RubyGems - inspec - Versions diffs - 0.9.0 - Mend

inspec 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (247) hide show

checksums.yaml +7 -0
data/.gitignore +8 -0
data/.rubocop.yml +65 -0
data/.travis.yml +23 -0
data/CHANGELOG.md +38 -0
data/Gemfile +33 -0
data/LICENSE +201 -0
data/MAINTAINERS.md +28 -0
data/MAINTAINERS.toml +42 -0
data/README.md +257 -0
data/Rakefile +47 -0
data/bin/inspec +109 -0
data/docs/ctl_inspec.rst +195 -0
data/docs/dsl_inspec.rst +182 -0
data/docs/readme.rst +100 -0
data/docs/resources.rst +4319 -0
data/docs/template.rst +51 -0
data/examples/test-kitchen/.kitchen.yml +20 -0
data/examples/test-kitchen/Berksfile +3 -0
data/examples/test-kitchen/Gemfile +21 -0
data/examples/test-kitchen/README.md +27 -0
data/examples/test-kitchen/metadata.rb +7 -0
data/examples/test-kitchen/recipes/default.rb +6 -0
data/examples/test-kitchen/recipes/nginx.rb +30 -0
data/examples/test-kitchen/test/integration/default/web_spec.rb +28 -0
data/inspec.gemspec +30 -0
data/lib/inspec.rb +20 -0
data/lib/inspec/backend.rb +42 -0
data/lib/inspec/dsl.rb +151 -0
data/lib/inspec/log.rb +34 -0
data/lib/inspec/metadata.rb +79 -0
data/lib/inspec/plugins.rb +9 -0
data/lib/inspec/plugins/resource.rb +62 -0
data/lib/inspec/profile.rb +138 -0
data/lib/inspec/profile_context.rb +170 -0
data/lib/inspec/resource.rb +76 -0
data/lib/inspec/rspec_json_formatter.rb +27 -0
data/lib/inspec/rule.rb +170 -0
data/lib/inspec/runner.rb +154 -0
data/lib/inspec/shell.rb +66 -0
data/lib/inspec/targets.rb +9 -0
data/lib/inspec/targets/core.rb +27 -0
data/lib/inspec/targets/dir.rb +67 -0
data/lib/inspec/targets/file.rb +29 -0
data/lib/inspec/targets/folder.rb +43 -0
data/lib/inspec/targets/tar.rb +34 -0
data/lib/inspec/targets/url.rb +39 -0
data/lib/inspec/targets/zip.rb +47 -0
data/lib/inspec/version.rb +7 -0
data/lib/matchers/matchers.rb +221 -0
data/lib/resources/apache.rb +29 -0
data/lib/resources/apache_conf.rb +113 -0
data/lib/resources/apt.rb +140 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd_conf.rb +56 -0
data/lib/resources/auditd_rules.rb +53 -0
data/lib/resources/bond.rb +65 -0
data/lib/resources/bridge.rb +114 -0
data/lib/resources/command.rb +57 -0
data/lib/resources/csv.rb +32 -0
data/lib/resources/directory.rb +15 -0
data/lib/resources/etc_group.rb +150 -0
data/lib/resources/file.rb +110 -0
data/lib/resources/gem.rb +46 -0
data/lib/resources/group.rb +132 -0
data/lib/resources/host.rb +143 -0
data/lib/resources/inetd_conf.rb +56 -0
data/lib/resources/interface.rb +127 -0
data/lib/resources/iptables.rb +65 -0
data/lib/resources/json.rb +64 -0
data/lib/resources/kernel_module.rb +40 -0
data/lib/resources/kernel_parameter.rb +55 -0
data/lib/resources/limits_conf.rb +55 -0
data/lib/resources/login_def.rb +60 -0
data/lib/resources/mysql.rb +81 -0
data/lib/resources/mysql_conf.rb +116 -0
data/lib/resources/mysql_session.rb +52 -0
data/lib/resources/npm.rb +44 -0
data/lib/resources/ntp_conf.rb +58 -0
data/lib/resources/oneget.rb +63 -0
data/lib/resources/os.rb +22 -0
data/lib/resources/os_env.rb +34 -0
data/lib/resources/package.rb +169 -0
data/lib/resources/parse_config.rb +75 -0
