inspec 0.30.0 → 0.31.0

data/test/resource/file_test.rb

@@ -1,146 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-#
-# On most systems I've used a link to /proc/kcore is placed at
-# /dev/core. However, on TravisCI we also see it at /dev/kcore.
-#
-# Since we are using this file to test some properties of symlinks, we
-# don't particularly care where it is, so here we use /dev/kcore if it
-# exists and otherwise fall back to /dev/core.
-#
-kcore_dev = if file('/dev/kcore').exist?
-              '/dev/kcore'
-            else
-              '/dev/core'
-            end
-
-describe file('/tmp') do
-  it { should exist }
-end
-
-describe file('/tmpest') do
-  it { should_not exist }
-end
-
-describe file('/tmp') do
-  its('type') { should eq :directory }
-  it { should be_directory }
-end
-
-describe file('/proc/version') do
-  its('type') { should eq :file }
-  it { should be_file }
-  it { should_not be_directory }
-end
-
-describe file('/dev/stdout') do
-  its('type') { should eq :pipe }
-  its('source.type') { should eq :symlink }
-  it { should be_symlink }
-  it { should be_pipe }
-  it { should_not be_file }
-  it { should_not be_directory }
-end
-
-describe file('/dev/zero') do
-  its('type') { should eq :character_device }
-  it { should be_character_device }
-  it { should_not be_file }
-  it { should_not be_directory }
-end
-
-# describe file('...') do
-#   its('type') { should eq :block_device }
-#   it { should be_block_device }
-# end
-
-# describe file('...') do
-#   its('type') { should eq :socket }
-#   it { should be_socket }
-# end
-
-# describe file('...') do
-#   its('type') { should eq :pipe }
-#   it { should be_pipe }
-# end
-
-describe file('/dev') do
-  its('mode') { should eq 00755 }
-end
-
-describe file('/dev') do
-  it { should be_mode 00755 }
-end
-
-describe file('/root') do
-  its('owner') { should eq 'root' }
-end
-
-describe file('/dev') do
-  it { should be_owned_by 'root' }
-end
-
-describe file('/root') do
-  its('group') { should eq 'root' }
-end
-
-describe file('/dev') do
-  it { should be_grouped_into 'root' }
-end
-
-describe file(kcore_dev) do
-  its('link_path') { should eq '/proc/kcore' }
-end
-
-describe file(kcore_dev) do
-  it { should be_linked_to '/proc/kcore' }
-end
-
-describe file('/proc/cpuinfo') do
-  its('content') { should match /^processor/ }
-end
-
-describe file('/').mtime.to_i do
-  it { should <= Time.now.to_i }
-  it { should >= Time.now.to_i - 1000}
-end
-
-describe file('/') do
-  its('size') { should be > 64 }
-  its('size') { should be < 10240 }
-end
-
-describe file('/proc/cpuinfo') do
-  its('size') { should be 0 }
-end
-
-# @TODO selinux_label
-
-# @TODO skip as the mount command is not reliably present on all test containers
-# describe file('/proc') do
-#   it { should be_mounted }
-# end
-
-describe file('/proc/cpuinfo') do
-  it { should_not be_mounted }
-end
-
-# @TODO immutable?
-# @TODO product_version
-# @TODO file_version
-# @TODO version?
-
-require 'digest'
-cpuinfo = file('/proc/cpuinfo').content
-
-md5sum = Digest::MD5.hexdigest(cpuinfo)
-describe file('/proc/cpuinfo') do
-  its('md5sum') { should eq md5sum }
-end
-
-sha256sum = Digest::SHA256.hexdigest(cpuinfo)
-describe file('/proc/cpuinfo') do
-  its('sha256sum') { should eq sha256sum }
-end

data/test/resource/ssh_config.rb

@@ -1,9 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-return unless command('ssh').exist?
-
-describe ssh_config do
-  its('SendEnv') { should include('GORDON_CLIENT') }
-end

data/test/resource/sshd_config.rb

@@ -1,9 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-return unless command('sshd').exist?
-
-describe sshd_config do
-  its('AcceptEnv') { should include('GORDON_SERVER') }
-end

