inspec 0.14.8 → 0.15.0

data/lib/resources/inetd_conf.rb

@@ -6,51 +6,53 @@
 
 require 'utils/simpleconfig'
 
-class InetdConf < Inspec.resource(1)
-  name 'inetd_conf'
-  desc 'Use the inetd_conf InSpec audit resource to test if a service is enabled in the inetd.conf file on Linux and UNIX platforms. inetd---the Internet service daemon---listens on dedicated ports, and then loads the appropriate program based on a request. The inetd.conf file is typically located at /etc/inetd.conf and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled.'
-  example "
-    describe inetd_conf do
-      its('shell') { should eq nil }
-      its('login') { should eq nil }
-      its('exec') { should eq nil }
+module Inspec::Resources
+  class InetdConf < Inspec.resource(1)
+    name 'inetd_conf'
+    desc 'Use the inetd_conf InSpec audit resource to test if a service is enabled in the inetd.conf file on Linux and UNIX platforms. inetd---the Internet service daemon---listens on dedicated ports, and then loads the appropriate program based on a request. The inetd.conf file is typically located at /etc/inetd.conf and contains a list of Internet services associated to the ports on which that service will listen. Only enabled services may handle a request; only services that are required by the system should be enabled.'
+    example "
+      describe inetd_conf do
+        its('shell') { should eq nil }
+        its('login') { should eq nil }
+        its('exec') { should eq nil }
+      end
+    "
+
+    def initialize(path = nil)
+      @conf_path = path || '/etc/inetd.conf'
     end
-  "
 
-  def initialize(path = nil)
-    @conf_path = path || '/etc/inetd.conf'
-  end
-
-  def method_missing(name)
-    read_params[name.to_s]
-  end
-
-  def read_params
-    return @params if defined?(@params)
-
-    # read the file
-    file = inspec.file(@conf_path)
-    if !file.file?
-      skip_resource "Can't find file \"#{@conf_path}\""
-      return @params = {}
+    def method_missing(name)
+      read_params[name.to_s]
     end
 
-    content = file.content
-    if content.empty? && file.size > 0
-      skip_resource "Can't read file \"#{@conf_path}\""
-      return @params = {}
+    def read_params
+      return @params if defined?(@params)
+
+      # read the file
+      file = inspec.file(@conf_path)
+      if !file.file?
+        skip_resource "Can't find file \"#{@conf_path}\""
+        return @params = {}
+      end
+
+      content = file.content
+      if content.empty? && file.size > 0
+        skip_resource "Can't read file \"#{@conf_path}\""
+        return @params = {}
+      end
+      # parse the file
+      conf = SimpleConfig.new(
+        content,
+        assignment_re: /^\s*(\S+?)\s+(.*?)\s+(.*?)\s+(.*?)\s+(.*?)\s+(.*?)\s+(.*?)\s*$/,
+        key_vals: 6,
+        multiple_values: false,
+      )
+      @params = conf.params
     end
-    # parse the file
-    conf = SimpleConfig.new(
-      content,
-      assignment_re: /^\s*(\S+?)\s+(.*?)\s+(.*?)\s+(.*?)\s+(.*?)\s+(.*?)\s+(.*?)\s*$/,
-      key_vals: 6,
-      multiple_values: false,
-    )
-    @params = conf.params
-  end
 
-  def to_s
-    'inetd.conf'
+    def to_s
+      'inetd.conf'
+    end
   end
 end

data/lib/resources/ini.rb

@@ -4,20 +4,22 @@
 
 require 'utils/simpleconfig'
 
-class IniConfig < JsonConfig
-  name 'ini'
-  desc 'Use the ini InSpec audit resource to test data in a INI file.'
-  example "
-    descibe ini do
-      its('auth_protocol') { should eq 'https' }
+module Inspec::Resources
+  class IniConfig < JsonConfig
+    name 'ini'
+    desc 'Use the ini InSpec audit resource to test data in a INI file.'
+    example "
+      descibe ini do
+        its('auth_protocol') { should eq 'https' }
+      end
+    "
+    # override file load and parse hash with simple config
+    def parse(content)
+      SimpleConfig.new(content).params
     end
-  "
-  # override file load and parse hash with simple config
-  def parse(content)
-    SimpleConfig.new(content).params
-  end
 
