inspec 0.14.8 → 0.15.0

data/lib/resources/bond.rb

@@ -5,7 +5,7 @@
 require 'resources/file'
 
 module Inspec::Resources
-  class Bond < File
+  class Bond < FileResource
     name 'bond'
     desc 'Use the bond InSpec audit resource to test a logical, bonded network interface (i.e. "two or more network interfaces aggregated into a single, logical network interface"). On Linux platforms, any value in the /proc/net/bonding directory may be tested.'
     example "

data/lib/resources/bridge.rb

@@ -8,114 +8,116 @@
 #   it { should have_interface 'eth0' }
 # end
 
-class Bridge < Inspec.resource(1)
-  name 'bridge'
-  desc 'Use the bridge InSpec audit resource to test basic network bridge properties, such as name, if an interface is defined, and the associations for any defined interface.'
-  example "
-    describe bridge 'br0' do
-      it { should exist }
-      it { should have_interface 'eth0' }
+module Inspec::Resources
+  class Bridge < Inspec.resource(1)
+    name 'bridge'
+    desc 'Use the bridge InSpec audit resource to test basic network bridge properties, such as name, if an interface is defined, and the associations for any defined interface.'
+    example "
+      describe bridge 'br0' do
+        it { should exist }
+        it { should have_interface 'eth0' }
+      end
+    "
+
+    def initialize(bridge_name)
+      @bridge_name = bridge_name
+
+      @bridge_provider = nil
+      if inspec.os.linux?
+        @bridge_provider = LinuxBridge.new(inspec)
+      elsif inspec.os.windows?
+        @bridge_provider = WindowsBridge.new(inspec)
+      else
+        return skip_resource 'The `bridge` resource is not supported on your OS yet.'
+      end
     end
-  "
-
-  def initialize(bridge_name)
-    @bridge_name = bridge_name
-
-    @bridge_provider = nil
-    if inspec.os.linux?
-      @bridge_provider = LinuxBridge.new(inspec)
-    elsif inspec.os.windows?
-      @bridge_provider = WindowsBridge.new(inspec)
-    else
-      return skip_resource 'The `bridge` resource is not supported on your OS yet.'
-    end
-  end
-
-  def exists?
-    !bridge_info.nil? && !bridge_info[:name].nil?
-  end
-
-  def has_interface?(interface)
-    return skip_resource 'The `bridge` resource does not provide interface detection for Windows yet' if inspec.os.windows?
-    bridge_info.nil? ? false : bridge_info[:interfaces].include?(interface)
-  end
 
-  def interfaces
-    bridge_info.nil? ? nil : bridge_info[:interfaces]
-  end
+    def exists?
+      !bridge_info.nil? && !bridge_info[:name].nil?
+    end
 
-  def to_s
-    "Bridge #{@bridge_name}"
-  end
+    def has_interface?(interface)
+      return skip_resource 'The `bridge` resource does not provide interface detection for Windows yet' if inspec.os.windows?
+      bridge_info.nil? ? false : bridge_info[:interfaces].include?(interface)
+    end
 
-  private
+    def interfaces
+      bridge_info.nil? ? nil : bridge_info[:interfaces]
+    end
 
-  def bridge_info
-    return @cache if defined?(@cache)
-    @cache = @bridge_provider.bridge_info(@bridge_name) if !@bridge_provider.nil?
-  end
-end
+    def to_s
+      "Bridge #{@bridge_name}"
+    end
 
-class BridgeDetection
-  attr_reader :inspec
-  def initialize(inspec)
-    @inspec = inspec
-  end
-end
+    private
 
-# Linux Bridge
-# If /sys/class/net/{interface}/bridge exists then it must be a bridge
-# /sys/class/net/{interface}/brif contains the network interfaces
-# @see http://www.tldp.org/HOWTO/BRIDGE-STP-HOWTO/set-up-the-bridge.html
-# @see http://unix.stackexchange.com/questions/40560/how-to-know-if-a-network-interface-is-tap-tun-bridge-or-physical
-class LinuxBridge < BridgeDetection
-  def bridge_info(bridge_name)
-    # read bridge information
-    bridge = inspec.file("/sys/class/net/#{bridge_name}/bridge").directory?
-    return nil unless bridge
-
-    # load interface names
-    interfaces = inspec.command("ls -1 /sys/class/net/#{bridge_name}/brif/")
-    interfaces = interfaces.stdout.chomp.split("\n")
-    {
-      name: bridge_name,
-      interfaces: interfaces,
-    }
+    def bridge_info
+      return @cache if defined?(@cache)
+      @cache = @bridge_provider.bridge_info(@bridge_name) if !@bridge_provider.nil?
+    end
   end
-end
 
