inspec 0.9.0

data/test/unit/mock/files/auditd.conf

@@ -0,0 +1,4 @@
+# This file controls the configuration of the audit daemon
+space_left_action = SYSLOG
+action_mail_acct = root
+tcp_listen_queue = 5

data/test/unit/mock/files/bond0

@@ -0,0 +1,37 @@
+Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
+
+Bonding Mode: IEEE 802.3ad Dynamic link aggregation
+Transmit Hash Policy: layer3+4 (1)
+MII Status: up
+MII Polling Interval (ms): 100
+Up Delay (ms): 0
+Down Delay (ms): 0
+
+802.3ad info
+LACP rate: fast
+Min links: 0
+Aggregator selection policy (ad_select): stable
+Active Aggregator Info:
+	Aggregator ID: 1
+	Number of ports: 1
+	Actor Key: 9
+	Partner Key: 29
+	Partner Mac Address: 0d:4b:d1:26:32:0e
+
+Slave Interface: eth0
+MII Status: up
+Speed: 100 Mbps
+Duplex: full
+Link Failure Count: 0
+Permanent HW addr: 2e:b7:8d:61:2c:51
+Aggregator ID: 1
+Slave queue ID: 0
+
+Slave Interface: eth2
+MII Status: down
+Speed: Unknown
+Duplex: Unknown
+Link Failure Count: 0
+Permanent HW addr: 5a:57:54:66:38:64
+Aggregator ID: 2
+Slave queue ID: 0

data/test/unit/mock/files/etcgroup

@@ -0,0 +1,3 @@
+# comment
+root:x:0:
+www-data:x:33:www-data,root

data/test/unit/mock/files/example.csv

@@ -0,0 +1,6 @@
+addressable,2.3.6,Apache 2.0,URI Implementation,"Addressable is a replacement for the URI implementation that is part of
+Ruby's standard library. It more closely conforms to the relevant RFCs and
+adds support for IRIs and URI templates."
+ast,2.0.0,MIT,A library for working with Abstract Syntax Trees.,A library for working with Abstract Syntax Trees.
+astrolabe,1.3.0,MIT,An object-oriented AST extension for Parser,An object-oriented AST extension for Parser
+berkshelf,3.2.3,Apache 2.0,"Manages a Cookbook's, or an Application's, Cookbook dependencies","Manages a Cookbook's, or an Application's, Cookbook dependencies"

data/test/unit/mock/files/inetd.conf

@@ -0,0 +1,2 @@
+ftp     stream  tcp     nowait  root    /usr/sbin/in.ftpd       in.ftpd
+#:BSD: Shell, login, exec and talk are BSD protocols.

data/test/unit/mock/files/kitchen.yml

@@ -0,0 +1,7 @@
+name: vagrant
+driver:
+  customize:
+    memory: 1024
+platforms:
+  - linux
+  - mac

data/test/unit/mock/files/limits.conf

@@ -0,0 +1,5 @@
+# /etc/security/limits.conf
+*               soft    core            0
+#root            hard    core            100000
+*               hard    rss             10000
+ftp             hard    nproc           0

data/test/unit/mock/files/login.defs

@@ -0,0 +1,5 @@
+#	UMASK		Default "umask" value.
+UMASK		022
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+#USERDEL_CMD	/usr/sbin/userdel_local

data/test/unit/mock/files/mysql.conf

@@ -0,0 +1,8 @@
+# a comment...
+[client]
+port		= 3306
+
+[mysqld]
+user		= mysql
+
+!include mysql2.conf

data/test/unit/mock/files/mysql2.conf

@@ -0,0 +1,2 @@
+[mysqld]
+key_buffer_size=16M

data/test/unit/mock/files/ntp.conf

@@ -0,0 +1,5 @@
+# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+driftfile /var/lib/ntp/ntp.drift
+server 0.ubuntu.pool.ntp.org
+server 1.ubuntu.pool.ntp.org
+server 2.ubuntu.pool.ntp.org

data/test/unit/mock/files/passwd

@@ -0,0 +1,2 @@
+root:x:0:0:root:/root:/bin/bash
+www-data:x:33:33:www-data:/var/www:/bin/sh

data/test/unit/mock/files/policyfile.lock.json

@@ -0,0 +1,12 @@
+{
+  "name": "demo",
+  "run_list": [
+    "a",
+    "b"
+  ],
+  "x": {
+    "y": {
+      "z": 123
+    }
+  }
+}

data/test/unit/mock/files/ssh_config

@@ -0,0 +1,5 @@
+# Comment
+Host *
+#   Tunnel no
+    SendEnv LANG LC_*
+    HashKnownHosts yes

data/test/unit/mock/files/sshd_config

@@ -0,0 +1,7 @@
+# Comment
+Port 22
+UsePAM yes
+# ListenAddress 1.2.3.4
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key