-  def to_s
-    "INI #{@path}"
+    def to_s
+      "INI #{@path}"
+    end
   end
 end

data/lib/resources/interface.rb

@@ -4,124 +4,126 @@
 
 require 'utils/convert'
 
-class NetworkInterface < Inspec.resource(1)
-  name 'interface'
-  desc 'Use the interface InSpec audit resource to test basic network adapter properties, such as name, status, state, address, and link speed (in MB/sec).'
-  example "
-    describe interface('eth0') do
-      it { should exist }
-      it { should be_up }
-      its(:speed) { should eq 1000 }
+module Inspec::Resources
+  class NetworkInterface < Inspec.resource(1)
+    name 'interface'
+    desc 'Use the interface InSpec audit resource to test basic network adapter properties, such as name, status, state, address, and link speed (in MB/sec).'
+    example "
+      describe interface('eth0') do
+        it { should exist }
+        it { should be_up }
+        its(:speed) { should eq 1000 }
+      end
+    "
+    def initialize(iface)
+      @iface = iface
+
+      @interface_provider = nil
+      if inspec.os.linux?
+        @interface_provider = LinuxInterface.new(inspec)
+      elsif inspec.os.windows?
+        @interface_provider = WindowsInterface.new(inspec)
+      else
+        return skip_resource 'The `interface` resource is not supported on your OS yet.'
+      end
     end
-  "
-  def initialize(iface)
-    @iface = iface
-
-    @interface_provider = nil
-    if inspec.os.linux?
-      @interface_provider = LinuxInterface.new(inspec)
-    elsif inspec.os.windows?
-      @interface_provider = WindowsInterface.new(inspec)
-    else
-      return skip_resource 'The `interface` resource is not supported on your OS yet.'
-    end
-  end
-
-  def exists?
-    !interface_info.nil? && !interface_info[:name].nil?
-  end
-
-  def up?
-    interface_info.nil? ? false : interface_info[:up]
-  end
-
-  # returns link speed in Mbits/sec
-  def speed
-    interface_info.nil? ? nil : interface_info[:speed]
-  end
-
-  def to_s
-    "Interface #{@iface}"
-  end
-
-  private
-
-  def interface_info
-    return @cache if defined?(@cache)
-    @cache = @interface_provider.interface_info(@iface) if !@interface_provider.nil?
-  end
-end
 
-class InterfaceInfo
-  include Converter
-  attr_reader :inspec
-  def initialize(inspec)
-    @inspec = inspec
-  end
-end
-
-class LinuxInterface < InterfaceInfo
-  def interface_info(iface)
-    # will return "[mtu]\n1500\n[type]\n1"
-    cmd = inspec.command("find /sys/class/net/#{iface}/ -type f -maxdepth 1 -exec sh -c 'echo \"[$(basename {})]\"; cat {} || echo -n' \\;")
-    return nil if cmd.exit_status.to_i != 0
-
-    # parse values, we only recieve values, therefore we threat them as keys
-    params = SimpleConfig.new(cmd.stdout.chomp).params
-
-    # abort if we got an empty result-set
-    return nil if params.empty?
+    def exists?
+      !interface_info.nil? && !interface_info[:name].nil?
+    end
 
-    # parse state
-    state = false
-    if params.key?('operstate')
-      operstate, _value = params['operstate'].first
-      state = operstate == 'up'
+    def up?
+      interface_info.nil? ? false : interface_info[:up]
     end
 
-    # parse speed
-    speed = nil
-    if params.key?('speed')
-      speed, _value = params['speed'].first
-      speed = convert_to_i(speed)
+    # returns link speed in Mbits/sec
+    def speed
+      interface_info.nil? ? nil : interface_info[:speed]
     end
 
