inspec-core 4.22.8 → 4.22.22

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b909b05a8f7510d2833aee0e464f0ed9cec64409fe5825fc05078c67b01e4a43
-  data.tar.gz: ee56167e3ab21f7eed5fd938e5728c3f48a7621fe71d1f3294cb4f2991298a79
+  metadata.gz: feb9a92b579da111caf36845c7ba22e6d0831233d59c5f6f5de0212aa8ef529c
+  data.tar.gz: 945341a0aa073b969ce15e35d058246af5584d3ddfb94a5b7ffbd86cb8162254
 SHA512:
-  metadata.gz: 116d85fb0ef947cda4beb31c825cb02e134e2c9130338e062cc4e82d2d58a59e6f7fbdc8df4908759c0d508692efc00dac40550d0ce6ae9da72e904336f1fed6
-  data.tar.gz: e6208c479f04da18199aec2b1c8dc4c8e101bb08609b32fb9d026f485f69d7e848d62a68a6087171fa38a3486f44777d0ad56c64fe2743195b4cc1abb58f8ad9
+  metadata.gz: 148281428e3b5d2855a2c89eccb3a29e4b159933b025049d9852eab4336b9ffb0f267bb48701b208c06fc71ce2c173fe175466622b3ec535ddb4a2692d3d927f
+  data.tar.gz: ac2e46f5dc21b7359b76df729d6b47c0f51f1f8bd272872121477204f3422d49028982a39a01df60a4ae796f03ccb41f6a448a994e22e2feb7e4d946b574cc27

data/Gemfile

@@ -19,7 +19,7 @@ group :omnibus do
 end
 
 group :test do
-  gem "chefstyle", "~> 0.13.0"
+  gem "chefstyle", "~> 1.2.1"
   gem "minitest", "~> 5.5"
   gem "minitest-sprint", "~> 1.0"
   gem "rake", ">= 10"

data/inspec-core.gemspec

@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
 
   # the gemfile and gemspec are necessary for appbundler so don't remove it
   spec.files =
-    Dir.glob("{{lib,etc}/**/*,README.md,LICENSE,Gemfile,inspec-core.gemspec}")
+    Dir.glob("{{lib,etc}/**/*,LICENSE,Gemfile,inspec-core.gemspec}")
       .grep_v(%r{(?<!inspec-init/templates/profiles/)(aws|azure|gcp)})
       .grep_v(%r{lib/plugins/.*/test/})
       .reject { |f| File.directory?(f) }
@@ -43,9 +43,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "addressable",        "~> 2.4"
   spec.add_dependency "parslet",            "~> 1.5"
   spec.add_dependency "semverse",           "~> 3.0"
-  spec.add_dependency "htmlentities",       "~> 4.3" # TODO: remove when #4853 fixed
   spec.add_dependency "multipart-post",     "~> 2.0"
-  spec.add_dependency "term-ansicolor",     "~> 1.7"
 
   spec.add_dependency "train-core", "~> 3.0"
 end

data/lib/bundles/inspec-supermarket/cli.rb

@@ -5,7 +5,7 @@ module Supermarket
   class SupermarketCLI < Inspec::BaseCLI
     namespace "supermarket"
 
-    # TODO: find another solution, once https://github.com/erikhuda/thor/issues/261 is fixed
+    # TODO: find another solution, once https://github.com/erikhuda/thor/issues/261 is fixed.
     def self.banner(command, _namespace = nil, _subcommand = false)
       "#{basename} #{subcommand_prefix} #{command.usage}"
     end

data/lib/inspec/base_cli.rb

@@ -60,7 +60,7 @@ module Inspec
       true
     end
 
-    def self.target_options # rubocop:disable MethodLength
+    def self.target_options # rubocop:disable Metrics/MethodLength
       option :target, aliases: :t, type: :string,
         desc: "Simple targeting option using URIs, e.g. ssh://user:pass@host:port"
       option :backend, aliases: :b, type: :string,

data/lib/inspec/config.rb

@@ -344,7 +344,6 @@ module Inspec
         cli
         json
         json-automate
-        junit
         yaml
       }
 

data/lib/inspec/reporters.rb

@@ -2,7 +2,6 @@ require "inspec/reporters/base"
 require "inspec/reporters/cli"
 require "inspec/reporters/json"
 require "inspec/reporters/json_automate"
-require "inspec/reporters/junit"
 require "inspec/reporters/automate"
 require "inspec/reporters/yaml"
 
