inspec 0.19.3 → 0.20.0

data/lib/resources/os.rb

@@ -13,7 +13,7 @@ module Inspec::Resources
     "
 
     # reuse helper methods from backend
-    %w{aix? redhat? debian? suse? bsd? solaris? linux? unix? windows?}.each do |os_family|
+    %w{aix? redhat? debian? suse? bsd? solaris? linux? unix? windows? hpux?}.each do |os_family|
       define_method(os_family.to_sym) do
         inspec.backend.os.send(os_family)
       end
@@ -25,6 +25,15 @@ module Inspec::Resources
       inspec.backend.os[name]
     end
 
+    def params
+      {
+        name: inspec.backend.os[:name],
+        family: inspec.backend.os[:family],
+        release: inspec.backend.os[:release],
+        arch: inspec.backend.os[:arch],
+      }
+    end
+
     def to_s
       'Operating System Detection'
     end

data/lib/resources/package.rb

@@ -41,6 +41,8 @@ module Inspec::Resources
         @pkgman = BffPkg.new(inspec)
       elsif os.solaris?
         @pkgman = SolarisPkg.new(inspec)
+      elsif ['hpux'].include?(os[:family])
+        @pkgman = HpuxPkg.new(inspec)
       else
         return skip_resource 'The `package` resource is not supported on your OS yet.'
       end
@@ -168,6 +170,20 @@ module Inspec::Resources
     end
   end
 
+  class HpuxPkg < PkgManagement
+    def info(package_name)
+      cmd = inspec.command("swlist -l product | grep #{package_name}")
+      return nil if cmd.exit_status.to_i != 0
+      pkg = cmd.stdout.strip.split(' ')
+      {
+        name: pkg[0],
+        installed: true,
+        version: pkg[1],
+        type: 'pkg',
+      }
+    end
+  end
+
   # Determines the installed packages on Windows
   # Currently we use 'Get-WmiObject -Class Win32_Product' as a detection method
   # TODO: evaluate if alternative methods as proposed by Microsoft are still valid:

data/lib/resources/user.rb

@@ -67,6 +67,8 @@ module Inspec::Resources
         @user_provider = AixUser.new(inspec)
       elsif os.solaris?
         @user_provider = SolarisUser.new(inspec)
+      elsif ['hpux'].include?(os[:family])
+        @user_provider = HpuxUser.new(inspec)
       else
         return skip_resource 'The `user` resource is not supported on your OS yet.'
       end
@@ -330,6 +332,18 @@ module Inspec::Resources
     end
   end
 
+  class HpuxUser < UnixUser
+    def meta_info(username)
+      hpuxuser = inspec.command("logins -x -l #{username}")
+      return nil if hpuxuser.exit_status != 0
+      user = hpuxuser.stdout.chomp.split(' ')
+      {
+        home: user[4],
+        shell: user[5],
+      }
+    end
+  end
+
   # we do not use 'finger' for MacOS, because it is harder to parse data with it
   # @see https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/fingerd.8.html
   # instead we use 'dscl' to request user data

data/lib/resources/xinetd.rb

@@ -3,9 +3,10 @@
 # author: Dominik Richter
 
 require 'utils/parser'
+require 'utils/filter'
 
 module Inspec::Resources
-  class XinetdConf < Inspec.resource(1) # rubocop:disable Metrics/ClassLength
+  class XinetdConf < Inspec.resource(1)
     name 'xinetd_conf'
     desc 'Xinetd services configuration.'
     example "
@@ -20,112 +21,33 @@ module Inspec::Resources
 
     include XinetdParser
 
-    def initialize(conf_path = '/etc/xinetd.conf', opts = {})
+    def initialize(conf_path = '/etc/xinetd.conf')
       @conf_path = conf_path
-      @params = opts[:params] unless opts[:params].nil?
-      @filters = opts[:filters] || ''
       @contents = {}
     end
 
     def to_s
-      "Xinetd config #{@conf_path}"
-    end
-
-    def services(condition = nil)
-      condition.nil? ? params['services'].keys : filter(service: condition)
-    end
-
-    def ids(condition = nil)
-      condition.nil? ? services_field('id') : filter(id: condition)
-    end
-
-    def socket_types(condition = nil)
-      condition.nil? ? services_field('socket_type') : filter(socket_type: condition)
-    end
-
-    def types(condition = nil)
-      condition.nil? ? services_field('type') : filter(type: condition)
-    end
-
-    def wait(condition = nil)
-      condition.nil? ? services_field('wait') : filter(wait: condition)
-    end
-
-    def disabled?
-      filter(disable: 'no').services.empty?
-    end
-
-    def enabled?
-      filter(disable: 'yes').services.empty?
+      "Xinetd config #{@conf_path}#{@filters}"
     end
 
     def params
-      return @params if defined?(@params)
-      return @params = {} if read_content.nil?
-      flat_params = parse_xinetd(read_content)
-      @params = { 'services' => {} }
-      flat_params.each do |k, v|
-        name = k[/^service (.+)$/, 1]
-        if name.nil?
-          @params[k] = v
-        else
-          @params['services'][name] = v
-        end
-      end
-      @params
+      @params ||= read_params
     end
 
