inspec-core 4.38.3 → 4.38.9

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: da7b208efcb020501f9a283e5e512d3862cd4c3e7c19f2012e143af2721fd893
4
- data.tar.gz: f534843ff5445086f3d40802fff3fe19c8ed787660dde2ce17816e8dc1225cac
3
+ metadata.gz: 17449ad4c9680511a8fc11c6fdb11d9ece550a7942c9e734c95eac0d41913d9f
4
+ data.tar.gz: ae5055ccc9bebd1aed4f22da4ad4dcd1be31e1bd2b5707e7b5fb088c916eda08
5
5
  SHA512:
6
- metadata.gz: efd72de313d408802e8484dba99e6291bcd1a571fe028642736fccfcb3d02b78bb700d88a0441d6b2525285891707a738b8315c8dc315edc50e288eb000940e3
7
- data.tar.gz: 12d51bdaea741376370ea5e64abf645d9734a2edf4328118b8931c11d6032446830f0f7f495eed987e7fcc27518472e21f523d93bd1c1578468b97d9028d11c3
6
+ metadata.gz: 6cec299ca48d7ca4c3fb9b3eecc79c8687541fbd83fc79e837ed13d2abb4bcb861f747782a68bf90f7e1083443a671079a1368a97e9f552e249e456616a92059
7
+ data.tar.gz: 287e2d79dbc494c83d6f8b8046e0f9c54632c5a13ec75ac69b603bdf9fe9b6a89ff86c9c8f025f7e04372490adb1ffa5a5a7fc10f3ecab1e7fabd70f71f6767d
data/Gemfile CHANGED
@@ -20,22 +20,11 @@ end
20
20
  # but our runtime dep is still 3.9+
21
21
  gem "rspec", ">= 3.10"
22
22
 
23
- def probably_x86?
24
- # We don't currently build on ARM windows, so assume x86 there
25
- return true if RUBY_PLATFORM =~ /windows|mswin|msys|mingw|cygwin/
26
-
27
- # Otherwise rely on uname -m
28
- `uname -m`.match?(/^(x86_64|i\d86)/)
29
- end
30
-
31
23
  group :omnibus do
32
24
  gem "rb-readline"
33
25
  gem "appbundler"
34
26
  gem "ed25519" # ed25519 ssh key support done here as its a native gem we can't put in the gemspec
35
27
  gem "bcrypt_pbkdf" # ed25519 ssh key support done here as its a native gem we can't put in the gemspec
36
- if probably_x86?
37
- gem "x25519" # ed25519 KEX module, not supported on ARM
38
- end
39
28
  end
40
29
 
41
30
  group :test do
@@ -42,11 +42,7 @@ module Inspec::Resources
42
42
  @local_mode = opts[:local_mode]
43
43
  unless local_mode?
44
44
  @host = opts[:host] || "localhost"
45
- if opts.key?(:port)
46
- @port = opts[:port]
47
- else
48
- @port = "1433"
49
- end
45
+ @port = opts[:port]
50
46
  end
51
47
  @instance = opts[:instance]
52
48
  @db_name = opts[:db_name]
@@ -38,11 +38,12 @@ module Inspec::Resources
38
38
  @sqlcl_bin = opts[:sqlcl_bin] || nil
39
39
  @sqlplus_bin = opts[:sqlplus_bin] || "sqlplus"
40
40
  skip_resource "Option 'as_os_user' not available in Windows" if inspec.os.windows? && su_user
41
- fail_resource "Can't run Oracle checks without authentication" unless su_user && (user || password)
42
- fail_resource "You must provide a service name for the session" unless service
41
+ fail_resource "Can't run Oracle checks without authentication" unless su_user || (user || password)
43
42
  end
44
43
 
45
44
  def query(sql)
45
+ raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
46
+
46
47
  if @sqlcl_bin && inspec.command(@sqlcl_bin).exist?
47
48
  @bin = @sqlcl_bin
48
49
  format_options = "set sqlformat csv\nSET FEEDBACK OFF"
@@ -53,8 +54,17 @@ module Inspec::Resources
53
54
 
54
55
  command = command_builder(format_options, sql)
55
56
  inspec_cmd = inspec.command(command)
57
+ out = inspec_cmd.stdout + "\n" + inspec_cmd.stderr
56
58
 