-# Windows Bridge
-# select netadapter by adapter binding for windows
-# Get-NetAdapterBinding -ComponentID ms_bridge | Get-NetAdapter
-# @see https://technet.microsoft.com/en-us/library/jj130921(v=wps.630).aspx
-# RegKeys: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
-class WindowsBridge < BridgeDetection
-  def bridge_info(bridge_name)
-    # find all bridge adapters
-    cmd = inspec.command('Get-NetAdapterBinding -ComponentID ms_bridge | Get-NetAdapter | Select-Object -Property Name, InterfaceDescription | ConvertTo-Json')
-
-    # filter network interface
-    begin
-      bridges = JSON.parse(cmd.stdout)
-    rescue JSON::ParserError => _e
-      return nil
+  class BridgeDetection
+    attr_reader :inspec
+    def initialize(inspec)
+      @inspec = inspec
     end
+  end
 
-    # ensure we have an array of groups
-    bridges = [bridges] if !bridges.is_a?(Array)
-
-    # select the requested interface
-    bridges = bridges.each_with_object([]) do |adapter, adapter_collection|
-      # map object
-      info = {
-        name: adapter['Name'],
-        interfaces: nil,
+  # Linux Bridge
+  # If /sys/class/net/{interface}/bridge exists then it must be a bridge
+  # /sys/class/net/{interface}/brif contains the network interfaces
+  # @see http://www.tldp.org/HOWTO/BRIDGE-STP-HOWTO/set-up-the-bridge.html
+  # @see http://unix.stackexchange.com/questions/40560/how-to-know-if-a-network-interface-is-tap-tun-bridge-or-physical
+  class LinuxBridge < BridgeDetection
+    def bridge_info(bridge_name)
+      # read bridge information
+      bridge = inspec.file("/sys/class/net/#{bridge_name}/bridge").directory?
+      return nil unless bridge
+
+      # load interface names
+      interfaces = inspec.command("ls -1 /sys/class/net/#{bridge_name}/brif/")
+      interfaces = interfaces.stdout.chomp.split("\n")
+      {
+        name: bridge_name,
+        interfaces: interfaces,
       }
-      adapter_collection.push(info) if info[:name].casecmp(bridge_name) == 0
     end
+  end
 
-    return nil if bridges.size == 0
-    warn "[Possible Error] detected multiple bridges interfaces with the name #{bridge_name}" if bridges.size > 1
-    bridges[0]
+  # Windows Bridge
+  # select netadapter by adapter binding for windows
+  # Get-NetAdapterBinding -ComponentID ms_bridge | Get-NetAdapter
+  # @see https://technet.microsoft.com/en-us/library/jj130921(v=wps.630).aspx
+  # RegKeys: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
+  class WindowsBridge < BridgeDetection
+    def bridge_info(bridge_name)
+      # find all bridge adapters
+      cmd = inspec.command('Get-NetAdapterBinding -ComponentID ms_bridge | Get-NetAdapter | Select-Object -Property Name, InterfaceDescription | ConvertTo-Json')
+
+      # filter network interface
+      begin
+        bridges = JSON.parse(cmd.stdout)
+      rescue JSON::ParserError => _e
+        return nil
+      end
+
+      # ensure we have an array of groups
+      bridges = [bridges] if !bridges.is_a?(Array)
+
+      # select the requested interface
+      bridges = bridges.each_with_object([]) do |adapter, adapter_collection|
+        # map object
+        info = {
+          name: adapter['Name'],
+          interfaces: nil,
+        }
+        adapter_collection.push(info) if info[:name].casecmp(bridge_name) == 0
+      end
+
+      return nil if bridges.size == 0
+      warn "[Possible Error] detected multiple bridges interfaces with the name #{bridge_name}" if bridges.size > 1
+      bridges[0]
+    end
   end
 end

