inspec 0.12.0 → 0.14.0

data/test/unit/fetchers/local_test.rb

@@ -0,0 +1,67 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'helper'
+
+describe Fetchers::Local do
+  let(:fetcher) { Fetchers::Local }
+
+  it 'registers with the fetchers registry' do
+    reg = Inspec::Fetcher.registry
+    _(reg['local']).must_equal fetcher
+  end
+
+  describe 'applied to this file' do
+    let(:res) { fetcher.resolve(__FILE__) }
+
+    it 'must be resolved' do
+      _(res).must_be_kind_of fetcher
+    end
+
+    it 'must only contain this file' do
+      _(res.files).must_equal [__FILE__]
+    end
+
+    it 'must not read if the file doesnt exist' do
+      _(res.read('file-does-not-exist')).must_be_nil
+    end
+
+    it 'must not read files not covered' do
+      not_covered = File.expand_path('../tar_test.rb', __FILE__)
+      _(File.file?(not_covered)).must_equal true
+      _(res.read(not_covered)).must_be_nil
+    end
+
+    it 'must read the contents of the file' do
+      _(res.read(__FILE__)).must_equal File.read(__FILE__)
+    end
+  end
+
+  describe 'applied to this folder' do
+    let(:path) { File.dirname(__FILE__) }
+    let(:res) { fetcher.resolve(path) }
+
+    it 'must be resolved' do
+      _(res).must_be_kind_of fetcher
+    end
+
+    it 'must contain all files' do
+      _(res.files).must_include __FILE__
+    end
+
+    it 'must not read if the file doesnt exist' do
+      _(res.read('file-not-in-folder')).must_be_nil
+    end
+
+    it 'must not read files not covered' do
+      not_covered = File.expand_path('../../../helper.rb', __FILE__)
+      _(File.file?(not_covered)).must_equal true
+      _(res.read(not_covered)).must_be_nil
+    end
+
+    it 'must read the contents of the file' do
+      _(res.read(__FILE__)).must_equal File.read(__FILE__)
+    end
+  end
+end

data/test/unit/fetchers/tar_test.rb

@@ -0,0 +1,36 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'helper'
+
+describe Fetchers::Tar do
+  let(:fetcher) { Fetchers::Tar }
+
+  it 'registers with the fetchers registry' do
+    reg = Inspec::Fetcher.registry
+    _(reg['tar']).must_equal fetcher
+  end
+
+  describe 'applied to a zipped archive' do
+    let(:target) { MockLoader.profile_tgz('complete-profile') }
+    let(:res) { fetcher.resolve(target) }
+
+    it 'must be resolved' do
+      _(res).must_be_kind_of fetcher
+    end
+
+    it 'must contain all files' do
+      _(res.files.sort).must_equal %w{inspec.yml libraries libraries/testlib.rb
+        controls controls/filesystem_spec.rb}.sort
+    end
+
+    it 'must not read if the file isnt included' do
+      _(res.read('file-not-in-archive')).must_be_nil
+    end
+
+    it 'must read the contents of the file' do
+      _(res.read('inspec.yml')).must_match /^name: complete$/
+    end
+  end
+end

