RubyGems - inspec - Versions diffs - 0.9.0 - Mend

inspec 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (247) hide show

checksums.yaml +7 -0
data/.gitignore +8 -0
data/.rubocop.yml +65 -0
data/.travis.yml +23 -0
data/CHANGELOG.md +38 -0
data/Gemfile +33 -0
data/LICENSE +201 -0
data/MAINTAINERS.md +28 -0
data/MAINTAINERS.toml +42 -0
data/README.md +257 -0
data/Rakefile +47 -0
data/bin/inspec +109 -0
data/docs/ctl_inspec.rst +195 -0
data/docs/dsl_inspec.rst +182 -0
data/docs/readme.rst +100 -0
data/docs/resources.rst +4319 -0
data/docs/template.rst +51 -0
data/examples/test-kitchen/.kitchen.yml +20 -0
data/examples/test-kitchen/Berksfile +3 -0
data/examples/test-kitchen/Gemfile +21 -0
data/examples/test-kitchen/README.md +27 -0
data/examples/test-kitchen/metadata.rb +7 -0
data/examples/test-kitchen/recipes/default.rb +6 -0
data/examples/test-kitchen/recipes/nginx.rb +30 -0
data/examples/test-kitchen/test/integration/default/web_spec.rb +28 -0
data/inspec.gemspec +30 -0
data/lib/inspec.rb +20 -0
data/lib/inspec/backend.rb +42 -0
data/lib/inspec/dsl.rb +151 -0
data/lib/inspec/log.rb +34 -0
data/lib/inspec/metadata.rb +79 -0
data/lib/inspec/plugins.rb +9 -0
data/lib/inspec/plugins/resource.rb +62 -0
data/lib/inspec/profile.rb +138 -0
data/lib/inspec/profile_context.rb +170 -0
data/lib/inspec/resource.rb +76 -0
data/lib/inspec/rspec_json_formatter.rb +27 -0
data/lib/inspec/rule.rb +170 -0
data/lib/inspec/runner.rb +154 -0
data/lib/inspec/shell.rb +66 -0
data/lib/inspec/targets.rb +9 -0
data/lib/inspec/targets/core.rb +27 -0
data/lib/inspec/targets/dir.rb +67 -0
data/lib/inspec/targets/file.rb +29 -0
data/lib/inspec/targets/folder.rb +43 -0
data/lib/inspec/targets/tar.rb +34 -0
data/lib/inspec/targets/url.rb +39 -0
data/lib/inspec/targets/zip.rb +47 -0
data/lib/inspec/version.rb +7 -0
data/lib/matchers/matchers.rb +221 -0
data/lib/resources/apache.rb +29 -0
data/lib/resources/apache_conf.rb +113 -0
data/lib/resources/apt.rb +140 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd_conf.rb +56 -0
data/lib/resources/auditd_rules.rb +53 -0
data/lib/resources/bond.rb +65 -0
data/lib/resources/bridge.rb +114 -0
data/lib/resources/command.rb +57 -0
data/lib/resources/csv.rb +32 -0
data/lib/resources/directory.rb +15 -0
data/lib/resources/etc_group.rb +150 -0
data/lib/resources/file.rb +110 -0
data/lib/resources/gem.rb +46 -0
data/lib/resources/group.rb +132 -0
data/lib/resources/host.rb +143 -0
data/lib/resources/inetd_conf.rb +56 -0
data/lib/resources/interface.rb +127 -0
data/lib/resources/iptables.rb +65 -0
data/lib/resources/json.rb +64 -0
data/lib/resources/kernel_module.rb +40 -0
data/lib/resources/kernel_parameter.rb +55 -0
data/lib/resources/limits_conf.rb +55 -0
data/lib/resources/login_def.rb +60 -0
data/lib/resources/mysql.rb +81 -0
data/lib/resources/mysql_conf.rb +116 -0
data/lib/resources/mysql_session.rb +52 -0
data/lib/resources/npm.rb +44 -0
data/lib/resources/ntp_conf.rb +58 -0
data/lib/resources/oneget.rb +63 -0
data/lib/resources/os.rb +22 -0
data/lib/resources/os_env.rb +34 -0
data/lib/resources/package.rb +169 -0
data/lib/resources/parse_config.rb +75 -0
data/lib/resources/passwd.rb +93 -0
data/lib/resources/pip.rb +75 -0
data/lib/resources/port.rb +296 -0
data/lib/resources/postgres.rb +37 -0
data/lib/resources/postgres_conf.rb +87 -0
data/lib/resources/postgres_session.rb +59 -0
data/lib/resources/processes.rb +57 -0
data/lib/resources/registry_key.rb +54 -0
data/lib/resources/script.rb +34 -0
