inspec-core 4.17.17 → 4.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e9cfd01a9da3acdf34494cfad5f09ce2656ab12bd0bc727322eb8de72c342fa3
-  data.tar.gz: 111c6ea5d24bc14f76b0d9d3b25d92639a2fdcdb14711b2e8045e51b4b5033f4
+  metadata.gz: 965a170fc5beed002ad3a6ee98635fc4e6f5ffea8c546b35a6f16585f3c9c988
+  data.tar.gz: 73751911bb9d7b894df68b733dac98409bce75818d96401139094b9f8bfa7750
 SHA512:
-  metadata.gz: bd3169c135e2600a54d7282e5e86579043b118530377ecaac4537805eba272ef7f87f64f0ad744812fb04dda6f53326e14687c1e15b5b0fe031379cc6fe1c9fd
-  data.tar.gz: 1c6f45bf5e0372ae8c529f275df59cd336ec180cf118f8d34219f7de0a85b46659c6c084e468963eca38d841c1fc7961bfbebd6496caf557e8a4c217e7732d6c
+  metadata.gz: 13481358fd713598dda518674674e4a74b819dbfcd096be411421d8b2170c0bc34bab6dc52057b757a5edacbada2cbe881a0363052e945ce2a9d76d3e8322b83
+  data.tar.gz: daad1335c0bfafffcf7b47f2f14293a8d636c34b9a8537570c68a5236d6ff0caf615e279d30d78d32edcf9a361934bfae22fe7081b1cfbd80705c3e807b0ac39

data/lib/inspec/base_cli.rb

@@ -222,16 +222,20 @@ module Inspec
 
     private
 
+    ALL_OF_OUR_REPORTERS = %w{json json-min json-rspec json-automate junit html yaml documentation progress}.freeze # BUT WHY?!?!
+
     def suppress_log_output?(opts)
       return false if opts["reporter"].nil?
 
-      match = %w{json json-min json-rspec json-automate junit html yaml documentation progress} & opts["reporter"].keys
+      match = ALL_OF_OUR_REPORTERS & opts["reporter"].keys
+
       unless match.empty?
         match.each do |m|
           # check to see if we are outputting to stdout
           return true if opts["reporter"][m]["stdout"] == true
         end
       end
+
       false
     end
 

data/lib/inspec/cli.rb

@@ -9,6 +9,7 @@ module Inspec # TODO: move this somewhere "better"?
   autoload :BaseCLI,       "inspec/base_cli"
   autoload :Deprecation,   "inspec/utils/deprecation"
   autoload :Exceptions,    "inspec/exceptions"
+  autoload :EnvPrinter,    "inspec/env_printer"
   autoload :Fetcher,       "inspec/fetcher"
   autoload :Formatters,    "inspec/formatters"
   autoload :Globals,       "inspec/globals"
@@ -340,7 +341,15 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     ui.exit res unless run_type == :ruby_eval
 
     # No InSpec tests - just print evaluation output.
-    res = (res.respond_to?(:to_json) ? res.to_json : JSON.dump(res)) if o["reporter"]&.keys&.include?("json")
+    reporters = o["reporter"] || {}
+    if reporters.keys.include?("json")
+      res = if res.respond_to?(:to_json)
+              res.to_json
+            else
+              JSON.dump(res)
+            end
+    end
+
     puts res
     ui.exit Inspec::UI::EXIT_NORMAL
   rescue RuntimeError, Train::UserError => e

data/lib/inspec/dsl.rb

@@ -34,6 +34,8 @@ module Inspec::DSL
   # resource.
 
   def self.method_missing_resource(backend, id, *arguments)
+    return unless backend
+
     begin
       require "inspec/resources/#{id}"
     rescue LoadError

data/lib/inspec/formatters/base.rb

@@ -259,6 +259,11 @@ module Inspec::Formatters
       example.delete(:id)
       example.delete(:profile_id)
       control[:results].push(example)
+
+      # Waiver data, if available, is internally stored on a per-result
+      # (that is, per-describe-block) basis, because that is the only granularity
+      # available to us in the RSpec report data structure which we use as a vehicle.
+      control[:waiver_data] ||= example[:waiver_data] || {}
     end
   end
 end