data/test/unit/fetchers/url_test.rb

@@ -0,0 +1,152 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'helper'
+
+describe Fetchers::Url do
+  let(:fetcher) { Fetchers::Url }
+
+  it 'registers with the fetchers registry' do
+    reg = Inspec::Fetcher.registry
+    _(reg['url']).must_equal fetcher
+  end
+
+  describe 'testing different urls' do
+    let(:mock_file) { MockLoader.profile_path('complete-metadata') }
+    let(:fetcher) {
+      Class.new(Fetchers::Url) do
+        attr_reader :target, :archive
+        def initialize(target, opts)
+          @target = target
+          @archive = File.new(__FILE__)
+        end
+      end
+    }
+
+    it 'handles a http url' do
+      url = 'http://chef.io/some.tar.gz'
+      res = fetcher.resolve(url)
+      _(res).must_be_kind_of Fetchers::Local
+      _(res.parent).must_be_kind_of Fetchers::Url
+      _(res.parent.target).must_equal 'http://chef.io/some.tar.gz'
+    end
+
+    it 'handles a https url' do
+      url = 'https://chef.io/some.tar.gz'
+      res = fetcher.resolve(url)
+      _(res).must_be_kind_of Fetchers::Local
+      _(res.parent).must_be_kind_of Fetchers::Url
+      _(res.parent.target).must_equal 'https://chef.io/some.tar.gz'
+    end
+
+    it 'doesnt handle other schemas' do
+      fetcher.resolve('gopher://chef.io/some.tar.gz').must_be_nil
+    end
+
+    it 'only handles URLs' do
+      fetcher.resolve(__FILE__).must_be_nil
+    end
+
+    %w{https://github.com/chef/inspec
+       https://github.com/chef/inspec.git
+       https://www.github.com/chef/inspec.git
+       http://github.com/chef/inspec
+       http://github.com/chef/inspec.git
+       http://www.github.com/chef/inspec.git}.each do |github|
+      it "resolves a github url #{github}" do
+        res = fetcher.resolve(github)
+        _(res).wont_be_nil
+        _(res.parent.target).must_equal 'https://github.com/chef/inspec/archive/master.tar.gz'
+      end
+    end
+
+    it "resolves a github branch url" do
+      github = 'https://github.com/hardening-io/tests-os-hardening/tree/2.0'
+      res = fetcher.resolve(github)
+      _(res).wont_be_nil
+      _(res.parent.target).must_equal 'https://github.com/hardening-io/tests-os-hardening/archive/2.0.tar.gz'
+    end
+
+    it "resolves a github commit url" do
+      github = 'https://github.com/hardening-io/tests-os-hardening/tree/48bd4388ddffde68badd83aefa654e7af3231876'
+      res = fetcher.resolve(github)
+      _(res).wont_be_nil
+      _(res.parent.target).must_equal 'https://github.com/hardening-io/tests-os-hardening/archive/48bd4388ddffde68badd83aefa654e7af3231876.tar.gz'
+    end
+  end
+
+  describe 'applied to a valid url (mocked tar.gz)' do
+    let(:mock_file) { MockLoader.profile_tgz('complete-profile') }
+    let(:target) { 'http://myurl/file.tar.gz' }
+    let(:res) {
+      mock_open = Minitest::Mock.new
+      mock_open.expect :meta, {'content-type' => 'application/gzip'}
+      mock_open.expect :read, File.read(mock_file)
+      fetcher.expects(:open).returns(mock_open)
+      fetcher.resolve(target)
+    }
+
+    it 'must be resolved to the final format' do
+      _(res).must_be_kind_of Fetchers::Tar
+    end
+
+    it 'must be resolved to the final format' do
+      _(res.parent).must_be_kind_of fetcher
+    end
+
+    it 'must contain all files' do
+      _(res.files.sort).must_equal %w{inspec.yml libraries libraries/testlib.rb
+        controls controls/filesystem_spec.rb}.sort
+    end
+
+    it 'must not read if the file isnt included' do
+      _(res.read('file-not-in-archive')).must_be_nil
+    end
+
+    it 'must read the contents of the file' do
+      _(res.read('inspec.yml')).must_match /^name: complete$/
+    end
+  end
+
+  describe 'applied to a valid url (mocked zip)' do
+    let(:mock_file) { MockLoader.profile_zip('complete-profile') }
+    let(:target) { 'http://myurl/file.tar.gz' }
+    let(:res) {
+      mock_open = Minitest::Mock.new
+      mock_open.expect :meta, {'content-type' => 'application/zip'}
+      mock_open.expect :read, File.read(mock_file)
+      fetcher.expects(:open).returns(mock_open)
+      fetcher.resolve(target)
+    }
+
+    it 'must be resolved to the final format' do
+      _(res).must_be_kind_of Fetchers::Zip
+    end
+
+    it 'must contain all files' do
+      _(res.files.sort).must_equal %w{inspec.yml libraries libraries/testlib.rb
+        controls controls/filesystem_spec.rb}.sort
+    end
+
+    it 'must not read if the file isnt included' do
+      _(res.read('file-not-in-archive')).must_be_nil
+    end
+
+    it 'must read the contents of the file' do
+      _(res.read('inspec.yml')).must_match /^name: complete$/
+    end
+  end
+
+  describe 'applied to a valid url with wrong content-type' do
+    let(:mock_file) { MockLoader.profile_zip('complete-profile') }
+    let(:target) { 'http://myurl/file.tar.gz' }
+
+    it 'must be resolved to the final format' do
+      mock_open = Minitest::Mock.new
+      mock_open.expect :meta, {'content-type' => 'wrong'}
+      fetcher.expects(:open).returns(mock_open)
+      proc { fetcher.resolve(target) }.must_throw RuntimeError
+    end
+  end
+end

