inspec 0.31.0 → 0.32.0

data/lib/inspec/rule.rb

@@ -27,6 +27,7 @@ module Inspec
       @__profile_id = profile_id
       @__checks = []
       @__skip_rule = nil
+      @__merge_count = 0
 
       # evaluate the given definition
       instance_eval(&block) if block_given?
@@ -135,6 +136,10 @@ module Inspec
       rule.instance_variable_set(:@__skip_rule, value)
     end
 
+    def self.merge_count(rule)
+      rule.instance_variable_get(:@__merge_count)
+    end
+
     def self.prepare_checks(rule)
       msg = skip_status(rule)
       return checks(rule) unless msg
@@ -169,6 +174,8 @@ module Inspec
       dst.instance_variable_set(:@__checks, sc) unless sc.empty?
       sr = skip_status(src)
       set_skip_rule(dst, sr) unless sr.nil?
+      # increment merge count
+      dst.instance_variable_set(:@__merge_count, merge_count(dst) + 1)
     end
 
     private

data/lib/inspec/runner.rb

@@ -18,7 +18,7 @@ module Inspec
     extend Forwardable
     attr_reader :backend, :rules, :attributes
     def initialize(conf = {})
-      @rules = {}
+      @rules = []
       @conf = conf.dup
       @conf[:logger] ||= Logger.new(nil)
 
@@ -131,26 +131,37 @@ module Inspec
         profile.runner_context = ctx
       end
 
-      append_content(ctx, tests, libs, options)
-    end
-
-    # Returns the profile context used to evaluate the given content.
-    def append_content(ctx, tests, _libs, options = {})
       # evaluate the test content
-      tests = [tests] unless tests.is_a? Array
-      tests.each { |t| add_test_to_context(t, ctx) }
+      Array(tests).each { |t| add_test_to_context(t, ctx) }
 
       # merge and collect all attributes
       @attributes |= ctx.attributes
 
       # process the resulting rules
-      filter_controls(ctx.rules, options[:controls]).each do |rule_id, rule|
-        register_rule(rule_id, rule)
+      filter_controls(ctx.all_rules, options[:controls]).each do |rule|
+        register_rule(rule)
       end
 
       ctx
     end
 
+    # In some places we read the rules off of the runner, in other
+    # places we read it off of the profile context. To keep the API's
+    # the same, we provide an #all_rules method here as well.
+    def all_rules
+      @rules
+    end
+
+    def register_rules(ctx)
+      new_tests = false
+      ctx.rules.each do |rule_id, rule|
+        next if block_given? && !(yield rule_id, rule)
+        new_tests = true
+        register_rule(rule)
+      end
+      new_tests
+    end
+
     def_delegator :@test_collector, :run
     def_delegator :@test_collector, :report
     def_delegator :@test_collector, :reset
@@ -163,9 +174,9 @@ module Inspec
       ctx.load(content, test[:ref], test[:line])
     end
 
-    def filter_controls(controls_map, include_list)
-      return controls_map if include_list.nil? || include_list.empty?
-      controls_map.select do |_, c|
+    def filter_controls(controls_array, include_list)
+      return controls_array if include_list.nil? || include_list.empty?
+      controls_array.select do |c|
         id = ::Inspec::Rule.rule_id(c)
         include_list.include?(id)
       end
@@ -214,8 +225,8 @@ module Inspec
       nil
     end
 
-    def register_rule(rule_id, rule)
-      @rules[rule_id] = rule
+    def register_rule(rule)
+      @rules << rule
       checks = ::Inspec::Rule.prepare_checks(rule)
       examples = checks.map do |m, a, b|
         get_check_example(m, a, b)

data/lib/inspec/runner_rspec.rb

@@ -18,11 +18,6 @@ module Inspec
       reset
     end
 
-    def reset
-      reset_tests
-      configure_output
-    end
-
     # Create a new RSpec example group from arguments and block.
     #
     # @param [Type] *args list of arguments for this example
@@ -94,10 +89,11 @@ module Inspec
     # Empty the list of registered tests.
     #
     # @return [nil]
-    def reset_tests
+    def reset
       @tests = RSpec::Core::World.new
       # resets "pending examples" in reporter
       RSpec.configuration.reset
+      configure_output
     end
 