@@ -20,8 +19,6 @@ module Inspec::Reporters
     # right to introduce breaking changes to this reporter at any time.
     when "json-automate"
       reporter = Inspec::Reporters::JsonAutomate.new(config)
-    when "junit"
-      reporter = Inspec::Reporters::Junit.new(config)
     when "automate"
       reporter = Inspec::Reporters::Automate.new(config)
     when "yaml"

data/lib/inspec/reporters/automate.rb

@@ -49,14 +49,14 @@ module Inspec::Reporters
 
         res = http.request(req)
         if res.is_a?(Net::HTTPSuccess)
-          return true
+          true
         else
           Inspec::Log.error "send_report: POST to #{uri.path} returned: #{res.body}"
-          return false
+          false
         end
       rescue => e
         Inspec::Log.error "send_report: POST to #{uri.path} returned: #{e.message}"
-        return false
+        false
       end
     end
 

data/lib/inspec/resources/bridge.rb

@@ -27,7 +27,7 @@ module Inspec::Resources
       elsif inspec.os.windows?
         @bridge_provider = WindowsBridge.new(inspec)
       else
-        return skip_resource "The `bridge` resource is not supported on your OS yet."
+        skip_resource "The `bridge` resource is not supported on your OS yet."
       end
     end
 

data/lib/inspec/resources/host.rb

@@ -71,7 +71,7 @@ module Inspec::Resources
 
       missing_requirements = @host_provider.missing_requirements(protocol)
       unless missing_requirements.empty?
-        return skip_resource "The following requirements are not met for this resource: " \
+        skip_resource "The following requirements are not met for this resource: " \
           "#{missing_requirements.join(", ")}"
       end
     end

data/lib/inspec/resources/mysql_session.rb

@@ -5,11 +5,15 @@ require "shellwords"
 
 module Inspec::Resources
   class Lines
-    attr_reader :output
+    attr_reader :output, :stdout, :stderr, :exit_status
 
-    def initialize(raw, desc)
+    def initialize(raw, desc, exit_status)
       @output = raw
       @desc = desc
+      @exit_status = exit_status
+      # backwards compatibility
+      @stdout = raw
+      @stderr = raw
     end
 
     def lines
@@ -29,7 +33,7 @@ module Inspec::Resources
     example <<~EXAMPLE
       sql = mysql_session('my_user','password','host')
       describe sql.query('show databases like \'test\';') do
-        its('stdout') { should_not match(/test/) }
+        its('output') { should_not match(/test/) }
       end
     EXAMPLE
 
@@ -52,9 +56,9 @@ module Inspec::Resources
             end
       out = cmd.stdout + "\n" + cmd.stderr
       if cmd.exit_status != 0 || out =~ /Can't connect to .* MySQL server/ || out.downcase =~ /^error:.*/
-        Lines.new(out, "MySQL query with errors: #{q}")
+        Lines.new(out, "MySQL query with errors: #{q}", cmd.exit_status)
       else
-        Lines.new(cmd.stdout.strip, "MySQL query: #{q}")
+        Lines.new(cmd.stdout.strip, "MySQL query: #{q}", cmd.exit_status)
       end
     end
 

data/lib/inspec/resources/postgres.rb

@@ -19,7 +19,7 @@ module Inspec::Resources
         @conf_path = File.join @conf_dir, "postgresql.conf"
       else
         @conf_path = nil
-        return skip_resource "Seems like PostgreSQL is not installed on your system"
+        skip_resource "Seems like PostgreSQL is not installed on your system"
       end
     end
 

data/lib/inspec/resources/windows_firewall.rb

@@ -0,0 +1,110 @@
+module Inspec::Resources
+  class WindowsFirewall < Inspec.resource(1)
+    name "windows_firewall"
+    supports platform: "windows"
+    desc "Check properties of the Windows Firewall for a specific profile."
+    example <<~EXAMPLE
+      describe windows_firewall("Public") do
+        it { should be_enabled }
+        its("default_inbound_action") { should_not cmp "NotConfigured" }
+        its("num_rules") { should be 19 }
+      end
+    EXAMPLE
+
+    def initialize(profile = "Public")
+      @profile = profile
+      @state = {}
+
+      load_profile_cmd = load_firewall_profile(profile)
+      cmd = inspec.powershell(load_profile_cmd)
+
+      @state = JSON.load(cmd.stdout) unless cmd.stdout.empty?
+    end
+
+    def to_s
+      "Windows Firewall (Profile #{@profile})"
+    end
+
+    def exist?
+      !@state.empty?
+    end
+
+    def enabled?
+      @state["enabled"]
+    end
+
+    def default_inbound_allowed?
+      @state["default_inbound_action"] == "Allow"
+    end
+
+    def default_outbound_allowed?
+      @state["default_outbound_action"] == "Allow"
+    end
+
+    # Access to return values from Powershell via `its("PROPERTY")` and `have_PROPERTY "VALUE"`
+    def method_missing(method_name, *arguments, &_block)
+      property = normalize_for_have_access(method_name)
+
+      if method_name.to_s.start_with? "has_"
+        expected_value = arguments.first
+        respond_to_have(property, expected_value)
+      else
+        access_property(property)
+      end
+    end
+
+    def respond_to_missing?(method_name, _include_private = false)
+      property = normalize_for_have_access(method_name)
+
+      @state.key? property
+    end
+
+    private
+
+    def normalize_for_have_access(property)
+      property.to_s
+        .delete_prefix("has_")
+        .delete_suffix("?")
+    end
+
+    def access_property(property)
+      @state[property]
+    end
+
+    def respond_to_have(property, value)
+      @state[property] == value
+    end
+
+    def load_firewall_profile(profile_name)
+      <<-EOH
+        Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M
+        $profile = Get-NetFirewallProfile -Name "#{profile_name}"
+        $count = @($profile | Get-NetFirewallRule).Count
+        ([PSCustomObject]@{
+          profile_name = $profile.Name
+          profile = $profile.Profile.ToString()
+          description = $profile.Description
+          enabled = [bool]::Parse($profile.Enabled.ToString())
+          default_inbound_action = $profile.DefaultInboundAction.ToString()
+          default_outbound_action = $profile.DefaultOutboundAction.ToString()
+
+          allow_inbound_rules = $profile.AllowInboundRules.ToString()
+          allow_local_firewall_rules = $profile.AllowLocalFirewallRules.ToString()
+          allow_local_ipsec_rules = $profile.AllowLocalIPsecRules.ToString()
+          allow_user_apps = $profile.AllowUserApps.ToString()
+          allow_user_ports = $profile.AllowUserPorts.ToString()
+          allow_unicast_response_to_multicast = $profile.AllowUnicastResponseToMulticast.ToString()
+
+          notify_on_listen = $profile.NotifyOnListen.ToString()
+          enable_stealth_mode_for_ipsec = $profile.EnableStealthModeForIPsec.ToString()
+          log_max_size_kilobytes = $profile.LogMaxSizeKilobytes
+          log_allowed = $profile.LogAllowed.ToString()
+          log_blocked = $profile.LogBlocked.ToString()
+          log_ignored = $profile.LogIgnored.ToString()
+
+          num_rules = $count
+        }) | ConvertTo-Json
+      EOH
+    end
+  end
+end

