inspec 0.12.0 → 0.14.0

data/lib/bundles/inspec-compliance/target.rb

@@ -3,59 +3,43 @@
 # author: Dominik Richter
 
 require 'uri'
+require 'inspec/fetcher'
+require 'fetchers/url'
 
 # InSpec Target Helper for Chef Compliance
 # reuses UrlHelper, but it knows the target server and the access token already
 # similar to `inspec exec http://localhost:2134/owners/%base%/compliance/%ssh%/tar --user %token%`
 module Compliance
-  class ChefComplianceHelper < Inspec::Targets::UrlHelper
-    def handles?(target)
+  class Fetcher < Fetchers::Url
+    name 'compliance'
+    priority 500
+
+    def self.resolve(target, opts = {})
       # check for local scheme compliance://
       uri = URI(target)
-      return unless URI(uri).scheme == 'compliance'
+      return nil unless URI(uri).scheme == 'compliance'
 
       # check if we have a compliance token
       config = Compliance::Configuration.new
-      return if config['token'].nil?
-
-      # get profile name
-      profile = get_profile_name(uri)
+      return nil if config['token'].nil?
 
       # verifies that the target e.g base/ssh exists
+      profile = uri.host + uri.path
       Compliance::API.exist?(profile)
-    rescue URI::Error => _e
-      false
-    end
 
-    # generates proper url
-    def resolve(target, opts = {})
-      profile = get_profile_name(URI(target))
-      # generates server url
-      target = build_target_url(profile)
-      config = Compliance::Configuration.new
       opts['user'] = config['token']
-      puts target
-      super(target, opts)
+      super(target_url(config, profile), opts)
+    rescue URI::Error => _e
+      nil
     end
 
-    # extracts profile name from url
-    def get_profile_name(uri)
-      uri.host + uri.path
-    end
-
-    def build_target_url(target)
-      owner, profile = target.split('/')
-      config = Compliance::Configuration.new
-      url = "#{config['server']}/owners/%owner_name%/compliance/%profile_name%/tar"
-            .gsub('%owner_name%', owner)
-            .gsub('%profile_name%', profile)
-      url
+    def self.target_url(config, profile)
+      owner, id = profile.split('/')
+      "#{config['server']}/owners/#{owner}/compliance/#{id}/tar"
     end
 
     def to_s
       'Chef Compliance Profile Loader'
     end
   end
-
-  Inspec::Targets.add_module('chefcompliance', ChefComplianceHelper.new)
 end

data/lib/bundles/inspec-init/cli.rb

@@ -1,6 +1,8 @@
 # encoding: utf-8
 # author: Christoph Hartmann
 
+require 'pathname'
+
 module Init
   class CLI < Inspec::BaseCLI
     namespace 'init'

data/lib/bundles/inspec-supermarket.rb

@@ -0,0 +1,13 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+libdir = File.dirname(__FILE__)
+$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
+
+module Supermarket
+  autoload :API, 'inspec-supermarket/api'
+end
+
+require 'inspec-supermarket/cli'
+require 'inspec-supermarket/target'

data/lib/bundles/inspec-supermarket/api.rb

@@ -2,6 +2,8 @@
 # author: Christoph Hartmann
 # author: Dominik Richter
 
+require 'net/http'
+
 module Supermarket
   class API
     SUPERMARKET_URL = 'https://supermarket.chef.io'.freeze

data/lib/bundles/inspec-supermarket/cli.rb

@@ -29,7 +29,7 @@ module Supermarket
 
       # execute profile from inspec exec implementation
       diagnose
-      run_tests(opts, tests)
+      run_tests(tests, opts)
     end
 
     desc 'info profile', 'display profile details'
@@ -45,5 +45,5 @@ module Supermarket
   end
 
   # register the subcommand to Inspec CLI registry
-  Inspec::Plugins::CLI.add_subcommand(Supermarket::SupermarketCLI, 'supermarket', 'supermarket SUBCOMMAND ...', 'Supermarket commands', {})
+  Inspec::Plugins::CLI.add_subcommand(SupermarketCLI, 'supermarket', 'supermarket SUBCOMMAND ...', 'Supermarket commands', {})
 end

data/lib/bundles/inspec-supermarket/target.rb

@@ -3,30 +3,26 @@
 # author: Dominik Richter
 
 require 'uri'
+require 'inspec/fetcher'
+require 'fetchers/url'
 
