inspec-core 3.0.9 → 3.0.12

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +29 -18
  3. data/etc/plugin_filters.json +9 -1
  4. data/lib/inspec/resource.rb +2 -0
  5. data/lib/inspec/runner_rspec.rb +1 -1
  6. data/lib/inspec/version.rb +1 -1
  7. data/lib/resources/ksh.rb +35 -0
  8. data/lib/resources/security_identifier.rb +84 -0
  9. data/lib/utils/command_wrapper.rb +1 -1
  10. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a431d03f25295c36b0f8794f4ffe8b171b92aad79359002e6e902f695e81a5d8
4
- data.tar.gz: 75895f344a4112e743b6f0a71c012cd77ccf82c3fc864510635c9571ae477a33
3
+ metadata.gz: 4d7f25755317e631219a5c447f33cba097794330620601d137f8a9445c859f2c
4
+ data.tar.gz: 864647b41c81eaa85b3d397c7b8532a8d0f801ae4ede1ad2a2e225abbbeb982d
5
5
  SHA512:
6
- metadata.gz: a02c188caf9e1e0ce8636de9ce71e69831df12fba7f2a1116c0086e4aaf7382b4d1f470f7bb80f988302eb8d18e52f65dab60c6ab39bf628b58fed4c1a334671
7
- data.tar.gz: 7ae1264c8afdaf13c1582f7d91c3c34c6ba427483bc94103be00cf54f8ea1605f9fcc38f1a29c8a66f43d2f0d3ac92d707471b9abf613db88ba1960cd5dc374b
6
+ metadata.gz: 8b29bf9987dbd165250adc459e96ef0a8c2808d86e462245bdddefe1ccc7868f0d639bbd2bc48c5d5385fd65ed6dc8bb174b2b9a3639582ca2c5ee7da0f6cc4b
7
+ data.tar.gz: f1d5622d8032fe9eb14fecbec00f9903a1e2423f68e2ac0f3b3b604373f0515e6bb597c8faa9b81eda8283de918c13287b55738620811d753d79ab40e9cf6ca5
data/CHANGELOG.md CHANGED
@@ -1,32 +1,44 @@
1
1
  # Change Log
2
2
  <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
3
- <!-- latest_release 3.0.9 -->
4
- ## [v3.0.9](https://github.com/inspec/inspec/tree/v3.0.9) (2018-10-18)
3
+ <!-- latest_release 3.0.12 -->
4
+ ## [v3.0.12](https://github.com/inspec/inspec/tree/v3.0.12) (2018-10-24)
5
5
 
6
- #### Merged Pull Requests
7
- - Add missing tests for groups resource, document members property, and assorted fixes. [#3467](https://github.com/inspec/inspec/pull/3467) ([miah](https://github.com/miah))
6
+ #### Bug Fixes
7
+ - Update to safe navigation exit code search [#3541](https://github.com/inspec/inspec/pull/3541) ([jquick](https://github.com/jquick))
8
8
  <!-- latest_release -->
9
9
 
10
- <!-- release_rollup since=3.0.0 -->
11
- ### Changes since 3.0.0 release
12
-
13
- #### Enhancements
14
- - Minor cleanups of plugin documentation. &#39;Plugin&#39; instead of &#39;PluginDefinition&#39; [#3527](https://github.com/inspec/inspec/pull/3527) ([mattray](https://github.com/mattray)) <!-- 3.0.5 -->
10
+ <!-- release_rollup since=3.0.9 -->
11
+ ### Changes since 3.0.9 release
15
12
 
16
13
  #### Bug Fixes
17
- - Fixes corrupt plugins.json when testing a plugin outside of core [#3526](https://github.com/inspec/inspec/pull/3526) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 3.0.7 -->
18
- - FilterTable: allow Strings or Symbols as fields [#3481](https://github.com/inspec/inspec/pull/3481) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 3.0.2 -->
14
+ - Update to safe navigation exit code search [#3541](https://github.com/inspec/inspec/pull/3541) ([jquick](https://github.com/jquick)) <!-- 3.0.12 -->
19
15
 