data/lib/inspec/resources/windows_firewall_rule.rb

@@ -0,0 +1,137 @@
+module Inspec::Resources
+  class WindowsFirewallRule < Inspec.resource(1)
+    name "windows_firewall_rule"
+    supports platform: "windows"
+    desc "Check properties of a Windows Firewall rule."
+    example <<~EXAMPLE
+      describe windows_firewall_rule("Name") do
+        it { should exist }
+        it { should be_enabled }
+
+        it { should be_outbound}
+        it { should be_tcp }
+        it { should have_remote_port 80 }
+      end
+    EXAMPLE
+
+    def initialize(name)
+      @name = name
+      @state = {}
+
+      query = load_firewall_state(name)
+      cmd = inspec.powershell(query)
+      @state = JSON.load(cmd.stdout) unless cmd.stdout.empty?
+    end
+
+    def to_s
+      "Windows Firewall Rule #{@name}"
+    end
+
+    def exist?
+      !@state.empty?
+    end
+
+    def enabled?
+      @state["enabled"]
+    end
+
+    def allowed?
+      @state["action"] == "Allow"
+    end
+
+    def inbound?
+      @state["direction"] == "Inbound"
+    end
+
+    def outbound?
+      ! inbound?
+    end
+
+    def tcp?
+      @state["protocol"] == "TCP"
+    end
+
+    def udp?
+      @state["protocol"] == "UDP"
+    end
+
+    def icmp?
+      @state["protocol"].start_with? "ICMP"
+    end
+
+    def icmpv4?
+      @state["protocol"] == "ICMPv4"
+    end
+
+    def icmpv6?
+      @state["protocol"] == "ICMPv6"
+    end
+
+    # Access to return values from Powershell via `its("PROPERTY")` and `have_PROPERTY? "VALUE"`
+    def method_missing(method_name, *arguments, &_block)
+      property = normalize_for_have_access(method_name)
+
+      if method_name.to_s.start_with? "has_"
+        expected_value = arguments.first
+        respond_to_have(property, expected_value)
+      else
+        access_property(property)
+      end
+    end
+
+    def respond_to_missing?(method_name, _include_private = false)
+      property = normalize_for_have_access(method_name)
+
+      @state.key? property
+    end
+
+    private
+
+    def normalize_for_have_access(property)
+      property.to_s
+        .delete_prefix("has_")
+        .delete_suffix("?")
+    end
+
+    def access_property(property)
+      @state[property]
+    end
+
+    def respond_to_have(property, value)
+      @state[property] == value
+    end
+
+    # Taken from Chef, but changed `firewall_action` to `action` for consistency
+    # @see https://github.com/chef/chef/blob/master/lib/chef/resource/windows_firewall_rule.rb
+    def load_firewall_state(rule_name)
+      <<-EOH
+        Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M
+        $rule = Get-NetFirewallRule -Name "#{rule_name}"
+        $addressFilter = $rule | Get-NetFirewallAddressFilter
+        $portFilter = $rule | Get-NetFirewallPortFilter
+        $applicationFilter = $rule | Get-NetFirewallApplicationFilter
+        $serviceFilter = $rule | Get-NetFirewallServiceFilter
+        $interfaceTypeFilter = $rule | Get-NetFirewallInterfaceTypeFilter
+        ([PSCustomObject]@{
+          rule_name = $rule.Name
+          description = $rule.Description
+          displayname = $rule.DisplayName
+          group = $rule.Group
+          local_address = $addressFilter.LocalAddress
+          local_port = $portFilter.LocalPort
+          remote_address = $addressFilter.RemoteAddress
+          remote_port = $portFilter.RemotePort
+          direction = $rule.Direction.ToString()
+          protocol = $portFilter.Protocol
+          icmp_type = $portFilter.IcmpType
+          action = $rule.Action.ToString()
+          profile = $rule.Profile.ToString()
+          program = $applicationFilter.Program
+          service = $serviceFilter.Service
+          interface_type = $interfaceTypeFilter.InterfaceType.ToString()
+          enabled = [bool]::Parse($rule.Enabled.ToString())
+        }) | ConvertTo-Json
+      EOH
+    end
+  end
+end