data/test/unit/mock/profiles/metadata/metadata.rb

@@ -0,0 +1 @@
+name 'metadata profile'

data/test/unit/profile_context_test.rb

@@ -0,0 +1,140 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'helper'
+require 'inspec/profile_context'
+
+describe Inspec::ProfileContext do
+  let(:backend) { MockLoader.new.backend }
+  let(:profile) { Inspec::ProfileContext.new(nil, backend) }
+
+  it 'must be able to load empty content' do
+    profile.load('', 'dummy', 1).must_be_nil
+  end
+
+  describe 'its default DSL' do
+    def load(call)
+      proc { profile.load(call) }
+    end
+
+    it 'must provide os resource' do
+      load('print os[:family]').must_output 'ubuntu'
+    end
+
+    it 'must profide file resource' do
+      load('print file("").type').must_output 'unknown'
+    end
+
+    it 'must profide command resource' do
+      load('print command("").stdout').must_output ''
+    end
+
+    it 'provides the describe keyword in the global DSL' do
+      load('describe true do; it { should_eq true }; end')
+        .must_output ''
+      profile.rules.keys.must_equal ['unknown:1']
+      profile.rules.values[0].must_be_kind_of Inspec::Rule
+    end
+
+    it 'does not provide the expect keyword in the global DLS' do
+      load('expect(true).to_eq true').must_raise NoMethodError
+    end
+
+    it 'provides the rule keyword in the global DSL' do
+      profile.load('rule 1')
+      profile.rules.keys.must_equal [1]
+      profile.rules.values[0].must_be_kind_of Inspec::Rule
+    end
+  end
+
+  describe 'rule DSL' do
+    let(:rule_id) { rand.to_s }
+
+    it 'doesnt add any checks if none are provided' do
+      profile.load("rule #{rule_id.inspect}")
+      rule = profile.rules[rule_id]
+      rule.instance_variable_get(:@checks).must_equal([])
+    end
+
+    describe 'adds a check via describe' do
+      let(:cmd) {<<-EOF
+        rule #{rule_id.inspect} do
+          describe os[:family] { it { must_equal 'ubuntu' } }
+        end
+      EOF
+      }
+      let(:check) {
+        profile.load(cmd)
+        rule = profile.rules[rule_id]
+        rule.instance_variable_get(:@checks)[0]
+      }
+
+      it 'registers the check with describe' do
+        check[0].must_equal 'describe'
+      end
+
+      it 'registers the check with the describe argument' do
+        check[1].must_equal %w{ubuntu}
+      end
+
+      it 'registers the check with the provided proc' do
+        check[2].must_be_kind_of Proc
+      end
+    end
+
+    describe 'adds a check via expect' do
+      let(:cmd) {<<-EOF
+        rule #{rule_id.inspect} do
+          expect(os[:family]).to eq('ubuntu')
+        end
+      EOF
+      }
+      let(:check) {
+        profile.load(cmd)
+        rule = profile.rules[rule_id]
+        rule.instance_variable_get(:@checks)[0]
+      }
+
+      it 'registers the check with describe' do
+        check[0].must_equal 'expect'
+      end
+
+      it 'registers the check with the describe argument' do
+        check[1].must_equal %w{ubuntu}
+      end
+
+      it 'registers the check with the provided proc' do
+        check[2].must_be_kind_of Inspec::ExpectationTarget
+      end
+    end
+
+    describe 'adds a check via describe + expect' do
+      let(:cmd) {<<-EOF
+        rule #{rule_id.inspect} do
+          describe 'the actual test' do
+            expect(os[:family]).to eq('ubuntu')
+          end
+        end
+      EOF
+      }
+      let(:check) {
+        profile.load(cmd)
+        rule = profile.rules[rule_id]
+        rule.instance_variable_get(:@checks)[0]
+      }
+
+      it 'registers the check with describe' do
+        check[0].must_equal 'describe'
+      end
+
+      it 'registers the check with the describe argument' do
+        check[1].must_equal ['the actual test']
+      end
+
+      it 'registers the check with the provided proc' do
+        check[2].must_be_kind_of Proc
+      end
+    end
+  end
+end

data/test/unit/profile_test.rb

@@ -0,0 +1,49 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'helper'
+
+def load_profile(name)
+  pwd = File.dirname(__FILE__)
+  Inspec::Profile.from_path("#{pwd}/mock/profiles/#{name}")
+end
+
+describe Inspec::Profile do
+  before {
+    # mock up the profile runner
+    # TODO: try to take the real profile runner here;
+    # currently it's stopped at test runner conflicts
+    class Inspec::Profile::Runner
+      def initialize(opts) end
+      def add_tests(tests) end
+      def rules
+        {}
+      end
+    end
+  }
+
+  describe 'with empty profile' do
+    let(:profile) { load_profile('empty') }
+
+    it 'has no metadata' do
+      profile.params[:name].must_be_nil
+    end
+
+    it 'has no rules' do
+      profile.params[:rules].must_equal({})
+    end
+  end
+
+  describe 'with normal metadata in profile' do
+    let(:profile) { load_profile('metadata') }
+
+    it 'has metadata' do
+      profile.params[:name].must_equal 'metadata profile'
+    end
+
+    it 'has no rules' do
+      profile.params[:rules].must_equal({})
+    end
+  end
+end

