RubyGems - inspec - Versions diffs - 0.9.0 - Mend

inspec 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (247) hide show

checksums.yaml +7 -0
data/.gitignore +8 -0
data/.rubocop.yml +65 -0
data/.travis.yml +23 -0
data/CHANGELOG.md +38 -0
data/Gemfile +33 -0
data/LICENSE +201 -0
data/MAINTAINERS.md +28 -0
data/MAINTAINERS.toml +42 -0
data/README.md +257 -0
data/Rakefile +47 -0
data/bin/inspec +109 -0
data/docs/ctl_inspec.rst +195 -0
data/docs/dsl_inspec.rst +182 -0
data/docs/readme.rst +100 -0
data/docs/resources.rst +4319 -0
data/docs/template.rst +51 -0
data/examples/test-kitchen/.kitchen.yml +20 -0
data/examples/test-kitchen/Berksfile +3 -0
data/examples/test-kitchen/Gemfile +21 -0
data/examples/test-kitchen/README.md +27 -0
data/examples/test-kitchen/metadata.rb +7 -0
data/examples/test-kitchen/recipes/default.rb +6 -0
data/examples/test-kitchen/recipes/nginx.rb +30 -0
data/examples/test-kitchen/test/integration/default/web_spec.rb +28 -0
data/inspec.gemspec +30 -0
data/lib/inspec.rb +20 -0
data/lib/inspec/backend.rb +42 -0
data/lib/inspec/dsl.rb +151 -0
data/lib/inspec/log.rb +34 -0
data/lib/inspec/metadata.rb +79 -0
data/lib/inspec/plugins.rb +9 -0
data/lib/inspec/plugins/resource.rb +62 -0
data/lib/inspec/profile.rb +138 -0
data/lib/inspec/profile_context.rb +170 -0
data/lib/inspec/resource.rb +76 -0
data/lib/inspec/rspec_json_formatter.rb +27 -0
data/lib/inspec/rule.rb +170 -0
data/lib/inspec/runner.rb +154 -0
data/lib/inspec/shell.rb +66 -0
data/lib/inspec/targets.rb +9 -0
data/lib/inspec/targets/core.rb +27 -0
data/lib/inspec/targets/dir.rb +67 -0
data/lib/inspec/targets/file.rb +29 -0
data/lib/inspec/targets/folder.rb +43 -0
data/lib/inspec/targets/tar.rb +34 -0
data/lib/inspec/targets/url.rb +39 -0
data/lib/inspec/targets/zip.rb +47 -0
data/lib/inspec/version.rb +7 -0
data/lib/matchers/matchers.rb +221 -0
data/lib/resources/apache.rb +29 -0
data/lib/resources/apache_conf.rb +113 -0
data/lib/resources/apt.rb +140 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd_conf.rb +56 -0
data/lib/resources/auditd_rules.rb +53 -0
data/lib/resources/bond.rb +65 -0
data/lib/resources/bridge.rb +114 -0
data/lib/resources/command.rb +57 -0
data/lib/resources/csv.rb +32 -0
data/lib/resources/directory.rb +15 -0
data/lib/resources/etc_group.rb +150 -0
data/lib/resources/file.rb +110 -0
data/lib/resources/gem.rb +46 -0
data/lib/resources/group.rb +132 -0
data/lib/resources/host.rb +143 -0
data/lib/resources/inetd_conf.rb +56 -0
data/lib/resources/interface.rb +127 -0
data/lib/resources/iptables.rb +65 -0
data/lib/resources/json.rb +64 -0
data/lib/resources/kernel_module.rb +40 -0
data/lib/resources/kernel_parameter.rb +55 -0
data/lib/resources/limits_conf.rb +55 -0
data/lib/resources/login_def.rb +60 -0
data/lib/resources/mysql.rb +81 -0
data/lib/resources/mysql_conf.rb +116 -0
data/lib/resources/mysql_session.rb +52 -0
data/lib/resources/npm.rb +44 -0
data/lib/resources/ntp_conf.rb +58 -0
data/lib/resources/oneget.rb +63 -0
data/lib/resources/os.rb +22 -0
data/lib/resources/os_env.rb +34 -0
data/lib/resources/package.rb +169 -0
data/lib/resources/parse_config.rb +75 -0
data/lib/resources/passwd.rb +93 -0
data/lib/resources/pip.rb +75 -0
data/lib/resources/port.rb +296 -0
data/lib/resources/postgres.rb +37 -0
data/lib/resources/postgres_conf.rb +87 -0
data/lib/resources/postgres_session.rb +59 -0
data/lib/resources/processes.rb +57 -0
data/lib/resources/registry_key.rb +54 -0
data/lib/resources/script.rb +34 -0
data/lib/resources/security_policy.rb +73 -0
