inspec-core 4.18.85 → 4.18.97

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 367bf0fb9467148e5434036ec14c7ec9b9b9e560504758e0c72493bacc73270a
-  data.tar.gz: 352392686e13db1a8827f9d7aa29f3961c070fd0b66d7f8cdb7ab88513429f59
+  metadata.gz: 6b39b8f2921accd19eb170e079a3b85bfb72611d618d5bc0b0c705eb08000323
+  data.tar.gz: 2c6a90407e96b9038044f03884bc0b2c842f06ef410139f929d6149717a49ea4
 SHA512:
-  metadata.gz: 8e237b06411e204f1a811c7cf5707ebed9082084f24e541fc94faea6e2e956ab671c2cdf1ab3ac2388e721129d151d06171791448501a71c760b426c2919567c
-  data.tar.gz: 11bdb33d12ef3890934c17bb5855001de5d0bce259f484e80b15ed3fed2b69639d509baab1a7f4690778c882ea1a11a6b50244a881cb883853eb6bfa77ec0866
+  metadata.gz: da18afb78ba9601984a36e2f8557cde0c0c316083e99e6f3b86162c8130970cba53f0b04c896bb3b87d29ad6fe76a85fea46339ee4799d4c827eda587b880a35
+  data.tar.gz: 71473c95ca6a3b4c36e71edab3663157aa4590ac41dcf26148d6baad03655287ae689ae525fcaa0b56e55d5041b69a0deeeb7207ee7454554e205c30c7476dfe

data/Gemfile

@@ -23,7 +23,7 @@ group :test do
   gem "minitest", "~> 5.5"
   gem "minitest-sprint", "~> 1.0"
   gem "rake", ">= 10"
-  gem "simplecov", "~> 0.10"
+  gem "simplecov", ["~> 0.10", "<=0.18.2"]
   gem "concurrent-ruby", "~> 1.0"
   gem "mocha", "~> 1.1"
   gem "ruby-progressbar", "~> 1.8"
@@ -35,9 +35,10 @@ end
 
 group :integration do
   gem "berkshelf"
-  gem "chef", "< 15"
   gem "test-kitchen"
   gem "kitchen-vagrant"
+  gem "chef", "< 15"
+  gem "chef-zero", "< 15"
   gem "kitchen-inspec"
   gem "kitchen-ec2"
   gem "kitchen-dokken"

data/README.md

@@ -1,8 +1,8 @@
 # Chef InSpec: Inspect Your Infrastructure
 
 * **Project State: Active**
-* **Issues Response SLA: 3 business days**
-* **Pull Request Response SLA: 3 business days**
+* **Issues Response SLA: 14 business days**
+* **Pull Request Response SLA: 14 business days**
 
 For more information on project states and SLAs, see [this documentation](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md).
 

data/inspec-core.gemspec

@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "chef-telemetry",     "~> 1.0"
   spec.add_dependency "license-acceptance", ">= 0.2.13", "< 2.0"
   spec.add_dependency "thor",               ">= 0.20", "< 2.0"
-  spec.add_dependency "json-schema",        "~> 2.8"
+  spec.add_dependency "json_schemer",       "~> 0.2.1"
   spec.add_dependency "method_source",      "~> 0.8"
   spec.add_dependency "rubyzip",            "~> 1.2", ">= 1.2.2"
   spec.add_dependency "rspec",              "~> 3.9"

data/lib/inspec/cli.rb

@@ -377,12 +377,12 @@ class Inspec::InspecCLI < Inspec::BaseCLI
 
   desc "schema NAME", "print the JSON schema", hide: true
   def schema(name)
-    require "inspec/schema"
+    require "inspec/schema/output_schema"
 
-    puts Inspec::Schema.json(name)
+    puts Inspec::Schema::OutputSchema.json(name)
   rescue StandardError => e
     puts e
-    puts "Valid schemas are #{Inspec::Schema.names.join(", ")}"
+    puts "Valid schemas are #{Inspec::Schema::OutputSchema.names.join(", ")}"
   end
 
   desc "version", "prints the version of this tool"
@@ -470,5 +470,5 @@ rescue Inspec::Plugin::V2::Exception => v2ex
   else
     Inspec::Log.error "Run again with --debug for a stacktrace."
   end
-  ui.exit Inspec::UI::EXIT_PLUGIN_ERROR
+  exit Inspec::UI::EXIT_PLUGIN_ERROR
 end

data/lib/inspec/globals.rb

@@ -1,9 +1,15 @@
+require_relative "utils/install_context"
+
 module Inspec
+
+  extend Inspec::InstallContextHelpers
+
   def self.config_dir
     ENV["INSPEC_CONFIG_DIR"] ? ENV["INSPEC_CONFIG_DIR"] : File.join(Dir.home, ".inspec")
   end
 
   def self.src_root
-    File.expand_path(File.join(__FILE__, "..", "..", ".."))
+    @src_root ||= File.expand_path(File.join(__FILE__, "../../.."))
   end
+
 end

