inspec-core 6.8.11 → 6.8.24

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6ef08c3443267ae12f42004936c21dd9c06a2a2405981efa57d5ab26a3a58e38
-  data.tar.gz: 16ba90c68c5f4168b1c1e3178b0b974992d27d5529ada5c34f51fda029539806
+  metadata.gz: '06894dd5c2b09dac3432041d74b257a5b25dd00c9c0a2d623e7343e6a651e1b6'
+  data.tar.gz: 20592025afc13ecdcae95fcde514b8bc4b5855358e93dcef24365d15aa773eb1
 SHA512:
-  metadata.gz: 6915602a57ac2c952ba963ded31d7e20a2aca7c0f8e49cf1f3109d85042864d7e69e390aa886937cd2d26a062716da9388a71bf9a67940578c4ccd783e8feb3d
-  data.tar.gz: ffb31db9833ffca067688360cdbd73eb8ddd8da55e0a0cbcc33c860a2475f43715fcd4603b04cab3adba771f9cfc6231a88ec594a2947b7d4781bf899123b575
+  metadata.gz: 2d0a1749cfa6f3d1f517f31e5bc722f85ad5ecf8dd4d155df88afcc41c76c93ba21bba3749b534fd1515a724af17bedc706755606a4a3c109a655ef891bc0e0d
+  data.tar.gz: 2f0b14a4f79fad859d931a8d0427d88306beb44b7b4f8698910a053d383ebc05a28b9b440c7164cfd5f712d56ba08aeb35afa51b21ef1c5f157b4fb525dd2d3c

data/etc/deprecations.json

@@ -73,6 +73,11 @@
       "action": "exit",
       "suffix": "This resource was removed in InSpec 4.0."
     },
+    "core_resource_moved_to_rp": {
+      "action": "warn",
+      "suffix": "This resource will be moved to a separate resource pack. Additional details will be provided with the InSpec 7 release.",
+      "comment": "Deprecation notice for core resource which are getting moved to resource packs."
+    },
     "resource_iis_website": {
       "action": "exit",
       "suffix": "This resource was removed in InSpec 4.0.",

data/lib/inspec/dsl.rb

@@ -2,6 +2,7 @@
 require "inspec/log"
 require "inspec/plugin/v2"
 require "inspec/utils/deprecated_cloud_resources_list"
+require "inspec/utils/deprecated_core_resources_list"
 
 module Inspec::DSL
   attr_accessor :backend
@@ -38,6 +39,10 @@ module Inspec::DSL
     return unless backend
 
     begin
+      include DeprecatedCoreResourcesList
+      if CORE_RESOURCES_DEPRECATED.include? id
+        Inspec.deprecate(:core_resource_moved_to_rp, "The resource '#{id}' will not be part of the InSpec 7 core.")
+      end
       require "inspec/resources/#{id}"
     rescue LoadError => e
       include DeprecatedCloudResourcesList

data/lib/inspec/input_registry.rb

@@ -173,7 +173,7 @@ module Inspec
             raise ArgumentError, "ERROR: An '=' is required when using --input. Usage: --input input_name1=input_value1 input2=value2"
           end
         end
-        pair = pair.match(/(.*?)=(.*)/)
+        pair = pair.match(/^([^=]+)=(.*)$/)
         input_name, input_value = pair[1], pair[2]
         input_value = parse_cli_input_value(input_name, input_value)
         evt = Inspec::Input::Event.new(

data/lib/inspec/reporters/automate.rb

@@ -66,9 +66,9 @@ module Inspec::Reporters
     # Then it downgrades the 160bit SHA1 to a 128bit
     # then we format it as a valid UUIDv5.
     def uuid_from_string(string)
-      hash = Digest::SHA1.new
+      hash = Digest::SHA256.new
       hash.update(string)
-      ary = hash.digest.unpack("NnnnnN")
+      ary = hash.digest[0, 16].unpack("NnnnnN")
       ary[2] = (ary[2] & 0x0FFF) | (5 << 12)
       ary[3] = (ary[3] & 0x3FFF) | 0x8000
       # rubocop:disable Style/FormatString

data/lib/inspec/resources/auditd.rb

@@ -193,7 +193,7 @@ module Inspec::Resources
     #
     # @return [Array[String,String]]
     def action_list_for(line)
-      action_list = line.scan(/-a ([^,]+),([^ ]+)\s?/).flatten
+      action_list = line.scan(/-a ([^,\s]+),([^,\s]+)(?:\s|$)/).flatten
 
