inspec-core 4.49.0 → 4.50.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/inspec/cli.rb +12 -3
- data/lib/inspec/globals.rb +5 -0
- data/lib/inspec/profile.rb +2 -0
- data/lib/inspec/resources/http.rb +107 -55
- data/lib/inspec/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 506be4d9918c8af46f6b3784e8a18550cee990ad73c7c731bb1afea7197c5370
|
|
4
|
+
data.tar.gz: b48fa274325e96ac07185653b2eeb997ed5ea6fa39f570b0400706331a3b4d52
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4eb19bed92e35c49395e513e263f3afdb3f59abcf873b88f0c7dc07775a64c4e6aea3db57f069b19be73e9aa92de106db95ecb4b60fc3fc4c5b080f4fc97df6c
|
|
7
|
+
data.tar.gz: e8eac56320e4c0e36078bdcef95dde1b6ec710d7bfdba1bbd4f8301ee0f5799c5a913f96edc5c31ba78c2dcc3647e671454b30ac430729943a0dca071191aa63
|
data/lib/inspec/cli.rb
CHANGED
|
@@ -122,8 +122,13 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
|
122
122
|
end
|
|
123
123
|
puts
|
|
124
124
|
|
|
125
|
+
enable_offenses = !Inspec.locally_windows? # See 5723
|
|
125
126
|
if result[:errors].empty? && result[:warnings].empty? && result[:offenses].empty?
|
|
126
|
-
|
|
127
|
+
if enable_offenses
|
|
128
|
+
ui.plain_line("No errors, warnings, or offenses")
|
|
129
|
+
else
|
|
130
|
+
ui.plain_line("No errors or warnings")
|
|
131
|
+
end
|
|
127
132
|
else
|
|
128
133
|
item_msg = lambda { |item|
|
|
129
134
|
pos = [item[:file], item[:line], item[:column]].compact.join(":")
|
|
@@ -135,7 +140,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
|
135
140
|
|
|
136
141
|
puts
|
|
137
142
|
|
|
138
|
-
|
|
143
|
+
if enable_offenses && !result[:offenses].empty?
|
|
139
144
|
puts "Offenses:\n"
|
|
140
145
|
result[:offenses].each { |item| ui.cyan(" #{Inspec::UI::GLYPHS[:script_x]} #{item_msg.call(item)}\n\n") }
|
|
141
146
|
end
|
|
@@ -143,7 +148,11 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
|
143
148
|
offenses = ui.cyan("#{result[:offenses].length} offenses", print: false)
|
|
144
149
|
errors = ui.red("#{result[:errors].length} errors", print: false)
|
|
145
150
|
warnings = ui.yellow("#{result[:warnings].length} warnings", print: false)
|
|
146
|
-
|
|
151
|
+
if enable_offenses
|
|
152
|
+
ui.plain_line("Summary: #{errors}, #{warnings}, #{offenses}")
|
|
153
|
+
else
|
|
154
|
+
ui.plain_line("Summary: #{errors}, #{warnings}")
|
|
155
|
+
end
|
|
147
156
|
end
|
|
148
157
|
end
|
|
149
158
|
|
data/lib/inspec/globals.rb
CHANGED
data/lib/inspec/profile.rb
CHANGED
|
@@ -450,6 +450,8 @@ module Inspec
|
|
|
450
450
|
|
|
451
451
|
def cookstyle_linting_check
|
|
452
452
|
msgs = []
|
|
453
|
+
return msgs if Inspec.locally_windows? # See #5723
|
|
454
|
+
|
|
453
455
|
output = cookstyle_rake_output.split("Offenses:").last
|
|
454
456
|
msgs = output.split("\n").select { |x| x =~ /[A-Z]:/ } unless output.nil?
|
|
455
457
|
msgs
|
|
@@ -11,6 +11,7 @@ module Inspec::Resources
|
|
|
11
11
|
class Http < Inspec.resource(1)
|
|
12
12
|
name "http"
|
|
13
13
|
supports platform: "unix"
|
|
14
|
+
supports platform: "windows"
|
|
14
15
|
desc "Use the http InSpec audit resource to test http call."
|
|
15
16
|
example <<~EXAMPLE
|
|
16
17
|
describe http('http://localhost:8080/ping', auth: {user: 'user', pass: 'test'}, params: {format: 'html'}) do
|
|
@@ -104,6 +105,7 @@ module Inspec::Resources
|
|
|
104
105
|
opts[:data]
|
|
105
106
|
end
|
|
106
107
|
|
|
108
|
+
# not supported on Windows
|
|
107
109
|
def open_timeout
|
|
108
110
|
opts.fetch(:open_timeout, 60)
|
|
109
111
|
end
|
|
@@ -117,7 +119,7 @@ module Inspec::Resources
|
|
|
117
119
|
end
|
|
118
120
|
|
|
119
121
|
def max_redirects
|
|
120
|
-
opts.fetch(:max_redirects,
|
|
122
|
+
opts.fetch(:max_redirects, nil)
|
|
121
123
|
end
|
|
122
124
|
end
|
|
123
125
|
|
|
@@ -141,7 +143,7 @@ module Inspec::Resources
|
|
|
141
143
|
|
|
142
144
|
conn = Faraday.new(url: url, headers: request_headers, params: params, ssl: { verify: ssl_verify? }) do |builder|
|
|
143
145
|
builder.request :url_encoded
|
|
144
|
-
builder.use FaradayMiddleware::FollowRedirects, limit: max_redirects
|
|
146
|
+
builder.use FaradayMiddleware::FollowRedirects, limit: max_redirects unless max_redirects.nil?
