inspec-core 4.49.0 → 4.50.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 31dcab9ba9621f43755fc390ad061c08b7e6ab19466d26a38921d33960e1bbf5
4
- data.tar.gz: eecdf0ec772ef012bfbf5185b379c47dd008fe902b9e91d4feee6979b0294c0f
3
+ metadata.gz: 506be4d9918c8af46f6b3784e8a18550cee990ad73c7c731bb1afea7197c5370
4
+ data.tar.gz: b48fa274325e96ac07185653b2eeb997ed5ea6fa39f570b0400706331a3b4d52
5
5
  SHA512:
6
- metadata.gz: 1059703ad59c2bf7c213a0914f94a8852cc550b1d305f634e07a08b364edae5c0f550927a8bcec9e712cd313949388082fdebf5c3164147ef12c21df952281b9
7
- data.tar.gz: 1d4e6e64b8851c40349b7d696d46904fa73c0683d19c70afaa942a4c4bef4591a3ed4d7ec2c89aa5f7717da70617d70f182a7e9b894338da77592231b4c62234
6
+ metadata.gz: 4eb19bed92e35c49395e513e263f3afdb3f59abcf873b88f0c7dc07775a64c4e6aea3db57f069b19be73e9aa92de106db95ecb4b60fc3fc4c5b080f4fc97df6c
7
+ data.tar.gz: e8eac56320e4c0e36078bdcef95dde1b6ec710d7bfdba1bbd4f8301ee0f5799c5a913f96edc5c31ba78c2dcc3647e671454b30ac430729943a0dca071191aa63
data/lib/inspec/cli.rb CHANGED
@@ -122,8 +122,13 @@ class Inspec::InspecCLI < Inspec::BaseCLI
122
122
  end
123
123
  puts
124
124
 
125
+ enable_offenses = !Inspec.locally_windows? # See 5723
125
126
  if result[:errors].empty? && result[:warnings].empty? && result[:offenses].empty?
126
- ui.plain_line("No errors, warnings, or offenses")
127
+ if enable_offenses
128
+ ui.plain_line("No errors, warnings, or offenses")
129
+ else
130
+ ui.plain_line("No errors or warnings")
131
+ end
127
132
  else
128
133
  item_msg = lambda { |item|
129
134
  pos = [item[:file], item[:line], item[:column]].compact.join(":")
@@ -135,7 +140,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
135
140
 
136
141
  puts
137
142
 
138
- unless result[:offenses].empty?
143
+ if enable_offenses && !result[:offenses].empty?
139
144
  puts "Offenses:\n"
140
145
  result[:offenses].each { |item| ui.cyan(" #{Inspec::UI::GLYPHS[:script_x]} #{item_msg.call(item)}\n\n") }
141
146
  end
@@ -143,7 +148,11 @@ class Inspec::InspecCLI < Inspec::BaseCLI
143
148
  offenses = ui.cyan("#{result[:offenses].length} offenses", print: false)
144
149
  errors = ui.red("#{result[:errors].length} errors", print: false)
145
150
  warnings = ui.yellow("#{result[:warnings].length} warnings", print: false)
146
- ui.plain_line("Summary: #{errors}, #{warnings}, #{offenses}")
151
+ if enable_offenses
152
+ ui.plain_line("Summary: #{errors}, #{warnings}, #{offenses}")
153
+ else
154
+ ui.plain_line("Summary: #{errors}, #{warnings}")
155
+ end
147
156
  end
148
157
  end
149
158
 
@@ -18,4 +18,9 @@ module Inspec
18
18
  require "etc" unless defined?(Etc)
19
19
  Etc.getpwuid.dir
20
20
  end
21
+
22
+ def self.locally_windows?
23
+ require "rbconfig" unless defined?(RbConfig)
24
+ RbConfig::CONFIG["host_os"] =~ /mswin|mingw|cygwin/
25
+ end
21
26
  end
@@ -450,6 +450,8 @@ module Inspec
450
450
 
451
451
  def cookstyle_linting_check
452
452
  msgs = []
453
+ return msgs if Inspec.locally_windows? # See #5723
454
+
453
455
  output = cookstyle_rake_output.split("Offenses:").last
454
456
  msgs = output.split("\n").select { |x| x =~ /[A-Z]:/ } unless output.nil?
455
457
  msgs
@@ -11,6 +11,7 @@ module Inspec::Resources
11
11
  class Http < Inspec.resource(1)
12
12
  name "http"
13
13
  supports platform: "unix"
14
+ supports platform: "windows"
14
15
  desc "Use the http InSpec audit resource to test http call."
15
16
  example <<~EXAMPLE
16
17
  describe http('http://localhost:8080/ping', auth: {user: 'user', pass: 'test'}, params: {format: 'html'}) do
@@ -104,6 +105,7 @@ module Inspec::Resources
104
105
  opts[:data]
105
106
  end
106
107
 