data/lib/inspec/library_eval_context.rb

@@ -12,44 +12,42 @@ module Inspec
   # registry used by all dsl methods bound to the resource registry
   # passed into the #create constructor.
   #
+  #
   class LibraryEvalContext
-    # rubocop:disable Naming/ConstantName
-    Inspec = :nope! # see #initialize below
-    # rubocop:enable Naming/ConstantName
-
-    ##
-    # Include a custom `require` method that gets used when this
-    # context is used to eval source. See lib/inspec/dsl_shared.rb for
-    # more details.
-    include ::Inspec::DSL::RequireOverride
-
     def self.create(registry, require_loader)
-      Class.new(LibraryEvalContext).new(registry, require_loader)
-    end
-
-    # Provide the local binding for this context which is
-    # necessary for calls to `require` to create all dependent
-    # objects in the correct context.
-    attr_accessor :__inspec_binding
-
-    def initialize(registry, require_loader)
-      @require_loader = require_loader
-      # rubocop:disable Style/RedundantSelf
-      self.__inspec_binding = self.instance_eval { binding }
-      # rubocop:enable Style/RedundantSelf
-
-      @res_klass = Class.new ::Inspec::Resource
-      @res_klass.__resource_registry = registry
-
-      # NOTE: this *must* be a subclass of LibraryEvalContext to work
-      self.class.const_set :Inspec, self # BYPASS! See resource below
-    end
-
-    # Fake for Inspec.resource in lib/inspec/resource.rb that provides
-    # our own Resource subclass that has its own private __resource_registry
-    def resource(version)
-      ::Inspec.validate_resource_dsl_version!(version)
-      @res_klass
+      c = Class.new(Inspec::Resource) do
+        define_singleton_method :__resource_registry do
+          registry
+        end
+      end
+
+      c2 = Class.new do
+        define_singleton_method :resource do |version|
+          Inspec.validate_resource_dsl_version!(version)
+          c
+        end
+      end
+
+      c3 = Class.new do
+        include Inspec::DSL::RequireOverride
+        def initialize(require_loader)
+          @require_loader = require_loader
+          @inspec_binding = nil
+        end
+
+        def __inspec_binding
+          @inspec_binding
+        end
+      end
+
+      c3.const_set(:Inspec, c2)
+      res = c3.new(require_loader)
+
+      # Provide the local binding for this context which is necessary for
+      # calls to `require` to create all dependent objects in the correct
+      # context.
+      res.instance_variable_set("@inspec_binding", res.instance_eval("binding"))
+      res
     end
   end
 end

data/lib/inspec/plugin/v2/loader.rb

@@ -32,6 +32,13 @@ module Inspec::Plugin::V2
 
       # Identify plugins that inspec is co-installed with
       detect_system_plugins unless options[:omit_sys_plugins]
+
+      # Train plugins are not true InSpec plugins; we need to decorate them a
+      # bit more to integrate them. Wait to do this until after we know if
+      # they are system or user.
+      registry.each do |plugin_name, status|
+        fixup_train_plugin_status(status) if train_plugin_name?(plugin_name)
+      end
     end
 
     def load_all
@@ -48,9 +55,12 @@ module Inspec::Plugin::V2
         begin
           # We could use require, but under testing, we need to repeatedly reload the same
           # plugin.  However, gems only work with require (rubygems dooes not overload `load`)
-          if plugin_details.installation_type == :user_gem
+          case plugin_details.installation_type
+          when :user_gem
             activate_managed_gems_for_plugin(plugin_name)
             require plugin_details.entry_point
+          when :system_gem
+            require plugin_details.entry_point
           else
             load_path = plugin_details.entry_point
             load_path += ".rb" unless plugin_details.entry_point.end_with?(".rb")
@@ -253,10 +263,6 @@ module Inspec::Plugin::V2
           status.entry_point = plugin_entry[:installation_path]
         end
 
-        # Train plugins are not true InSpec plugins; we need to decorate them a
-        # bit more to integrate them.
-        fixup_train_plugin_status(status) if train_plugin_name?(plugin_entry[:name])
-
         registry[status.name] = status
       end
     end
@@ -265,6 +271,8 @@ module Inspec::Plugin::V2
       status.api_generation = :'train-1'
       if status.installation_type == :user_gem
         # Activate the gem. This allows train to 'require' the gem later.
+        # This is not required for system gems because rubygems already has
+        # activated the gemspecs.
         activate_managed_gems_for_plugin(status.entry_point)
       end
     end

data/lib/inspec/resources/auditd.rb

@@ -187,8 +187,20 @@ module Inspec::Resources
       line.scan(/-S ([^ ]+)\s?/).flatten.first.split(",")
     end
 
