inspec-core 3.2.6 → 3.3.14

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 75673eea6201c540d308fe1456f1467dec32ee1cad3227745910cc37c642c3a6
-  data.tar.gz: ab10f24b1fbbc1c3342591774d09ed7949a42dba19eb4fcf6c759a069f85fd2e
+  metadata.gz: 1d04bc72fe20e2d8fc67e39c6b2764735e0b175b152296913daa56a0d908da94
+  data.tar.gz: dc4c2c50a48330e7721138214a8b1499af493508620b26ebb19a270ca4f3d580
 SHA512:
-  metadata.gz: ae3fbdc2fab1819fdcd769991e787a15c01af92f5771f47b2d3b5772f47f156796967f3bec8658459b05dfae24da2e02f35d0312bc0202cd4a603885c9eda512
-  data.tar.gz: a681d287554346fdb7517bf035d34e190c6d89797cb246039bf0c9d1186898905dccb880b169a0810c1e890be570692d788aa794e561ed9cd43ec9e4eb55d8af
+  metadata.gz: cc16274a2aac2b4db029d53e52898ed728f16c1a3a7d14e87014e638b23e73f2226a3902887980c651da9759607c28d60bcf0e47b647a149c257a31f17ac9f42
+  data.tar.gz: 27108017d22fad18cba4396286099642f20622320d6d0b27809263da49ddd5f4b72b948e09f1a447de958fed30ca5da955766bf2e5f648cff5d0d7242194a6ca

data/etc/deprecations.json

@@ -0,0 +1,6 @@
+{
+  "file_version": "1.0.0",
+  "unknown_group_action": "ignore",
+  "groups": {
+  }
+}

data/lib/inspec.rb

@@ -8,6 +8,7 @@ $LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
 
 require 'inspec/version'
 require 'inspec/exceptions'
+require 'utils/deprecation'
 require 'inspec/profile'
 require 'inspec/rule'
 require 'matchers/matchers'

data/lib/inspec/cli.rb

@@ -175,14 +175,21 @@ class Inspec::InspecCLI < Inspec::BaseCLI
   end
 
   desc 'exec LOCATIONS', 'run all test files at the specified LOCATIONS.'
+  # TODO: find a way for Thor not to butcher the formatting of this
   long_desc <<~EOT
     Loads the given profile(s) and fetches their dependencies if needed. Then
     connects to the target and executes any controls contained in the profiles.
-    One or more reporters are used to generate output. If all tests passed
-    (no fails, no skips) exit code 0 is returned. If some tests skipped but
-    none failed, exit code 101 is returned. If at least one test failed, exit
-    code 100 is returned. If inspec failed for any other reason, exit code 1
-    is returned.
+    One or more reporters are used to generate output.
+
+    ```
+    Exit codes:
+        0  Normal exit, all tests passed
+        1  Usage or general error
+        2  Error in plugin system
+        3  Fatal deprecation encountered
+      100  Normal exit, at least one test failed
+      101  Normal exit, at least one test skipped but none failed
+    ```
 
     Below are some examples of using `exec` with different test LOCATIONS:
 

data/lib/inspec/metadata.rb

@@ -91,9 +91,9 @@ module Inspec
         warnings.push("Missing profile #{field} in #{ref}")
       end
 
-      # if version is set, ensure it is in SPDX format
-      if !params[:license].nil? && !Spdx.valid_license?(params[:license])
-        warnings.push("License '#{params[:license]}' needs to be in SPDX format. See https://spdx.org/licenses/.")
+      # if license is set, ensure it is in SPDX format or marked as proprietary
+      if !params[:license].nil? && !valid_license?(params[:license])
+        warnings.push("License '#{params[:license]}' needs to be in SPDX format or marked as 'Proprietary'. See https://spdx.org/licenses/.")
       end
 
