inspec-core 4.18.24 → 4.18.38
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/etc/deprecations.json +4 -0
- data/lib/inspec/cli.rb +2 -2
- data/lib/inspec/config.rb +2 -1
- data/lib/inspec/dependencies/requirement.rb +10 -6
- data/lib/inspec/describe_base.rb +25 -0
- data/lib/inspec/file_provider.rb +7 -1
- data/lib/inspec/input_dsl_helpers.rb +26 -0
- data/lib/inspec/input_registry.rb +6 -6
- data/lib/inspec/metadata.rb +6 -2
- data/lib/inspec/method_source.rb +1 -1
- data/lib/inspec/objects/control.rb +7 -0
- data/lib/inspec/objects/describe.rb +7 -0
- data/lib/inspec/objects/each_loop.rb +7 -0
- data/lib/inspec/objects/input.rb +4 -0
- data/lib/inspec/objects/or_test.rb +7 -0
- data/lib/inspec/objects/tag.rb +7 -0
- data/lib/inspec/objects/test.rb +8 -1
- data/lib/inspec/objects/value.rb +7 -0
- data/lib/inspec/plugin/v2/installer.rb +9 -4
- data/lib/inspec/resource.rb +2 -0
- data/lib/inspec/resources/apt.rb +1 -1
- data/lib/inspec/resources/auditd.rb +4 -4
- data/lib/inspec/resources/command.rb +1 -1
- data/lib/inspec/resources/filesystem.rb +3 -3
- data/lib/inspec/resources/gem.rb +3 -2
- data/lib/inspec/resources/http.rb +3 -3
- data/lib/inspec/resources/npm.rb +11 -3
- data/lib/inspec/resources/oracledb_session.rb +2 -2
- data/lib/inspec/resources/package.rb +2 -4
- data/lib/inspec/resources/service.rb +2 -0
- data/lib/inspec/resources/sys_info.rb +2 -2
- data/lib/inspec/resources/users.rb +4 -0
- data/lib/inspec/rspec_extensions.rb +4 -9
- data/lib/inspec/rule.rb +6 -1
- data/lib/inspec/runner.rb +4 -4
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +9 -11
- metadata +3 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e80bff1bace3e7cd09a4c8ee8d42dff17021c71537f6e857d65678060a8b7d96
|
4
|
+
data.tar.gz: f2d9eee362213bc05a5b410d2b9aba371c366e56355a6a7384b3900dd0f2383a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 066e480ce7a22cafbfe5d52c2be91fc1258234c08c93a935308fd665afd5a87d793bc1dc59a9977aa5e93068cbed4715944769bb2d9356895efa6d6f6e0a67d5
|
7
|
+
data.tar.gz: 4b0057206189584b25f6ff83960c69129e77264bf6177baec5216353a497f58c2cab3748de0d5546ca15e8c3098ef88bcdc728602cfaa6f149fc5a862ec8fef6
|
data/etc/deprecations.json
CHANGED
data/lib/inspec/cli.rb
CHANGED
@@ -122,8 +122,8 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
122
122
|
else
|
123
123
|
%w{location profile controls timestamp valid}.each do |item|
|
124
124
|
prepared_string = format("%-12s %s",
|
125
|
-
|
126
|
-
|
125
|
+
"#{item.to_s.capitalize} :",
|
126
|
+
result[:summary][item.to_sym])
|
127
127
|
ui.plain_line(prepared_string)
|
128
128
|
end
|
129
129
|
puts
|
data/lib/inspec/config.rb
CHANGED
@@ -207,7 +207,8 @@ module Inspec
|
|
207
207
|
end
|
208
208
|
|
209
209
|
def _utc_find_credset_name(_credentials, transport_name)
|
210
|
-
return
|
210
|
+
return unless final_options[:target]
|
211
|
+
|
211
212
|
match = final_options[:target].match(%r{^#{transport_name}://(?<credset_name>[\w\-]+)$})
|
212
213
|
match ? match[:credset_name] : nil
|
213
214
|
end
|
@@ -21,16 +21,20 @@ module Inspec
|
|
21
21
|
}
|
22
22
|
|
23
23
|
new(dep[:name],
|
24
|
-
|
25
|
-
|
26
|
-
|
24
|
+
dep[:version],
|
25
|
+
config,
|
26
|
+
opts.merge(dep))
|
27
27
|
end
|
28
28
|
|
29
29
|
def self.from_lock_entry(entry, config, opts = {})
|
30
|
+
resolved_source = entry[:resolved_source]
|
31
|
+
.merge(backend: config[:backend])
|
32
|
+
.merge(opts)
|
33
|
+
|
30
34
|
req = new(entry[:name],
|
31
|
-
|
32
|
-
|
33
|
-
|
35
|
+
entry[:version_constraints],
|
36
|
+
config,
|
37
|
+
resolved_source)
|
34
38
|
|
35
39
|
locked_deps = []
|
36
40
|
Array(entry[:dependencies]).each do |dep_entry|
|
data/lib/inspec/describe_base.rb
CHANGED
@@ -1,5 +1,10 @@
