RubyGems - inspec - Versions diffs - 0.9.0 - Mend

inspec 0.9.0

Files changed (247) hide show

checksums.yaml +7 -0
data/.gitignore +8 -0
data/.rubocop.yml +65 -0
data/.travis.yml +23 -0
data/CHANGELOG.md +38 -0
data/Gemfile +33 -0
data/LICENSE +201 -0
data/MAINTAINERS.md +28 -0
data/MAINTAINERS.toml +42 -0
data/README.md +257 -0
data/Rakefile +47 -0
data/bin/inspec +109 -0
data/docs/ctl_inspec.rst +195 -0
data/docs/dsl_inspec.rst +182 -0
data/docs/readme.rst +100 -0
data/docs/resources.rst +4319 -0
data/docs/template.rst +51 -0
data/examples/test-kitchen/.kitchen.yml +20 -0
data/examples/test-kitchen/Berksfile +3 -0
data/examples/test-kitchen/Gemfile +21 -0
data/examples/test-kitchen/README.md +27 -0
data/examples/test-kitchen/metadata.rb +7 -0
data/examples/test-kitchen/recipes/default.rb +6 -0
data/examples/test-kitchen/recipes/nginx.rb +30 -0
data/examples/test-kitchen/test/integration/default/web_spec.rb +28 -0
data/inspec.gemspec +30 -0
data/lib/inspec.rb +20 -0
data/lib/inspec/backend.rb +42 -0
data/lib/inspec/dsl.rb +151 -0
data/lib/inspec/log.rb +34 -0
data/lib/inspec/metadata.rb +79 -0
data/lib/inspec/plugins.rb +9 -0
data/lib/inspec/plugins/resource.rb +62 -0
data/lib/inspec/profile.rb +138 -0
data/lib/inspec/profile_context.rb +170 -0
data/lib/inspec/resource.rb +76 -0
data/lib/inspec/rspec_json_formatter.rb +27 -0
data/lib/inspec/rule.rb +170 -0
data/lib/inspec/runner.rb +154 -0
data/lib/inspec/shell.rb +66 -0
data/lib/inspec/targets.rb +9 -0
data/lib/inspec/targets/core.rb +27 -0
data/lib/inspec/targets/dir.rb +67 -0
data/lib/inspec/targets/file.rb +29 -0
data/lib/inspec/targets/folder.rb +43 -0
data/lib/inspec/targets/tar.rb +34 -0
data/lib/inspec/targets/url.rb +39 -0
data/lib/inspec/targets/zip.rb +47 -0
data/lib/inspec/version.rb +7 -0
data/lib/matchers/matchers.rb +221 -0
data/lib/resources/apache.rb +29 -0
data/lib/resources/apache_conf.rb +113 -0
data/lib/resources/apt.rb +140 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd_conf.rb +56 -0
data/lib/resources/auditd_rules.rb +53 -0
data/lib/resources/bond.rb +65 -0
data/lib/resources/bridge.rb +114 -0
data/lib/resources/command.rb +57 -0
data/lib/resources/csv.rb +32 -0
data/lib/resources/directory.rb +15 -0
data/lib/resources/etc_group.rb +150 -0
data/lib/resources/file.rb +110 -0
data/lib/resources/gem.rb +46 -0
data/lib/resources/group.rb +132 -0
data/lib/resources/host.rb +143 -0
data/lib/resources/inetd_conf.rb +56 -0
data/lib/resources/interface.rb +127 -0
data/lib/resources/iptables.rb +65 -0
data/lib/resources/json.rb +64 -0
data/lib/resources/kernel_module.rb +40 -0
data/lib/resources/kernel_parameter.rb +55 -0
data/lib/resources/limits_conf.rb +55 -0
data/lib/resources/login_def.rb +60 -0
data/lib/resources/mysql.rb +81 -0
data/lib/resources/mysql_conf.rb +116 -0
data/lib/resources/mysql_session.rb +52 -0
data/lib/resources/npm.rb +44 -0
data/lib/resources/ntp_conf.rb +58 -0
data/lib/resources/oneget.rb +63 -0
data/lib/resources/os.rb +22 -0
data/lib/resources/os_env.rb +34 -0
data/lib/resources/package.rb +169 -0
data/lib/resources/parse_config.rb +75 -0
data/lib/resources/passwd.rb +93 -0
data/lib/resources/pip.rb +75 -0
data/lib/resources/port.rb +296 -0
data/lib/resources/postgres.rb +37 -0
data/lib/resources/postgres_conf.rb +87 -0
data/lib/resources/postgres_session.rb +59 -0
data/lib/resources/processes.rb +57 -0
data/lib/resources/registry_key.rb +54 -0
data/lib/resources/script.rb +34 -0
data/lib/resources/security_policy.rb +73 -0