data/lib/inspec/reporters/json.rb

@@ -40,7 +40,6 @@ module Inspec::Reporters
           message:      r[:message],
           exception:    r[:exception],
           backtrace:    r[:backtrace],
-          waiver_data:  r[:waiver_data],
         }.reject { |_k, v| v.nil? }
       }
     end
@@ -96,6 +95,7 @@ module Inspec::Reporters
             line: c[:source_location][:line],
             ref:  c[:source_location][:ref],
           },
+          waiver_data: c[:waiver_data] || {},
           results: profile_results(c),
         }
       }

data/lib/inspec/resources/apt.rb

@@ -87,12 +87,14 @@ module Inspec::Resources
         active = raw_line == line
 
         # formats:
+        # deb               "http://archive.ubuntu.com/ubuntu/" wily main restricted ...
         # deb               http://archive.ubuntu.com/ubuntu/ wily main restricted ...
         # deb [trusted=yes] http://archive.ubuntu.com/ubuntu/ wily main restricted ...
 
         words = line.split
         words.delete 1 if words[1] && words[1].start_with?("[")
         type, url, distro, *components = words
+        url = url.delete('"') if url
 
         next if components.empty?
         next unless URI::HTTP === URI.parse(url)

data/lib/inspec/resources/interface.rb

@@ -17,38 +17,34 @@ module Inspec::Resources
         its('ipv6_cidrs') { should include '::1/128' }
       end
     EXAMPLE
+
     def initialize(iface)
       @iface = iface
-
-      @interface_provider = nil
-      if inspec.os.linux?
-        @interface_provider = LinuxInterface.new(inspec)
-      elsif inspec.os.windows?
-        @interface_provider = WindowsInterface.new(inspec)
-      else
-        return skip_resource "The `interface` resource is not supported on your OS yet."
-      end
     end
 
     def exists?
-      !interface_info.nil? && !interface_info[:name].nil?
+      !!(interface_info && interface_info[:name])
     end
 
     def up?
-      interface_info.nil? ? false : interface_info[:up]
+      !!(interface_info && interface_info[:up])
+    end
+
+    def name
+      interface_info[:name]
     end
 
     # returns link speed in Mbits/sec
     def speed
-      interface_info.nil? ? nil : interface_info[:speed]
+      interface_info && interface_info[:speed]
     end
 
     def ipv4_address?
-      !ipv4_addresses.nil? && !ipv4_addresses.empty?
+      ipv4_addresses && !ipv4_addresses.empty?
     end
 
     def ipv6_address?
-      !ipv6_addresses.nil? && !ipv6_addresses.empty?
+      ipv6_addresses && !ipv6_addresses.empty?
     end
 
     def ipv4_addresses
@@ -72,11 +68,11 @@ module Inspec::Resources
     end
 
     def ipv4_cidrs
-      interface_info.nil? ? [] : interface_info[:ipv4_addresses]
+      interface_info && Array(interface_info[:ipv4_addresses])
     end
 
     def ipv6_cidrs
-      interface_info.nil? ? [] : interface_info[:ipv6_addresses]
+      interface_info && Array(interface_info[:ipv6_addresses])
     end
 
     def to_s
@@ -86,9 +82,11 @@ module Inspec::Resources
     private
 
     def interface_info
-      return @cache if defined?(@cache)
-
-      @cache = @interface_provider.interface_info(@iface) unless @interface_provider.nil?
+      @cache ||= begin
+                   provider = LinuxInterface.new(inspec) if inspec.os.linux?
+                   provider = WindowsInterface.new(inspec) if inspec.os.windows?
+                   Hash(provider && provider.interface_info(@iface))
+                 end
     end
   end
 

data/lib/inspec/resources/users.rb

@@ -3,6 +3,7 @@ require "inspec/utils/convert"
 require "inspec/utils/filter"
 require "inspec/utils/simpleconfig"
 require "inspec/resources/powershell"
+require "date"
 