data/lib/resources/security_policy.rb +73 -0
data/lib/resources/service.rb +379 -0
data/lib/resources/ssh_conf.rb +75 -0
data/lib/resources/user.rb +374 -0
data/lib/resources/windows_feature.rb +77 -0
data/lib/resources/yaml.rb +23 -0
data/lib/resources/yum.rb +154 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/detect.rb +15 -0
data/lib/utils/find_files.rb +36 -0
data/lib/utils/hash.rb +13 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/parser.rb +61 -0
data/lib/utils/simpleconfig.rb +115 -0
data/tasks/maintainers.rb +213 -0
data/test/docker_run.rb +156 -0
data/test/docker_test.rb +51 -0
data/test/helper.rb +200 -0
data/test/integration/.kitchen.yml +42 -0
data/test/integration/Berksfile +4 -0
data/test/integration/cookbooks/os_prepare/metadata.rb +8 -0
data/test/integration/cookbooks/os_prepare/recipes/apt.rb +20 -0
data/test/integration/cookbooks/os_prepare/recipes/default.rb +9 -0
data/test/integration/cookbooks/os_prepare/recipes/file.rb +21 -0
data/test/integration/cookbooks/os_prepare/recipes/package.rb +26 -0
data/test/integration/default/_debug_spec.rb +1 -0
data/test/integration/default/apt_spec.rb +42 -0
data/test/integration/default/file_spec.rb +109 -0
data/test/integration/default/group_spec.rb +32 -0
data/test/integration/default/kernel_module_spec.rb +17 -0
data/test/integration/default/kernel_parameter_spec.rb +56 -0
data/test/integration/default/package_spec.rb +11 -0
data/test/integration/default/service_spec.rb +28 -0
data/test/integration/default/user_spec.rb +44 -0
data/test/resource/command_test.rb +33 -0
data/test/resource/dsl_test.rb +45 -0
data/test/resource/file_test.rb +130 -0
data/test/resource/ssh_config.rb +9 -0
data/test/resource/sshd_config.rb +9 -0
data/test/test-extra.yaml +11 -0
data/test/test.yaml +11 -0
data/test/unit/mock/cmd/Get-NetAdapter +24 -0
data/test/unit/mock/cmd/GetUserAccount +33 -0
data/test/unit/mock/cmd/GetWin32Group +23 -0
data/test/unit/mock/cmd/PATH +1 -0
data/test/unit/mock/cmd/Resolve-DnsName +26 -0
data/test/unit/mock/cmd/Test-NetConnection +4 -0
data/test/unit/mock/cmd/auditctl +7 -0
data/test/unit/mock/cmd/auditpol +2 -0
data/test/unit/mock/cmd/brew-info-jq +1 -0
data/test/unit/mock/cmd/chage-l-root +7 -0
data/test/unit/mock/cmd/dpkg-s-curl +21 -0
data/test/unit/mock/cmd/dscl +5 -0
data/test/unit/mock/cmd/etc-apt +7 -0
data/test/unit/mock/cmd/find-etc-rc-d-name-S +12 -0
data/test/unit/mock/cmd/find-net-interface +9 -0
data/test/unit/mock/cmd/gem-list-local-a-q-rubocop +1 -0
data/test/unit/mock/cmd/get-net-tcpconnection +24 -0
data/test/unit/mock/cmd/get-netadapter-binding-bridge +4 -0
data/test/unit/mock/cmd/get-package-firefox +30 -0
data/test/unit/mock/cmd/get-package-ruby +18 -0
data/test/unit/mock/cmd/get-service-dhcp +10 -0
data/test/unit/mock/cmd/get-windows-feature +7 -0
data/test/unit/mock/cmd/getent-hosts-example.com +1 -0
data/test/unit/mock/cmd/getent-passwd-root +1 -0
data/test/unit/mock/cmd/id-chartmann +1 -0
data/test/unit/mock/cmd/id-root +1 -0
data/test/unit/mock/cmd/initctl-show-config-ssh +3 -0
data/test/unit/mock/cmd/initctl-status-ssh +1 -0
data/test/unit/mock/cmd/iptables-s +6 -0
data/test/unit/mock/cmd/launchctl-list +3 -0
data/test/unit/mock/cmd/ls-1-etc-init.d +2 -0
data/test/unit/mock/cmd/ls-sys-class-net-br +2 -0
data/test/unit/mock/cmd/lsmod +2 -0
data/test/unit/mock/cmd/lsof-np-itcp +4 -0
data/test/unit/mock/cmd/netstat-tulpen +5 -0
data/test/unit/mock/cmd/npm-ls-g--json-bower +9 -0
data/test/unit/mock/cmd/pacman-qi-curl +21 -0
data/test/unit/mock/cmd/ping-example.com +6 -0