data/lib/resources/service.rb +379 -0
data/lib/resources/ssh_conf.rb +75 -0
data/lib/resources/user.rb +374 -0
data/lib/resources/windows_feature.rb +77 -0
data/lib/resources/yaml.rb +23 -0
data/lib/resources/yum.rb +154 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/detect.rb +15 -0
data/lib/utils/find_files.rb +36 -0
data/lib/utils/hash.rb +13 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/parser.rb +61 -0
data/lib/utils/simpleconfig.rb +115 -0
data/tasks/maintainers.rb +213 -0
data/test/docker_run.rb +156 -0
data/test/docker_test.rb +51 -0
data/test/helper.rb +200 -0
data/test/integration/.kitchen.yml +42 -0
data/test/integration/Berksfile +4 -0
data/test/integration/cookbooks/os_prepare/metadata.rb +8 -0
data/test/integration/cookbooks/os_prepare/recipes/apt.rb +20 -0
data/test/integration/cookbooks/os_prepare/recipes/default.rb +9 -0
data/test/integration/cookbooks/os_prepare/recipes/file.rb +21 -0
data/test/integration/cookbooks/os_prepare/recipes/package.rb +26 -0
data/test/integration/default/_debug_spec.rb +1 -0
data/test/integration/default/apt_spec.rb +42 -0
data/test/integration/default/file_spec.rb +109 -0
data/test/integration/default/group_spec.rb +32 -0
data/test/integration/default/kernel_module_spec.rb +17 -0
data/test/integration/default/kernel_parameter_spec.rb +56 -0
data/test/integration/default/package_spec.rb +11 -0
data/test/integration/default/service_spec.rb +28 -0
data/test/integration/default/user_spec.rb +44 -0
data/test/resource/command_test.rb +33 -0
data/test/resource/dsl_test.rb +45 -0
data/test/resource/file_test.rb +130 -0
data/test/resource/ssh_config.rb +9 -0
data/test/resource/sshd_config.rb +9 -0
data/test/test-extra.yaml +11 -0
data/test/test.yaml +11 -0
data/test/unit/mock/cmd/Get-NetAdapter +24 -0
data/test/unit/mock/cmd/GetUserAccount +33 -0
data/test/unit/mock/cmd/GetWin32Group +23 -0
data/test/unit/mock/cmd/PATH +1 -0
data/test/unit/mock/cmd/Resolve-DnsName +26 -0
data/test/unit/mock/cmd/Test-NetConnection +4 -0
data/test/unit/mock/cmd/auditctl +7 -0
data/test/unit/mock/cmd/auditpol +2 -0
data/test/unit/mock/cmd/brew-info-jq +1 -0
data/test/unit/mock/cmd/chage-l-root +7 -0
data/test/unit/mock/cmd/dpkg-s-curl +21 -0
data/test/unit/mock/cmd/dscl +5 -0
data/test/unit/mock/cmd/etc-apt +7 -0
data/test/unit/mock/cmd/find-etc-rc-d-name-S +12 -0
data/test/unit/mock/cmd/find-net-interface +9 -0
data/test/unit/mock/cmd/gem-list-local-a-q-rubocop +1 -0
data/test/unit/mock/cmd/get-net-tcpconnection +24 -0
data/test/unit/mock/cmd/get-netadapter-binding-bridge +4 -0
data/test/unit/mock/cmd/get-package-firefox +30 -0
data/test/unit/mock/cmd/get-package-ruby +18 -0
data/test/unit/mock/cmd/get-service-dhcp +10 -0
data/test/unit/mock/cmd/get-windows-feature +7 -0
data/test/unit/mock/cmd/getent-hosts-example.com +1 -0
data/test/unit/mock/cmd/getent-passwd-root +1 -0
data/test/unit/mock/cmd/id-chartmann +1 -0
data/test/unit/mock/cmd/id-root +1 -0
data/test/unit/mock/cmd/initctl-show-config-ssh +3 -0
data/test/unit/mock/cmd/initctl-status-ssh +1 -0
data/test/unit/mock/cmd/iptables-s +6 -0
data/test/unit/mock/cmd/launchctl-list +3 -0
data/test/unit/mock/cmd/ls-1-etc-init.d +2 -0
data/test/unit/mock/cmd/ls-sys-class-net-br +2 -0
data/test/unit/mock/cmd/lsmod +2 -0
data/test/unit/mock/cmd/lsof-np-itcp +4 -0
data/test/unit/mock/cmd/netstat-tulpen +5 -0
data/test/unit/mock/cmd/npm-ls-g--json-bower +9 -0
data/test/unit/mock/cmd/pacman-qi-curl +21 -0
data/test/unit/mock/cmd/ping-example.com +6 -0