-    def filter(conditions = {})
-      res = params.dup
-      filters = ''
-      conditions.each do |k, v|
-        v = v.to_s if v.is_a? Integer
-        filters += " #{k} = #{v.inspect}"
-        res['services'] = filter_by(res['services'], k.to_s, v)
-      end
-      XinetdConf.new(@conf_path, params: res, filters: filters)
-    end
+    filter = FilterTable.create
+    filter.add_accessor(:where)
+          .add_accessor(:entries)
+          .add(:services,     field: 'service')
+          .add(:ids,          field: 'id')
+          .add(:socket_types, field: 'socket_type')
+          .add(:types,        field: 'type')
+          .add(:wait,         field: 'wait')
+          .add(:disabled?) { |x| x.where('disable' => 'no').services.empty? }
+          .add(:enabled?) { |x| x.where('disable' => 'yes').services.empty? }
+          .connect(self, :service_lines)
 
     private
 
-    # Retrieve the provided field from all configured services.
-    #
-    # @param [String] field name, e.g. `socket_type`
-    # @return [Array[String]] all values of this field across services
-    def services_field(field)
-      params['services'].values.compact.flatten
-                        .map { |x| x.params[field] }.flatten.compact
-    end
-
-    def match_condition(sth, condition)
-      case sth
-      # this does Regex-matching as well as string comparison
-      when condition
-        true
-      else
-        false
-      end
-    end
-
-    # Filter services by a criteria. This allows for search queries for
-    # certain values.
-    #
-    # @param [Hash] service collection
-    # @param [String] search key you want to query
-    # @param [Any] search value that the key should match
-    # @return [Hash] filtered service collection
-    def filter_by(services, k, v)
-      if k == 'service'
-        return Hash[services.find_all { |name, _| match_condition(v, name) }]
-      end
-      Hash[services.map { |name, service_arr|
-        found = service_arr.find_all { |service|
-          match_condition(service.params[k], v)
-        }
-        found.empty? ? nil : [name, found]
-      }.compact]
-    end
-
     def read_content(path = @conf_path)
       return @contents[path] if @contents.key?(path)
       file = inspec.file(path)
@@ -140,5 +62,28 @@ module Inspec::Resources
 
       @contents[path]
     end
+
+    def read_params
+      return {} if read_content.nil?
+      flat_params = parse_xinetd(read_content)
+      params = { 'services' => {} }
+
+      # parse services that were defined:
+      flat_params.each do |k, v|
+        name = k[/^service (.+)$/, 1]
+        if name.nil?
+          params[k] = v
+        else
+          params['services'][name] = v
+          # add the service identifier to its parameters
+          v.each { |service| service.params['service'] = name }
+        end
+      end
+      params
+    end
+
+    def service_lines
+      @services ||= params['services'].values.flatten.map(&:params)
+    end
   end
 end

