inspec 0.9.0

data/test/unit/resources/bridge_test.rb

@@ -0,0 +1,56 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'helper'
+require 'inspec/resource'
+
+describe 'Inspec::Resources::Bridge' do
+
+  it 'check linux bridge on ubuntu' do
+    resource = MockLoader.new(:ubuntu1404).load_resource('bridge', 'br0')
+    _(resource.exists?).must_equal true
+
+    # check network interfaced attached to bridge
+    _(resource.has_interface?('eth0')).must_equal false
+    _(resource.has_interface?('eth1')).must_equal true
+    _(resource.has_interface?('eth2')).must_equal true
+
+    # get associated interfaces
+    _(resource.interfaces).must_equal %w{eth1 eth2}
+  end
+
+  it 'check linux bridge on centos 7' do
+    resource = MockLoader.new(:centos7).load_resource('bridge', 'br0')
+    _(resource.exists?).must_equal true
+
+    # check network interfaced attached to bridge
+    _(resource.has_interface?('eth0')).must_equal false
+    _(resource.has_interface?('eth1')).must_equal true
+    _(resource.has_interface?('eth2')).must_equal true
+
+    # get associated interfaces
+    _(resource.interfaces).must_equal %w{eth1 eth2}
+  end
+
+  it 'check windows bridge' do
+    resource = MockLoader.new(:windows).load_resource('bridge', 'Network Bridge')
+    _(resource.exists?).must_equal true
+
+    # get associated interfaces is not supported on windows
+    _(resource.interfaces).must_equal nil
+  end
+
+  it 'check bridge on unsupported os' do
+    resource = MockLoader.new(:undefined).load_resource('bridge', 'br0')
+    _(resource.exists?).must_equal false
+
+    # check network interfaced attached to bridge
+    _(resource.has_interface?('eth0')).must_equal false
+    _(resource.has_interface?('eth1')).must_equal false
+    _(resource.has_interface?('eth2')).must_equal false
+
+    # get associated interfaces
+    _(resource.interfaces).must_equal nil
+  end
+end

data/test/unit/resources/csv_test.rb

@@ -0,0 +1,35 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'helper'
+require 'inspec/resource'
+
+describe 'Inspec::Resources::CSV' do
+  describe 'when loading a valid csv' do
+    let (:resource) { load_resource('csv', 'example.csv') }
+    let (:params) {
+      {}
+    }
+
+    it 'captures an array of params' do
+      _(resource.params).must_be_kind_of Array
+    end
+
+    it 'gets all value lines' do
+      _(resource.params.length).must_equal 3
+    end
+
+    it 'captures a hashmap of entries of a line' do
+      _(resource.params[0]).must_be_kind_of Hash
+    end
+
+    it 'gets params by header fields' do
+      _(resource.params[0]['addressable']).must_equal 'ast'
+    end
+
+    it 'retrieves nil if a param is missing' do
+      _(resource.params[0]['missing']).must_be_nil
+    end
+  end
+end

data/test/unit/resources/etc_group_test.rb

@@ -0,0 +1,37 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'helper'
+require 'inspec/resource'
+
+describe 'Inspec::Resources::EtcGroup' do
+  let(:resource) { load_resource('etc_group') }
+
+  it 'verify /etc/group config parsing' do
+    _(resource.gids).must_equal [0, 33]
+    _(resource.groups).must_equal %w{ root www-data }
+    _(resource.users).must_equal %w{ www-data root }
+  end
+
+  it 'verify group filter with no users' do
+    root_filter = resource.where(name: 'root')
+    _(root_filter.gids).must_equal [0]
+    _(root_filter.groups).must_equal ['root']
+    _(root_filter.users).must_equal []
+  end
+
+  it 'verify group filter with users' do
+    www_filter = resource.where(name: 'www-data')
+    _(www_filter.gids).must_equal [33]
+    _(www_filter.groups).must_equal ['www-data']
+    _(www_filter.users).must_equal ['www-data', 'root']
+  end
+
+  it 'verify group filter with wrong group' do
+    wrong_filter = resource.where(name: 'wrong_group')
+    _(wrong_filter.gids).must_equal []
+    _(wrong_filter.groups).must_equal []
+    _(wrong_filter.users).must_equal []
+  end
+end

data/test/unit/resources/gem_test.rb

@@ -0,0 +1,20 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'helper'
+require 'inspec/resource'
+
+describe 'Inspec::Resources::Gem' do
+  it 'verify gem package detail parsing' do
+    resource = load_resource('gem', 'rubocop')
+    pkg = {
+      name: 'rubocop',
+      version: '0.33.0',
+      type: 'gem',
+      installed: true,
+    }
+    _(resource.installed?).must_equal true
+    _(resource.info).must_equal pkg
+  end
+end

