inspec-core 6.8.11 → 6.8.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6ef08c3443267ae12f42004936c21dd9c06a2a2405981efa57d5ab26a3a58e38
4
- data.tar.gz: 16ba90c68c5f4168b1c1e3178b0b974992d27d5529ada5c34f51fda029539806
3
+ metadata.gz: '06894dd5c2b09dac3432041d74b257a5b25dd00c9c0a2d623e7343e6a651e1b6'
4
+ data.tar.gz: 20592025afc13ecdcae95fcde514b8bc4b5855358e93dcef24365d15aa773eb1
5
5
  SHA512:
6
- metadata.gz: 6915602a57ac2c952ba963ded31d7e20a2aca7c0f8e49cf1f3109d85042864d7e69e390aa886937cd2d26a062716da9388a71bf9a67940578c4ccd783e8feb3d
7
- data.tar.gz: ffb31db9833ffca067688360cdbd73eb8ddd8da55e0a0cbcc33c860a2475f43715fcd4603b04cab3adba771f9cfc6231a88ec594a2947b7d4781bf899123b575
6
+ metadata.gz: 2d0a1749cfa6f3d1f517f31e5bc722f85ad5ecf8dd4d155df88afcc41c76c93ba21bba3749b534fd1515a724af17bedc706755606a4a3c109a655ef891bc0e0d
7
+ data.tar.gz: 2f0b14a4f79fad859d931a8d0427d88306beb44b7b4f8698910a053d383ebc05a28b9b440c7164cfd5f712d56ba08aeb35afa51b21ef1c5f157b4fb525dd2d3c
@@ -73,6 +73,11 @@
73
73
  "action": "exit",
74
74
  "suffix": "This resource was removed in InSpec 4.0."
75
75
  },
76
+ "core_resource_moved_to_rp": {
77
+ "action": "warn",
78
+ "suffix": "This resource will be moved to a separate resource pack. Additional details will be provided with the InSpec 7 release.",
79
+ "comment": "Deprecation notice for core resource which are getting moved to resource packs."
80
+ },
76
81
  "resource_iis_website": {
77
82
  "action": "exit",
78
83
  "suffix": "This resource was removed in InSpec 4.0.",
data/lib/inspec/dsl.rb CHANGED
@@ -2,6 +2,7 @@
2
2
  require "inspec/log"
3
3
  require "inspec/plugin/v2"
4
4
  require "inspec/utils/deprecated_cloud_resources_list"
5
+ require "inspec/utils/deprecated_core_resources_list"
5
6
 
6
7
  module Inspec::DSL
7
8
  attr_accessor :backend
@@ -38,6 +39,10 @@ module Inspec::DSL
38
39
  return unless backend
39
40
 
40
41
  begin
42
+ include DeprecatedCoreResourcesList
43
+ if CORE_RESOURCES_DEPRECATED.include? id
44
+ Inspec.deprecate(:core_resource_moved_to_rp, "The resource '#{id}' will not be part of the InSpec 7 core.")
45
+ end
41
46
  require "inspec/resources/#{id}"
42
47
  rescue LoadError => e
43
48
  include DeprecatedCloudResourcesList
@@ -173,7 +173,7 @@ module Inspec
173
173
  raise ArgumentError, "ERROR: An '=' is required when using --input. Usage: --input input_name1=input_value1 input2=value2"
174
174
  end
175
175
  end
176
- pair = pair.match(/(.*?)=(.*)/)
176
+ pair = pair.match(/^([^=]+)=(.*)$/)
177
177
  input_name, input_value = pair[1], pair[2]
178
178
  input_value = parse_cli_input_value(input_name, input_value)
179
179
  evt = Inspec::Input::Event.new(
@@ -66,9 +66,9 @@ module Inspec::Reporters
66
66
  # Then it downgrades the 160bit SHA1 to a 128bit
67
67
  # then we format it as a valid UUIDv5.
68
68
  def uuid_from_string(string)
69
- hash = Digest::SHA1.new
69
+ hash = Digest::SHA256.new
70
70
  hash.update(string)
71
- ary = hash.digest.unpack("NnnnnN")
71
+ ary = hash.digest[0, 16].unpack("NnnnnN")
72
72
  ary[2] = (ary[2] & 0x0FFF) | (5 << 12)
73
73
  ary[3] = (ary[3] & 0x3FFF) | 0x8000
74
74
  # rubocop:disable Style/FormatString
@@ -193,7 +193,7 @@ module Inspec::Resources
193
193
  #
194
194
  # @return [Array[String,String]]
195
195
  def action_list_for(line)
196
- action_list = line.scan(/-a ([^,]+),([^ ]+)\s?/).flatten
196
+ action_list = line.scan(/-a ([^,\s]+),([^,\s]+)(?:\s|$)/).flatten
197
197
 