data/lib/inspec/utils/parser.rb

@@ -84,7 +84,7 @@ module Inspec
         end
 
         # parse device and type
-        mount_options    = { device: mount[0], type: mount[4] }
+        mount_options = { device: mount[0], type: mount[4] }
 
         if compatibility == false
           # parse options as array

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "4.22.8".freeze
+  VERSION = "4.22.22".freeze
 end

data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb

@@ -22,7 +22,7 @@ module InspecPlugins
       # return all compliance profiles available for the user
       # the user is either specified in the options hash or by default
       # the username of the account is used that is logged in
-      def self.profiles(config, profile_filter = nil) # rubocop:disable PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/MethodLength
+      def self.profiles(config, profile_filter = nil) # rubocop:disable Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/MethodLength
         owner = config["owner"] || config["user"]
 
         # Chef Compliance
@@ -81,13 +81,13 @@ module InspecPlugins
           mapped_profiles.select! do |p|
             (!ver || p["version"] == ver) && (!id || p["name"] == id)
           end
-          return msg, mapped_profiles
+          [msg, mapped_profiles]
         when "401"
           msg = "401 Unauthorized. Please check your token."
-          return msg, []
+          [msg, []]
         else
           msg = "An unexpected error occurred (HTTP #{response_code}): #{response.message}"
-          return msg, []
+          [msg, []]
         end
       end
 

data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb

@@ -126,7 +126,7 @@ module InspecPlugins
         desc: "Overwrite existing profile on Server."
       option :owner, type: :string, required: false,
         desc: "Owner that should own the profile"
-      def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, PerceivedComplexity, Metrics/CyclomaticComplexity
+      def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity
         config = InspecPlugins::Compliance::Configuration.new
         return unless loggedin(config)
 

data/lib/plugins/inspec-reporter-junit/README.md

@@ -0,0 +1,15 @@
+# junit reporter
+
+This is the implementation of the junit XML reporter.
+
+## To Install This Plugin
+
+This plugin is included with inspec. There is no need to install it separately.
+
+## What This Plugin Does
+
+This reporter generates an XML report in Apache Ant JUnit format.
+
+## Implementation Note
+
+This reporter uses the REXML XML generator, but may use more advanced XML systems for testing. This is to keep packaging requirements for CHef InSpec lightweight and free of compiled dependencies.

data/lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit.rb

@@ -0,0 +1,12 @@
+require_relative "inspec-reporter-junit/version"
+module InspecPlugins
+  module JUnitReporter
+    class Plugin < ::Inspec.plugin(2)
+      plugin_name :'inspec-reporter-junit'
+      reporter :junit do
+        require_relative "inspec-reporter-junit/reporter"
+        InspecPlugins::JUnitReporter::Reporter
+      end
+    end
+  end
+end

data/lib/{inspec/reporters/junit.rb → plugins/inspec-reporter-junit/lib/inspec-reporter-junit/reporter.rb}

@@ -1,5 +1,9 @@
-module Inspec::Reporters
-  class Junit < Base
+module InspecPlugins::JUnitReporter
+  class Reporter < Inspec.plugin(2, :reporter)
+    def self.run_data_schema_constraints
+      "~> 0.0"
+    end
+
     def render
       require "rexml/document"
       xml_output = REXML::Document.new
@@ -8,7 +12,7 @@ module Inspec::Reporters
       testsuites = REXML::Element.new("testsuites")
       xml_output.add(testsuites)
 
-      run_data[:profiles].each do |profile|
+      run_data.profiles.each do |profile|
         testsuites.add(build_profile_xml(profile))
       end
 
@@ -18,20 +22,16 @@ module Inspec::Reporters
       output(formatter.write(xml_output.root, ""))
     end
 
-    private
-
     def build_profile_xml(profile)
       profile_xml = REXML::Element.new("testsuite")
-      profile_xml.add_attribute("name", profile[:name])
+      profile_xml.add_attribute("name", profile.name)
       profile_xml.add_attribute("tests", count_profile_tests(profile))
       profile_xml.add_attribute("failed", count_profile_failed_tests(profile))
       profile_xml.add_attribute("failures", count_profile_failed_tests(profile))
 
-      profile[:controls].each do |control|
-        next if control[:results].nil?
-
-        control[:results].each do |result|
-          profile_xml.add(build_result_xml(profile[:name], control, result))
+      profile.controls.each do |control|
+        control.results.each do |result|
+          profile_xml.add(build_result_xml(profile.name, control, result))
         end
       end
 