data/test/unit/fetchers/zip_test.rb

@@ -0,0 +1,36 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'helper'
+
+describe Fetchers::Zip do
+  let(:fetcher) { Fetchers::Zip }
+
+  it 'registers with the fetchers registry' do
+    reg = Inspec::Fetcher.registry
+    _(reg['zip']).must_equal fetcher
+  end
+
+  describe 'applied to a zipped archive' do
+    let(:target) { MockLoader.profile_zip('complete-profile') }
+    let(:res) { fetcher.resolve(target) }
+
+    it 'must be resolved' do
+      _(res).must_be_kind_of fetcher
+    end
+
+    it 'must contain all files' do
+      _(res.files.sort).must_equal %w{inspec.yml libraries libraries/testlib.rb
+        controls controls/filesystem_spec.rb}.sort
+    end
+
+    it 'must not read if the file isnt included' do
+      _(res.read('file-not-in-archive')).must_be_nil
+    end
+
+    it 'must read the contents of the file' do
+      _(res.read('inspec.yml')).must_match /^name: complete$/
+    end
+  end
+end

data/test/unit/mock/files/passwd

@@ -1,2 +1,2 @@
 root:x:0:0:root:/root:/bin/bash
-www-data:x:33:33:www-data:/var/www:/bin/sh
+www-data:x:33:133:www-data:/var/www:/bin/sh

data/test/unit/mock/files/shadow

@@ -0,0 +1,2 @@
+root:x:1:2:3::::
+www-data:!!:10:20:30:40:50:60:

data/test/unit/mock/profiles/complete-profile/libraries/testlib.rb

@@ -0,0 +1 @@
+# Library resource

data/test/unit/plugin_test.rb

@@ -7,7 +7,6 @@ require 'minitest/autorun'
 require 'minitest/spec'
 require 'mocha/setup'
 
-require 'inspec/targets'
 require 'inspec/plugins/cli'
 require 'thor'
 

data/test/unit/profile_test.rb

@@ -4,35 +4,13 @@
 
 require 'helper'
 require 'inspec/profile_context'
-require 'inspec/runner'
-require 'inspec/runner_mock'
-require 'fileutils'
 
 describe Inspec::Profile do
   let(:logger) { Minitest::Mock.new }
-  let(:home) { File.dirname(__FILE__) }
-
-  def load_profile(name, opts = {})
-    opts[:test_collector] = Inspec::RunnerMock.new
-    Inspec::Profile.from_path("#{home}/mock/profiles/#{name}", opts)
-  end
-
-  def load_profile_tgz(name, opts = {})
-    path = "#{home}/mock/profiles/#{name}"
-    `tar zcvf #{path}.tgz #{path}`
-    load_profile("#{name}.tgz", opts)
-    FileUtils.rm("#{path}.tgz")
-  end
-
-  def load_profile_zip(name, opts = {})
-    path = "#{home}/mock/profiles/#{name}"
-    `zip #{path}.zip #{path}`
-    load_profile("#{name}.zip", opts)
-    FileUtils.rm("#{path}.zip")
-  end
+  let(:home) { MockLoader.home }
 
   describe 'with an empty profile' do
-    let(:profile) { load_profile('empty-metadata') }
+    let(:profile) { MockLoader.load_profile('empty-metadata') }
 
