inspec-core 7.0.107 → 7.1.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 45c2a8606fc27e3246476e86b6d87ab22b5e9b0ea8f85d8381e71a5b74d1b0d0
-  data.tar.gz: af209e2f16b169913314c0aee8bd2c4ed0a05d92a187ad421ef81c6a22d3cc26
+  metadata.gz: d615f8a9108fd5631217d136cb8b29e8d1c44f6b049a53c2618907df84876fa8
+  data.tar.gz: 7745773bd58acc11ac0d8acc9cf7c7e3d1bcb945556a6686514d441a6b8375e0
 SHA512:
-  metadata.gz: 5e15e616ac53c257b7f3b23744745798cb22fbaa91ff6668140bf40ecfee92da7931e31949429fe337984c8716538ff84c8ca03acbcf9303fc93d45b20a3f4df
-  data.tar.gz: 63064836ca735a8ab3dfe01ccfb4c2cdc791dbf9474e2eff83df893ad04ef79979f5850bc7536967b5b2d871d31ad4cbc0ef61aa1ca92dbcde30eeef72a00fd2
+  metadata.gz: 4aad4bdd8864cb072120a838b7e342d4d667f24d30cb1a160627f125d6ab9968888f6dc30b0391fed5241afc81c75c4d3bea5868fa6d8f0b26e2847c899d1885
+  data.tar.gz: a2f4f3c01f19816fd77c65db3ac2a737d23093d71dac78ee82bbede8b39816f18efc6f94a5f7ae718533f065f9b87e9f577eeb42545f4b3fc5f75e4880ef8f98

data/Gemfile

@@ -50,7 +50,7 @@ group :test do
   gem "nokogiri"
   gem "pry-byebug"
   gem "pry"
-  gem "rake"
+  gem "rake", ">= 12.3.3"
   gem "simplecov"
   gem "simplecov_json_formatter"
   gem "webmock"

data/inspec-core.gemspec

@@ -50,7 +50,7 @@ Source code obtained from the Chef GitHub repository is made available under Apa
   spec.add_dependency "tty-table",                "~> 0.10"
   spec.add_dependency "tty-prompt",               "~> 0.17"
   spec.add_dependency "tomlrb",                   ">= 1.3", "< 2.1"
-  spec.add_dependency "addressable",              "~> 2.4"
+  spec.add_dependency "addressable",              "~> 2.9"
   spec.add_dependency "parslet",                  ">= 1.5", "< 3.0" # Pinned < 2.0, see #5389
   spec.add_dependency "semverse",                 "~> 3.0"
   spec.add_dependency "multipart-post",           "~> 2.0"

data/lib/inspec/iaf_file.rb

@@ -45,7 +45,7 @@ module Inspec
 
     def self.fetch_validation_key_from_github(keyname)
       URI.open("https://raw.githubusercontent.com/inspec/inspec/main/etc/keys/#{keyname}.pem.pub") do |r|
-        puts "Fetching validation key '#{keyname}' from github"
+        Inspec::Log.debug "Fetching validation key '#{keyname}' from github"
         dir = File.join(Inspec.config_dir, "keys")
         FileUtils.mkdir_p dir
         key_file = File.join(dir, "#{keyname}.pem.pub")

data/lib/inspec/reporters/json.rb

@@ -55,6 +55,11 @@ module Inspec::Reporters
     def extract_resource_id(r)
       # According to the RunData API, this is supposed to be an anonymous
       # class that represents a resource, with embedded instance methods....
+      # Prefer resource object if present and exposes resource_id
+      resource_candidate = r[:resource]
+      return resource_candidate.resource_id if resource_candidate.respond_to?(:resource_id)
+
+      # Fall back to resource_title
       resource_obj = r[:resource_title]
       return resource_obj.resource_id if resource_obj.respond_to?(:resource_id)
 
@@ -62,8 +67,13 @@ module Inspec::Reporters
       if resource_obj.is_a?(String)
         orig_str = resource_obj
         # Try to trim off the resource class - eg "File /some/path" => "/some/path"
-        trimmed_str = orig_str.sub(/^#{r[:resource_class]}/i, "").strip
-        trimmed_str.empty? ? orig_str : trimmed_str
+        resource_class = r[:resource_class].to_s
+        trimmed_str = orig_str.sub(/^#{Regexp.escape(resource_class)}/i, "").strip
+
+        # Cap the resource_id to a reasonable length to avoid bloating reports
+        max_length = 256
+        candidate = trimmed_str.empty? ? orig_str : trimmed_str
+        candidate.length > max_length ? candidate[0, max_length] : candidate
       else
         # Boo, InSpec is crazy, and we don't know what it possibly could be.
         # Failsafe for resource_id is empty string.

