inspec-core 2.2.20 → 2.2.27

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 30bcedf19961b6e6f3d5c4866ce517d14042a5ba0c2cb492da68f94fe9284bac
-  data.tar.gz: cee89f571ddb03d6cfef422cbd1dfb6380f639505c021ef8cda96ac3fc396aa5
+  metadata.gz: d3e83bd4753e30a6a8a6569f787a498373949f5f30a8e2f7ab7eb5b22bae1884
+  data.tar.gz: 432466ba45330e301284891409ba146bf23a050808671500a18cf9e269fc492b
 SHA512:
-  metadata.gz: 22f243ab058aa7373298dab9c0604cce20a6490d9374a9dc39d27c575676cf6c1a27065c32e267c54cfa95d864767866464ac6565a8d95608838c140305111d4
-  data.tar.gz: b031ce5c1e573e9652b6beff2055342e1cb0470fa51560589a5e37797cf0040a4d5a2b5cbbeca38e26c4c4860b58e41e751889360ce29934f905503a90b44727
+  metadata.gz: 5cac8683865c6beecafe39fbde05794da68f6bd6c60e6a713e3bcfb850c1c5b35cffcf50989ad12ddff6e3fc6271adbd3d7e0f4f6e66c0d11dd440ff470ce218
+  data.tar.gz: 76d9f5a01a5030a5b3cb08ffa5db1bef5545ae1ca35cd56e873d16bdff0f0cd79cc961badcc7380d128832215c633619c973565de8c6b9834de70faf875d9393

data/CHANGELOG.md

@@ -1,25 +1,43 @@
 # Change Log
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
-<!-- latest_release 2.2.20 -->
-## [v2.2.20](https://github.com/inspec/inspec/tree/v2.2.20) (2018-06-21)
+<!-- latest_release 2.2.27 -->
+## [v2.2.27](https://github.com/inspec/inspec/tree/v2.2.27) (2018-06-29)
 
-#### Merged Pull Requests
-- Accept symbols and downcased criteria in aws_iam_policy have_statement matcher [#3129](https://github.com/inspec/inspec/pull/3129) ([clintoncwolfe](https://github.com/clintoncwolfe))
+#### New Features
+- Document exit codes for &#39;inspec exec&#39; and add --no-distinct-exit option [#3178](https://github.com/inspec/inspec/pull/3178) ([clintoncwolfe](https://github.com/clintoncwolfe))
 <!-- latest_release -->
 
-<!-- release_rollup since=2.2.16 -->
-### Changes since 2.2.16 release
+<!-- release_rollup since=2.2.20 -->
+### Changes since 2.2.20 release
 
-#### Merged Pull Requests
-- Accept symbols and downcased criteria in aws_iam_policy have_statement matcher [#3129](https://github.com/inspec/inspec/pull/3129) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 2.2.20 -->
+#### New Features
+- Document exit codes for &#39;inspec exec&#39; and add --no-distinct-exit option [#3178](https://github.com/inspec/inspec/pull/3178) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 2.2.27 -->
+- Set parent_profile field on child profiles (json report) [#3164](https://github.com/inspec/inspec/pull/3164) ([jquick](https://github.com/jquick)) <!-- 2.2.25 -->
 
 #### Enhancements
-- Fix control merging when overriding child controls [#3155](https://github.com/inspec/inspec/pull/3155) ([jquick](https://github.com/jquick)) <!-- 2.2.19 -->
-- auditd resource: Add handling for sudo/no command [#3151](https://github.com/inspec/inspec/pull/3151) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.2.18 -->
-- updated skip message to reflect accurate version of audit support [#3153](https://github.com/inspec/inspec/pull/3153) ([jeremymv2](https://github.com/jeremymv2)) <!-- 2.2.17 -->
+- Update core resources with filtertable API changes [#3117](https://github.com/inspec/inspec/pull/3117) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 2.2.26 -->
+- apache_conf resource: Strip quotes from values [#3142](https://github.com/inspec/inspec/pull/3142) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.2.24 -->
+
+#### Merged Pull Requests
+- Add functional tests for nested attributes [#3157](https://github.com/inspec/inspec/pull/3157) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 2.2.23 -->
+
+#### Bug Fixes
+- Detect inspec-core mode and do not attempt to load cloud resources [#3163](https://github.com/inspec/inspec/pull/3163) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 2.2.22 -->
+- Add support for shallow link paths [#3168](https://github.com/inspec/inspec/pull/3168) ([ColinHebert](https://github.com/ColinHebert)) <!-- 2.2.21 -->
 <!-- release_rollup -->
 
 <!-- latest_stable_release -->
+## [v2.2.20](https://github.com/inspec/inspec/tree/v2.2.20) (2018-06-21)
+
+#### Enhancements
+- updated skip message to reflect accurate version of audit support [#3153](https://github.com/inspec/inspec/pull/3153) ([jeremymv2](https://github.com/jeremymv2))
+- auditd resource: Add handling for sudo/no command [#3151](https://github.com/inspec/inspec/pull/3151) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
+- Fix control merging when overriding child controls [#3155](https://github.com/inspec/inspec/pull/3155) ([jquick](https://github.com/jquick))
+
+#### Merged Pull Requests
+- Accept symbols and downcased criteria in aws_iam_policy have_statement matcher [#3129](https://github.com/inspec/inspec/pull/3129) ([clintoncwolfe](https://github.com/clintoncwolfe))
+<!-- latest_stable_release -->
+
 ## [v2.2.16](https://github.com/inspec/inspec/tree/v2.2.16) (2018-06-15)
 