     it 'has no metadata' do
       profile.params[:name].must_be_nil
@@ -44,7 +22,7 @@ describe Inspec::Profile do
   end
 
   describe 'with an empty profile (legacy mode)' do
-    let(:profile) { load_profile('legacy-empty-metadata') }
+    let(:profile) { MockLoader.load_profile('legacy-empty-metadata') }
 
     it 'has no metadata' do
       profile.params[:name].must_be_nil
@@ -57,7 +35,7 @@ describe Inspec::Profile do
 
   describe 'with simple metadata in profile' do
     let(:profile_id) { 'simple-metadata' }
-    let(:profile) { load_profile(profile_id) }
+    let(:profile) { MockLoader.load_profile(profile_id) }
 
     it 'has metadata' do
       profile.params[:name].must_equal 'yumyum profile'
@@ -69,13 +47,13 @@ describe Inspec::Profile do
 
     it 'can overwrite the profile ID' do
       testID = rand.to_s
-      res = load_profile(profile_id, id: testID)
+      res = MockLoader.load_profile(profile_id, id: testID)
       res.params[:name].must_equal testID
     end
   end
 
   describe 'with simple metadata in profile (legacy mode)' do
-    let(:profile) { load_profile('legacy-simple-metadata') }
+    let(:profile) { MockLoader.load_profile('legacy-simple-metadata') }
 
     it 'has metadata' do
       profile.params[:name].must_equal 'metadata profile'
@@ -91,17 +69,16 @@ describe Inspec::Profile do
       let(:profile_id) { 'empty-metadata' }
 
       it 'prints loads of warnings' do
-        inspec_yml = "#{home}/mock/profiles/#{profile_id}/inspec.yml"
         logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
-        logger.expect :error, nil, ["Missing profile name in #{inspec_yml}"]
-        logger.expect :error, nil, ["Missing profile version in #{inspec_yml}"]
-        logger.expect :warn, nil, ["Missing profile title in #{inspec_yml}"]
-        logger.expect :warn, nil, ["Missing profile summary in #{inspec_yml}"]
-        logger.expect :warn, nil, ["Missing profile maintainer in #{inspec_yml}"]
-        logger.expect :warn, nil, ["Missing profile copyright in #{inspec_yml}"]
+        logger.expect :error, nil, ["Missing profile name in inspec.yml"]
+        logger.expect :error, nil, ["Missing profile version in inspec.yml"]
+        logger.expect :warn, nil, ["Missing profile title in inspec.yml"]
+        logger.expect :warn, nil, ["Missing profile summary in inspec.yml"]
+        logger.expect :warn, nil, ["Missing profile maintainer in inspec.yml"]
+        logger.expect :warn, nil, ["Missing profile copyright in inspec.yml"]
         logger.expect :warn, nil, ['No controls or tests were defined.']
 
-        result = load_profile(profile_id, {logger: logger}).check
+        result = MockLoader.load_profile(profile_id, {logger: logger}).check
         # verify logger output
         logger.verify
 
@@ -121,16 +98,16 @@ describe Inspec::Profile do
       it 'prints loads of warnings' do
         metadata_rb = "#{home}/mock/profiles/#{profile_id}/metadata.rb"
         logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
-        logger.expect :error, nil, ["Missing profile name in #{metadata_rb}"]
+        logger.expect :error, nil, ["Missing profile name in metadata.rb"]
         logger.expect :warn, nil, ['The use of `metadata.rb` is deprecated. Use `inspec.yml`.']
-        logger.expect :error, nil, ["Missing profile version in #{metadata_rb}"]
-        logger.expect :warn, nil, ["Missing profile title in #{metadata_rb}"]
-        logger.expect :warn, nil, ["Missing profile summary in #{metadata_rb}"]
-        logger.expect :warn, nil, ["Missing profile maintainer in #{metadata_rb}"]
-        logger.expect :warn, nil, ["Missing profile copyright in #{metadata_rb}"]
+        logger.expect :error, nil, ["Missing profile version in metadata.rb"]
+        logger.expect :warn, nil, ["Missing profile title in metadata.rb"]
+        logger.expect :warn, nil, ["Missing profile summary in metadata.rb"]
+        logger.expect :warn, nil, ["Missing profile maintainer in metadata.rb"]
+        logger.expect :warn, nil, ["Missing profile copyright in metadata.rb"]
         logger.expect :warn, nil, ['No controls or tests were defined.']
 