|
|
1
|
+
require "inspec/input_dsl_helpers"
|
2
|
+
|
1
3
|
module Inspec
|
2
4
|
class DescribeBase
|
5
|
+
|
6
|
+
include Inspec::InputDslHelpers
|
7
|
+
|
3
8
|
def initialize(action)
|
4
9
|
@action = action
|
5
10
|
@checks = []
|
@@ -17,6 +22,14 @@ module Inspec
|
|
17
22
|
@action.call("describe.one", @checks, nil)
|
18
23
|
end
|
19
24
|
|
25
|
+
def input(input_name, options = {})
|
26
|
+
input_with_profile_id(__profile_id, input_name, options)
|
27
|
+
end
|
28
|
+
|
29
|
+
def input_object(name)
|
30
|
+
Inspec::InputRegistry.find_or_register_input(name, __profile_id)
|
31
|
+
end
|
32
|
+
|
20
33
|
def method_missing(method_name, *arguments)
|
21
34
|
Inspec::DSL.method_missing_resource(inspec, method_name, *arguments)
|
22
35
|
end
|
@@ -24,5 +37,17 @@ module Inspec
|
|
24
37
|
def describe(*args, &block)
|
25
38
|
@checks.push(["describe", args, block])
|
26
39
|
end
|
40
|
+
|
41
|
+
private
|
42
|
+
|
43
|
+
# While this is marked private, it gets consumed during an instance_eval,
|
44
|
+
# so it is fully visible. The double underscore is there to discourage
|
45
|
+
# use - this is a private API.
|
46
|
+
def __profile_id
|
47
|
+
# Excavate the profile ID. The action is a Method calling __add_check on
|
48
|
+
# a Rule whose profile ID we want
|
49
|
+
@action.receiver.instance_variable_get(:@__profile_id)
|
50
|
+
end
|
51
|
+
|
27
52
|
end
|
28
53
|
end
|
data/lib/inspec/file_provider.rb
CHANGED
@@ -123,6 +123,7 @@ module Inspec
|
|
123
123
|
end
|
124
124
|
|
125
125
|
def read(file)
|
126
|
+
# TODO: this is inefficient
|
126
127
|
@contents[file] ||= read_from_zip(file)
|
127
128
|
end
|
128
129
|
|
@@ -141,6 +142,10 @@ module Inspec
|
|
141
142
|
next unless file == entry.name
|
142
143
|
|
143
144
|
res = io.read
|
145
|
+
try = res.dup
|
146
|
+
try.force_encoding Encoding::UTF_8
|
147
|
+
res = try.encode(try.encoding, universal_newline: true) if try.valid_encoding?
|
148
|
+
|
144
149
|
break
|
145
150
|
end
|
146
151
|
end
|
@@ -174,7 +179,8 @@ module Inspec
|
|
174
179
|
res = entry.read || ""
|
175
180
|
try = res.dup
|
176
181
|
try.force_encoding Encoding::UTF_8
|
177
|
-
res = try if
|
182
|
+
res = try.encode(try.encoding, universal_newline: true) if
|
183
|
+
try.valid_encoding?
|
178
184
|
res
|
179
185
|
end
|
180
186
|
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
|
2
|
+
require "inspec/input_registry"
|
3
|
+
|
4
|
+
module Inspec
|
5
|
+
# A mixin to provide implementations for the input() DSL methods
|
6
|
+
module InputDslHelpers
|
7
|
+
|
8
|
+
# Find or create an input, explicitly named by a profile ID and
|
9
|
+
# input name. Evaluate the input and return the value.
|
10
|
+
# @param [String] Profile ID
|
11
|
+
# @param [String] Input Name
|
12
|
+
# @param [Hash] Input options - see input docs on website
|
13
|
+
# @returns [Object] Input value
|
14
|
+
def input_with_profile_id(profile_id, input_name, options)
|
15
|
+
if options.empty?
|
16
|
+
# Simply an access, no event here
|
17
|
+
Inspec::InputRegistry.find_or_register_input(input_name, profile_id).value
|
18
|
+
else
|
19
|
+
options[:priority] = 20
|
20
|
+
options[:provider] = :inline_control_code
|
21
|
+
evt = Inspec::Input.infer_event(options)
|
22
|
+
Inspec::InputRegistry.find_or_register_input(input_name, profile_id, event: evt).value
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -208,8 +208,8 @@ module Inspec
|
|
208
208
|
data = Inspec::SecretsBackend.resolve(path)
|
209
209
|
if data.nil?
|
210
210
|
raise Inspec::Exceptions::SecretsBackendNotFound,
|
211
|
-
|
212
|
-
|
211
|
+
"Cannot find parser for inputs file '#{path}'. " \
|
212
|
+
"Check to make sure file has the appropriate extension."