data/lib/resources/passwd.rb +93 -0
data/lib/resources/pip.rb +75 -0
data/lib/resources/port.rb +296 -0
data/lib/resources/postgres.rb +37 -0
data/lib/resources/postgres_conf.rb +87 -0
data/lib/resources/postgres_session.rb +59 -0
data/lib/resources/processes.rb +57 -0
data/lib/resources/registry_key.rb +54 -0
data/lib/resources/script.rb +34 -0
data/lib/resources/security_policy.rb +73 -0
data/lib/resources/service.rb +379 -0
data/lib/resources/ssh_conf.rb +75 -0
data/lib/resources/user.rb +374 -0
data/lib/resources/windows_feature.rb +77 -0
data/lib/resources/yaml.rb +23 -0
data/lib/resources/yum.rb +154 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/detect.rb +15 -0
data/lib/utils/find_files.rb +36 -0
data/lib/utils/hash.rb +13 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/parser.rb +61 -0
data/lib/utils/simpleconfig.rb +115 -0
data/tasks/maintainers.rb +213 -0
data/test/docker_run.rb +156 -0
data/test/docker_test.rb +51 -0
data/test/helper.rb +200 -0
data/test/integration/.kitchen.yml +42 -0
data/test/integration/Berksfile +4 -0
data/test/integration/cookbooks/os_prepare/metadata.rb +8 -0
data/test/integration/cookbooks/os_prepare/recipes/apt.rb +20 -0
data/test/integration/cookbooks/os_prepare/recipes/default.rb +9 -0
data/test/integration/cookbooks/os_prepare/recipes/file.rb +21 -0
data/test/integration/cookbooks/os_prepare/recipes/package.rb +26 -0
data/test/integration/default/_debug_spec.rb +1 -0
data/test/integration/default/apt_spec.rb +42 -0
data/test/integration/default/file_spec.rb +109 -0
data/test/integration/default/group_spec.rb +32 -0
data/test/integration/default/kernel_module_spec.rb +17 -0
data/test/integration/default/kernel_parameter_spec.rb +56 -0
data/test/integration/default/package_spec.rb +11 -0
data/test/integration/default/service_spec.rb +28 -0
data/test/integration/default/user_spec.rb +44 -0
data/test/resource/command_test.rb +33 -0
data/test/resource/dsl_test.rb +45 -0
data/test/resource/file_test.rb +130 -0
data/test/resource/ssh_config.rb +9 -0
data/test/resource/sshd_config.rb +9 -0
data/test/test-extra.yaml +11 -0
data/test/test.yaml +11 -0
data/test/unit/mock/cmd/Get-NetAdapter +24 -0
data/test/unit/mock/cmd/GetUserAccount +33 -0
data/test/unit/mock/cmd/GetWin32Group +23 -0
data/test/unit/mock/cmd/PATH +1 -0
data/test/unit/mock/cmd/Resolve-DnsName +26 -0
data/test/unit/mock/cmd/Test-NetConnection +4 -0
data/test/unit/mock/cmd/auditctl +7 -0
data/test/unit/mock/cmd/auditpol +2 -0
data/test/unit/mock/cmd/brew-info-jq +1 -0
data/test/unit/mock/cmd/chage-l-root +7 -0
data/test/unit/mock/cmd/dpkg-s-curl +21 -0
data/test/unit/mock/cmd/dscl +5 -0
data/test/unit/mock/cmd/etc-apt +7 -0
data/test/unit/mock/cmd/find-etc-rc-d-name-S +12 -0
data/test/unit/mock/cmd/find-net-interface +9 -0
data/test/unit/mock/cmd/gem-list-local-a-q-rubocop +1 -0
data/test/unit/mock/cmd/get-net-tcpconnection +24 -0
data/test/unit/mock/cmd/get-netadapter-binding-bridge +4 -0
data/test/unit/mock/cmd/get-package-firefox +30 -0
data/test/unit/mock/cmd/get-package-ruby +18 -0
data/test/unit/mock/cmd/get-service-dhcp +10 -0