-    {
-      name: iface,
-      up: state,
-      speed: speed,
-    }
-  end
-end
+    def to_s
+      "Interface #{@iface}"
+    end
 
-class WindowsInterface < InterfaceInfo
-  def interface_info(iface)
-    # gather all network interfaces
-    cmd = inspec.command('Get-NetAdapter | Select-Object -Property Name, InterfaceDescription, Status, State, MacAddress, LinkSpeed, ReceiveLinkSpeed, TransmitLinkSpeed, Virtual | ConvertTo-Json')
+    private
 
-    # filter network interface
-    begin
-      net_adapter = JSON.parse(cmd.stdout)
-    rescue JSON::ParserError => _e
-      return nil
+    def interface_info
+      return @cache if defined?(@cache)
+      @cache = @interface_provider.interface_info(@iface) if !@interface_provider.nil?
     end
+  end
 
-    # ensure we have an array of groups
-    net_adapter = [net_adapter] if !net_adapter.is_a?(Array)
+  class InterfaceInfo
+    include Converter
+    attr_reader :inspec
+    def initialize(inspec)
+      @inspec = inspec
+    end
+  end
 
-    # select the requested interface
-    adapters = net_adapter.each_with_object([]) do |adapter, adapter_collection|
-      # map object
-      info = {
-        name: adapter['Name'],
-        up: adapter['State'] == 2,
-        speed: adapter['ReceiveLinkSpeed'] / 1000,
+  class LinuxInterface < InterfaceInfo
+    def interface_info(iface)
+      # will return "[mtu]\n1500\n[type]\n1"
+      cmd = inspec.command("find /sys/class/net/#{iface}/ -type f -maxdepth 1 -exec sh -c 'echo \"[$(basename {})]\"; cat {} || echo -n' \\;")
+      return nil if cmd.exit_status.to_i != 0
+
+      # parse values, we only recieve values, therefore we threat them as keys
+      params = SimpleConfig.new(cmd.stdout.chomp).params
+
+      # abort if we got an empty result-set
+      return nil if params.empty?
+
+      # parse state
+      state = false
+      if params.key?('operstate')
+        operstate, _value = params['operstate'].first
+        state = operstate == 'up'
+      end
+
+      # parse speed
+      speed = nil
+      if params.key?('speed')
+        speed, _value = params['speed'].first
+        speed = convert_to_i(speed)
+      end
+
+      {
+        name: iface,
+        up: state,
+        speed: speed,
       }
-      adapter_collection.push(info) if info[:name].casecmp(iface) == 0
     end
+  end
 
-    return nil if adapters.size == 0
-    warn "[Possible Error] detected multiple network interfaces with the name #{iface}" if adapters.size > 1
-    adapters[0]
+  class WindowsInterface < InterfaceInfo
+    def interface_info(iface)
+      # gather all network interfaces
+      cmd = inspec.command('Get-NetAdapter | Select-Object -Property Name, InterfaceDescription, Status, State, MacAddress, LinkSpeed, ReceiveLinkSpeed, TransmitLinkSpeed, Virtual | ConvertTo-Json')
+
+      # filter network interface
+      begin
+        net_adapter = JSON.parse(cmd.stdout)
+      rescue JSON::ParserError => _e
+        return nil
+      end
+
+      # ensure we have an array of groups
+      net_adapter = [net_adapter] if !net_adapter.is_a?(Array)
+
+      # select the requested interface
+      adapters = net_adapter.each_with_object([]) do |adapter, adapter_collection|
+        # map object
+        info = {
+          name: adapter['Name'],
+          up: adapter['State'] == 2,
+          speed: adapter['ReceiveLinkSpeed'] / 1000,
+        }
+        adapter_collection.push(info) if info[:name].casecmp(iface) == 0
+      end
+
+      return nil if adapters.size == 0
+      warn "[Possible Error] detected multiple network interfaces with the name #{iface}" if adapters.size > 1
+      adapters[0]
+    end
   end
 end