@@ -40,16 +40,16 @@ module Inspec::Reporters
 
     def build_result_xml(profile_name, control, result)
       result_xml = REXML::Element.new("testcase")
-      result_xml.add_attribute("name", result[:code_desc])
-      result_xml.add_attribute("classname", control[:title].nil? ? "#{profile_name}.Anonymous" : "#{profile_name}.#{control[:id]}")
-      result_xml.add_attribute("target", run_data[:platform][:target].nil? ? "" : run_data[:platform][:target].to_s)
-      result_xml.add_attribute("time", result[:run_time])
+      result_xml.add_attribute("name", result.code_desc)
+      result_xml.add_attribute("classname", control.title.nil? ? "#{profile_name}.Anonymous" : "#{profile_name}.#{control.id}")
+      result_xml.add_attribute("target", run_data.platform.target.nil? ? "" : run_data.platform.target.to_s)
+      result_xml.add_attribute("time", result.run_time)
 
-      if result[:status] == "failed"
+      if result.status == "failed"
         failure_element = REXML::Element.new("failure")
         failure_element.add_attribute("message", result[:message])
         result_xml.add(failure_element)
-      elsif result[:status] == "skipped"
+      elsif result.status == "skipped"
         result_xml.add_element("skipped")
       end
 
@@ -57,19 +57,15 @@ module Inspec::Reporters
     end
 
     def count_profile_tests(profile)
-      profile[:controls].reduce(0) do |acc, elem|
-        acc + (elem[:results].nil? ? 0 : elem[:results].count)
+      profile.controls.reduce(0) do |acc, elem|
+        acc + elem.results.count
       end
     end
 
     def count_profile_failed_tests(profile)
-      profile[:controls].reduce(0) do |acc, elem|
-        if elem[:results].nil?
-          acc
-        else
-          acc + elem[:results].reduce(0) do |fail_test_total, test_case|
-            test_case[:status] == "failed" ? fail_test_total + 1 : fail_test_total
-          end
+      profile.controls.reduce(0) do |acc, elem|
+        acc + elem.results.reduce(0) do |fail_test_total, test_case|
+          test_case.status == "failed" ? fail_test_total + 1 : fail_test_total
         end
       end
     end

data/lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit/version.rb

@@ -0,0 +1,5 @@
+module InspecPlugins
+  module JUnitReporter
+    VERSION = "0.1.0".freeze
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 4.22.8
+  version: 4.22.22
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-08-04 00:00:00.000000000 Z
+date: 2020-08-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -320,20 +320,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
-- !ruby/object:Gem::Dependency
-  name: htmlentities
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.3'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.3'
 - !ruby/object:Gem::Dependency
   name: multipart-post
   requirement: !ruby/object:Gem::Requirement
@@ -348,20 +334,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
-- !ruby/object:Gem::Dependency
-  name: term-ansicolor
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.7'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: train-core
   requirement: !ruby/object:Gem::Requirement
@@ -389,7 +361,6 @@ extra_rdoc_files: []
 files:
 - Gemfile
 - LICENSE
-- README.md
 - etc/deprecations.json
 - etc/plugin_filters.json
 - inspec-core.gemspec
@@ -489,7 +460,6 @@ files:
 - lib/inspec/reporters/cli.rb
 - lib/inspec/reporters/json.rb
 - lib/inspec/reporters/json_automate.rb
-- lib/inspec/reporters/junit.rb
 - lib/inspec/reporters/yaml.rb
 - lib/inspec/require_loader.rb
 - lib/inspec/resource.rb
@@ -607,6 +577,8 @@ files:
 - lib/inspec/resources/vbscript.rb
 - lib/inspec/resources/virtualization.rb
 - lib/inspec/resources/windows_feature.rb
+- lib/inspec/resources/windows_firewall.rb
+- lib/inspec/resources/windows_firewall_rule.rb
 - lib/inspec/resources/windows_hotfix.rb
 - lib/inspec/resources/windows_registry_key.rb
 - lib/inspec/resources/windows_task.rb
@@ -746,6 +718,10 @@ files:
 - lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min.rb
 - lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min/reporter.rb
 - lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min/version.rb
+- lib/plugins/inspec-reporter-junit/README.md
+- lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit.rb
+- lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit/reporter.rb
+- lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit/version.rb
 - lib/plugins/shared/core_plugin_test_helper.rb
 - lib/plugins/things-for-train-integration.rb
 - lib/source_readers/flat.rb