data/lib/resources/command.rb

@@ -4,58 +4,60 @@
 # author: Christoph Hartmann
 # license: All rights reserved
 
-class Cmd < Inspec.resource(1)
-  name 'command'
-  desc 'Use the command InSpec audit resource to test an arbitrary command that is run on the system.'
-  example "
-    describe command('ls -al /') do
-      it { should exist }
-      its(:stdout) { should match /bin/ }
-      its('stderr') { should eq '' }
-      its(:exit_status) { should eq 0 }
+module Inspec::Resources
+  class Cmd < Inspec.resource(1)
+    name 'command'
+    desc 'Use the command InSpec audit resource to test an arbitrary command that is run on the system.'
+    example "
+      describe command('ls -al /') do
+        it { should exist }
+        its(:stdout) { should match /bin/ }
+        its('stderr') { should eq '' }
+        its(:exit_status) { should eq 0 }
+      end
+    "
+
+    attr_reader :command
+
+    def initialize(cmd)
+      @command = cmd
     end
-  "
 
-  attr_reader :command
-
-  def initialize(cmd)
-    @command = cmd
-  end
-
-  def result
-    @result ||= inspec.backend.run_command(@command)
-  end
+    def result
+      @result ||= inspec.backend.run_command(@command)
+    end
 
-  def stdout
-    result.stdout
-  end
+    def stdout
+      result.stdout
+    end
 
-  def stderr
-    result.stderr
-  end
+    def stderr
+      result.stderr
+    end
 
-  def exit_status
-    result.exit_status.to_i
-  end
+    def exit_status
+      result.exit_status.to_i
+    end
 
-  def exist?
-    # silent for mock resources
-    return false if inspec.os[:family].to_s == 'unknown'
-
-    if inspec.os.linux?
-      res = inspec.backend.run_command("bash -c 'type \"#{@command}\"'")
-    elsif inspec.os.windows?
-      res = inspec.backend.run_command("where.exe \"#{@command}\"")
-    elsif inspec.os.unix?
-      res = inspec.backend.run_command("type \"#{@command}\"")
-    else
-      warn "`command(#{@command}).exist?` is not suported on your OS: #{inspec.os[:family]}"
-      return false
+    def exist?
+      # silent for mock resources
+      return false if inspec.os[:family].to_s == 'unknown'
+
+      if inspec.os.linux?
+        res = inspec.backend.run_command("bash -c 'type \"#{@command}\"'")
+      elsif inspec.os.windows?
+        res = inspec.backend.run_command("where.exe \"#{@command}\"")
+      elsif inspec.os.unix?
+        res = inspec.backend.run_command("type \"#{@command}\"")
+      else
+        warn "`command(#{@command}).exist?` is not suported on your OS: #{inspec.os[:family]}"
+        return false
+      end
+      res.exit_status.to_i == 0
     end
-    res.exit_status.to_i == 0
-  end
 
-  def to_s
-    "Command #{@command}"
+    def to_s
+      "Command #{@command}"
+    end
   end
 end

data/lib/resources/csv.rb

@@ -5,29 +5,31 @@
 # Parses a csv document
 # This implementation was inspired by a blog post
 # @see http://technicalpickles.com/posts/parsing-csv-with-ruby
-class CsvConfig < JsonConfig
-  name 'csv'
-  desc 'Use the csv InSpec audit resource to test configuration data in a CSV file.'
-  example "
-    describe csv('example.csv') do
-      its('name') { should eq(['John', 'Alice']) }
-    end
-  "
+module Inspec::Resources
+  class CsvConfig < JsonConfig
+    name 'csv'
+    desc 'Use the csv InSpec audit resource to test configuration data in a CSV file.'
+    example "
+      describe csv('example.csv') do
+        its('name') { should eq(['John', 'Alice']) }
+      end
+    "
 
