inspec-core 4.22.8 → 4.22.22

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b909b05a8f7510d2833aee0e464f0ed9cec64409fe5825fc05078c67b01e4a43
4
- data.tar.gz: ee56167e3ab21f7eed5fd938e5728c3f48a7621fe71d1f3294cb4f2991298a79
3
+ metadata.gz: feb9a92b579da111caf36845c7ba22e6d0831233d59c5f6f5de0212aa8ef529c
4
+ data.tar.gz: 945341a0aa073b969ce15e35d058246af5584d3ddfb94a5b7ffbd86cb8162254
5
5
  SHA512:
6
- metadata.gz: 116d85fb0ef947cda4beb31c825cb02e134e2c9130338e062cc4e82d2d58a59e6f7fbdc8df4908759c0d508692efc00dac40550d0ce6ae9da72e904336f1fed6
7
- data.tar.gz: e6208c479f04da18199aec2b1c8dc4c8e101bb08609b32fb9d026f485f69d7e848d62a68a6087171fa38a3486f44777d0ad56c64fe2743195b4cc1abb58f8ad9
6
+ metadata.gz: 148281428e3b5d2855a2c89eccb3a29e4b159933b025049d9852eab4336b9ffb0f267bb48701b208c06fc71ce2c173fe175466622b3ec535ddb4a2692d3d927f
7
+ data.tar.gz: ac2e46f5dc21b7359b76df729d6b47c0f51f1f8bd272872121477204f3422d49028982a39a01df60a4ae796f03ccb41f6a448a994e22e2feb7e4d946b574cc27
data/Gemfile CHANGED
@@ -19,7 +19,7 @@ group :omnibus do
19
19
  end
20
20
 
21
21
  group :test do
22
- gem "chefstyle", "~> 0.13.0"
22
+ gem "chefstyle", "~> 1.2.1"
23
23
  gem "minitest", "~> 5.5"
24
24
  gem "minitest-sprint", "~> 1.0"
25
25
  gem "rake", ">= 10"
@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
17
17
 
18
18
  # the gemfile and gemspec are necessary for appbundler so don't remove it
19
19
  spec.files =
20
- Dir.glob("{{lib,etc}/**/*,README.md,LICENSE,Gemfile,inspec-core.gemspec}")
20
+ Dir.glob("{{lib,etc}/**/*,LICENSE,Gemfile,inspec-core.gemspec}")
21
21
  .grep_v(%r{(?<!inspec-init/templates/profiles/)(aws|azure|gcp)})
22
22
  .grep_v(%r{lib/plugins/.*/test/})
23
23
  .reject { |f| File.directory?(f) }
@@ -43,9 +43,7 @@ Gem::Specification.new do |spec|
43
43
  spec.add_dependency "addressable", "~> 2.4"
44
44
  spec.add_dependency "parslet", "~> 1.5"
45
45
  spec.add_dependency "semverse", "~> 3.0"
46
- spec.add_dependency "htmlentities", "~> 4.3" # TODO: remove when #4853 fixed
47
46
  spec.add_dependency "multipart-post", "~> 2.0"
48
- spec.add_dependency "term-ansicolor", "~> 1.7"
49
47
 
50
48
  spec.add_dependency "train-core", "~> 3.0"
51
49
  end
@@ -5,7 +5,7 @@ module Supermarket
5
5
  class SupermarketCLI < Inspec::BaseCLI
6
6
  namespace "supermarket"
7
7
 
8
- # TODO: find another solution, once https://github.com/erikhuda/thor/issues/261 is fixed
8
+ # TODO: find another solution, once https://github.com/erikhuda/thor/issues/261 is fixed.
9
9
  def self.banner(command, _namespace = nil, _subcommand = false)
10
10
  "#{basename} #{subcommand_prefix} #{command.usage}"
11
11
  end
@@ -60,7 +60,7 @@ module Inspec
60
60
  true
61
61
  end
62
62
 
63
- def self.target_options # rubocop:disable MethodLength
63
+ def self.target_options # rubocop:disable Metrics/MethodLength
64
64
  option :target, aliases: :t, type: :string,
65
65
  desc: "Simple targeting option using URIs, e.g. ssh://user:pass@host:port"
66
66
  option :backend, aliases: :b, type: :string,
@@ -344,7 +344,6 @@ module Inspec
344
344
  cli
345
345
  json
346
346
  json-automate
347
- junit
348
347
  yaml
349
348
  }
350
349
 
@@ -2,7 +2,6 @@ require "inspec/reporters/base"
2
2
  require "inspec/reporters/cli"
3
3
  require "inspec/reporters/json"
4
4
  require "inspec/reporters/json_automate"
5
- require "inspec/reporters/junit"
6
5
  require "inspec/reporters/automate"
7
6
  require "inspec/reporters/yaml"
8
7
 
@@ -20,8 +19,6 @@ module Inspec::Reporters
20
19
  # right to introduce breaking changes to this reporter at any time.
21
20
  when "json-automate"
22
21
  reporter = Inspec::Reporters::JsonAutomate.new(config)
23
- when "junit"
24
- reporter = Inspec::Reporters::Junit.new(config)
25
22
  when "automate"
26
23
  reporter = Inspec::Reporters::Automate.new(config)
27
24
  when "yaml"
@@ -49,14 +49,14 @@ module Inspec::Reporters
49
49
 
50
50
  res = http.request(req)
51
51
  if res.is_a?(Net::HTTPSuccess)
52
- return true
52
+ true
53
53
  else
54
54
  Inspec::Log.error "send_report: POST to #{uri.path} returned: #{res.body}"
55
- return false
55
+ false
56
56
  end
57
57
  rescue => e
58
58
  Inspec::Log.error "send_report: POST to #{uri.path} returned: #{e.message}"
59
- return false
59
+ false
60
60
  end
61
61
  end
62
62
 