20
16
  #### Merged Pull Requests
21
- - Add missing tests for groups resource, document members property, and assorted fixes. [#3467](https://github.com/inspec/inspec/pull/3467) ([miah](https://github.com/miah)) <!-- 3.0.9 -->
22
- - Pin inspec to the new train [#3531](https://github.com/inspec/inspec/pull/3531) ([jquick](https://github.com/jquick)) <!-- 3.0.8 -->
23
- - Add debug and sort options for plugins [#3530](https://github.com/inspec/inspec/pull/3530) ([jquick](https://github.com/jquick)) <!-- 3.0.6 -->
24
- - docs: Fix small issues with the `file` resource [#3515](https://github.com/inspec/inspec/pull/3515) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 3.0.4 -->
25
- - Filter out inspec-k8s and inspec-release [#3525](https://github.com/inspec/inspec/pull/3525) ([miah](https://github.com/miah)) <!-- 3.0.3 -->
26
- - style: Fix quotes/style on the `docker` resource [#3516](https://github.com/inspec/inspec/pull/3516) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 3.0.1 -->
17
+ - Add inspec/train vault to plugin exclusion [#3532](https://github.com/inspec/inspec/pull/3532) ([jquick](https://github.com/jquick)) <!-- 3.0.11 -->
18
+
19
+ #### New Resources
20
+ - New resource to work with Windows security identifiers (SIDs) [#3405](https://github.com/inspec/inspec/pull/3405) ([james-stocks](https://github.com/james-stocks)) <!-- 3.0.10 -->
27
21
  <!-- release_rollup -->
28
22
 
29
23
  <!-- latest_stable_release -->
24
+ ## [v3.0.9](https://github.com/inspec/inspec/tree/v3.0.9) (2018-10-18)
25
+
26
+ #### Enhancements
27
+ - Minor cleanups of plugin documentation. &#39;Plugin&#39; instead of &#39;PluginDefinition&#39; [#3527](https://github.com/inspec/inspec/pull/3527) ([mattray](https://github.com/mattray))
28
+
29
+ #### Bug Fixes
30
+ - FilterTable: allow Strings or Symbols as fields [#3481](https://github.com/inspec/inspec/pull/3481) ([clintoncwolfe](https://github.com/clintoncwolfe))
31
+ - Fixes corrupt plugins.json when testing a plugin outside of core [#3526](https://github.com/inspec/inspec/pull/3526) ([clintoncwolfe](https://github.com/clintoncwolfe))
32
+
33
+ #### Merged Pull Requests
34
+ - style: Fix quotes/style on the `docker` resource [#3516](https://github.com/inspec/inspec/pull/3516) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
35
+ - Filter out inspec-k8s and inspec-release [#3525](https://github.com/inspec/inspec/pull/3525) ([miah](https://github.com/miah))
36
+ - docs: Fix small issues with the `file` resource [#3515](https://github.com/inspec/inspec/pull/3515) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
37
+ - Add debug and sort options for plugins [#3530](https://github.com/inspec/inspec/pull/3530) ([jquick](https://github.com/jquick))
38
+ - Pin inspec to the new train [#3531](https://github.com/inspec/inspec/pull/3531) ([jquick](https://github.com/jquick))
39
+ - Add missing tests for groups resource, document members property, and assorted fixes. [#3467](https://github.com/inspec/inspec/pull/3467) ([miah](https://github.com/miah))
40
+ <!-- latest_stable_release -->
41
+
30
42
  ## [v3.0.0](https://github.com/inspec/inspec/tree/v3.0.0) (2018-10-15)
31
43
 
32
44
  #### Enhancements
@@ -35,7 +47,6 @@
35
47
  #### Merged Pull Requests
36
48
  - Change `Inspec ` to `InSpec ` where appropriate [#3494](https://github.com/inspec/inspec/pull/3494) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
37
49
  - Update the text on the generic default attribute [#3508](https://github.com/inspec/inspec/pull/3508) ([jquick](https://github.com/jquick))
38
- <!-- latest_stable_release -->
39
50
 