data/test/unit/mock/cmd/pip-show-jinja2 +11 -0
data/test/unit/mock/cmd/ps-aux +3 -0
data/test/unit/mock/cmd/pw-usershow-root-7 +1 -0
data/test/unit/mock/cmd/reg_schedule +1 -0
data/test/unit/mock/cmd/rpm-qia-curl +24 -0
data/test/unit/mock/cmd/sbin_sysctl +1 -0
data/test/unit/mock/cmd/secedit-export +7 -0
data/test/unit/mock/cmd/service-e +2 -0
data/test/unit/mock/cmd/service-sendmail-onestatus +3 -0
data/test/unit/mock/cmd/service-sshd-status +1 -0
data/test/unit/mock/cmd/sockstat +5 -0
data/test/unit/mock/cmd/success +0 -0
data/test/unit/mock/cmd/systemctl-show-all-sshd +6 -0
data/test/unit/mock/cmd/win32_product +8 -0
data/test/unit/mock/cmd/yum-repolist-all +52 -0
data/test/unit/mock/files/auditd.conf +4 -0
data/test/unit/mock/files/bond0 +37 -0
data/test/unit/mock/files/etcgroup +3 -0
data/test/unit/mock/files/example.csv +6 -0
data/test/unit/mock/files/inetd.conf +2 -0
data/test/unit/mock/files/kitchen.yml +7 -0
data/test/unit/mock/files/limits.conf +5 -0
data/test/unit/mock/files/login.defs +5 -0
data/test/unit/mock/files/mysql.conf +8 -0
data/test/unit/mock/files/mysql2.conf +2 -0
data/test/unit/mock/files/ntp.conf +5 -0
data/test/unit/mock/files/passwd +2 -0
data/test/unit/mock/files/policyfile.lock.json +12 -0
data/test/unit/mock/files/ssh_config +5 -0
data/test/unit/mock/files/sshd_config +7 -0
data/test/unit/mock/profiles/empty/metadata.rb +0 -0
data/test/unit/mock/profiles/metadata/metadata.rb +1 -0
data/test/unit/profile_context_test.rb +140 -0
data/test/unit/profile_test.rb +49 -0
data/test/unit/resources/apt_test.rb +46 -0
data/test/unit/resources/audit_policy_test.rb +13 -0
data/test/unit/resources/auditd_conf_test.rb +15 -0
data/test/unit/resources/auditd_rules_test.rb +21 -0
data/test/unit/resources/bond_test.rb +24 -0
data/test/unit/resources/bridge_test.rb +56 -0
data/test/unit/resources/csv_test.rb +35 -0
data/test/unit/resources/etc_group_test.rb +37 -0
data/test/unit/resources/gem_test.rb +20 -0
data/test/unit/resources/group_test.rb +96 -0
data/test/unit/resources/host_test.rb +38 -0
data/test/unit/resources/inetd_conf_test.rb +15 -0
data/test/unit/resources/interface_test.rb +54 -0
data/test/unit/resources/iptables_test.rb +30 -0
data/test/unit/resources/json_test.rb +36 -0
data/test/unit/resources/kernel_module_test.rb +23 -0
data/test/unit/resources/kernel_parameter_test.rb +13 -0
data/test/unit/resources/limits_conf_test.rb +14 -0
data/test/unit/resources/login_def_test.rb +16 -0
data/test/unit/resources/mysql_conf_test.rb +14 -0
data/test/unit/resources/npm_test.rb +20 -0
data/test/unit/resources/ntp_conf_test.rb +16 -0
data/test/unit/resources/oneget_test.rb +45 -0
data/test/unit/resources/os_env_test.rb +13 -0
data/test/unit/resources/package_test.rb +51 -0
data/test/unit/resources/passwd_test.rb +24 -0
data/test/unit/resources/pip_test.rb +15 -0
data/test/unit/resources/port_test.rb +46 -0
data/test/unit/resources/processes_test.rb +32 -0
data/test/unit/resources/registry_key_test.rb +19 -0
data/test/unit/resources/script_test.rb +19 -0
data/test/unit/resources/security_policy_test.rb +16 -0
data/test/unit/resources/service_test.rb +116 -0
data/test/unit/resources/ssh_conf_test.rb +33 -0
data/test/unit/resources/user_test.rb +93 -0
data/test/unit/resources/windows_feature.rb +17 -0
data/test/unit/resources/yaml_test.rb +34 -0
data/test/unit/resources/yum_test.rb +68 -0
data/test/unit/simpleconfig_test.rb +80 -0
data/test/unit/utils/content_parser_test.rb +30 -0
metadata +555 -0