data/test/unit/mock/cmd/pip-show-jinja2 +11 -0
data/test/unit/mock/cmd/ps-aux +3 -0
data/test/unit/mock/cmd/pw-usershow-root-7 +1 -0
data/test/unit/mock/cmd/reg_schedule +1 -0
data/test/unit/mock/cmd/rpm-qia-curl +24 -0
data/test/unit/mock/cmd/sbin_sysctl +1 -0
data/test/unit/mock/cmd/secedit-export +7 -0
data/test/unit/mock/cmd/service-e +2 -0
data/test/unit/mock/cmd/service-sendmail-onestatus +3 -0
data/test/unit/mock/cmd/service-sshd-status +1 -0
data/test/unit/mock/cmd/sockstat +5 -0
data/test/unit/mock/cmd/success +0 -0
data/test/unit/mock/cmd/systemctl-show-all-sshd +6 -0
data/test/unit/mock/cmd/win32_product +8 -0
data/test/unit/mock/cmd/yum-repolist-all +52 -0
data/test/unit/mock/files/auditd.conf +4 -0
data/test/unit/mock/files/bond0 +37 -0
data/test/unit/mock/files/etcgroup +3 -0
data/test/unit/mock/files/example.csv +6 -0
data/test/unit/mock/files/inetd.conf +2 -0
data/test/unit/mock/files/kitchen.yml +7 -0
data/test/unit/mock/files/limits.conf +5 -0
data/test/unit/mock/files/login.defs +5 -0
data/test/unit/mock/files/mysql.conf +8 -0
data/test/unit/mock/files/mysql2.conf +2 -0
data/test/unit/mock/files/ntp.conf +5 -0
data/test/unit/mock/files/passwd +2 -0
data/test/unit/mock/files/policyfile.lock.json +12 -0
data/test/unit/mock/files/ssh_config +5 -0
data/test/unit/mock/files/sshd_config +7 -0
data/test/unit/mock/profiles/empty/metadata.rb +0 -0
data/test/unit/mock/profiles/metadata/metadata.rb +1 -0
data/test/unit/profile_context_test.rb +140 -0
data/test/unit/profile_test.rb +49 -0
data/test/unit/resources/apt_test.rb +46 -0
data/test/unit/resources/audit_policy_test.rb +13 -0
data/test/unit/resources/auditd_conf_test.rb +15 -0
data/test/unit/resources/auditd_rules_test.rb +21 -0
data/test/unit/resources/bond_test.rb +24 -0
data/test/unit/resources/bridge_test.rb +56 -0
data/test/unit/resources/csv_test.rb +35 -0
data/test/unit/resources/etc_group_test.rb +37 -0
data/test/unit/resources/gem_test.rb +20 -0
data/test/unit/resources/group_test.rb +96 -0
data/test/unit/resources/host_test.rb +38 -0
data/test/unit/resources/inetd_conf_test.rb +15 -0
data/test/unit/resources/interface_test.rb +54 -0
data/test/unit/resources/iptables_test.rb +30 -0
data/test/unit/resources/json_test.rb +36 -0
data/test/unit/resources/kernel_module_test.rb +23 -0
data/test/unit/resources/kernel_parameter_test.rb +13 -0
data/test/unit/resources/limits_conf_test.rb +14 -0
data/test/unit/resources/login_def_test.rb +16 -0
data/test/unit/resources/mysql_conf_test.rb +14 -0
data/test/unit/resources/npm_test.rb +20 -0
data/test/unit/resources/ntp_conf_test.rb +16 -0
data/test/unit/resources/oneget_test.rb +45 -0
data/test/unit/resources/os_env_test.rb +13 -0
data/test/unit/resources/package_test.rb +51 -0
data/test/unit/resources/passwd_test.rb +24 -0
data/test/unit/resources/pip_test.rb +15 -0
data/test/unit/resources/port_test.rb +46 -0
data/test/unit/resources/processes_test.rb +32 -0
data/test/unit/resources/registry_key_test.rb +19 -0
data/test/unit/resources/script_test.rb +19 -0
data/test/unit/resources/security_policy_test.rb +16 -0
data/test/unit/resources/service_test.rb +116 -0
data/test/unit/resources/ssh_conf_test.rb +33 -0
data/test/unit/resources/user_test.rb +93 -0
data/test/unit/resources/windows_feature.rb +17 -0
data/test/unit/resources/yaml_test.rb +34 -0
data/test/unit/resources/yum_test.rb +68 -0
data/test/unit/simpleconfig_test.rb +80 -0
data/test/unit/utils/content_parser_test.rb +30 -0
metadata +555 -0