 #### Enhancements
@@ -31,7 +49,6 @@
 - Add insecure option to the automate report json [#3124](https://github.com/inspec/inspec/pull/3124) ([jquick](https://github.com/jquick))
 - Bump train version for inspec [#3147](https://github.com/inspec/inspec/pull/3147) ([jquick](https://github.com/jquick))
 - deprecate azure_generic_resource [#3132](https://github.com/inspec/inspec/pull/3132) ([chris-rock](https://github.com/chris-rock))
-<!-- latest_stable_release -->
 
 ## [v2.2.10](https://github.com/inspec/inspec/tree/v2.2.10) (2018-06-08)
 

data/docs/resources/file.md.erb

@@ -33,7 +33,7 @@ content, size, basename, path, owner, group, type
 
 ### Unix/Linux Properties
 
-symlink, mode, link_path, mtime, size, selinux\_label, md5sum, sha256sum, path, source, source\_path, uid, gid
+symlink, mode, link_path, shallow_link_path, mtime, size, selinux\_label, md5sum, sha256sum, path, source, source\_path, uid, gid
 
 ### Windows Properties
 
@@ -74,10 +74,17 @@ The following examples show how to use this InSpec audit resource.
 ### link_path
 
 The `link_path` property tests if the file exists at the specified path. If the file is a symlink,
-InSpec will resolve the symlink and return the ultimate linked file.
+InSpec will resolve the symlink recursively and return the ultimate linked file.
 
     its('link_path') { should eq '/some/path/to/file' }
 
+### shallow_link_path
+
+The `shallow_link_path`` property returns the path that the file refers to, only resolving
+it once (that is, it performs a readlink operation). If the file is not a symlink, nil is returned.
+
+    its('shallow_link_path') { should eq '/some/path/to/file' }
+
 ### md5sum
 
 The `md5sum` property tests if the MD5 checksum for a file matches the specified value.
@@ -316,7 +323,7 @@ The following example shows how to use the `file` audit resource to verify if th
 
 ### Test parameters of symlinked file
 
-If you need to test the parameters of the target file for a symlink, you can use the `link_path` method for the `file` resource.
+If you need to test the parameters of the target file for a symlink, you can use the `link_path` (recursive resolution) or `shallow_link_path` (direct link) method for the `file` resource.
 
 For example, for the following symlink:
 

data/lib/inspec/base_cli.rb

@@ -83,6 +83,8 @@ module Inspec
         desc: 'Allow caching for backend command output. (default: true)'
       option :show_progress, type: :boolean,
         desc: 'Show progress while executing tests.'
+      option :distinct_exit, type: :boolean, default: true,
+        desc: 'Exit with code 101 if any tests fail, and 100 if any are skipped (default).  If disabled, exit 0 on skips and 1 for failures.'
     end
 
     def self.default_options

data/lib/inspec/cli.rb

@@ -156,6 +156,9 @@ class Inspec::InspecCLI < Inspec::BaseCLI
   end
 
   desc 'exec PATHS', 'run all test files at the specified PATH.'
+  long_desc <<~EOT
+    Loads the given profile(s) and fetches their dependencies if needed.  Then connects to the target and executes any controls contained in the profiles.  One or more reporters are used to generate output.  If all tests passed (no fails, no skips) exit code 0 is returned.  If some tests skipped but none failed, exit code 101 is returned. If at least one test failed, exit code 100 is returned.  If inspec failed for any other reason, exit code 1 is returned.
+  EOT
   exec_options
   def exec(*targets)
     o = opts(:exec).dup
@@ -204,6 +207,8 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     desc: 'Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit'
   option :depends, type: :array, default: [],
     desc: 'A space-delimited list of local folders containing profiles whose libraries and resources will be loaded into the new shell'
+  option :distinct_exit, type: :boolean, default: true,
+    desc: 'Exit with code 101 if any tests fail, and 100 if any are skipped (default).  If disabled, exit 0 on skips and 1 for failures.'
   def shell_func
     o = opts(:shell).dup
     diagnose(o)

data/lib/inspec/dependencies/dependency_set.rb

@@ -14,13 +14,13 @@ module Inspec
     # @param cwd [String] Current working directory for relative path includes
     # @param vendor_path [String] Path to the vendor directory
     #
-    def self.from_lockfile(lockfile, cwd, cache, backend, opts = {})
+    def self.from_lockfile(lockfile, config, opts = {})
       dep_tree = lockfile.deps.map do |dep|
-        Inspec::Requirement.from_lock_entry(dep, cwd, cache, backend, opts)
+        Inspec::Requirement.from_lock_entry(dep, config, opts)
       end
 
       dep_list = flatten_dep_tree(dep_tree)
-      new(cwd, cache, dep_list, backend)
+      new(config[:cwd], config[:cache], dep_list, config[:backend])
     end
 
     def self.from_array(dependencies, cwd, cache, backend)

data/lib/inspec/dependencies/requirement.rb

@@ -17,37 +17,42 @@ module Inspec
       if dep[:path]
         req_path = File.expand_path(dep[:path], req_path)
       end
+      config = {
+        cache: cache,
+        cwd: req_path,
+      }
 
       new(dep[:name],
           dep[:version],
-          cache,
-          req_path,
+          config,
           opts.merge(dep))
     end
 