108
+ # not supported on Windows
107
109
  def open_timeout
108
110
  opts.fetch(:open_timeout, 60)
109
111
  end
@@ -117,7 +119,7 @@ module Inspec::Resources
117
119
  end
118
120
 
119
121
  def max_redirects
120
- opts.fetch(:max_redirects, 0)
122
+ opts.fetch(:max_redirects, nil)
121
123
  end
122
124
  end
123
125
 
@@ -141,7 +143,7 @@ module Inspec::Resources
141
143
 
142
144
  conn = Faraday.new(url: url, headers: request_headers, params: params, ssl: { verify: ssl_verify? }) do |builder|
143
145
  builder.request :url_encoded
144
- builder.use FaradayMiddleware::FollowRedirects, limit: max_redirects if max_redirects > 0
146
+ builder.use FaradayMiddleware::FollowRedirects, limit: max_redirects unless max_redirects.nil?
145
147
  builder.adapter Faraday.default_adapter
146
148
  end
147
149
 
@@ -162,98 +164,148 @@ module Inspec::Resources
162
164
  attr_reader :inspec
163
165
 
164
166
  def initialize(inspec, http_method, url, opts)
165
- unless inspec.command("curl").exist?
167
+ http_cmd = inspec.os.windows? ? "Invoke-WebRequest" : "curl"
168
+ unless inspec.command(http_cmd).exist?
166
169
  raise Inspec::Exceptions::ResourceSkipped,
167
- "curl is not available on the target machine"
170
+ "#{http_cmd} is not available on the target machine"
168
171
  end
169
-
170
- @ran_curl = false
172
+ @ran_http = false
171
173
  @inspec = inspec
172
174
  super(http_method, url, opts)
173
175
  end
174
176
 
175
177
  def status
176
- run_curl
178
+ run_http
177
179
  @status
178
180
  end
179
181
 
180
182
  def body
181
- run_curl
183
+ run_http
182
184
  @body&.strip
183
185
  end
184
186
 
185
187
  def response_headers
186
- run_curl
188
+ run_http
187
189
  @response_headers
188
190
  end
189
191
 
190
192
  private
191
193
 
192
- def run_curl
193
- return if @ran_curl
194
+ def run_http
195
+ return if @ran_http
194
196
 
195
- cmd_result = inspec.command(curl_command)
197
+ cmd_result = inspec.command(http_command)
196
198
  response = cmd_result.stdout
197
- @ran_curl = true
199
+ @ran_http = true
198
200
  return if response.nil? || cmd_result.exit_status != 0
199
201
 
200
- # strip any carriage returns to normalize output
201
- response.delete!("\r")
202
+ if inspec.os.windows?
203
+ response = JSON.parse(response)
202
204
 
203
- # split the prelude (status line and headers) and the body
204
- prelude, remainder = response.split("\n\n", 2)
205
- loop do
206
- break unless remainder =~ %r{^HTTP/}
205
+ @status = response["StatusCode"]
206
+ @body = response["Content"]
207
207
 
208
- prelude, remainder = remainder.split("\n\n", 2)
209
- end
210
- @body = remainder
211
- prelude = prelude.lines
212
-
213
- # grab the status off of the first line of the prelude
214
- status_line = prelude.shift
215
- @status = status_line.split(" ", 3)[1].to_i
216
-
217
- # parse the rest of the prelude which will be all the HTTP headers
218
- @response_headers = {}
219
- prelude.each do |line|
220
- line.strip!
221
- key, value = line.split(":", 2)
222
- @response_headers[key] = value.strip
208
+ @response_headers = {}
209
+ response["Headers"].each do |name, value|
210
+ @response_headers["#{name}"] = value
211
+ end
212
+ else
213
+ # strip any carriage returns to normalize output
214
+ response.delete!("\r")
215
+
216
+ # split the prelude (status line and headers) and the body
217
+ prelude, remainder = response.split("\n\n", 2)
218
+ loop do
219
+ break unless remainder =~ %r{^HTTP/}
220
+
221
+ prelude, remainder = remainder.split("\n\n", 2)
222
+ end
223
+ @body = remainder
224
+ prelude = prelude.lines
225
+
226
+ # grab the status off of the first line of the prelude
227
+ status_line = prelude.shift
228
+ @status = status_line.split(" ", 3)[1].to_i
229
+
230
+ # parse the rest of the prelude which will be all the HTTP headers
231
+ @response_headers = {}
232
+ prelude.each do |line|
233
+ line.strip!
234
+ key, value = line.split(":", 2)
235
+ @response_headers[key] = value.strip
236
+ end
223
237
  end
224
238
  end
225
239
 
