inspec-core 5.22.65 → 5.22.72

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5a7f8456410caebef0bb3dfdad7df4d9aac0e72d33effef12d1581c919be2e54
-  data.tar.gz: ca21ae25ee3c9d43e1820d45663b6232e0be0dd3c336305acf15628c1cc68c37
+  metadata.gz: 1561e49537c4bd8b615a78d099d922a0915c71429fcdfb4ca6197105712ca3aa
+  data.tar.gz: d756477c4172ff54a6a69f6905c0f0034b484f9ca38b45fda8a7d6efa7c5f748
 SHA512:
-  metadata.gz: 0f822677d07b5c1d2c8b70f23ad6cf94f303686200cc9b68683fc54af2d0e362ae257278bdcb510febeefff2e1f163aadc42a019dbe39089444665d80c29da28
-  data.tar.gz: 6800aef92c54e66bc4fcf2fe604326c8caaae4514bbf2a11aa913d3a2f18a9f8d6775427d81fdc1bf1c59f25a588f36b94c59af4ab69f155634b47eaf3944015
+  metadata.gz: 93849cdca52ac4bc4bec15aebd4933e623229f4c10378fb2d85316c6496d45cc9ebe7ed2e1c1aa4f1a296779237cb06b204f5d61af8f7d1a7b2642c9a9e4720a
+  data.tar.gz: 54988d5e27e76412c03eca453f7887414a536ee16607fbf2c1ecd7e502136f555700bba9c88e59967ab6857fa198c4138b517090183f31b72e88f54a46926669

data/Gemfile

@@ -12,7 +12,7 @@ gem "inspec-bin", path: "./inspec-bin"
 # ffi version v1.17.0 is breaking verify pipeline as it requires
 # rubygems version to be upgraded to >= 3.3.22 Ref:https://buildkite.com/chef/inspec-inspec-main-verify-private/builds/812#018fe177-2ccb-45ed-a25e-213c8a6453df/698-707
 
-gem "ffi", ">= 1.15.5", "< 1.18.0"
+gem "ffi", ">= 1.15.5", "< 1.17.0"
 
 # We have a build issue 2023-11-13 with unf_ext 0.0.9 so we are pinning to 0.0.8.2
 # See https://github.com/knu/ruby-unf_ext/issues/74 https://buildkite.com/chef/inspec-inspec-inspec-5-omnibus-release/builds/22
@@ -37,7 +37,8 @@ group :test do
   gem "minitest-sprint", "~> 1.0"
   gem "minitest", "5.15.0"
   gem "mocha"
-  gem "nokogiri"
+  # Pinning this version as it breaking for ruby 3.1.0
+  gem "nokogiri", "< 1.17.2"
   gem "pry-byebug"
   gem "pry"
   gem "rake"
@@ -61,6 +62,11 @@ end
 # Remove this pin when upgrading to Ruby 3.2 or higher.
 gem "zeitwerk", "~> 2.6.0", "< 2.7"
 
+# Pinning dry-core,dry-core,dry-types to < 1.1.0 as it is breaking the build because 1.1.0 is incompatible with the current version, ruby 3.0.x on CI
+gem "dry-types", "<= 1.7.2" if RUBY_VERSION < "3.1.0"
+gem "dry-core", "> 1.0.0", "< 1.1.0" if RUBY_VERSION < "3.1.0"
+gem "dry-inflector", "<= 1.1.0" if RUBY_VERSION < "3.1.0"
+
 # Pinning securerandom to < 0.4.0 as it is breaking the build because 0.4.0 is incompatible with the current version, ruby 3.0.x on CI
 # Remove this pin when upgrading to Ruby 3.1 or higher on CI.
 gem "securerandom", "< 0.4.0" if RUBY_VERSION < "3.1.0"

data/inspec-core.gemspec

@@ -36,7 +36,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "rspec-its",                "~> 1.2"
   spec.add_dependency "pry",                      "~> 0.13"
   spec.add_dependency "hashie",                   ">= 3.4", "< 6.0"
-  spec.add_dependency "mixlib-log",               "~> 3.0"
+  spec.add_dependency "mixlib-log",               "~> 3.0", "< 3.2"
   spec.add_dependency "sslshake",                 "~> 1.2"
   spec.add_dependency "parallel",                 "~> 1.9"
   spec.add_dependency "faraday",                  ">= 1", "< 3"