-  # override file load and parse hash from csv
-  def parse(content)
-    require 'csv'
-    # convert empty field to nil
-    CSV::Converters[:blank_to_nil] = lambda do |field|
-      field && field.empty? ? nil : field
+    # override file load and parse hash from csv
+    def parse(content)
+      require 'csv'
+      # convert empty field to nil
+      CSV::Converters[:blank_to_nil] = lambda do |field|
+        field && field.empty? ? nil : field
+      end
+      # implicit conversion of values
+      csv = CSV.new(content, headers: true, converters: [:all, :blank_to_nil])
+      # convert to hash
+      csv.to_a.map(&:to_hash)
     end
-    # implicit conversion of values
-    csv = CSV.new(content, headers: true, converters: [:all, :blank_to_nil])
-    # convert to hash
-    csv.to_a.map(&:to_hash)
-  end
 
-  def to_s
-    "Csv #{@path}"
+    def to_s
+      "Csv #{@path}"
+    end
   end
 end

data/lib/resources/directory.rb

@@ -5,7 +5,7 @@
 require 'resources/file'
 
 module Inspec::Resources
-  class Directory < File
+  class Directory < FileResource
     name 'directory'
     desc 'Use the directory InSpec audit resource to test if the file type is a directory. This is equivalent to using the file InSpec audit resource and the be_directory matcher, but provides a simpler and more direct way to test directories. All of the matchers available to file may be used with directory.'
     example "

data/lib/resources/etc_group.rb

@@ -24,135 +24,137 @@
 require 'utils/convert'
 require 'utils/parser'
 
-class EtcGroup < Inspec.resource(1)
-  include Converter
-  include CommentParser
-
-  name 'etc_group'
-  desc 'Use the etc_group InSpec audit resource to test groups that are defined on Linux and UNIX platforms. The /etc/group file stores details about each group---group name, password, group identifier, along with a comma-separate list of users that belong to the group.'
-  example "
-    describe etc_group do
-      its('gids') { should_not contain_duplicates }
-      its('groups') { should include 'my_user' }
-      its('users') { should include 'my_user' }
+module Inspec::Resources
+  class EtcGroup < Inspec.resource(1)
+    include Converter
+    include CommentParser
+
+    name 'etc_group'
+    desc 'Use the etc_group InSpec audit resource to test groups that are defined on Linux and UNIX platforms. The /etc/group file stores details about each group---group name, password, group identifier, along with a comma-separate list of users that belong to the group.'
+    example "
+      describe etc_group do
+        its('gids') { should_not contain_duplicates }
+        its('groups') { should include 'my_user' }
+        its('users') { should include 'my_user' }
+      end
+    "
+
+    attr_accessor :gid, :entries
+    def initialize(path = nil)
+      @path = path || '/etc/group'
+      @entries = parse_group(@path)
+
+      # skip resource if it is not supported on current OS
+      return skip_resource 'The `etc_group` resource is not supported on your OS.' \
+      unless inspec.os.unix?
     end
-  "
 
-  attr_accessor :gid, :entries
-  def initialize(path = nil)
-    @path = path || '/etc/group'
-    @entries = parse_group(@path)
-
-    # skip resource if it is not supported on current OS
-    return skip_resource 'The `etc_group` resource is not supported on your OS.' \
-    unless inspec.os.unix?
-  end
-
-  def groups(filter = nil)
-    entries = filter || @entries
-    entries.map { |x| x['name'] } if !entries.nil?
-  end
-
-  def gids(filter = nil)
-    entries = filter || @entries
-    entries.map { |x| x['gid'] } if !entries.nil?
-  end
-
-  def users(filter = nil)
-    entries = filter || @entries
-    return nil if entries.nil?
-    # filter the user entry
-    res = entries.map { |x|
-      x['members'].split(',') if !x.nil? && !x['members'].nil?
-    }.flatten
-    # filter nil elements
-    res.reject { |x| x.nil? || x.empty? }
-  end
-
-  def where(conditions = {})
-    return if conditions.empty?
-    fields = {
-      name: 'name',
-      group_name: 'name',
-      password: 'password',
-      gid: 'gid',
-      group_id: 'gid',
-      users: 'members',
-      members: 'members',
-    }
-    res = entries
-
-    conditions.each do |k, v|
-      idx = fields[k.to_sym]
-      next if idx.nil?
-      res = res.select { |x| x[idx] == v.to_s }
+    def groups(filter = nil)
+      entries = filter || @entries
+      entries.map { |x| x['name'] } if !entries.nil?
     end
 