data/lib/resources/bond.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+require 'resources/file'
+# Usage:
+# describe bond('bond0') do
+#   it { should exist }
+#   it { should have_interface 'eth0' }
+# end
+module Inspec::Resources
+  class Bond < File
+    name 'bond'
+    def initialize(bond)
+      @bond = bond
+      @path = "/proc/net/bonding/#{bond}"
+      @file = inspec.file(@path)
+      @content = nil
+      @params = {}
+      @loaded = false
+    end
+    def read_content
+      # parse the file
+      @content = @file.content
+      @params = SimpleConfig.new(
+        @file.content,
+        assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+        multiple_values: true,
+      ).params if @file.exist?
+      @loaded = true
+      @content
+    end
+    # ensures the content is loaded before we return the params
+    def params
+      read_content if @loaded == false
+      @params
+    end
+    def content
+      read_content if @loaded == false
+      @content
+    end
+    def exist?
+      @file.exist?
+    end
+    def has_interface?(interface)
+      params['Slave Interface'].include?(interface)
+    end
+    def interfaces
+      params['Slave Interface']
+    end
+    def to_s
+      "Bond #{@bond}"
+    end
+  end
+end

data/lib/resources/bridge.rb ADDED Viewed

@@ -0,0 +1,114 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# Usage:
+# describe bridge('br0') do
+#   it { should exist }
+#   it { should have_interface 'eth0' }
+# end
+class Bridge < Inspec.resource(1)
+  name 'bridge'
+  def initialize(bridge_name)
+    @bridge_name = bridge_name
+    @bridge_provider = nil
+    if inspec.os.linux?
+      @bridge_provider = LinuxBridge.new(inspec)
+    elsif inspec.os.windows?
+      @bridge_provider = WindowsBridge.new(inspec)
+    else
+      return skip_resource 'The `bridge` resource is not supported on your OS yet.'
+    end
+  end
+  def exists?
+    !bridge_info.nil? && !bridge_info[:name].nil?
+  end
+  def has_interface?(interface)
+    return skip_resource 'The `bridge` resource does not provide interface detection for Windows yet' if inspec.os.windows?
+    bridge_info.nil? ? false : bridge_info[:interfaces].include?(interface)
+  end
+  def interfaces
+    bridge_info.nil? ? nil : bridge_info[:interfaces]
+  end
+  def to_s
+    "Bridge #{@bridge_name}"
+  end
+  private
+  def bridge_info
+    return @cache if defined?(@cache)
+    @cache = @bridge_provider.bridge_info(@bridge_name) if !@bridge_provider.nil?
+  end
+end
+class BridgeDetection
+  attr_reader :inspec
+  def initialize(inspec)
+    @inspec = inspec
+  end
+end
+# Linux Bridge
+# If /sys/class/net/{interface}/bridge exists then it must be a bridge
+# /sys/class/net/{interface}/brif contains the network interfaces
+# @see http://www.tldp.org/HOWTO/BRIDGE-STP-HOWTO/set-up-the-bridge.html
+# @see http://unix.stackexchange.com/questions/40560/how-to-know-if-a-network-interface-is-tap-tun-bridge-or-physical
+class LinuxBridge < BridgeDetection