       [errors, warnings]
@@ -112,6 +112,10 @@ module Inspec
       false
     end
 
+    def valid_license?(value)
+      value =~ /^Proprietary[,;]?\b/ || Spdx.valid_license?(value)
+    end
+
     def method_missing(sth, *args)
       @logger.warn "#{ref} doesn't support: #{sth} #{args}"
       @missing_methods.push(sth)

data/lib/inspec/plugin/v2/installer.rb

@@ -8,6 +8,7 @@ require 'fileutils'
 require 'rubygems/package'
 require 'rubygems/name_tuple'
 require 'rubygems/uninstaller'
+require 'rubygems/remote_fetcher'
 
 require 'inspec/plugin/v2/filter'
 

data/lib/inspec/ui.rb

@@ -32,6 +32,7 @@ module Inspec
     EXIT_NORMAL = 0
     EXIT_USAGE_ERROR = 1
     EXIT_PLUGIN_ERROR = 2
+    EXIT_FATAL_DEPRECATION = 3
     EXIT_FAILED_TESTS = 100
     EXIT_SKIPPED_TESTS = 101
 

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '3.2.6'
+  VERSION = '3.3.14'
 end

data/lib/resources/cran.rb

@@ -41,7 +41,7 @@ module Inspec::Resources
       #
       # So make sure command output is converted to unicode, as it returns ASCII-8BIT by default
       utf8_stdout = cmd.stdout.chomp.force_encoding(Encoding::UTF_8)
-      params = /^\[\d+\]\s+(?:\p{Initial_Punctuation})(.+)(?:\p{Final_Punctuation})$/.match(utf8_stdout)
+      params = /^\[\d+\]\s+(?:['\p{Initial_Punctuation}])(.+)(?:['\p{Final_Punctuation}])$/.match(utf8_stdout)
       @info[:installed] = !params.nil?
       return @info unless @info[:installed]
 

data/lib/resources/iis_app_pool.rb

@@ -6,14 +6,15 @@
 class IisAppPool < Inspec.resource(1)
   name 'iis_app_pool'
   desc 'Tests IIS application pool configuration on windows.'
-  example "
+  supports platform: 'windows'
+  example <<~EOH
     describe iis_app_pool('DefaultAppPool') do
       it { should exist }
       its('enable32bit') { should cmp 'True' }
       its('runtime_version') { should eq 'v4.0' }
       its('pipeline_mode') { should eq 'Integrated' }
     end
-  "
+  EOH
 
   def initialize(pool_name)
     @pool_name = pool_name
@@ -77,18 +78,23 @@ class IisAppPool < Inspec.resource(1)
   end
 
   def to_s
-    "iis_app_pool '#{@pool_name}'"
+    "IIS App Pool '#{@pool_name}'"
   end
 
   private
 
-  # I cannot think of a way to shorten this method
-  # rubocop:disable Metrics/AbcSize
   def iis_app_pool
     return @cache unless @cache.nil?
 
-    command = "Import-Module WebAdministration; Get-Item '#{@pool_path}' | Select-Object * | ConvertTo-Json"
-    cmd = inspec.command(command)
+    script = <<~EOH
+      Import-Module WebAdministration
+      If (Test-Path '#{@pool_path}') {
+        Get-Item '#{@pool_path}' | Select-Object * | ConvertTo-Json
+      } Else {
+        Write-Host '{}'
+      }
+    EOH
+    cmd = inspec.powershell(script)
 
     begin
       pool = JSON.parse(cmd.stdout)
@@ -96,21 +102,23 @@ class IisAppPool < Inspec.resource(1)
       raise Inspec::Exceptions::ResourceFailed, 'Unable to parse app pool JSON'
     end
 