data/test/test-extra.yaml

@@ -1,11 +0,0 @@
-images:
-- centos:5.11
-- centos:7.0.1406
-- debian:6.0.10
-- fedora:20
-- oraclelinux:5.11
-- oraclelinux:6.7
-- oraclelinux:7.1
-- ubuntu:10.04
-- ubuntu:13.04
-- ubuntu:15.10

data/test/test.yaml

@@ -1,11 +0,0 @@
-images:
-- centos:6.6
-- centos:6.7
-- centos:7.1.1503
-- debian:7.9
-- debian:8.2
-- fedora:21
-- fedora:22
-- ubuntu:12.04
-- ubuntu:14.04
-- ubuntu:15.04

data/test/unit/control_test.rb

@@ -1,58 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-require 'helper'
-
-describe 'controls' do
-  def load(content)
-    data = {
-      'inspec.yml' => "name: mock",
-      'controls/mock.rb' => "control '1' do\n#{content}\nend\n",
-    }
-    opts = { test_collector: Inspec::RunnerMock.new }
-    Inspec::Profile.for_target(data, opts)
-                   .params[:controls]['1']
-  end
-
-  it 'works with empty refs' do
-    load('ref')[:refs].must_be :empty?
-  end
-
-  it 'defines a simple ref' do
-    s = rand.to_s
-    load("ref #{s.inspect}")[:refs].must_equal [{:ref=>s}]
-  end
-
-  it 'defines a ref with url' do
-    s = rand.to_s
-    u = rand.to_s
-    load("ref #{s.inspect}, url: #{u.inspect}")[:refs].must_equal [{ref: s, url: u}]
-  end
-
-  it 'defines a ref without content but with url' do
-    u = rand.to_s
-    load("ref url: #{u.inspect}")[:refs].must_equal [{url: u}]
-  end
-
-  it 'works with empty tags' do
-    load('tag')[:tags].must_be :empty?
-  end
-
-  it 'defines a simple tag' do
-    s = rand.to_s
-    load("tag #{s.inspect}")[:tags].must_equal({ s => nil })
-  end
-
-  it 'define multiple tags' do
-    a, b, c = rand.to_s, rand.to_s, rand.to_s
-    load("tag #{a.inspect}, #{b.inspect}, #{c.inspect}")[:tags].must_equal(
-      { a => nil, b => nil, c => nil })
-  end
-
-  it 'tag by key=value' do
-    a, b = rand.to_s, rand.to_s
-    load("tag #{a.inspect} => #{b.inspect}")[:tags].must_equal(
-      { a => b })
-  end
-end

data/test/unit/fetchers/local_test.rb

@@ -1,67 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-require 'helper'
-
-describe Fetchers::Local do
-  let(:fetcher) { Fetchers::Local }
-
-  it 'registers with the fetchers registry' do
-    reg = Inspec::Fetcher.registry
-    _(reg['local']).must_equal fetcher
-  end
-
-  describe 'applied to this file' do
-    let(:res) { fetcher.resolve(__FILE__) }
-
-    it 'must be resolved' do
-      _(res).must_be_kind_of fetcher
-    end
-
-    it 'must only contain this file' do
-      _(res.files).must_equal [__FILE__]
-    end
-
-    it 'must not read if the file doesnt exist' do
-      _(res.read('file-does-not-exist')).must_be_nil
-    end
-
-    it 'must not read files not covered' do
-      not_covered = File.expand_path('../tar_test.rb', __FILE__)
-      _(File.file?(not_covered)).must_equal true
-      _(res.read(not_covered)).must_be_nil
-    end
-
-    it 'must read the contents of the file' do
-      _(res.read(__FILE__)).must_equal File.read(__FILE__)
-    end
-  end
-
-  describe 'applied to this folder' do
-    let(:path) { File.dirname(__FILE__) }
-    let(:res) { fetcher.resolve(path) }
-
-    it 'must be resolved' do
-      _(res).must_be_kind_of fetcher
-    end
-
-    it 'must contain all files' do
-      _(res.files).must_include __FILE__
-    end
-
-    it 'must not read if the file doesnt exist' do
-      _(res.read('file-not-in-folder')).must_be_nil
-    end
-
-    it 'must not read files not covered' do
-      not_covered = File.expand_path('../../../helper.rb', __FILE__)
-      _(File.file?(not_covered)).must_equal true
-      _(res.read(not_covered)).must_be_nil
-    end
-
-    it 'must read the contents of the file' do
-      _(res.read(__FILE__)).must_equal File.read(__FILE__)
-    end
-  end
-end