|
|
145
147
|
builder.adapter Faraday.default_adapter
|
|
146
148
|
end
|
|
147
149
|
|
|
@@ -162,98 +164,148 @@ module Inspec::Resources
|
|
|
162
164
|
attr_reader :inspec
|
|
163
165
|
|
|
164
166
|
def initialize(inspec, http_method, url, opts)
|
|
165
|
-
|
|
167
|
+
http_cmd = inspec.os.windows? ? "Invoke-WebRequest" : "curl"
|
|
168
|
+
unless inspec.command(http_cmd).exist?
|
|
166
169
|
raise Inspec::Exceptions::ResourceSkipped,
|
|
167
|
-
"
|
|
170
|
+
"#{http_cmd} is not available on the target machine"
|
|
168
171
|
end
|
|
169
|
-
|
|
170
|
-
@ran_curl = false
|
|
172
|
+
@ran_http = false
|
|
171
173
|
@inspec = inspec
|
|
172
174
|
super(http_method, url, opts)
|
|
173
175
|
end
|
|
174
176
|
|
|
175
177
|
def status
|
|
176
|
-
|
|
178
|
+
run_http
|
|
177
179
|
@status
|
|
178
180
|
end
|
|
179
181
|
|
|
180
182
|
def body
|
|
181
|
-
|
|
183
|
+
run_http
|
|
182
184
|
@body&.strip
|
|
183
185
|
end
|
|
184
186
|
|
|
185
187
|
def response_headers
|
|
186
|
-
|
|
188
|
+
run_http
|
|
187
189
|
@response_headers
|
|
188
190
|
end
|
|
189
191
|
|
|
190
192
|
private
|
|
191
193
|
|
|
192
|
-
def
|
|
193
|
-
return if @
|
|
194
|
+
def run_http
|
|
195
|
+
return if @ran_http
|
|
194
196
|
|
|
195
|
-
cmd_result = inspec.command(
|
|
197
|
+
cmd_result = inspec.command(http_command)
|
|
196
198
|
response = cmd_result.stdout
|
|
197
|
-
@
|
|
199
|
+
@ran_http = true
|
|
198
200
|
return if response.nil? || cmd_result.exit_status != 0
|
|
199
201
|
|
|
200
|
-
|
|
201
|
-
|
|
202
|
+
if inspec.os.windows?
|
|
203
|
+
response = JSON.parse(response)
|
|
202
204
|
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
loop do
|
|
206
|
-
break unless remainder =~ %r{^HTTP/}
|
|
205
|
+
@status = response["StatusCode"]
|
|
206
|
+
@body = response["Content"]
|
|
207
207
|
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
208
|
+
@response_headers = {}
|
|
209
|
+
response["Headers"].each do |name, value|
|
|
210
|
+
@response_headers["#{name}"] = value
|
|
211
|
+
end
|
|
212
|
+
else
|
|
213
|
+
# strip any carriage returns to normalize output
|
|
214
|
+
response.delete!("\r")
|
|
215
|
+
|
|
216
|
+
# split the prelude (status line and headers) and the body
|
|
217
|
+
prelude, remainder = response.split("\n\n", 2)
|
|
218
|
+
loop do
|
|
219
|
+
break unless remainder =~ %r{^HTTP/}
|
|
220
|
+
|
|
221
|
+
prelude, remainder = remainder.split("\n\n", 2)
|
|
222
|
+
end
|
|
223
|
+
@body = remainder
|
|
224
|
+
prelude = prelude.lines
|
|
225
|
+
|
|
226
|
+
# grab the status off of the first line of the prelude
|
|
227
|
+
status_line = prelude.shift
|
|
228
|
+
@status = status_line.split(" ", 3)[1].to_i
|
|
229
|
+
|
|
230
|
+
# parse the rest of the prelude which will be all the HTTP headers
|
|
231
|
+
@response_headers = {}
|
|
232
|
+
prelude.each do |line|
|
|
233
|
+
line.strip!
|
|
234
|
+
key, value = line.split(":", 2)
|
|
235
|
+
@response_headers[key] = value.strip
|
|
236
|
+
end
|
|
223
237
|
end
|
|
224
238
|
end
|
|
225
239
|
|
|
226
|
-
def
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
# Use curl's --head option when the method requested is HEAD. Otherwise,
|
|
230
|
-
# the user may experience a timeout when curl does not properly close
|
|
231
|
-
# the connection after the response is received.
|
|
232
|
-
if http_method.casecmp("HEAD") == 0
|
|
233
|
-
cmd << "--head"
|
|
240
|
+
def http_command # rubocop:disable Metrics/AbcSize
|
|
241
|
+
if inspec.os.windows?