57
- DatabaseHelper::SQLQueryResult.new(inspec_cmd, parse_csv_result(inspec_cmd.stdout))
59
+ if inspec_cmd.exit_status != 0 || !inspec_cmd.stderr.empty? || out.downcase =~ /^error.*/
60
+ raise Inspec::Exceptions::ResourceFailed, "Oracle query with errors: #{out}"
61
+ else
62
+ begin
63
+ DatabaseHelper::SQLQueryResult.new(inspec_cmd, parse_csv_result(inspec_cmd.stdout))
64
+ rescue
65
+ raise Inspec::Exceptions::ResourceFailed, "Oracle query with errors: #{out}"
66
+ end
67
+ end
58
68
  end
59
69
 
60
70
  def to_s
@@ -77,11 +87,11 @@ module Inspec::Resources
77
87
  end
78
88
 
79
89
  if @db_role.nil?
80
- %{#{sql_prefix}#{bin} "#{user}"/"#{password}"@#{host}:#{port}/#{@service}#{sql_postfix}}
90
+ "#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service}#{sql_postfix}"
81
91
  elsif @su_user.nil?
82
- %{#{sql_prefix}#{bin} "#{user}"/"#{password}"@#{host}:#{port}/#{@service} as #{@db_role}#{sql_postfix}}
92
+ "#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service} as #{@db_role}#{sql_postfix}"
83
93
  else
84
- %{su - #{@su_user} -c "env ORACLE_SID=#{@service} #{@bin} / as #{@db_role}#{sql_postfix}"}
94
+ "su - #{@su_user} -c env ORACLE_SID=#{@service} #{@bin} / as #{@db_role}#{sql_postfix}"
85
95
  end
86
96
  end
87
97
 
@@ -4,6 +4,8 @@ module Inspec::Resources
4
4
  class Postgres < Inspec.resource(1)
5
5
  name "postgres"
6
6
  supports platform: "unix"
7
+ supports platform: "windows"
8
+
7
9
  desc "The 'postgres' resource is a helper for the 'postgres_conf', 'postgres_hba_conf', 'postgres_ident_conf' & 'postgres_session' resources. Please use those instead."
8
10
 
9
11
  attr_reader :service, :data_dir, :conf_dir, :conf_path, :version, :cluster
@@ -43,11 +45,17 @@ module Inspec::Resources
43
45
  @conf_dir = "/etc/postgresql/#{@version}/#{@cluster}"
44
46
  @data_dir = "/var/lib/postgresql/#{@version}/#{@cluster}"
45
47
  end
48
+ elsif inspec.os.windows?
49
+ dir = "C:\\Program Files\\PostgreSQL"
50
+ @version = version_from_psql || version_from_dir_windows(dir)
51
+ unless @version.to_s.empty?
52
+ @data_dir = "#{dir}\\#{@version}\\data\\"
53
+ end
46
54
  else
47
55
  @version = version_from_psql
48
56
  if @version.to_s.empty?
49
57
  if inspec.directory("/var/lib/pgsql/data").exist?
50
- warn "Unable to determine PostgreSQL version: psql did not return" \
58
+ Inspec::Log.warn "Unable to determine PostgreSQL version: psql did not return" \
51
59
  "a version number and unversioned data directories were found."
52
60
  else
53
61
  @version = version_from_dir("/var/lib/pgsql")
@@ -69,13 +77,13 @@ module Inspec::Resources
69
77
 
70
78
  def verify_dirs
71
79
  unless inspec.directory(@conf_dir).exist?
72
- warn "Default postgresql configuration directory: #{@conf_dir} does not exist. " \
80
+ Inspec::Log.warn "Default postgresql configuration directory: #{@conf_dir} does not exist. " \
73
81
  "Postgresql may not be installed or we've misidentified the configuration " \
74
82
  "directory."
75
83
  end
76
84
 
77
85
  unless inspec.directory(@data_dir).exist?
78
- warn "Default postgresql data directory: #{@data_dir} does not exist. " \
86
+ Inspec::Log.warn "Default postgresql data directory: #{@data_dir} does not exist. " \
79
87
  "Postgresql may not be installed or we've misidentified the data " \
80
88
  "directory."
81
89
  end
@@ -84,7 +92,15 @@ module Inspec::Resources
84
92
  def version_from_psql
85
93
  return unless inspec.command("psql").exist?
86
94
 