-    def self.from_lock_entry(entry, cwd, cache, backend, opts = {})
+    def self.from_lock_entry(entry, config, opts = {})
       req = new(entry[:name],
                 entry[:version_constraints],
-                cache,
-                cwd,
-                entry[:resolved_source].merge(backend: backend).merge(opts))
+                config,
+                entry[:resolved_source].merge(backend: config[:backend]).merge(opts))
 
       locked_deps = []
       Array(entry[:dependencies]).each do |dep_entry|
-        locked_deps << Inspec::Requirement.from_lock_entry(dep_entry, cwd, cache, backend, opts)
+        dep_config = config.dup
+        dep_config[:parent_profile] = entry[:name]
+        locked_deps << Inspec::Requirement.from_lock_entry(dep_entry, dep_config, opts)
       end
       req.lock_deps(locked_deps)
       req
     end
 
     attr_reader :cwd, :opts, :version_constraints
-    def initialize(name, version_constraints, cache, cwd, opts)
+    def initialize(name, version_constraints, config, opts)
       @name = name
       @version_constraints = Array(version_constraints)
-      @cache = cache
+      @cache = config[:cache]
       @backend = opts[:backend]
       @opts = opts
-      @cwd = cwd
+      @cwd = config[:cwd]
+      @parent_profile = config[:parent_profile]
     end
 
     #
@@ -114,10 +119,12 @@ module Inspec
       return @profile unless @profile.nil?
       opts = @opts.dup
       opts[:backend] = @backend
-      if !@dependencies.nil?
+      if !@dependencies.nil? && !@dependencies.empty?
         opts[:dependencies] = Inspec::DependencySet.from_array(@dependencies, @cwd, @cache, @backend)
       end
       @profile = Inspec::Profile.for_fetcher(fetcher, opts)
+      @profile.parent_profile = @parent_profile
+      @profile
     end
   end
 end

data/lib/inspec/profile.rb

@@ -79,6 +79,7 @@ module Inspec
     end
 
     attr_reader :source_reader, :backend, :runner_context, :check_mode
+    attr_accessor :parent_profile
     def_delegator :@source_reader, :tests
     def_delegator :@source_reader, :libraries
     def_delegator :@source_reader, :metadata
@@ -230,6 +231,7 @@ module Inspec
       # add information about the required attributes
       res[:attributes] = res[:attributes].map(&:to_hash) unless res[:attributes].nil? || res[:attributes].empty?
       res[:sha256] = sha256
+      res[:parent_profile] = parent_profile unless parent_profile.nil?
       res
     end
 
@@ -414,7 +416,13 @@ module Inspec
     end
 
     def load_dependencies
-      Inspec::DependencySet.from_lockfile(lockfile, cwd, @cache, @backend, { attributes: @attr_values })
+      config = {
+        cwd: cwd,
+        cache: @cache,
+        backend: @backend,
+        parent_profile: name,
+      }
+      Inspec::DependencySet.from_lockfile(lockfile, config, { attributes: @attr_values })
     end
 
     # Calculate this profile's SHA256 checksum. Includes metadata, dependencies,

data/lib/inspec/reporters/json.rb

@@ -105,6 +105,7 @@ module Inspec::Reporters
           copyright_email: p[:copyright_email],
           supports: p[:supports],
           attributes: p[:attributes],
+          parent_profile: p[:parent_profile],
           depends: p[:depends],
           groups: profile_groups(p),
           controls: profile_controls(p),

data/lib/inspec/resource.rb

@@ -85,15 +85,27 @@ end
 # Many resources use FilterTable.
 require 'utils/filter'
 
-# AWS resources are included via their own file.
-require 'resource_support/aws' if Gem.loaded_specs.key?('aws-sdk')
-
-if Gem.loaded_specs.key?('azure_mgmt_resources')
-  require 'resources/azure/azure_backend.rb'
-  require 'resources/azure/azure_generic_resource.rb'
-  require 'resources/azure/azure_resource_group.rb'
-  require 'resources/azure/azure_virtual_machine.rb'
-  require 'resources/azure/azure_virtual_machine_data_disk.rb'
+# Detect if we are running the stripped-down inspec-core
+# This relies on AWS being stripped from the inspec-core gem
+inspec_core_only = !File.exist?(File.join(File.dirname(__FILE__), '..', 'resource_support', 'aws.rb'))
+
+# Do not attempt to load cloud resources if we are in inspec-core mode
+unless inspec_core_only
+  # AWS resources are included via their own file,
+  # but only consider loading them if we have the SDK available, and is v2.
+  # https://github.com/inspec/inspec/issues/2571
+  if Gem.loaded_specs.key?('aws-sdk') && Gem.loaded_specs['aws-sdk'].version < Gem::Version.new('3.0.0')
+    require 'resource_support/aws'
+  end
+
+  # Azure resources
+  if Gem.loaded_specs.key?('azure_mgmt_resources')
+    require 'resources/azure/azure_backend.rb'
+    require 'resources/azure/azure_generic_resource.rb'
+    require 'resources/azure/azure_resource_group.rb'
+    require 'resources/azure/azure_virtual_machine.rb'
+    require 'resources/azure/azure_virtual_machine_data_disk.rb'
+  end
 end
 