data/test/unit/resources/group_test.rb

@@ -0,0 +1,96 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'helper'
+require 'inspec/resource'
+
+describe 'Inspec::Resources::Group' do
+
+  # ubuntu 14.04
+  it 'verify group on ubuntu' do
+    resource = MockLoader.new(:ubuntu1404).load_resource('group', 'root')
+    _(resource.exists?).must_equal true
+    _(resource.gid).must_equal 0
+    _(resource.has_gid?(0)).must_equal true
+  end
+
+  it 'verify group on ubuntu with UPPER CASE' do
+    resource = MockLoader.new(:ubuntu1404).load_resource('group', 'ROOT')
+    _(resource.exists?).must_equal true
+    _(resource.gid).must_equal 0
+    _(resource.has_gid?(0)).must_equal true
+  end
+
+  # ubuntu with non-existent group
+  it 'verify group on ubuntu' do
+    resource = MockLoader.new(:ubuntu1404).load_resource('group', 'nogroup')
+    _(resource.exists?).must_equal false
+    _(resource.gid).must_equal nil
+    _(resource.has_gid?(0)).must_equal false
+  end
+
+  # mac
+  it 'verify group on mac' do
+    resource = MockLoader.new(:osx104).load_resource('group', 'root')
+    _(resource.exists?).must_equal true
+    _(resource.gid).must_equal 0
+    _(resource.has_gid?(0)).must_equal true
+  end
+
+  # freebsd
+  it 'verify group on freebsd' do
+    resource = MockLoader.new(:freebsd10).load_resource('group', 'root')
+    _(resource.exists?).must_equal true
+    _(resource.gid).must_equal 0
+    _(resource.has_gid?(0)).must_equal true
+  end
+
+  # windows with local group
+  it 'verify group on windows' do
+    resource = MockLoader.new(:windows).load_resource('group', 'Administrators')
+    _(resource.exists?).must_equal true
+    _(resource.gid).must_equal nil
+    _(resource.has_gid?(0)).must_equal false
+  end
+
+  it 'verify group on windows' do
+    resource = MockLoader.new(:windows).load_resource('group', 'Administrators', 'WIN-K0AKLED332V')
+    _(resource.exists?).must_equal true
+    _(resource.gid).must_equal nil
+    _(resource.has_gid?(0)).must_equal false
+  end
+
+  # windows with domain group
+  it 'verify domain group on windows' do
+    resource = MockLoader.new(:windows).load_resource('group', 'Domain Admins', 'EXAMPLE')
+    _(resource.exists?).must_equal true
+    _(resource.gid).must_equal nil
+    _(resource.has_gid?(0)).must_equal false
+  end
+
+  # windows with domain group
+  it 'verify domain group on windows wiht lower case' do
+    resource = MockLoader.new(:windows).load_resource('group', 'domain admins', 'example')
+    _(resource.exists?).must_equal true
+    _(resource.gid).must_equal nil
+    _(resource.has_gid?(0)).must_equal false
+  end
+
+  # windows non-existent group
+  it 'verify non-existing group on windows' do
+    resource = MockLoader.new(:windows).load_resource('group', 'dhcp')
+    _(resource.exists?).must_equal false
+    _(resource.gid).must_equal nil
+    _(resource.has_gid?(0)).must_equal false
+  end
+
+  # undefined
+  it 'verify package handling on unsupported os' do
+    resource = MockLoader.new(:undefined).load_resource('group', 'root')
+    _(resource.exists?).must_equal false
+    _(resource.gid).must_equal nil
+    _(resource.has_gid?(0)).must_equal false
+  end
+
+end

data/test/unit/resources/host_test.rb

@@ -0,0 +1,38 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'helper'
+require 'inspec/resource'
+
+describe 'Inspec::Resources::Host' do
+
+  it 'check host on ubuntu' do
+    resource = MockLoader.new(:ubuntu1404).load_resource('host', 'example.com')
+    _(resource.resolvable?).must_equal true
+    _(resource.reachable?).must_equal true
+    _(resource.ipaddress).must_equal ['2606:2800:220:1:248:1893:25c8:1946']
+  end
+
+  it 'check host on centos 7' do
+    resource = MockLoader.new(:centos7).load_resource('host', 'example.com')
+    _(resource.resolvable?).must_equal true
+    _(resource.reachable?).must_equal true
+    _(resource.ipaddress).must_equal ['2606:2800:220:1:248:1893:25c8:1946']
+  end
+
+  it 'check host on windows' do
+    resource = MockLoader.new(:windows).load_resource('host', 'microsoft.com')
+    _(resource.resolvable?).must_equal true
+    _(resource.reachable?).must_equal false
+    _(resource.ipaddress).must_equal ['134.170.185.46', '134.170.188.221']
+  end
+
+  it 'check host on unsupported os' do
+    resource = MockLoader.new(:undefined).load_resource('host', 'example.com')
+    _(resource.resolvable?).must_equal false
+    _(resource.reachable?).must_equal false
+    _(resource.ipaddress).must_equal nil
+  end
+
+end

data/test/unit/resources/inetd_conf_test.rb

@@ -0,0 +1,15 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'helper'
+require 'inspec/resource'
+
+describe 'Inspec::Resources::InetdConf' do
+  it 'verify limits.conf config parsing' do
+    resource = load_resource('inetd_conf')
+    _(resource.send('shell')).must_equal nil
+    _(resource.send('login')).must_equal nil
+    _(resource.send('ftp')).must_equal %w{stream tcp nowait root /usr/sbin/in.ftpd in.ftpd}
+  end
+end