+  def bridge_info(bridge_name)
+    # read bridge information
+    bridge = inspec.file("/sys/class/net/#{bridge_name}/bridge").directory?
+    return nil unless bridge
+    # load interface names
+    interfaces = inspec.command("ls -1 /sys/class/net/#{bridge_name}/brif/")
+    interfaces = interfaces.stdout.chomp.split("\n")
+    {
+      name: bridge_name,
+      interfaces: interfaces,
+    }
+  end
+end
+# Windows Bridge
+# select netadapter by adapter binding for windows
+# Get-NetAdapterBinding -ComponentID ms_bridge | Get-NetAdapter
+# @see https://technet.microsoft.com/en-us/library/jj130921(v=wps.630).aspx
+# RegKeys: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
+class WindowsBridge < BridgeDetection
+  def bridge_info(bridge_name)
+    # find all bridge adapters
+    cmd = inspec.command('Get-NetAdapterBinding -ComponentID ms_bridge | Get-NetAdapter | Select-Object -Property Name, InterfaceDescription | ConvertTo-Json')
+    # filter network interface
+    begin
+      bridges = JSON.parse(cmd.stdout)
+    rescue JSON::ParserError => _e
+      return nil
+    end
+    # ensure we have an array of groups
+    bridges = [bridges] if !bridges.is_a?(Array)
+    # select the requested interface
+    bridges = bridges.each_with_object([]) do |adapter, adapter_collection|
+      # map object
+      info = {
+        name: adapter['Name'],
+        interfaces: nil,
+      }
+      adapter_collection.push(info) if info[:name].casecmp(bridge_name) == 0
+    end
+    return nil if bridges.size == 0
+    warn "[Possible Error] detected multiple bridges interfaces with the name #{bridge_name}" if bridges.size > 1
+    bridges[0]
+  end
+end

data/lib/resources/command.rb ADDED Viewed

@@ -0,0 +1,57 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Dominik Richter
+# author: Christoph Hartmann
+# license: All rights reserved
+# Usage:
+# describe command('ls -al /') do
+#   it { should exist }
+#   its(:stdout) { should match /bin/ }
+#   its(:stderr) { should match /No such file or directory/ }
+#   its(:exit_status) { should eq 0 }
+# end
+class Cmd < Inspec.resource(1)
+  name 'command'
+  def initialize(cmd)
+    @command = cmd
+  end
+  def result
+    @result ||= inspec.backend.run_command(@command)
+  end
+  def stdout
+    result.stdout
+  end
+  def stderr
+    result.stderr
+  end
+  def exit_status
+    result.exit_status.to_i
+  end
+  def exist?
+    if inspec.os.linux?
+      res = inspec.backend.run_command("bash -c 'type \"#{@command}\"'")
+    elsif inspec.os.windows?
+      res = inspec.backend.run_command("where.exe \"#{@command}\"")
+    elsif inspec.os.unix?
+      res = inspec.backend.run_command("type \"#{@command}\"")
+    elsif inspec.os[:family].to_s == 'unknown'
+      # silent for mock resources
+      return false
+    else
+      warn "`command(#{@command}).exist?` is not suported on you OS: #{inspec.os[:family]}"
+      return false
+    end
+    res.exit_status.to_i == 0
+  end
+  def to_s
+    "Command #{@command}"
+  end
+end