198
198
  # Actions and lists can be in either order
199
199
  valid_actions = %w{never always}
@@ -300,7 +300,7 @@ module Inspec::Resources
300
300
  def parse_netstat_line(line)
301
301
  # parse each line
302
302
  # 1 - Socket, 2 - Proto, 3 - Receive-Q, 4 - Send-Q, 5 - Local address, 6 - Foreign Address, 7 - State
303
- parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)?\s+(\S+)/.match(line)
303
+ parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)(?:\s+(\S+))?\s+(\S+)$/.match(line)
304
304
  return {} if parsed.nil?
305
305
 
306
306
  # parse ip4 and ip6 addresses
@@ -488,7 +488,7 @@ module Inspec::Resources
488
488
  # 1 - Proto, 2 - Recv-Q, 3 - Send-Q, 4 - Local Address, 5 - Foreign Address, 6 - State, 7 - User, 8 - Inode, 9 - PID/Program name
489
489
  # * UDP lines have an empty State column and the Busybox variant lacks
490
490
  # the User and Inode columns.
491
- reg = /^(?<proto>\S+)\s+(\S+)\s+(\S+)\s+(?<local_addr>\S+)\s+(?<foreign_addr>\S+)\s+(\S+)?\s+((\S+)\s+(\S+)\s+)?(?<pid_prog>\S+)/
491
+ reg = /^(?<proto>\S+)\s+(\S+)\s+(\S+)\s+(?<local_addr>\S+)\s+(?<foreign_addr>\S+)\s+(?:\S+\s+){0,2}(?<pid_prog>\S+)$/
492
492
  parsed = reg.match(line)
493
493
 
494
494
  return {} if parsed.nil? || line.match(/^proto/i)
@@ -1,7 +1,7 @@
1
1
  # copyright: 2015, Vulcano Security GmbH
2
2
 
3
3
  require "shellwords" unless defined?(Shellwords)
4
-
4
+ require "cgi" unless defined?(CGI)
5
5
  module Inspec::Resources
6
6
  class Lines
7
7
  attr_reader :output, :exit_status
@@ -74,6 +74,10 @@ module Inspec::Resources
74
74
  Shellwords.escape(query)
75
75
  end
76
76
 
77
+ def encoded_password(password)
78
+ CGI.escape(password)
79
+ end
80
+
77
81
  def create_psql_cmd(query, db = [])
78
82
  dbs = db.map { |x| "#{x}" }.join(" ")
79
83
 
@@ -82,14 +86,14 @@ module Inspec::Resources
82
86
  # Socket connection only enabled for non-windows platforms
83
87
  # Windows does not support unix domain sockets
84
88
  option_port = @port.nil? ? "" : "-p #{@port}" # add explicit port if specified
85
- "psql -d postgresql://#{@user}:#{@pass}@/#{dbs}?host=#{@socket_path} #{option_port} -A -t -w -c #{escaped_query(query)}"
89
+ "psql -d postgresql://#{@user}:#{encoded_password(@pass)}@/#{dbs}?host=#{@socket_path} #{option_port} -A -t -w -c #{escaped_query(query)}"
86
90
  else
87
91
  # Host in connection string establishes tcp/ip connection
88
92
  if inspec.os.windows?
89
93
  warn "Socket based connection not supported in windows, connecting using host" if @socket_path
90
- "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c \"#{query}\""
94
+ "psql -d postgresql://#{@user}:#{encoded_password(@pass)}@#{@host}:#{@port}/#{dbs} -A -t -w -c \"#{query}\""
91
95
  else
92
- "psql -d postgresql://#{@user}:#{@pass}@#{@host}:#{@port}/#{dbs} -A -t -w -c #{escaped_query(query)}"
96
+ "psql -d postgresql://#{@user}:#{encoded_password(@pass)}@#{@host}:#{@port}/#{dbs} -A -t -w -c #{escaped_query(query)}"
93
97
  end
94
98
  end
95
99
  end
@@ -121,7 +121,7 @@ module Inspec::Resources
121
121
  # extracts the shortname from a repo id
122
122
  # e.g. extras/7/x86_64 -> extras
123
123
  def shortname(id)
124
- val = %r{^\s*([^/]*?)/(.*?)\s*$}.match(id)
124
+ val = %r{^([^/]+)/.*$}.match(id)
125
125
  val.nil? ? nil : val[1]
126
126
  end
127
127
 