       # Actions and lists can be in either order
       valid_actions = %w{never always}

data/lib/inspec/resources/port.rb

@@ -300,7 +300,7 @@ module Inspec::Resources
     def parse_netstat_line(line)
       # parse each line
       # 1 - Socket, 2 - Proto, 3 - Receive-Q, 4 - Send-Q, 5 - Local address, 6 - Foreign Address, 7 - State
-      parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)?\s+(\S+)/.match(line)
+      parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)(?:\s+(\S+))?\s+(\S+)$/.match(line)
       return {} if parsed.nil?
 
       # parse ip4 and ip6 addresses
@@ -488,7 +488,7 @@ module Inspec::Resources
       # 1 - Proto, 2 - Recv-Q, 3 - Send-Q, 4 - Local Address, 5 - Foreign Address, 6 - State, 7 - User, 8 - Inode, 9 - PID/Program name
       # * UDP lines have an empty State column and the Busybox variant lacks
       # the User and Inode columns.
-      reg =  /^(?<proto>\S+)\s+(\S+)\s+(\S+)\s+(?<local_addr>\S+)\s+(?<foreign_addr>\S+)\s+(\S+)?\s+((\S+)\s+(\S+)\s+)?(?<pid_prog>\S+)/
+      reg = /^(?<proto>\S+)\s+(\S+)\s+(\S+)\s+(?<local_addr>\S+)\s+(?<foreign_addr>\S+)\s+(?:\S+\s+){0,2}(?<pid_prog>\S+)$/
       parsed = reg.match(line)
 
       return {} if parsed.nil? || line.match(/^proto/i)

data/lib/inspec/resources/postgres_session.rb

@@ -1,7 +1,7 @@
 # copyright: 2015, Vulcano Security GmbH
 
 require "shellwords" unless defined?(Shellwords)
-
+require "cgi" unless defined?(CGI)
 module Inspec::Resources
   class Lines
     attr_reader :output, :exit_status
@@ -74,6 +74,10 @@ module Inspec::Resources
       Shellwords.escape(query)
     end
 
+    def encoded_password(password)
+      CGI.escape(password)
+    end
+
     def create_psql_cmd(query, db = [])
       dbs = db.map { |x| "#{x}" }.join(" ")
 
@@ -82,14 +86,14 @@ module Inspec::Resources
         # Socket connection only enabled for non-windows platforms
         # Windows does not support unix domain sockets
         option_port = @port.nil? ? "" : "-p #{@port}" # add explicit port if specified
-        "psql -d postgresql://#{@user}:#{@pass}@/#{dbs}?host=#{@socket_path} #{option_port} -A -t -w -c #{escaped_query(query)}"
+        "psql -d postgresql://#{@user}:#{encoded_password(@pass)}@/#{dbs}?host=#{@socket_path} #{option_port} -A -t -w -c #{escaped_query(query)}"
       else
         # Host in connection string establishes tcp/ip connection
         if inspec.os.windows?
           warn "Socket based connection not supported in windows, connecting using host" if @socket_path
-          "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c \"#{query}\""
+          "psql -d postgresql://#{@user}:#{encoded_password(@pass)}@#{@host}:#{@port}/#{dbs} -A -t -w -c \"#{query}\""
         else
-          "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c #{escaped_query(query)}"
+          "psql -d postgresql://#{@user}:#{encoded_password(@pass)}@#{@host}:#{@port}/#{dbs} -A -t -w -c #{escaped_query(query)}"
         end
       end
     end