data/test/unit/mock/cmd/get-windows-feature +7 -0
data/test/unit/mock/cmd/getent-hosts-example.com +1 -0
data/test/unit/mock/cmd/getent-passwd-root +1 -0
data/test/unit/mock/cmd/id-chartmann +1 -0
data/test/unit/mock/cmd/id-root +1 -0
data/test/unit/mock/cmd/initctl-show-config-ssh +3 -0
data/test/unit/mock/cmd/initctl-status-ssh +1 -0
data/test/unit/mock/cmd/iptables-s +6 -0
data/test/unit/mock/cmd/launchctl-list +3 -0
data/test/unit/mock/cmd/ls-1-etc-init.d +2 -0
data/test/unit/mock/cmd/ls-sys-class-net-br +2 -0
data/test/unit/mock/cmd/lsmod +2 -0
data/test/unit/mock/cmd/lsof-np-itcp +4 -0
data/test/unit/mock/cmd/netstat-tulpen +5 -0
data/test/unit/mock/cmd/npm-ls-g--json-bower +9 -0
data/test/unit/mock/cmd/pacman-qi-curl +21 -0
data/test/unit/mock/cmd/ping-example.com +6 -0
data/test/unit/mock/cmd/pip-show-jinja2 +11 -0
data/test/unit/mock/cmd/ps-aux +3 -0
data/test/unit/mock/cmd/pw-usershow-root-7 +1 -0
data/test/unit/mock/cmd/reg_schedule +1 -0
data/test/unit/mock/cmd/rpm-qia-curl +24 -0
data/test/unit/mock/cmd/sbin_sysctl +1 -0
data/test/unit/mock/cmd/secedit-export +7 -0
data/test/unit/mock/cmd/service-e +2 -0
data/test/unit/mock/cmd/service-sendmail-onestatus +3 -0
data/test/unit/mock/cmd/service-sshd-status +1 -0
data/test/unit/mock/cmd/sockstat +5 -0
data/test/unit/mock/cmd/success +0 -0
data/test/unit/mock/cmd/systemctl-show-all-sshd +6 -0
data/test/unit/mock/cmd/win32_product +8 -0
data/test/unit/mock/cmd/yum-repolist-all +52 -0
data/test/unit/mock/files/auditd.conf +4 -0
data/test/unit/mock/files/bond0 +37 -0
data/test/unit/mock/files/etcgroup +3 -0
data/test/unit/mock/files/example.csv +6 -0
data/test/unit/mock/files/inetd.conf +2 -0
data/test/unit/mock/files/kitchen.yml +7 -0
data/test/unit/mock/files/limits.conf +5 -0
data/test/unit/mock/files/login.defs +5 -0
data/test/unit/mock/files/mysql.conf +8 -0
data/test/unit/mock/files/mysql2.conf +2 -0
data/test/unit/mock/files/ntp.conf +5 -0
data/test/unit/mock/files/passwd +2 -0
data/test/unit/mock/files/policyfile.lock.json +12 -0
data/test/unit/mock/files/ssh_config +5 -0
data/test/unit/mock/files/sshd_config +7 -0
data/test/unit/mock/profiles/empty/metadata.rb +0 -0
data/test/unit/mock/profiles/metadata/metadata.rb +1 -0
data/test/unit/profile_context_test.rb +140 -0
data/test/unit/profile_test.rb +49 -0
data/test/unit/resources/apt_test.rb +46 -0
data/test/unit/resources/audit_policy_test.rb +13 -0
data/test/unit/resources/auditd_conf_test.rb +15 -0
data/test/unit/resources/auditd_rules_test.rb +21 -0
data/test/unit/resources/bond_test.rb +24 -0
data/test/unit/resources/bridge_test.rb +56 -0
data/test/unit/resources/csv_test.rb +35 -0
data/test/unit/resources/etc_group_test.rb +37 -0
data/test/unit/resources/gem_test.rb +20 -0
data/test/unit/resources/group_test.rb +96 -0
data/test/unit/resources/host_test.rb +38 -0
data/test/unit/resources/inetd_conf_test.rb +15 -0
data/test/unit/resources/interface_test.rb +54 -0
data/test/unit/resources/iptables_test.rb +30 -0
data/test/unit/resources/json_test.rb +36 -0
data/test/unit/resources/kernel_module_test.rb +23 -0