data/lib/resources/service.rb +379 -0
data/lib/resources/ssh_conf.rb +75 -0
data/lib/resources/user.rb +374 -0
data/lib/resources/windows_feature.rb +77 -0
data/lib/resources/yaml.rb +23 -0
data/lib/resources/yum.rb +154 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/detect.rb +15 -0
data/lib/utils/find_files.rb +36 -0
data/lib/utils/hash.rb +13 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/parser.rb +61 -0
data/lib/utils/simpleconfig.rb +115 -0
data/tasks/maintainers.rb +213 -0
data/test/docker_run.rb +156 -0
data/test/docker_test.rb +51 -0
data/test/helper.rb +200 -0
data/test/integration/.kitchen.yml +42 -0
data/test/integration/Berksfile +4 -0
data/test/integration/cookbooks/os_prepare/metadata.rb +8 -0
data/test/integration/cookbooks/os_prepare/recipes/apt.rb +20 -0
data/test/integration/cookbooks/os_prepare/recipes/default.rb +9 -0
data/test/integration/cookbooks/os_prepare/recipes/file.rb +21 -0
data/test/integration/cookbooks/os_prepare/recipes/package.rb +26 -0
data/test/integration/default/_debug_spec.rb +1 -0
data/test/integration/default/apt_spec.rb +42 -0
data/test/integration/default/file_spec.rb +109 -0
data/test/integration/default/group_spec.rb +32 -0
data/test/integration/default/kernel_module_spec.rb +17 -0
data/test/integration/default/kernel_parameter_spec.rb +56 -0
data/test/integration/default/package_spec.rb +11 -0
data/test/integration/default/service_spec.rb +28 -0
data/test/integration/default/user_spec.rb +44 -0
data/test/resource/command_test.rb +33 -0
data/test/resource/dsl_test.rb +45 -0
data/test/resource/file_test.rb +130 -0
data/test/resource/ssh_config.rb +9 -0
data/test/resource/sshd_config.rb +9 -0
data/test/test-extra.yaml +11 -0
data/test/test.yaml +11 -0
data/test/unit/mock/cmd/Get-NetAdapter +24 -0
data/test/unit/mock/cmd/GetUserAccount +33 -0
data/test/unit/mock/cmd/GetWin32Group +23 -0
data/test/unit/mock/cmd/PATH +1 -0
data/test/unit/mock/cmd/Resolve-DnsName +26 -0
data/test/unit/mock/cmd/Test-NetConnection +4 -0
data/test/unit/mock/cmd/auditctl +7 -0
data/test/unit/mock/cmd/auditpol +2 -0
data/test/unit/mock/cmd/brew-info-jq +1 -0
data/test/unit/mock/cmd/chage-l-root +7 -0
data/test/unit/mock/cmd/dpkg-s-curl +21 -0
data/test/unit/mock/cmd/dscl +5 -0
data/test/unit/mock/cmd/etc-apt +7 -0
data/test/unit/mock/cmd/find-etc-rc-d-name-S +12 -0
data/test/unit/mock/cmd/find-net-interface +9 -0
data/test/unit/mock/cmd/gem-list-local-a-q-rubocop +1 -0
data/test/unit/mock/cmd/get-net-tcpconnection +24 -0
data/test/unit/mock/cmd/get-netadapter-binding-bridge +4 -0
data/test/unit/mock/cmd/get-package-firefox +30 -0
data/test/unit/mock/cmd/get-package-ruby +18 -0
data/test/unit/mock/cmd/get-service-dhcp +10 -0
data/test/unit/mock/cmd/get-windows-feature +7 -0
data/test/unit/mock/cmd/getent-hosts-example.com +1 -0
data/test/unit/mock/cmd/getent-passwd-root +1 -0
data/test/unit/mock/cmd/id-chartmann +1 -0
data/test/unit/mock/cmd/id-root +1 -0
data/test/unit/mock/cmd/initctl-show-config-ssh +3 -0
data/test/unit/mock/cmd/initctl-status-ssh +1 -0
data/test/unit/mock/cmd/iptables-s +6 -0
data/test/unit/mock/cmd/launchctl-list +3 -0
data/test/unit/mock/cmd/ls-1-etc-init.d +2 -0
data/test/unit/mock/cmd/ls-sys-class-net-br +2 -0
data/test/unit/mock/cmd/lsmod +2 -0
data/test/unit/mock/cmd/lsof-np-itcp +4 -0
data/test/unit/mock/cmd/netstat-tulpen +5 -0
data/test/unit/mock/cmd/npm-ls-g--json-bower +9 -0
data/test/unit/mock/cmd/pacman-qi-curl +21 -0
data/test/unit/mock/cmd/ping-example.com +6 -0