data/lib/resources/bond.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+require 'resources/file'
+# Usage:
+# describe bond('bond0') do
+#   it { should exist }
+#   it { should have_interface 'eth0' }
+# end
+module Inspec::Resources
+  class Bond < File
+    name 'bond'
+    def initialize(bond)
+      @bond = bond
+      @path = "/proc/net/bonding/#{bond}"
+      @file = inspec.file(@path)
+      @content = nil
+      @params = {}
+      @loaded = false
+    end
+    def read_content
+      # parse the file
+      @content = @file.content
+      @params = SimpleConfig.new(
+        @file.content,
+        assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+        multiple_values: true,
+      ).params if @file.exist?
+      @loaded = true
+      @content
+    end
+    # ensures the content is loaded before we return the params
+    def params
+      read_content if @loaded == false
+      @params
+    end
+    def content
+      read_content if @loaded == false
+      @content
+    end
+    def exist?
+      @file.exist?
+    end
+    def has_interface?(interface)
+      params['Slave Interface'].include?(interface)
+    end
+    def interfaces
+      params['Slave Interface']
+    end
+    def to_s
+      "Bond #{@bond}"
+    end
+  end
+end

data/lib/resources/bridge.rb ADDED Viewed

@@ -0,0 +1,114 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# Usage:
+# describe bridge('br0') do
+#   it { should exist }
+#   it { should have_interface 'eth0' }
+# end
+class Bridge < Inspec.resource(1)
+  name 'bridge'
+  def initialize(bridge_name)
+    @bridge_name = bridge_name
+    @bridge_provider = nil
+    if inspec.os.linux?
+      @bridge_provider = LinuxBridge.new(inspec)
+    elsif inspec.os.windows?
+      @bridge_provider = WindowsBridge.new(inspec)
+    else
+      return skip_resource 'The `bridge` resource is not supported on your OS yet.'
+    end
+  end
+  def exists?
+    !bridge_info.nil? && !bridge_info[:name].nil?
+  end
+  def has_interface?(interface)
+    return skip_resource 'The `bridge` resource does not provide interface detection for Windows yet' if inspec.os.windows?
+    bridge_info.nil? ? false : bridge_info[:interfaces].include?(interface)
+  end
+  def interfaces
+    bridge_info.nil? ? nil : bridge_info[:interfaces]
+  end
+  def to_s
+    "Bridge #{@bridge_name}"
+  end
+  private
+  def bridge_info
+    return @cache if defined?(@cache)
+    @cache = @bridge_provider.bridge_info(@bridge_name) if !@bridge_provider.nil?
+  end
+end
+class BridgeDetection
+  attr_reader :inspec
+  def initialize(inspec)
+    @inspec = inspec
+  end
+end
+# Linux Bridge
+# If /sys/class/net/{interface}/bridge exists then it must be a bridge
+# /sys/class/net/{interface}/brif contains the network interfaces
+# @see http://www.tldp.org/HOWTO/BRIDGE-STP-HOWTO/set-up-the-bridge.html
+# @see http://unix.stackexchange.com/questions/40560/how-to-know-if-a-network-interface-is-tap-tun-bridge-or-physical
+class LinuxBridge < BridgeDetection
+  def bridge_info(bridge_name)
+    # read bridge information
+    bridge = inspec.file("/sys/class/net/#{bridge_name}/bridge").directory?
+    return nil unless bridge
+    # load interface names
+    interfaces = inspec.command("ls -1 /sys/class/net/#{bridge_name}/brif/")
+    interfaces = interfaces.stdout.chomp.split("\n")
+    {
+      name: bridge_name,
+      interfaces: interfaces,
+    }
+  end
+end
+# Windows Bridge
+# select netadapter by adapter binding for windows
+# Get-NetAdapterBinding -ComponentID ms_bridge | Get-NetAdapter
+# @see https://technet.microsoft.com/en-us/library/jj130921(v=wps.630).aspx
+# RegKeys: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
+class WindowsBridge < BridgeDetection
+  def bridge_info(bridge_name)
+    # find all bridge adapters
+    cmd = inspec.command('Get-NetAdapterBinding -ComponentID ms_bridge | Get-NetAdapter | Select-Object -Property Name, InterfaceDescription | ConvertTo-Json')
+    # filter network interface
+    begin
+      bridges = JSON.parse(cmd.stdout)
+    rescue JSON::ParserError => _e
+      return nil
+    end
+    # ensure we have an array of groups
+    bridges = [bridges] if !bridges.is_a?(Array)
+    # select the requested interface
+    bridges = bridges.each_with_object([]) do |adapter, adapter_collection|
+      # map object
+      info = {
+        name: adapter['Name'],
+        interfaces: nil,
+      }
+      adapter_collection.push(info) if info[:name].casecmp(bridge_name) == 0
+    end
+    return nil if bridges.size == 0
+    warn "[Possible Error] detected multiple bridges interfaces with the name #{bridge_name}" if bridges.size > 1
+    bridges[0]
+  end
+end