data/README.md

@@ -1,474 +0,0 @@
-# Chef InSpec: Inspect Your Infrastructure
-
-* **Project State: Active**
-* **Issues Response SLA: 14 business days**
-* **Pull Request Response SLA: 14 business days**
-
-For more information on project states and SLAs, see [this documentation](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md).
-
-[![Slack](https://community-slack.chef.io/badge.svg)](https://community-slack.chef.io/)
-[![Build status](https://badge.buildkite.com/bf4c5fdc3858cc9f8c8bab8376e8e40d625ad046df9d4d8619.svg?branch=master)](https://buildkite.com/chef-oss/inspec-inspec-master-verify)
-[![Coverage Status](https://coveralls.io/repos/github/inspec/inspec/badge.svg?branch=master)](https://coveralls.io/github/inspec/inspec?branch=master)
-
-Chef InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.
-
-```ruby
-# Disallow insecure protocols by testing
-
-describe package('telnetd') do
-  it { should_not be_installed }
-end
-
-describe inetd_conf do
-  its("telnet") { should eq nil }
-end
-```
-
-Chef InSpec makes it easy to run your tests wherever you need. More options are found in our [CLI docs](https://www.inspec.io/docs/reference/cli/).
-
-```bash
-# run test locally
-inspec exec test.rb
-
-# run test on remote host via SSH
-inspec exec test.rb -t ssh://user@hostname -i /path/to/key
-
-# run test on remote host using SSH agent private key authentication. Requires Chef InSpec 1.7.1
-inspec exec test.rb -t ssh://user@hostname
-
-# run test on remote windows host via WinRM
-inspec exec test.rb -t winrm://Administrator@windowshost --password 'your-password'
-
-# run test on remote windows host via WinRM as a domain user
-inspec exec test.rb -t winrm://windowshost --user 'UserName@domain' --password 'your-password'
-
-# run test on docker container
-inspec exec test.rb -t docker://container_id
-```
-
-# Features
-
-- Built-in Compliance: Compliance no longer occurs at the end of the release cycle
-- Targeted Tests: Chef InSpec writes tests that specifically target compliance issues
-- Metadata: Includes the metadata required by security and compliance pros
-- Easy Testing: Includes a command-line interface to run tests quickly
-
-## Installation
-
-Chef InSpec requires Ruby ( >= 2.4 ).
-
-Note: Versions of Chef InSpec 4.0 and later require accepting the EULA to use. Please visit the [license acceptance page](https://docs.chef.io/chef_license_accept.html) on the Chef docs site for more information.
-
-### Install as package
-
-The Chef InSpec package is available for MacOS, RedHat, Ubuntu and Windows. Download the latest package at [Chef InSpec Downloads](https://downloads.chef.io/inspec) or install Chef InSpec via script:
-
-```
-# RedHat, Ubuntu, and macOS
-curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P inspec
-
-# Windows
-. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project inspec
-```
-
-### Install it via rubygems.org
-
-When installing from source, gem dependencies may require ruby build tools to be installed.
-
-For CentOS/RedHat/Fedora:
-
-```bash
-yum -y install ruby ruby-devel make gcc gcc-c++
-```
-
-For Ubuntu:
-
-```bash
-apt-get -y install ruby ruby-dev gcc g++ make
-```
-
-To install the `inspec` executable, which requires accepting the [Chef License](https://docs.chef.io/chef_license_accept.html), run:
-
-```bash
-gem install inspec-bin
-```
-
-You may also use `inspec` as a library, with no executable. This does not require accepting the license. To install the library as a gem, run:
-
-```bash
-gem install inspec
-```
-
-
-### Usage via Docker
-
-Download the image and define a function for convenience:
-
-For Linux:
-
-```
-docker pull chef/inspec
-function inspec { docker run -it --rm -v $(pwd):/share chef/inspec "$@"; }
-```
-
-For Windows (PowerShell):
-
-```
-docker pull chef/inspec
-function inspec { docker run -it --rm -v "$(pwd):/share" chef/inspec $args; }
-```
-
-If you call `inspec` from your shell, it automatically mounts the current directory into the Docker container. Therefore you can easily use local tests and key files. Note: Only files in the current directory and sub-directories are available within the container.
-
-```
-$ ls -1
-vagrant
-test.rb
-
-$ inspec exec test.rb -t ssh://root@192.168.64.2:11022 -i vagrant
-..
-
-Finished in 0.04321 seconds (files took 0.54917 seconds to load)
-2 examples, 0 failures
-```
-
-
-### Install it from source
-
-Note that installing from OS packages from [the download page](https://downloads.chef.io) is the preferred method.
-
-That requires [bundler](http://bundler.io/):
-
-```bash
-bundle install
-bundle exec inspec help
-```
-
-To install it as a gem locally, run:
-
-```bash
-gem build inspec.gemspec
-gem install inspec-*.gem
-```
-
-On Windows, you need to install [Ruby](http://rubyinstaller.org/downloads/) with [Ruby Development Kit](https://github.com/oneclick/rubyinstaller/wiki/Development-Kit) to build dependencies with its native extensions.
-
-### Install via Chef Habitat
-
-Currently, this method of installation only supports Linux. See the [Chef Habitat site](https://www.habitat.sh/) for more information.
-
-Download the `hab` binary from the [Chef Habitat](https://www.habitat.sh/docs/get-habitat/) site.
-
-```bash
-hab pkg install chef/inspec --binlink
-
-inspec
-```
-
-### Run Chef InSpec
-
-You should now be able to run:
-
-```bash
-$ inspec --help
-Commands:
-  inspec archive PATH                # archive a profile to tar.gz (default) ...