 module Inspec::Resources
   # This file contains two resources, the `user` and `users` resource.
@@ -116,6 +117,24 @@ module Inspec::Resources
   #   its('mindays') { should eq 0 }
   #   its('maxdays') { should eq 99 }
   #   its('warndays') { should eq 5 }
+  #   its('passwordage') { should be >= 0 }
+  #   its('maxbadpasswords') { should eq nil } // not yet supported on linux
+  #   its('badpasswordattempts') { should eq 0 }
+  # end
+  # describe user('Administrator') do
+  #   it { should exist }
+  #   its('uid') { should eq "S-1-5-21-1759981009-4135989804-1844563890-500" }
+  #   its('gid') { should eq nil } // not supported on Windows
+  #   its('group') { should eq nil } // not supported on Windows
+  #   its('groups') { should eq ['Administrators', 'Users']}
+  #   its('home') { should eq '' }
+  #   its('shell') { should eq nil } // not supported on Windows
+  #   its('mindays') { should eq 0 }
+  #   its('maxdays') { should eq 42 }
+  #   its('warndays') { should eq nil }
+  #   its('passwordage') { should eq 355 }
+  #   its('maxbadpasswords') { should eq 0 }
+  #   its('badpasswordattempts') { should eq 0 }
   # end
   #
   # The following  Serverspec  matchers are deprecated in favor for direct value access
@@ -196,6 +215,14 @@ module Inspec::Resources
       meta_info[:shell] unless meta_info.nil?
     end
 
+    def domain
+      meta_info[:domain] unless meta_info.nil?
+    end
+
+    def userflags
+      meta_info[:userflags] unless meta_info.nil?
+    end
+
     # returns the minimum days between password changes
     def mindays
       credentials[:mindays] unless credentials.nil?
@@ -211,6 +238,18 @@ module Inspec::Resources
       credentials[:warndays] unless credentials.nil?
     end
 
+    def badpasswordattempts
+      credentials[:badpasswordattempts] unless credentials.nil?
+    end
+
+    def maxbadpasswords
+      credentials[:maxbadpasswords] unless credentials.nil?
+    end
+
+    def passwordage
+      credentials[:passwordage] unless credentials.nil?
+    end
+
     # implement 'mindays' method to be compatible with serverspec
     def minimum_days_between_password_change
       Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `minimum_days_between_password_change` property is deprecated. Please use `mindays`.")
@@ -425,10 +464,17 @@ module Inspec::Resources
         multiple_values: false
       ).params
 
+      dparse = Date.parse "#{params['Last password change']}"
+      dayslastset = (Date.today - dparse).to_i
+      cmd = inspec.command("lastb -w -a | grep #{username} | wc -l")
+      badpasswordattempts = convert_to_i(cmd.stdout.chomp) if cmd.exit_status == 0
+
       {
         mindays: convert_to_i(params["Minimum number of days between password change"]),
         maxdays: convert_to_i(params["Maximum number of days between password change"]),
         warndays: convert_to_i(params["Number of days of warning before password expires"]),
+        passwordage: dayslastset,
+        badpasswordattempts: badpasswordattempts,
       }
     end
   end
@@ -481,6 +527,8 @@ module Inspec::Resources
         mindays: user_sec[1].to_i * 7,
         maxdays: user_sec[2].to_i * 7,
         warndays: user_sec[3].to_i,
+        passwordage: nil,
+        badpasswordattempts: nil,
       }
     end
   end
@@ -573,6 +621,31 @@ module Inspec::Resources
       res[0] unless res.empty?
     end
 
+    def meta_info(username)
+      res = identity(username)
+      return if res.nil?
+      {
+        home: res[:home],
+        shell: res[:shell],
+        domain: res[:domain],
+        userflags: res[:userflags],
+      }
+    end
+
+    def credentials(username)
+      res = identity(username)
+      return if res.nil?
+      {
+        mindays: res[:mindays],
+        maxdays: res[:maxdays],
+        warndays: res[:warndays],
+        badpasswordattempts: res[:badpasswordattempts],
+        maxbadpasswords: res[:maxbadpasswords],
+        minpasswordlength: res[:minpasswordlength],
+        passwordage: res[:passwordage],
+      }
+    end
+
     def list_users
       collect_user_details.map { |user| user[:username] }
     end

data/lib/inspec/rspec_extensions.rb

@@ -50,6 +50,7 @@ module Inspec
     def method_missing(method_name, *arguments, &block)
       # see if it is a resource first
       begin
+        inspec = inspec if respond_to?(:inspec) # backend not available??
         resource = Inspec::DSL.method_missing_resource(inspec, method_name, *arguments)
         return resource if resource
       rescue LoadError

data/lib/inspec/rule.rb

@@ -297,11 +297,11 @@ module Inspec
       __waiver_data["skipped_due_to_waiver"] = false
       __waiver_data["message"] = ""
 
