inspec 0.14.8 → 0.15.0

data/lib/resources/mysql.rb

@@ -4,78 +4,80 @@
 # author: Christoph Hartmann
 # license: All rights reserved
 
-class Mysql < Inspec.resource(1)
-  name 'mysql'
+module Inspec::Resources
+  class Mysql < Inspec.resource(1)
+    name 'mysql'
 
-  attr_reader :package, :service, :conf_dir, :conf_path, :data_dir, :log_dir, :log_path, :log_group, :log_dir_group
-  def initialize
-    # set OS-dependent filenames and paths
-    case inspec.os[:family]
-    when 'ubuntu', 'debian'
-      init_ubuntu
-    when 'redhat', 'fedora'
-      init_redhat
-    when 'arch'
-      init_arch
-    else
-      # TODO: could not detect
-      init_default
+    attr_reader :package, :service, :conf_dir, :conf_path, :data_dir, :log_dir, :log_path, :log_group, :log_dir_group
+    def initialize
+      # set OS-dependent filenames and paths
+      case inspec.os[:family]
+      when 'ubuntu', 'debian'
+        init_ubuntu
+      when 'redhat', 'fedora'
+        init_redhat
+      when 'arch'
+        init_arch
+      else
+        # TODO: could not detect
+        init_default
+      end
     end
-  end
 
-  def init_ubuntu
-    @package = 'mysql-server'
-    @service = 'mysql'
-    @conf_path = '/etc/mysql/my.cnf'
-    @conf_dir = '/etc/mysql/'
-    @data_dir = '/var/lib/mysql/'
-    @log_dir = '/var/log/'
-    @log_path = '/var/log/mysql.log'
-    @log_group = 'adm'
-    case os[:release]
-    when '14.04'
-      @log_dir_group = 'syslog'
-    else
-      @log_dir_group = 'root'
+    def init_ubuntu
+      @package = 'mysql-server'
+      @service = 'mysql'
+      @conf_path = '/etc/mysql/my.cnf'
+      @conf_dir = '/etc/mysql/'
+      @data_dir = '/var/lib/mysql/'
+      @log_dir = '/var/log/'
+      @log_path = '/var/log/mysql.log'
+      @log_group = 'adm'
+      case os[:release]
+      when '14.04'
+        @log_dir_group = 'syslog'
+      else
+        @log_dir_group = 'root'
+      end
     end
-  end
 
-  def init_redhat
-    @package = 'mysql-server'
-    @service = 'mysqld'
-    @conf_path = '/etc/my.cnf'
-    @conf_dir = '/etc/'
-    @data_dir = '/var/lib/mysql/'
-    @log_dir = '/var/log/'
-    @log_path = '/var/log/mysqld.log'
-    @log_group = 'mysql'
-    @log_dir_group = 'root'
-  end
+    def init_redhat
+      @package = 'mysql-server'
+      @service = 'mysqld'
+      @conf_path = '/etc/my.cnf'
+      @conf_dir = '/etc/'
+      @data_dir = '/var/lib/mysql/'
+      @log_dir = '/var/log/'
+      @log_path = '/var/log/mysqld.log'
+      @log_group = 'mysql'
+      @log_dir_group = 'root'
+    end
 
-  def init_arch
-    @package = 'mariadb'
-    @service = 'mysql'
-    @conf_path = '/etc/mysql/my.cnf'
-    @conf_dir = '/etc/mysql/'
-    @data_dir = '/var/lib/mysql/'
-    @log_dir = '/var/log/'
-    @log_path = '/var/log/mysql.log'
-    @log_group = 'mysql'
-    @log_dir_group = 'root'
-  end
+    def init_arch
+      @package = 'mariadb'
+      @service = 'mysql'
+      @conf_path = '/etc/mysql/my.cnf'
+      @conf_dir = '/etc/mysql/'
+      @data_dir = '/var/lib/mysql/'
+      @log_dir = '/var/log/'
+      @log_path = '/var/log/mysql.log'
+      @log_group = 'mysql'
+      @log_dir_group = 'root'
+    end
 
-  def init_default
-    @service = 'mysqld'
-    @conf_path = '/etc/my.cnf'
-    @conf_dir = '/etc/'
-    @data_dir = '/var/lib/mysql/'
-    @log_dir = '/var/log/'
-    @log_path = '/var/log/mysqld.log'
-    @log_group = 'mysql'
-    @log_dir_group = 'root'
-  end
+    def init_default
+      @service = 'mysqld'
+      @conf_path = '/etc/my.cnf'
+      @conf_dir = '/etc/'
+      @data_dir = '/var/lib/mysql/'
+      @log_dir = '/var/log/'
+      @log_path = '/var/log/mysqld.log'
+      @log_group = 'mysql'
+      @log_dir_group = 'root'
+    end
 
-  def to_s
-    'MySQL'
+    def to_s
+      'MySQL'
+    end
   end
 end

data/lib/resources/mysql_conf.rb

@@ -8,115 +8,117 @@ require 'utils/find_files'
 require 'utils/hash'
 require 'resources/mysql'
 