+    # Processes the line and returns a pair of entries reflecting the 'action'
+    # and 'list' items.
+    #
+    # @return [Array[String,String]]
     def action_list_for(line)
-      line.scan(/-a ([^,]+),([^ ]+)\s?/).flatten
+      action_list = line.scan(/-a ([^,]+),([^ ]+)\s?/).flatten
+
+      # Actions and lists can be in either order
+      valid_actions = %w{never always}
+
+      [
+        (action_list & valid_actions).first,
+        (action_list - valid_actions).first,
+      ]
     end
 
     def key_for(line)

data/lib/inspec/resources/oracledb_session.rb

@@ -1,7 +1,5 @@
 require "inspec/resources/command"
 require "inspec/utils/database_helpers"
-require "htmlentities"
-require "rexml/document"
 require "hashie/mash"
 require "csv"
 
@@ -48,18 +46,15 @@ module Inspec::Resources
       if @sqlcl_bin && inspec.command(@sqlcl_bin).exist?
         @bin = @sqlcl_bin
         format_options = "set sqlformat csv\nSET FEEDBACK OFF"
-        parser = :parse_csv_result
       else
         @bin = "#{@sqlplus_bin} -S"
-        format_options = "SET MARKUP HTML ON\nSET PAGESIZE 32000\nSET FEEDBACK OFF"
-        parser = :parse_html_result
+        format_options = "SET MARKUP CSV ON\nSET PAGESIZE 32000\nSET FEEDBACK OFF"
       end
 
       command = command_builder(format_options, sql)
       inspec_cmd = inspec.command(command)
 
-      DatabaseHelper::SQLQueryResult.new(inspec_cmd,
-                                         send(parser, inspec_cmd.stdout))
+      DatabaseHelper::SQLQueryResult.new(inspec_cmd, parse_csv_result(inspec_cmd.stdout))
     end
 
     def to_s
@@ -86,7 +81,7 @@ module Inspec::Resources
       elsif @su_user.nil?
         %{#{sql_prefix}#{bin} "#{user}"/"#{password}"@#{host}:#{port}/#{@service} as #{@db_role}#{sql_postfix}}
       else
-        %{su - #{@su_user} -c "env ORACLE_SID=#{@service} #{bin} / as #{@db_role}#{sql_postfix}"}
+        %{su - #{@su_user} -c "env ORACLE_SID=#{@service} #{@bin} / as #{@db_role}#{sql_postfix}"}
       end
     end
 
@@ -96,54 +91,9 @@ module Inspec::Resources
     end
 
     def parse_csv_result(stdout)
-      output = stdout.delete(/\r/)
-      table = CSV.parse(output, { headers: true })
-
-      # convert to hash
-      headers = table.headers
-
-      results = table.map do |row|
-        res = {}
-        headers.each do |header|
-          res[header.downcase] = row[header]
-        end
-        Hashie::Mash.new(res)
-      end
-      results
-    end
-
-    def parse_html_result(stdout)
-      result = stdout
-      # make oracle html valid html by removing the p tag, it does not include a closing tag
-      result = result.gsub("<p>", "").gsub("</p>", "").gsub("<br>", "")
-      doc = REXML::Document.new result
-      table = doc.elements["table"]
-      hash = []
-      unless table.nil?
-        rows = table.elements.to_a
-        headers = rows[0].elements.to_a("th").map { |entry| entry.text.strip }
-        rows.delete_at(0)
-
-        # iterate over each row, first row is header
-        hash = []
-        if !rows.nil? && !rows.empty?
-          hash = rows.map do |row|
-            res = {}
-            entries = row.elements.to_a("td")
-            # ignore if we have empty entries, oracle is adding th rows in between
-            return nil if entries.empty?
-
-            headers.each_with_index do |header, index|
-              # we need htmlentities since we do not have nokogiri
-              coder = HTMLEntities.new
-              val = coder.decode(entries[index].text).strip
-              res[header.downcase] = val
-            end
-            Hashie::Mash.new(res)
-          end.compact
-        end
-      end
-      hash
+      output = stdout.sub(/\r/, "").strip
+      converter = ->(header) { header.downcase }
+      CSV.parse(output, headers: true, header_converters: converter).map { |row| Hashie::Mash.new(row.to_h) }
     end
   end
 end

data/lib/inspec/schema/README.md

@@ -0,0 +1,17 @@
+# Schema Generation
+
+These files handle the generation of JSON schema's for inspec output as yielded by `inspec schema <schema-name>`.
+This schema is in the JSON Schema 4th revision spec.
+
+## Structure
+Data/schema structures shared between all outputs are located in `primitives.rb`
+The files `exec_json_min.rb`, `exec_json.rb`, and `profile_json.rb` contain JSON structures for their specific output types, respectively.
+The output schema is "flat" in terms of schema structure, with each "type" defined in the JSONs `definitions` block and referred to via $ref.
+The logic for this is handled via the `SchemaType` class in `primitives.rb`.
+All relevant dependencies are included recursively via the `dependencies` property of that class, constructed using the `build_definitions` method in `output_schema.rb`.
+
+## Reasoning and validation
+In general the first iteration of this updated schema was made by examining the output of all of the profiles in the tests directory. 
+All of the profiles generated by those tests successfully validate against this schema.
+However, in light of potential missed properties that aren't covered by existing tests, the schema was left very non-strict.
+More specifically, "additionalProperties" was left as True on all schema objects.