data/test/unit/resources/apt_test.rb

@@ -0,0 +1,46 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'helper'
+require 'inspec/resource'
+
+describe 'Inspec::Resources::AptRepo' do
+
+  it 'check apt on ubuntu' do
+    resource = MockLoader.new(:ubuntu1504).load_resource('apt', 'http://archive.ubuntu.com/ubuntu/')
+    _(resource.exists?).must_equal true
+    _(resource.enabled?).must_equal true
+  end
+
+  it 'check apt on ubuntu with ppa' do
+    resource = MockLoader.new(:ubuntu1504).load_resource('apt', 'ubuntu-wine/ppa')
+    _(resource.exists?).must_equal true
+    _(resource.enabled?).must_equal true
+  end
+
+  it 'check apt on ubuntu with ppa' do
+    resource = MockLoader.new(:ubuntu1504).load_resource('apt', 'ppa:ubuntu-wine/ppa')
+    _(resource.exists?).must_equal true
+    _(resource.enabled?).must_equal true
+  end
+
+  it 'check apt on debian' do
+    resource = MockLoader.new(:ubuntu1504).load_resource('apt', 'http://archive.ubuntu.com/ubuntu/')
+    _(resource.exists?).must_equal true
+    _(resource.enabled?).must_equal true
+  end
+
+  it 'check apt on unknown os' do
+    resource = MockLoader.new(:undefined).load_resource('apt', 'ubuntu-wine/ppa')
+    _(resource.exists?).must_equal false
+    _(resource.enabled?).must_equal false
+  end
+
+  # check ppa resource
+  it 'check apt on ubuntu' do
+    resource = MockLoader.new(:ubuntu1504).load_resource('ppa', 'ubuntu-wine/ppa')
+    _(resource.exists?).must_equal true
+    _(resource.enabled?).must_equal true
+  end
+end

data/test/unit/resources/audit_policy_test.rb

@@ -0,0 +1,13 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'helper'
+require 'inspec/resource'
+
+describe 'Inspec::Resources::AuditPolicy' do
+  it 'check audit policy parsing' do
+    resource = MockLoader.new(:windows).load_resource('audit_policy')
+    _(resource.send('User Account Management')).must_equal 'Success'
+  end
+end

data/test/unit/resources/auditd_conf_test.rb

@@ -0,0 +1,15 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'helper'
+require 'inspec/resource'
+
+describe 'Inspec::Resources::AuditDaemonConf' do
+  it 'check audit daemon config parsing' do
+    resource = MockLoader.new(:windows).load_resource('auditd_conf')
+    _(resource.space_left_action).must_equal 'SYSLOG'
+    _(resource.action_mail_acct).must_equal 'root'
+    _(resource.tcp_listen_queue).must_equal '5'
+  end
+end

data/test/unit/resources/auditd_rules_test.rb

@@ -0,0 +1,21 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'helper'
+require 'inspec/resource'
+
+describe 'Inspec::Resources::AuditDaemonRules' do
+  it 'check audit policy parsing' do
+    resource = MockLoader.new(:windows).load_resource('auditd_rules')
+    _(resource.send('LIST_RULES')).must_equal [
+      'exit,always syscall=rmdir,unlink',
+      'exit,always auid=1001 (0x3e9) syscall=open',
+      'exit,always watch=/etc/group perm=wa',
+      'exit,always watch=/etc/passwd perm=wa',
+      'exit,always watch=/etc/shadow perm=wa',
+      'exit,always watch=/etc/sudoers perm=wa',
+      'exit,always watch=/etc/secret_directory perm=r',
+    ]
+  end
+end

data/test/unit/resources/bond_test.rb

@@ -0,0 +1,24 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'helper'
+require 'inspec/resource'
+
+describe 'Inspec::Resources::Bond' do
+
+  it 'check linux bond on ubuntu' do
+    resource = MockLoader.new(:ubuntu1404).load_resource('bond', 'bond0')
+    # bond must be available
+    resource.exist?.must_equal true
+    # eth0 is part of bond
+    _(resource.has_interface?('eth0')).must_equal true
+    _(resource.has_interface?('eth1')).must_equal false
+    _(resource.has_interface?('eth2')).must_equal true
+    # get all interfaces
+    _(resource.interfaces).must_equal %w{eth0 eth2}
+    # get proc content
+    _(resource.content).wont_equal nil
+    _(resource.content).wont_equal ''
+  end
+end