-        result = load_profile(profile_id, {logger: logger}).check
+        result = MockLoader.load_profile(profile_id, {logger: logger}).check
         # verify logger output
         logger.verify
 
@@ -146,7 +123,7 @@ describe Inspec::Profile do
 
     describe 'a complete metadata profile' do
       let(:profile_id) { 'complete-metadata' }
-      let(:profile) { load_profile(profile_id, {logger: logger}) }
+      let(:profile) { MockLoader.load_profile(profile_id, {logger: logger}) }
 
       it 'prints ok messages' do
         logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
@@ -170,7 +147,7 @@ describe Inspec::Profile do
 
     describe 'a complete metadata profile (legacy mode)' do
       let(:profile_id) { 'legacy-complete-metadata' }
-      let(:profile) { load_profile(profile_id, {logger: logger}) }
+      let(:profile) { MockLoader.load_profile(profile_id, {logger: logger}) }
 
       it 'prints ok messages' do
         logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
@@ -206,10 +183,10 @@ describe Inspec::Profile do
         logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
         logger.expect :info, nil, ['Metadata OK.']
         logger.expect :info, nil, ['Found 1 controls.']
-        logger.expect :info, nil, ["Verify all controls in #{home}/mock/profiles/#{profile_id}/controls/filesystem_spec.rb"]
+        logger.expect :info, nil, ["Verify all controls in controls/filesystem_spec.rb"]
         logger.expect :info, nil, ['Control definitions OK.']
 
-        result = load_profile(profile_id, {logger: logger}).check
+        result = MockLoader.load_profile(profile_id, {logger: logger}).check
         # verify logger output
         logger.verify
 
@@ -225,16 +202,17 @@ describe Inspec::Profile do
 
     describe 'a complete metadata profile with controls in a tarball' do
       let(:profile_id) { 'complete-profile' }
-      let(:profile) { load_profile_tgz(profile_id, {logger: logger}) }
+      let(:profile_path) { MockLoader.profile_tgz(profile_id) }
+      let(:profile) { MockLoader.load_profile(profile_path, {logger: logger}) }
 
       it 'prints ok messages and counts the rules' do
         logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
         logger.expect :info, nil, ['Metadata OK.']
         logger.expect :info, nil, ['Found 1 controls.']
-        logger.expect :info, nil, ["Verify all controls in #{home}/mock/profiles/#{profile_id}/controls/filesystem_spec.rb"]
+        logger.expect :info, nil, ["Verify all controls in controls/filesystem_spec.rb"]
         logger.expect :info, nil, ['Control definitions OK.']
 
-        result = load_profile(profile_id, {logger: logger}).check
+        result = MockLoader.load_profile(profile_id, {logger: logger}).check
         # verify logger output
         logger.verify
 
@@ -250,16 +228,17 @@ describe Inspec::Profile do
 
     describe 'a complete metadata profile with controls in zipfile' do
       let(:profile_id) { 'complete-profile' }
-      let(:profile) { load_profile_zip(profile_id, {logger: logger}) }
+      let(:profile_path) { MockLoader.profile_zip(profile_id) }
+      let(:profile) { MockLoader.load_profile(profile_path, {logger: logger}) }
 
       it 'prints ok messages and counts the rules' do
         logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
         logger.expect :info, nil, ['Metadata OK.']
         logger.expect :info, nil, ['Found 1 controls.']
-        logger.expect :info, nil, ["Verify all controls in #{home}/mock/profiles/#{profile_id}/controls/filesystem_spec.rb"]
+        logger.expect :info, nil, ["Verify all controls in controls/filesystem_spec.rb"]
         logger.expect :info, nil, ['Control definitions OK.']
 
-        result = load_profile(profile_id, {logger: logger}).check
+        result = MockLoader.load_profile(profile_id, {logger: logger}).check
         # verify logger output
         logger.verify