data/test/unit/mock/cmd/pip-show-jinja2 +11 -0
data/test/unit/mock/cmd/ps-aux +3 -0
data/test/unit/mock/cmd/pw-usershow-root-7 +1 -0
data/test/unit/mock/cmd/reg_schedule +1 -0
data/test/unit/mock/cmd/rpm-qia-curl +24 -0
data/test/unit/mock/cmd/sbin_sysctl +1 -0
data/test/unit/mock/cmd/secedit-export +7 -0
data/test/unit/mock/cmd/service-e +2 -0
data/test/unit/mock/cmd/service-sendmail-onestatus +3 -0
data/test/unit/mock/cmd/service-sshd-status +1 -0
data/test/unit/mock/cmd/sockstat +5 -0
data/test/unit/mock/cmd/success +0 -0
data/test/unit/mock/cmd/systemctl-show-all-sshd +6 -0
data/test/unit/mock/cmd/win32_product +8 -0
data/test/unit/mock/cmd/yum-repolist-all +52 -0
data/test/unit/mock/files/auditd.conf +4 -0
data/test/unit/mock/files/bond0 +37 -0
data/test/unit/mock/files/etcgroup +3 -0
data/test/unit/mock/files/example.csv +6 -0
data/test/unit/mock/files/inetd.conf +2 -0
data/test/unit/mock/files/kitchen.yml +7 -0
data/test/unit/mock/files/limits.conf +5 -0
data/test/unit/mock/files/login.defs +5 -0
data/test/unit/mock/files/mysql.conf +8 -0
data/test/unit/mock/files/mysql2.conf +2 -0
data/test/unit/mock/files/ntp.conf +5 -0
data/test/unit/mock/files/passwd +2 -0
data/test/unit/mock/files/policyfile.lock.json +12 -0
data/test/unit/mock/files/ssh_config +5 -0
data/test/unit/mock/files/sshd_config +7 -0
data/test/unit/mock/profiles/empty/metadata.rb +0 -0
data/test/unit/mock/profiles/metadata/metadata.rb +1 -0
data/test/unit/profile_context_test.rb +140 -0
data/test/unit/profile_test.rb +49 -0
data/test/unit/resources/apt_test.rb +46 -0
data/test/unit/resources/audit_policy_test.rb +13 -0
data/test/unit/resources/auditd_conf_test.rb +15 -0
data/test/unit/resources/auditd_rules_test.rb +21 -0
data/test/unit/resources/bond_test.rb +24 -0
data/test/unit/resources/bridge_test.rb +56 -0
data/test/unit/resources/csv_test.rb +35 -0
data/test/unit/resources/etc_group_test.rb +37 -0
data/test/unit/resources/gem_test.rb +20 -0
data/test/unit/resources/group_test.rb +96 -0
data/test/unit/resources/host_test.rb +38 -0
data/test/unit/resources/inetd_conf_test.rb +15 -0
data/test/unit/resources/interface_test.rb +54 -0
data/test/unit/resources/iptables_test.rb +30 -0
data/test/unit/resources/json_test.rb +36 -0
data/test/unit/resources/kernel_module_test.rb +23 -0
data/test/unit/resources/kernel_parameter_test.rb +13 -0
data/test/unit/resources/limits_conf_test.rb +14 -0
data/test/unit/resources/login_def_test.rb +16 -0
data/test/unit/resources/mysql_conf_test.rb +14 -0
data/test/unit/resources/npm_test.rb +20 -0
data/test/unit/resources/ntp_conf_test.rb +16 -0
data/test/unit/resources/oneget_test.rb +45 -0
data/test/unit/resources/os_env_test.rb +13 -0
data/test/unit/resources/package_test.rb +51 -0
data/test/unit/resources/passwd_test.rb +24 -0
data/test/unit/resources/pip_test.rb +15 -0
data/test/unit/resources/port_test.rb +46 -0
data/test/unit/resources/processes_test.rb +32 -0
data/test/unit/resources/registry_key_test.rb +19 -0
data/test/unit/resources/script_test.rb +19 -0
data/test/unit/resources/security_policy_test.rb +16 -0
data/test/unit/resources/service_test.rb +116 -0
data/test/unit/resources/ssh_conf_test.rb +33 -0
data/test/unit/resources/user_test.rb +93 -0
data/test/unit/resources/windows_feature.rb +17 -0
data/test/unit/resources/yaml_test.rb +34 -0
data/test/unit/resources/yum_test.rb +68 -0
data/test/unit/simpleconfig_test.rb +80 -0
data/test/unit/utils/content_parser_test.rb +30 -0
metadata +555 -0