data/test/unit/fetchers/mock_test.rb

@@ -1,43 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-require 'helper'
-
-describe Fetchers::Mock do
-  let(:fetcher) { Fetchers::Mock }
-
-  it 'registers with the fetchers registry' do
-    reg = Inspec::Fetcher.registry
-    _(reg['mock']).must_equal fetcher
-  end
-
-  it 'wont load nil' do
-    fetcher.resolve(nil).must_be :nil?
-  end
-
-  it 'wont load a string' do
-    fetcher.resolve(rand.to_s).must_be :nil?
-  end
-
-  describe 'applied to a map' do
-    it 'must be resolved' do
-      fetcher.resolve({}).must_be_kind_of fetcher
-    end
-
-    it 'has no files on empty' do
-      fetcher.resolve({}).files.must_equal []
-    end
-
-    it 'has files' do
-      f = rand.to_s
-      fetcher.resolve({f => nil}).files.must_equal [f]
-    end
-
-    it 'can read a file' do
-      f = rand.to_s
-      s = rand.to_s
-      fetcher.resolve({f => s}).read(f).must_equal s
-    end
-  end
-end

data/test/unit/fetchers/tar_test.rb

@@ -1,36 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-require 'helper'
-
-describe Fetchers::Tar do
-  let(:fetcher) { Fetchers::Tar }
-
-  it 'registers with the fetchers registry' do
-    reg = Inspec::Fetcher.registry
-    _(reg['tar']).must_equal fetcher
-  end
-
-  describe 'applied to a tar archive' do
-    let(:target) { MockLoader.profile_tgz('complete-profile') }
-    let(:res) { fetcher.resolve(target) }
-
-    it 'must be resolved' do
-      _(res).must_be_kind_of fetcher
-    end
-
-    it 'must contain all files' do
-      _(res.files.sort).must_equal %w{inspec.yml libraries libraries/testlib.rb
-        controls controls/filesystem_spec.rb}.sort
-    end
-
-    it 'must not read if the file isnt included' do
-      _(res.read('file-not-in-archive')).must_be_nil
-    end
-
-    it 'must read the contents of the file' do
-      _(res.read('inspec.yml')).must_match /^name: complete$/
-    end
-  end
-end