+    process_model = pool.fetch('processModel', {})
+    idle_timeout = process_model.fetch('idleTimeout', {})
+
     # map our values to a hash table
     @cache = {
       pool_name: pool['name'],
       version: pool['managedRuntimeVersion'],
       e32b: pool['enable32BitAppOnWin64'],
       mode: pool['managedPipelineMode'],
-      processes: pool['processModel']['maxProcesses'],
-      timeout: "#{pool['processModel']['idleTimeout']['Hours']}:#{pool['processModel']['idleTimeout']['Minutes']}:#{pool['processModel']['idleTimeout']['Seconds']}",
-      timeout_days: pool['processModel']['idleTimeout']['Days'],
-      timeout_hours: pool['processModel']['idleTimeout']['Hours'],
-      timeout_minutes: pool['processModel']['idleTimeout']['Minutes'],
-      timeout_seconds: pool['processModel']['idleTimeout']['Seconds'],
-      user_identity_type: pool['processModel']['identityType'],
-      username: pool['processModel']['userName'],
+      processes: process_model['maxProcesses'],
+      timeout: "#{idle_timeout['Hours']}:#{idle_timeout['Minutes']}:#{idle_timeout['Seconds']}",
+      timeout_days: idle_timeout['Days'],
+      timeout_hours: idle_timeout['Hours'],
+      timeout_minutes: idle_timeout['Minutes'],
+      timeout_seconds: idle_timeout['Seconds'],
+      user_identity_type: process_model['identityType'],
+      username: process_model['userName'],
     }
   end
-  # rubocop:enable Metrics/AbcSize
 end

data/lib/resources/postgres.rb

@@ -69,7 +69,6 @@ module Inspec::Resources
     end
 
     def locate_data_dir_location_by_version(ver = @version)
-      data_dir_loc = nil
       dir_list = [
         "/var/lib/pgsql/#{ver}/data",
         '/var/lib/pgsql/data',
@@ -77,10 +76,7 @@ module Inspec::Resources
         '/var/lib/postgresql/data',
       ]
 
-      dir_list.each do |dir|
-        data_dir_loc = dir if inspec.directory(dir).exist?
-        break
-      end
+      data_dir_loc = dir_list.detect { |i| inspec.directory(i).exist? }
 
       if data_dir_loc.nil?
         warn 'Unable to find the PostgreSQL data_dir in expected location(s), please

data/lib/utils/deprecation.rb

@@ -0,0 +1,6 @@
+# A system to provide a unified deprecation facility for InSpec
+
+require 'utils/deprecation/errors'
+require 'utils/deprecation/config_file'
+require 'utils/deprecation/deprecator'
+require 'utils/deprecation/global_method'