 require 'resources/aide_conf'

data/lib/inspec/runner_rspec.rb

@@ -87,9 +87,9 @@ module Inspec
       if stats[:failed][:total] == 0 && stats[:skipped][:total] == 0
         0
       elsif stats[:failed][:total] > 0
-        100
+        @conf['distinct_exit'] ? 100 : 1
       elsif stats[:skipped][:total] > 0
-        101
+        @conf['distinct_exit'] ? 101 : 0
       else
         @rspec_exit_code
       end

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '2.2.20'
+  VERSION = '2.2.27'
 end

data/lib/resources/aide_conf.rb

@@ -44,12 +44,10 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:selection_lines, field: 'selection_line')
-          .add(:rules,           field: 'rules')
+    filter.register_column(:selection_lines, field: 'selection_line')
+          .register_column(:rules,           field: 'rules')
 
-    filter.connect(self, :params)
+    filter.install_filter_methods_on_resource(self, :params)
 
     private
 

data/lib/resources/apache_conf.rb

@@ -85,6 +85,14 @@ module Inspec::Resources
           assignment_regex: /^\s*(\S+)\s+((?=.*\s+$).*?|.*)\s*$/,
           multiple_values: true,
         ).params
+
+        # Capture any characters between quotes that are not escaped in values
+        params.values.map! do |value|
+          value.map! do |sub_value|
+            sub_value[/(?<=["|'])(?:\\.|[^"'\\])*(?=["|'])/] || sub_value
+          end
+        end
+
         @params.merge!(params)
 
         to_read = to_read.drop(1)

data/lib/resources/auditd.rb

@@ -55,21 +55,19 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:file,         field: 'file')
-          .add(:list,         field: 'list')
-          .add(:action,       field: 'action')
-          .add(:fields,       field: 'fields')
-          .add(:fields_nokey, field: 'fields_nokey')
-          .add(:syscall,      field: 'syscall')
-          .add(:key,          field: 'key')
-          .add(:arch,         field: 'arch')
-          .add(:path,         field: 'path')
-          .add(:permissions,  field: 'permissions')
-          .add(:exit,         field: 'exit')
-
-    filter.connect(self, :params)
+    filter.register_column(:file,         field: 'file')
+          .register_column(:list,         field: 'list')
+          .register_column(:action,       field: 'action')
+          .register_column(:fields,       field: 'fields')
+          .register_column(:fields_nokey, field: 'fields_nokey')
+          .register_column(:syscall,      field: 'syscall')
+          .register_column(:key,          field: 'key')
+          .register_column(:arch,         field: 'arch')
+          .register_column(:path,         field: 'path')
+          .register_column(:permissions,  field: 'permissions')
+          .register_column(:exit,         field: 'exit')
+
+    filter.install_filter_methods_on_resource(self, :params)
 
     def status(name = nil)
       @status_content ||= inspec.command('/sbin/auditctl -s').stdout.chomp

data/lib/resources/crontab.rb

@@ -65,24 +65,22 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:minutes,  field: 'minute')
-          .add(:hours,    field: 'hour')
-          .add(:days,     field: 'day')
-          .add(:months,   field: 'month')
-          .add(:weekdays, field: 'weekday')
-          .add(:user,     field: 'user')
-          .add(:commands, field: 'command')
+    filter.register_column(:minutes,  field: 'minute')
+          .register_column(:hours,    field: 'hour')
+          .register_column(:days,     field: 'day')
+          .register_column(:months,   field: 'month')
+          .register_column(:weekdays, field: 'weekday')
+          .register_column(:user,     field: 'user')
+          .register_column(:commands, field: 'command')
 
     # rebuild the crontab line from raw content
-    filter.add(:content) { |t, _|
+    filter.register_custom_property(:content) { |t, _|
       t.entries.map do |e|
         [e.minute, e.hour, e.day, e.month, e.weekday, e.user, e.command].compact.join(' ')
       end.join("\n")
     }
 
-    filter.connect(self, :params)
+    filter.install_filter_methods_on_resource(self, :params)
 
     def to_s
       if is_system_crontab?