-class MysqlConfEntry
-  def initialize(path, params)
-    @params = params
-    @path = path
-  end
+module Inspec::Resources
+  class MysqlConfEntry
+    def initialize(path, params)
+      @params = params
+      @path = path
+    end
 
-  def method_missing(name, *_)
-    k = name.to_s
-    res = @params[k]
-    return true if res.nil? && @params.key?(k)
-    @params[k]
-  end
+    def method_missing(name, *_)
+      k = name.to_s
+      res = @params[k]
+      return true if res.nil? && @params.key?(k)
+      @params[k]
+    end
 
-  def to_s
-    "MySQL Config entry [#{@path.join(' ')}]"
+    def to_s
+      "MySQL Config entry [#{@path.join(' ')}]"
+    end
   end
-end
 
-class MysqlConf < Inspec.resource(1)
-  name 'mysql_conf'
-  desc 'Use the mysql_conf InSpec audit resource to test the contents of the configuration file for MySQL, typically located at /etc/mysql/my.cnf or /etc/my.cnf.'
-  example "
-    describe mysql_conf('path') do
-      its('setting') { should eq 'value' }
-    end
-  "
+  class MysqlConf < Inspec.resource(1)
+    name 'mysql_conf'
+    desc 'Use the mysql_conf InSpec audit resource to test the contents of the configuration file for MySQL, typically located at /etc/mysql/my.cnf or /etc/my.cnf.'
+    example "
+      describe mysql_conf('path') do
+        its('setting') { should eq 'value' }
+      end
+    "
 
-  include FindFiles
+    include FindFiles
 
-  def initialize(conf_path = nil)
-    @conf_path = conf_path || inspec.mysql.conf_path
-    @files_contents = {}
-    @content = nil
-    @params = nil
-    read_content
-  end
+    def initialize(conf_path = nil)
+      @conf_path = conf_path || inspec.mysql.conf_path
+      @files_contents = {}
+      @content = nil
+      @params = nil
+      read_content
+    end
 
-  def content
-    @content ||= read_content
-  end
+    def content
+      @content ||= read_content
+    end
 
-  def params(*opts)
-    @params || read_content
-    res = @params
-    opts.each do |opt|
-      res = res[opt] unless res.nil?
+    def params(*opts)
+      @params || read_content
+      res = @params
+      opts.each do |opt|
+        res = res[opt] unless res.nil?
+      end
+      MysqlConfEntry.new(opts, res)
     end
-    MysqlConfEntry.new(opts, res)
-  end
 
-  def method_missing(name)
-    @params || read_content
-    @params[name.to_s]
-  end
+    def method_missing(name)
+      @params || read_content
+      @params[name.to_s]
+    end
 
-  def read_content
-    @content = ''
-    @params = {}
+    def read_content
+      @content = ''
+      @params = {}
 
-    # skip if the main configuration file doesn't exist
-    if !inspec.file(@conf_path).file?
-      return skip_resource "Can't find file \"#{@conf_path}\""
-    end
-    raw_conf = read_file(@conf_path)
-    if raw_conf.empty? && inspec.file(@conf_path).size > 0
-      return skip_resource("Can't read file \"#{@conf_path}\"")
-    end
+      # skip if the main configuration file doesn't exist
+      if !inspec.file(@conf_path).file?
+        return skip_resource "Can't find file \"#{@conf_path}\""
+      end
+      raw_conf = read_file(@conf_path)
+      if raw_conf.empty? && inspec.file(@conf_path).size > 0
+        return skip_resource("Can't read file \"#{@conf_path}\"")
+      end
 
-    to_read = [@conf_path]
-    until to_read.empty?
-      cur_file = to_read[0]
-      raw_conf = read_file(cur_file)
-      @content += raw_conf
+      to_read = [@conf_path]
+      until to_read.empty?
+        cur_file = to_read[0]
+        raw_conf = read_file(cur_file)
+        @content += raw_conf
 
-      params = SimpleConfig.new(raw_conf).params
-      @params = @params.deep_merge(params)
+        params = SimpleConfig.new(raw_conf).params
+        @params = @params.deep_merge(params)
 
-      to_read = to_read.drop(1)
-      # see if there is more stuff to include
+        to_read = to_read.drop(1)
+        # see if there is more stuff to include
 
-      dir = File.dirname(cur_file)
-      to_read += include_files(dir, raw_conf).find_all do |fp|
-        not @files_contents.key? fp
+        dir = File.dirname(cur_file)
+        to_read += include_files(dir, raw_conf).find_all do |fp|
+          not @files_contents.key? fp
+        end
       end
+      #
+      @content
     end
-    #
-    @content
-  end
 