data/lib/resources/ssh_conf.rb ADDED Viewed

@@ -0,0 +1,75 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Dominik Richter
+# author: Christoph Hartmann
+# license: All rights reserved
+require 'utils/simpleconfig'
+class SshConf < Inspec.resource(1)
+  name 'ssh_config'
+  def initialize(conf_path = nil, type = nil)
+    @conf_path = conf_path || '/etc/ssh/ssh_config'
+    typename = (@conf_path.include?('sshd') ? 'Server' : 'Client')
+    @type = type || "SSH #{typename} configuration #{conf_path}"
+  end
+  def content
+    read_content
+  end
+  def params(*opts)
+    opts.inject(read_params) do |res, nxt|
+      res.respond_to?(:key) ? res[nxt] : nil
+    end
+  end
+  def method_missing(name)
+    param = read_params[name.to_s]
+    return nil if param.nil?
+    # extract first value if we have only one value in array
+    return param[0] if param.length == 1
+    param
+  end
+  def to_s
+    'SSH Configuration'
+  end
+  private
+  def read_content
+    return @content if defined?(@content)
+    file = inspec.file(@conf_path)
+    if !file.file?
+      return skip_resource "Can't find file \"#{@conf_path}\""
+    end
+    @content = file.content
+    if @content.empty? && file.size > 0
+      return skip_resource "Can't read file \"#{@conf_path}\""
+    end
+    @content
+  end
+  def read_params
+    return @params if defined?(@params)
+    return @params = {} if read_content.nil?
+    conf = SimpleConfig.new(
+      read_content,
+      assignment_re: /^\s*(\S+?)\s+(.*?)\s*$/,
+      multiple_values: true,
+    )
+    @params = conf.params
+  end
+end
+class SshdConf < SshConf
+  name 'sshd_config'
+  def initialize(path = nil)
+    super(path || '/etc/ssh/sshd_config')
+  end
+end

data/lib/resources/user.rb ADDED Viewed

@@ -0,0 +1,374 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# Usage:
+#
+# describe user('root') do
+#   it { should exist }
+#   its(:uid) { should eq 0 }
+#   its(:gid) { should eq 0 }
+#   its(:group) { should eq 'root' }
+#   its(:groups) { should eq ['root', 'wheel']}
+#   its(:home) { should eq '/root' }
+#   its(:shell) { should eq '/bin/bash' }
+#   its(:mindays) { should eq 0 }
+#   its(:maxdays) { should eq 99 }
+#   its(:warndays) { should eq 5 }
+# end
+#
+# The following  Serverspec  matchers are deprecated in favor for direct value access
+#
+# describe user('root') do
+#   it { should belong_to_group 'root' }
+#   it { should have_uid 0 }
+#   it { should have_home_directory '/root' }
+#   it { should have_login_shell '/bin/bash' }
+#   its(:minimum_days_between_password_change) { should eq 0 }
+#   its(:maximum_days_between_password_change) { should eq 99 }
+# end
+# ServerSpec tests that are not supported:
+#
+# describe user('root') do
+#   it { should have_authorized_key 'ssh-rsa ADg54...3434 user@example.local' }
+#   its(:encrypted_password) { should eq 1234 }
+# end
+require 'utils/parser'
+require 'utils/convert'
+class User < Inspec.resource(1)
+  name 'user'
+  def initialize(user)
+    @user = user
+    # select package manager
+    @user_provider = nil
+    case inspec.os[:family]
+    when 'ubuntu', 'debian', 'redhat', 'fedora', 'centos', 'arch', 'opensuse'
+      @user_provider = LinuxUser.new(inspec)
+    when 'windows'
+      @user_provider = WindowsUser.new(inspec)
+    when 'darwin'
+      @user_provider = DarwinUser.new(inspec)
+    when 'freebsd'
+      @user_provider = FreeBSDUser.new(inspec)
+    else
+      return skip_resource 'The `user` resource is not supported on your OS yet.'
