inspec-core 5.22.36 → 5.22.40
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/inspec/dependencies/dependency_set.rb +2 -2
- data/lib/inspec/dsl.rb +1 -1
- data/lib/inspec/profile.rb +2 -2
- data/lib/inspec/reporters/cli.rb +1 -1
- data/lib/inspec/rule.rb +14 -9
- data/lib/inspec/runner.rb +1 -1
- data/lib/inspec/utils/waivers/csv_file_reader.rb +1 -1
- data/lib/inspec/utils/waivers/excel_file_reader.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a95805ac2a4faab83d1826792a5d838caa5f1808fcc884e061cf3f7070ab6ef2
|
|
4
|
+
data.tar.gz: 984dfca55efec04f1e9b98ddfebf5be636b96a91c7fe7dc97f9ffb9789c60af3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fb6e20f346e0e5ab27878931b1396c10a633b99767472774299d92fce3ae2ccf01399cb100e5ae4566456039a3d814ac4148670da65b41563e72139d29551ed7
|
|
7
|
+
data.tar.gz: 0c9c665c3afb6d90121bf40ac00736a900955e0ea5955af58f7e56378d18eecfd7560f40e2cce049afd7156ecb495c77b1c58765c0e69f82bfd03e976c2f367f
|
|
@@ -26,7 +26,7 @@ module Inspec
|
|
|
26
26
|
dep_list = {}
|
|
27
27
|
dependencies.each do |d|
|
|
28
28
|
# if depedent profile does not have a source version then only name is used in dependency hash
|
|
29
|
-
key_name = (d.source_version.
|
|
29
|
+
key_name = ((d.source_version.nil? || d.source_version.empty?) ? "#{d.name}" : "#{d.name}-#{d.source_version}") rescue "#{d.name}"
|
|
30
30
|
dep_list[key_name] = d
|
|
31
31
|
end
|
|
32
32
|
new(cwd, cache, dep_list, backend)
|
|
@@ -42,7 +42,7 @@ module Inspec
|
|
|
42
42
|
dep_list = {}
|
|
43
43
|
dep_tree.each do |d|
|
|
44
44
|
# if depedent profile does not have a source version then only name is used in dependency hash
|
|
45
|
-
key_name = (d.source_version.
|
|
45
|
+
key_name = ((d.source_version.nil? || d.source_version.empty?) ? "#{d.name}" : "#{d.name}-#{d.source_version}") rescue "#{d.name}"
|
|
46
46
|
dep_list[key_name] = d
|
|
47
47
|
dep_list.merge!(flatten_dep_tree(d.dependencies))
|
|
48
48
|
end
|
data/lib/inspec/dsl.rb
CHANGED
|
@@ -95,7 +95,7 @@ module Inspec::DSL
|
|
|
95
95
|
# 1. Fetching VERSION from a profile dependency name which is in a format NAME-VERSION.
|
|
96
96
|
# 2. Matching original profile dependency name with profile name used with include or require control DSL.
|
|
97
97
|
source_version = value.source_version
|
|
98
|
-
unless source_version.
|
|
98
|
+
unless source_version.nil? || source_version.empty?
|
|
99
99
|
profile_id_key = key.split("-#{source_version}")[0]
|
|
100
100
|
new_profile_id = key if profile_id_key == profile_id
|
|
101
101
|
end
|
data/lib/inspec/profile.rb
CHANGED
|
@@ -248,7 +248,7 @@ module Inspec
|
|
|
248
248
|
## Find the waivers file
|
|
249
249
|
# - TODO: cli_opts and instance_variable_get could be exposed
|
|
250
250
|
waiver_paths = cfg.instance_variable_get(:@cli_opts)["waiver_file"]
|
|
251
|
-
if waiver_paths.
|
|
251
|
+
if waiver_paths.nil? || waiver_paths.empty?
|
|
252
252
|
Inspec::Log.error "Must use --waiver-file with --filter-waived-controls"
|
|
253
253
|
Inspec::UI.new.exit(:usage_error)
|
|
254
254
|
end
|
|
@@ -276,7 +276,7 @@ module Inspec
|
|
|
276
276
|
# be processed and rendered
|
|
277
277
|
tests.each do |control_filename, source_code|
|
|
278
278
|
cleared_tests = source_code.scan(/control\s+['"].+?['"].+?(?=(?:control\s+['"].+?['"])|\z)/m).collect do |element|
|
|
279
|
-
next if element.