data/lib/utils/deprecation/config_file.rb

@@ -0,0 +1,105 @@
+require 'stringio'
+require 'json'
+require 'inspec/globals'
+
+module Inspec
+  module Deprecation
+    class ConfigFile
+      GroupEntry = Struct.new(:name, :action, :prefix, :suffix, :exit_status)
+
+      # What actions may you specify to be taken when a deprecation is encountered?
+      VALID_ACTIONS = [
+        :exit, # Hard exit `inspec`, no stacktrace, exit code specified or Inspec::UI::EXIT_FATAL_DEPRECATION
+        :fail_control, # Fail the control with a message. If not in a control, do :warn action instead.
+        :ignore, # Do nothing.
+        :warn, # Issue a warning
+      ].freeze
+
+      # Note that 'comment' is ignored, but listed here so you can have it present
+      # and pass validation.
+      VALID_GROUP_FIELDS = %w{action suffix prefix exit_status comment}.freeze
+
+      attr_reader :groups, :unknown_group_action
+
+      def initialize(io = nil)
+        io ||= open_default_config_io
+        begin
+          @raw_data = JSON.parse(io.read)
+        rescue JSON::ParserError => e
+          raise Inspec::Deprecation::MalformedConfigFileError, "Could not parse deprecation config file: #{e.message}"
+        end
+
+        @groups = {}
+        @unknown_group_action = :warn
+        validate!
+      end
+
+      private
+
+      def open_default_config_io
+        default_path = File.join(Inspec.src_root, 'etc', 'deprecations.json')
+        unless File.exist?(default_path)
+          raise Inspec::Deprecation::MalformedConfigError, "Missing deprecation config file: #{default_path}"
+        end
+        File.open(default_path)
+      end
+
+      #====================================================================================================#
+      #                                          Validation
+      #====================================================================================================#
+      def validate!
+        validate_file_version
+        validate_unknown_group_action
+
+        unless @raw_data.key?('groups')
+          raise Inspec::Deprecation::InvalidConfigFileError, 'Missing groups field'
+        end
+        unless @raw_data['groups'].is_a?(Hash)
+          raise Inspec::Deprecation::InvalidConfigFileError, 'Groups field must be a Hash'
+        end
+        @raw_data['groups'].each do |group_name, group_info|
+          validate_group_entry(group_name, group_info)
+        end
+      end
+
+      def validate_file_version
+        unless @raw_data.key?('file_version')
+          raise Inspec::Deprecation::InvalidConfigFileError, 'Missing file_version field'
+        end
+        unless @raw_data['file_version'] == '1.0.0'
+          raise Inspec::Deprecation::InvalidConfigFileError, "Unrecognized file_version '#{@raw_data['file_version']}' - supported versions: 1.0.0"
+        end
+      end
+
+      def validate_unknown_group_action
+        seen_action = (@raw_data['unknown_group_action'] || @unknown_group_action).to_sym
+        unless VALID_ACTIONS.include?(seen_action)
+          raise Inspec::Deprecation::UnrecognizedActionError, "Unrecognized value '#{seen_action}' for field 'unknown_group_action' - supported actions: #{VALID_ACTIONS.map(&:to_s).join(', ')}"
+        end
+        @unknown_group_action = seen_action
+      end
+
+      def validate_group_entry(name, opts)
+        opts.each do |seen_field, _value|
+          unless VALID_GROUP_FIELDS.include?(seen_field)
+            raise Inspec::Deprecation::InvalidConfigFileError, "Unrecognized field for group '#{name}' - saw '#{seen_field}', supported fields: #{VALID_GROUP_FIELDS.map(&:to_s).join(', ')}"
+          end
+        end
+
+        entry = GroupEntry.new(name.to_sym)
+
+        opts['action'] = (opts['action'] || :warn).to_sym
+        unless VALID_ACTIONS.include?(opts['action'])
+          raise Inspec::Deprecation::UnrecognizedActionError, "Unrecognized action for group '#{name}' - saw '#{opts['action']}', supported actions: #{VALID_ACTIONS.map(&:to_s).join(', ')}"
+        end
+        entry.action = opts['action']
+
+        entry.suffix = opts['suffix']
+        entry.prefix = opts['prefix']
+        entry.exit_status = opts['exit_status']
+
+        groups[name.to_sym] = entry
+      end
+    end
+  end
+end