-  def include_files(reldir, conf)
-    files = conf.scan(/^!include\s+(.*)\s*/).flatten.compact.map { |x| abs_path(reldir, x) }
-    dirs = conf.scan(/^!includedir\s+(.*)\s*/).flatten.compact.map { |x| abs_path(reldir, x) }
-    dirs.map do |dir|
-      # @TODO: non local glob
-      files += find_files(dir, depth: 1, type: 'file')
+    def include_files(reldir, conf)
+      files = conf.scan(/^!include\s+(.*)\s*/).flatten.compact.map { |x| abs_path(reldir, x) }
+      dirs = conf.scan(/^!includedir\s+(.*)\s*/).flatten.compact.map { |x| abs_path(reldir, x) }
+      dirs.map do |dir|
+        # @TODO: non local glob
+        files += find_files(dir, depth: 1, type: 'file')
+      end
+      files
     end
-    files
-  end
 
-  def abs_path(dir, f)
-    return f if f.start_with? '/'
-    File.join(dir, f)
-  end
+    def abs_path(dir, f)
+      return f if f.start_with? '/'
+      File.join(dir, f)
+    end
 
-  def read_file(path)
-    @files_contents[path] ||= inspec.file(path).content
-  end
+    def read_file(path)
+      @files_contents[path] ||= inspec.file(path).content
+    end
 
-  def to_s
-    'MySQL Configuration'
+    def to_s
+      'MySQL Configuration'
+    end
   end
 end

data/lib/resources/mysql_session.rb

@@ -4,56 +4,58 @@
 # author: Christoph Hartmann
 # license: All rights reserved
 
-class MysqlSession < Inspec.resource(1)
-  name 'mysql_session'
-  desc 'Use the mysql_session InSpec audit resource to test SQL commands run against a MySQL database.'
-  example "
-    sql = mysql_session('my_user','password')
-    describe sql.query('show databases like \'test\';') do
-      its(:stdout) { should_not match(/test/) }
+module Inspec::Resources
+  class MysqlSession < Inspec.resource(1)
+    name 'mysql_session'
+    desc 'Use the mysql_session InSpec audit resource to test SQL commands run against a MySQL database.'
+    example "
+      sql = mysql_session('my_user','password')
+      describe sql.query('show databases like \'test\';') do
+        its(:stdout) { should_not match(/test/) }
+      end
+    "
+
+    def initialize(user = nil, pass = nil)
+      @user = user
+      @pass = pass
+      init_fallback if user.nil? or pass.nil?
+      skip_resource("Can't run MySQL SQL checks without authentication") if @user.nil? or @pass.nil?
     end
-  "
 
-  def initialize(user = nil, pass = nil)
-    @user = user
-    @pass = pass
-    init_fallback if user.nil? or pass.nil?
-    skip_resource("Can't run MySQL SQL checks without authentication") if @user.nil? or @pass.nil?
-  end
-
-  def query(q, db = '')
-    # TODO: simple escape, must be handled by a library
-    # that does this securely
-    escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
-
-    # run the query
-    cmd = inspec.command("mysql -u#{@user} -p#{@pass} #{db} -s -e \"#{escaped_query}\"")
-    out = cmd.stdout + "\n" + cmd.stderr
-    if out =~ /Can't connect to .* MySQL server/ or
-       out.downcase =~ /^error/
-      # skip this test if the server can't run the query
-      skip_resource("Can't connect to MySQL instance for SQL checks.")
+    def query(q, db = '')
+      # TODO: simple escape, must be handled by a library
+      # that does this securely
+      escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
+
+      # run the query
+      cmd = inspec.command("mysql -u#{@user} -p#{@pass} #{db} -s -e \"#{escaped_query}\"")
+      out = cmd.stdout + "\n" + cmd.stderr
+      if out =~ /Can't connect to .* MySQL server/ or
+         out.downcase =~ /^error/
+        # skip this test if the server can't run the query
+        skip_resource("Can't connect to MySQL instance for SQL checks.")
+      end
+
+      # return the raw command output
+      cmd
     end
 
-    # return the raw command output
-    cmd
-  end
-
-  def to_s
-    'MySQL Session'
-  end
+    def to_s
+      'MySQL Session'
+    end
 
-  private
+    private
 
-  def init_fallback
-    # support debian mysql administration login
-    debian = inspec.command('test -f /etc/mysql/debian.cnf && cat /etc/mysql/debian.cnf').stdout
-    return if debian.empty?
+    def init_fallback
+      # support debian mysql administration login
+      debian = inspec.command('test -f /etc/mysql/debian.cnf && cat /etc/mysql/debian.cnf').stdout
+      return if debian.empty?
 
-    user = debian.match(/^\s*user\s*=\s*([^ ]*)\s*$/)
-    pass = debian.match(/^\s*password\s*=\s*([^ ]*)\s*$/)
-    return if user.nil? or pass.nil?
-    @user = user[1]
-    @pass = pass[1]
+      user = debian.match(/^\s*user\s*=\s*([^ ]*)\s*$/)
+      pass = debian.match(/^\s*password\s*=\s*([^ ]*)\s*$/)
+      return if user.nil? or pass.nil?
+      @user = user[1]
+      @pass = pass[1]
+    end
   end
 end