 # InSpec Target Helper for Supermarket
 module Supermarket
-  class SupermarketHelper < Inspec::Targets::UrlHelper
-    def handles?(profile)
-      # check for local scheme supermarket://
-      return unless URI(profile).scheme == 'supermarket'
+  class Fetcher < Fetchers::Url
+    name 'supermarket'
+    priority 500
 
-      # verifies that the target e.g base/ssh exists
-      Supermarket::API.exist?(profile)
-    rescue URI::Error => _e
-      false
-    end
-
-    # generates proper url
-    def resolve(profile, opts = {})
-      tool_info = Supermarket::API.find(profile)
+    def self.resolve(target, opts = {})
+      return nil unless URI(target).scheme == 'supermarket'
+      return nil unless Supermarket::API.exist?(target)
+      tool_info = Supermarket::API.find(target)
       super(tool_info['tool_source_url'], opts)
+    rescue URI::Error => _e
+      nil
     end
 
     def to_s
       'Chef Compliance Profile Loader'
     end
   end
-
-  Inspec::Targets.add_module('supermarket', Supermarket::SupermarketHelper.new)
 end

data/lib/fetchers/local.rb

@@ -0,0 +1,31 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+module Fetchers
+  class Local < Inspec.fetcher(1)
+    name 'local'
+    priority 0
+
+    attr_reader :files
+
+    def self.resolve(target)
+      return nil unless File.exist?(target)
+      new(target)
+    end
+
+    def initialize(target)
+      if File.file?(target)
+        @files = [target]
+      else
+        @files = Dir[File.join(target, '**', '*')]
+      end
+    end
+
+    def read(file)
+      return nil unless files.include?(file)
+      return nil unless File.file?(file)
+      File.read(file)
+    end
+  end
+end

data/lib/fetchers/tar.rb

@@ -0,0 +1,48 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'rubygems/package'
+require 'zlib'
+
+module Fetchers
+  class Tar < Inspec.fetcher(1)
+    name 'tar'
+    priority 100
+
+    attr_reader :files
+
+    def self.resolve(target)
+      return nil unless File.file?(target)
+      return nil unless target.end_with?('.tar.gz', '.tgz')
+      new(target)
+    end
+
+    def initialize(target)
+      @target = target
+      @contents = {}
+      @files = []
+      Gem::Package::TarReader.new(Zlib::GzipReader.open(@target)) do |tar|
+        @files = tar.map(&:full_name)
+      end
+    end
+
+    def read(file)
+      @contents[file] ||= read_from_tar(file)
+    end
+
+    def read_from_tar(file)
+      return nil unless @files.include?(file)
+      res = nil
+      # NB `TarReader` includes `Enumerable` beginning with Ruby 2.x
+      Gem::Package::TarReader.new(Zlib::GzipReader.open(@target)) do |tar|
+        tar.each do |entry|
+          next unless entry.file? && file == entry.full_name
+          res = entry.read
+          break
+        end
+      end
+      res
+    end
+  end
+end