|
213
213
|
end
|
214
214
|
|
215
215
|
next if data.inputs.nil?
|
@@ -230,14 +230,14 @@ module Inspec
|
|
230
230
|
def validate_inputs_file_readability!(path)
|
231
231
|
unless File.exist?(path)
|
232
232
|
raise Inspec::Exceptions::InputsFileDoesNotExist,
|
233
|
-
|
234
|
-
|
233
|
+
"Cannot find input file '#{path}'. " \
|
234
|
+
"Check to make sure file exists."
|
235
235
|
end
|
236
236
|
|
237
237
|
unless File.readable?(path)
|
238
238
|
raise Inspec::Exceptions::InputsFileNotReadable,
|
239
|
-
|
240
|
-
|
239
|
+
"Cannot read input file '#{path}'. " \
|
240
|
+
"Check to make sure file is readable."
|
241
241
|
end
|
242
242
|
|
243
243
|
true
|
data/lib/inspec/metadata.rb
CHANGED
@@ -64,6 +64,7 @@ module Inspec
|
|
64
64
|
end
|
65
65
|
|
66
66
|
def supports_platform?(backend)
|
67
|
+
require "inspec/resources/platform" # break circularity in load
|
67
68
|
backend.platform.supported?(params[:supports])
|
68
69
|
end
|
69
70
|
|
@@ -156,9 +157,12 @@ module Inspec
|
|
156
157
|
nil
|
157
158
|
when nil then nil
|
158
159
|
else
|
159
|
-
Inspec.deprecate(
|
160
|
+
Inspec.deprecate(
|
161
|
+
:supports_syntax,
|
160
162
|
"Do not use deprecated `supports: #{x}` syntax. Instead use:\n"\
|
161
|
-
|
163
|
+
"supports:\n - os-family: #{x}\n\n"
|
164
|
+
)
|
165
|
+
|
162
166
|
{ :'os-family' => x } # rubocop:disable Style/HashSyntax
|
163
167
|
end
|
164
168
|
end
|
data/lib/inspec/method_source.rb
CHANGED
@@ -14,7 +14,7 @@ module Inspec
|
|
14
14
|
::MethodSource.expression_at(src.lines, location[:line]).force_encoding("utf-8")
|
15
15
|
rescue SyntaxError => e
|
16
16
|
raise ::MethodSource::SourceNotFoundError,
|
17
|
-
|
17
|
+
"Could not parse source at #{location[:ref]}:#{location[:line]}: #{e.message}"
|
18
18
|
end
|
19
19
|
end
|
20
20
|
end
|
@@ -1,3 +1,8 @@
|
|
1
|
+
# This class is deprecated and will be removed in the next major release of InSpec.
|
2
|
+
# Use the Inspec::Object classes from the inspec-objects rubygem instead.
|
3
|
+
|
4
|
+
require "inspec/utils/deprecation"
|
5
|
+
|
1
6
|
module Inspec
|
2
7
|
class Control
|
3
8
|
attr_accessor :id, :title, :descriptions, :impact, :tests, :tags, :refs, :only_if
|
@@ -6,6 +11,8 @@ module Inspec
|
|
6
11
|
@tags = []
|
7
12
|
@refs = []
|
8
13
|
@descriptions = {}
|
14
|
+
|
15
|
+
Inspec.deprecate(:object_classes, "The Inspec::Control class is deprecated. Use the Inspec::Object::Control class from the inspec-objects Ruby library.")
|
9
16
|
end
|
10
17
|
|
11
18
|
def add_test(t)
|
@@ -1,3 +1,8 @@
|
|
1
|
+
# This class is deprecated and will be removed in the next major release of InSpec.
|
2
|
+
# Use the Inspec::Object classes from the inspec-objects rubygem instead.
|
3
|
+
|
4
|
+
require "inspec/utils/deprecation"
|
5
|
+
|
1
6
|
module Inspec
|
2
7
|
class Describe
|
3
8
|
# Internal helper to structure test objects.
|
@@ -53,6 +58,8 @@ module Inspec
|
|
53
58
|
@qualifier = []
|
54
59
|
@tests = []
|
55
60
|
@variables = []
|
61
|
+
|
62
|
+
Inspec.deprecate(:object_classes, "The Inspec::Describe class is deprecated. Use the Inspec::Object::Describe class from the inspec-objects Ruby library.")
|
56
63
|
end
|
57
64
|
|
58
65
|
def add_test(its, matcher, expectation, opts = {})
|
@@ -1,3 +1,8 @@
|
|
1
|
+
# This class is deprecated and will be removed in the next major release of InSpec.
|
2
|
+
# Use the Inspec::Object classes from the inspec-objects rubygem instead.
|
3
|
+
|
4
|
+
require "inspec/utils/deprecation"
|
5
|
+
|
1
6
|
module Inspec
|
2
7
|
class EachLoop < List
|
3
8
|
attr_reader :variables
|
@@ -6,6 +11,8 @@ module Inspec
|
|
6
11
|
super
|
7
12
|
@tests = []
|
8
13
|
@variables = []
|
14
|
+
|
15
|
+
Inspec.deprecate(:object_classes, "The Inspec::EachLoop class is deprecated. Use the Inspec::Object::EachLoop class from the inspec-objects Ruby library.")