@@ -27,7 +27,7 @@ module Inspec::Resources
27
27
  elsif inspec.os.windows?
28
28
  @bridge_provider = WindowsBridge.new(inspec)
29
29
  else
30
- return skip_resource "The `bridge` resource is not supported on your OS yet."
30
+ skip_resource "The `bridge` resource is not supported on your OS yet."
31
31
  end
32
32
  end
33
33
 
@@ -71,7 +71,7 @@ module Inspec::Resources
71
71
 
72
72
  missing_requirements = @host_provider.missing_requirements(protocol)
73
73
  unless missing_requirements.empty?
74
- return skip_resource "The following requirements are not met for this resource: " \
74
+ skip_resource "The following requirements are not met for this resource: " \
75
75
  "#{missing_requirements.join(", ")}"
76
76
  end
77
77
  end
@@ -5,11 +5,15 @@ require "shellwords"
5
5
 
6
6
  module Inspec::Resources
7
7
  class Lines
8
- attr_reader :output
8
+ attr_reader :output, :stdout, :stderr, :exit_status
9
9
 
10
- def initialize(raw, desc)
10
+ def initialize(raw, desc, exit_status)
11
11
  @output = raw
12
12
  @desc = desc
13
+ @exit_status = exit_status
14
+ # backwards compatibility
15
+ @stdout = raw
16
+ @stderr = raw
13
17
  end
14
18
 
15
19
  def lines
@@ -29,7 +33,7 @@ module Inspec::Resources
29
33
  example <<~EXAMPLE
30
34
  sql = mysql_session('my_user','password','host')
31
35
  describe sql.query('show databases like \'test\';') do
32
- its('stdout') { should_not match(/test/) }
36
+ its('output') { should_not match(/test/) }
33
37
  end
34
38
  EXAMPLE
35
39
 
@@ -52,9 +56,9 @@ module Inspec::Resources
52
56
  end
53
57
  out = cmd.stdout + "\n" + cmd.stderr
54
58
  if cmd.exit_status != 0 || out =~ /Can't connect to .* MySQL server/ || out.downcase =~ /^error:.*/
55
- Lines.new(out, "MySQL query with errors: #{q}")
59
+ Lines.new(out, "MySQL query with errors: #{q}", cmd.exit_status)
56
60
  else
57
- Lines.new(cmd.stdout.strip, "MySQL query: #{q}")
61
+ Lines.new(cmd.stdout.strip, "MySQL query: #{q}", cmd.exit_status)
58
62
  end
59
63
  end
60
64
 
@@ -19,7 +19,7 @@ module Inspec::Resources
19
19
  @conf_path = File.join @conf_dir, "postgresql.conf"
20
20
  else
21
21
  @conf_path = nil
22
- return skip_resource "Seems like PostgreSQL is not installed on your system"
22
+ skip_resource "Seems like PostgreSQL is not installed on your system"
23
23
  end
24
24
  end
25
25
 