     private

data/lib/inspec/shell.rb

@@ -3,6 +3,7 @@
 # author: Christoph Hartmann
 
 require 'rspec/core/formatters/base_text_formatter'
+require 'pry'
 
 module Inspec
   # A pry based shell for inspec. Given a runner (with a configured backend and
@@ -11,18 +12,25 @@ module Inspec
   class Shell
     def initialize(runner)
       @runner = runner
-      # load and configure pry
-      require 'pry'
-      configure_pry
     end
 
     def start
-      # store context to run commands in this context
-      c = { content: 'binding.pry', ref: nil, line: nil }
-      @runner.add_content(c, [])
+      # Create an in-memory empty runner so that we can add tests to it later.
+      # This context lasts for the duration of this "start" method call/pry
+      # session.
+      @ctx = @runner.create_context
+      configure_pry
+
+      # This will hold a single evaluation binding context as opened within
+      # the instance_eval context of the anonymous class that the profile
+      # context creates to evaluate each individual test file. We want to
+      # pretend like we are constantly appending to the same file and want
+      # to capture the local variable context from inside said class.
+      @ctx_binding = @ctx.load('binding')
+      @ctx_binding.pry
     end
 
-    def configure_pry
+    def configure_pry # rubocop:disable Metrics/AbcSize
       # Remove all hooks and checks
       Pry.hooks.clear_all
       that = self
@@ -37,25 +45,34 @@ module Inspec
       Pry.prompt = [proc { "#{readline_ignore("\e[0;32m")}#{Pry.config.prompt_name}> #{readline_ignore("\e[0m")}" }]
 
       # Add a help menu as the default intro
-      Pry.hooks.add_hook(:before_session, :intro) do
+      Pry.hooks.add_hook(:before_session, 'inspec_intro') do
         intro
       end
 
-      # execute describe blocks
-      Pry.hooks.add_hook(:after_eval, 'run_controls') do |output, _binding, _pry_|
-        next unless output.is_a?(Inspec::Rule)
-        # reset tests, register the control and execute the runner
+      # Track the rules currently registered and what their merge count is.
+      Pry.hooks.add_hook(:before_eval, 'inspec_before_eval') do
+        @current_eval_rules = @ctx.rules.each_with_object({}) do |(rule_id, rule), h|
+          h[rule_id] = Inspec::Rule.merge_count(rule)
+        end
         @runner.reset
-        @runner.method(:register_rule).call(output.id, output)
-        @runner.run
+      end
+
+      # After pry has evaluated a commanding within the binding context of a
+      # test file, register all the rules it discovered.
+      Pry.hooks.add_hook(:after_eval, 'inspec_after_eval') do
+        @current_eval_new_tests =
+          @runner.register_rules(@ctx) do |rule_id, rule|
+            @current_eval_rules[rule_id] != Inspec::Rule.merge_count(rule)
+          end
+        @runner.run if @current_eval_new_tests
       end
 
       # Don't print out control class inspection when the user uses DSL methods.
       # Instead produce a result of evaluating their control.
-      Pry.config.print = proc do |_output, value, pry_|
-        next if value.is_a?(Inspec::Rule)
-        pry_.pager.open do |pager|
-          pager.print pry_.config.output_prefix
+      Pry.config.print = proc do |_output_, value, pry|
+        next if @current_eval_new_tests
+        pry.pager.open do |pager|
+          pager.print pry.config.output_prefix
           Pry::ColorPrinter.pp(value, pager, Pry::Terminal.width! - 1)
         end
       end
@@ -141,12 +158,4 @@ EOF
       puts Inspec::Resource.registry.keys.join(' ')
     end
   end
-
-  class NoSummaryFormatter < RSpec::Core::Formatters::BaseTextFormatter
-    RSpec::Core::Formatters.register self, :dump_summary
-
-    def dump_summary(*_args)
-      # output nothing
-    end
-  end
 end

data/lib/inspec/version.rb

@@ -1,7 +1,8 @@
 # encoding: utf-8
+# frozen_string_literal: true
 # author: Dominik Richter
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '0.31.0'.freeze
+  VERSION = '0.32.0'.freeze
 end

data/lib/resources/host.rb

@@ -32,6 +32,10 @@ module Inspec::Resources
       describe host('example.com') do
         it { should be_reachable }
       end
+
+      describe host('example.com', port: '80') do
+        it { should be_reachable }
+      end
     "
 
     def initialize(hostname, params = {})
@@ -49,7 +53,7 @@ module Inspec::Resources
       end
     end
 