data/lib/resources/command.rb ADDED Viewed

@@ -0,0 +1,57 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Dominik Richter
+# author: Christoph Hartmann
+# license: All rights reserved
+# Usage:
+# describe command('ls -al /') do
+#   it { should exist }
+#   its(:stdout) { should match /bin/ }
+#   its(:stderr) { should match /No such file or directory/ }
+#   its(:exit_status) { should eq 0 }
+# end
+class Cmd < Inspec.resource(1)
+  name 'command'
+  def initialize(cmd)
+    @command = cmd
+  end
+  def result
+    @result ||= inspec.backend.run_command(@command)
+  end
+  def stdout
+    result.stdout
+  end
+  def stderr
+    result.stderr
+  end
+  def exit_status
+    result.exit_status.to_i
+  end
+  def exist?
+    if inspec.os.linux?
+      res = inspec.backend.run_command("bash -c 'type \"#{@command}\"'")
+    elsif inspec.os.windows?
+      res = inspec.backend.run_command("where.exe \"#{@command}\"")
+    elsif inspec.os.unix?
+      res = inspec.backend.run_command("type \"#{@command}\"")
+    elsif inspec.os[:family].to_s == 'unknown'
+      # silent for mock resources
+      return false
+    else
+      warn "`command(#{@command}).exist?` is not suported on you OS: #{inspec.os[:family]}"
+      return false
+    end
+    res.exit_status.to_i == 0
+  end
+  def to_s
+    "Command #{@command}"
+  end
+end

data/lib/resources/csv.rb ADDED Viewed

@@ -0,0 +1,32 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# Parses a csv document
+# Usage:
+# describe csv('example.csv') do
+#   its('name') { should eq(['John', 'Alice']) }
+# end
+#
+# This implementation was inspired by a blog post
+# @see http://technicalpickles.com/posts/parsing-csv-with-ruby
+class CsvConfig < JsonConfig
+  name 'csv'
+  # override file load and parse hash from csv
+  def parse(content)
+    require 'csv'
+    # convert empty field to nil
+    CSV::Converters[:blank_to_nil] = lambda do |field|
+      field && field.empty? ? nil : field
+    end
+    # implicit conversion of values
+    csv = CSV.new(content, headers: true, converters: [:all, :blank_to_nil])
+    # convert to hash
+    csv.to_a.map(&:to_hash)
+  end
+  def to_s
+    "Csv #{@path}"
+  end
+end