data/lib/fetchers/url.rb

@@ -0,0 +1,100 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'uri'
+require 'tempfile'
+require 'open-uri'
+
+module Fetchers
+  class Url < Inspec.fetcher(1)
+    name 'url'
+    priority 200
+
+    attr_reader :files
+
+    def self.resolve(target, opts = {})
+      uri = URI.parse(target)
+      return nil if uri.nil? or uri.scheme.nil?
+      return nil unless %{ http https }.include? uri.scheme
+      target = transform(target)
+      # fetch this url and hand it off
+      res = new(target, opts)
+      resolve_next(res.archive.path, res)
+    rescue URI::Error => _e
+      nil
+    end
+
+    # Transforms a browser github url to github tar url
+    # We distinguish between three different Github URL types:
+    #  - Master URL
+    #  - Branch URL
+    #  - Commit URL
+    #
+    # master url:
+    # https://github.com/nathenharvey/tmp_compliance_profile/ is transformed to
+    # https://github.com/nathenharvey/tmp_compliance_profile/archive/master.tar.gz
+    #
+    # github branch:
+    # https://github.com/hardening-io/tests-os-hardening/tree/2.0 is transformed to
+    # https://github.com/hardening-io/tests-os-hardening/archive/2.0.tar.gz
+    #
+    # github commit:
+    # https://github.com/hardening-io/tests-os-hardening/tree/48bd4388ddffde68badd83aefa654e7af3231876
+    # is transformed to
+    # https://github.com/hardening-io/tests-os-hardening/archive/48bd4388ddffde68badd83aefa654e7af3231876.tar.gz
+    def self.transform(target)
+      # support for default github url
+      m = %r{^https?://(www\.)?github\.com/(?<user>[\w-]+)/(?<repo>[\w-]+)(\.git)?(/)?$}.match(target)
+      return "https://github.com/#{m[:user]}/#{m[:repo]}/archive/master.tar.gz" if m
+
+      # support for branch and commit urls
+      m = %r{^https?://(www\.)?github\.com/(?<user>[\w-]+)/(?<repo>[\w-]+)/tree/(?<commit>[\w\.]+)(/)?$}.match(target)
+      return "https://github.com/#{m[:user]}/#{m[:repo]}/archive/#{m[:commit]}.tar.gz" if m
+
+      # if we could not find a match, return the original value
+      target
+    end
+
+    MIME_TYPES = {
+      'application/x-zip-compressed' => '.zip',
+      'application/zip' => '.zip',
+      'application/x-gzip' => '.tar.gz',
+      'application/gzip' => '.tar.gz',
+    }.freeze
+
+    # download url into archive using opts,
+    # returns File object and content-type from HTTP headers
+    def self.download_archive(url, opts)
+      remote = open(
+        url,
+        http_basic_authentication: [opts['user'] || '', opts['password'] || ''],
+      )
+
+      content_type = remote.meta['content-type']
+      file_type = MIME_TYPES[content_type] ||
+                  throw(RuntimeError, 'Failed to resolve URL target, its '\
+                  "metadata did not match ZIP or TAR: #{content_type}")
+
+      # fall back to tar
+      if file_type.nil?
+        fail "Could not determine file type for content type #{content_type}."
+      end
+
+      # download content
+      archive = Tempfile.new(['inspec-dl-', file_type])
+      archive.binmode
+      archive.write(remote.read)
+      archive.rewind
+      archive.close
+      archive
+    end
+
+    attr_reader :archive
+
+    def initialize(url, opts)
+      @target = url
+      @archive = self.class.download_archive(url, opts)
+    end
+  end
+end

data/lib/fetchers/zip.rb

@@ -0,0 +1,47 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'zip'
+
+module Fetchers
+  class Zip < Inspec.fetcher(1)
+    name 'zip'
+    priority 100
+
+    attr_reader :files
+
+    def self.resolve(target)
+      return nil unless File.file?(target) and target.end_with?('.zip')
+      new(target)
+    end
+
+    def initialize(target)
+      @target = target
+      @contents = {}
+      @files = []
+      ::Zip::InputStream.open(@target) do |io|
+        while (entry = io.get_next_entry)
+          @files.push(entry.name.sub(%r{/+$}, ''))
+        end
+      end
+    end
+
+    def read(file)
+      @contents[file] ||= read_from_zip(file)
+    end
+
+    def read_from_zip(file)
+      return nil unless @files.include?(file)
+      res = nil
+      ::Zip::InputStream.open(@target) do |io|
+        while (entry = io.get_next_entry)
+          next unless file == entry.name
+          res = io.read
+          break
+        end
+      end
+      res
+    end
+  end
+end

data/lib/inspec.rb

@@ -20,8 +20,7 @@ require 'inspec/shell'
 
 # all utils that may be required by plugins
 require 'utils/base_cli'
-
-# ensure resource and plugins are loaded after runner, because the runner loads
-# targets
+require 'inspec/fetcher'
+require 'inspec/source_reader'
 require 'inspec/resource'
 require 'inspec/plugins'

data/lib/inspec/fetcher.rb

@@ -0,0 +1,22 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'inspec/plugins'
+require 'utils/plugin_registry'
+
+module Inspec
+  Fetcher = PluginRegistry.new
+
+  def self.fetcher(version)
+    if version != 1
+      fail 'Only fetcher version 1 is supported!'
+    end
+    Inspec::Plugins::Fetcher
+  end
+end
+
+require 'fetchers/local'
+require 'fetchers/zip'
+require 'fetchers/tar'
+require 'fetchers/url'

data/lib/inspec/metadata.rb

@@ -140,8 +140,10 @@ module Inspec
     end
 
     def self.finalize(metadata, profile_id)
-      metadata.params['name'] = profile_id.to_s unless profile_id.to_s.empty?
-      metadata.params = symbolize_keys(metadata.params || {})
+      param = metadata.params || {}
+      param['name'] = profile_id.to_s unless profile_id.to_s.empty?
+      param['version'] = param['version'].to_s unless param['version'].nil?
+      metadata.params = symbolize_keys(param)
       metadata
     end