-    # if we get the IP adress, the host is resolvable
+    # if we get the IP address, the host is resolvable
     def resolvable?(type = nil)
       warn "The `host` resource ignores #{type} parameters. Continue to resolve host." if !type.nil?
       resolve.nil? || resolve.empty? ? false : true
@@ -60,7 +64,7 @@ module Inspec::Resources
       ping.nil? ? false : ping
     end
 
-    # returns all A records of the IP adress, will return an array
+    # returns all A records of the IP address, will return an array
     def ipaddress
       resolve.nil? || resolve.empty? ? nil : resolve
     end
@@ -122,9 +126,7 @@ module Inspec::Resources
       # TCP and port: Test-NetConnection -ComputerName www.microsoft.com -RemotePort 80
       request = "Test-NetConnection -ComputerName #{hostname}"
       request += " -RemotePort #{port}" unless port.nil?
-      request += '| Select-Object -Property ComputerName, RemoteAddress, RemotePort, SourceAddress, PingSucceeded | ConvertTo-Json'
-      p request
-      request += '| Select-Object -Property ComputerName, PingSucceeded | ConvertTo-Json'
+      request += '| Select-Object -Property ComputerName, TcpTestSucceeded, PingSucceeded | ConvertTo-Json'
       cmd = inspec.command(request)
 
       begin
@@ -133,7 +135,12 @@ module Inspec::Resources
         return nil
       end
 
-      ping['PingSucceeded']
+      # Logic being if you provided a port you wanted to check it was open
+      if port.nil?
+        ping['PingSucceeded']
+      else
+        ping['TcpTestSucceeded']
+      end
     end
 
     def resolve(hostname)

data/lib/resources/iis_site.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+# frozen_string_literal: true
 # check for site in IIS
 # Usage:
 # describe iis_site('Default Web Site') do

data/lib/resources/os.rb

@@ -21,7 +21,7 @@ module Inspec::Resources
     "
 
     # reuse helper methods from backend
-    %w{aix? redhat? debian? suse? bsd? solaris? linux? unix? windows? hpux?}.each do |os_family|
+    %w{aix? redhat? debian? suse? bsd? solaris? linux? unix? windows? hpux? darwin?}.each do |os_family|
       define_method(os_family.to_sym) do
         inspec.backend.os.send(os_family)
       end

data/lib/resources/package.rb

@@ -184,14 +184,27 @@ module Inspec::Resources
     end
   end
 
-  # Determines the installed packages on Windows
-  # Currently we use 'Get-WmiObject -Class Win32_Product' as a detection method
-  # TODO: evaluate if alternative methods as proposed by Microsoft are still valid:
+  # Determines the installed packages on Windows using the Windows package registry entries.
   # @see: http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/15/use-powershell-to-find-installed-software.aspx
   class WindowsPkg < PkgManagement
     def info(package_name)
+      search_paths = [
+        'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*',
+        'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*',
+      ]
+
+      # add 64 bit search paths
+      if inspec.os.arch == 'x86_64'
+        search_paths << 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*'
+        search_paths << 'HKCU:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*'
+      end
+
       # Find the package
-      cmd = inspec.command("Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -eq '#{package_name}'} | Select-Object -Property Name,Version,Vendor,PackageCode,Caption,Description | ConvertTo-Json")
+      cmd = inspec.command <<-EOF.gsub(/^\s*/, '')
+        Get-ItemProperty (@("#{search_paths.join('", "')}") | Where-Object { Test-Path $_ }) |
+        Where-Object { $_.DisplayName -like "#{package_name}*" -or $_.PSChildName -like "#{package_name}" } |
+        Select-Object -Property DisplayName,DisplayVersion | ConvertTo-Json
+      EOF
 
       begin
         package = JSON.parse(cmd.stdout)
@@ -199,10 +212,13 @@ module Inspec::Resources
         return nil
       end
 