data/lib/inspec/schema/exec_json.rb

@@ -0,0 +1,128 @@
+require "inspec/schema/primitives"
+
+# These type occur only when running "inspec exec --reporter json <file>".
+
+module Inspec
+  module Schema
+    module ExecJson
+      # Represents a label and description, to provide human-readable info about a control
+      CONTROL_DESCRIPTION = Primitives::SchemaType.new("Control Description", {
+        "type" => "object",
+        "additionalProperties" => true,
+        "required" => %w{label data},
+        "properties" => {
+          "label" => Primitives::STRING,
+          "data" => Primitives::STRING,
+        },
+      }, [])
+
+      # Lists the potential values for a control result
+      CONTROL_RESULT_STATUS = Primitives::SchemaType.new("Control Result Status", {
+        "type" => "string",
+        "enum" => %w{passed failed skipped error},
+      }, [])
+
+      # Represents the statistics/result of a control"s execution
+      CONTROL_RESULT = Primitives::SchemaType.new("Control Result", {
+        "type" => "object",
+        "additionalProperties" => true,
+        "required" => %w{code_desc run_time start_time},
+        "properties" => {
+          "status" => CONTROL_RESULT_STATUS.ref,
+          "code_desc" => Primitives::STRING,
+          "run_time" => Primitives::NUMBER,
+          "start_time" => Primitives::STRING,
+
+          # All optional
+          "resource" => Primitives::STRING,
+          "message" => Primitives::STRING,
+          "skip_message" => Primitives::STRING,
+          "exception" => Primitives::STRING,
+          "backtrace" => {
+            "anyOf" => [
+              Primitives.array(Primitives::STRING),
+              Primitives::NULL,
+            ],
+          },
+        },
+      }, [CONTROL_RESULT_STATUS])
+
+      # Represents a control produced
+      CONTROL = Primitives::SchemaType.new("Exec JSON Control", {
+        "type" => "object",
+        "additionalProperties" => true,
+        "required" => %w{id title desc impact refs tags code source_location results},
+        "properties" => {
+          "id" => Primitives.desc(Primitives::STRING, "The ID of this control"),
+          "title" => { "type" => %w{string null} }, # Nullable string
+          "desc" => { "type" => %w{string null} },
+          "descriptions" => Primitives.array(CONTROL_DESCRIPTION.ref),
+          "impact" => Primitives::IMPACT,
+          "refs" => Primitives.array(Primitives::REFERENCE.ref),
+          "tags" => Primitives::TAGS,
+          "code" => Primitives.desc(Primitives::STRING, "The raw source code of the control. Note that if this is an overlay control, it does not include the underlying source code"),
+          "source_location" => Primitives::SOURCE_LOCATION.ref,
+          "results" => Primitives.desc(Primitives.array(CONTROL_RESULT.ref), %q{
+              A list of all results of the controls describe blocks.
+
+              For instance, if in the controls code we had the following:
+                describe sshd_config do
+                  its('Port') { should cmp 22 }
+                end
+              The result of this block as a ControlResult would be appended to the results list.
+              }),
+        },
+      }, [CONTROL_DESCRIPTION, Primitives::REFERENCE, Primitives::SOURCE_LOCATION, CONTROL_RESULT])
+
+      # Based loosely on https://www.inspec.io/docs/reference/profiles/ as of July 3, 2019
+      # However, concessions were made to the reality of current reporters, specifically
+      # with how description is omitted and version/inspec_version aren't as advertised online
+      PROFILE = Primitives::SchemaType.new("Exec JSON Profile", {
+        "type" => "object",
+        "additionalProperties" => true,
+        "required" => %w{name sha256 supports attributes groups controls},
+        # Name is mandatory in inspec.yml.
+        # supports, controls, groups, and attributes are always present, even if empty
+        # sha256, status, skip_message
+        "properties" => {
+          # These are provided in inspec.yml
+          "name" => Primitives::STRING,
+          "title" => Primitives::STRING,
+          "maintainer" => Primitives::STRING,
+          "copyright" => Primitives::STRING,
+          "copyright_email" => Primitives::STRING,
+          "depends" => Primitives.array(Primitives::DEPENDENCY.ref),
+          "parent_profile" => Primitives::STRING,
+          "license" => Primitives::STRING,
+          "summary" => Primitives::STRING,
+          "version" => Primitives::STRING,
+          "supports" => Primitives.array(Primitives::SUPPORT.ref),
+          "description" => Primitives::STRING,
+          "inspec_version" => Primitives::STRING,
+
+          # These are generated at runtime, and all except skip_message are guaranteed
+          "sha256" => Primitives::STRING,
+          "status" => Primitives::STRING,
+          "skip_message" => Primitives::STRING, # If skipped, why
+          "controls" => Primitives.array(CONTROL.ref),
+          "groups" => Primitives.array(Primitives::CONTROL_GROUP.ref),
+          "attributes" => Primitives.array(Primitives::INPUT),
+        },
+      }, [CONTROL, Primitives::CONTROL_GROUP, Primitives::DEPENDENCY, Primitives::SUPPORT])
+
+      # Result of exec json. Top level value
+      # TODO: Include the format of top level controls. This was omitted for lack of sufficient examples
+      OUTPUT = Primitives::SchemaType.new("Exec JSON Output", {
+        "type" => "object",
+        "additionalProperties" => true,
+        "required" => %w{platform profiles statistics version},
+        "properties" => {
+          "platform" => Primitives::PLATFORM.ref,
+          "profiles" => Primitives.array(PROFILE.ref),
+          "statistics" => Primitives::STATISTICS.ref,
+          "version" => Primitives::STRING,
+        },
+      }, [Primitives::PLATFORM, PROFILE, Primitives::STATISTICS])
+    end
+  end
+end