data/lib/resources/docker.rb

@@ -10,25 +10,23 @@ module Inspec::Resources
   class DockerContainerFilter
     # use filtertable for containers
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:commands,       field: 'command')
-          .add(:ids,            field: 'id')
-          .add(:images,         field: 'image')
-          .add(:labels,         field: 'labels')
-          .add(:local_volumes,  field: 'localvolumes')
-          .add(:mounts,         field: 'mounts')
-          .add(:names,          field: 'names')
-          .add(:networks,       field: 'networks')
-          .add(:ports,          field: 'ports')
-          .add(:running_for,    field: 'runningfor')
-          .add(:sizes,          field: 'size')
-          .add(:status,         field: 'status')
-          .add(:exists?) { |x| !x.entries.empty? }
-          .add(:running?) { |x|
+    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+    filter.register_column(:commands,       field: 'command')
+          .register_column(:ids,            field: 'id')
+          .register_column(:images,         field: 'image')
+          .register_column(:labels,         field: 'labels')
+          .register_column(:local_volumes,  field: 'localvolumes')
+          .register_column(:mounts,         field: 'mounts')
+          .register_column(:names,          field: 'names')
+          .register_column(:networks,       field: 'networks')
+          .register_column(:ports,          field: 'ports')
+          .register_column(:running_for,    field: 'runningfor')
+          .register_column(:sizes,          field: 'size')
+          .register_column(:status,         field: 'status')
+          .register_custom_matcher(:running?) { |x|
             x.where { status.downcase.start_with?('up') }
           }
-    filter.connect(self, :containers)
+    filter.install_filter_methods_on_resource(self, :containers)
 
     attr_reader :containers
     def initialize(containers)
@@ -38,17 +36,15 @@ module Inspec::Resources
 
   class DockerImageFilter
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:ids,              field: 'id')
-          .add(:repositories,     field: 'repository')
-          .add(:tags,             field: 'tag')
-          .add(:sizes,            field: 'size')
-          .add(:digests,          field: 'digest')
-          .add(:created,          field: 'createdat')
-          .add(:created_since,    field: 'createdsize')
-          .add(:exists?) { |x| !x.entries.empty? }
-    filter.connect(self, :images)
+    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+    filter.register_column(:ids,              field: 'id')
+          .register_column(:repositories,     field: 'repository')
+          .register_column(:tags,             field: 'tag')
+          .register_column(:sizes,            field: 'size')
+          .register_column(:digests,          field: 'digest')
+          .register_column(:created,          field: 'createdat')
+          .register_column(:created_since,    field: 'createdsize')
+    filter.install_filter_methods_on_resource(self, :images)
 
     attr_reader :images
     def initialize(images)
@@ -58,16 +54,14 @@ module Inspec::Resources
 
   class DockerServiceFilter
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:ids,              field: 'id')
-          .add(:names,            field: 'name')
-          .add(:modes,            field: 'mode')
-          .add(:replicas,         field: 'replicas')
-          .add(:images,           field: 'image')
-          .add(:ports,            field: 'ports')
-          .add(:exists?) { |x| !x.entries.empty? }
-    filter.connect(self, :services)
+    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+    filter.register_column(:ids,              field: 'id')
+          .register_column(:names,            field: 'name')
+          .register_column(:modes,            field: 'mode')
+          .register_column(:replicas,         field: 'replicas')
+          .register_column(:images,           field: 'image')
+          .register_column(:ports,            field: 'ports')
+    filter.install_filter_methods_on_resource(self, :services)
 
     attr_reader :services
     def initialize(services)

data/lib/resources/elasticsearch.rb

@@ -24,35 +24,33 @@ module Inspec::Resources
     "
 
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:cluster_name,          field: 'cluster_name')
-          .add(:node_name,             field: 'name')
-          .add(:transport_address,     field: 'transport_address')
-          .add(:host,                  field: 'host')
-          .add(:ip,                    field: 'ip')
-          .add(:version,               field: 'version')
-          .add(:build_hash,            field: 'build_hash')
-          .add(:total_indexing_buffer, field: 'total_indexing_buffer')
-          .add(:roles,                 field: 'roles')
-          .add(:settings,              field: 'settings')
-          .add(:os,                    field: 'os')
-          .add(:process,               field: 'process')
-          .add(:jvm,                   field: 'jvm')
-          .add(:transport,             field: 'transport')
-          .add(:http,                  field: 'http')
-          .add(:plugins,               field: 'plugins')
-          .add(:plugin_list,           field: 'plugin_list')
-          .add(:modules,               field: 'modules')
-          .add(:module_list,           field: 'module_list')
-          .add(:node_id,               field: 'node_id')
-          .add(:ingest,                field: 'ingest')
-          .add(:exists?) { |x| !x.entries.empty? }
-          .add(:node_count) { |t, _|
+    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+    filter.register_column(:cluster_name,          field: 'cluster_name')
+          .register_column(:node_name,             field: 'name')
+          .register_column(:transport_address,     field: 'transport_address')
+          .register_column(:host,                  field: 'host')
+          .register_column(:ip,                    field: 'ip')
+          .register_column(:version,               field: 'version')
+          .register_column(:build_hash,            field: 'build_hash')
+          .register_column(:total_indexing_buffer, field: 'total_indexing_buffer')
+          .register_column(:roles,                 field: 'roles')
+          .register_column(:settings,              field: 'settings')
+          .register_column(:os,                    field: 'os')
+          .register_column(:process,               field: 'process')
+          .register_column(:jvm,                   field: 'jvm')
+          .register_column(:transport,             field: 'transport')
+          .register_column(:http,                  field: 'http')
+          .register_column(:plugins,               field: 'plugins')
+          .register_column(:plugin_list,           field: 'plugin_list')
+          .register_column(:modules,               field: 'modules')
+          .register_column(:module_list,           field: 'module_list')
+          .register_column(:node_id,               field: 'node_id')
+          .register_column(:ingest,                field: 'ingest')
+          .register_custom_property(:node_count) { |t, _|
             t.entries.length
           }
 