|
|
242
|
+
load_powershell_command
|
|
234
243
|
else
|
|
235
|
-
cmd
|
|
244
|
+
cmd = ["curl -i"]
|
|
245
|
+
|
|
246
|
+
# Use curl's --head option when the method requested is HEAD. Otherwise,
|
|
247
|
+
# the user may experience a timeout when curl does not properly close
|
|
248
|
+
# the connection after the response is received.
|
|
249
|
+
if http_method.casecmp("HEAD") == 0
|
|
250
|
+
cmd << "--head"
|
|
251
|
+
else
|
|
252
|
+
cmd << "-X #{http_method}"
|
|
253
|
+
end
|
|
254
|
+
|
|
255
|
+
cmd << "--connect-timeout #{open_timeout}"
|
|
256
|
+
cmd << "--max-time #{open_timeout + read_timeout}"
|
|
257
|
+
cmd << "--user \'#{username}:#{password}\'" unless username.nil? || password.nil?
|
|
258
|
+
cmd << "--insecure" unless ssl_verify?
|
|
259
|
+
cmd << "--data #{Shellwords.shellescape(request_body)}" unless request_body.nil?
|
|
260
|
+
cmd << "--location" unless max_redirects.nil?
|
|
261
|
+
cmd << "--max-redirs #{max_redirects}" unless max_redirects.nil?
|
|
262
|
+
|
|
263
|
+
request_headers.each do |k, v|
|
|
264
|
+
cmd << "-H '#{k}: #{v}'"
|
|
265
|
+
end
|
|
266
|
+
|
|
267
|
+
if params.nil?
|
|
268
|
+
cmd << "'#{url}'"
|
|
269
|
+
else
|
|
270
|
+
cmd << "'#{url}?#{params.map { |e| e.join("=") }.join("&")}'"
|
|
271
|
+
end
|
|
272
|
+
|
|
273
|
+
cmd.join(" ")
|
|
236
274
|
end
|
|
275
|
+
end
|
|
237
276
|
|
|
238
|
-
|
|
239
|
-
cmd
|
|
240
|
-
cmd << "
|
|
241
|
-
|
|
242
|
-
cmd << "
|
|
243
|
-
|
|
244
|
-
cmd << "
|
|
245
|
-
|
|
277
|
+
def load_powershell_command
|
|
278
|
+
cmd = ["Invoke-WebRequest"]
|
|
279
|
+
cmd << "-Method #{http_method}"
|
|
280
|
+
# Missing connect-timeout
|
|
281
|
+
cmd << "-TimeoutSec #{open_timeout + read_timeout}"
|
|
282
|
+
# Insecure not supported simply https://stackoverflow.com/questions/11696944/powershell-v3-invoke-webrequest-https-error
|
|
283
|
+
cmd << "-MaximumRedirection #{max_redirects}" unless max_redirects.nil?
|
|
284
|
+
request_headers["Authorization"] = """ '\"Basic ' + [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(\"#{username}:#{password}\")) +'\"' """ unless username.nil? || password.nil?
|
|
285
|
+
request_header_string = nil
|
|
246
286
|
request_headers.each do |k, v|
|
|
247
|
-
|
|
287
|
+
request_header_string << " #{k} = #{v}"
|
|
248
288
|
end
|
|
249
|
-
|
|
289
|
+
cmd << "-Headers @{#{request_header_string.join(";")}}" unless request_header_string.nil?
|
|
250
290
|
if params.nil?
|
|
251
291
|
cmd << "'#{url}'"
|
|
252
292
|
else
|
|
253
293
|
cmd << "'#{url}?#{params.map { |e| e.join("=") }.join("&")}'"
|
|
254
294
|
end
|
|
255
|
-
|
|
256
|
-
|
|
295
|
+
command = cmd.join(" ")
|
|
296
|
+
body = "\'#{request_body}\'"
|
|
297
|
+
script = <<-EOH
|
|
298
|
+
$body = #{body.strip unless request_body.nil?}
|
|
299
|
+
$Body = $body | ConvertFrom-Json
|
|
300
|
+
#convert to hashtable
|
|
301
|
+
$HashTable = @{}
|
|
302
|
+
foreach ($property in $Body.PSObject.Properties) {
|
|
303
|
+
$HashTable[$property.Name] = $property.Value
|
|
304
|
+
}
|
|
305
|
+
$response = #{command} -Body $HashTable
|
|
306
|
+
$response | Select-Object -Property * | ConvertTo-json # We use `Select-Object -Property * ` to get around an odd PowerShell error
|
|
307
|
+
EOH
|
|
308
|
+
script.strip
|
|
257
309
|
end
|
|
258
310
|
end
|
|
259
311
|
end
|
data/lib/inspec/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.50.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chef InSpec Team
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-11-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: chef-telemetry
|