@@ -0,0 +1,110 @@
1
+ module Inspec::Resources
2
+ class WindowsFirewall < Inspec.resource(1)
3
+ name "windows_firewall"
4
+ supports platform: "windows"
5
+ desc "Check properties of the Windows Firewall for a specific profile."
6
+ example <<~EXAMPLE
7
+ describe windows_firewall("Public") do
8
+ it { should be_enabled }
9
+ its("default_inbound_action") { should_not cmp "NotConfigured" }
10
+ its("num_rules") { should be 19 }
11
+ end
12
+ EXAMPLE
13
+
14
+ def initialize(profile = "Public")
15
+ @profile = profile
16
+ @state = {}
17
+
18
+ load_profile_cmd = load_firewall_profile(profile)
19
+ cmd = inspec.powershell(load_profile_cmd)
20
+
21
+ @state = JSON.load(cmd.stdout) unless cmd.stdout.empty?
22
+ end
23
+
24
+ def to_s
25
+ "Windows Firewall (Profile #{@profile})"
26
+ end
27
+
28
+ def exist?
29
+ !@state.empty?
30
+ end
31
+
32
+ def enabled?
33
+ @state["enabled"]
34
+ end
35
+
36
+ def default_inbound_allowed?
37
+ @state["default_inbound_action"] == "Allow"
38
+ end
39
+
40
+ def default_outbound_allowed?
41
+ @state["default_outbound_action"] == "Allow"
42
+ end
43
+
44
+ # Access to return values from Powershell via `its("PROPERTY")` and `have_PROPERTY "VALUE"`
45
+ def method_missing(method_name, *arguments, &_block)
46
+ property = normalize_for_have_access(method_name)
47
+
48
+ if method_name.to_s.start_with? "has_"
49
+ expected_value = arguments.first
50
+ respond_to_have(property, expected_value)
51
+ else
52
+ access_property(property)
53
+ end
54
+ end
55
+
56
+ def respond_to_missing?(method_name, _include_private = false)
57
+ property = normalize_for_have_access(method_name)
58
+
59
+ @state.key? property
60
+ end
61
+
62
+ private
63
+
64
+ def normalize_for_have_access(property)
65
+ property.to_s
66
+ .delete_prefix("has_")
67
+ .delete_suffix("?")
68
+ end
69
+
70
+ def access_property(property)
71
+ @state[property]
72
+ end
73
+
74
+ def respond_to_have(property, value)
75
+ @state[property] == value
76
+ end
77
+
78
+ def load_firewall_profile(profile_name)
79
+ <<-EOH
80
+ Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M
81
+ $profile = Get-NetFirewallProfile -Name "#{profile_name}"
82
+ $count = @($profile | Get-NetFirewallRule).Count
83
+ ([PSCustomObject]@{
84
+ profile_name = $profile.Name
85
+ profile = $profile.Profile.ToString()
86
+ description = $profile.Description
87
+ enabled = [bool]::Parse($profile.Enabled.ToString())
88
+ default_inbound_action = $profile.DefaultInboundAction.ToString()
89
+ default_outbound_action = $profile.DefaultOutboundAction.ToString()
90
+
91
+ allow_inbound_rules = $profile.AllowInboundRules.ToString()
92
+ allow_local_firewall_rules = $profile.AllowLocalFirewallRules.ToString()
93
+ allow_local_ipsec_rules = $profile.AllowLocalIPsecRules.ToString()
94
+ allow_user_apps = $profile.AllowUserApps.ToString()
95
+ allow_user_ports = $profile.AllowUserPorts.ToString()
96
+ allow_unicast_response_to_multicast = $profile.AllowUnicastResponseToMulticast.ToString()
97
+
98
+ notify_on_listen = $profile.NotifyOnListen.ToString()
99
+ enable_stealth_mode_for_ipsec = $profile.EnableStealthModeForIPsec.ToString()
100
+ log_max_size_kilobytes = $profile.LogMaxSizeKilobytes
101
+ log_allowed = $profile.LogAllowed.ToString()
102
+ log_blocked = $profile.LogBlocked.ToString()
103
+ log_ignored = $profile.LogIgnored.ToString()
104
+
105
+ num_rules = $count
106
+ }) | ConvertTo-Json
107
+ EOH
108
+ end
109
+ end
110
+ end
@@ -0,0 +1,137 @@
1
+ module Inspec::Resources
2
+ class WindowsFirewallRule < Inspec.resource(1)
3
+ name "windows_firewall_rule"
4
+ supports platform: "windows"
5
+ desc "Check properties of a Windows Firewall rule."
6
+ example <<~EXAMPLE
7
+ describe windows_firewall_rule("Name") do
8
+ it { should exist }
9
+ it { should be_enabled }
10
+
11
+ it { should be_outbound}
12
+ it { should be_tcp }
13
+ it { should have_remote_port 80 }
14
+ end
15
+ EXAMPLE
16
+
17
+ def initialize(name)
18
+ @name = name
19
+ @state = {}
20
+
21
+ query = load_firewall_state(name)
22
+ cmd = inspec.powershell(query)
23
+ @state = JSON.load(cmd.stdout) unless cmd.stdout.empty?
24
+ end
25
+
26
+ def to_s
27
+ "Windows Firewall Rule #{@name}"
28
+ end
29
+
30
+ def exist?
31
+ !@state.empty?
32
+ end
33
+
34
+ def enabled?
35
+ @state["enabled"]
36
+ end
37
+
38
+ def allowed?
39
+ @state["action"] == "Allow"
40
+ end
41
+
42
+ def inbound?
43
+ @state["direction"] == "Inbound"
44
+ end
45
+
46
+ def outbound?
47
+ ! inbound?
48
+ end
49
+
50
+ def tcp?
51
+ @state["protocol"] == "TCP"
52
+ end
53
+
54
+ def udp?
55
+ @state["protocol"] == "UDP"
56
+ end
57
+
58
+ def icmp?
59
+ @state["protocol"].start_with? "ICMP"
60
+ end
61
+
62
+ def icmpv4?
63
+ @state["protocol"] == "ICMPv4"
64
+ end
65
+
66
+ def icmpv6?
67
+ @state["protocol"] == "ICMPv6"
68
+ end
69
+
70
+ # Access to return values from Powershell via `its("PROPERTY")` and `have_PROPERTY? "VALUE"`
71
+ def method_missing(method_name, *arguments, &_block)
72
+ property = normalize_for_have_access(method_name)
73
+
74
+ if method_name.to_s.start_with? "has_"
75
+ expected_value = arguments.first
76
+ respond_to_have(property, expected_value)
77
+ else
78
+ access_property(property)
79
+ end
80
+ end
81
+
82
+ def respond_to_missing?(method_name, _include_private = false)
83
+ property = normalize_for_have_access(method_name)
84
+
85
+ @state.key? property
86
+ end
87
+
88
+ private
89
+
90
+ def normalize_for_have_access(property)
91
+ property.to_s
92
+ .delete_prefix("has_")
93
+ .delete_suffix("?")
94
+ end
95
+
96
+ def access_property(property)
97
+ @state[property]
98
+ end
99
+
100
+ def respond_to_have(property, value)
101
+ @state[property] == value
102
+ end
103
+
104
+ # Taken from Chef, but changed `firewall_action` to `action` for consistency
105
+ # @see https://github.com/chef/chef/blob/master/lib/chef/resource/windows_firewall_rule.rb
106
+ def load_firewall_state(rule_name)
107
+ <<-EOH
108
+ Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M
109
+ $rule = Get-NetFirewallRule -Name "#{rule_name}"
110
+ $addressFilter = $rule | Get-NetFirewallAddressFilter
111
+ $portFilter = $rule | Get-NetFirewallPortFilter
112
+ $applicationFilter = $rule | Get-NetFirewallApplicationFilter
113
+ $serviceFilter = $rule | Get-NetFirewallServiceFilter
114
+ $interfaceTypeFilter = $rule | Get-NetFirewallInterfaceTypeFilter
115
+ ([PSCustomObject]@{
116
+ rule_name = $rule.Name
117
+ description = $rule.Description
118
+ displayname = $rule.DisplayName
119
+ group = $rule.Group
120
+ local_address = $addressFilter.LocalAddress
121
+ local_port = $portFilter.LocalPort
122
+ remote_address = $addressFilter.RemoteAddress
123
+ remote_port = $portFilter.RemotePort
124
+ direction = $rule.Direction.ToString()
125
+ protocol = $portFilter.Protocol
126
+ icmp_type = $portFilter.IcmpType
127
+ action = $rule.Action.ToString()
128
+ profile = $rule.Profile.ToString()
129
+ program = $applicationFilter.Program
130
+ service = $serviceFilter.Service
131
+ interface_type = $interfaceTypeFilter.InterfaceType.ToString()
132
+ enabled = [bool]::Parse($rule.Enabled.ToString())
133
+ }) | ConvertTo-Json
134
+ EOH
135
+ end
136
+ end
137
+ end
@@ -84,7 +84,7 @@ module Inspec
84
84
  end
85
85
 
86
86
  # parse device and type
87
- mount_options = { device: mount[0], type: mount[4] }
87
+ mount_options = { device: mount[0], type: mount[4] }
88
88
 