data/lib/resources/iptables.rb

@@ -21,48 +21,50 @@
 # @see http://ipset.netfilter.org/iptables.man.html
 # @see http://ipset.netfilter.org/iptables.man.html
 # @see https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
-class IpTables < Inspec.resource(1)
-  name 'iptables'
-  desc 'Use the iptables InSpec audit resource to test rules that are defined in iptables, which maintains tables of IP packet filtering rules. There may be more than one table. Each table contains one (or more) chains (both built-in and custom). A chain is a list of rules that match packets. When the rule matches, the rule defines what target to assign to the packet.'
-  example "
-    describe iptables do
-      it { should have_rule('-P INPUT ACCEPT') }
-    end
-  "
+module Inspec::Resources
+  class IpTables < Inspec.resource(1)
+    name 'iptables'
+    desc 'Use the iptables InSpec audit resource to test rules that are defined in iptables, which maintains tables of IP packet filtering rules. There may be more than one table. Each table contains one (or more) chains (both built-in and custom). A chain is a list of rules that match packets. When the rule matches, the rule defines what target to assign to the packet.'
+    example "
+      describe iptables do
+        it { should have_rule('-P INPUT ACCEPT') }
+      end
+    "
 
-  def initialize(params = {})
-    @table = params[:table]
-    @chain = params[:chain]
+    def initialize(params = {})
+      @table = params[:table]
+      @chain = params[:chain]
 
-    # we're done if we are on linux
-    return if inspec.os.linux?
+      # we're done if we are on linux
+      return if inspec.os.linux?
 
-    # ensures, all calls are aborted for non-supported os
-    @iptables_cache = []
-    skip_resource 'The `iptables` resource is not supported on your OS yet.'
-  end
+      # ensures, all calls are aborted for non-supported os
+      @iptables_cache = []
+      skip_resource 'The `iptables` resource is not supported on your OS yet.'
+    end
 
-  def has_rule?(rule = nil, _table = nil, _chain = nil)
-    # checks if the rule is part of the ruleset
-    # for now, we expect an exact match
-    retrieve_rules.any? { |line| line.casecmp(rule) == 0 }
-  end
+    def has_rule?(rule = nil, _table = nil, _chain = nil)
+      # checks if the rule is part of the ruleset
+      # for now, we expect an exact match
+      retrieve_rules.any? { |line| line.casecmp(rule) == 0 }
+    end
 
-  def retrieve_rules
-    return @iptables_cache if defined?(@iptables_cache)
+    def retrieve_rules
+      return @iptables_cache if defined?(@iptables_cache)
 
-    # construct iptables command to read all rules
-    table_cmd = "-t #{@table}" if @table
-    iptables_cmd = format('iptables %s -S %s', table_cmd, @chain).strip
+      # construct iptables command to read all rules
+      table_cmd = "-t #{@table}" if @table
+      iptables_cmd = format('iptables %s -S %s', table_cmd, @chain).strip
 
-    cmd = inspec.command(iptables_cmd)
-    return [] if cmd.exit_status.to_i != 0
+      cmd = inspec.command(iptables_cmd)
+      return [] if cmd.exit_status.to_i != 0
 
-    # split rules, returns array or rules
-    @iptables_cache = cmd.stdout.split("\n").map(&:strip)
-  end
+      # split rules, returns array or rules
+      @iptables_cache = cmd.stdout.split("\n").map(&:strip)
+    end
 
-  def to_s
-    format('Iptables %s %s', @table && "table: #{@table}", @chain && "chain: #{@chain}").strip
+    def to_s
+      format('Iptables %s %s', @table && "table: #{@table}", @chain && "chain: #{@chain}").strip
+    end
   end
 end

data/lib/resources/json.rb

@@ -2,81 +2,83 @@
 # author: Christoph Hartmann
 # author: Dominik Richter
 
-class JsonConfig < Inspec.resource(1)
-  name 'json'
-  desc 'Use the json InSpec audit resource to test data in a JSON file.'
-  example "
-    describe json('policyfile.lock.json') do
-      its('cookbook_locks.omnibus.version') { should eq('2.2.0') }
-    end
-  "
+module Inspec::Resources
+  class JsonConfig < Inspec.resource(1)
+    name 'json'
+    desc 'Use the json InSpec audit resource to test data in a JSON file.'
+    example "
+      describe json('policyfile.lock.json') do
+        its('cookbook_locks.omnibus.version') { should eq('2.2.0') }
+      end
+    "
 
