inspec 0.14.8 → 0.15.0

data/lib/resources/parse_config.rb

@@ -13,77 +13,79 @@
 #  }
 #  describe parse_config(audit, options ) do
 
-class PConfig < Inspec.resource(1)
-  name 'parse_config'
-  desc 'Use the parse_config InSpec audit resource to test arbitrary configuration files.'
-  example "
-    output = command('some-command').stdout
+module Inspec::Resources
+  class PConfig < Inspec.resource(1)
+    name 'parse_config'
+    desc 'Use the parse_config InSpec audit resource to test arbitrary configuration files.'
+    example "
+      output = command('some-command').stdout
 
-    describe parse_config(output, { data_config_option: value } ) do
-      its('setting') { should eq 1 }
-    end
-  "
+      describe parse_config(output, { data_config_option: value } ) do
+        its('setting') { should eq 1 }
+      end
+    "
 
-  def initialize(content = nil, useropts = nil)
-    @opts = {}
-    @opts = useropts.dup unless useropts.nil?
-    @files_contents = {}
-    @params = nil
+    def initialize(content = nil, useropts = nil)
+      @opts = {}
+      @opts = useropts.dup unless useropts.nil?
+      @files_contents = {}
+      @params = nil
 
-    @content = content
-    read_content if @content.nil?
-  end
+      @content = content
+      read_content if @content.nil?
+    end
 
-  def method_missing(name)
-    @params || read_content
-    @params[name.to_s]
-  end
+    def method_missing(name)
+      @params || read_content
+      @params[name.to_s]
+    end
 
-  def parse_file(conf_path)
-    @conf_path = conf_path
+    def parse_file(conf_path)
+      @conf_path = conf_path
 
-    # read the file
-    if !inspec.file(conf_path).file?
-      return skip_resource "Can't find file \"#{conf_path}\""
-    end
-    @content = read_file(conf_path)
-    if @content.empty? && inspec.file(conf_path).size > 0
-      return skip_resource "Can't read file \"#{conf_path}\""
+      # read the file
+      if !inspec.file(conf_path).file?
+        return skip_resource "Can't find file \"#{conf_path}\""
+      end
+      @content = read_file(conf_path)
+      if @content.empty? && inspec.file(conf_path).size > 0
+        return skip_resource "Can't read file \"#{conf_path}\""
+      end
+
+      read_content
     end
 
-    read_content
-  end
+    def read_file(path)
+      @files_contents[path] ||= inspec.file(path).content
+    end
 
-  def read_file(path)
-    @files_contents[path] ||= inspec.file(path).content
-  end
+    def read_content
+      # parse the file
+      @params = SimpleConfig.new(@content, @opts).params
+      @content
+    end
 
-  def read_content
-    # parse the file
-    @params = SimpleConfig.new(@content, @opts).params
-    @content
+    def to_s
+      "Parse Config #{@conf_path}"
+    end
   end
 
-  def to_s
-    "Parse Config #{@conf_path}"
-  end
-end
+  class PConfigFile < PConfig
+    name 'parse_config_file'
+    desc 'Use the parse_config_file InSpec audit resource to test arbitrary configuration files. It works identiacal to parse_config. Instead of using a command output, this resource works with files.'
+    example "
+      describe parse_config_file('/path/to/file') do
+        its('setting') { should eq 1 }
+      end
+    "
 
-class PConfigFile < PConfig
-  name 'parse_config_file'
-  desc 'Use the parse_config_file InSpec audit resource to test arbitrary configuration files. It works identiacal to parse_config. Instead of using a command output, this resource works with files.'
-  example "
-    describe parse_config_file('/path/to/file') do
-      its('setting') { should eq 1 }
+    def initialize(path, opts = nil)
+      super(nil, opts)
+      parse_file(path)
     end
-  "
-
-  def initialize(path, opts = nil)
-    super(nil, opts)
-    parse_file(path)
-  end
 
-  def to_s
-    "Parse Config File #{@conf_path}"
+    def to_s
+      "Parse Config File #{@conf_path}"
+    end
   end
 end

data/lib/resources/passwd.rb

@@ -15,112 +15,114 @@
 
 require 'utils/parser'
 
-class Passwd < Inspec.resource(1)
-  name 'passwd'
-  desc 'Use the passwd InSpec audit resource to test the contents of /etc/passwd, which contains the following information for users that may log into the system and/or as users that own running processes.'
-  example "
-    describe passwd do
-      its('users') { should_not include 'forbidden_user' }
-    end
+module Inspec::Resources
+  class Passwd < Inspec.resource(1)
+    name 'passwd'
+    desc 'Use the passwd InSpec audit resource to test the contents of /etc/passwd, which contains the following information for users that may log into the system and/or as users that own running processes.'
+    example "
+      describe passwd do
+        its('users') { should_not include 'forbidden_user' }
+      end
 