89
89
  if compatibility == false
90
90
  # parse options as array
@@ -1,3 +1,3 @@
1
1
  module Inspec
2
- VERSION = "4.22.8".freeze
2
+ VERSION = "4.22.22".freeze
3
3
  end
@@ -22,7 +22,7 @@ module InspecPlugins
22
22
  # return all compliance profiles available for the user
23
23
  # the user is either specified in the options hash or by default
24
24
  # the username of the account is used that is logged in
25
- def self.profiles(config, profile_filter = nil) # rubocop:disable PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/MethodLength
25
+ def self.profiles(config, profile_filter = nil) # rubocop:disable Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/MethodLength
26
26
  owner = config["owner"] || config["user"]
27
27
 
28
28
  # Chef Compliance
@@ -81,13 +81,13 @@ module InspecPlugins
81
81
  mapped_profiles.select! do |p|
82
82
  (!ver || p["version"] == ver) && (!id || p["name"] == id)
83
83
  end
84
- return msg, mapped_profiles
84
+ [msg, mapped_profiles]
85
85
  when "401"
86
86
  msg = "401 Unauthorized. Please check your token."
87
- return msg, []
87
+ [msg, []]
88
88
  else
89
89
  msg = "An unexpected error occurred (HTTP #{response_code}): #{response.message}"
90
- return msg, []
90
+ [msg, []]
91
91
  end
92
92
  end
93
93
 
@@ -126,7 +126,7 @@ module InspecPlugins
126
126
  desc: "Overwrite existing profile on Server."
127
127
  option :owner, type: :string, required: false,
128
128
  desc: "Owner that should own the profile"
129
- def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, PerceivedComplexity, Metrics/CyclomaticComplexity
129
+ def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity
130
130
  config = InspecPlugins::Compliance::Configuration.new
131
131
  return unless loggedin(config)
132
132
 
@@ -0,0 +1,15 @@
1
+ # junit reporter
2
+
3
+ This is the implementation of the junit XML reporter.
4
+
5
+ ## To Install This Plugin
6
+
7
+ This plugin is included with inspec. There is no need to install it separately.
8
+
9
+ ## What This Plugin Does
10
+
11
+ This reporter generates an XML report in Apache Ant JUnit format.
12
+
13
+ ## Implementation Note
14
+
15
+ This reporter uses the REXML XML generator, but may use more advanced XML systems for testing. This is to keep packaging requirements for CHef InSpec lightweight and free of compiled dependencies.
@@ -0,0 +1,12 @@
1
+ require_relative "inspec-reporter-junit/version"
2
+ module InspecPlugins
3
+ module JUnitReporter
4
+ class Plugin < ::Inspec.plugin(2)
5
+ plugin_name :'inspec-reporter-junit'
6
+ reporter :junit do
7
+ require_relative "inspec-reporter-junit/reporter"
8
+ InspecPlugins::JUnitReporter::Reporter
9
+ end
10
+ end
11
+ end
12
+ end
@@ -1,5 +1,9 @@
1
- module Inspec::Reporters
2
- class Junit < Base
1
+ module InspecPlugins::JUnitReporter
2
+ class Reporter < Inspec.plugin(2, :reporter)
3
+ def self.run_data_schema_constraints
4
+ "~> 0.0"
5
+ end
6
+
3
7
  def render
4
8
  require "rexml/document"
5
9
  xml_output = REXML::Document.new
@@ -8,7 +12,7 @@ module Inspec::Reporters
8
12
  testsuites = REXML::Element.new("testsuites")
9
13
  xml_output.add(testsuites)
10
14
 
11
- run_data[:profiles].each do |profile|
15
+ run_data.profiles.each do |profile|
12
16
  testsuites.add(build_profile_xml(profile))
13
17
  end
14
18
 
@@ -18,20 +22,16 @@ module Inspec::Reporters
18
22
  output(formatter.write(xml_output.root, ""))
19
23
  end
20
24
 
21
- private
22
-
23
25
  def build_profile_xml(profile)
24
26
  profile_xml = REXML::Element.new("testsuite")
25
- profile_xml.add_attribute("name", profile[:name])
27
+ profile_xml.add_attribute("name", profile.name)
26
28
  profile_xml.add_attribute("tests", count_profile_tests(profile))
27
29
  profile_xml.add_attribute("failed", count_profile_failed_tests(profile))
28
30
  profile_xml.add_attribute("failures", count_profile_failed_tests(profile))
29
31
 
30
- profile[:controls].each do |control|
31
- next if control[:results].nil?
32
-
33
- control[:results].each do |result|
34
- profile_xml.add(build_result_xml(profile[:name], control, result))
32
+ profile.controls.each do |control|
33
+ control.results.each do |result|
34
+ profile_xml.add(build_result_xml(profile.name, control, result))
35
35
  end
36
36
  end
37
37
 
@@ -40,16 +40,16 @@ module Inspec::Reporters
40
40
 
41
41
  def build_result_xml(profile_name, control, result)
42
42
  result_xml = REXML::Element.new("testcase")
43
- result_xml.add_attribute("name", result[:code_desc])
44
- result_xml.add_attribute("classname", control[:title].nil? ? "#{profile_name}.Anonymous" : "#{profile_name}.#{control[:id]}")
45
- result_xml.add_attribute("target", run_data[:platform][:target].nil? ? "" : run_data[:platform][:target].to_s)
46
- result_xml.add_attribute("time", result[:run_time])
43
+ result_xml.add_attribute("name", result.code_desc)
44
+ result_xml.add_attribute("classname", control.title.nil? ? "#{profile_name}.Anonymous" : "#{profile_name}.#{control.id}")
45
+ result_xml.add_attribute("target", run_data.platform.target.nil? ? "" : run_data.platform.target.to_s)
46
+ result_xml.add_attribute("time", result.run_time)
47
47
 
48
- if result[:status] == "failed"
48
+ if result.status == "failed"
49
49
  failure_element = REXML::Element.new("failure")
50
50
  failure_element.add_attribute("message", result[:message])
51
51
  result_xml.add(failure_element)
52
- elsif result[:status] == "skipped"
52
+ elsif result.status == "skipped"
53
53
  result_xml.add_element("skipped")
54
54
  end
55
55
 