40
51
  ## [v2.3.24](https://github.com/inspec/inspec/tree/v2.3.24) (2018-10-12)
41
52
 
data/etc/plugin_filters.json CHANGED
@@ -15,7 +15,15 @@
15
15
  },
16
16
  {
17
17
  "plugin_name": "inspec-release",
18
- "rationale": "It is not plugin."
18
+ "rationale": "This gem is currently only a placeholder, waiting to be built."
19
+ },
20
+ {
21
+ "plugin_name": "inspec-vault",
22
+ "rationale": "This gem is currently only a placeholder, waiting to be built."
23
+ },
24
+ {
25
+ "plugin_name": "train-vault",
26
+ "rationale": "This gem is currently only a placeholder, waiting to be built."
19
27
  },
20
28
  {
21
29
  "plugin_name": "train-tax-calculator",
data/lib/inspec/resource.rb CHANGED
@@ -144,6 +144,7 @@ require 'resources/json'
144
144
  require 'resources/kernel_module'
145
145
  require 'resources/kernel_parameter'
146
146
  require 'resources/key_rsa'
147
+ require 'resources/ksh'
147
148
  require 'resources/limits_conf'
148
149
  require 'resources/login_def'
149
150
  require 'resources/mount'
@@ -175,6 +176,7 @@ require 'resources/powershell'
175
176
  require 'resources/processes'
176
177
  require 'resources/rabbitmq_conf'
177
178
  require 'resources/registry_key'
179
+ require 'resources/security_identifier'
178
180
  require 'resources/security_policy'
179
181
  require 'resources/service'
180
182
  require 'resources/shadow'
data/lib/inspec/runner_rspec.rb CHANGED
@@ -84,7 +84,7 @@ module Inspec
84
84
  def exit_code
85
85
  return @rspec_exit_code if @formatter.results.empty?
86
86
  stats = @formatter.results[:statistics][:controls]
87
- skipped = @formatter.results[:profiles].first[:status] == 'skipped'
87
+ skipped = @formatter.results&.fetch(:profiles, nil)&.first&.fetch(:status, nil) == 'skipped'
88
88
  if stats[:failed][:total] == 0 && stats[:skipped][:total] == 0 && !skipped
89
89
  0
90
90
  elsif stats[:failed][:total] > 0
data/lib/inspec/version.rb CHANGED
@@ -4,5 +4,5 @@
4
4
  # author: Christoph Hartmann
5
5
 