|
9
16
|
end
|
10
17
|
|
11
18
|
def add_test(t = nil)
|
data/lib/inspec/objects/input.rb
CHANGED
@@ -1,3 +1,7 @@
|
|
1
|
+
# This file is deprecated and will be removed in the next major release of InSpec.
|
2
|
+
# The Inspec::Input class will remain but these methods will be removed.
|
3
|
+
# Use the Inspec::Object::Input class from the inspec-objects rubygem instead.
|
4
|
+
|
1
5
|
require "inspec/input"
|
2
6
|
|
3
7
|
module Inspec
|
@@ -1,9 +1,16 @@
|
|
1
|
+
# This class is deprecated and will be removed in the next major release of InSpec.
|
2
|
+
# Use the Inspec::Object classes from the inspec-objects rubygem instead.
|
3
|
+
|
4
|
+
require "inspec/utils/deprecation"
|
5
|
+
|
1
6
|
module Inspec
|
2
7
|
class OrTest
|
3
8
|
attr_reader :tests
|
4
9
|
def initialize(tests)
|
5
10
|
@tests = tests
|
6
11
|
@negated = false
|
12
|
+
|
13
|
+
Inspec.deprecate(:object_classes, "The Inspec::OrTest class is deprecated. Use the Inspec::Object::OrTest class from the inspec-objects Ruby library.")
|
7
14
|
end
|
8
15
|
|
9
16
|
def skip
|
data/lib/inspec/objects/tag.rb
CHANGED
@@ -1,3 +1,8 @@
|
|
1
|
+
# This class is deprecated and will be removed in the next major release of InSpec.
|
2
|
+
# Use the Inspec::Object classes from the inspec-objects rubygem instead.
|
3
|
+
|
4
|
+
require "inspec/utils/deprecation"
|
5
|
+
|
1
6
|
module Inspec
|
2
7
|
class Tag
|
3
8
|
attr_accessor :key, :value
|
@@ -5,6 +10,8 @@ module Inspec
|
|
5
10
|
def initialize(key, value)
|
6
11
|
@key = key
|
7
12
|
@value = value
|
13
|
+
|
14
|
+
Inspec.deprecate(:object_classes, "The Inspec::Tag class is deprecated. Use the Inspec::Object::Tag class from the inspec-objects Ruby library.")
|
8
15
|
end
|
9
16
|
|
10
17
|
def to_hash
|
data/lib/inspec/objects/test.rb
CHANGED
@@ -1,3 +1,8 @@
|
|
1
|
+
# This class is deprecated and will be removed in the next major release of InSpec.
|
2
|
+
# Use the Inspec::Object classes from the inspec-objects rubygem instead.
|
3
|
+
|
4
|
+
require "inspec/utils/deprecation"
|
5
|
+
|
1
6
|
module Inspec
|
2
7
|
class Test
|
3
8
|
attr_accessor :qualifier, :matcher, :expectation, :skip, :negated, :variables, :only_if
|
@@ -7,6 +12,8 @@ module Inspec
|
|
7
12
|
@qualifier = []
|
8
13
|
@negated = false
|
9
14
|
@variables = []
|
15
|
+
|
16
|
+
Inspec.deprecate(:object_classes, "The Inspec::Test class is deprecated. Use the Inspec::Object::Test class from the inspec-objects Ruby library.")
|
10
17
|
end
|
11
18
|
|
12
19
|
def negate!
|
@@ -75,7 +82,7 @@ module Inspec
|
|
75
82
|
" " + expectation.inspect
|
76
83
|
end
|
77
84
|
format("%s%sdescribe %s do\n %s { should%s %s%s }\nend",
|
78
|
-
|
85
|
+
only_if_clause, vars, res, itsy, naughty, matcher, xpect)
|
79
86
|
end
|
80
87
|
|
81
88
|
def rb_skip
|
data/lib/inspec/objects/value.rb
CHANGED
@@ -1,3 +1,8 @@
|
|
1
|
+
# This class is deprecated and will be removed in the next major release of InSpec.
|
2
|
+
# Use the Inspec::Object classes from the inspec-objects rubygem instead.
|
3
|
+
|
4
|
+
require "inspec/utils/deprecation"
|
5
|
+
|
1
6
|
module Inspec
|
2
7
|
class Value
|
3
8
|
include ::Inspec::RubyHelper
|
@@ -9,6 +14,8 @@ module Inspec
|
|
9
14
|
def initialize(qualifiers = [])
|
10
15
|
@qualifier = qualifiers
|
11
16
|
@variable = nil
|
17
|
+
|
18
|
+
Inspec.deprecate(:object_classes, "The Inspec::Value class is deprecated. Use the Inspec::Object::Value class from the inspec-objects Ruby library.")