data/lib/inspec/resources/mssql_session.rb

@@ -30,9 +30,15 @@ module Inspec::Resources
         its('value') { should_not be_empty }
         its('value') { should cmp == 1 }
       end
+
+      # Trust the SQL Server TLS certificate when using sqlcmd
+      sql_tls = mssql_session(user: 'myuser', password: 'mypassword', trust_server_certificate: true)
+      describe sql_tls.query(\"SELECT SERVERPROPERTY('ProductVersion') as \\\"version\\\";\").row(0).column('version') do
+        its('value') { should_not be_empty }
+      end
     EXAMPLE
 
-    attr_reader :user, :password, :host, :port, :instance, :local_mode, :db_name
+    attr_reader :user, :password, :host, :port, :instance, :local_mode, :db_name, :trust_server_certificate
     def initialize(opts = {})
       @user = opts[:user]
       @password = opts[:password] || opts[:pass]
@@ -46,6 +52,7 @@ module Inspec::Resources
       end
       @instance = opts[:instance]
       @db_name = opts[:db_name]
+      @trust_server_certificate = !!opts[:trust_server_certificate] # rubocop:disable Style/DoubleNegation
 
       # check if sqlcmd is available
       raise Inspec::Exceptions::ResourceSkipped, "sqlcmd is missing" unless inspec.command("sqlcmd").exist?
@@ -57,6 +64,7 @@ module Inspec::Resources
       escaped_query = q.gsub(/\\/, "\\\\").gsub(/"/, '""').gsub(/\$/, '\\$')
       # surpress 'x rows affected' in SQLCMD with 'set nocount on;'
       cmd_string = "sqlcmd -Q \"set nocount on; #{escaped_query}\" -W -w 1024 -s ','"
+      cmd_string += " -C" if trust_server_certificate?
       cmd_string += " -U '#{@user}' -P '#{@password}'" unless @user.nil? || @password.nil?
       cmd_string += " -d '#{@db_name}'" unless @db_name.nil?
       unless local_mode?
@@ -94,6 +102,10 @@ module Inspec::Resources
       !!@local_mode # rubocop:disable Style/DoubleNegation
     end
 
+    def trust_server_certificate?
+      @trust_server_certificate
+    end
+
     def test_connection
       !query("select getdate()").empty?
     end

data/lib/inspec/rule.rb

@@ -48,12 +48,23 @@ module Inspec
       return unless block_given?
 
       begin
-        instance_eval(&block)
-
-        # By applying waivers *after* the instance eval, we assure that
-        # waivers have higher precedence than only_if.
+        # Pre-check: apply waivers before evaluating the control block.
+        # If the control is waived with run: false, skip the block entirely
+        # to avoid eager resource evaluation (e.g., `command('find /').stdout`
+        # executing expensive commands for waived controls).
         __apply_waivers
 
+        unless @__skip_rule[:result] && @__skip_rule[:type] == :waiver
+          instance_eval(&block)
+
+          # Re-apply waivers after instance eval. This is a no-op in practice:
+          # run:false waivers are already handled by the pre-check above (the
+          # unless guard prevents instance_eval from running at all), and
+          # run:true / no-run-key waivers do not set a skip flag. Kept for
+          # defensive correctness in case waiver state changes during eval.
+          __apply_waivers
+        end
+
       rescue SystemStackError, StandardError => e
         # We've encountered an exception while trying to eval the code inside the
         # control block. We need to prevent the exception from bubbling up, and

data/lib/inspec/utils/install_context.rb

@@ -6,7 +6,6 @@ module Inspec
     def guess_install_context
       # These all work by simple path recognition
       return "chef-workstation" if chef_workstation_install?
-      return "omnibus" if omnibus_install?
       return "chefdk" if chefdk_install?
       return "habitat" if habitat_install?
 