data/lib/inspec/schema/exec_json_min.rb

@@ -0,0 +1,40 @@
+require "inspec/schema/primitives"
+
+# These type occur only when running "exec --reporter json-min <file>".
+
+module Inspec
+  module Schema
+    module ExecJsonMin
+      # Represents a subset of the information about a control, designed for conciseness
+      CONTROL = Primitives::SchemaType.new("Exec JSON-MIN Control", {
+        "type" => "object",
+        "additionalProperties" => true,
+        "required" => %w{id profile_id profile_sha256 status code_desc},
+        "properties" => {
+          "id" => Primitives::STRING,
+          "profile_id" => { "type" => %w{string null} },
+          "profile_sha256" => Primitives::STRING,
+          "status" => Primitives::STRING,
+          "code_desc" => Primitives::STRING,
+          "skip_message" => Primitives::STRING,
+          "resource" => Primitives::STRING,
+          "message" => Primitives::STRING,
+          "exception" => Primitives::STRING,
+          "backtrace" => Primitives.array(Primitives::STRING),
+        },
+      }, [])
+
+      # Result of exec jsonmin. Top level value
+      OUTPUT = Primitives::SchemaType.new("Exec JSON-MIN output", {
+        "type" => "object",
+        "additionalProperties" => true,
+        "required" => %w{statistics controls version},
+        "properties" => {
+          "statistics" => Primitives::STATISTICS.ref,
+          "version" => Primitives::STRING,
+          "controls" => Primitives.array(CONTROL.ref),
+        },
+      }, [Primitives::STATISTICS, CONTROL])
+    end
+  end
+end

data/lib/inspec/schema/output_schema.rb

@@ -0,0 +1,53 @@
+require "json"
+require "inspec/schema/primitives"
+require "inspec/schema/exec_json"
+require "inspec/schema/exec_json_min"
+require "inspec/schema/profile_json"
+
+module Inspec
+  module Schema
+    module OutputSchema
+      # Build our definitions
+      def self.build_definitions(schema_type)
+        {
+          "definitions" => schema_type.all_depends.map { |t| [t.ref_name, t.body] }.to_h,
+        }
+      end
+
+      # Helper function to automatically bundle a type with its dependencies
+      def self.finalize(schema_type)
+        schema_type.body.merge(OutputSchema.build_definitions(schema_type))
+      end
+
+      # using a proc here so we can lazy load it when we need
+      PLATFORMS = lambda do
+        require "train"
+        Train.create("mock").connection
+        Train::Platforms.export
+      end
+
+      LIST = {
+        "profile-json" => OutputSchema.finalize(Schema::ProfileJson::PROFILE),
+        "exec-json" => OutputSchema.finalize(Schema::ExecJson::OUTPUT),
+        "exec-jsonmin" => OutputSchema.finalize(Schema::ExecJsonMin::OUTPUT),
+        "platforms" => PLATFORMS,
+      }.freeze
+
+      def self.names
+        LIST.keys
+      end
+
+      def self.json(name)
+        if !LIST.key?(name)
+          raise("Cannot find schema #{name.inspect}.")
+        elsif LIST[name].is_a?(Proc)
+          v = LIST[name].call
+        else
+          v = LIST[name]
+        end
+
+        JSON.dump(v)
+      end
+    end
+  end
+end