-    filter.connect(self, :nodes)
+    filter.install_filter_methods_on_resource(self, :nodes)
 
     attr_reader :nodes, :url
 

data/lib/resources/etc_fstab.rb

@@ -38,17 +38,15 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:device_name,           field: 'device_name')
-          .add(:mount_point,           field: 'mount_point')
-          .add(:file_system_type,      field: 'file_system_type')
-          .add(:mount_options,         field: 'mount_options')
-          .add(:dump_options,          field: 'dump_options')
-          .add(:file_system_options,   field: 'file_system_options')
-          .add(:configured?) { |x| x.entries.any? }
+    filter.register_column(:device_name,           field: 'device_name')
+          .register_column(:mount_point,           field: 'mount_point')
+          .register_column(:file_system_type,      field: 'file_system_type')
+          .register_column(:mount_options,         field: 'mount_options')
+          .register_column(:dump_options,          field: 'dump_options')
+          .register_column(:file_system_options,   field: 'file_system_options')
+          .register_custom_matcher(:configured?) { |x| x.entries.any? }
 
-    filter.connect(self, :params)
+    filter.install_filter_methods_on_resource(self, :params)
 
     def nfs_file_systems
       where { file_system_type.match(/nfs/) }

data/lib/resources/etc_hosts.rb

@@ -33,12 +33,10 @@ class EtcHosts < Inspec.resource(1)
   end
 
   FilterTable.create
-             .add_accessor(:where)
-             .add_accessor(:entries)
-             .add(:ip_address,     field: 'ip_address')
-             .add(:primary_name,   field: 'primary_name')
-             .add(:all_host_names, field: 'all_host_names')
-             .connect(self, :params)
+             .register_column(:ip_address,     field: 'ip_address')
+             .register_column(:primary_name,   field: 'primary_name')
+             .register_column(:all_host_names, field: 'all_host_names')
+             .install_filter_methods_on_resource(self, :params)
 
   private
 

data/lib/resources/etc_hosts_allow_deny.rb

@@ -29,13 +29,11 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:daemon,      field: 'daemon')
-          .add(:client_list, field: 'client_list')
-          .add(:options,     field: 'options')
+    filter.register_column(:daemon,      field: 'daemon')
+          .register_column(:client_list, field: 'client_list')
+          .register_column(:options,     field: 'options')
 
-    filter.connect(self, :params)
+    filter.install_filter_methods_on_resource(self, :params)
 
     private
 

data/lib/resources/file.rb

@@ -44,7 +44,7 @@ module Inspec::Resources
     %w{
       type exist? file? block_device? character_device? socket? directory?
       symlink? pipe? mode mode? owner owned_by? group grouped_into?
-      link_path linked_to? mtime size selinux_label immutable?
+      link_path shallow_link_path linked_to? mtime size selinux_label immutable?
       product_version file_version version? md5sum sha256sum
       path basename source source_path uid gid
     }.each do |m|

data/lib/resources/firewalld.rb

@@ -28,14 +28,12 @@ module Inspec::Resources
     attr_reader :params
 
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:zone,       field: 'zone')
-          .add(:interfaces, field: 'interfaces')
-          .add(:sources,    field: 'sources')
-          .add(:services,   field: 'services')
-
-    filter.connect(self, :params)
+    filter.register_column(:zone,       field: 'zone')
+          .register_column(:interfaces, field: 'interfaces')
+          .register_column(:sources,    field: 'sources')
+          .register_column(:services,   field: 'services')
+
+    filter.install_filter_methods_on_resource(self, :params)
 
     def initialize
       @params = parse_active_zones(active_zones)

data/lib/resources/groups.rb

@@ -47,14 +47,12 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:names,     field: 'name')
-          .add(:gids,      field: 'gid')
-          .add(:domains,   field: 'domain')
-          .add(:members,   field: 'members')
-          .add(:exists?) { |x| !x.entries.empty? }
-    filter.connect(self, :collect_group_details)
+    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+    filter.register_column(:names,     field: 'name')
+          .register_column(:gids,      field: 'gid')
+          .register_column(:domains,   field: 'domain')
+          .register_column(:members,   field: 'members')
+    filter.install_filter_methods_on_resource(self, :collect_group_details)
 
     def to_s
       'Groups'

