inspec 0.9.0

data/lib/resources/yaml.rb

@@ -0,0 +1,23 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'yaml'
+
+# Parses a yaml document
+# Usage:
+# describe yaml('.kitchen.yaml') do
+#   its('driver.name') { should eq('vagrant') }
+# end
+class YamlConfig < JsonConfig
+  name 'yaml'
+
+  # override file load and parse hash from yaml
+  def parse(content)
+    YAML.load(content)
+  end
+
+  def to_s
+    "YAML #{@path}"
+  end
+end

data/lib/resources/yum.rb

@@ -0,0 +1,154 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'resources/file'
+
+# Usage:
+# describe yum do
+#   its('repos') { should exist }
+# end
+#
+# describe yum do
+#   its('repos') { should include 'base/7/x86_64' }
+#   its('epel') { should exist }
+#   its('epel') { should be_enabled }
+# end
+#
+# Filter for a specific repo by name
+# - use full identifier e.g. 'updates/7/x86_64'
+# - use short identifier e.g. 'updates'
+#
+# describe yum.repo('epel') do
+#   it { should exist }
+#   it { should be_enabled }
+# end
+#
+# deprecated:
+# describe yumrepo('epel') do
+#   it { should exist }
+#   it { should be_enabled }
+# end
+
+class Yum < Inspec.resource(1)
+  name 'yum'
+
+  # returns all repositories
+  # works as following:
+  # search for Repo-id
+  #   parse data in hashmap
+  #   store data in object
+  # until \n
+  def repositories
+    return @cache if defined?(@cache)
+    # parse the repository data from yum
+    # we cannot use -C, because this is not reliable and may lead to errors
+    @command_result = inspec.command('yum -v repolist all')
+    @content = @command_result.stdout
+    @cache = []
+    repo = {}
+    in_repo = false
+    @content.each_line do |line|
+      # detect repo start
+      in_repo = true if line.match(/^\s*Repo-id\s*:\s*(.*)\b/)
+      # detect repo end
+      if line == "\n" && in_repo
+        in_repo = false
+        @cache.push(repo)
+        repo = {}
+      end
+      # parse repo content
+      if in_repo == true
+        val = /^\s*([^:]*?)\s*:\s*(.*?)\s*$/.match(line)
+        repo[repo_key(strip(val[1]))] = strip(val[2])
+      end
+    end
+    @cache
+  end
+
+  def repos
+    repositories.map { |repo| repo['id'] }
+  end
+
+  def repo(repo)
+    YumRepo.new(self, repo)
+  end
+
+  # alias for yum.repo('reponame')
+  def method_missing(name)
+    repo(name.to_s) if !name.nil?
+  end
+
+  def to_s
+    'Yum Repository'
+  end
+
+  private
+
+  # Removes lefthand and righthand whitespace
+  def strip(value)
+    value.lstrip.rstrip if !value.nil?
+  end
+
+  # Optimize the key value
+  def repo_key(key)
+    return key if key.nil?
+    key.gsub('Repo-', '').downcase
+  end
+end
+
+class YumRepo
+  def initialize(yum, reponame)
+    @yum = yum
+    @reponame = reponame
+  end
+
+  # extracts the shortname from a repo id
+  # e.g. extras/7/x86_64 -> extras
+  def shortname(id)
+    val = %r{^\s*([^/]*?)/(.*?)\s*$}.match(id)
+    val.nil? ? nil : val[1]
+  end
+
+  def info
+    return @cache if defined?(@cache)
+    selection = @yum.repositories.select { |e| e['id'] == @reponame || shortname(e['id']) == @reponame }
+    @cache = selection[0] if !selection.nil? && selection.length == 1
+    @cache
+  end
+
+  def exist?
+    !info.nil?
+  end
+
+  def enabled?
+    repo = info
+    return false if repo.nil?
+    info['status'] == 'enabled'
+  end
+end
+
+# for compatability with serverspec
+# this is deprecated syntax and will be removed in future versions
+class YumRepoLegacy < Yum
+  name 'yumrepo'
+
+  def initialize(name)
+    super()
+    @repository = repo(name)
+  end
+
+  def exists?
+    deprecated
+    @repository.exist?
+  end
+
+  def enabled?
+    deprecated
+    @repository.enabled?
+  end
+
+  def deprecated
+    warn '[DEPRECATION] `yumrepo(reponame)` is deprecated.  Please use `yum.repo(reponame)` instead.'
+  end
+end