|
12
19
|
end
|
13
20
|
|
14
21
|
def to_ruby
|
@@ -267,12 +267,17 @@ module Inspec::Plugin::V2
|
|
267
267
|
# Make Set that encompasses just the gemfile that was provided
|
268
268
|
plugin_local_source = Gem::Source::SpecificFile.new(opts[:gem_file])
|
269
269
|
|
270
|
-
plugin_dependency = Gem::Dependency.new(
|
271
|
-
|
270
|
+
plugin_dependency = Gem::Dependency.new(
|
271
|
+
requested_plugin_name,
|
272
|
+
plugin_local_source.spec.version
|
273
|
+
)
|
272
274
|
|
273
275
|
requested_local_gem_set = Gem::Resolver::InstallerSet.new(:both)
|
274
|
-
requested_local_gem_set.add_local(
|
275
|
-
|
276
|
+
requested_local_gem_set.add_local(
|
277
|
+
plugin_dependency.name,
|
278
|
+
plugin_local_source.spec,
|
279
|
+
plugin_local_source
|
280
|
+
)
|
276
281
|
|
277
282
|
install_gem_to_plugins_dir(plugin_dependency, [requested_local_gem_set])
|
278
283
|
end
|
data/lib/inspec/resource.rb
CHANGED
data/lib/inspec/resources/apt.rb
CHANGED
@@ -92,7 +92,7 @@ module Inspec::Resources
|
|
92
92
|
# deb [trusted=yes] http://archive.ubuntu.com/ubuntu/ wily main restricted ...
|
93
93
|
|
94
94
|
words = line.split
|
95
|
-
words.
|
95
|
+
words.delete_at 1 if words[1] && words[1].start_with?("[")
|
96
96
|
type, url, distro, *components = words
|
97
97
|
url = url.delete('"') if url
|
98
98
|
|
@@ -30,7 +30,7 @@ module Inspec::Resources
|
|
30
30
|
def initialize
|
31
31
|
unless inspec.command("/sbin/auditctl").exist?
|
32
32
|
raise Inspec::Exceptions::ResourceFailed,
|
33
|
-
|
33
|
+
"Command `/sbin/auditctl` does not exist"
|
34
34
|
end
|
35
35
|
|
36
36
|
auditctl_cmd = "/sbin/auditctl -l"
|
@@ -38,7 +38,7 @@ module Inspec::Resources
|
|
38
38
|
|
39
39
|
if result.exit_status != 0
|
40
40
|
raise Inspec::Exceptions::ResourceFailed,
|
41
|
-
|
41
|
+
"Command `#{auditctl_cmd}` failed with error: #{result.stderr}"
|
42
42
|
end
|
43
43
|
|
44
44
|
@content = result.stdout
|
@@ -46,8 +46,8 @@ module Inspec::Resources
|
|
46
46
|
|
47
47
|
if @content =~ /^LIST_RULES:/
|
48
48
|
raise Inspec::Exceptions::ResourceFailed,
|
49
|
-
|
50
|
-
|
49
|
+
"The version of audit is outdated." \
|
50
|
+
"The `auditd` resource supports versions of audit >= 2.3."
|
51
51
|
end
|
52
52
|
parse_content
|
53
53
|
end
|
@@ -37,7 +37,7 @@ module Inspec::Resources
|
|
37
37
|
# Make sure command is replaced so sensitive output isn't shown
|
38
38
|
@command = "ERROR"
|
39
39
|
raise Inspec::Exceptions::ResourceFailed,
|
40
|
-
|
40
|
+
"The `redact_regex` option must be a regular expression"
|
41
41
|
end
|
42
42
|
@redact_regex = options[:redact_regex]
|
43
43
|
end
|
@@ -98,7 +98,7 @@ module Inspec::Resources
|
|
98
98
|
cmd = inspec.command("df #{partition} -PT")
|
99
99
|
if cmd.stdout.nil? || cmd.stdout.empty? || cmd.exit_status != 0
|
100
100
|
raise Inspec::Exceptions::ResourceFailed,
|
101
|
-
|
101
|
+
"Unable to get available space for partition #{partition}"
|
102
102
|
end
|
103
103
|
value = cmd.stdout.split(/\n/)[1].strip.split(" ")
|
104
104
|
{
|
@@ -125,8 +125,8 @@ module Inspec::Resources
|
|
125
125
|
fs = JSON.parse(cmd.stdout)
|
126
126
|
rescue JSON::ParserError => e
|
127
127
|
raise Inspec::Exceptions::ResourceFailed,
|
128
|
-
|
129
|
-
|
128
|
+
"Failed to parse JSON from Powershell. " \
|
129
|
+
"Error: #{e}"
|
130
130
|
end
|
131
131
|
{
|
132
132
|
name: fs["DeviceID"],
|
data/lib/inspec/resources/gem.rb
CHANGED
@@ -2,7 +2,7 @@ require "inspec/resources/command"
|
|
2
2
|
|
3
3
|
module Inspec::Resources
|
4
4
|
class GemPackage < Inspec.resource(1)
|
5
|
-
name "gem"
|
5
|
+
name "gem" # TODO: rename to "rubygem" and provide alias
|
6
6
|
supports platform: "unix"
|
7
7
|
supports platform: "windows"
|
8
8
|
desc "Use the gem InSpec audit resource to test if a global gem package is installed."