data/test/unit/fetchers/url_test.rb

@@ -1,152 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-require 'helper'
-
-describe Fetchers::Url do
-  let(:fetcher) { Fetchers::Url }
-
-  it 'registers with the fetchers registry' do
-    reg = Inspec::Fetcher.registry
-    _(reg['url']).must_equal fetcher
-  end
-
-  describe 'testing different urls' do
-    let(:mock_file) { MockLoader.profile_path('complete-metadata') }
-    let(:fetcher) {
-      Class.new(Fetchers::Url) do
-        attr_reader :target, :archive
-        def initialize(target, opts)
-          @target = target
-          @archive = File.new(__FILE__)
-        end
-      end
-    }
-
-    it 'handles a http url' do
-      url = 'http://chef.io/some.tar.gz'
-      res = fetcher.resolve(url)
-      _(res).must_be_kind_of Fetchers::Local
-      _(res.parent).must_be_kind_of Fetchers::Url
-      _(res.parent.target).must_equal 'http://chef.io/some.tar.gz'
-    end
-
-    it 'handles a https url' do
-      url = 'https://chef.io/some.tar.gz'
-      res = fetcher.resolve(url)
-      _(res).must_be_kind_of Fetchers::Local
-      _(res.parent).must_be_kind_of Fetchers::Url
-      _(res.parent.target).must_equal 'https://chef.io/some.tar.gz'
-    end
-
-    it 'doesnt handle other schemas' do
-      fetcher.resolve('gopher://chef.io/some.tar.gz').must_be_nil
-    end
-
-    it 'only handles URLs' do
-      fetcher.resolve(__FILE__).must_be_nil
-    end
-
-    %w{https://github.com/chef/inspec
-       https://github.com/chef/inspec.git
-       https://www.github.com/chef/inspec.git
-       http://github.com/chef/inspec
-       http://github.com/chef/inspec.git
-       http://www.github.com/chef/inspec.git}.each do |github|
-      it "resolves a github url #{github}" do
-        res = fetcher.resolve(github)
-        _(res).wont_be_nil
-        _(res.parent.target).must_equal 'https://github.com/chef/inspec/archive/master.tar.gz'
-      end
-    end
-
-    it "resolves a github branch url" do
-      github = 'https://github.com/hardening-io/tests-os-hardening/tree/2.0'
-      res = fetcher.resolve(github)
-      _(res).wont_be_nil
-      _(res.parent.target).must_equal 'https://github.com/hardening-io/tests-os-hardening/archive/2.0.tar.gz'
-    end
-
-    it "resolves a github commit url" do
-      github = 'https://github.com/hardening-io/tests-os-hardening/tree/48bd4388ddffde68badd83aefa654e7af3231876'
-      res = fetcher.resolve(github)
-      _(res).wont_be_nil
-      _(res.parent.target).must_equal 'https://github.com/hardening-io/tests-os-hardening/archive/48bd4388ddffde68badd83aefa654e7af3231876.tar.gz'
-    end
-  end
-
-  describe 'applied to a valid url (mocked tar.gz)' do
-    let(:mock_file) { MockLoader.profile_tgz('complete-profile') }
-    let(:target) { 'http://myurl/file.tar.gz' }
-    let(:res) {
-      mock_open = Minitest::Mock.new
-      mock_open.expect :meta, {'content-type' => 'application/gzip'}
-      mock_open.expect :read, File.open(mock_file, 'rb').read
-      fetcher.expects(:open).returns(mock_open)
-      fetcher.resolve(target)
-    }
-
-    it 'must be resolved to the final format' do
-      _(res).must_be_kind_of Fetchers::Tar
-    end
-
-    it 'must be resolved to the final format' do
-      _(res.parent).must_be_kind_of fetcher
-    end
-
-    it 'must contain all files' do
-      _(res.files.sort).must_equal %w{inspec.yml libraries libraries/testlib.rb
-        controls controls/filesystem_spec.rb}.sort
-    end
-
-    it 'must not read if the file isnt included' do
-      _(res.read('file-not-in-archive')).must_be_nil
-    end
-
-    it 'must read the contents of the file' do
-      _(res.read('inspec.yml')).must_match /^name: complete$/
-    end
-  end
-
-  describe 'applied to a valid url (mocked zip)' do
-    let(:mock_file) { MockLoader.profile_zip('complete-profile') }
-    let(:target) { 'http://myurl/file.tar.gz' }
-    let(:res) {
-      mock_open = Minitest::Mock.new
-      mock_open.expect :meta, {'content-type' => 'application/zip'}
-      mock_open.expect :read, File.open(mock_file, 'rb').read
-      fetcher.expects(:open).returns(mock_open)
-      fetcher.resolve(target)
-    }
-
-    it 'must be resolved to the final format' do
-      _(res).must_be_kind_of Fetchers::Zip
-    end
-
-    it 'must contain all files' do
-      _(res.files.sort).must_equal %w{inspec.yml libraries libraries/testlib.rb
-        controls controls/filesystem_spec.rb}.sort
-    end
-
-    it 'must not read if the file isnt included' do
-      _(res.read('file-not-in-archive')).must_be_nil
-    end
-
-    it 'must read the contents of the file' do
-      _(res.read('inspec.yml')).must_match /^name: complete$/
-    end
-  end
-
-  describe 'applied to a valid url with wrong content-type' do
-    let(:mock_file) { MockLoader.profile_zip('complete-profile') }
-    let(:target) { 'http://myurl/file.tar.gz' }
-
-    it 'must be resolved to the final format' do
-      mock_open = Minitest::Mock.new
-      mock_open.expect :meta, {'content-type' => 'wrong'}
-      fetcher.expects(:open).returns(mock_open)
-      proc { fetcher.resolve(target) }.must_throw RuntimeError
-    end
-  end
-end