data/lib/inspec/resources/groups.rb

@@ -200,8 +200,60 @@ module Inspec::Resources
   # implements generic unix groups via /etc/group
   class UnixGroup < GroupInfo
     def groups
+      get_group_info
+    end
+
+    private
+
+    def get_group_info
+      # First, try to fetch group info using getent
+      group_info = fetch_group_info_using_getent
+
+      return group_info unless group_info.empty?
+
+      # If getent fails, fallback to reading group info from /etc/group using inspec.etc_group.entries
+      Inspec::Log.debug("Falling back to reading group info from /etc/group as getent is unavailable or failed.")
       inspec.etc_group.entries
     end
+
+    # Fetches group information using the getent utility
+    def fetch_group_info_using_getent
+      # Find getent utility on the system
+      bin = find_getent_utility
+
+      # If getent is available, fetch group info
+      return [] unless bin
+
+      cmd = inspec.command("#{bin} group")
+      return parse_group_info(cmd) if cmd.exit_status.to_i == 0
+
+      # If getent fails, log the error and return an empty array
+      Inspec::Log.debug("Failed to execute #{bin} group: #{cmd.stderr}.")
+      []
+    end
+
+    # Parses group info from the command output
+    def parse_group_info(cmd)
+      cmd.stdout.strip.split("\n").map do |line|
+        name, password, gid, members = line.split(":")
+        {
+          "name" => name,
+          "password" => password,
+          "gid" => gid.to_i,
+          "members" => members,
+        }
+      end
+    end
+
+    # Checks if getent exists on the system
+    def find_getent_utility
+      %w{/usr/bin/getent /bin/getent getent}.each do |cmd|
+        return cmd if inspec.command(cmd).exist?
+      end
+      # Log debug information if getent is not found
+      Inspec::Log.debug("Could not find `getent` on your system.")
+      nil # Return nil if getent is not found
+    end
   end
 
   # OSX uses opendirectory for groups, so `/etc/group` may not be fully accurate

data/lib/inspec/resources/postgres_session.rb

@@ -1,7 +1,7 @@
 # copyright: 2015, Vulcano Security GmbH
 
 require "shellwords" unless defined?(Shellwords)
-
+require "cgi" unless defined?(CGI)
 module Inspec::Resources
   class Lines
     attr_reader :output, :exit_status
@@ -74,6 +74,10 @@ module Inspec::Resources
       Shellwords.escape(query)
     end
 
+    def encoded_password(password)
+      CGI.escape(password)
+    end
+
     def create_psql_cmd(query, db = [])
       dbs = db.map { |x| "#{x}" }.join(" ")
 
@@ -82,14 +86,14 @@ module Inspec::Resources
         # Socket connection only enabled for non-windows platforms
         # Windows does not support unix domain sockets
         option_port = @port.nil? ? "" : "-p #{@port}" # add explicit port if specified
-        "psql -d postgresql://#{@user}:#{@pass}@/#{dbs}?host=#{@socket_path} #{option_port} -A -t -w -c #{escaped_query(query)}"
+        "psql -d postgresql://#{@user}:#{encoded_password(@pass)}@/#{dbs}?host=#{@socket_path} #{option_port} -A -t -w -c #{escaped_query(query)}"
       else
         # Host in connection string establishes tcp/ip connection
         if inspec.os.windows?
           warn "Socket based connection not supported in windows, connecting using host" if @socket_path
-          "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c \"#{query}\""
+          "psql -d postgresql://#{@user}:#{encoded_password(@pass)}@#{@host}:#{@port}/#{dbs} -A -t -w -c \"#{query}\""
         else
-          "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c #{escaped_query(query)}"
+          "psql -d postgresql://#{@user}:#{encoded_password(@pass)}@#{@host}:#{@port}/#{dbs} -A -t -w -c #{escaped_query(query)}"
         end
       end
     end

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "5.22.65".freeze
+  VERSION = "5.22.72".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 5.22.65
+  version: 5.22.72
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-12-12 00:00:00.000000000 Z
+date: 2025-03-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -185,6 +185,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -192,6 +195,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.2'
 - !ruby/object:Gem::Dependency
   name: sslshake
   requirement: !ruby/object:Gem::Requirement