226
- def curl_command # rubocop:disable Metrics/AbcSize
227
- cmd = ["curl -i"]
228
-
229
- # Use curl's --head option when the method requested is HEAD. Otherwise,
230
- # the user may experience a timeout when curl does not properly close
231
- # the connection after the response is received.
232
- if http_method.casecmp("HEAD") == 0
233
- cmd << "--head"
240
+ def http_command # rubocop:disable Metrics/AbcSize
241
+ if inspec.os.windows?
242
+ load_powershell_command
234
243
  else
235
- cmd << "-X #{http_method}"
244
+ cmd = ["curl -i"]
245
+
246
+ # Use curl's --head option when the method requested is HEAD. Otherwise,
247
+ # the user may experience a timeout when curl does not properly close
248
+ # the connection after the response is received.
249
+ if http_method.casecmp("HEAD") == 0
250
+ cmd << "--head"
251
+ else
252
+ cmd << "-X #{http_method}"
253
+ end
254
+
255
+ cmd << "--connect-timeout #{open_timeout}"
256
+ cmd << "--max-time #{open_timeout + read_timeout}"
257
+ cmd << "--user \'#{username}:#{password}\'" unless username.nil? || password.nil?
258
+ cmd << "--insecure" unless ssl_verify?
259
+ cmd << "--data #{Shellwords.shellescape(request_body)}" unless request_body.nil?
260
+ cmd << "--location" unless max_redirects.nil?
261
+ cmd << "--max-redirs #{max_redirects}" unless max_redirects.nil?
262
+
263
+ request_headers.each do |k, v|
264
+ cmd << "-H '#{k}: #{v}'"
265
+ end
266
+
267
+ if params.nil?
268
+ cmd << "'#{url}'"
269
+ else
270
+ cmd << "'#{url}?#{params.map { |e| e.join("=") }.join("&")}'"
271
+ end
272
+
273
+ cmd.join(" ")
236
274
  end
275
+ end
237
276
 
238
- cmd << "--connect-timeout #{open_timeout}"
239
- cmd << "--max-time #{open_timeout + read_timeout}"
240
- cmd << "--user \'#{username}:#{password}\'" unless username.nil? || password.nil?
241
- cmd << "--insecure" unless ssl_verify?
242
- cmd << "--data #{Shellwords.shellescape(request_body)}" unless request_body.nil?
243
- cmd << "--location" if max_redirects > 0
244
- cmd << "--max-redirs #{max_redirects}" if max_redirects > 0
245
-
277
+ def load_powershell_command
278
+ cmd = ["Invoke-WebRequest"]
279
+ cmd << "-Method #{http_method}"
280
+ # Missing connect-timeout
281
+ cmd << "-TimeoutSec #{open_timeout + read_timeout}"
282
+ # Insecure not supported simply https://stackoverflow.com/questions/11696944/powershell-v3-invoke-webrequest-https-error
283
+ cmd << "-MaximumRedirection #{max_redirects}" unless max_redirects.nil?
284
+ request_headers["Authorization"] = """ '\"Basic ' + [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(\"#{username}:#{password}\")) +'\"' """ unless username.nil? || password.nil?
285
+ request_header_string = nil
246
286
  request_headers.each do |k, v|
247
- cmd << "-H '#{k}: #{v}'"
287
+ request_header_string << " #{k} = #{v}"
248
288
  end
249
-
289
+ cmd << "-Headers @{#{request_header_string.join(";")}}" unless request_header_string.nil?
250
290
  if params.nil?
251
291
  cmd << "'#{url}'"
252
292
  else
253
293
  cmd << "'#{url}?#{params.map { |e| e.join("=") }.join("&")}'"
254
294
  end
255
-
256
- cmd.join(" ")
295
+ command = cmd.join(" ")
296
+ body = "\'#{request_body}\'"
297
+ script = <<-EOH
298
+ $body = #{body.strip unless request_body.nil?}
299
+ $Body = $body | ConvertFrom-Json
300
+ #convert to hashtable
301
+ $HashTable = @{}
302
+ foreach ($property in $Body.PSObject.Properties) {
303
+ $HashTable[$property.Name] = $property.Value
304
+ }
305
+ $response = #{command} -Body $HashTable
306
+ $response | Select-Object -Property * | ConvertTo-json # We use `Select-Object -Property * ` to get around an odd PowerShell error
307
+ EOH
308
+ script.strip
257
309
  end
258
310
  end
259
311
  end
@@ -1,3 +1,3 @@
1
1
  module Inspec
2
- VERSION = "4.49.0".freeze
2
+ VERSION = "4.50.3".freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.49.0
4
+ version: 4.50.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chef InSpec Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-10-25 00:00:00.000000000 Z
11
+ date: 2021-11-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-telemetry