|
@@ -17,11 +17,12 @@ module Inspec::Resources
|
|
17
17
|
|
18
18
|
def initialize(package_name, gem_binary = nil)
|
19
19
|
@package_name = package_name
|
20
|
-
@gem_binary = case gem_binary
|
20
|
+
@gem_binary = case gem_binary # TODO: no. this is not right
|
21
21
|
when nil
|
22
22
|
"gem"
|
23
23
|
when :chef
|
24
24
|
if inspec.os.windows?
|
25
|
+
# TODO: what about chef-dk or other installs?
|
25
26
|
'c:\opscode\chef\embedded\bin\gem.bat'
|
26
27
|
else
|
27
28
|
"/opt/chef/embedded/bin/gem"
|
@@ -35,8 +35,8 @@ module Inspec::Resources
|
|
35
35
|
# profiles.
|
36
36
|
if opts.key?(:enable_remote_worker) && !inspec.local_transport?
|
37
37
|
warn "Ignoring `enable_remote_worker` option, the `http` resource ",
|
38
|
-
|
39
|
-
|
38
|
+
"remote worker is enabled by default for remote targets and ",
|
39
|
+
"cannot be disabled"
|
40
40
|
end
|
41
41
|
|
42
42
|
# Run locally if InSpec is ran locally and remotely if ran remotely
|
@@ -164,7 +164,7 @@ module Inspec::Resources
|
|
164
164
|
def initialize(inspec, http_method, url, opts)
|
165
165
|
unless inspec.command("curl").exist?
|
166
166
|
raise Inspec::Exceptions::ResourceSkipped,
|
167
|
-
|
167
|
+
"curl is not available on the target machine"
|
168
168
|
end
|
169
169
|
|
170
170
|
@ran_curl = false
|
data/lib/inspec/resources/npm.rb
CHANGED
@@ -27,12 +27,20 @@ module Inspec::Resources
|
|
27
27
|
return @info if defined?(@info)
|
28
28
|
|
29
29
|
if @location
|
30
|
-
|
30
|
+
command_separator = inspec.os.platform?("windows") ? ";" : "&&"
|
31
|
+
invocation = "cd #{Shellwords.escape @location} #{command_separator} npm"
|
31
32
|
else
|
32
|
-
|
33
|
+
invocation = "npm -g"
|
33
34
|
end
|
34
35
|
|
35
|
-
|
36
|
+
invocation = "#{invocation} ls --json #{@package_name}"
|
37
|
+
|
38
|
+
# If on unix, wrap in sh -c to protect against sudo
|
39
|
+
unless inspec.os.platform?("windows")
|
40
|
+
invocation = "sh -c '#{invocation}'"
|
41
|
+
end
|
42
|
+
|
43
|
+
cmd = inspec.command(invocation)
|
36
44
|
@info = {
|
37
45
|
name: @package_name,
|
38
46
|
type: "npm",
|
@@ -58,8 +58,8 @@ module Inspec::Resources
|
|
58
58
|
command = command_builder(format_options, sql)
|
59
59
|
inspec_cmd = inspec.command(command)
|
60
60
|
|
61
|
-
DatabaseHelper::SQLQueryResult.new(inspec_cmd,
|
62
|
-
|
61
|
+
DatabaseHelper::SQLQueryResult.new(inspec_cmd,
|
62
|
+
send(parser, inspec_cmd.stdout))
|
63
63
|
end
|
64
64
|
|
65
65
|
def to_s
|
@@ -217,8 +217,7 @@ module Inspec::Resources
|
|
217
217
|
}
|
218
218
|
rescue JSON::ParserError => e
|
219
219
|
raise Inspec::Exceptions::ResourceFailed,
|
220
|
-
|
221
|
-
"Error: #{e}"
|
220
|
+
"Failed to parse JSON from `brew` command. Error: #{e}"
|
222
221
|
end
|
223
222
|
end
|
224
223
|
|
@@ -307,8 +306,7 @@ module Inspec::Resources
|
|
307
306
|
package = JSON.parse(cmd.stdout)
|
308
307
|
rescue JSON::ParserError => e
|
309
308
|
raise Inspec::Exceptions::ResourceFailed,
|
310
|
-
|
311
|
-
"Error: #{e}"
|
309
|
+
"Failed to parse JSON from PowerShell. Error: #{e}"