@@ -57,19 +57,15 @@ module Inspec::Reporters
57
57
  end
58
58
 
59
59
  def count_profile_tests(profile)
60
- profile[:controls].reduce(0) do |acc, elem|
61
- acc + (elem[:results].nil? ? 0 : elem[:results].count)
60
+ profile.controls.reduce(0) do |acc, elem|
61
+ acc + elem.results.count
62
62
  end
63
63
  end
64
64
 
65
65
  def count_profile_failed_tests(profile)
66
- profile[:controls].reduce(0) do |acc, elem|
67
- if elem[:results].nil?
68
- acc
69
- else
70
- acc + elem[:results].reduce(0) do |fail_test_total, test_case|
71
- test_case[:status] == "failed" ? fail_test_total + 1 : fail_test_total
72
- end
66
+ profile.controls.reduce(0) do |acc, elem|
67
+ acc + elem.results.reduce(0) do |fail_test_total, test_case|
68
+ test_case.status == "failed" ? fail_test_total + 1 : fail_test_total
73
69
  end
74
70
  end
75
71
  end
@@ -0,0 +1,5 @@
1
+ module InspecPlugins
2
+ module JUnitReporter
3
+ VERSION = "0.1.0".freeze
4
+ end
5
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.22.8
4
+ version: 4.22.22
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chef InSpec Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-04 00:00:00.000000000 Z
11
+ date: 2020-08-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-telemetry
@@ -320,20 +320,6 @@ dependencies:
320
320
  - - "~>"
321
321
  - !ruby/object:Gem::Version
322
322
  version: '3.0'
323
- - !ruby/object:Gem::Dependency
324
- name: htmlentities
325
- requirement: !ruby/object:Gem::Requirement
326
- requirements:
327
- - - "~>"
328
- - !ruby/object:Gem::Version
329
- version: '4.3'
330
- type: :runtime
331
- prerelease: false
332
- version_requirements: !ruby/object:Gem::Requirement
333
- requirements:
334
- - - "~>"
335
- - !ruby/object:Gem::Version
336
- version: '4.3'
337
323
  - !ruby/object:Gem::Dependency
338
324
  name: multipart-post
339
325
  requirement: !ruby/object:Gem::Requirement
@@ -348,20 +334,6 @@ dependencies:
348
334
  - - "~>"
349
335
  - !ruby/object:Gem::Version
350
336
  version: '2.0'
351
- - !ruby/object:Gem::Dependency
352
- name: term-ansicolor
353
- requirement: !ruby/object:Gem::Requirement
354
- requirements:
355
- - - "~>"
356
- - !ruby/object:Gem::Version
357
- version: '1.7'
358
- type: :runtime
359
- prerelease: false
360
- version_requirements: !ruby/object:Gem::Requirement
361
- requirements:
362
- - - "~>"
363
- - !ruby/object:Gem::Version
364
- version: '1.7'
365
337
  - !ruby/object:Gem::Dependency
366
338
  name: train-core
367
339
  requirement: !ruby/object:Gem::Requirement
@@ -389,7 +361,6 @@ extra_rdoc_files: []
389
361
  files:
390
362
  - Gemfile
391
363
  - LICENSE
392
- - README.md
393
364
  - etc/deprecations.json
394
365
  - etc/plugin_filters.json
395
366
  - inspec-core.gemspec
@@ -489,7 +460,6 @@ files:
489
460
  - lib/inspec/reporters/cli.rb
490
461
  - lib/inspec/reporters/json.rb
491
462
  - lib/inspec/reporters/json_automate.rb
492
- - lib/inspec/reporters/junit.rb
493
463
  - lib/inspec/reporters/yaml.rb
494
464
  - lib/inspec/require_loader.rb
495
465
  - lib/inspec/resource.rb
@@ -607,6 +577,8 @@ files:
607
577
  - lib/inspec/resources/vbscript.rb
608
578
  - lib/inspec/resources/virtualization.rb
609
579
  - lib/inspec/resources/windows_feature.rb
580
+ - lib/inspec/resources/windows_firewall.rb
581
+ - lib/inspec/resources/windows_firewall_rule.rb
610
582
  - lib/inspec/resources/windows_hotfix.rb
611
583
  - lib/inspec/resources/windows_registry_key.rb
612
584
  - lib/inspec/resources/windows_task.rb
@@ -746,6 +718,10 @@ files:
746
718
  - lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min.rb
747
719
  - lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min/reporter.rb
748
720
  - lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min/version.rb
721
+ - lib/plugins/inspec-reporter-junit/README.md
722
+ - lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit.rb
723
+ - lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit/reporter.rb
724
+ - lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit/version.rb
749
725
  - lib/plugins/shared/core_plugin_test_helper.rb
750
726
  - lib/plugins/things-for-train-integration.rb
751
727
  - lib/source_readers/flat.rb
data/README.md DELETED
@@ -1,474 +0,0 @@
1
- # Chef InSpec: Inspect Your Infrastructure
2
-
3
- * **Project State: Active**
4
- * **Issues Response SLA: 14 business days**
5
- * **Pull Request Response SLA: 14 business days**
6
-
7
- For more information on project states and SLAs, see [this documentation](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md).
8
-
9
- [![Slack](https://community-slack.chef.io/badge.svg)](https://community-slack.chef.io/)
10
- [![Build status](https://badge.buildkite.com/bf4c5fdc3858cc9f8c8bab8376e8e40d625ad046df9d4d8619.svg?branch=master)](https://buildkite.com/chef-oss/inspec-inspec-master-verify)
11
- [![Coverage Status](https://coveralls.io/repos/github/inspec/inspec/badge.svg?branch=master)](https://coveralls.io/github/inspec/inspec?branch=master)
12
-
13
- Chef InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.
14
-
15
- ```ruby
16
- # Disallow insecure protocols by testing
17
-
18
- describe package('telnetd') do
19
-   it { should_not be_installed }
20
- end
21
-
22
- describe inetd_conf do
23
-   its("telnet") { should eq nil }
24
- end
25
- ```
26
-
27
- Chef InSpec makes it easy to run your tests wherever you need. More options are found in our [CLI docs](https://www.inspec.io/docs/reference/cli/).
