inspec-core 5.17.4 → 5.18.14

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b31dbb074483f274162eeea0fde1b234cd19e1c65257e19f7d0bc2f46c375b70
-  data.tar.gz: 31756fedad66edc248e5ae7b1ca5ab08408f6d7d6e6ce6dfb9053d1323c1acac
+  metadata.gz: ba97ee3e25e02fba9b85f797fa1a773d2e8fa7628112be422d187c0e46cfce40
+  data.tar.gz: a82f51e5c6ba3e1db8c4580f92a33d91bcc2e0c2a8339850e1f168c1569b8818
 SHA512:
-  metadata.gz: e765163668a3799ae45fbe2a5ddd219832341c32b01b62422506324a62c44b99ad771f47c662be5abb1198fdd65969e2a038f54c5059841561edda42170f7631
-  data.tar.gz: bbbadea0724f15d1a67c895eab750eea1a660bfc2e65143af703f8b5a88eb9e0c9fde1f9c08356fd9e4b32d202d620902fbad8784618cc01eec866c20f5247c7
+  metadata.gz: beb78893376f0b92b9cf33741f8fab471f66dd328fa1f28c87b05737da7f73266327eded07ca67f0b91a747625dfcb61011b42c06a25914d01f727b07a962456
+  data.tar.gz: 193aeef4576e2af4466a176b80e107cd45fe0c0c0f6db290d17696cec1eb7dbf6b58b555bf8c0df4b9bb4a9d5aa8d26f542993b5be1d600a296c3ec50e531d09

data/Gemfile

@@ -29,7 +29,7 @@ group :test do
   gem "json_schemer", ">= 0.2.1", "< 0.2.19"
   gem "m"
   gem "minitest-sprint", "~> 1.0"
-  gem "minitest", "~> 5.5"
+  gem "minitest", "5.15.0"
   gem "mocha", "~> 1.1"
   gem "nokogiri", "~> 1.9"
   gem "pry-byebug"

data/etc/deprecations.json

@@ -121,6 +121,10 @@
     "cli_option_target_id":{
       "action": "warn",
       "prefix": "The --target-id option is deprecated in InSpec 5. Its value will be ignored."
+    },
+    "renamed_to_inspec_export":{
+      "action": "ignore",
+      "prefix": "The `inspec json` command is deprecated in InSpec 5 and replaced with `inspec export` command."
     }
   }
 }

data/inspec-core.gemspec

@@ -45,5 +45,5 @@ Gem::Specification.new do |spec|
   spec.add_dependency "semverse",           "~> 3.0"
   spec.add_dependency "multipart-post",     "~> 2.0"
 
-  spec.add_dependency "train-core", "~> 3.0"
+  spec.add_dependency "train-core", "~> 3.10"
 end

data/lib/inspec/base_cli.rb

@@ -138,6 +138,8 @@ module Inspec
         desc: "Provides path to Docker API endpoint (Docker)"
       option :ssh_config_file, type: :array,
         desc: "A list of paths to the ssh config file, e.g ~/.ssh/config or /etc/ssh/ssh_config"
+      option :podman_url, type: :string,
+        desc: "Provides path to Podman API endpoint"
     end
 
     def self.profile_options
@@ -323,6 +325,9 @@ module Inspec
 
     def pretty_handle_exception(exception)
       case exception
+      when Inspec::InvalidProfileSignature
+        $stderr.puts exception.message
+        Inspec::UI.new.exit(:bad_signature)
       when Inspec::Error
         $stderr.puts exception.message
         exit(1)

data/lib/inspec/cli.rb

@@ -5,6 +5,7 @@ require "inspec/dist"
 require "inspec/backend"
 require "inspec/dependencies/cache"
 require "inspec/utils/json_profile_summary"
+require "inspec/utils/yaml_profile_summary"
 
 module Inspec # TODO: move this somewhere "better"?
   autoload :BaseCLI,       "inspec/base_cli"
@@ -69,25 +70,77 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     desc: "A list of tags to filter controls and include only those. Ignore all other tests."
   profile_options
   def json(target)
-    require "json" unless defined?(JSON)
+    # This deprecation warning is ignored currently.
+    Inspec.deprecate(:renamed_to_inspec_export)
+    export(target, true)
+  end
 