data/lib/inspec/schema/primitives.rb

@@ -0,0 +1,266 @@
+require "set"
+
+# These elements are shared between more than one output type
+
+module Inspec
+  module Schema
+    module Primitives
+      ######################### Establish simple helpers for this schema ########################################
+      # Use this function to easily make described types
+      def self.desc(obj, description)
+        obj.merge({ "description" => description })
+      end
+
+      # Use this function to easily make an array of a type
+      def self.array(of_type)
+        {
+          "type" => "array",
+          "items" => of_type,
+        }
+      end
+
+      # This function performs some simple validation on schemas, to catch obvious missed requirements
+      def self.validate_schema(schema)
+        return if schema["type"] != "object"
+        raise "Objects in schema must have a \"required\" property, even if it is empty." unless schema.key?("required")
+
+        return if schema["required"].empty?
+        raise "An object with required properties must have a properties hash." unless schema.key?("properties")
+
+        return if Set.new(schema["required"]) <= Set.new(schema["properties"].keys)
+
+        raise "Not all required properties are present."
+      end
+
+      # Use this class to quickly add/use object types to/in a definition block
+      class SchemaType
+        attr_accessor :name, :depends
+        def initialize(name, body, dependencies)
+          # Validate the schema
+          Primitives.validate_schema(body)
+          # The title of the type
+          @name = name
+          # The body of the type
+          @body = body
+          # What SchemaType[]s it depends on. In essence, any thing that you .ref in the body
+          @depends = Set.new(dependencies)
+        end
+
+        # Produce this schema types generated body.
+        # Use to actually define the ref!
+        def body
+          @body.merge({
+              "title" => @name,
+          })
+        end
+
+        # Formats this to have a JSON pointer compatible title
+        def ref_name
+          @name.gsub(/\s+/, "_")
+        end
+
+        # Yields this type as a json schema ref
+        def ref
+          { "$ref" => "#/definitions/#{ref_name}" }
+        end
+
+        # Recursively acquire all depends for this schema. Return them sorted by name
+        def all_depends
+          result = @depends
+          # Fetch all from children
+          @depends.each do |nested_type|
+            # Yes, converting back to set here does some duplicate sorting.
+            # But here, performance really isn't our concern.
+            result += Set.new(nested_type.all_depends)
+          end
+          # Return the results as a sorted array
+          Array(result).sort_by(&:name)
+        end
+      end
+
+      ######################### Establish basic type shorthands for this schema ########################################
+      # These three are essentially primitives, used as shorthand
+      OBJECT = { "type" => "object", "additionalProperties" => true }.freeze
+      NUMBER = { "type" => "number" }.freeze
+      STRING = { "type" => "string" }.freeze
+      NULL = { "type" => "null" }.freeze
+
+      # We might eventually enforce string format stuff on this
+      URL = { "type" => "string" }.freeze
+
+      # A controls tags can have any number of properties, and any sorts of values
+      TAGS = { "type" => "object", "additionalProperties" => true }.freeze
+
+      # Attributes/Inputs specify the inputs to a profile.
+      INPUT = { "type" => "object", "additionalProperties" => true }.freeze
+
+      # Within a control file, impacts can be numeric 0-1 or string in [none,low,medium,high,critical]
+      # However, when they are output, the string types are automatically converted as follows:
+      # none      -> 0    to 0.01
+      # low       -> 0.01 to 0.4
+      # medium    -> 0.4  to 0.7
+      # high      -> 0.7  to 0.9
+      # Critical  -> 0.9  to 1.0 (inclusive)
+      IMPACT = {
+        "type" => "number",
+        "minimum" => 0.0,
+        "maximum" => 1.0,
+      }.freeze
+
+      # A status for a control
+      STATUS = {
+        "type" => "string",
+        "enum" => %w{passed failed skipped error},
+      }.freeze
+
+      ######################### Establish inspec types common to several schemas helpers for this schema #######################################
+
+      # We use "title" to name the type.
+      # and "description" (via the describe function) to describe its particular usage
+      # Summary item containing run statistics about a subset of the controls
+      STATISTIC_ITEM = SchemaType.new("Statistic Block", {
+        "type" => "object",
+        "additionalProperties" => true,
+        "required" => ["total"],
+        "properties" => {
+          "total" => desc(NUMBER, "Total number of controls (in this category) for this inspec execution."),
+        },
+      }, [])
+
+      # Bundles several results statistics, representing distinct groups of controls
+      STATISTIC_GROUPING = SchemaType.new("Statistic Hash", {