+    end
+  end
+  def exists?
+    !identiy.nil? && !identiy[:user].nil?
+  end
+  def uid
+    identiy.nil? ? nil : identiy[:uid]
+  end
+  def gid
+    identiy.nil? ? nil : identiy[:gid]
+  end
+  def group
+    identiy.nil? ? nil : identiy[:group]
+  end
+  def groups
+    identiy.nil? ? nil : identiy[:groups]
+  end
+  def home
+    meta_info.nil? ? nil : meta_info[:home]
+  end
+  def shell
+    meta_info.nil? ? nil : meta_info[:shell]
+  end
+  # returns the minimum days between password changes
+  def mindays
+    credentials.nil? ? nil : credentials[:mindays]
+  end
+  # returns the maximum days between password changes
+  def maxdays
+    credentials.nil? ? nil : credentials[:maxdays]
+  end
+  # returns the days for password change warning
+  def warndays
+    credentials.nil? ? nil : credentials[:warndays]
+  end
+  # implement 'mindays' method to be compatible with serverspec
+  def minimum_days_between_password_change
+    deprecated('minimum_days_between_password_change', "Please use 'its(:mindays)'")
+    mindays
+  end
+  # implement 'maxdays' method to be compatible with serverspec
+  def maximum_days_between_password_change
+    deprecated('maximum_days_between_password_change', "Please use 'its(:maxdays)'")
+    maxdays
+  end
+  # implements rspec has matcher, to be compatible with serverspec
+  # @see: https://github.com/rspec/rspec-expectations/blob/master/lib/rspec/matchers/built_in/has.rb
+  def has_uid?(compare_uid)
+    deprecated('has_uid?')
+    uid == compare_uid
+  end
+  def has_home_directory?(compare_home)
+    deprecated('has_home_directory?', "Please use 'its(:home)'")
+    home == compare_home
+  end
+  def has_login_shell?(compare_shell)
+    deprecated('has_login_shell?', "Please use 'its(:shell)'")
+    shell == compare_shell
+  end
+  def has_authorized_key?(_compare_key)
+    deprecated('has_authorized_key?')
+    fail NotImplementedError
+  end
+  def deprecated(name, alternative = nil)
+    warn "[DEPRECATION] #{name} is deprecated. #{alternative}"
+  end
+  def to_s
+    "User #{@user}"
+  end
+  private
+  def identiy
+    return @id_cache if defined?(@id_cache)
+    @id_cache = @user_provider.identity(@user) if !@user_provider.nil?
+  end
+  def meta_info
+    return @meta_cache if defined?(@meta_cache)
+    @meta_cache = @user_provider.meta_info(@user) if !@user_provider.nil?
+  end
+  def credentials
+    return @cred_cache if defined?(@cred_cache)
+    @cred_cache = @user_provider.credentials(@user) if !@user_provider.nil?