+  desc "export PATH", "read the profile in PATH and generate a summary in the given format."
+  option :what, type: :string,
+    desc: "What to export: profile (default), readme, metadata."
+  option :format, type: :string,
+    desc: "The output format to use: json, raw, yaml. If valid format is not provided then it will use the default for the given 'what'."
+  option :output, aliases: :o, type: :string,
+    desc: "Save the created output to a path"
+  option :controls, type: :array,
+    desc: "For --what=profile, a list of controls to include. Ignore all other tests."
+  option :tags, type: :array,
+    desc: "For --what=profile, a list of tags to filter controls and include only those. Ignore all other tests."
+  profile_options
+  def export(target, as_json = false)
     o = config
     diagnose(o)
     o["log_location"] = $stderr
     configure_logger(o)
 
+    # using dup to resolve "can't modify frozen String" error.
+    what = o[:what].dup || "profile"
+    what.downcase!
+    raise Inspec::Error.new("Unrecognized option '#{what}' for --what - expected one of profile, readme, or metadata.") unless %w{profile readme metadata}.include?(what)
+
+    default_format_for_what = {
+      "profile" => "yaml",
+      "metadata" => "raw",
+      "readme" => "raw",
+    }
+    valid_formats_for_what = {
+      "profile" => %w{yaml json},
+      "metadata" => %w{yaml raw}, # not going to argue
+      "readme" => ["raw"],
+    }
+    format = o[:format] || default_format_for_what[what]
+    # default is json if we were called as old json command
+    format = "json" if as_json
+    raise Inspec::Error.new("Invalid option '#{format}' for --format and --what combination") unless format && valid_formats_for_what[what].include?(format)
+
     o[:backend] = Inspec::Backend.create(Inspec::Config.mock)
     o[:check_mode] = true
     o[:vendor_cache] = Inspec::Cache.new(o[:vendor_cache])
-
     profile = Inspec::Profile.for_target(target, o)
     dst = o[:output].to_s
 
-    # Write JSON
-    Inspec::Utils::JsonProfileSummary.produce_json(
-      info: profile.info,
-      write_path: dst
-    )
+    case what
+    when "profile"
+      if format == "json"
+        require "json" unless defined?(JSON)
+        # Write JSON
+        Inspec::Utils::JsonProfileSummary.produce_json(
+          info: profile.info,
+          write_path: dst
+        )
+      elsif format == "yaml"
+        Inspec::Utils::YamlProfileSummary.produce_yaml(
+          info: profile.info,
+          write_path: dst
+        )
+      end
+    when "readme"
+      out = dst.empty? ? $stdout : File.open(dst, "w")
+      out.write(profile.readme)
+    when "metadata"
+      out = dst.empty? ? $stdout : File.open(dst, "w")
+      out.write(profile.metadata_src)
+    end
   rescue StandardError => e
     pretty_handle_exception(e)
   end
@@ -189,12 +242,12 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     desc: "Fallback to using local archives if fetching fails."
   option :ignore_errors, type: :boolean, default: false,
     desc: "Ignore profile warnings."
-  def archive(path)
+  def archive(path, log_level = nil)
     o = config
     diagnose(o)
 
     o[:logger] = Logger.new($stdout)
-    o[:logger].level = get_log_level(o[:log_level])
+    o[:logger].level = get_log_level(log_level || o[:log_level])
     o[:backend] = Inspec::Backend.create(Inspec::Config.mock)
 
     # Force vendoring with overwrite when archiving

data/lib/inspec/dependencies/dependency_set.rb

@@ -25,7 +25,9 @@ module Inspec
     def self.from_array(dependencies, cwd, cache, backend)
       dep_list = {}
       dependencies.each do |d|
-        dep_list[d.name] = d
+        # if depedent profile does not have a source version then only name is used in dependency hash
+        key_name = (d.source_version ? "#{d.name}-#{d.source_version}" : "#{d.name}") rescue "#{d.name}"
+        dep_list[key_name] = d
       end
       new(cwd, cache, dep_list, backend)
     end
@@ -39,7 +41,9 @@ module Inspec
     def self.flatten_dep_tree(dep_tree)
       dep_list = {}
       dep_tree.each do |d|
-        dep_list[d.name] = d
+        # if depedent profile does not have a source version then only name is used in dependency hash
+        key_name = (d.source_version ? "#{d.name}-#{d.source_version}" : "#{d.name}") rescue d.name
+        dep_list[key_name] = d
         dep_list.merge!(flatten_dep_tree(d.dependencies))
       end
       dep_list

data/lib/inspec/dsl.rb

@@ -6,13 +6,13 @@ require "inspec/utils/deprecated_cloud_resources_list"
 module Inspec::DSL
   attr_accessor :backend
 