+        "type" => "object",
+        "additionalProperties" => true,
+        "required" => [],
+        "properties" => {
+            "passed" => STATISTIC_ITEM.ref,
+            "skipped" => STATISTIC_ITEM.ref,
+            "failed" => STATISTIC_ITEM.ref,
+        },
+      }, [STATISTIC_ITEM])
+
+      # Contains statistics of an exec run.
+      STATISTICS = SchemaType.new("Statistics", {
+        "type" => "object",
+        "additionalProperties" => true,
+        "required" => ["duration"],
+        "properties" => {
+          "duration" => desc(NUMBER, "How long (in seconds) this inspec exec ran for."),
+          "controls" => desc(STATISTIC_GROUPING.ref, "Breakdowns of control statistics by result"),
+        },
+      }, [STATISTIC_GROUPING])
+
+      # Profile dependencies
+      DEPENDENCY = SchemaType.new("Dependency", {
+        "type" => "object",
+        "additionalProperties" => true, # Weird stuff shows up here sometimes
+        "required" => [], # Mysteriously even in a run profile we can have no status
+        "properties" => {
+          "name" => STRING,
+          "url" => URL,
+          "branch" => STRING,
+          "path" => STRING,
+          "skip_message" => STRING,
+          "status" => STRING,
+          "git" => URL,
+          "supermarket" => STRING,
+          "compliance" => STRING,
+        },
+      }, [])
+
+      # Represents the platform the test was run on
+      PLATFORM = SchemaType.new("Platform", {
+        "type" => "object",
+        "additionalProperties" => true,
+        "required" => %w{name release},
+        "properties" => {
+          "name" => desc(STRING, "The name of the platform this was run on."),
+          "release" => desc(STRING, "The version of the platform this was run on."),
+          "target_id" => STRING,
+        },
+      }, [])
+
+      # Explains what software ran the inspec profile/made this file. Typically inspec but could in theory be a different software
+      GENERATOR = SchemaType.new("Generator", {
+        "type" => "object",
+        "additionalProperties" => true,
+        "required" => %w{name version},
+        "properties" => {
+          "name" => desc(STRING, "The name of the software that generated this report."),
+          "version" => desc(STRING, "The version of the software that generated this report."),
+        },
+      }, [])
+
+      # Occurs from "exec --reporter json" and "inspec json"
+      # Denotes what file this control comes from, and where within
+      SOURCE_LOCATION = SchemaType.new("Source Location", {
+        "type" => "object",
+        "additionalProperties" => true,
+        "properties" => {
+          "ref" => desc(STRING, "Path to the file that this statement originates from"),
+          "line" => desc(NUMBER, "The line at which this statement is located in the file"),
+        },
+        "required" => %w{ref line},
+      }, [])
+
+      # References an external document
+      REFERENCE = SchemaType.new("Reference", {
+        # Needs at least one of title (ref), url, or uri.
+        "anyOf" => [
+          {
+            "type" => "object",
+            "required" => ["ref"],
+            "properties" => { "ref" => STRING },
+          },
+          {
+            "type" => "object",
+            "required" => ["url"],
+            "properties" => { "url" => STRING },
+          },
+          {
+            "type" => "object",
+            "required" => ["uri"],
+            "properties" => { "uri" => STRING },
+          },
+          # I am of the opinion that this is just an error in the codebase itself. See profiles/wrapper-override to uncover new mysteries!
+          {
+            "type" => "object",
+            "required" => ["ref"],
+            "properties" => { "ref" => array(OBJECT) },
+
+          },
+        ],
+      }, [])
+
+      # Represents a group of controls within a profile/.rb file
+      CONTROL_GROUP = SchemaType.new("Control Group", {
+        "type" => "object",
+        "additionalProperties" => true,
+        "required" => %w{id controls},
+        "properties" => {
+          "id" => desc(STRING, "The unique identifier of the group"),
+          "title" => desc({ type: %w{string null} }, "The name of the group"),
+          "controls" => desc(array(STRING), "The control IDs in this group"),
+        },
+      }, [])
+
+      # Occurs from "inspec exec --reporter json" and "inspec json"
+      # Represents a platfrom or group of platforms that this profile supports
+      SUPPORT = SchemaType.new("Supported Platform", {
+        "type" => "object",
+        "additionalProperties" => true, # NOTE: This should really be false, and inspec should validate profiles to ensure people don't make dumb mistakes like platform_family
+        "required" => [],
+        "properties" => {
+          "platform-family" => STRING,
+          "platform-name" => STRING,
+          "platform" => STRING,
+          "release" => STRING,
+          # os-* supports are being deprecated
+          "os-family" => STRING,
+          "os-name" => STRING,
+        },
+      }, [])
+
+    end
+  end
+end