data/lib/inspec/resources/yum.rb

@@ -121,7 +121,7 @@ module Inspec::Resources
     # extracts the shortname from a repo id
     # e.g. extras/7/x86_64 -> extras
     def shortname(id)
-      val = %r{^\s*([^/]*?)/(.*?)\s*$}.match(id)
+      val = %r{^([^/]+)/.*$}.match(id)
       val.nil? ? nil : val[1]
     end
 

data/lib/inspec/utils/deprecated_core_resources_list.rb

@@ -0,0 +1,25 @@
+module DeprecatedCoreResourcesList
+  CORE_RESOURCES_DEPRECATED = %i{
+    docker_container
+    docker_image
+    docker_plugin
+    docker_service
+    elasticsearch
+    ibmdb2_conf
+    ibmdb2_session
+    mongodb
+    mongodb_conf
+    mongodb_session
+    podman
+    podman_container
+    podman_image
+    podman_network
+    podman_pod
+    podman_volume
+    rabbitmq_config
+    ssh_config
+    ssh_key
+    sybase_conf
+    sybase_session
+  }.freeze
+end

data/lib/inspec/utils/deprecation/deprecator.rb

@@ -61,7 +61,8 @@ module Inspec
 
         suffix += (" (used at " + opts[:used_at_stack_frame].path + ":" + opts[:used_at_stack_frame].lineno.to_s + ")") if opts.key?(:used_at_stack_frame)
 
-        "DEPRECATION: " + prefix + message + suffix
+        keyword = group.name.to_s == "core_resource_moved_to_rp" ? "CHANGE NOTICE: " : "DEPRECATION: "
+        keyword + prefix + message + suffix
       end
 
       def called_from_control?

data/lib/inspec/utils/licensing_config.rb

@@ -4,7 +4,7 @@ ChefLicensing.configure do |config|
   config.chef_product_name = "InSpec"
   config.chef_entitlement_id = "3ff52c37-e41f-4f6c-ad4d-365192205968"
   config.chef_executable_name = "inspec"
-  config.license_server_url = "https://services.chef.io/licensing"
+  config.license_server_url = ENV["CHEF_LICENSE_SERVER"] || "https://services.chef.io/licensing"
   config.logger = Inspec::Log
 end
 

data/lib/inspec/utils/parser.rb

@@ -72,15 +72,23 @@ module Inspec
         if includes_whitespaces?(mount_line)
           # Device-/Sharenames and Mountpoints including whitespaces require special treatment:
           # We use the keyword ' type ' to split up and rebuild the desired array of fields
-          type_split = mount_line.split(" type ")
-          fs_path = type_split[0]
-          other_opts = type_split[1]
-          fs, path = fs_path.match(%r{^(.+?)\son\s(/.+?)$}).captures
+          # Split the mount line by the keyword ' type '
+          fs_path, other_opts = mount_line.split(" type ", 2)
+
+          # Manually split fs_path into the filesystem and path parts
+          fs, path = fs_path.split(" on ", 2)
+
+          # Start building the mount array
           mount = [fs, "on", path, "type"]
-          mount.concat(other_opts.scan(/\S+/))
+
+          # Split the remaining options by spaces
+          other_opts = other_opts.split(/\s+/)
+
+          # Concatenate the options to the mount array
+          mount.concat(other_opts)
         else
-          # ... otherwise we just split the fields by whitespaces
-          mount = mount_line.scan(/\S+/)
+          # If no whitespace, simply split by spaces
+          mount = mount_line.split(/\s+/)
         end
 
         # parse device and type
@@ -109,8 +117,10 @@ module Inspec
 
       # Device-/Sharename or Mountpoint includes whitespaces?
       def includes_whitespaces?(mount_line)
-        ws = mount_line.match(/^(.+)\son\s(.+)\stype\s.*$/)
-        ws.captures[0].include?(" ") || ws.captures[1].include?(" ")
+        # Split the mount_line by " on "
+        parts = mount_line.split(" on ")
+        # Check if either part contains spaces
+        parts.any? { |part| part.include?(" ") }
       end
     end
 