87
- inspec.command("psql --version | awk '{ print $NF }' | awk -F. '{ print $1\".\"$2 }'").stdout.strip
95
+ version = inspec.command("psql --version").stdout.strip.split(" ")[2].split(".")
96
+
97
+ unless version.empty?
98
+ if version.first.to_i >= 10
99
+ version.first
100
+ else
101
+ "#{version[0]}.#{version[1]}"
102
+ end
103
+ end
88
104
  end
89
105
 
90
106
  def locate_data_dir_location_by_version(ver = @version)
@@ -100,7 +116,7 @@ module Inspec::Resources
100
116
  data_dir_loc = dir_list.detect { |i| inspec.directory(i).exist? }
101
117
 
102
118
  if data_dir_loc.nil?
103
- warn 'Unable to find the PostgreSQL data_dir in expected location(s), please
119
+ Inspec::Log.warn 'Unable to find the PostgreSQL data_dir in expected location(s), please
104
120
  execute "psql -t -A -p <port> -h <host> -c "show hba_file";" as the PostgreSQL
105
121
  DBA to find the non-standard data_dir location.'
106
122
  end
@@ -112,15 +128,32 @@ module Inspec::Resources
112
128
  entries = dirs.lines.count
113
129
  case entries
114
130
  when 0
115
- warn "Could not determine version of installed postgresql by inspecting #{dir}"
131
+ Inspec::Log.warn "Could not determine version of installed postgresql by inspecting #{dir}"
132
+ nil
133
+ when 1
134
+ Inspec::Log.warn "Using #{dirs}: #{dir_to_version(dirs)}"
135
+ dir_to_version(dirs)
136
+ else
137
+ Inspec::Log.warn "Multiple versions of postgresql installed or incorrect base dir #{dir}"
138
+ first = dir_to_version(dirs.lines.first)
139
+ Inspec::Log.warn "Using the first version found: #{first}"
140
+ first
141
+ end
142
+ end
143
+
144
+ def version_from_dir_windows(dir)
145
+ dirs = inspec.command("Get-ChildItem -Path \"#{dir}\" -Name").stdout
146
+ entries = dirs.lines.count
147
+ case entries
148
+ when 0
149
+ Inspec::Log.warn "Could not determine version of installed PostgreSQL by inspecting #{dir}"
116
150
  nil
117
151
  when 1
118
- warn "Using #{dirs}: #{dir_to_version(dirs)}"
119
152
  dir_to_version(dirs)
120
153
  else
121
- warn "Multiple versions of postgresql installed or incorrect base dir #{dir}"
154
+ Inspec::Log.warn "Multiple versions of PostgreSQL installed or incorrect base dir #{dir}"
122
155
  first = dir_to_version(dirs.lines.first)
123
- warn "Using the first version found: #{first}"
156
+ Inspec::Log.warn "Using the first version found: #{first}"
124
157
  first
125
158
  end
126
159
  end
@@ -137,13 +170,13 @@ module Inspec::Resources
137
170
  else
138
171
  dirs = inspec.command("ls -d #{dir}/*/").stdout.lines
139
172
  if dirs.empty?
140
- warn "No postgresql clusters configured or incorrect base dir #{dir}"
173
+ Inspec::Log.warn "No postgresql clusters configured or incorrect base dir #{dir}"
141
174
  return nil
142
175
  end
143
176
  first = dirs.first.chomp.split("/").last
144
177
  if dirs.count > 1
145
- warn "Multiple postgresql clusters configured or incorrect base dir #{dir}"
146
- warn "Using the first directory found: #{first}"
178
+ Inspec::Log.warn "Multiple postgresql clusters configured or incorrect base dir #{dir}"
179
+ Inspec::Log.warn "Using the first directory found: #{first}"
147
180
  end
148
181
  first
149
182
  end
@@ -22,6 +22,8 @@ module Inspec::Resources
22
22
  include FileReader
23
23
  include ObjectTraverser
24
24
 
25
+ attr_accessor :conf_path
26
+
25
27
  def initialize(conf_path = nil)
26
28
  @conf_path = conf_path || inspec.postgres.conf_path
27
29
  if @conf_path.nil?
@@ -5,6 +5,7 @@ module Inspec::Resources
5
5
  class PostgresHbaConf < Inspec.resource(1)
6
6
  name "postgres_hba_conf"
7
7
  supports platform: "unix"
8
+ supports platform: "windows"
8
9
  desc 'Use the `postgres_hba_conf` InSpec audit resource to test the client
9
10
  authentication data defined in the pg_hba.conf file.'
10
11
  example <<~EXAMPLE
@@ -19,7 +20,7 @@ module Inspec::Resources
19
20
 
