gem::Dependency
   name: method_source
   requirement: !ruby/object:Gem::Requirement
@@ -99,7 +99,7 @@ dependencies:
         version: 1.2.2
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -109,7 +109,7 @@ dependencies:
         version: 1.2.2
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -134,16 +134,22 @@ dependencies:
   name: rspec-its
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -288,7 +294,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '1.3'
     - - "<"
       - !ruby/object:Gem::Version
         version: '2.1'
@@ -298,7 +304,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '1.3'
     - - "<"
       - !ruby/object:Gem::Version
         version: '2.1'
@@ -325,7 +331,7 @@ dependencies:
         version: '1.5'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -335,7 +341,7 @@ dependencies:
         version: '1.5'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: semverse
   requirement: !ruby/object:Gem::Requirement
@@ -364,6 +370,54 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: syslog
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: csv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: ostruct
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.7'
 - !ruby/object:Gem::Dependency
   name: cookstyle
   requirement: !ruby/object:Gem::Requirement
@@ -382,30 +436,36 @@ dependencies:
   name: train-core
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.13'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.11.0
+        version: 3.13.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.13'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.11.0
+        version: 3.13.4
 - !ruby/object:Gem::Dependency
   name: chef-licensing
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.2
+        version: 1.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.2
+        version: 1.2.0
 description: |+
   InSpec provides a framework for creating end-to-end infrastructure tests. You can use it for integration or even compliance testing. Create fully portable test profiles and use them in your workflow to ensure stability and security. Integrate InSpec in your change lifecycle for local testing, CI/CD, and deployment verification.
   This has local support only. See the `inspec` gem for full support.
@@ -620,9 +680,6 @@ files:
 - lib/inspec/resources/npm.rb
 - lib/inspec/resources/ntp_conf.rb
 - lib/inspec/resources/oneget.rb
-- lib/inspec/resources/opa.rb
-- lib/inspec/resources/opa_api.rb
-- lib/inspec/resources/opa_cli.rb
 - lib/inspec/resources/oracle.rb
 - lib/inspec/resources/oracledb_conf.rb
 - lib/inspec/resources/oracledb_listener_conf.rb
@@ -656,6 +713,10 @@ files:
 - lib/inspec/resources/selinux.rb
 - lib/inspec/resources/service.rb
 - lib/inspec/resources/shadow.rb
+- lib/inspec/resources/ssh_config.rb
+- lib/inspec/resources/ssh_key.rb
+- lib/inspec/resources/sshd_active_config.rb
+- lib/inspec/resources/sshd_config.rb
 - lib/inspec/resources/ssl.rb
 - lib/inspec/resources/sys_info.rb
 - lib/inspec/resources/systemd_service.rb
@@ -712,6 +773,7 @@ files:
 - lib/inspec/utils/convert.rb
 - lib/inspec/utils/database_helpers.rb
 - lib/inspec/utils/deprecated_cloud_resources_list.rb
+- lib/inspec/utils/deprecated_core_resources_list.rb
 - lib/inspec/utils/deprecation.rb
 - lib/inspec/utils/deprecation/config_file.rb
 - lib/inspec/utils/deprecation/deprecator.rb
@@ -884,11 +946,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 3.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.3.27
 signing_key: 
 specification_version: 4
 summary: Infrastructure and compliance testing. Core library.

data/lib/inspec/resources/opa.rb

@@ -1,26 +0,0 @@
-require "inspec/resources/json"
-
-module Inspec::Resources
-  class Opa < JsonConfig
-    name "opa"
-    supports platform: "unix"
-    supports platform: "windows"
-
-    def initialize(content)
-      @content = content
-      super({ content: @content })
-    end
-
-    def result
-      @content == {} || @content["result"].empty? ? nil : @content
-    end
-
-    private
-
-    def parse(content)
-      @content = YAML.load(content)
-    rescue => e
-      raise Inspec::Exceptions::ResourceFailed, "Unable to parse OPA query output: #{e.message}"
-    end
-  end
-end

data/lib/inspec/resources/opa_api.rb

@@ -1,49 +0,0 @@
-require "inspec/resources/opa"
-
-module Inspec::Resources
-  class OpaApi < Opa
-    name "opa_api"
-    supports platform: "unix"
-    supports platform: "windows"
-
-    example <<~EXAMPLE
-      describe opa_api(url: "localhost:8181/v1/data/example/violation", data: "input.json") do
-        its(["result"]) { should eq 'value' }
-      end
-    EXAMPLE
-
-    def initialize(opts = {})
-      @url = opts[:url] || nil
-      @data = opts[:data] || nil
-      fail_resource "OPA url and data are mandatory." if @url.nil? || @url.empty? || @data.nil? || @data.empty?
-      @content = load_result
-      super(@content)
-    end
-
-    def allow
-      @content["result"]
-    end
-
-    def resource_id
-      @url || "opa_api"
-    end
-
-    def to_s
-      "OPA api"
-    end
-
-    private
-
-    def load_result
-      raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
-
-      result = inspec.command("curl -X POST #{@url} -d @#{@data} -H 'Content-Type: application/json'")
-      if result.exit_status == 0
-        result.stdout.gsub("\n", "")
-      else
-        error = result.stdout + "\n" + result.stderr
-        raise Inspec::Exceptions::ResourceFailed, "Error while executing OPA query: #{error}"
-      end
-    end
-  end
-end

data/lib/inspec/resources/opa_cli.rb

@@ -1,57 +0,0 @@
-require "inspec/resources/opa"
-
-module Inspec::Resources
-  class OpaCli < Opa
-    name "opa_cli"
-    supports platform: "unix"
-    supports platform: "windows"
-
-    example <<~EXAMPLE
-      describe opa_cli(policy: "example.rego", data: "input.json", query: "data.example.allow") do
-        its(["result"]) { should eq "value" }
-      end
-    EXAMPLE
-
-    def initialize(opts = {})
-      @opa_executable_path = opts[:opa_executable_path] || "opa" # if this path is not provided then we will assume that it's been set in the ENV PATH
-      @policy = opts[:policy] || nil
-      @data = opts[:data] || nil
-      @query = opts[:query] || nil
-      if (@policy.nil? || @policy.empty?) || (@data.nil? || @data.empty?) || (@query.nil? || @query.empty?)
-        fail_resource "OPA policy, data and query are mandatory."
-      end
-      @content = load_result
-      super(@content)
-    end
-
-    def allow
-      @content["result"][0]["expressions"][0]["value"] if @content["result"][0]["expressions"][0]["text"].include?("allow")
-    end
-
-    def resource_id
-      if @policy.nil? && @query.nil?
-        "opa_cli"
-      else
-        "#{@policy}:#{@query}"
-      end
-    end
-
-    def to_s
-      "OPA cli"
-    end
-
-    private
-
-    def load_result
-      raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
-
-      result = inspec.command("#{@opa_executable_path} eval -i '#{@data}' -d '#{@policy}' '#{@query}'")
-      if result.exit_status == 0
-        result.stdout.gsub("\n", "")
-      else
-        error = result.stdout + "\n" + result.stderr
-        raise Inspec::Exceptions::ResourceFailed, "Error while executing OPA query: #{error}"
-      end
-    end
-  end
-end