+      # What if we match multiple packages?  just pick the first one for now.
+      package = package[0] if package.is_a?(Array)
+
       {
-        name: package['Name'],
+        name: package['DisplayName'],
         installed: true,
-        version: package['Version'],
+        version: package['DisplayVersion'],
         type: 'windows',
       }
     end

data/lib/resources/port.rb

@@ -5,17 +5,6 @@
 require 'utils/parser'
 require 'utils/filter'
 
-# Usage:
-# describe port(80) do
-#   it { should be_listening }
-#   its('protocol') {should eq 'tcp'}
-# end
-#
-# not supported serverspec syntax
-# describe port(80) do
-#   it { should be_listening.with('tcp') }
-# end
-#
 # TODO: currently we return local ip only
 # TODO: improve handling of same port on multiple interfaces
 module Inspec::Resources
@@ -26,6 +15,7 @@ module Inspec::Resources
       describe port(80) do
         it { should be_listening }
         its('protocols') {should eq ['tcp']}
+        its('addresses') {should eq ['127.0.0.1']}
       end
 
       describe port.where { protocol =~ /tcp/ && port > 80 } do

data/lib/resources/service.rb

@@ -77,6 +77,7 @@ module Inspec::Resources
         it { should be_enabled }
         it { should be_running }
         its('type') { should be 'systemd' }
+        its ('startmode') { should be 'Auto'}
       end
 
       describe service('service_name').runlevels(3, 5) do
@@ -210,6 +211,12 @@ module Inspec::Resources
       info[:description]
     end
 
+    # returns the service start up mode from info
+    def startmode
+      return nil if info.nil?
+      info[:startmode]
+    end
+
     def to_s
       "Service #{@service_name}"
     end
@@ -547,6 +554,7 @@ module Inspec::Resources
     #
     # Until StartMode is not added to Get-Service, we need to do a workaround
     # @see: https://connect.microsoft.com/PowerShell/feedback/details/424948/i-would-like-to-see-the-property-starttype-added-to-get-services
+    # Also see: https://msdn.microsoft.com/en-us/library/aa384896(v=vs.85).aspx
     # Use the following powershell to determine the start mode
     # PS: Get-WmiObject -Class Win32_Service | Where-Object {$_.Name -eq $name -or $_.DisplayName -eq $name} | Select-Object -Prop
     # erty Name, StartMode, State, Status | ConvertTo-Json
@@ -587,6 +595,7 @@ module Inspec::Resources
         installed: true,
         running: service_running?(service),
         enabled: service_enabled?(service),
+        startmode: service['WMI']['StartMode'],
         type: 'windows',
       }
     end

data/lib/resources/user.rb

@@ -438,7 +438,7 @@ module Inspec::Resources
         ConvertTo-Json
       EOH
 
-      cmd = inspec.script(script)
+      cmd = inspec.powershell(script)
 
       # cannot rely on exit code for now, successful command returns exit code 1
       # return nil if cmd.exit_status != 0, try to parse json
@@ -448,18 +448,18 @@ module Inspec::Resources
         return nil
       end
 
-      user = params['User']['Caption'] unless params['User'].nil?
-      groups = params['Groups']
+      user_hash = params['User'] || {}
+      group_hashes = params['Groups'] || []
       # if groups is no array, generate one
-      groups = [groups] if !groups.is_a?(Array)
-      groups = groups.map { |grp| grp['Caption'] } unless params['Groups'].nil?
+      group_hashes = [group_hashes] unless group_hashes.is_a?(Array)
+      group_names = group_hashes.map { |grp| grp['Caption'] }
 
       {
-        uid: nil,
-        user: user,
+        uid: user_hash['SID'],
+        user: user_hash['Caption'],
         gid: nil,
         group: nil,
-        groups: groups,
+        groups: group_names,
       }
     end