28
-
29
- ```bash
30
- # run test locally
31
- inspec exec test.rb
32
-
33
- # run test on remote host via SSH
34
- inspec exec test.rb -t ssh://user@hostname -i /path/to/key
35
-
36
- # run test on remote host using SSH agent private key authentication. Requires Chef InSpec 1.7.1
37
- inspec exec test.rb -t ssh://user@hostname
38
-
39
- # run test on remote windows host via WinRM
40
- inspec exec test.rb -t winrm://Administrator@windowshost --password 'your-password'
41
-
42
- # run test on remote windows host via WinRM as a domain user
43
- inspec exec test.rb -t winrm://windowshost --user 'UserName@domain' --password 'your-password'
44
-
45
- # run test on docker container
46
- inspec exec test.rb -t docker://container_id
47
- ```
48
-
49
- # Features
50
-
51
- - Built-in Compliance: Compliance no longer occurs at the end of the release cycle
52
- - Targeted Tests: Chef InSpec writes tests that specifically target compliance issues
53
- - Metadata: Includes the metadata required by security and compliance pros
54
- - Easy Testing: Includes a command-line interface to run tests quickly
55
-
56
- ## Installation
57
-
58
- Chef InSpec requires Ruby ( >= 2.4 ).
59
-
60
- Note: Versions of Chef InSpec 4.0 and later require accepting the EULA to use. Please visit the [license acceptance page](https://docs.chef.io/chef_license_accept.html) on the Chef docs site for more information.
61
-
62
- ### Install as package
63
-
64
- The Chef InSpec package is available for MacOS, RedHat, Ubuntu and Windows. Download the latest package at [Chef InSpec Downloads](https://downloads.chef.io/inspec) or install Chef InSpec via script:
65
-
66
- ```
67
- # RedHat, Ubuntu, and macOS
68
- curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P inspec
69
-
70
- # Windows
71
- . { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project inspec
72
- ```
73
-
74
- ### Install it via rubygems.org
75
-
76
- When installing from source, gem dependencies may require ruby build tools to be installed.
77
-
78
- For CentOS/RedHat/Fedora:
79
-
80
- ```bash
81
- yum -y install ruby ruby-devel make gcc gcc-c++
82
- ```
83
-
84
- For Ubuntu:
85
-
86
- ```bash
87
- apt-get -y install ruby ruby-dev gcc g++ make
88
- ```
89
-
90
- To install the `inspec` executable, which requires accepting the [Chef License](https://docs.chef.io/chef_license_accept.html), run:
91
-
92
- ```bash
93
- gem install inspec-bin
94
- ```
95
-
96
- You may also use `inspec` as a library, with no executable. This does not require accepting the license. To install the library as a gem, run:
97
-
98
- ```bash
99
- gem install inspec
100
- ```
101
-
102
-
103
- ### Usage via Docker
104
-
105
- Download the image and define a function for convenience:
106
-
107
- For Linux:
108
-
109
- ```
110
- docker pull chef/inspec
111
- function inspec { docker run -it --rm -v $(pwd):/share chef/inspec "$@"; }
112
- ```
113
-
114
- For Windows (PowerShell):
115
-
116
- ```
117
- docker pull chef/inspec
118
- function inspec { docker run -it --rm -v "$(pwd):/share" chef/inspec $args; }
119
- ```
120
-
121
- If you call `inspec` from your shell, it automatically mounts the current directory into the Docker container. Therefore you can easily use local tests and key files. Note: Only files in the current directory and sub-directories are available within the container.
122
-
123
- ```
124
- $ ls -1
125
- vagrant
126
- test.rb
127
-
128
- $ inspec exec test.rb -t ssh://root@192.168.64.2:11022 -i vagrant
129
- ..
130
-
131
- Finished in 0.04321 seconds (files took 0.54917 seconds to load)
132
- 2 examples, 0 failures
133
- ```
134
-
135
-
136
- ### Install it from source
137
-
138
- Note that installing from OS packages from [the download page](https://downloads.chef.io) is the preferred method.
139
-
140
- That requires [bundler](http://bundler.io/):
141
-
142
- ```bash
143
- bundle install
144
- bundle exec inspec help
145
- ```
146
-
147
- To install it as a gem locally, run:
148
-
149
- ```bash
150
- gem build inspec.gemspec
151
- gem install inspec-*.gem
152
- ```
153
-
154
- On Windows, you need to install [Ruby](http://rubyinstaller.org/downloads/) with [Ruby Development Kit](https://github.com/oneclick/rubyinstaller/wiki/Development-Kit) to build dependencies with its native extensions.
155
-
156
- ### Install via Chef Habitat
157
-
158
- Currently, this method of installation only supports Linux. See the [Chef Habitat site](https://www.habitat.sh/) for more information.
159
-
160
- Download the `hab` binary from the [Chef Habitat](https://www.habitat.sh/docs/get-habitat/) site.
161
-
162
- ```bash
163
- hab pkg install chef/inspec --binlink
164
-
165
- inspec
166
- ```
167
-
168
- ### Run Chef InSpec
169
-
170
- You should now be able to run:
171
-
172
- ```bash
173
- $ inspec --help
174
- Commands:
175
- inspec archive PATH # archive a profile to tar.gz (default) ...
176
- inspec check PATH # verify all tests at the specified PATH
177
- inspec compliance SUBCOMMAND ... # Chef Compliance commands
178
- inspec detect # detect the target OS
179
- inspec exec PATH(S) # run all test files at the specified PATH.
180
- inspec help [COMMAND] # Describe available commands or one spe...
181
- inspec init TEMPLATE ... # Scaffolds a new project
182
- inspec json PATH # read all tests in PATH and generate a ...
183