data/lib/utils/convert.rb

@@ -0,0 +1,12 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+module Converter
+  # convert the value to an integer if we have numbers only
+  # otherwise we return the string
+  def convert_to_i(val)
+    val = val.to_i if val.match(/^\d+$/)
+    val
+  end
+end

data/lib/utils/detect.rb

@@ -0,0 +1,15 @@
+# encoding: utf-8
+# Copyright 2015, Vulcano Security GmbH
+# author: Christoph Hartmann
+# author: Dominik Richter
+# Tiny test file to return OS info of the tested node
+
+# print OS detection infos
+conf = {
+  name:    os[:name],
+  family:  os[:family],
+  release: os[:release],
+  arch:    os[:arch],
+}
+puts JSON.dump(conf)
+exit 0

data/lib/utils/find_files.rb

@@ -0,0 +1,36 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# license: All rights reserved
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+module FindFiles
+  TYPES = {
+    block: 'b',
+    character: 'c',
+    directory: 'd',
+    pipe: 'p',
+    file: 'f',
+    link: 'l',
+    socket: 's',
+    door: 'D',
+  }
+
+  def find_files(path, opts = {})
+    depth = opts[:depth]
+    type = TYPES[opts[:type].to_sym]
+
+    cmd = "find #{path}"
+    cmd += " -maxdepth #{depth.to_i}" if depth.to_i > 0
+    cmd += " -type #{type}" unless type.nil?
+
+    result = inspec.run_command(cmd)
+    exit_status = result.exit_status
+
+    return [nil, exit_status] unless exit_status == 0
+    files = result.stdout.split("\n")
+            .map(&:strip)
+            .find_all { |x| !x.empty? }
+    [files, exit_status]
+  end
+end

data/lib/utils/hash.rb

@@ -0,0 +1,13 @@
+# encoding: utf-8
+# Inspired by: http://stackoverflow.com/a/9381776
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+class ::Hash
+  def deep_merge(second)
+    merger = proc { |_key, v1, v2|
+      v1.is_a?(Hash) && v2.is_a?(Hash) ? v1.merge(v2, &merger) : v2
+    }
+    merge(second, &merger)
+  end
+end

data/lib/utils/modulator.rb

@@ -0,0 +1,12 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+module Modulator
+  def modules
+    @modules ||= {}
+  end
+
+  def add_module(name, handler)
+    modules[name] = handler
+  end
+end

data/lib/utils/parser.rb

@@ -0,0 +1,61 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+module ContentParser
+  # Parse /etc/passwd files.
+  #
+  # @param [String] content the raw content of /etc/passwd
+  # @return [Array] Collection of passwd entries
+  def parse_passwd(content)
+    content.to_s.split("\n").map do |line|
+      parse_passwd_line(line)
+    end
+  end
+
+  # Parse a line of /etc/passwd
+  #
+  # @param [String] line a line of /etc/passwd
+  # @return [Hash] Map of entries in this line
+  def parse_passwd_line(line)
+    x = line.split(':')
+    {
+      'name' => x.at(0),
+      'password' => x.at(1),
+      'uid' => x.at(2),
+      'gid' => x.at(3),
+      'desc' => x.at(4),
+      'home' => x.at(5),
+      'shell' => x.at(6),
+    }
+  end
+
+  # Parse a line with a command. For example: `a = b   # comment`.
+  # Retrieves the actual content.
+  #
+  # @param [String] raw the content lines you want to be parsed
+  # @param [Hash] opts optional configuration
+  # @return [Array] contains the actual line and the position of the line end
+  def parse_comment_line(raw, opts)
+    idx_nl = raw.index("\n")
+    idx_comment = raw.index(opts[:comment_char])
+    idx_nl = raw.length if idx_nl.nil?
+    idx_comment = idx_nl + 1 if idx_comment.nil?
+    line = ''
+
+    # is a comment inside this line
+    if idx_comment < idx_nl && idx_comment != 0
+      line = raw[0..(idx_comment - 1)]
+      # in case we don't allow comments at the end
+      # of an assignment/statement, ignore it and fall
+      # back to treating this as a regular line
+      if opts[:standalone_comments] && !is_empty_line(line)
+        line = raw[0..(idx_nl - 1)]
+      end
+    # if there is no comment in this line
+    elsif idx_comment > idx_nl && idx_nl != 0
+      line = raw[0..(idx_nl - 1)]
+    end
+    [line, idx_nl]
+  end
+end