data/lib/utils/filter.rb

@@ -0,0 +1,184 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Stephan Renatus
+# author: Christoph Hartmann
+
+module FilterTable
+  module Show; end
+
+  class Trace
+    def initialize
+      @chain = []
+    end
+
+    %w{== != >= > < <= =~ !~}.each do |m|
+      define_method m.to_sym do |*args|
+        res = Trace.new
+        @chain.push([[m.to_sym] + args, res])
+        res
+      end
+    end
+
+    def method_missing(*args)
+      res = Trace.new
+      @chain.push([args, res])
+      res
+    end
+
+    def self.to_ruby(trace)
+      chain = trace.instance_variable_get(:@chain)
+      return '' if chain.empty?
+      ' ' + chain.map do |el|
+        m = el[0][0]
+        args = el[0].drop(1)
+        nxt = to_ruby(el[1])
+        next m.to_s + nxt if args.empty?
+        next m.to_s + ' ' + args[0].inspect + nxt if args.length == 1
+        m.to_s + '(' + args.map(&:inspect).join(', ') + ')' + nxt
+      end.join(' ')
+    end
+  end
+
+  class Table
+    attr_reader :params
+    def initialize(resource, params, filters)
+      @resource = resource
+      @params = params
+      @filters = filters
+    end
+
+    def where(conditions = {}, &block)
+      return self if !conditions.is_a?(Hash)
+      return self if conditions.empty? && !block_given?
+
+      filters = ''
+      table = @params
+      conditions.each do |field, condition|
+        filters += " #{field} == #{condition.inspect}"
+        table = filter_lines(table, field, condition)
+      end
+
+      if block_given?
+        table = table.find_all { |e| new_entry(e, '').instance_eval(&block) }
+        src = Trace.new
+        src.instance_eval(&block)
+        filters += Trace.to_ruby(src)
+      end
+
+      self.class.new(@resource, table, @filters + filters)
+    end
+
+    def new_entry(*_)
+      fail "#{self.class} must not be used on its own. It must be inherited "\
+           'and the #new_entry method must be implemented. This is an internal '\
+           'error and should not happen.'
+    end
+
+    def entries
+      f = @resource.to_s + @filters.to_s + ' one entry'
+      @params.map do |line|
+        new_entry(line, f)
+      end
+    end
+
+    def get_fields(*fields)
+      @params.map do |line|
+        fields.map { |f| line[f] }
+      end.flatten
+    end
+
+    def to_s
+      @resource.to_s + @filters
+    end
+
+    alias inspect to_s
+
+    private
+
+    def filter_lines(table, field, condition)
+      table.find_all do |line|
+        next unless line.key?(field)
+        case line[field]
+        when condition
+          true
+        else
+          false
+        end
+      end
+    end
+  end
+
+  class Factory
+    def initialize
+      @accessors = []
+      @fields = {}
+      @blocks = {}
+    end
+
+    def connect(resource, table_accessor) # rubocop:disable Metrics/AbcSize
+      # create the table structure
+      fields = @fields
+      blocks = @blocks
+      struct_fields = fields.values
+
+      # the struct to hold single items from the #entries method
+      entry_struct = Struct.new(*struct_fields.map(&:to_sym)) do
+        attr_accessor :__filter
+        def to_s # rubocop:disable Lint/NestedMethodDefinition
+          @__filter || super
+        end
+      end unless struct_fields.empty?
+
+      # the main filter table
+      table = Class.new(Table) {
+        fields.each do |method, field_name|
+          block = blocks[method]
+          define_method method.to_sym do |condition = Show, &cond_block|
+            return block.call(self) unless block.nil?
+            return where(nil).get_fields(field_name) if condition == Show && !block_given?
+            where({ field_name => condition }, &cond_block)
+          end
+        end
+
+        define_method :new_entry do |hashmap, filter = ''|
+          return entry_struct.new if hashmap.nil?
+          res = entry_struct.new(*struct_fields.map { |x| hashmap[x] })
+          res.__filter = filter
+          res
+        end
+      }
+
+      # define all access methods with the parent resource
+      accessors = @accessors + @fields.keys
+      accessors.each do |method_name|
+        resource.send(:define_method, method_name.to_sym) do |*args, &block|
+          filter = table.new(self, method(table_accessor).call, ' with')
+          filter.method(method_name.to_sym).call(*args, &block)
+        end
+      end
+    end
+
+    def add_accessor(method_name)
+      if method_name.nil?
+        throw RuntimeError, "Called filter.add_delegator for resource #{@resource} with method name nil!"
+      end
+      @accessors.push(method_name)
+      self
+    end
+
+    def add(method_name, opts = {}, &block)
+      if method_name.nil?
+        throw RuntimeError, "Called filter.add for resource #{@resource} with method name nil!"
+      end
+
+      field_name = opts[:field] || method_name
+      @fields[method_name.to_sym] = field_name
+      @blocks[method_name.to_sym] = block
+      self
+    end
+  end
+
+  def self.create
+    Factory.new
+  end
+end

data/lib/utils/hash_map.rb

@@ -0,0 +1,37 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+class HashMap
+  class << self
+    def [](hash, *keys)
+      return hash if keys.empty? || hash.nil?
+      key = keys.shift
+      if hash.is_a?(Array)
+        map = hash.map { |i| [i, key] }
+      else
+        map = hash[key]
+      end
+      [map, *keys]
+    rescue NoMethodError => _
+      nil
+    end
+  end
+end
+
+class StringMap
+  class << self
+    def [](hash, *keys)
+      return hash if keys.empty? || hash.nil?
+      key = keys.shift
+      if hash.is_a?(Array)
+        map = hash.map { |i| [i, key] }
+      else
+        map = hash[key]
+      end
+      [map, *keys]
+    rescue NoMethodError => _
+      nil
+    end
+  end
+end