- inspec shell # open an interactive debugging shell
184
- inspec supermarket SUBCOMMAND ... # Supermarket commands
185
- inspec version # prints the version of this tool
186
-
187
- Options:
188
- [--diagnose], [--no-diagnose] # Show diagnostics (versions, configurations)
189
- ```
190
-
191
- # Examples
192
-
193
- * Only accept requests on secure ports - This test ensures that a web server is only listening on well-secured ports.
194
-
195
- ```ruby
196
- describe port(80) do
197
-   it { should_not be_listening }
198
- end
199
-
200
- describe port(443) do
201
-   it { should be_listening }
202
-   its('protocols') {should include 'tcp'}
203
- end
204
- ```
205
-
206
- * Use approved strong ciphers - This test ensures that only enterprise-compliant ciphers are used for SSH servers.
207
-
208
- ```ruby
209
- describe sshd_config do
210
-    its('Ciphers') { should eq('chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr') }
211
- end
212
- ```
213
-
214
- * Test your `kitchen.yml` file to verify that only Vagrant is configured as the driver. The %w() formatting will
215
- pass rubocop linting and allow you to access nested mappings.
216
-
217
- ```ruby
218
- describe yaml('.kitchen.yml') do
219
- its(%w(driver name)) { should eq('vagrant') }
220
- end
221
- ```
222
-
223
- Also have a look at our examples for:
224
- - [Using Chef InSpec with Test Kitchen & Chef Infra](https://github.com/chef/inspec/tree/master/examples/kitchen-chef)
225
- - [Using Chef InSpec with Test Kitchen & Puppet](https://github.com/chef/inspec/tree/master/examples/kitchen-puppet)
226
- - [Using Chef InSpec with Test Kitchen & Ansible](https://github.com/chef/inspec/tree/master/examples/kitchen-ansible)
227
- - [Implementing an Chef InSpec profile](https://github.com/chef/inspec/tree/master/examples/profile)
228
-
229
- ## Or tests: Testing for a OR b
230
-
231
- * Using describe.one, you can test for a or b. The control will be marked as passing if EITHER condition is met.
232
-
233
- ```ruby
234
- control 'or-test' do
235
- impact 1.0
236
- title 'This is a OR test'
237
- describe.one do
238
- describe ssh_config do
239
- its('Protocol') { should eq('3') }
240
- end
241
- describe ssh_config do
242
- its('Protocol') { should eq('2') }
243
- end
244
- end
245
- end
246
- ```
247
-
248
- ## Command Line Usage
249
-
250
- ### exec
251
-
252
- Run tests against different targets:
253
-
254
- ```bash
255
- # run test locally
256
- inspec exec test.rb
257
-
258
- # run test on remote host on SSH
259
- inspec exec test.rb -t ssh://user@hostname
260
-
261
- # run test on remote windows host on WinRM
262
- inspec exec test.rb -t winrm://Administrator@windowshost --password 'your-password'
263
-
264
- # run test on docker container
265
- inspec exec test.rb -t docker://container_id
266
-
267
- # run with sudo
268
- inspec exec test.rb --sudo [--sudo-password ...] [--sudo-options ...] [--sudo_command ...]
269
-
270
- # run in a subshell
271
- inspec exec test.rb --shell [--shell-options ...] [--shell-command ...]
272
-
273
- # run a profile targeting AWS using env vars
274
- inspec exec test.rb -t aws://
275
-
276
- # or store your AWS credentials in your ~/.aws/credentials profiles file
277
- inspec exec test.rb -t aws://us-east-2/my-profile
278
-
279
- # run a profile targeting Azure using env vars
280
- inspec exec test.rb -t azure://
281
-
282
- # or store your Azure credentials in your ~/.azure/credentials profiles file
283
- inspec exec test.rb -t azure://subscription_id
284
- ```
285
-
286
- ### detect
287
-
288
- Verify your configuration and detect
289
-
290
- ```bash
291
- id=$( docker run -dti ubuntu:14.04 /bin/bash )
292
- inspec detect -t docker://$id
293
- ```
294
-
295
- Which will provide you with:
296
-
297
- ```
298
- {"family":"ubuntu","release":"14.04","arch":null}
299
- ```
300
-
301
- ## Supported OS
302
-
303
- Remote Targets
304
-
305
- | Platform | Versions | Architectures |
306
- | ---------------------------- | ------------------------------------------------ | ------------- |
307
- | AIX | 6.1, 7.1, 7.2 | ppc64 |
308
- | CentOS | 5, 6, 7 | i386, x86_64 |
309
- | Debian | 7, 8, 9 | i386, x86_64 |
310
- | FreeBSD | 9, 10, 11 | i386, amd64 |
311
- | Mac OS X | 10.9, 10.10, 10.11, 10.12, 10.13, 10.14 | x86_64 |
312
- | Oracle Enterprise Linux | 5, 6, 7 | i386, x86_64 |
313
- | Red Hat Enterprise Linux | 5, 6, 7 | i386, x86_64 |
314
- | Solaris | 10, 11 | sparc, x86 |
315
- | Windows\* | 8, 8.1, 10, 2012, 2012R2, 2016 | x86, x86_64 |
316
- | Ubuntu Linux | | x86, x86_64 |
317
- | SUSE Linux Enterprise Server | 11, 12 | x86_64 |
318
- | Scientific Linux | 5.x, 6.x and 7.x | i386, x86_64 |
319
- | Fedora | | x86_64 |
320
- | OpenSUSE | 13, 42 | x86_64 |
321
- | OmniOS | | x86_64 |
322
- | Gentoo Linux | | x86_64 |
323
- | Arch Linux | | x86_64 |
324
- | HP-UX | 11.31 | ia64 |
325
-
326
- \**For Windows, PowerShell 5.0 or above is required.*
327
-
328
- In addition, runtime support is provided for:
329
-
330
- | Platform | Versions | Arch |
331
- | -------- | -------- | ------ |
332
- | Debian | 8, 9 | x86_64 |
333
- | RHEL | 6, 7 | x86_64 |
334
- | Ubuntu | 12.04+ | x86_64 |
335
- | Windows | 8+ | x86_64 |
336
- | Windows | 2012+ | x86_64 |
337
-
338
- ## Documentation
339
-
340
- Documentation
341
-
342
- * https://www.inspec.io/docs/
343
- * https://www.inspec.io/docs/reference/resources/
344
- * https://github.com/chef/inspec/tree/master/docs