|
|
279
|
+
next if element.nil? || element.empty?
|
|
280
280
|
|
|
281
281
|
if element&.match?(waived_control_id_regex)
|
|
282
282
|
splitlines = element.split("\n")
|
data/lib/inspec/reporters/cli.rb
CHANGED
data/lib/inspec/rule.rb
CHANGED
|
@@ -375,19 +375,24 @@ module Inspec
|
|
|
375
375
|
# only_if mechanism)
|
|
376
376
|
# Double underscore: not intended to be called as part of the DSL
|
|
377
377
|
def __apply_waivers
|
|
378
|
+
@__waiver_data = nil
|
|
378
379
|
control_id = @__rule_id # TODO: control ID slugging
|
|
379
|
-
waiver_files = Inspec::Config.cached.final_options["waiver_file"] if Inspec::Config.cached.respond_to?(:final_options)
|
|
380
380
|
|
|
381
|
-
|
|
381
|
+
waiver_files = Inspec::Config.cached.final_options["waiver_file"] if Inspec::Config.cached.respond_to?(:final_options)
|
|
382
|
+
unless waiver_files.nil? || waiver_files.empty?
|
|
383
|
+
waiver_data_by_profile = Inspec::WaiverFileReader.fetch_waivers_by_profile(__profile_id, waiver_files)
|
|
384
|
+
return unless waiver_data_by_profile && waiver_data_by_profile[control_id] && waiver_data_by_profile[control_id].is_a?(Hash)
|
|
382
385
|
|
|
383
|
-
|
|
386
|
+
@__waiver_data = waiver_data_by_profile[control_id]
|
|
387
|
+
else
|
|
388
|
+
# Support for input registry is provided for backward compatibilty with compliance phase of chef-client
|
|
389
|
+
# Chef-client sends waiver information in inputs hash
|
|
390
|
+
input_registry = Inspec::InputRegistry.instance
|
|
391
|
+
waiver_data_via_input = input_registry.inputs_by_profile.dig(__profile_id, control_id)
|
|
392
|
+
return unless waiver_data_via_input && waiver_data_via_input.has_value? && waiver_data_via_input.value.is_a?(Hash)
|
|
384
393
|
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
# log of each "set" event so that when it is collapsed to a value,
|
|
388
|
-
# it can determine the correct (highest priority) value.
|
|
389
|
-
# Store in an instance variable for.. later reading???
|
|
390
|
-
@__waiver_data = waiver_data_by_profile[control_id]
|
|
394
|
+
@__waiver_data = waiver_data_via_input.value
|
|
395
|
+
end
|
|
391
396
|
|
|
392
397
|
__waiver_data["skipped_due_to_waiver"] = false
|
|
393
398
|
__waiver_data["message"] = ""
|
data/lib/inspec/runner.rb
CHANGED
|
@@ -142,7 +142,7 @@ module Inspec
|
|
|
142
142
|
get_check_example(m, a, b)
|
|
143
143
|
end.compact
|
|
144
144
|
|
|
145
|
-
examples.map { |example| total_checks += example.
|
|
145
|
+
examples.map { |example| total_checks += example.descendant_filtered_examples.count }
|
|
146
146
|
|
|
147
147
|
unless control_describe_checks.empty?
|
|
148
148
|
# controls with empty tests are avoided
|
|
@@ -19,7 +19,7 @@ module Waivers
|
|
|
19
19
|
row_hash.delete("control_id")
|
|
20
20
|
row_hash.delete_if { |k, v| k.nil? || v.nil? }
|
|
21
21
|
|
|
22
|
-
waiver_data_hash[control_id] = row_hash if control_id && !row_hash.
|
|
22
|
+
waiver_data_hash[control_id] = row_hash if control_id && !(row_hash.nil? || row_hash.empty?)
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
waiver_data_hash
|
|
@@ -25,7 +25,7 @@ module Waivers
|
|
|
25
25
|
row_hash.delete_if { |k, v| k.nil? || v.nil? }
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
waiver_data_hash[control_id] = row_hash if control_id && !row_hash.
|
|
28
|
+
waiver_data_hash[control_id] = row_hash if control_id && !(row_hash.nil? || row_hash.empty?)
|
|
29
29
|
end
|
|
30
30
|
waiver_data_hash
|
|
31
31
|
rescue Exception => e
|
data/lib/inspec/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.22.
|
|
4
|
+
version: 5.22.40
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chef InSpec Team
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-01-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: chef-telemetry
|