data/lib/resources/csv.rb ADDED Viewed

@@ -0,0 +1,32 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# Parses a csv document
+# Usage:
+# describe csv('example.csv') do
+#   its('name') { should eq(['John', 'Alice']) }
+# end
+#
+# This implementation was inspired by a blog post
+# @see http://technicalpickles.com/posts/parsing-csv-with-ruby
+class CsvConfig < JsonConfig
+  name 'csv'
+  # override file load and parse hash from csv
+  def parse(content)
+    require 'csv'
+    # convert empty field to nil
+    CSV::Converters[:blank_to_nil] = lambda do |field|
+      field && field.empty? ? nil : field
+    end
+    # implicit conversion of values
+    csv = CSV.new(content, headers: true, converters: [:all, :blank_to_nil])
+    # convert to hash
+    csv.to_a.map(&:to_hash)
+  end
+  def to_s
+    "Csv #{@path}"
+  end
+end

data/lib/resources/directory.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'resources/file'
+module Inspec::Resources
+  class Directory < File
+    name 'directory'
+  end
+  def to_s
+    "Directory #{@path}"
+  end
+end

data/lib/resources/etc_group.rb ADDED Viewed

@@ -0,0 +1,150 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Christoph Hartmann
+# author: Dominik Richter
+# license: All rights reserved
+# The file format consists of
+# - group name
+# - password - group's encrypted password
+# - gid - group's decimal ID
+# - member list - group members, comma seperated list
+#
+# Usage:
+# describe etc_group do
+#   its('gids') { should_not contain_duplicates }
+#   its('groups') { should include 'my_user' }
+#   its('users') { should include 'my_user' }
+# end
+#
+# describe etc_group.where(name: 'my_group') do
+#   its('users') { should include 'my_user' }
+# end
+require 'utils/convert'
+require 'utils/parser'
+class EtcGroup < Inspec.resource(1)
+  include Converter
+  include ContentParser
+  name 'etc_group'
+  attr_accessor :gid, :entries
+  def initialize(path = nil)
+    @path = path || '/etc/group'
+    @entries = parse_group(@path)
+    # skip resource if it is not supported on current OS
+    return skip_resource 'The `etc_group` resource is not supported on your OS.' \
+    unless %w{ubuntu debian redhat fedora arch darwin freebsd}.include?(inspec.os[:family])
+  end
+  def groups(filter = nil)
+    entries = filter || @entries
+    entries.map { |x| x['name'] } if !entries.nil?
+  end
+  def gids(filter = nil)
+    entries = filter || @entries
+    entries.map { |x| x['gid'] } if !entries.nil?
+  end
+  def users(filter = nil)
+    entries = filter || @entries
+    return nil if entries.nil?
+    # filter the user entry
+    res = entries.map { |x|
+      x['members'].split(',') if !x.nil? && !x['members'].nil?
+    }.flatten
+    # filter nil elements
+    res.reject { |x| x.nil? || x.empty? }
+  end
+  def where(conditions = {})
+    return if conditions.empty?
+    fields = {
+      name: 'name',
+      group_name: 'name',
+      password: 'password',
+      gid: 'gid',
+      group_id: 'gid',
+      users: 'members',
+      members: 'members',
+    }
+    res = entries
+    conditions.each do |k, v|
+      idx = fields[k.to_sym]
+      next if idx.nil?
+      res = res.select { |x| x[idx] == v.to_s }
+    end
+    EtcGroupView.new(self, res)
+  end
+  def to_s
+    '/etc/group'
+  end
+  private
+  def parse_group(path)
+    @content = inspec.file(path).content
+    if @content.nil?
+      skip_resource "Can't access group file in #{path}"
+      return []
+    end
+    # iterate over each line and filter comments
+    @content.split("\n").each_with_object([]) do |line, lines|
+      grp_info = parse_group_line(line)
+      lines.push(grp_info) if !grp_info.nil? && grp_info.size > 0
+    end
+  end
+  def parse_group_line(line)
+    opts = {
+      comment_char: '#',
+      standalone_comments: false,
+    }
+    line, _idx_nl = parse_comment_line(line, opts)
+    x = line.split(':')
+    # abort if we have an empty or comment line
+    return nil if x.size == 0
+    # map data
+    {
+      'name' => x.at(0), # Name of the group.
+      'password' => x.at(1), # Group's encrypted password.
+      'gid' => convert_to_i(x.at(2)), # The group's decimal ID.
+      'members' => x.at(3), # Group members.
+    }
+  end
+end
+# object that hold a specifc view on etc group
+class EtcGroupView
+  def initialize(parent, filter)
+    @parent = parent
+    @filter = filter
+  end
+  # returns the group object
+  def entries
+    @filter
+  end
+  # only returns group name
+  def groups
+    @parent.groups(@filter)
+  end
+  # only return gids
+  def gids
+    @parent.gids(@filter)
+  end
+  # only returns users
+  def users
+    @parent.users(@filter)
+  end
+end