|
312
310
|
end
|
313
311
|
|
314
312
|
# What if we match multiple packages? just pick the first one for now.
|
@@ -304,10 +304,12 @@ module Inspec::Resources
|
|
304
304
|
|
305
305
|
# LoadState values eg. loaded, not-found
|
306
306
|
installed = params["LoadState"] == "loaded"
|
307
|
+
startname = params["User"]
|
307
308
|
|
308
309
|
{
|
309
310
|
name: params["Id"],
|
310
311
|
description: params["Description"],
|
312
|
+
startname: startname,
|
311
313
|
installed: installed,
|
312
314
|
running: is_active?(service_name),
|
313
315
|
enabled: is_enabled?(service_name),
|
@@ -45,7 +45,7 @@ module Inspec::Resources
|
|
45
45
|
end
|
46
46
|
|
47
47
|
def linux_hostname(opt = nil)
|
48
|
-
if
|
48
|
+
if opt
|
49
49
|
opt = case opt
|
50
50
|
when "f", "long", "fqdn", "full"
|
51
51
|
" -f"
|
@@ -67,7 +67,7 @@ module Inspec::Resources
|
|
67
67
|
end
|
68
68
|
|
69
69
|
def mac_hostname(opt = nil)
|
70
|
-
if
|
70
|
+
if opt
|
71
71
|
opt = case opt
|
72
72
|
when "f", "long", "fqdn", "full"
|
73
73
|
" -f"
|
@@ -624,7 +624,9 @@ module Inspec::Resources
|
|
624
624
|
|
625
625
|
def meta_info(username)
|
626
626
|
res = identity(username)
|
627
|
+
|
627
628
|
return if res.nil?
|
629
|
+
|
628
630
|
{
|
629
631
|
home: res[:home],
|
630
632
|
shell: res[:shell],
|
@@ -635,7 +637,9 @@ module Inspec::Resources
|
|
635
637
|
|
636
638
|
def credentials(username)
|
637
639
|
res = identity(username)
|
640
|
+
|
638
641
|
return if res.nil?
|
642
|
+
|
639
643
|
{
|
640
644
|
mindays: res[:mindays],
|
641
645
|
maxdays: res[:maxdays],
|
@@ -1,6 +1,7 @@
|
|
1
1
|
require "inspec/input_registry"
|
2
2
|
require "inspec/plugin/v2"
|
3
3
|
require "rspec/core/example_group"
|
4
|
+
require "inspec/input_dsl_helpers"
|
4
5
|
|
5
6
|
# Any additions to RSpec::Core::ExampleGroup (the RSpec class behind describe blocks) should go here.
|
6
7
|
|
@@ -82,18 +83,12 @@ module Inspec
|
|
82
83
|
end
|
83
84
|
|
84
85
|
class RSpec::Core::ExampleGroup
|
86
|
+
include Inspec::InputDslHelpers
|
87
|
+
|
85
88
|
# This DSL method allows us to access the values of inputs within InSpec tests
|
86
89
|
def input(input_name, options = {})
|
87
90
|
profile_id = self.class.metadata[:profile_id]
|
88
|
-
|
89
|
-
# Simply an access, no event here
|
90
|
-
Inspec::InputRegistry.find_or_register_input(input_name, profile_id).value
|
91
|
-
else
|
92
|
-
options[:priority] = 20
|
93
|
-
options[:provider] = :inline_control_code
|
94
|
-
evt = Inspec::Input.infer_event(options)
|
95
|
-
Inspec::InputRegistry.find_or_register_input(input_name, profile_id, event: evt).value
|
96
|
-
end
|
91
|
+
input_with_profile_id(profile_id, input_name, options)
|
97
92
|
end
|
98
93
|
define_example_method :input
|
99
94
|
|
data/lib/inspec/rule.rb
CHANGED
@@ -4,6 +4,7 @@ require "method_source"
|
|
4
4
|
require "date"
|
5
5
|
require "inspec/describe_base"
|
6
6
|
require "inspec/expect"
|
7
|
+
require "inspec/impact"
|
7
8
|
require "inspec/resource"
|
8
9
|
require "inspec/resources/os"
|
9
10
|
require "inspec/input_registry"
|
@@ -204,7 +205,11 @@ module Inspec
|
|
204
205
|
|
205
206
|
def self.set_skip_rule(rule, value, message = nil, type = :only_if)
|
206
207
|
rule.instance_variable_set(:@__skip_rule,
|
207
|
-
|
208
|
+
{
|
209
|
+
result: value,
|
210
|
+
message: message,
|
211
|
+
type: type,
|
212
|
+
})
|
208
213
|
end
|
209
214
|
|
210
215
|
def self.merge_count(rule)
|
data/lib/inspec/runner.rb
CHANGED
@@ -190,10 +190,10 @@ module Inspec
|
|
190
190
|
#
|
191
191
|
def add_target(target, _opts = [])
|
192
192
|
profile = Inspec::Profile.for_target(target,
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
193
|
+
vendor_cache: @cache,
|
194
|
+
backend: @backend,
|
195
|
+
controls: @controls,
|
196
|
+
runner_conf: @conf)
|
197
197
|
raise "Could not resolve #{target} to valid input." if profile.nil?