6
6
  module Inspec
7
- VERSION = '3.0.9'
7
+ VERSION = '3.0.12'
8
8
  end
data/lib/resources/ksh.rb ADDED
@@ -0,0 +1,35 @@
1
+ # encoding: utf-8
2
+
3
+ require 'utils/command_wrapper'
4
+ require 'resources/command'
5
+
6
+ module Inspec::Resources
7
+ class Ksh < Cmd
8
+ name 'ksh'
9
+ supports platform: 'unix'
10
+ desc 'Run a command or script in KornShell.'
11
+ example "
12
+ describe ksh('ls -al /') do
13
+ its('stdout') { should match /bin/ }
14
+ its('stderr') { should eq '' }
15
+ its('exit_status') { should eq 0 }
16
+ end
17
+
18
+ # Specify the path of the executable:
19
+ ksh('...', path: '/usr/bin/ksh93')
20
+
21
+ # Specify arguments (defaults to -c)
22
+ ksh('...', args: '-x -c')
23
+ "
24
+
25
+ def initialize(command, options = {})
26
+ @raw_command = command
27
+ options[:shell] = 'ksh' if options.is_a?(Hash)
28
+ super(CommandWrapper.wrap(command, options))
29
+ end
30
+
31
+ def to_s
32
+ "KornShell command #{@raw_command}"
33
+ end
34
+ end
35
+ end
data/lib/resources/security_identifier.rb ADDED
@@ -0,0 +1,84 @@
1
+ # encoding: utf-8
2
+ # frozen_string_literal: true
3
+
4
+ module Inspec::Resources
5
+ class SecurityIdentifier < Inspec.resource(1)
6
+ name 'security_identifier'
7
+ supports platform: 'windows'
8
+ desc 'Resource that returns a Security Identifier for a given entity name in Windows.'
9
+ example <<-EOD
10
+ describe security_identifier(group: 'Everyone') do
11
+ it { should exist }
12
+ its('sid') { should eq 'S-1-1-0' }
13
+ end
14
+ EOD
15
+
16
+ def initialize(opts = {})
17
+ supported_opt_keys = [:user, :group, :unspecified]
18
+ raise ArgumentError, "Invalid security_identifier param '#{opts}'. Please pass a hash with these supported keys: #{supported_opt_keys}" unless opts.respond_to?(:keys)
19
+ raise ArgumentError, "Unsupported security_identifier options '#{opts.keys - supported_opt_keys}'. Supported keys: #[supported_opt_keys]" unless (opts.keys - supported_opt_keys).empty?
20
+ raise ArgumentError, 'Specifying more than one of :user :group or :unspecified for security_identifier is not supported' unless opts.keys && (opts.keys & supported_opt_keys).length == 1
21
+ if opts[:user]
22
+ @type = :user
23
+ @name = opts[:user]
24
+ end
25
+ if opts[:group]
26
+ @type = :group
27
+ @name = opts[:group]
28
+ end
29
+ if opts[:unspecified]
30
+ @type = :unspecified
31
+ @name = opts[:unspecified]
32
+ end
33
+ raise ArgumentError, 'Specify one of :user :group or :unspecified for security_identifier' unless @name
34
+ @sids = nil
35
+ end
36
+
37
+ def sid
38
+ fetch_sids unless @sids
39
+ @sids[@name] # nil if not found
40
+ end
41
+
42
+ def exist?
43
+ fetch_sids unless @sids
44
+ @sids.key?(@name)
45
+ end
46
+
47
+ private
48
+
49
+ def fetch_sids
50
+ @sids = {}
51
+ case @type
52
+ when :group
53
+ sid_data = wmi_results(:group)
54
+ when :user
55
+ sid_data = wmi_results(:user)
56
+ when :unspecified
57
+ # try group first, then user
58
+ sid_data = wmi_results(:group)
59
+ if sid_data.empty?
60
+ sid_data = wmi_results(:user)
61
+ end
62
+ else
63
+ raise "Unhandled entity type '#{@type}'"
64
+ end
65
+ sid_data.each { |sid| @sids[sid[1]] = sid[2] }
66
+ end
67
+
68
+ def wmi_results(type)
69
+ query = 'wmic '
70
+ case type
71
+ when :group
72
+ query += 'group'
73
+ when :user
74
+ query += 'useraccount'
75
+ end
76
+ query += " where 'Name=\"#{@name}\"' get Name\",\"SID /format:csv"
77
+ # Example output:
78
+ # inspec> command("wmic useraccount where 'Name=\"Administrator\"' get Name\",\"SID /format:csv").stdout
79
+ # => "\r\n\r\nNode,Name,SID\r\n\r\nComputer1,Administrator,S-1-5-21-650485088-1194226989-968533923-500\r\n\r\n"
80
+ # Remove the \r characters, split on \n\n, ignore the CSV header row
81
+ inspec.command(query).stdout.strip.tr("\r", '').split("\n\n")[1..-1].map { |entry| entry.split(',') }
82
+ end
83
+ end
84
+ end
data/lib/utils/command_wrapper.rb CHANGED
@@ -5,7 +5,7 @@
5
5
  require 'shellwords'
6
6
 
7
7
  class CommandWrapper
8
- UNIX_SHELLS = %w{sh bash zsh}.freeze
8
+ UNIX_SHELLS = %w{sh bash zsh ksh}.freeze
9
9
 
10
10
  def self.wrap(cmd, options)
11
11
  unless options.is_a?(Hash)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.9
4
+ version: 3.0.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dominik Richter
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-10-18 00:00:00.000000000 Z
11
+ date: 2018-10-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: train-core
@@ -510,6 +510,7 @@ files:
510
510
  - lib/resources/kernel_module.rb
511
511
  - lib/resources/kernel_parameter.rb
512
512
  - lib/resources/key_rsa.rb
513
+ - lib/resources/ksh.rb
513
514
  - lib/resources/limits_conf.rb
514
515
  - lib/resources/login_def.rb
515
516
  - lib/resources/mount.rb
@@ -541,6 +542,7 @@ files:
541
542
  - lib/resources/processes.rb
542
543
  - lib/resources/rabbitmq_conf.rb
543
544
  - lib/resources/registry_key.rb
545
+ - lib/resources/security_identifier.rb
544
546
  - lib/resources/security_policy.rb
545
547
  - lib/resources/service.rb
546
548
  - lib/resources/shadow.rb