+  end
+end
+class UserInfo
+  include Converter
+  attr_reader :inspec
+  def initialize(inspec)
+    @inspec = inspec
+  end
+  def credentials(_username)
+  end
+end
+# implements generic unix id handling
+class UnixUser < UserInfo
+  # parse one id entry like '0(wheel)''
+  def parse_value(line)
+    SimpleConfig.new(
+      line,
+      line_separator: ',',
+      assignment_re: /^\s*([^\(]*?)\s*\(\s*(.*?)\)*$/,
+      group_re: nil,
+      multiple_values: false,
+    ).params
+  end
+  # extracts the identity
+  def identity(username)
+    cmd = inspec.command("id #{username}")
+    return nil if cmd.exit_status != 0
+    # parse words
+    params = SimpleConfig.new(
+      cmd.stdout.chomp,
+      line_separator: ' ',
+      assignment_re: /^\s*([^=]*?)\s*=\s*(.*?)\s*$/,
+      group_re: nil,
+      multiple_values: false,
+    ).params
+    {
+      uid: convert_to_i(parse_value(params['uid']).keys[0]),
+      user: parse_value(params['uid']).values[0],
+      gid: convert_to_i(parse_value(params['gid']).keys[0]),
+      group: parse_value(params['gid']).values[0],
+      groups: parse_value(params['groups']).values,
+    }
+  end
+end
+class LinuxUser < UnixUser
+  include ContentParser
+  def meta_info(username)
+    cmd = inspec.command("getent passwd #{username}")
+    return nil if cmd.exit_status != 0
+    # returns: root:x:0:0:root:/root:/bin/bash
+    passwd = parse_passwd_line(cmd.stdout.chomp)
+    {
+      home: passwd['home'],
+      shell: passwd['shell'],
+    }
+  end
+  def credentials(username)
+    cmd = inspec.command("chage -l #{username}")
+    return nil if cmd.exit_status != 0
+    params = SimpleConfig.new(
+      cmd.stdout.chomp,
+      assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+      group_re: nil,
+      multiple_values: false,
+    ).params
+    {
+      mindays: convert_to_i(params['Minimum number of days between password change']),
+      maxdays: convert_to_i(params['Maximum number of days between password change']),
+      warndays: convert_to_i(params['Number of days of warning before password expires']),
+    }
+  end
+end
+# we do not use 'finger' for MacOS, because it is harder to parse data with it
+# @see https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/fingerd.8.html
+# instead we use 'dscl' to request user data
+# @see https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/dscl.1.html
+# @see http://superuser.com/questions/592921/mac-osx-users-vs-dscl-command-to-list-user
+class DarwinUser < UnixUser
+  def meta_info(username)
+    cmd = inspec.command("dscl -q . -read /Users/#{username} NFSHomeDirectory PrimaryGroupID RecordName UniqueID UserShell")
+    return nil if cmd.exit_status != 0
+    params = SimpleConfig.new(
+      cmd.stdout.chomp,
+      assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+      group_re: nil,
+      multiple_values: false,
+    ).params
+    {
+      home: params['NFSHomeDirectory'],
+      shell: params['UserShell'],
+    }
+  end
+end
+# FreeBSD recommends to use the 'pw' command for user management
+# @see: https://www.freebsd.org/doc/handbook/users-synopsis.html
+# @see: https://www.freebsd.org/cgi/man.cgi?pw(8)
+# It offers the following commands:
+# - adduser(8)	The recommended command-line application for adding new users.
+# - rmuser(8)	The recommended command-line application for removing users.
+# - chpass(1)	A flexible tool for changing user database information.
+# - passwd(1)	The command-line tool to change user passwords.
+class FreeBSDUser < UnixUser
+  include ContentParser
+  def meta_info(username)
+    cmd = inspec.command("pw usershow #{username} -7")
+    return nil if cmd.exit_status != 0
+    # returns: root:*:0:0:Charlie &:/root:/bin/csh
+    passwd = parse_passwd_line(cmd.stdout.chomp)
+    {
+      home: passwd['home'],
+      shell: passwd['shell'],
+    }
+  end
+end
+# For now, we stick with WMI Win32_UserAccount
+# @see https://msdn.microsoft.com/en-us/library/aa394507(v=vs.85).aspx
+# @see https://msdn.microsoft.com/en-us/library/aa394153(v=vs.85).aspx
+#
+# using Get-AdUser would be the best command for domain machines, but it will not be installed
+# on client machines by default
+# @see https://technet.microsoft.com/en-us/library/ee617241.aspx
+# @see https://technet.microsoft.com/en-us/library/hh509016(v=WS.10).aspx
+# @see http://woshub.com/get-aduser-getting-active-directory-users-data-via-powershell/
+# @see http://stackoverflow.com/questions/17548523/the-term-get-aduser-is-not-recognized-as-the-name-of-a-cmdlet
+#
+# Just for reference, we could also use ADSI (Active Directory Service Interfaces)
+# @see https://mcpmag.com/articles/2015/04/15/reporting-on-local-accounts.aspx
+class WindowsUser < UserInfo
+  # parse windows account name
+  def parse_windows_account(username)
+    account = username.split('\\')
+    name = account.pop
+    domain = account.pop if account.size > 0
+    [name, domain]
+  end
+  def identity(username)
+    # extract domain/user information
+    account, domain = parse_windows_account(username)
+    # TODO: escape content
+    if !domain.nil?