@@ -36,10 +35,6 @@ module Inspec
       !!src_root.match(%r{hab/pkgs/chef/inspec/\d+\.\d+\.\d+/\d{14}})
     end
 
-    def omnibus_install?
-      !!(src_root.start_with?("/opt/inspec") || src_root.start_with?("C:/opscode/inspec"))
-    end
-
     def rubygem_install?
       !!src_root.match(%r{gems/inspec-\d+\.\d+\.\d+})
     end

data/lib/inspec/utils/profile_ast_helpers.rb

@@ -24,6 +24,37 @@ module Inspec
           @memo = memo
         end
 
+        def extract_node_value(node)
+          case node.class.to_s
+          when "RuboCop::AST::HashNode"
+            # Handle hash nodes
+            values = {}
+            node.children.each do |pair_node|
+              values.merge!(pair_node.key.value => extract_node_value(pair_node.value))
+            end
+            values
+          when "RuboCop::AST::ArrayNode"
+            # Handle array nodes
+            node.children.map { |element| extract_node_value(element) }
+          else
+            # Handle simple nodes (strings, numbers, symbols, booleans, nil, etc.)
+            if node.respond_to?(:type)
+              case node.type
+              when :true
+                true
+              when :false
+                false
+              when :nil
+                nil
+              else
+                node.respond_to?(:value) ? node.value : node
+              end
+            else
+              node.respond_to?(:value) ? node.value : node
+            end
+          end
+        end
+
         def collect_input(input_children)
           input_name = input_children.children[2].value
 
@@ -39,15 +70,9 @@ module Inspec
                 if VALID_INPUT_OPTIONS.include?(child_node.key.value)
                   if child_node.value.class == RuboCop::AST::Node && REQUIRED_VALUES_MAP.key?(child_node.value.type)
                     opts.merge!(child_node.key.value => REQUIRED_VALUES_MAP[child_node.value.type])
-                  elsif child_node.value.class == RuboCop::AST::HashNode
-                    # Here value will be a hash
-                    values = {}
-                    child_node.value.children.each do |grand_child_node|
-                      values.merge!(grand_child_node.key.value => grand_child_node.value.value)
-                    end
-                    opts.merge!(child_node.key.value => values)
                   else
-                    opts.merge!(child_node.key.value => child_node.value.value)
+                    # Use the helper method to recursively extract values from any node type
+                    opts.merge!(child_node.key.value => extract_node_value(child_node.value))
                   end
                 end
               end
@@ -313,8 +338,11 @@ module Inspec
             collectors.push InputCollectorWithinControlBlock.new(@memo)
             collectors.push TestsCollector.new(control_data) if include_tests
 
-            begin_block.each_node do |node_within_control|
-              collectors.each { |collector| collector.process(node_within_control) }
+            # Handle empty control blocks (e.g., control "id" do end)
+            if begin_block
+              begin_block.each_node do |node_within_control|
+                collectors.each { |collector| collector.process(node_within_control) }
+              end
             end
 
             memo[:controls].push control_data

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "7.0.107".freeze
+  VERSION = "7.1.7".freeze
 end

data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb

@@ -57,7 +57,7 @@ module InspecPlugins
         path = profile.root_path
         logger.debug("Setting up #{path} for Habitat...")
 
-        plan_file = File.join(path, "habitat", "plan.sh")
+        plan_file = File.join(path, "habitat", "x86_64-linux", "plan.sh")
         logger.info("Generating Habitat plan at #{plan_file}...")
         vars = {
           profile: profile,

data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb

@@ -426,7 +426,7 @@ module InspecPlugins
                  "at https://github.com/inspec/inspec/issues/new")
         ui.exit Inspec::UI::EXIT_PLUGIN_ERROR
       rescue Inspec::Plugin::V2::InstallError => e
-        # This change is required for Ruby 3.3 upgrade
+        # This change is compatible with various versions of Ruby, including Ruby 3.3
         # Using Inspec::Log::level breaks with error `undefined method nil` in Ruby log library
         Inspec::Log.debug e.backtrace
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 7.0.107
+  version: 7.1.7
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2026-02-20 00:00:00.000000000 Z
+date: 2026-05-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -314,14 +314,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.4'
+        version: '2.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.4'
+        version: '2.9'
 - !ruby/object:Gem::Dependency
   name: parslet
   requirement: !ruby/object:Gem::Requirement