data/test/unit/resources/kernel_parameter_test.rb +13 -0
data/test/unit/resources/limits_conf_test.rb +14 -0
data/test/unit/resources/login_def_test.rb +16 -0
data/test/unit/resources/mysql_conf_test.rb +14 -0
data/test/unit/resources/npm_test.rb +20 -0
data/test/unit/resources/ntp_conf_test.rb +16 -0
data/test/unit/resources/oneget_test.rb +45 -0
data/test/unit/resources/os_env_test.rb +13 -0
data/test/unit/resources/package_test.rb +51 -0
data/test/unit/resources/passwd_test.rb +24 -0
data/test/unit/resources/pip_test.rb +15 -0
data/test/unit/resources/port_test.rb +46 -0
data/test/unit/resources/processes_test.rb +32 -0
data/test/unit/resources/registry_key_test.rb +19 -0
data/test/unit/resources/script_test.rb +19 -0
data/test/unit/resources/security_policy_test.rb +16 -0
data/test/unit/resources/service_test.rb +116 -0
data/test/unit/resources/ssh_conf_test.rb +33 -0
data/test/unit/resources/user_test.rb +93 -0
data/test/unit/resources/windows_feature.rb +17 -0
data/test/unit/resources/yaml_test.rb +34 -0
data/test/unit/resources/yum_test.rb +68 -0
data/test/unit/simpleconfig_test.rb +80 -0
data/test/unit/utils/content_parser_test.rb +30 -0
metadata +555 -0

data/lib/inspec/log.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# encoding: utf-8
+# Copyright 2015 Dominik Richter. All rights reserved.
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'rainbow/ext/string'
+module Inspec
+  class Log
+    def initialize(opts = {})
+      @quiet = opts[:quiet] || false
+    end
+    def show(msg)
+      puts msg unless @quiet
+    end
+    def info(msg)
+      show '  .  '.color(:white) + msg
+    end
+    def error(msg)
+      show '  ✖  '.color(:red).bright + msg
+    end
+    def warn(msg)
+      show '  !  '.color(:yellow).bright + msg
+    end
+    def ok(msg)
+      show '  ✔  '.color(:green).bright + msg
+    end
+  end
+end

data/lib/inspec/metadata.rb ADDED Viewed

@@ -0,0 +1,79 @@
+# encoding: utf-8
+# Copyright 2015 Dominik Richter. All rights reserved.
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'logger'
+module Inspec
+  # Extract metadata.rb information
+  class Metadata
+    attr_reader :params
+    def initialize(logger = nil)
+      @logger = logger || Logger.new(nil)
+      @params = {}
+      @missing_methods = []
+    end
+    %w{
+      name
+      title
+      maintainer
+      maintainer_email
+      copyright
+      copyright_email
+      license
+      summary
+      description
+      version
+    }.each do |name|
+      define_method name.to_sym do |arg|
+        params[name.to_sym] = arg
+      end
+    end
+    def supports(sth, version = nil)
+      params[:supports] ||= []
+      params[:supports].push(
+        {
+          os:      sth,
+          version: version,
+        },
+      )
+    end
+    def valid?
+      is_valid = true
+      %w{ name title version summary }.each do |field|
+        next unless params[field.to_sym].nil?
+        @logger.error("Missing profile #{field} in metadata.rb")
+        is_valid = false
+      end
+      %w{ maintainer copyright }.each do |field|
+        next unless params[field.to_sym].nil?