345
-
346
- Tutorials/Blogs/Podcasts:
347
-
348
- * https://www.inspec.io/tutorials/
349
-
350
- Relationship to other tools (RSpec, Serverspec):
351
-
352
- * https://www.inspec.io/docs/reference/inspec_and_friends/
353
-
354
- ## Share your Profiles
355
-
356
- You may share your Chef InSpec Profiles in the [Tools &amp; Plugins section](https://supermarket.chef.io/tools-directory) of the [Chef Supermarket](https://supermarket.chef.io/). [Sign in](https://supermarket.chef.io/sign-in) and [add the details of your profile](https://supermarket.chef.io/tools/new).
357
-
358
- You may also [browse the Supermarket for shared Compliance Profiles](https://supermarket.chef.io/tools?type=compliance_profile).
359
-
360
- ## Kudos
361
-
362
- Chef InSpec is inspired by the wonderful [Serverspec](http://serverspec.org) project. Kudos to [mizzy](https://github.com/mizzy) and [all contributors](https://github.com/mizzy/serverspec/graphs/contributors)!
363
-
364
- The AWS resources were inspired by [inspec-aws](https://github.com/arothian/inspec-aws) from [arothian](https://github.com/arothian).
365
-
366
- ## Contribute
367
-
368
- 1. Fork it
369
- 1. Create your feature branch (git checkout -b my-new-feature)
370
- 1. Commit your changes (git commit -am 'Add some feature')
371
- 1. Push to the branch (git push origin my-new-feature)
372
- 1. Create new Pull Request
373
-
374
- The Chef InSpec community and maintainers are very active and helpful. This project benefits greatly from this activity.
375
-
376
- If you'd like to chat with the community and maintainers directly join us in the `#inspec` channel on the [Chef Community Slack](http://community-slack.chef.io/).
377
-
378
- As a reminder, all participants are expected to follow the [Code of Conduct](https://github.com/inspec/inspec/blob/master/CODE_OF_CONDUCT.md).
379
-
380
- [![Slack](https://community-slack.chef.io/badge.svg)](https://community-slack.chef.io/)
381
-
382
- ## Testing Chef InSpec
383
-
384
- We offer `unit`, `integration`, and `aws` tests.
385
-
386
- - `unit` tests ensure the intended behaviour of the implementation
387
- - `integration` tests run against Docker-based VMs via test-kitchen and [kitchen-inspec](https://github.com/chef/kitchen-inspec)
388
- - `aws` tests exercise the AWS resources against real AWS accounts
389
-
390
- ### Unit tests
391
-
392
- ```bash
393
- bundle exec rake test
394
- ```
395
-
396
- If you like to run only one test file:
397
-
398
- ```bash
399
- bundle exec m test/unit/resources/user_test.rb
400
- ```
401
-
402
- You may also run a single test within a file by line number:
403
-
404
- ```bash
405
- bundle exec m test/unit/resources/user_test.rb -l 123
406
- ```
407
-
408
- ### Integration tests
409
-
410
- These tests download various virtual machines, to ensure Chef InSpec is working as expected across different operating systems.
411
-
412
- These tests require the following gems:
413
-
414
- - test-kitchen
415
- - kitchen-dokken
416
- - kitchen-inspec
417
-
418
- These gems are provided via the `integration` group in the project's Gemfile.
419
-
420
- In addition, these test require Docker to be available on your machine or a remote Docker machine configured via the standard Docker environment variables.
421
-
422
- #### Running Integration tests
423
-
424
- List the various test instances available:
425
-
426
- ```bash
427
- bundle exec kitchen list
428
- ```
429
-
430
- The platforms and test suites are configured in the `.kitchen.yml` file. Once you know which instance you wish to test, test that instance:
431
-
432
- ```bash
433
- bundle exec kitchen test <INSTANCE_NAME>
434
- ```
435
-
436
- You may test all instances in parallel with:
437
-
438
- ```bash
439
- bundle exec kitchen test -c
440
- ```
441
-
442
- ### AWS Tests
443
-
444
- Use the rake task `bundle exec rake test:aws` to test the AWS resources against a pair of real AWS accounts.
445
-
446
- Please see [TESTING_AGAINST_AWS.md](./test/integration/aws/TESTING_AGAINST_AWS.md) for details on how to setup the needed AWS accounts to perform testing.
447
-
448
- ### Azure Tests
449
-
450
- Use the rake task `bundle exec rake test:azure` to test the Azure resources against an Azure account.
451
-
452
- Please see [TESTING_AGAINST_AZURE.md](./test/integration/azure/TESTING_AGAINST_AZURE.md) for details on how to setup the needed Azure accounts to perform testing.
453
-
454
- ## License
455
-
456
- | | |
457
- | -------------- | ----------------------------------------- |
458
- | **Author:** | Dominik Richter (<drichter@chef.io>) |
459
- | **Author:** | Christoph Hartmann (<chartmann@chef.io>) |
460
- | **Copyright:** | Copyright (c) 2015 Vulcano Security GmbH. |
461
- | **Copyright:** | Copyright (c) 2017-2018 Chef Software Inc.|
462
- | **License:** | Apache License, Version 2.0 |
463
-
464
- Licensed under the Apache License, Version 2.0 (the "License");
465
- you may not use this file except in compliance with the License.
466
- You may obtain a copy of the License at
467
-
468
- http://www.apache.org/licenses/LICENSE-2.0
469
-
470
- Unless required by applicable law or agreed to in writing, software
471
- distributed under the License is distributed on an "AS IS" BASIS,
472
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
473
- See the License for the specific language governing permissions and
474
- limitations under the License.