-  def require_controls(id, &block)
-    opts = { profile_id: id, include_all: false, backend: @backend, conf: @conf, dependencies: @dependencies }
+  def require_controls(id, version = nil, &block)
+    opts = { profile_id: id, include_all: false, backend: @backend, conf: @conf, dependencies: @dependencies, profile_version: version }
     ::Inspec::DSL.load_spec_files_for_profile(self, opts, &block)
   end
 
-  def include_controls(id, &block)
-    opts = { profile_id: id, include_all: true, backend: @backend, conf: @conf, dependencies: @dependencies }
+  def include_controls(id, version = nil, &block)
+    opts = { profile_id: id, include_all: true, backend: @backend, conf: @conf, dependencies: @dependencies, profile_version: version }
     ::Inspec::DSL.load_spec_files_for_profile(self, opts, &block)
   end
 
@@ -85,7 +85,20 @@ module Inspec::DSL
   def self.load_spec_files_for_profile(bind_context, opts, &block)
     dependencies = opts[:dependencies]
     profile_id = opts[:profile_id]
-    dep_entry = dependencies.list[profile_id]
+    profile_version = opts[:profile_version]
+
+    new_profile_id = nil
+    if profile_version
+      new_profile_id = "#{profile_id}-#{profile_version}"
+    else
+      dependencies.list.keys.each do |key|
+        # If dep profile does not contain a source version, key does not contain a version as well. In that case new_profile_id will be always nil and instead profile_id would be used to fetch profile from dependency list.
+        profile_id_key = key.split("-")
+        profile_id_key.pop
+        new_profile_id = key if profile_id_key.join("-") == profile_id
+      end
+    end
+    dep_entry = new_profile_id ? dependencies.list[new_profile_id] : dependencies.list[profile_id]
 
     if dep_entry.nil?
       raise <<~EOF

data/lib/inspec/errors.rb

@@ -22,4 +22,6 @@ module Inspec
     attr_accessor :gem_name
     attr_accessor :version
   end
+
+  class InvalidProfileSignature < Error; end
 end

data/lib/inspec/exceptions.rb

@@ -8,5 +8,7 @@ module Inspec
     class ResourceFailed < StandardError; end
     class ResourceSkipped < StandardError; end
     class SecretsBackendNotFound < ArgumentError; end
+    class ProfileValidationKeyNotFound < ArgumentError; end
+    class ProfileSigningKeyNotFound < ArgumentError; end
   end
 end

data/lib/inspec/fetcher/url.rb

@@ -262,7 +262,7 @@ module Inspec::Fetcher
 
       open(target, opts)
 
-    rescue SocketError, Errno::ECONNREFUSED, OpenURI::HTTPError => e
+    rescue SocketError, Net::OpenTimeout, Errno::ECONNREFUSED, OpenURI::HTTPError => e
       raise Inspec::FetcherFailure, "Profile URL dependency #{target} could not be fetched: #{e.message}"
     end
 

data/lib/inspec/file_provider.rb

@@ -2,6 +2,7 @@ require "rubygems/package" unless defined?(Gem::Package)
 require "pathname" unless defined?(Pathname)
 require "zlib" unless defined?(Zlib)
 require "zip" unless defined?(Zip)
+require "inspec/iaf_file"
 
 module Inspec
   class FileProvider
@@ -14,6 +15,13 @@ module Inspec
         TarProvider.new(path)
       elsif File.exist?(path) && path.end_with?(".zip")
         ZipProvider.new(path)
+      elsif File.exist?(path) && path.end_with?(".iaf")
+        iaf_file = IafFile.new(path)
+        if iaf_file.valid?
+          IafProvider.new(path)
+        else
+          raise Inspec::InvalidProfileSignature, "Profile signature is invalid."
+        end
       elsif File.exist?(path)
         DirProvider.new(path)
       else
@@ -216,6 +224,34 @@ module Inspec
     end
   end # class TarProvider
 