-    describe passwd.uids(0) do
-      its('users') { should cmp 'root' }
-      its('count') { should eq 1 }
-    end
+      describe passwd.uids(0) do
+        its('users') { should cmp 'root' }
+        its('count') { should eq 1 }
+      end
 
-    describe passwd.shells(/nologin/) do
-      # find all users with a nologin shell
-      its('users') { should_not include 'my_login_user' }
+      describe passwd.shells(/nologin/) do
+        # find all users with a nologin shell
+        its('users') { should_not include 'my_login_user' }
+      end
+    "
+
+    include PasswdParser
+
+    attr_reader :uid
+    attr_reader :params
+    attr_reader :content
+    attr_reader :lines
+
+    def initialize(path = nil, opts = nil)
+      opts ||= {}
+      @path = path || '/etc/passwd'
+      @content = opts[:content] || inspec.file(@path).content
+      @lines = @content.to_s.split("\n")
+      @filters = opts[:filters] || ''
+      @params = parse_passwd(@content)
     end
-  "
-
-  include PasswdParser
-
-  attr_reader :uid
-  attr_reader :params
-  attr_reader :content
-  attr_reader :lines
-
-  def initialize(path = nil, opts = nil)
-    opts ||= {}
-    @path = path || '/etc/passwd'
-    @content = opts[:content] || inspec.file(@path).content
-    @lines = @content.to_s.split("\n")
-    @filters = opts[:filters] || ''
-    @params = parse_passwd(@content)
-  end
 
-  def filter(hm = {})
-    return self if hm.nil? || hm.empty?
-    res = @params
-    filters = ''
-    hm.each do |attr, condition|
-      condition = condition.to_s if condition.is_a? Integer
-      filters += " #{attr} = #{condition.inspect}"
-      res = res.find_all do |line|
-        case line[attr.to_s]
-        when condition
-          true
-        else
-          false
+    def filter(hm = {})
+      return self if hm.nil? || hm.empty?
+      res = @params
+      filters = ''
+      hm.each do |attr, condition|
+        condition = condition.to_s if condition.is_a? Integer
+        filters += " #{attr} = #{condition.inspect}"
+        res = res.find_all do |line|
+          case line[attr.to_s]
+          when condition
+            true
+          else
+            false
+          end
         end
       end
+      content = res.map { |x| x.values.join(':') }.join("\n")
+      Passwd.new(@path, content: content, filters: @filters + filters)
     end
-    content = res.map { |x| x.values.join(':') }.join("\n")
-    Passwd.new(@path, content: content, filters: @filters + filters)
-  end
 
-  def usernames
-    warn '[DEPRECATION] `passwd.usernames` is deprecated. Please use `passwd.users` instead. It will be removed in version 1.0.0.'
-    users
-  end
+    def usernames
+      warn '[DEPRECATION] `passwd.usernames` is deprecated. Please use `passwd.users` instead. It will be removed in version 1.0.0.'
+      users
+    end
 
-  def username
-    warn '[DEPRECATION] `passwd.user` is deprecated. Please use `passwd.users` instead. It will be removed in version 1.0.0.'
-    users[0]
-  end
+    def username
+      warn '[DEPRECATION] `passwd.user` is deprecated. Please use `passwd.users` instead. It will be removed in version 1.0.0.'
+      users[0]
+    end
 
-  def uid(x)
-    warn '[DEPRECATION] `passwd.uid(arg)` is deprecated. Please use `passwd.uids(arg)` instead. It will be removed in version 1.0.0.'
-    uids(x)
-  end
+    def uid(x)
+      warn '[DEPRECATION] `passwd.uid(arg)` is deprecated. Please use `passwd.uids(arg)` instead. It will be removed in version 1.0.0.'
+      uids(x)
+    end
 
-  def users(name = nil)
-    name.nil? ? map_data('user') : filter(user: name)
-  end
+    def users(name = nil)
+      name.nil? ? map_data('user') : filter(user: name)
+    end
 
-  def passwords(password = nil)
-    password.nil? ? map_data('password') : filter(password: password)
-  end
+    def passwords(password = nil)
+      password.nil? ? map_data('password') : filter(password: password)
+    end
 
-  def uids(uid = nil)
-    uid.nil? ? map_data('uid') : filter(uid: uid)
-  end
+    def uids(uid = nil)
+      uid.nil? ? map_data('uid') : filter(uid: uid)
+    end
 
-  def gids(gid = nil)
-    gid.nil? ? map_data('gid') : filter(gid: gid)
-  end
+    def gids(gid = nil)
+      gid.nil? ? map_data('gid') : filter(gid: gid)
+    end
 
-  def homes(home = nil)
-    home.nil? ? map_data('home') : filter(home: home)
-  end
+    def homes(home = nil)
+      home.nil? ? map_data('home') : filter(home: home)
+    end
 
-  def shells(shell = nil)
-    shell.nil? ? map_data('shell') : filter(shell: shell)
-  end
+    def shells(shell = nil)
+      shell.nil? ? map_data('shell') : filter(shell: shell)
+    end
 