@@ -0,0 +1,25 @@
1
+ module DeprecatedCoreResourcesList
2
+ CORE_RESOURCES_DEPRECATED = %i{
3
+ docker_container
4
+ docker_image
5
+ docker_plugin
6
+ docker_service
7
+ elasticsearch
8
+ ibmdb2_conf
9
+ ibmdb2_session
10
+ mongodb
11
+ mongodb_conf
12
+ mongodb_session
13
+ podman
14
+ podman_container
15
+ podman_image
16
+ podman_network
17
+ podman_pod
18
+ podman_volume
19
+ rabbitmq_config
20
+ ssh_config
21
+ ssh_key
22
+ sybase_conf
23
+ sybase_session
24
+ }.freeze
25
+ end
@@ -61,7 +61,8 @@ module Inspec
61
61
 
62
62
  suffix += (" (used at " + opts[:used_at_stack_frame].path + ":" + opts[:used_at_stack_frame].lineno.to_s + ")") if opts.key?(:used_at_stack_frame)
63
63
 
64
- "DEPRECATION: " + prefix + message + suffix
64
+ keyword = group.name.to_s == "core_resource_moved_to_rp" ? "CHANGE NOTICE: " : "DEPRECATION: "
65
+ keyword + prefix + message + suffix
65
66
  end
66
67
 
67
68
  def called_from_control?
@@ -4,7 +4,7 @@ ChefLicensing.configure do |config|
4
4
  config.chef_product_name = "InSpec"
5
5
  config.chef_entitlement_id = "3ff52c37-e41f-4f6c-ad4d-365192205968"
6
6
  config.chef_executable_name = "inspec"
7
- config.license_server_url = "https://services.chef.io/licensing"
7
+ config.license_server_url = ENV["CHEF_LICENSE_SERVER"] || "https://services.chef.io/licensing"
8
8
  config.logger = Inspec::Log
9
9
  end
10
10
 
@@ -72,15 +72,23 @@ module Inspec
72
72
  if includes_whitespaces?(mount_line)
73
73
  # Device-/Sharenames and Mountpoints including whitespaces require special treatment:
74
74
  # We use the keyword ' type ' to split up and rebuild the desired array of fields
75
- type_split = mount_line.split(" type ")
76
- fs_path = type_split[0]
77
- other_opts = type_split[1]
78
- fs, path = fs_path.match(%r{^(.+?)\son\s(/.+?)$}).captures
75
+ # Split the mount line by the keyword ' type '
76
+ fs_path, other_opts = mount_line.split(" type ", 2)
77
+
78
+ # Manually split fs_path into the filesystem and path parts
79
+ fs, path = fs_path.split(" on ", 2)
80
+
81
+ # Start building the mount array
79
82
  mount = [fs, "on", path, "type"]
80
- mount.concat(other_opts.scan(/\S+/))
83
+
84
+ # Split the remaining options by spaces
85
+ other_opts = other_opts.split(/\s+/)
86
+
87
+ # Concatenate the options to the mount array
88
+ mount.concat(other_opts)
81
89
  else
82
- # ... otherwise we just split the fields by whitespaces
83
- mount = mount_line.scan(/\S+/)
90
+ # If no whitespace, simply split by spaces
91
+ mount = mount_line.split(/\s+/)
84
92
  end
85
93
 
86
94
  # parse device and type
@@ -109,8 +117,10 @@ module Inspec
109
117
 
110
118
  # Device-/Sharename or Mountpoint includes whitespaces?
111
119
  def includes_whitespaces?(mount_line)
112
- ws = mount_line.match(/^(.+)\son\s(.+)\stype\s.*$/)
113
- ws.captures[0].include?(" ") || ws.captures[1].include?(" ")
120
+ # Split the mount_line by " on "
121
+ parts = mount_line.split(" on ")
122
+ # Check if either part contains spaces
123
+ parts.any? { |part| part.include?(" ") }
114
124
  end
115
125
  end
116
126
 