data/lib/inspec/schema/profile_json.rb

@@ -0,0 +1,60 @@
+require "inspec/schema/primitives"
+
+# These type occur only when running "inspec json <file>".
+
+module Inspec
+  module Schema
+    module ProfileJson
+      # Represents descriptions. Can have any string => string pairing
+      CONTROL_DESCRIPTIONS = Primitives::SchemaType.new("Profile JSON Control Descriptions", {
+        "type" => "object",
+        "aditionalProperties" => Primitives::STRING,
+        "required" => [],
+      }, [])
+
+      # Represents a control that hasn't been run
+      # Differs slightly from a normal control, in that it lacks results, and its descriptions are different
+      CONTROL = Primitives::SchemaType.new("Profile JSON Control", {
+        "type" => "object",
+        "additionalProperties" => true,
+        "required" => %w{id title desc impact tags code},
+        "properties" => {
+          "id" => Primitives.desc(Primitives::STRING, "The ID of this control"),
+          "title" => { "type" => %w{string null} },
+          "desc" => { "type" => %w{string null} },
+          "descriptions" => CONTROL_DESCRIPTIONS.ref,
+          "impact" => Primitives::IMPACT,
+          "refs" => Primitives.array(Primitives::REFERENCE.ref),
+          "tags" => Primitives::TAGS,
+          "code" => Primitives.desc(Primitives::STRING, "The raw source code of the control. Note that if this is an overlay control, it does not include the underlying source code"),
+          "source_location" => Primitives::SOURCE_LOCATION.ref,
+        },
+      }, [CONTROL_DESCRIPTIONS, Primitives::REFERENCE, Primitives::SOURCE_LOCATION])
+
+      # A profile that has not been run.
+      PROFILE = Primitives::SchemaType.new("Profile JSON Profile", {
+        "type" => "object",
+        "additionalProperties" => true, # Anything in the yaml will be put in here. LTTODO: Make this stricter!
+        "required" => %w{name supports controls groups sha256},
+        "properties" => {
+          "name" => Primitives::STRING,
+          "supports" => Primitives.array(Primitives::SUPPORT.ref),
+          "controls" => Primitives.array(CONTROL.ref),
+          "groups" => Primitives.array(Primitives::CONTROL_GROUP.ref),
+          "inputs" => Primitives.array(Primitives::INPUT),
+          "sha256" => Primitives::STRING,
+          "status" => Primitives::STRING,
+          "generator" => Primitives::GENERATOR.ref,
+          "version" => Primitives::STRING,
+
+          # Other properties possible in inspec docs, but that aren"t guaranteed
+          "title" => Primitives::STRING,
+          "maintainer" => Primitives::STRING,
+          "copyright" => Primitives::STRING,
+          "copyright_email" => Primitives::STRING,
+          "depends" => Primitives.array(Primitives::DEPENDENCY.ref), # Can have depends, but NOT a parentprofile
+        },
+      }, [Primitives::SUPPORT, CONTROL, Primitives::CONTROL_GROUP, Primitives::DEPENDENCY, Primitives::GENERATOR])
+    end
+  end
+end

data/lib/inspec/utils/install_context.rb

@@ -0,0 +1,60 @@
+module Inspec
+
+  # Heuristics to determine how InSpec was installed.
+  module InstallContextHelpers
+
+    def guess_install_context
+      # These all work by simple path recognition
+      return "chef-workstation" if chef_workstation_install?
+      return "omnibus" if omnibus_install?
+      return "chefdk" if chefdk_install?
+      return "habitat" if habitat_install?
+
+      # Order matters here - gem mode is easily mistaken for one of the above
+      return "docker" if docker_install?
+      return "rubygem" if rubygem_install?
+
+      return "source" if source_install?
+
+      "unknown"
+    end
+
+    private
+
+    def chef_workstation_install?
+      !!(src_root.start_with?("/opt/chef-workstation") || src_root.start_with?("C:/opscode/chef-workstation"))
+    end
+
+    def chefdk_install?
+      !!(src_root.start_with?("/opt/chef-dk") || src_root.start_with?("C:/opscode/chef-dk"))
+    end
+
+    def docker_install?
+      # Our docker image is based on alpine. This could be easily fooled.
+      !!(rubygem_install? && path_exist?("/etc/alpine-release")) && path_exist?("/.dockerenv")
+    end
+
+    def habitat_install?
+      !!src_root.match(%r{hab/pkgs/chef/inspec/\d+\.\d+\.\d+/\d{14}})
+    end
+
+    def omnibus_install?
+      !!(src_root.start_with?("/opt/inspec") || src_root.start_with?("C:/opscode/inspec"))
+    end
+
+    def rubygem_install?
+      !!src_root.match(%r{gems/inspec-\d+\.\d+\.\d+})
+    end
+
+    def source_install?
+      # These are a couple of examples of dirs removed during packaging
+      %w{habitat test}.all? do |devdir|
+        path_exist?("#{src_root}/#{devdir}")
+      end
+    end
+
+    def path_exist?(path)
+      File.exist? path
+    end
+  end
+end

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "4.18.85".freeze
+  VERSION = "4.18.97".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 4.18.85
+  version: 4.18.97
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-02-06 00:00:00.000000000 Z
+date: 2020-02-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -65,19 +65,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: json-schema
+  name: json_schemer
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.8'
+        version: 0.2.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.8'
+        version: 0.2.1
 - !ruby/object:Gem::Dependency
   name: method_source
   requirement: !ruby/object:Gem::Requirement
@@ -612,6 +612,12 @@ files:
 - lib/inspec/runner_rspec.rb
 - lib/inspec/runtime_profile.rb
 - lib/inspec/schema.rb
+- lib/inspec/schema/README.md
+- lib/inspec/schema/exec_json.rb
+- lib/inspec/schema/exec_json_min.rb
+- lib/inspec/schema/output_schema.rb
+- lib/inspec/schema/primitives.rb
+- lib/inspec/schema/profile_json.rb
 - lib/inspec/secrets.rb
 - lib/inspec/secrets/yaml.rb
 - lib/inspec/shell.rb
@@ -634,6 +640,7 @@ files:
 - lib/inspec/utils/filter_array.rb
 - lib/inspec/utils/find_files.rb
 - lib/inspec/utils/hash.rb
+- lib/inspec/utils/install_context.rb
 - lib/inspec/utils/json_log.rb
 - lib/inspec/utils/modulator.rb
 - lib/inspec/utils/nginx_parser.rb