-    EtcGroupView.new(self, res)
-  end
+    def gids(filter = nil)
+      entries = filter || @entries
+      entries.map { |x| x['gid'] } if !entries.nil?
+    end
 
-  def to_s
-    '/etc/group'
-  end
+    def users(filter = nil)
+      entries = filter || @entries
+      return nil if entries.nil?
+      # filter the user entry
+      res = entries.map { |x|
+        x['members'].split(',') if !x.nil? && !x['members'].nil?
+      }.flatten
+      # filter nil elements
+      res.reject { |x| x.nil? || x.empty? }
+    end
 
-  private
+    def where(conditions = {})
+      return if conditions.empty?
+      fields = {
+        name: 'name',
+        group_name: 'name',
+        password: 'password',
+        gid: 'gid',
+        group_id: 'gid',
+        users: 'members',
+        members: 'members',
+      }
+      res = entries
+
+      conditions.each do |k, v|
+        idx = fields[k.to_sym]
+        next if idx.nil?
+        res = res.select { |x| x[idx] == v.to_s }
+      end
+
+      EtcGroupView.new(self, res)
+    end
 
-  def parse_group(path)
-    @content = inspec.file(path).content
-    if @content.nil?
-      skip_resource "Can't access group file in #{path}"
-      return []
+    def to_s
+      '/etc/group'
     end
-    # iterate over each line and filter comments
-    @content.split("\n").each_with_object([]) do |line, lines|
-      grp_info = parse_group_line(line)
-      lines.push(grp_info) if !grp_info.nil? && grp_info.size > 0
+
+    private
+
+    def parse_group(path)
+      @content = inspec.file(path).content
+      if @content.nil?
+        skip_resource "Can't access group file in #{path}"
+        return []
+      end
+      # iterate over each line and filter comments
+      @content.split("\n").each_with_object([]) do |line, lines|
+        grp_info = parse_group_line(line)
+        lines.push(grp_info) if !grp_info.nil? && grp_info.size > 0
+      end
     end
-  end
 
-  def parse_group_line(line)
-    opts = {
-      comment_char: '#',
-      standalone_comments: false,
-    }
-    line, _idx_nl = parse_comment_line(line, opts)
-    x = line.split(':')
-    # abort if we have an empty or comment line
-    return nil if x.size == 0
-    # map data
-    {
-      'name' => x.at(0), # Name of the group.
-      'password' => x.at(1), # Group's encrypted password.
-      'gid' => convert_to_i(x.at(2)), # The group's decimal ID.
-      'members' => x.at(3), # Group members.
-    }
+    def parse_group_line(line)
+      opts = {
+        comment_char: '#',
+        standalone_comments: false,
+      }
+      line, _idx_nl = parse_comment_line(line, opts)
+      x = line.split(':')
+      # abort if we have an empty or comment line
+      return nil if x.size == 0
+      # map data
+      {
+        'name' => x.at(0), # Name of the group.
+        'password' => x.at(1), # Group's encrypted password.
+        'gid' => convert_to_i(x.at(2)), # The group's decimal ID.
+        'members' => x.at(3), # Group members.
+      }
+    end
   end
-end
 
-# object that hold a specifc view on etc group
-class EtcGroupView
-  def initialize(parent, filter)
-    @parent = parent
-    @filter = filter
-  end
+  # object that hold a specifc view on etc group
+  class EtcGroupView
+    def initialize(parent, filter)
+      @parent = parent
+      @filter = filter
+    end
 
-  # returns the group object
-  def entries
-    @filter
-  end
+    # returns the group object
+    def entries
+      @filter
+    end
 
-  # only returns group name
-  def groups
-    @parent.groups(@filter)
-  end
+    # only returns group name
+    def groups
+      @parent.groups(@filter)
+    end
 
-  # only return gids
-  def gids
-    @parent.gids(@filter)
-  end
+    # only return gids
+    def gids
+      @parent.gids(@filter)
+    end
 
-  # only returns users
-  def users
-    @parent.users(@filter)
+    # only returns users
+    def users
+      @parent.users(@filter)
+    end
   end
 end