+  class IafProvider < TarProvider
+    attr_reader :files
+
+    def initialize(path)
+      f = File.open(path, "rb")
+      version = f.readline.strip!
+      if version == "INSPEC-PROFILE-1"
+        while f.readline != "\n" do end
+        content = f.read
+        f.close
+      elsif version == "INSPEC-PROFILE-2"
+        f.readline.strip!
+        content = f.read
+        f.close
+        content = content.slice(490, content.length).lstrip
+      else
+        raise Inspec::InvalidProfileSignature, "Unrecognized IAF version."
+      end
+
+      tmpfile = nil
+      Dir.mktmpdir do |workdir|
+        tmpfile = Pathname.new(workdir).join("temp_profile.tar.gz")
+        File.open(tmpfile, "wb") { |fl| fl.write(content) }
+        super(tmpfile)
+      end
+    end
+  end # class IafProvider
+
   class RelativeFileProvider
     BLACKLIST_FILES = [
       "/pax_global_header",

data/lib/inspec/iaf_file.rb

@@ -0,0 +1,127 @@
+require "base64" unless defined?(Base64)
+require "openssl" unless defined?(OpenSSL)
+require "set" unless defined?(Set)
+require "uri" unless defined?(URI)
+
+module Inspec
+  class IafFile
+    KEY_ALG = OpenSSL::PKey::RSA
+    INSPEC_PROFILE_VERSION_1 = "INSPEC-PROFILE-1".freeze
+    INSPEC_PROFILE_VERSION_2 = "INSPEC-PROFILE-2".freeze
+
+    ARTIFACT_DIGEST = OpenSSL::Digest::SHA512
+    ARTIFACT_DIGEST_NAME = "SHA512".freeze
+
+    VALID_PROFILE_VERSIONS = Set.new [INSPEC_PROFILE_VERSION_1, INSPEC_PROFILE_VERSION_2]
+    VALID_PROFILE_DIGESTS = Set.new [ARTIFACT_DIGEST_NAME]
+
+    def self.find_validation_key(keyname)
+      [
+        ".",
+        File.join(Inspec.config_dir, "keys"),
+        File.join(Inspec.src_root, "etc", "keys"),
+      ].each do |path|
+        filename = File.join(path, "#{keyname}.pem.pub")
+        return filename if File.exist?(filename)
+      rescue ArgumentError => e
+        puts e
+        raise Inspec::Exceptions::ProfileValidationKeyNotFound.new("Validation key #{keyname} not found")
+      end
+
+      # Retry if we can fetch it from github
+      return find_validation_key(keyname) if fetch_validation_key_from_github(keyname)
+
+      raise Inspec::Exceptions::ProfileValidationKeyNotFound.new("Validation key #{keyname} not found")
+    end
+
+    def self.find_signing_key(keyname)
+      [".", File.join(Inspec.config_dir, "keys")].each do |path|
+        filename = File.join(path, "#{keyname}.pem.key")
+        return filename if File.exist?(filename)
+      end
+      raise Inspec::Exceptions::ProfileSigningKeyNotFound.new("Signing key #{keyname} not found")
+    end
+
+    def self.fetch_validation_key_from_github(keyname)
+      URI.open("https://raw.githubusercontent.com/inspec/inspec/main/etc/keys/#{keyname}.pem.pub") do |r|
+        puts "Fetching validation key '#{keyname}' from github"
+        dir = File.join(Inspec.config_dir, "keys")
+        FileUtils.mkdir_p dir
+        key_file = File.join(dir, "#{keyname}.pem.pub")
+        File.open(key_file, "w") do |f|
+          r.each_line do |line|
+            f.puts line
+          end
+        end
+      end
+      true
+    rescue OpenURI::HTTPError
+      false
+    end
+
+    attr_reader :key_name, :version
+
+    def initialize(path)
+      @path = path
+      @key_name = nil
+    end
+
+    def valid?
+      header = []
+      valid = true
+      f = File.open(@path, "rb")
+      @version = f.readline.strip!
+      if version == INSPEC_PROFILE_VERSION_1
+        header << version
+        header << f.readline.strip!
+        header << f.readline.strip!
+
+        file_sig = ""
+        # the signature is multi-line
+        while (line = f.readline) != "\n"
+          file_sig += line
+        end
+        header << file_sig.strip!
+        f.close
+
+        f = File.open(@path, "rb")
+        while f.readline != "\n" do end
+        content = f.read
+        f.close
+      elsif version == INSPEC_PROFILE_VERSION_2
+        header << version
+        header << f.readline.strip!
+        content = f.read
+        f.close
+
+        header_content = content.unpack("h*").pack("H*")
+        header << header_content.slice(0, 100).rstrip
+        header << header_content.slice(100, 20).rstrip
+        header << header_content.slice(120, 370).rstrip + "\n" # \n at the end is require in this field
+        content = content.slice(490, content.length).lstrip
+      else
+        valid = false
+      end
+
+      @key_name = header[2]
+      validation_key_path = Inspec::IafFile.find_validation_key(@key_name)
+
+      unless valid_header?(header)
+        valid = false
+      end
+
+      verification_key = KEY_ALG.new File.read validation_key_path
+      signature = Base64.decode64(header[4])
+      digest = ARTIFACT_DIGEST.new
+      unless verification_key.verify digest, signature, content
+        valid = false
+      end
+
+      valid
+    end
+
+    def valid_header?(header)
+      VALID_PROFILE_VERSIONS.member?(header[0]) && VALID_PROFILE_DIGESTS.member?(header[3])
+    end
+  end
+end