-  def to_s
-    f = @filters.empty? ? '' : ' with'+@filters
-    "/etc/passwd#{f}"
-  end
+    def to_s
+      f = @filters.empty? ? '' : ' with'+@filters
+      "/etc/passwd#{f}"
+    end
 
-  def count
-    @params.length
-  end
+    def count
+      @params.length
+    end
 
-  private
+    private
 
-  def map_data(id)
-    @params.map { |x| x[id] }
+    def map_data(id)
+      @params.map { |x| x[id] }
+    end
   end
 end

data/lib/resources/pip.rb

@@ -7,75 +7,77 @@
 #   it { should be_installed }
 # end
 #
-class PipPackage < Inspec.resource(1)
-  name 'pip'
-  desc 'Use the pip InSpec audit resource to test packages that are installed using the pip installer.'
-  example "
-    describe pip('Jinja2') do
-      it { should be_installed }
-    end
-  "
+module Inspec::Resources
+  class PipPackage < Inspec.resource(1)
+    name 'pip'
+    desc 'Use the pip InSpec audit resource to test packages that are installed using the pip installer.'
+    example "
+      describe pip('Jinja2') do
+        it { should be_installed }
+      end
+    "
 
-  def initialize(package_name)
-    @package_name = package_name
-  end
+    def initialize(package_name)
+      @package_name = package_name
+    end
 
-  def info
-    return @info if defined?(@info)
+    def info
+      return @info if defined?(@info)
 
-    @info = {}
-    @info[:type] = 'pip'
-    cmd = inspec.command("#{pip_cmd} show #{@package_name}")
-    return @info if cmd.exit_status != 0
+      @info = {}
+      @info[:type] = 'pip'
+      cmd = inspec.command("#{pip_cmd} show #{@package_name}")
+      return @info if cmd.exit_status != 0
 
-    params = SimpleConfig.new(
-      cmd.stdout,
-      assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
-      multiple_values: false,
-    ).params
-    @info[:name] = params['Name']
-    @info[:version] = params['Version']
-    @info[:installed] = true
-    @info
-  end
+      params = SimpleConfig.new(
+        cmd.stdout,
+        assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+        multiple_values: false,
+      ).params
+      @info[:name] = params['Name']
+      @info[:version] = params['Version']
+      @info[:installed] = true
+      @info
+    end
 
-  def installed?
-    info[:installed] == true
-  end
+    def installed?
+      info[:installed] == true
+    end
 
-  def version
-    info[:version]
-  end
+    def version
+      info[:version]
+    end
 
-  def to_s
-    "Pip Package  #{@package_name}"
-  end
+    def to_s
+      "Pip Package  #{@package_name}"
+    end
 
-  private
+    private
 
-  def pip_cmd
-    # Pip is not on the default path for Windows, therefore we do some logic
-    # to find the binary on Windows
-    family = inspec.os[:family]
-    case family
-    when 'windows'
-      # we need to detect the pip command on Windows
-      cmd = inspec.command('New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Pip -Value (Invoke-Command -ScriptBlock {where.exe pip}) -PassThru | Add-Member -MemberType NoteProperty -Name Python -Value (Invoke-Command -ScriptBlock {where.exe python}) -PassThru | ConvertTo-Json')
-      begin
-        paths = JSON.parse(cmd.stdout)
-        # use pip if it on system path
-        pipcmd = paths['Pip']
-        # calculate path on windows
-        if defined?(paths['Python']) && pipcmd.nil?
-          pipdir = paths['Python'].split('\\')
-          # remove python.exe
-          pipdir.pop
-          pipcmd = pipdir.push('Scripts').push('pip.exe').join('/')
+    def pip_cmd
+      # Pip is not on the default path for Windows, therefore we do some logic
+      # to find the binary on Windows
+      family = inspec.os[:family]
+      case family
+      when 'windows'
+        # we need to detect the pip command on Windows
+        cmd = inspec.command('New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Pip -Value (Invoke-Command -ScriptBlock {where.exe pip}) -PassThru | Add-Member -MemberType NoteProperty -Name Python -Value (Invoke-Command -ScriptBlock {where.exe python}) -PassThru | ConvertTo-Json')
+        begin
+          paths = JSON.parse(cmd.stdout)
+          # use pip if it on system path
+          pipcmd = paths['Pip']
+          # calculate path on windows
+          if defined?(paths['Python']) && pipcmd.nil?
+            pipdir = paths['Python'].split('\\')
+            # remove python.exe
+            pipdir.pop
+            pipcmd = pipdir.push('Scripts').push('pip.exe').join('/')
+          end
+        rescue JSON::ParserError => _e
+          return nil
         end
-      rescue JSON::ParserError => _e
-        return nil
       end
+      pipcmd || 'pip'
     end
-    pipcmd || 'pip'
   end
 end