|
198
198
|
|
199
199
|
@target_profiles << profile if supports_profile?(profile)
|
data/lib/inspec/version.rb
CHANGED
@@ -12,6 +12,7 @@ require "tmpdir"
|
|
12
12
|
require "pathname"
|
13
13
|
require "forwardable"
|
14
14
|
|
15
|
+
require "functional/helper"
|
15
16
|
require "inspec/plugin/v2"
|
16
17
|
|
17
18
|
# Configure Minitest to expose things like `let`
|
@@ -36,35 +37,32 @@ end
|
|
36
37
|
# end
|
37
38
|
# end
|
38
39
|
|
40
|
+
# TODO: remove me! There's no need!
|
39
41
|
module CorePluginBaseHelper
|
40
|
-
|
41
|
-
|
42
|
-
let(:
|
43
|
-
let(:inspec_path) { File.join(repo_path, "inspec-bin", "bin", "inspec") }
|
44
|
-
let(:exec_inspec) { [Gem.ruby, "-I#{libdir}", inspec_path].join " " }
|
45
|
-
let(:core_mock_path) { File.join(repo_path, "test", "unit", "mock") }
|
46
|
-
let(:core_fixture_plugins_path) { File.join(core_mock_path, "plugins") }
|
47
|
-
let(:core_config_dir_path) { File.join(core_mock_path, "config_dirs") }
|
42
|
+
let(:mock_path) { File.join(repo_path, "test", "fixtures", "mock") }
|
43
|
+
let(:core_fixture_plugins_path) { File.join(mock_path, "plugins") }
|
44
|
+
let(:core_config_dir_path) { File.join(mock_path, "config_dirs") }
|
48
45
|
|
49
46
|
let(:registry) { Inspec::Plugin::V2::Registry.instance }
|
50
47
|
end
|
51
48
|
|
52
|
-
require "functional/helper"
|
53
|
-
|
54
49
|
module CorePluginFunctionalHelper
|
55
50
|
include CorePluginBaseHelper
|
56
51
|
include FunctionalHelper
|
57
52
|
|
53
|
+
# TODO: so much duplication! Remove everything we can!
|
58
54
|
require "train"
|
59
55
|
TRAIN_CONNECTION = Train.create("local", command_runner: :generic).connection
|
60
56
|
|
57
|
+
# TODO: remove me! it's in test/functional/helper.rb
|
61
58
|
def run_inspec_process(command_line, opts = {})
|
62
59
|
prefix = ""
|
63
60
|
if opts.key?(:prefix)
|
64
61
|
prefix = opts[:prefix]
|
65
62
|
elsif opts.key?(:env)
|
66
|
-
prefix = opts[:env]
|
63
|
+
prefix = assemble_env_prefix opts[:env]
|
67
64
|
end
|
65
|
+
|
68
66
|
TRAIN_CONNECTION.run_command("#{prefix} #{exec_inspec} #{command_line}")
|
69
67
|
end
|
70
68
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.18.
|
4
|
+
version: 4.18.38
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dominik Richter
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-11-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: train-core
|
@@ -44,20 +44,6 @@ dependencies:
|
|
44
44
|
- - "<"
|
45
45
|
- !ruby/object:Gem::Version
|
46
46
|
version: '2.0'
|
47
|
-
- !ruby/object:Gem::Dependency
|
48
|
-
name: chef-core
|
49
|
-
requirement: !ruby/object:Gem::Requirement
|
50
|
-
requirements:
|
51
|
-
- - "~>"
|
52
|
-
- !ruby/object:Gem::Version
|
53
|
-
version: '0.0'
|
54
|
-
type: :runtime
|
55
|
-
prerelease: false
|
56
|
-
version_requirements: !ruby/object:Gem::Requirement
|
57
|
-
requirements:
|
58
|
-
- - "~>"
|
59
|
-
- !ruby/object:Gem::Version
|
60
|
-
version: '0.0'
|
61
47
|
- !ruby/object:Gem::Dependency
|
62
48
|
name: thor
|
63
49
|
requirement: !ruby/object:Gem::Requirement
|
@@ -432,6 +418,7 @@ files:
|
|
432
418
|
- lib/inspec/globals.rb
|
433
419
|
- lib/inspec/impact.rb
|
434
420
|
- lib/inspec/input.rb
|
421
|
+
- lib/inspec/input_dsl_helpers.rb
|
435
422
|
- lib/inspec/input_registry.rb
|
436
423
|
- lib/inspec/library_eval_context.rb
|
437
424
|
- lib/inspec/log.rb
|