data/lib/utils/deprecation/deprecator.rb

@@ -0,0 +1,117 @@
+require 'utils/deprecation/config_file'
+require 'inspec/log'
+
+module Inspec
+  module Deprecation
+    class Deprecator
+      attr_reader :config, :groups
+
+      def initialize(opts = {})
+        @config = Inspec::Deprecation::ConfigFile.new(opts[:config_io])
+        @groups = @config.groups
+      end
+
+      def handle_deprecation(group_name, message, opts = {})
+        group = groups[group_name.to_sym] || create_group_entry_for_unknown_group(group_name)
+        annotate_stack_information(opts)
+        assembled_message = assemble_message(message, group, opts)
+
+        action = group[:action] || :warn
+        action_method = ('handle_' + action.to_s + '_action').to_sym
+        send(action_method, assembled_message, group)
+      end
+
+      private
+
+      def create_group_entry_for_unknown_group(group_name)
+        group = ConfigFile::GroupEntry.new
+        group.name = group_name
+        group.action = config.unknown_group_action
+        group.suffix = "Additionally, the deprecation message is in an unknown group '#{group_name}'."
+        group
+      end
+
+      def annotate_stack_information(opts)
+        stack = caller_locations(1, 25)
+
+        # Attempt to give a meaningful stack location of the place
+        # where the deprecated functionality was used.  This is likely
+        # user (profile) code.
+        used_at = nil
+
+        # If we are in a profile, call stack will first include RSpec its,
+        # then a single call from the profile that originated within a load_with_context.
+        # rspec-core surrounds these.
+
+        # First, purge the deprecation system frames
+        stack.reject! { |frame| frame.path && frame.path =~ %r{lib/utils/deprecation} }
+        # Next, purge all RSpec entries (at least rspec-core, rspec-support, rspec-its).
+        stack.reject! { |frame| frame.path && frame.path =~ %r{rspec-.+/lib/rspec}  }
+        # Now look for the frame that includes load_with_context.
+        used_at ||= stack.detect { |frame| frame.label.include? 'load_with_context' }
+
+        opts[:used_at_stack_frame] = used_at if used_at
+      end
+
+      def assemble_message(message, group, opts)
+        prefix = group.prefix || ''
+        suffix = group.suffix || ''
+        prefix += ' ' unless prefix.empty?
+        suffix = ' ' + suffix unless suffix.empty?
+
+        suffix += (' (used at ' + opts[:used_at_stack_frame].path+ ':' + opts[:used_at_stack_frame].lineno.to_s + ')') if opts.key?(:used_at_stack_frame)
+
+        'DEPRECATION: ' + prefix + message + suffix
+      end
+
+      def called_from_control?
+        # Heuristics for determining if the deprecation is coming from within a control
+        stack = caller_locations(10, 45)
+
+        # Within a control block, that is actually an RSpec:ExampleGroup
+        stack.each do |frame|
+          return true if frame.path.end_with?('rspec/core/example_group.rb')
+        end
+
+        false
+      end
+
+      def handle_ignore_action(message, _group)
+        handle_log_action(message, :debug)
+      end
+
+      def handle_log_action(message, level)
+        case level
+        when :debug
+          Inspec::Log.debug message
+        when :warn
+          Inspec::Log.warn message
+        when :error
+          Inspec::Log.error message
+        end
+      end
+
+      def handle_warn_action(message, _group)
+        handle_log_action(message, :warn)
+      end
+
+      def handle_error_action(message, _group)
+        handle_log_action(message, :error)
+      end
+
+      def handle_fail_control_action(message, group)
+        if called_from_control?
+          raise Inspec::Exceptions::ResourceFailed, message
+        else
+          handle_warn_action(message, group)
+        end
+      end
+
+      def handle_exit_action(message, group)
+        handle_error_action(message, group)
+        status = group[:exit_status] || :fatal_deprecation
+        Inspec::UI.new.exit(status)
+      end
+    end
+  end
+end

data/lib/utils/deprecation/errors.rb

@@ -0,0 +1,14 @@
+require 'inspec/errors'
+
+module Inspec
+  module Deprecation
+    class Error < Inspec::Error; end
+
+    class NoSuchGroupError < Error; end
+
+    class InvalidConfigFileError < Error; end
+    class MalformedConfigFileError < InvalidConfigFileError; end
+    class UnrecognizedActionError < InvalidConfigFileError; end
+    class UnrecognizedOutputStreamError < InvalidConfigFileError; end
+  end
+end

data/lib/utils/deprecation/global_method.rb

@@ -0,0 +1,9 @@
+require 'utils/deprecation/deprecator'
+
+module Inspec
+  def self.deprecate(group, msg, opts = {})
+    config_io = opts.delete(:config_io)
+    deprecator = Inspec::Deprecation::Deprecator.new(config_io: config_io)
+    deprecator.handle_deprecation(group, msg, opts)
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 3.2.6
+  version: 3.3.14
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-12-20 00:00:00.000000000 Z
+date: 2019-01-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train-core
@@ -327,6 +327,7 @@ files:
 - LICENSE
 - README.md
 - bin/inspec
+- etc/deprecations.json
 - etc/plugin_filters.json
 - lib/bundles/README.md
 - lib/bundles/inspec-compliance/api.rb
@@ -595,6 +596,11 @@ files:
 - lib/utils/command_wrapper.rb
 - lib/utils/convert.rb
 - lib/utils/database_helpers.rb
+- lib/utils/deprecation.rb
+- lib/utils/deprecation/config_file.rb
+- lib/utils/deprecation/deprecator.rb
+- lib/utils/deprecation/errors.rb
+- lib/utils/deprecation/global_method.rb
 - lib/utils/enumerable_delegation.rb
 - lib/utils/erlang_parser.rb
 - lib/utils/file_reader.rb