data/lib/resources/nginx_conf.rb

@@ -156,9 +156,8 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add(:servers, field: 'server')
-          .connect(self, :server_table)
+    filter.register_column(:servers, field: 'server')
+          .install_filter_methods_on_resource(self, :server_table)
 
     def locations
       servers.map(&:locations).flatten
@@ -184,9 +183,8 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add(:locations, field: 'location')
-          .connect(self, :location_table)
+    filter.register_column(:locations, field: 'location')
+          .install_filter_methods_on_resource(self, :location_table)
 
     def to_s
       server = ''

data/lib/resources/packages.rb

@@ -42,13 +42,11 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:statuses,  field: 'status', style: :simple)
-          .add(:names,     field: 'name')
-          .add(:versions,  field: 'version')
-          .add(:architectures, field: 'architecture')
-          .connect(self, :filtered_packages)
+    filter.register_column(:statuses,  field: 'status', style: :simple)
+          .register_column(:names,     field: 'name')
+          .register_column(:versions,  field: 'version')
+          .register_column(:architectures, field: 'architecture')
+          .install_filter_methods_on_resource(self, :filtered_packages)
 
     private
 

data/lib/resources/passwd.rb

@@ -50,24 +50,22 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:users,     field: 'user')
-          .add(:passwords, field: 'password')
-          .add(:uids,      field: 'uid')
-          .add(:gids,      field: 'gid')
-          .add(:descs,     field: 'desc')
-          .add(:homes,     field: 'home')
-          .add(:shells,    field: 'shell')
+    filter.register_column(:users,     field: 'user')
+          .register_column(:passwords, field: 'password')
+          .register_column(:uids,      field: 'uid')
+          .register_column(:gids,      field: 'gid')
+          .register_column(:descs,     field: 'desc')
+          .register_column(:homes,     field: 'home')
+          .register_column(:shells,    field: 'shell')
 
     # rebuild the passwd line from raw content
-    filter.add(:content) { |t, _|
+    filter.register_custom_property(:content) { |t, _|
       t.entries.map do |e|
         [e.user, e.password, e.uid, e.gid, e.desc, e.home, e.shell].join(':')
       end.join("\n")
     }
 
-    filter.connect(self, :params)
+    filter.install_filter_methods_on_resource(self, :params)
 
     def to_s
       '/etc/passwd'

data/lib/resources/port.rb

@@ -39,15 +39,13 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:ports,     field: 'port', style: :simple)
-          .add(:addresses, field: 'address', style: :simple)
-          .add(:protocols, field: 'protocol', style: :simple)
-          .add(:processes, field: 'process', style: :simple)
-          .add(:pids,      field: 'pid', style: :simple)
-          .add(:listening?) { |x| !x.entries.empty? }
-    filter.connect(self, :info)
+    filter.register_column(:ports,     field: 'port', style: :simple)
+          .register_column(:addresses, field: 'address', style: :simple)
+          .register_column(:protocols, field: 'protocol', style: :simple)
+          .register_column(:processes, field: 'process', style: :simple)
+          .register_column(:pids,      field: 'pid', style: :simple)
+          .register_custom_matcher(:listening?) { |x| !x.entries.empty? }
+    filter.install_filter_methods_on_resource(self, :info)
 
     def to_s
       "Port #{@port}"

data/lib/resources/postgres_hba_conf.rb

@@ -28,16 +28,14 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:type,     field: 'type')
-          .add(:database, field: 'database')
-          .add(:user,     field: 'user')
-          .add(:address,  field: 'address')
-          .add(:auth_method, field: 'auth_method')
-          .add(:auth_params, field: 'auth_params')
+    filter.register_column(:type,     field: 'type')
+          .register_column(:database, field: 'database')
+          .register_column(:user,     field: 'user')
+          .register_column(:address,  field: 'address')
+          .register_column(:auth_method, field: 'auth_method')
+          .register_column(:auth_params, field: 'auth_params')
 
-    filter.connect(self, :params)
+    filter.install_filter_methods_on_resource(self, :params)
 
     def to_s
       "Postgres Hba Config #{@conf_file}"

data/lib/resources/postgres_ident_conf.rb

@@ -27,13 +27,11 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:map_name,        field: 'map_name')
-          .add(:system_username, field: 'system_username')
-          .add(:pg_username,     field: 'pg_username')
+    filter.register_column(:map_name,        field: 'map_name')
+          .register_column(:system_username, field: 'system_username')
+          .register_column(:pg_username,     field: 'pg_username')
 