20
21
  # @todo add checks to ensure that we have data in our file
21
22
  def initialize(hba_conf_path = nil)
22
- @conf_file = hba_conf_path || File.expand_path("pg_hba.conf", inspec.postgres.conf_dir)
23
+ @conf_file = hba_conf_path || File.join(inspec.postgres.conf_dir, "pg_hba.conf")
23
24
  @content = ""
24
25
  @params = {}
25
26
  read_content
@@ -5,6 +5,7 @@ module Inspec::Resources
5
5
  class PostgresIdentConf < Inspec.resource(1)
6
6
  name "postgres_ident_conf"
7
7
  supports platform: "unix"
8
+ supports platform: "windows"
8
9
  desc 'Use the postgres_ident_conf InSpec audit resource to test the client
9
10
  authentication data is controlled by a pg_ident.conf file.'
10
11
  example <<~EXAMPLE
@@ -18,7 +19,7 @@ module Inspec::Resources
18
19
  attr_reader :params, :conf_file
19
20
 
20
21
  def initialize(ident_conf_path = nil)
21
- @conf_file = ident_conf_path || File.expand_path("pg_ident.conf", inspec.postgres.conf_dir)
22
+ @conf_file = ident_conf_path || File.join(inspec.postgres.conf_dir, "pg_ident.conf")
22
23
  @content = nil
23
24
  @params = nil
24
25
  read_content
@@ -12,7 +12,7 @@ module Inspec::Resources
12
12
  end
13
13
 
14
14
  def lines
15
- output.split("\n")
15
+ output.split("\n").map(&:strip)
16
16
  end
17
17
 
18
18
  def to_s
@@ -54,7 +54,7 @@ module Inspec::Resources
54
54
  raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
55
55
 
56
56
  psql_cmd = create_psql_cmd(query, db)
57
- cmd = inspec.command(psql_cmd, redact_regex: /(PGPASSWORD=').+(' psql .*)/)
57
+ cmd = inspec.command(psql_cmd, redact_regex: %r{(:\/\/[a-z]*:).*(@)})
58
58
  out = cmd.stdout + "\n" + cmd.stderr
59
59
  if cmd.exit_status != 0 || out =~ /could not connect to .*/ || out.downcase =~ /^error:.*/
60
60
  raise Inspec::Exceptions::ResourceFailed, "PostgreSQL query with errors: #{out}"
@@ -66,7 +66,7 @@ module Inspec::Resources
66
66
  private
67
67
 
68
68
  def test_connection
69
- query("select now()")
69
+ query("select now()\;")
70
70
  end
71
71
 
72
72
  def escaped_query(query)
@@ -74,8 +74,12 @@ module Inspec::Resources
74
74
  end
75
75
 
76
76
  def create_psql_cmd(query, db = [])
77
- dbs = db.map { |x| "-d #{x}" }.join(" ")
78
- "PGPASSWORD='#{@pass}' psql -U #{@user} #{dbs} -h #{@host} -p #{@port} -A -t -c #{escaped_query(query)}"
77
+ dbs = db.map { |x| "#{x}" }.join(" ")
78
+ if inspec.os.windows?
79
+ "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c \"#{query}\""
80
+ else
81
+ "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c #{escaped_query(query)}"
82
+ end
79
83
  end
80
84
  end
81
85
  end
data/lib/inspec/rule.rb CHANGED
@@ -360,7 +360,7 @@ module Inspec
360
360
  # A string that does not represent a valid time results in the date 0000-01-01.
361
361
  if [Date, Time].include?(expiry.class) || (expiry.is_a?(String) && Time.new(expiry).year != 0)
362
362
  expiry = expiry.to_time if expiry.is_a? Date
363
- expiry = Time.new(expiry) if expiry.is_a? String
363
+ expiry = Time.parse(expiry) if expiry.is_a? String
364
364
  if expiry < Time.now # If the waiver expired, return - no skip applied
365
365
  __waiver_data["message"] = "Waiver expired on #{expiry}, evaluating control normally"
366
366
  return
@@ -1,3 +1,3 @@
1
1
  module Inspec
2
- VERSION = "4.38.3".freeze
2
+ VERSION = "4.38.9".freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.38.3
4
+ version: 4.38.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chef InSpec Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-06-23 00:00:00.000000000 Z
11
+ date: 2021-07-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-telemetry