+        @logger.warn("Missing profile #{field} in metadata.rb")
+        is_valid = false
+      end
+      is_valid && @missing_methods.empty?
+    end
+    def method_missing(sth, *args)
+      @logger.warn "metadata.rb doesn't support: #{sth} #{args}"
+      @missing_methods.push(sth)
+    end
+    def self.from_file(path, profile_id, logger = nil)
+      logger ||= Logger.new(nil)
+      unless File.file?(path)
+        logger.error "Can't find metadata file #{path}"
+        return nil
+      end
+      res = Metadata.new(logger)
+      res.instance_eval(File.read(path), path, 1)
+      res.params[:name] = profile_id.to_s unless profile_id.to_s.empty?
+      res
+    end
+  end
+end

data/lib/inspec/plugins.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+module Inspec
+  module Plugins
+    autoload :Resource, 'inspec/plugins/resource'
+  end
+end

data/lib/inspec/plugins/resource.rb ADDED Viewed

@@ -0,0 +1,62 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+module Inspec
+  module Plugins
+    class Resource
+      def self.name(name = nil)
+        return if name.nil?
+        Inspec::Plugins::Resource.__register(name, self)
+      end
+      def self.__register(name, obj)
+        # rubocop:disable Lint/NestedMethodDefinition
+        cl = Class.new(obj) do
+          # add some common methods
+          include Inspec::Plugins::ResourceCommon
+          def initialize(backend, name, *args)
+            # attach the backend to this instance
+            @__backend_runner__ = backend
+            @__resource_name__ = name
+            # call the resource initializer
+            super(*args)
+          end
+          def inspec
+            @__backend_runner__
+          end
+        end
+        # rubocop:enable Lint/NestedMethodDefinition
+        # add the resource to the registry by name
+        Inspec::Resource.registry[name] = cl
+      end
+      # Define methods which are available to all resources
+      # and may be overwritten.
+      # Print the name of the resource
+      def to_s
+        @__resource_name__
+      end
+      # Overwrite inspect to provide better output to RSpec results.
+      #
+      # @return [String] full name of the resource
+      def inspect
+        to_s
+      end
+    end
+    module ResourceCommon
+      def resource_skipped
+        @resource_skipped
+      end
+      def skip_resource(message)
+        @resource_skipped = message
+      end
+    end
+  end
+end

data/lib/inspec/profile.rb ADDED Viewed

@@ -0,0 +1,138 @@
+# encoding: utf-8
+# Copyright 2015 Dominik Richter. All rights reserved.
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'inspec/metadata'
+module Inspec
+  class Profile # rubocop:disable Metrics/ClassLength
+    def self.from_path(path, options = nil)
+      opt = {}
+      options.each { |k, v| opt[k.to_sym] = v } unless options.nil?
+      opt[:path] = path
+      Profile.new(opt)
+    end
+    attr_reader :params
+    attr_reader :metadata
+    def initialize(options = nil)
+      @options = options || {}
+      @profile_id = options[:id] || nil
+      @params = {}
+      @logger = options[:logger] || Logger.new(nil)
+      @path = @options[:path]
+      fail 'Cannot read an empty path.' if @path.nil? || @path.empty?
+      fail "Cannot find directory #{@path}" unless File.directory?(@path)
+      @metadata = read_metadata
+      @params = @metadata.params unless @metadata.nil?
+      @params[:rules] = rules = {}
+      @runner = Runner.new(
+        id: @profile_id,
+        backend: :mock,
+      )
+      @runner.add_tests([@path])
+      @runner.rules.each do |id, rule|
+        file = rule.instance_variable_get(:@__file)
+        rules[file] ||= {}
+        rules[file][id] = {
+          title: rule.title,
+          desc: rule.desc,
+          impact: rule.impact,
+          checks: rule.instance_variable_get(:@checks),
+          code: rule.instance_variable_get(:@__code),
+          group_title: rule.instance_variable_get(:@__group_title),
+        }
+      end
+    end
+    def info
+      res = @params.dup
+      rules = {}
+      res[:rules].each do |gid, group|
+        next if gid.to_s.empty?