+      filter = "Name = '#{account}' and Domain = '#{domain}'"
+    else
+      filter = "Name = '#{account}' and LocalAccount = true"
+    end
+    script = <<-EOH
+      # find user
+      $user = Get-WmiObject Win32_UserAccount -filter "#{filter}"
+      # get related groups
+      $groups = $user.GetRelated('Win32_Group') | Select-Object -Property Caption, Domain, Name, LocalAccount, SID, SIDType, Status
+      # filter user information
+      $user = $user | Select-Object -Property Caption, Description, Domain, Name, LocalAccount, Lockout, PasswordChangeable, PasswordExpires, PasswordRequired, SID, SIDType, Status
+      # build response object
+      New-Object -Type PSObject | `
+      Add-Member -MemberType NoteProperty -Name User -Value ($user) -PassThru | `
+      Add-Member -MemberType NoteProperty -Name Groups -Value ($groups) -PassThru | `
+      ConvertTo-Json
+    EOH
+    cmd = inspec.script(script)
+    # cannot rely on exit code for now, successful command returns exit code 1
+    # return nil if cmd.exit_status != 0, try to parse json
+    begin
+      params = JSON.parse(cmd.stdout)
+    rescue JSON::ParserError => _e
+      return nil
+    end
+    user = params['User']['Caption'] unless params['User'].nil?
+    groups = params['Groups']
+    # if groups is no array, generate one
+    groups = [groups] if !groups.is_a?(Array)
+    groups = groups.map { |grp| grp['Caption'] } unless params['Groups'].nil?
+    {
+      uid: nil,
+      user: user,
+      gid: nil,
+      group: nil,
+      groups: groups,
+    }
+  end
+  # not implemented yet
+  def meta_info(_username)
+    {
+      home: nil,
+      shell: nil,
+    }
+  end
+end

data/lib/resources/windows_feature.rb ADDED Viewed

@@ -0,0 +1,77 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# check for a Windows feature
+# Usage:
+# describe windows_feature('DHCP Server') do
+#   it{ should be_installed }
+# end
+#
+# deprecated serverspec syntax:
+# describe windows_feature('IIS-Webserver') do
+#   it{ should be_installed.by("dism") }
+# end
+#
+# describe windows_feature('Web-Webserver') do
+#   it{ should be_installed.by("powershell") }
+# end
+#
+# This implementation uses the Get-WindowsFeature commandlet:
+# Get-WindowsFeature | Where-Object {$_.Name -eq 'XPS Viewer' -or $_.DisplayName -eq 'XPS Viewe
+# r'} | Select-Object -Property Name,DisplayName,Description,Installed,InstallState | ConvertTo-Json
+# {
+#     "Name":  "XPS-Viewer",
+#     "DisplayName":  "XPS Viewer",
+#     "Description":  "The XPS Viewer is used to read, set permissions for, and digitally sign XPS documents.",
+#     "Installed":  false,
+#     "InstallState":  0
+# }
+class WindowsFeature < Inspec.resource(1)
+  name 'windows_feature'
+  def initialize(feature)
+    @feature = feature
+    @cache = nil
+    # verify that this resource is only supported on Windows
+    return skip_resource 'The `windows_feature` resource is not supported on your OS.' if inspec.os[:family] != 'windows'
+  end
+  # returns true if the package is installed
+  def installed?(_provider = nil, _version = nil)
+    info[:installed] == true
+  end
+  # returns the package description
+  def info
+    return @cache if !@cache.nil?
+    features_cmd = "Get-WindowsFeature | Where-Object {$_.Name -eq '#{@feature}' -or $_.DisplayName -eq '#{@feature}'} | Select-Object -Property Name,DisplayName,Description,Installed,InstallState | ConvertTo-Json"
+    cmd = inspec.command(features_cmd)
+    @cache = {
+      name: @feature,
+      type: 'windows-feature',
+    }
+    # cannot rely on exit code for now, successful command returns exit code 1
+    # return nil if cmd.exit_status != 0
+    # try to parse json
+    begin
+      params = JSON.parse(cmd.stdout)
+    rescue JSON::ParserError => _e
+      return @cache
+    end
+    @cache = {
+      name: params['Name'],
+      description: params['Description'],
+      installed: params['Installed'],
+      type: 'windows-feature',
+    }
+  end
+  def to_s
+    "Windows Feature '#{@feature}'"
+  end
+end