data/lib/resources/file.rb ADDED Viewed

@@ -0,0 +1,110 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Dominik Richter
+# author: Christoph Hartmann
+# license: All rights reserved
+module Inspec::Resources
+  class File < Inspec.resource(1)
+    name 'file'
+    attr_reader :path
+    def initialize(path)
+      @path = path
+      @file = inspec.backend.file(@path)
+    end
+    %w{
+      type exist? file? block_device? character_device? socket? directory?
+      symlink? pipe? mode mode? owner owned_by? group grouped_into? link_target
+      link_path linked_to? content mtime size selinux_label mounted? immutable?
+      product_version file_version version? md5sum sha256sum
+    }.each do |m|
+      define_method m.to_sym do |*args|
+        @file.method(m.to_sym).call(*args)
+      end
+    end
+    def contain(*_)
+      fail 'Contain is not supported. Please use standard RSpec matchers.'
+    end
+    def readable?(by_owner, by_user)
+      if inspec.os.unix?
+        by_owner, by_user = check_preconditions(by_owner, by_user)
+        if by_user.nil?
+          m = @file.unix_mode_mask(by_owner, 'r') ||
+              fail("#{by_owner} is not a valid unix owner.")
+          (@file.mode & m) != 0
+        else
+          check_user_access(by_user, @path, 'r')
+        end
+      else
+        fail "`file(#{@path}).executable?` is not suported on you OS: #{inspec.os['family']}"
+      end
+    end
+    def writable?(by_owner, by_user)
+      if inspec.os.unix?
+        by_owner, by_user = check_preconditions(by_owner, by_user)
+        if by_user.nil?
+          m = @file.unix_mode_mask(by_owner, 'w') ||
+              fail("#{by_owner} is not a valid unix owner.")
+          (@file.mode & m) != 0
+        else
+          check_user_access(by_user, @path, 'w')
+        end
+      else
+        fail "`file(#{@path}).executable?` is not suported on you OS: #{inspec.os['family']}"
+      end
+    end
+    def executable?(by_owner, by_user)
+      if inspec.os.unix?
+        by_owner, by_user = check_preconditions(by_owner, by_user)
+        if by_user.nil?
+          m = @file.unix_mode_mask(by_owner, 'x') ||
+              fail("#{by_owner} is not a valid unix owner.")
+          return (@file.mode & m) != 0
+        else
+          return check_user_access(by_user, @path, 'x')
+        end
+      else
+        fail "`file(#{@path}).executable?` is not suported on you OS: #{inspec.os['family']}"
+      end
+    end
+    def to_s
+      "File #{@path}"
+    end
+    private
+    def check_preconditions(by_owner, by_user)
+      by_owner = 'other' if by_owner == 'others'
+      by_owner = 'all' if (by_owner.nil? || by_owner.empty?) && (by_user.nil?)
+      [by_owner, by_user]
+    end
+    # check permissions on linux
+    def check_user_access(user, file, flag)
+      if inspec.os.linux? == true
+        # use sh on linux
+        perm_cmd = "su -s /bin/sh -c \"test -#{flag} #{file}\" #{user}"
+      elsif inspec.os[:family] == 'freebsd'
+        # use sudo on freebsd
+        perm_cmd = "sudo -u #{user} test -#{flag} #{file}"
+      end
+      if !perm_cmd.nil?
+        cmd = inspec.command(perm_cmd)
+        cmd.exit_status == 0 ? true : false
+      else
+        return skip_resource 'The `file` resource does not support `by_user` on your OS.'
+      end
+    end
+  end
+end