data/test/unit/resources/interface_test.rb

@@ -0,0 +1,54 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'helper'
+require 'inspec/resource'
+
+describe 'Inspec::Resources::Interface' do
+
+  # ubuntu 14.04
+  it 'verify interface on ubuntu' do
+    resource = MockLoader.new(:ubuntu1404).load_resource('interface', 'eth0')
+    _(resource.exists?).must_equal true
+    _(resource.up?).must_equal true
+    _(resource.speed).must_equal 10000
+  end
+
+  it 'verify invalid interface on ubuntu' do
+    resource = MockLoader.new(:ubuntu1404).load_resource('interface', 'eth1')
+    _(resource.exists?).must_equal false
+    _(resource.up?).must_equal false
+    _(resource.speed).must_equal nil
+  end
+
+  it 'verify interface on windows' do
+    resource = MockLoader.new(:windows).load_resource('interface', 'ethernet0')
+    _(resource.exists?).must_equal true
+    _(resource.up?).must_equal false
+    _(resource.speed).must_equal 0
+  end
+
+  it 'verify interface on windows' do
+    resource = MockLoader.new(:windows).load_resource('interface', 'vEthernet (Intel(R) PRO 1000 MT Network Connection - Virtual Switch)')
+    _(resource.exists?).must_equal true
+    _(resource.up?).must_equal true
+    _(resource.speed).must_equal 10000000
+  end
+
+  it 'verify invalid interface on windows' do
+    resource = MockLoader.new(:windows).load_resource('interface', 'eth1')
+    _(resource.exists?).must_equal false
+    _(resource.up?).must_equal false
+    _(resource.speed).must_equal nil
+  end
+
+  # undefined
+  it 'verify interface on unsupported os' do
+    resource = MockLoader.new(:undefined).load_resource('interface', 'eth0')
+    _(resource.exists?).must_equal false
+    _(resource.up?).must_equal false
+    _(resource.speed).must_equal nil
+  end
+
+end

data/test/unit/resources/iptables_test.rb

@@ -0,0 +1,30 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'helper'
+require 'inspec/resource'
+
+describe 'Inspec::Resources::Iptables' do
+
+  # ubuntu 14.04
+  it 'verify iptables on ubuntu' do
+    resource = MockLoader.new(:ubuntu1404).load_resource('iptables')
+    _(resource.has_rule?('-P OUTPUT ACCEPT')).must_equal true
+    _(resource.has_rule?('-P OUTPUT DROP')).must_equal false
+  end
+
+  it 'verify iptables on windows' do
+    resource = MockLoader.new(:windows).load_resource('iptables')
+    _(resource.has_rule?('-P OUTPUT ACCEPT')).must_equal false
+    _(resource.has_rule?('-P OUTPUT DROP')).must_equal false
+  end
+
+  # undefined
+  it 'verify iptables on unsupported os' do
+    resource = MockLoader.new(:undefined).load_resource('iptables')
+    _(resource.has_rule?('-P OUTPUT ACCEPT')).must_equal false
+    _(resource.has_rule?('-P OUTPUT DROP')).must_equal false
+  end
+
+end

data/test/unit/resources/json_test.rb

@@ -0,0 +1,36 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'helper'
+require 'inspec/resource'
+
+describe 'Inspec::Resources::JSON' do
+  describe 'when loading a valid json' do
+    let (:resource) { load_resource('json', 'policyfile.lock.json') }
+
+    it 'gets params as a hashmap' do
+      _(resource.params).must_be_kind_of Hash
+    end
+
+    it 'retrieves nil if a param is missing' do
+      _(resource.params['missing']).must_be_nil
+    end
+
+    it 'retrieves params by name' do
+      _(resource.send('name')).must_equal 'demo'
+    end
+
+    it 'retrieves an array by name' do
+      _(resource.send('run_list')).must_equal %w{a b}
+    end
+
+    it 'doesnt resolve dot-notation names' do
+      _(resource.send('x.y.z')).must_be_nil
+    end
+
+    it 'doesnt resolve symbol-notation names' do
+      _(resource.send(:'x.y.z')).must_be_nil
+    end
+  end
+end

data/test/unit/resources/kernel_module_test.rb

@@ -0,0 +1,23 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'helper'
+require 'inspec/resource'
+
+describe 'Inspec::Resources::KernelModule' do
+  it 'verify kernel_module parsing' do
+    resource = load_resource('kernel_module', 'bridge')
+    _(resource.loaded?).must_equal true
+  end
+
+  it 'verify kernel_module parsing' do
+    resource = load_resource('kernel_module', 'bridges')
+    _(resource.loaded?).must_equal false
+  end
+
+  it 'verify kernel_module parsing' do
+    resource = load_resource('kernel_module', 'dhcp')
+    _(resource.loaded?).must_equal false
+  end
+end