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "6.8.11".freeze
+  VERSION = "6.8.24".freeze
 end

data/lib/plugins/inspec-compliance/README.md

@@ -14,8 +14,18 @@ To use the CLI, this InSpec add-on adds the following commands:
  * `$ inspec automate profiles` - list all available Compliance profiles
  * `$ inspec exec compliance://profile` - runs a Compliance profile
  * `$ inspec automate upload path/to/local/profile` - uploads a local profile to Chef Automate/Chef Compliance
+ * `$ inspec automate upload path/to/local/profile --legacy` - uploads a local profile to Chef Automate/Chef Compliance using legacy functionalities of inspec check and inspec export
+
+    *Options*:
+    ```
+      [--overwrite], [--no-overwrite]  # Overwrite existing profile on Server.
+      [--owner=OWNER]                  # Owner that should own the profile
+      [--legacy], [--no-legacy]        # Enable legacy functionality, activating both legacy export and legacy check.
+
+    uploads a local profile to Chef Automate
+    ```
  * `$ inspec automate logout` - logout of Chef Automate/Chef Compliance
- 
+
  Similar to these CLI commands are:
 
  * `$ inspec compliance login` - authentication of the API token against Chef Automate/Chef Compliance

data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb

@@ -136,6 +136,8 @@ module InspecPlugins
         desc: "Overwrite existing profile on Server."
       option :owner, type: :string, required: false,
         desc: "Owner that should own the profile"
+      option :legacy, type: :boolean, default: false,
+        desc: "Enable legacy functionality, activating both legacy export and legacy check."
       def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity
         Inspec.with_feature("inspec-cli-compliance-upload") {
           config = InspecPlugins::Compliance::Configuration.new
@@ -169,7 +171,7 @@ module InspecPlugins
             puts msg
           }
 
-          result = profile.check
+          result = options["legacy"] ? profile.legacy_check : profile.check
           unless result[:summary][:valid]
             error.call("Profile check failed. Please fix the profile before upload.")
           else
@@ -205,7 +207,7 @@ module InspecPlugins
             generated = true
             archive_path = Dir::Tmpname.create([profile_name, ".tar.gz"]) {}
             puts "Generate temporary profile archive at #{archive_path}"
-            profile.archive({ output: archive_path, ignore_errors: false, overwrite: true })
+            profile.archive({ output: archive_path, ignore_errors: false, overwrite: true, legacy_export: options["legacy"] })
           else
             archive_path = path
           end

data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb

@@ -425,8 +425,10 @@ module InspecPlugins
                  "our apologies for the misunderstanding, and open an issue " \
                  "at https://github.com/inspec/inspec/issues/new")
         ui.exit Inspec::UI::EXIT_PLUGIN_ERROR
-      rescue Inspec::Plugin::V2::InstallError
-        raise if Inspec::Log.level == :debug
+      rescue Inspec::Plugin::V2::InstallError => e
+        # This change is compatible with various versions of Ruby, including Ruby 3.3
+        # Using Inspec::Log::level breaks with error `undefined method nil` in Ruby log library
+        Inspec::Log.debug e.backtrace
 
         results = installer.search(plugin_name, exact: true)
         source_host = URI(options[:source] || "https://rubygems.org/").host

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 6.8.11
+  version: 6.8.24
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-11-05 00:00:00.000000000 Z
+date: 2025-01-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -734,6 +734,7 @@ files:
 - lib/inspec/utils/convert.rb
 - lib/inspec/utils/database_helpers.rb
 - lib/inspec/utils/deprecated_cloud_resources_list.rb
+- lib/inspec/utils/deprecated_core_resources_list.rb
 - lib/inspec/utils/deprecation.rb
 - lib/inspec/utils/deprecation/config_file.rb
 - lib/inspec/utils/deprecation/deprecator.rb