-  inspec check PATH                  # verify all tests at the specified PATH
-  inspec compliance SUBCOMMAND ...   # Chef Compliance commands
-  inspec detect                      # detect the target OS
-  inspec exec PATH(S)                # run all test files at the specified PATH.
-  inspec help [COMMAND]              # Describe available commands or one spe...
-  inspec init TEMPLATE ...           # Scaffolds a new project
-  inspec json PATH                   # read all tests in PATH and generate a ...
-  inspec shell                       # open an interactive debugging shell
-  inspec supermarket SUBCOMMAND ...  # Supermarket commands
-  inspec version                     # prints the version of this tool
-
-Options:
-  [--diagnose], [--no-diagnose]  # Show diagnostics (versions, configurations)
-```
-
-# Examples
-
-* Only accept requests on secure ports - This test ensures that a web server is only listening on well-secured ports.
-
-```ruby
-describe port(80) do
-  it { should_not be_listening }
-end
-
-describe port(443) do
-  it { should be_listening }
-  its('protocols') {should include 'tcp'}
-end
-```
-
-* Use approved strong ciphers - This test ensures that only enterprise-compliant ciphers are used for SSH servers.
-
-```ruby
-describe sshd_config do
-   its('Ciphers') { should eq('chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr') }
-end
-```
-
-* Test your `kitchen.yml` file to verify that only Vagrant is configured as the driver.  The %w() formatting will
-pass rubocop linting and allow you to access nested mappings.
-
-```ruby
-describe yaml('.kitchen.yml') do
-  its(%w(driver name)) { should eq('vagrant') }
-end
-```
-
-Also have a look at our examples for:
-- [Using Chef InSpec with Test Kitchen & Chef Infra](https://github.com/chef/inspec/tree/master/examples/kitchen-chef)
-- [Using Chef InSpec with Test Kitchen & Puppet](https://github.com/chef/inspec/tree/master/examples/kitchen-puppet)
-- [Using Chef InSpec with Test Kitchen & Ansible](https://github.com/chef/inspec/tree/master/examples/kitchen-ansible)
-- [Implementing an Chef InSpec profile](https://github.com/chef/inspec/tree/master/examples/profile)
-
-## Or tests: Testing for a OR b
-
-* Using describe.one, you can test for a or b.  The control will be marked as passing if EITHER condition is met.
-
-```ruby
-control 'or-test' do
-  impact 1.0
-  title 'This is a OR test'
-  describe.one do
-    describe ssh_config do
-      its('Protocol') { should eq('3') }
-    end
-    describe ssh_config do
-      its('Protocol') { should eq('2') }
-    end
-  end
-end
-```
-
-## Command Line Usage
-
-### exec
-
-Run tests against different targets:
-
-```bash
-# run test locally
-inspec exec test.rb
-
-# run test on remote host on SSH
-inspec exec test.rb -t ssh://user@hostname
-
-# run test on remote windows host on WinRM
-inspec exec test.rb -t winrm://Administrator@windowshost --password 'your-password'
-
-# run test on docker container
-inspec exec test.rb -t docker://container_id
-
-# run with sudo
-inspec exec test.rb --sudo [--sudo-password ...] [--sudo-options ...] [--sudo_command ...]
-
-# run in a subshell
-inspec exec test.rb --shell [--shell-options ...] [--shell-command ...]
-
-# run a profile targeting AWS using env vars
-inspec exec test.rb -t aws://
-
-# or store your AWS credentials in your ~/.aws/credentials profiles file
-inspec exec test.rb -t aws://us-east-2/my-profile
-
-# run a profile targeting Azure using env vars
-inspec exec test.rb -t azure://
-
-# or store your Azure credentials in your ~/.azure/credentials profiles file
-inspec exec test.rb -t azure://subscription_id
-```
-
-### detect
-
-Verify your configuration and detect
-
-```bash
-id=$( docker run -dti ubuntu:14.04 /bin/bash )
-inspec detect -t docker://$id
-```
-
-Which will provide you with:
-
-```
-{"family":"ubuntu","release":"14.04","arch":null}
-```
-
-## Supported OS
-
-Remote Targets
-
-| Platform                     | Versions                                         | Architectures |
-| ---------------------------- | ------------------------------------------------ | ------------- |
-| AIX                          | 6.1, 7.1, 7.2                                    | ppc64         |
-| CentOS                       | 5, 6, 7                                          | i386, x86_64  |
-| Debian                       | 7, 8, 9                                          | i386, x86_64  |
-| FreeBSD                      | 9, 10, 11                                        | i386, amd64   |
-| Mac OS X                     | 10.9, 10.10, 10.11, 10.12, 10.13, 10.14          | x86_64        |
-| Oracle Enterprise Linux      | 5, 6, 7                                          | i386, x86_64  |
-| Red Hat Enterprise Linux     | 5, 6, 7                                          | i386, x86_64  |
-| Solaris                      | 10, 11                                           | sparc, x86    |
-| Windows\*                    | 8, 8.1, 10, 2012, 2012R2, 2016                   | x86, x86_64   |
-| Ubuntu Linux                 |                                                  | x86, x86_64   |
-| SUSE Linux Enterprise Server | 11, 12                                           | x86_64        |
-| Scientific Linux             | 5.x, 6.x and 7.x                                 | i386, x86_64  |
-| Fedora                       |                                                  | x86_64        |