data/test/unit/fetchers/zip_test.rb

@@ -1,36 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-require 'helper'
-
-describe Fetchers::Zip do
-  let(:fetcher) { Fetchers::Zip }
-
-  it 'registers with the fetchers registry' do
-    reg = Inspec::Fetcher.registry
-    _(reg['zip']).must_equal fetcher
-  end
-
-  describe 'applied to a zipped archive' do
-    let(:target) { MockLoader.profile_zip('complete-profile') }
-    let(:res) { fetcher.resolve(target) }
-
-    it 'must be resolved' do
-      _(res).must_be_kind_of fetcher
-    end
-
-    it 'must contain all files' do
-      _(res.files.sort).must_equal %w{inspec.yml libraries libraries/testlib.rb
-        controls controls/filesystem_spec.rb}.sort
-    end
-
-    it 'must not read if the file isnt included' do
-      _(res.read('file-not-in-archive')).must_be_nil
-    end
-
-    it 'must read the contents of the file' do
-      _(res.read('inspec.yml')).must_match /^name: complete$/
-    end
-  end
-end

data/test/unit/fetchers_test.rb

@@ -1,65 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-require 'helper'
-
-describe Inspec::Fetcher do
-  it 'loads the local fetcher for this file' do
-    res = Inspec::Fetcher.resolve(__FILE__)
-    res.must_be_kind_of Fetchers::Local
-  end
-end
-
-describe Inspec::Plugins::RelFetcher do
-  def fetcher
-    src_fetcher.expects(:files).returns(in_files).at_least_once
-    Inspec::Plugins::RelFetcher.new(src_fetcher)
-  end
-
-  let(:src_fetcher) { mock() }
-
-  IN_AND_OUT = {
-    []                        => [],
-    %w{file}                  => %w{file},
-    # don't prefix just by filename
-    %w{file file_a}           => %w{file file_a},
-    %w{path/file path/file_a} => %w{file file_a},
-    %w{path/to/file}          => %w{file},
-    %w{/path/to/file}         => %w{file},
-    %w{alice bob}             => %w{alice bob},
-    # mixed paths
-    %w{x/a y/b}               => %w{x/a y/b},
-    %w{/x/a /y/b}             => %w{x/a y/b},
-    %w{z/x/a z/y/b}           => %w{x/a y/b},
-    %w{/z/x/a /z/y/b}         => %w{x/a y/b},
-    # mixed with relative path
-    %w{a path/to/b}           => %w{a path/to/b},
-    %w{path/to/b a}           => %w{path/to/b a},
-    %w{path/to/b path/a}      => %w{to/b a},
-    %w{path/to/b path/a c}    => %w{path/to/b path/a c},
-    # mixed with absolute paths
-    %w{/path/to/b /a}         => %w{path/to/b a},
-    %w{/path/to/b /path/a}    => %w{to/b a},
-    %w{/path/to/b /path/a /c} => %w{path/to/b path/a c},
-    # mixing absolute and relative paths
-    %w{path/a /path/b}        => %w{path/a /path/b},
-    %w{/path/a path/b}        => %w{/path/a path/b},
-    # extract folder structure buildup
-    %w{/a /a/b /a/b/c}        => %w{c},
-    %w{/a /a/b /a/b/c/d/e}    => %w{e},
-    # ignore pax_global_header, which are commonly seen in github tars and are not
-    # ignored by all tar streaming tools, its not extracted by GNU tar since 1.14
-    %w{/pax_global_header /a/b}    => %w{b},
-    %w{pax_global_header a/b}    => %w{b},
-  }.each do |ins, outs|
-    describe 'empty profile' do
-      let(:in_files) { ins }
-
-      it 'also has no files' do
-        fetcher.files.must_equal outs
-      end
-    end
-  end
-
-end