data/lib/inspec/profile.rb

@@ -350,22 +350,24 @@ module Inspec
     def load_libraries
       return @runner_context if @libraries_loaded
 
-      locked_dependencies.dep_list.each_with_index do |(_name, dep), i|
+      locked_dependencies.dep_list.each_with_index do |(_name, dep), index|
         d = dep.profile
         # this will force a dependent profile load so we are only going to add
         # this metadata if the parent profile is supported.
         if @supports_platform && !d.supports_platform?
           # since ruby 1.9 hashes are ordered so we can just use index values here
           # TODO: NO! this is a violation of encapsulation to an extreme
-          metadata.dependencies[i][:status] = "skipped"
-          msg = "Skipping profile: '#{d.name}' on unsupported platform: '#{d.backend.platform.name}/#{d.backend.platform.release}'."
-          metadata.dependencies[i][:status_message] = msg
-          metadata.dependencies[i][:skip_message] = msg # Repeat as skip_message for backward compatibility
+          if metadata.dependencies[index]
+            metadata.dependencies[index][:status] = "skipped"
+            msg = "Skipping profile: '#{d.name}' on unsupported platform: '#{d.backend.platform.name}/#{d.backend.platform.release}'."
+            metadata.dependencies[index][:status_message] = msg
+            metadata.dependencies[index][:skip_message] = msg # Repeat as skip_message for backward compatibility
+          end
           next
-        elsif metadata.dependencies[i]
+        elsif metadata.dependencies[index]
           # Currently wrapper profiles will load all dependencies, and then we
           # load them again when we dive down. This needs to be re-done.
-          metadata.dependencies[i][:status] = "loaded"
+          metadata.dependencies[index][:status] = "loaded"
         end
 
         # rubocop:disable Layout/ExtraSpacing
@@ -746,6 +748,14 @@ module Inspec
       @source_reader.target.files
     end
 
+    def readme
+      @source_reader.readme&.values&.first
+    end
+
+    def metadata_src
+      @source_reader.metadata_src
+    end
+
     #
     # TODO(ssd): Relative path handling really needs to be carefully
     # thought through, especially with respect to relative paths in

data/lib/inspec/resources/aide_conf.rb

@@ -48,6 +48,10 @@ module Inspec::Resources
 
     filter.install_filter_methods_on_resource(self, :params)
 
+    def resource_id
+      @conf_path || "aide_conf"
+    end
+
     def to_s
       "AIDE Config"
     end

data/lib/inspec/resources/apache.rb

@@ -40,6 +40,10 @@ module Inspec::Resources
       end
     end
 
+    def resource_id
+      @conf_path || "apache"
+    end
+
     def to_s
       "Apache Environment"
     end

data/lib/inspec/resources/apache_conf.rb

@@ -124,6 +124,10 @@ module Inspec::Resources
       @params["ServerRoot"] || @params["serverroot"]
     end
 