-| OpenSUSE                     | 13, 42                                           | x86_64        |
-| OmniOS                       |                                                  | x86_64        |
-| Gentoo Linux                 |                                                  | x86_64        |
-| Arch Linux                   |                                                  | x86_64        |
-| HP-UX                        | 11.31                                            | ia64          |
-
-\**For Windows, PowerShell 5.0 or above is required.*
-
-In addition, runtime support is provided for:
-
-| Platform | Versions | Arch   |
-| -------- | -------- | ------ |
-| Debian   | 8, 9     | x86_64 |
-| RHEL     | 6, 7     | x86_64 |
-| Ubuntu   | 12.04+   | x86_64 |
-| Windows  | 8+       | x86_64 |
-| Windows  | 2012+    | x86_64 |
-
-## Documentation
-
-Documentation
-
- * https://www.inspec.io/docs/
- * https://www.inspec.io/docs/reference/resources/
- * https://github.com/chef/inspec/tree/master/docs
-
-Tutorials/Blogs/Podcasts:
-
- * https://www.inspec.io/tutorials/
-
-Relationship to other tools (RSpec, Serverspec):
-
- * https://www.inspec.io/docs/reference/inspec_and_friends/
-
-## Share your Profiles
-
-You may share your Chef InSpec Profiles in the [Tools & Plugins section](https://supermarket.chef.io/tools-directory) of the [Chef Supermarket](https://supermarket.chef.io/). [Sign in](https://supermarket.chef.io/sign-in) and [add the details of your profile](https://supermarket.chef.io/tools/new).
-
-You may also [browse the Supermarket for shared Compliance Profiles](https://supermarket.chef.io/tools?type=compliance_profile).
-
-## Kudos
-
-Chef InSpec is inspired by the wonderful [Serverspec](http://serverspec.org) project. Kudos to [mizzy](https://github.com/mizzy) and [all contributors](https://github.com/mizzy/serverspec/graphs/contributors)!
-
-The AWS resources were inspired by [inspec-aws](https://github.com/arothian/inspec-aws) from [arothian](https://github.com/arothian).
-
-## Contribute
-
-1. Fork it
-1. Create your feature branch (git checkout -b my-new-feature)
-1. Commit your changes (git commit -am 'Add some feature')
-1. Push to the branch (git push origin my-new-feature)
-1. Create new Pull Request
-
-The Chef InSpec community and maintainers are very active and helpful. This project benefits greatly from this activity.
-
-If you'd like to chat with the community and maintainers directly join us in the `#inspec` channel on the [Chef Community Slack](http://community-slack.chef.io/).
-
-As a reminder, all participants are expected to follow the [Code of Conduct](https://github.com/inspec/inspec/blob/master/CODE_OF_CONDUCT.md).
-
-[![Slack](https://community-slack.chef.io/badge.svg)](https://community-slack.chef.io/)
-
-## Testing Chef InSpec
-
-We offer `unit`, `integration`, and `aws` tests.
-
-- `unit` tests ensure the intended behaviour of the implementation
-- `integration` tests run against Docker-based VMs via test-kitchen and [kitchen-inspec](https://github.com/chef/kitchen-inspec)
-- `aws` tests exercise the AWS resources against real AWS accounts
-
-### Unit tests
-
-```bash
-bundle exec rake test
-```
-
-If you like to run only one test file:
-
-```bash
-bundle exec m test/unit/resources/user_test.rb
-```
-
-You may also run a single test within a file by line number:
-
-```bash
-bundle exec m test/unit/resources/user_test.rb -l 123
-```
-
-### Integration tests
-
-These tests download various virtual machines, to ensure Chef InSpec is working as expected across different operating systems.
-
-These tests require the following gems:
-
-- test-kitchen
-- kitchen-dokken
-- kitchen-inspec
-
-These gems are provided via the `integration` group in the project's Gemfile.
-
-In addition, these test require Docker to be available on your machine or a remote Docker machine configured via the standard Docker environment variables.
-
-#### Running Integration tests
-
-List the various test instances available:
-
-```bash
-bundle exec kitchen list
-```
-
-The platforms and test suites are configured in the `.kitchen.yml` file. Once you know which instance you wish to test, test that instance:
-
-```bash
-bundle exec kitchen test <INSTANCE_NAME>
-```
-
-You may test all instances in parallel with:
-
-```bash
-bundle exec kitchen test -c
-```
-
-### AWS Tests
-
-Use the rake task `bundle exec rake test:aws` to test the AWS resources against a pair of real AWS accounts.
-
-Please see [TESTING_AGAINST_AWS.md](./test/integration/aws/TESTING_AGAINST_AWS.md) for details on how to setup the needed AWS accounts to perform testing.
-
-### Azure Tests
-
-Use the rake task `bundle exec rake test:azure` to test the Azure resources against an Azure account.
-
-Please see [TESTING_AGAINST_AZURE.md](./test/integration/azure/TESTING_AGAINST_AZURE.md) for details on how to setup the needed Azure accounts to perform testing.
-
-## License
-
-|                |                                           |
-| -------------- | ----------------------------------------- |
-| **Author:**    | Dominik Richter (<drichter@chef.io>)      |
-| **Author:**    | Christoph Hartmann (<chartmann@chef.io>)  |
-| **Copyright:** | Copyright (c) 2015 Vulcano Security GmbH. |
-| **Copyright:** | Copyright (c) 2017-2018 Chef Software Inc.|
-| **License:**   | Apache License, Version 2.0               |
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.