@@ -1,3 +1,3 @@
1
1
  module Inspec
2
- VERSION = "6.8.11".freeze
2
+ VERSION = "6.8.24".freeze
3
3
  end
@@ -14,8 +14,18 @@ To use the CLI, this InSpec add-on adds the following commands:
14
14
  * `$ inspec automate profiles` - list all available Compliance profiles
15
15
  * `$ inspec exec compliance://profile` - runs a Compliance profile
16
16
  * `$ inspec automate upload path/to/local/profile` - uploads a local profile to Chef Automate/Chef Compliance
17
+ * `$ inspec automate upload path/to/local/profile --legacy` - uploads a local profile to Chef Automate/Chef Compliance using legacy functionalities of inspec check and inspec export
18
+
19
+ *Options*:
20
+ ```
21
+ [--overwrite], [--no-overwrite] # Overwrite existing profile on Server.
22
+ [--owner=OWNER] # Owner that should own the profile
23
+ [--legacy], [--no-legacy] # Enable legacy functionality, activating both legacy export and legacy check.
24
+
25
+ uploads a local profile to Chef Automate
26
+ ```
17
27
  * `$ inspec automate logout` - logout of Chef Automate/Chef Compliance
18
-
28
+
19
29
  Similar to these CLI commands are:
20
30
 
21
31
  * `$ inspec compliance login` - authentication of the API token against Chef Automate/Chef Compliance
@@ -136,6 +136,8 @@ module InspecPlugins
136
136
  desc: "Overwrite existing profile on Server."
137
137
  option :owner, type: :string, required: false,
138
138
  desc: "Owner that should own the profile"
139
+ option :legacy, type: :boolean, default: false,
140
+ desc: "Enable legacy functionality, activating both legacy export and legacy check."
139
141
  def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity
140
142
  Inspec.with_feature("inspec-cli-compliance-upload") {
141
143
  config = InspecPlugins::Compliance::Configuration.new
@@ -169,7 +171,7 @@ module InspecPlugins
169
171
  puts msg
170
172
  }
171
173
 
172
- result = profile.check
174
+ result = options["legacy"] ? profile.legacy_check : profile.check
173
175
  unless result[:summary][:valid]
174
176
  error.call("Profile check failed. Please fix the profile before upload.")
175
177
  else
@@ -205,7 +207,7 @@ module InspecPlugins
205
207
  generated = true
206
208
  archive_path = Dir::Tmpname.create([profile_name, ".tar.gz"]) {}
207
209
  puts "Generate temporary profile archive at #{archive_path}"
208
- profile.archive({ output: archive_path, ignore_errors: false, overwrite: true })
210
+ profile.archive({ output: archive_path, ignore_errors: false, overwrite: true, legacy_export: options["legacy"] })
209
211
  else
210
212
  archive_path = path
211
213
  end
@@ -425,8 +425,10 @@ module InspecPlugins
425
425
  "our apologies for the misunderstanding, and open an issue " \
426
426
  "at https://github.com/inspec/inspec/issues/new")
427
427
  ui.exit Inspec::UI::EXIT_PLUGIN_ERROR
428
- rescue Inspec::Plugin::V2::InstallError
429
- raise if Inspec::Log.level == :debug
428
+ rescue Inspec::Plugin::V2::InstallError => e
429
+ # This change is compatible with various versions of Ruby, including Ruby 3.3
430
+ # Using Inspec::Log::level breaks with error `undefined method nil` in Ruby log library
431
+ Inspec::Log.debug e.backtrace
430
432
 
431
433
  results = installer.search(plugin_name, exact: true)
432
434
  source_host = URI(options[:source] || "https://rubygems.org/").host
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.8.11
4
+ version: 6.8.24
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chef InSpec Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-11-05 00:00:00.000000000 Z
11
+ date: 2025-01-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-telemetry
@@ -734,6 +734,7 @@ files:
734
734
  - lib/inspec/utils/convert.rb
735
735
  - lib/inspec/utils/database_helpers.rb
736
736
  - lib/inspec/utils/deprecated_cloud_resources_list.rb
737
+ - lib/inspec/utils/deprecated_core_resources_list.rb
737
738
  - lib/inspec/utils/deprecation.rb
738
739
  - lib/inspec/utils/deprecation/config_file.rb
739
740
  - lib/inspec/utils/deprecation/deprecator.rb