+        path = gid.sub(File.join(@path, ''), '')
+        rules[path] = { title: path, rules: {} }
+        group.each do |id, rule|
+          next if id.to_s.empty?
+          data = rule.dup
+          data.delete(:checks)
+          data[:impact] ||= 0.5
+          data[:impact] = 1.0 if data[:impact] > 1.0
+          data[:impact] = 0.0 if data[:impact] < 0.0
+          rules[path][:rules][id] = data
+          # TODO: temporarily flatten the group down; replace this with
+          # proper hierarchy later on
+          rules[path][:title] = data[:group_title]
+        end
+      end
+      res[:rules] = rules
+      res
+    end
+    # Check if the profile is internall well-structured. The logger will be
+    # used to print information on errors and warnings which are found.
+    #
+    # @return [Boolean] true if no errors were found, false otherwise
+    def check # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+      no_errors = true
+      no_warnings = true
+      warn = lambda { |msg|
+        @logger.warn(msg)
+        no_warnings = false
+      }
+      error = lambda { |msg|
+        @logger.error(msg)
+        no_warnings = no_errors = false
+      }
+      @logger.info "Checking profile in #{@path}"
+      if @params[:name].to_s.empty?
+        error.call('No profile name defined')
+      elsif !(@params[:name].to_s =~ %r{^\S+\/\S+$})
+        error.call('Profile name must be defined as: OWNER/ID')
+      end
+      warn.call('No version defined') if @params[:name].to_s.empty?
+      warn.call('No title defined') if @params[:name].to_s.empty?
+      warn.call('No maintainer defined') if @params[:name].to_s.empty?
+      warn.call('No supports defined') if @params[:name].empty?
+      @logger.info 'Metadata OK.' if no_warnings
+      no_warnings = true
+      if @params[:name].empty?
+        warn.call('No rules were found.')
+      else
+        @logger.debug "Found #{@params[:name].length} rules."
+      end
+      # iterate over hash of groups
+      @params[:rules].each do |group, rules_array|
+        @logger.debug "Verify all rules in  #{group}"
+        rules_array.each do |id, rule|
+          error.call('Avoid rules with empty IDs') if id.nil? or id.empty?
+          warn.call("Rule #{id} has no title") if rule[:title].to_s.empty?
+          warn.call("Rule #{id} has no description") if rule[:desc].to_s.empty?
+          warn.call("Rule #{id} has impact > 1.0") if rule[:impact].to_f > 1.0
+          warn.call("Rule #{id} has impact < 0.0") if rule[:impact].to_f < 0.0
+          warn.call("Rule #{id} has no tests defined") if rule[:checks].nil? or rule[:checks].empty?
+        end
+      end
+      @logger.info 'Rule definitions OK.' if no_warnings
+      no_errors
+    end
+    private
+    def read_metadata
+      mpath = File.join(@path, 'metadata.rb')
+      @metadata = Metadata.from_file(mpath, @profile_id, @logger)
+    end
+  end
+end

data/lib/inspec/profile_context.rb ADDED Viewed

@@ -0,0 +1,170 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'inspec/rule'
+require 'inspec/dsl'
+require 'rspec/core/dsl'
+module Inspec
+  class ProfileContext # rubocop:disable Metrics/ClassLength
+    attr_reader :rules, :only_ifs
+    def initialize(profile_id, backend, profile_registry = {}, only_ifs = [])
+      if backend.nil?
+        fail 'ProfileContext is initiated with a backend == nil. ' \
+             'This is a backend error which must be fixed upstream.'