-  # make params readable
-  attr_reader :params
+    # make params readable
+    attr_reader :params
 
-  def initialize(path)
-    @path = path
-    @file = inspec.file(@path)
-    @file_content = @file.content
+    def initialize(path)
+      @path = path
+      @file = inspec.file(@path)
+      @file_content = @file.content
 
-    # check if file is available
-    if !@file.file?
-      skip_resource "Can't find file \"#{@conf_path}\""
-      return @params = {}
-    end
+      # check if file is available
+      if !@file.file?
+        skip_resource "Can't find file \"#{@conf_path}\""
+        return @params = {}
+      end
 
-    # check if file is readable
-    if @file_content.empty? && @file.size > 0
-      skip_resource "Can't read file \"#{@conf_path}\""
-      return @params = {}
+      # check if file is readable
+      if @file_content.empty? && @file.size > 0
+        skip_resource "Can't read file \"#{@conf_path}\""
+        return @params = {}
+      end
+
+      @params = parse(@file_content)
     end
 
-    @params = parse(@file_content)
-  end
+    def parse(content)
+      require 'json'
+      JSON.parse(content)
+    end
 
-  def parse(content)
-    require 'json'
-    JSON.parse(content)
-  end
+    def value(key)
+      extract_value(key, @params)
+    end
 
-  def value(key)
-    extract_value(key, @params)
-  end
+    # Shorthand to retrieve a parameter name via `#its`.
+    # Example: describe json('file') { its('paramX') { should eq 'Y' } }
+    #
+    # @param [String] name name of the field to retrieve
+    # @return [Object] the value stored at this position
+    def method_missing(*keys)
+      # catch bahavior of rspec its implementation
+      # @see https://github.com/rspec/rspec-its/blob/master/lib/rspec/its.rb#L110
+      keys.shift if keys.is_a?(Array) && keys[0] == :[]
+      value(keys)
+    end
 
-  # Shorthand to retrieve a parameter name via `#its`.
-  # Example: describe json('file') { its('paramX') { should eq 'Y' } }
-  #
-  # @param [String] name name of the field to retrieve
-  # @return [Object] the value stored at this position
-  def method_missing(*keys)
-    # catch bahavior of rspec its implementation
-    # @see https://github.com/rspec/rspec-its/blob/master/lib/rspec/its.rb#L110
-    keys.shift if keys.is_a?(Array) && keys[0] == :[]
-    value(keys)
-  end
+    def to_s
+      "Json #{@path}"
+    end
 
-  def to_s
-    "Json #{@path}"
-  end
+    private
 
-  private
+    def extract_value(keys, value)
+      key = keys.shift
+      return nil if key.nil?
 
-  def extract_value(keys, value)
-    key = keys.shift
-    return nil if key.nil?
+      # if value is an array, iterate over each child
+      if value.is_a?(Array)
+        value = value.map { |i|
+          extract_value([key], i)
+        }
+      else
+        value = value[key.to_s].nil? ? nil : value[key.to_s]
+      end
 
-    # if value is an array, iterate over each child
-    if value.is_a?(Array)
-      value = value.map { |i|
-        extract_value([key], i)
-      }
-    else
-      value = value[key.to_s].nil? ? nil : value[key.to_s]
+      # if there are no more keys, just return the value
+      return value if keys.first.nil?
+      # if there are more keys, extract more
+      extract_value(keys.clone, value)
     end
-
-    # if there are no more keys, just return the value
-    return value if keys.first.nil?
-    # if there are more keys, extract more
-    extract_value(keys.clone, value)
   end
 end