-    filter.connect(self, :params)
+    filter.install_filter_methods_on_resource(self, :params)
 
     def to_s
       "PostgreSQL Ident Config #{@conf_file}"

data/lib/resources/processes.rb

@@ -61,21 +61,19 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:labels,   field: 'label')
-          .add(:pids,     field: 'pid')
-          .add(:cpus,     field: 'cpu')
-          .add(:mem,      field: 'mem')
-          .add(:vsz,      field: 'vsz')
-          .add(:rss,      field: 'rss')
-          .add(:tty,      field: 'tty')
-          .add(:states,   field: 'stat')
-          .add(:start,    field: 'start')
-          .add(:time,     field: 'time')
-          .add(:users,    field: 'user')
-          .add(:commands, field: 'command')
-          .connect(self, :filtered_processes)
+    filter.register_column(:labels,   field: 'label')
+          .register_column(:pids,     field: 'pid')
+          .register_column(:cpus,     field: 'cpu')
+          .register_column(:mem,      field: 'mem')
+          .register_column(:vsz,      field: 'vsz')
+          .register_column(:rss,      field: 'rss')
+          .register_column(:tty,      field: 'tty')
+          .register_column(:states,   field: 'stat')
+          .register_column(:start,    field: 'start')
+          .register_column(:time,     field: 'time')
+          .register_column(:users,    field: 'user')
+          .register_column(:commands, field: 'command')
+          .install_filter_methods_on_resource(self, :filtered_processes)
 
     private
 

data/lib/resources/ssl.rb

@@ -58,15 +58,13 @@ class SSL < Inspec.resource(1)
   end
 
   filter = FilterTable.create
-  filter.add(:enabled?) do |x|
+  filter.register_custom_matcher(:enabled?) do |x|
     raise 'Cannot determine host for SSL test. Please specify it or use a different target.' if x.resource.host.nil?
     x.handshake.values.any? { |i| i['success'] }
   end
-  filter.add_accessor(:where)
-        .add_accessor(:entries)
-        .add(:ciphers, field: 'cipher')
-        .add(:protocols, field: 'protocol')
-        .add(:handshake) { |x|
+  filter.register_column(:ciphers, field: 'cipher')
+        .register_column(:protocols, field: 'protocol')
+        .register_custom_property(:handshake) { |x|
           groups = x.entries.group_by(&:protocol)
           res = Parallel.map(groups, in_threads: 8) do |proto, e|
             [proto, SSLShake.hello(x.resource.host, port: x.resource.port,
@@ -75,7 +73,7 @@ class SSL < Inspec.resource(1)
           end
           Hash[res]
         }
-        .connect(self, :scan_config)
+        .install_filter_methods_on_resource(self, :scan_config)
 
   def to_s
     "SSL/TLS on #{@host}:#{@port}"

data/lib/resources/users.rb

@@ -70,23 +70,21 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:usernames, field: :username)
-          .add(:uids,      field: :uid)
-          .add(:gids,      field: :gid)
-          .add(:groupnames, field: :groupname)
-          .add(:groups,    field: :groups)
-          .add(:homes,     field: :home)
-          .add(:shells,    field: :shell)
-          .add(:mindays,   field: :mindays)
-          .add(:maxdays,   field: :maxdays)
-          .add(:warndays,  field: :warndays)
-          .add(:disabled,  field: :disabled)
-          .add(:exists?) { |x| !x.entries.empty? }
-          .add(:disabled?) { |x| x.where { disabled == false }.entries.empty? }
-          .add(:enabled?) { |x| x.where { disabled == true }.entries.empty? }
-    filter.connect(self, :collect_user_details)
+    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+    filter.register_column(:usernames, field: :username)
+          .register_column(:uids,      field: :uid)
+          .register_column(:gids,      field: :gid)
+          .register_column(:groupnames, field: :groupname)
+          .register_column(:groups,    field: :groups)
+          .register_column(:homes,     field: :home)
+          .register_column(:shells,    field: :shell)
+          .register_column(:mindays,   field: :mindays)
+          .register_column(:maxdays,   field: :maxdays)
+          .register_column(:warndays,  field: :warndays)
+          .register_column(:disabled,  field: :disabled)
+          .register_custom_matcher(:disabled?) { |x| x.where { disabled == false }.entries.empty? }
+          .register_custom_matcher(:enabled?) { |x| x.where { disabled == true }.entries.empty? }
+    filter.install_filter_methods_on_resource(self, :collect_user_details)
 
     def to_s
       'Users'

data/lib/resources/xinetd.rb

@@ -37,17 +37,15 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:services,     field: 'service')
-          .add(:ids,          field: 'id')
-          .add(:socket_types, field: 'socket_type')
-          .add(:types,        field: 'type')
-          .add(:protocols,    field: 'protocol')
-          .add(:wait,         field: 'wait')
-          .add(:disabled?) { |x| x.where('disable' => 'no').services.empty? }
-          .add(:enabled?) { |x| x.where('disable' => 'yes').services.empty? }
-          .connect(self, :service_lines)
+    filter.register_column(:services,     field: 'service')
+          .register_column(:ids,          field: 'id')
+          .register_column(:socket_types, field: 'socket_type')
+          .register_column(:types,        field: 'type')
+          .register_column(:protocols,    field: 'protocol')
+          .register_column(:wait,         field: 'wait')
+          .register_custom_matcher(:disabled?) { |x| x.where('disable' => 'no').services.empty? }
+          .register_custom_matcher(:enabled?) { |x| x.where('disable' => 'yes').services.empty? }
+          .install_filter_methods_on_resource(self, :service_lines)
 
     private
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 2.2.20
+  version: 2.2.27
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-06-21 00:00:00.000000000 Z
+date: 2018-06-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train-core