data/lib/utils/simpleconfig.rb

@@ -0,0 +1,115 @@
+# encoding: utf-8
+# copyright: 2015, Dominik Richter
+# license: All rights reserved
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'utils/parser'
+
+class SimpleConfig
+  include ContentParser
+
+  attr_reader :params, :groups
+  def initialize(raw_data, opts = {})
+    parse(raw_data, opts)
+  end
+
+  # Parse some data
+  # quotes: quoting characters, which are parsed, so everything inside
+  # it will be part of a string
+  # multiline: allow quoted text to span multiple lines
+  # comment_char: char which identifies comments
+  # standalone_comments: comments must appear alone in a line; if set to true,
+  # no comments can be added to the end of an assignment/statement line
+  def parse(raw_data, opts = nil)
+    @params = {}
+    @groups = []
+    @vals = @params
+    options = default_options.merge(opts || {})
+    return if raw_data.nil?
+
+    # prepare raw data if required
+    if !options[:line_separator].nil?
+      raw_data = raw_data.tr(options[:line_separator], "\n")
+    end
+    rest = raw_data
+    rest = parse_rest(rest, options) while rest.length > 0
+  end
+
+  private
+
+  def parse_values(match, values)
+    start_idx = 2
+    i = 0
+    count = values - 1
+    return match[start_idx] if (values == 1)
+
+    # iterate over expected parameters
+    values = []
+    loop do
+      values.push(match[start_idx + i])
+      i += 1
+      break if i > count
+    end
+    values
+  end
+
+  def parse_params_line(line, opts)
+    # now line contains what we are interested in parsing
+    # check if it is an assignment
+    m = opts[:assignment_re].match(line)
+    return nil if m.nil?
+
+    if opts[:multiple_values]
+      @vals[m[1]] ||= []
+      @vals[m[1]].push(parse_values(m, opts[:key_vals]))
+    else
+      @vals[m[1]] = parse_values(m, opts[:key_vals])
+    end
+  end
+
+  def parse_group_line(line, opts)
+    return nil if opts[:group_re].nil?
+    m = opts[:group_re].match(line)
+    return nil if m.nil?
+    @groups.push(m[1])
+    @vals = @params[m[1]] = {}
+  end
+
+  def parse_implicit_assignment_line(line, opts)
+    return nil if is_empty_line(line)
+    if opts[:multiple_values]
+      @vals[line.strip] ||= []
+    else
+      @vals[line.strip] = ''
+    end
+  end
+
+  def parse_rest(rest, opts)
+    line, idx_nl = parse_comment_line(rest, opts)
+    parse_params_line(line, opts) or
+      parse_group_line(line, opts) or
+      parse_implicit_assignment_line(line, opts)
+
+    # return whatever is left
+    rest[(idx_nl + 1)..-1] || ''
+  end
+
+  def is_empty_line(l)
+    l =~ /^\s*$/
+  end
+
+  def default_options
+    {
+      quotes: '',
+      multiline: false,
+      comment_char: '#',
+      line_separator: nil, # uses this char to seperate lines before parsing
+      assignment_re: /^\s*([^=]*?)\s*=\s*(.*?)\s*$/,
+      group_re: /\[([^\]]+)\]\s*$/,
+      key_vals: 1, # default for key=value, may require for 'key val1 val2 val3'
+      standalone_comments: false,
+      multiple_values: false,
+    }
+  end
+end