+      end
+      @profile_id = profile_id
+      @rules = profile_registry
+      @only_ifs = only_ifs
+      dsl = create_inner_dsl(backend)
+      outer_dsl = create_outer_dsl(dsl)
+      ctx = create_context(outer_dsl)
+      @profile_context = ctx.new
+    end
+    def load(content, source = nil, line = nil)
+      @current_load = { file: source }
+      @profile_context.instance_eval(content, source || 'unknown', line || 1)
+    end
+    def unregister_rule(id)
+      full_id = Inspec::Rule.full_id(@profile_id, id)
+      @rules[full_id] = nil
+    end
+    def register_rule(r)
+      # get the full ID
+      r.instance_variable_set(:@__file, @current_load[:file])
+      r.instance_variable_set(:@__group_title, @current_load[:title])
+      full_id = Inspec::Rule.full_id(@profile_id, r)
+      if full_id.nil?
+        # TODO: error
+        return
+      end
+      # add the rule to the registry
+      existing = @rules[full_id]
+      if existing.nil?
+        @rules[full_id] = r
+      else
+        Inspec::Rule.merge(existing, r)
+      end
+    end
+    def set_header(field, val)
+      @current_load[field] = val
+    end
+    private
+    # Creates the inner DSL which includes all resources for
+    # creating tests. It is always connected to one target,
+    # which is specified via the backend argument.
+    #
+    # @param backend [BackendRunner] exposing the target to resources
+    # @return [InnerDSLModule]
+    def create_inner_dsl(backend)
+      Module.new do
+        Inspec::Resource.registry.each do |id, r|
+          define_method id.to_sym do |*args|
+            r.new(backend, id.to_s, *args)
+          end
+        end
+      end
+    end
+    # Creates the outer DSL which includes all methods for creating
+    # tests and control structures.
+    #
+    # @param dsl [InnerDSLModule] which contains all resources
+    # @return [OuterDSLClass]
+    def create_outer_dsl(dsl)
+      rule_class = Class.new(Inspec::Rule) do
+        include RSpec::Core::DSL
+        include dsl
+      end
+      # rubocop:disable Lint/NestedMethodDefinition
+      Class.new do
+        include dsl
+        define_method :control do |*args, &block|
+          id = args[0]
+          opts = args[1] || {}
+          # Skip the control if the resource triggered a skip;
+          # However: when this is run on a mock backend, do not skip it.
+          # This is e.g. relevant for JSON generation, where we need all
+          # controls.
+          return if @skip_profile && os[:family] != 'unknown'
+          __register_rule rule_class.new(id, opts, &block)
+        end
+        alias_method :rule, :control
+        define_method :describe do |*args, &block|
+          path = block.source_location[0]
+          line = block.source_location[1]
+          id = "#{File.basename(path)}:#{line}"
+          rule = rule_class.new(id, {}) do
+            describe(*args, &block)
+          end
+          __register_rule rule, &block
+        end
+        # TODO: mock method for attributes; import attribute handling
+        define_method :attributes do |_name, _options|
+          nil
+        end
+        def skip_rule(id)
+          __unregister_rule id
+        end
+        def only_if(&block)
+          return unless block_given?
+          @skip_profile = !block.call
+        end
+      end
+      # rubocop:enable all
+    end
+    # Creates the heart of the profile context:
+    # An instantiated object which has all resources registered to it
+    # and exposes them to the a test file. The profile context serves as a
+    # container for all profiles which are registered. Within the context
+    # profiles get access to all DSL calls for creating tests and controls.
+    #
+    # @param outer_dsl [OuterDSLClass]
+    # @return [ProfileContextClass]
+    def create_context(outer_dsl)
+      profile_context_owner = self
+      # rubocop:disable Lint/NestedMethodDefinition
+      Class.new(outer_dsl) do
+        include Inspec::DSL
+        define_method :title do |arg|
+          profile_context_owner.set_header(:title, arg)
+        end
+        define_method :__register_rule do |*args|
+          profile_context_owner.register_rule(*args)
+        end
+        define_method :__unregister_rule do |*args|
+          profile_context_owner.unregister_rule(*args)
+        end
+        def to_s
+          'Profile Context Run'
+        end
+      end
+      # rubocop:enable all
+    end
+  end
+end