+    def resource_id
+      @conf_path || "apache_conf"
+    end
+
     def to_s
       "Apache Config #{conf_path}"
     end

data/lib/inspec/resources/apt.rb

@@ -39,10 +39,11 @@ module Inspec::Resources
     EXAMPLE
 
     def initialize(ppa_name)
+      @ppa_name = ppa_name
       @deb_url = nil
       # check if the os is ubuntu or debian
       if inspec.os.debian?
-        @deb_url = determine_ppa_url(ppa_name)
+        @deb_url = determine_ppa_url(@ppa_name)
       else
         # this resource is only supported on ubuntu and debian
         skip_resource "The `apt` resource is not supported on your OS yet."
@@ -61,6 +62,10 @@ module Inspec::Resources
       actives.size == 1 && actives[0] = true
     end
 
+    def resource_id
+      @deb_url || @ppa_name || "apt repository"
+    end
+
     def to_s
       "Apt Repository #{@deb_url}"
     end

data/lib/inspec/resources/audit_policy.rb

@@ -57,6 +57,11 @@ module Inspec::Resources
       values
     end
 
+    # Since this resource does not have any unique identifier for resource, sending the Auditpol command as UUID.
+    def resource_id
+      "audit_policy"
+    end
+
     def to_s
       "Audit Policy"
     end

data/lib/inspec/resources/auditd_conf.rb

@@ -27,6 +27,10 @@ module Inspec::Resources
       read_params[name.to_s]
     end
 
+    def resource_id
+      @conf_path || "auditd_conf"
+    end
+
     def to_s
       "Audit Daemon Config"
     end

data/lib/inspec/resources/bash.rb

@@ -28,6 +28,10 @@ module Inspec::Resources
       super(CommandWrapper.wrap(command, options))
     end
 
+    def resource_id
+      @raw_command || "bash"
+    end
+
     def to_s
       "Bash command #{@raw_command}"
     end

data/lib/inspec/resources/bond.rb

@@ -63,6 +63,10 @@ module Inspec::Resources
       params["Bonding Mode"].first
     end
 
+    def resource_id
+      @path || "bond"
+    end
+
     def to_s
       "Bond #{@bond}"
     end

data/lib/inspec/resources/bridge.rb

@@ -45,6 +45,10 @@ module Inspec::Resources
       bridge_info.nil? ? nil : bridge_info[:interfaces]
     end
 
+    def resource_id
+      @bridge_name || "bridge"
+    end
+
     def to_s
       "Bridge #{@bridge_name}"
     end

data/lib/inspec/resources/cassandradb_conf.rb

@@ -31,6 +31,11 @@ module Inspec::Resources
       super(@conf_path)
     end
 
+    # if system unables to determine the cassandra conf path the @conf_path can be nil so in that case sending "" string as resource_id
+    def resource_id
+      @conf_path || "cassandradb_conf"
+    end
+
     private
 
     def parse(content)

data/lib/inspec/resources/cassandradb_session.rb

@@ -1,10 +1,11 @@
 module Inspec::Resources
   class Lines
-    attr_reader :output
+    attr_reader :output, :exit_status
 
-    def initialize(raw, desc)
+    def initialize(raw, desc, exit_status)
       @output = raw
       @desc = desc
+      @exit_status = exit_status
     end
 
     def to_s
@@ -40,10 +41,14 @@ module Inspec::Resources
       if cmd.exit_status != 0 || out =~ /Unable to connect to any servers/ || out.downcase =~ /^error:.*/
         raise Inspec::Exceptions::ResourceFailed, "Cassandra query with errors: #{out}"
       else
-        Lines.new(cmd.stdout.strip, "Cassandra query: #{q}")
+        Lines.new(cmd.stdout.strip, "Cassandra query: #{q}", cmd.exit_status)
       end
     end
 
+    def resource_id
+      "cassandradb_session:User:#{@user}:Host:#{host}"
+    end
+
     def to_s
       "Cassandra DB Session"
     end

data/lib/inspec/resources/chocolatey_package.rb

@@ -45,6 +45,10 @@ module Inspec::Resources
       end
     end
 
+    def resource_id
+      @package_name || "chocolatey_package"
+    end
+
     def to_s
       "Chocolatey package #{package_name}"
     end