-      # Waivers should have a hash value with keys possibly including skip and
-      # expiration_date. We only care here if it has a skip key and it
-      # is yes-like, since all non-skipped waiver operations are handled
+      # Waivers should have a hash value with keys possibly including "run" and
+      # expiration_date. We only care here if it has a "run" key and it
+      # is false-like, since all non-skipped waiver operations are handled
       # during reporting phase.
-      return unless __waiver_data.key?("skip") && __waiver_data["skip"]
+      return unless __waiver_data.key?("run") && !__waiver_data["run"]
 
       # OK, the intent is to skip. Does it have an expiration date, and
       # if so, is it in the future?

data/lib/inspec/runner_rspec.rb

@@ -83,7 +83,7 @@ module Inspec
       return @rspec_exit_code if @formatter.results.empty?
 
       stats = @formatter.results[:statistics][:controls]
-      skipped = @formatter.results&.fetch(:profiles, nil)&.first&.fetch(:status, nil) == "skipped"
+      skipped = @formatter.results.dig(:profiles, 0, :status) == "skipped"
       if stats[:failed][:total] == 0 && stats[:skipped][:total] == 0 && !skipped
         0
       elsif stats[:failed][:total] > 0

data/lib/inspec/schema.rb

@@ -96,6 +96,16 @@ module Inspec
           },
         },
         "results" => { "type" => "array", "items" => RESULT },
+        "waiver_data" => {
+          "type" => "object",
+          "properties" => {
+            "skipped_due_to_waiver" => { "type" => "string" },
+            "run" => { "type" => "boolean" },
+            "message" => { "type" => "string" },
+            "expiration_date" => { "type" => "string" },
+            "justification" => { "type" => "string" },
+          },
+        },
       },
     }.freeze
 

data/lib/inspec/utils/parser.rb

@@ -20,13 +20,14 @@ module PasswdParser
   def parse_passwd_line(line)
     x = line.split(":")
     {
-      "user" => x.at(0),
-      "password" => x.at(1),
-      "uid" => x.at(2),
-      "gid" => x.at(3),
-      "desc" => x.at(4),
-      "home" => x.at(5),
-      "shell" => x.at(6),
+      # rubocop:disable Layout/AlignHash
+      "user"     => x[0],
+      "password" => x[1],
+      "uid"      => x[2],
+      "gid"      => x[3],
+      "desc"     => x[4],
+      "home"     => x[5],
+      "shell"    => x[6],
     }
   end
 end

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "4.17.17".freeze
+  VERSION = "4.18.0".freeze
 end

data/lib/plugins/shared/core_plugin_test_helper.rb

@@ -19,22 +19,22 @@ class Module
   include Minitest::Spec::DSL # TODO: NO! remove this!
 end
 
-module Inspec
-  class FuncTestRunResult
-    attr_reader :train_result
-    attr_reader :payload
-
-    extend Forwardable
-    def_delegator :train_result, :stdout
-    def_delegator :train_result, :stderr
-    def_delegator :train_result, :exit_status
-
-    def initialize(train_result)
-      @train_result = train_result
-      @payload = OpenStruct.new
-    end
-  end
-end
+# module Inspec
+#   class FuncTestRunResult
+#     attr_reader :train_result
+#     attr_reader :payload
+#
+#     extend Forwardable
+#     def_delegator :train_result, :stdout
+#     def_delegator :train_result, :stderr
+#     def_delegator :train_result, :exit_status
+#
+#     def initialize(train_result)
+#       @train_result = train_result
+#       @payload = OpenStruct.new
+#     end
+#   end
+# end
 
 module CorePluginBaseHelper
   libdir = File.expand_path "lib"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 4.17.17
+  version: 4.18.0
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-10-02 00:00:00.000000000 Z
+date: 2019-10-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train-core
@@ -106,14 +106,20 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '3.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '3.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.9'
 - !ruby/object:Gem::Dependency
   name: rspec-its
   requirement: !ruby/object:Gem::Requirement
@@ -449,7 +455,6 @@ files:
 - lib/inspec/plugin/v2/plugin_types/mock.rb
 - lib/inspec/plugin/v2/registry.rb
 - lib/inspec/plugin/v2/status.rb
-- lib/inspec/polyfill.rb
 - lib/inspec/profile.rb
 - lib/inspec/profile_context.rb
 - lib/inspec/profile_vendor.rb

data/lib/inspec/polyfill.rb

@@ -1,9 +0,0 @@
-# copyright: 2016, Chef Software Inc.
-
-class Struct
-  unless instance_methods.include? :to_h
-    def to_h
-      Hash[each_pair.to_a]
-    end
-  end
-end