data/lib/resources/directory.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'resources/file'
+module Inspec::Resources
+  class Directory < File
+    name 'directory'
+  end
+  def to_s
+    "Directory #{@path}"
+  end
+end

data/lib/resources/etc_group.rb ADDED Viewed

@@ -0,0 +1,150 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Christoph Hartmann
+# author: Dominik Richter
+# license: All rights reserved
+# The file format consists of
+# - group name
+# - password - group's encrypted password
+# - gid - group's decimal ID
+# - member list - group members, comma seperated list
+#
+# Usage:
+# describe etc_group do
+#   its('gids') { should_not contain_duplicates }
+#   its('groups') { should include 'my_user' }
+#   its('users') { should include 'my_user' }
+# end
+#
+# describe etc_group.where(name: 'my_group') do
+#   its('users') { should include 'my_user' }
+# end
+require 'utils/convert'
+require 'utils/parser'
+class EtcGroup < Inspec.resource(1)
+  include Converter
+  include ContentParser
+  name 'etc_group'
+  attr_accessor :gid, :entries
+  def initialize(path = nil)
+    @path = path || '/etc/group'
+    @entries = parse_group(@path)
+    # skip resource if it is not supported on current OS
+    return skip_resource 'The `etc_group` resource is not supported on your OS.' \
+    unless %w{ubuntu debian redhat fedora arch darwin freebsd}.include?(inspec.os[:family])
+  end
+  def groups(filter = nil)
+    entries = filter || @entries
+    entries.map { |x| x['name'] } if !entries.nil?
+  end
+  def gids(filter = nil)
+    entries = filter || @entries
+    entries.map { |x| x['gid'] } if !entries.nil?
+  end
+  def users(filter = nil)
+    entries = filter || @entries
+    return nil if entries.nil?
+    # filter the user entry
+    res = entries.map { |x|
+      x['members'].split(',') if !x.nil? && !x['members'].nil?
+    }.flatten
+    # filter nil elements
+    res.reject { |x| x.nil? || x.empty? }
+  end
+  def where(conditions = {})
+    return if conditions.empty?
+    fields = {
+      name: 'name',
+      group_name: 'name',
+      password: 'password',
+      gid: 'gid',
+      group_id: 'gid',
+      users: 'members',
+      members: 'members',
+    }
+    res = entries
+    conditions.each do |k, v|
+      idx = fields[k.to_sym]
+      next if idx.nil?
+      res = res.select { |x| x[idx] == v.to_s }
+    end
+    EtcGroupView.new(self, res)
+  end
+  def to_s
+    '/etc/group'
+  end
+  private
+  def parse_group(path)
+    @content = inspec.file(path).content
+    if @content.nil?
+      skip_resource "Can't access group file in #{path}"
+      return []
+    end
+    # iterate over each line and filter comments
+    @content.split("\n").each_with_object([]) do |line, lines|
+      grp_info = parse_group_line(line)
+      lines.push(grp_info) if !grp_info.nil? && grp_info.size > 0
+    end
+  end
+  def parse_group_line(line)
+    opts = {
+      comment_char: '#',
+      standalone_comments: false,
+    }
+    line, _idx_nl = parse_comment_line(line, opts)
+    x = line.split(':')
+    # abort if we have an empty or comment line
+    return nil if x.size == 0
+    # map data
+    {
+      'name' => x.at(0), # Name of the group.
+      'password' => x.at(1), # Group's encrypted password.
+      'gid' => convert_to_i(x.at(2)), # The group's decimal ID.
+      'members' => x.at(3), # Group members.
+    }
+  end
+end
+# object that hold a specifc view on etc group
+class EtcGroupView
+  def initialize(parent, filter)
+    @parent = parent
+    @filter = filter
+  end
+  # returns the group object
+  def entries
+    @filter
+  end
+  # only returns group name
+  def groups
+    @parent.groups(@filter)
+  end
+  # only return gids
+  def gids
+    @parent.gids(@filter)
+  end
+  # only returns users
+  def users
+    @parent.users(@filter)
+  end
+end

data/lib/resources/file.rb ADDED Viewed

@@ -0,0 +1,110 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Dominik Richter
+# author: Christoph Hartmann
+# license: All rights reserved
+module Inspec::Resources
+  class File < Inspec.resource(1)
+    name 'file'
+    attr_reader :path
+    def initialize(path)
+      @path = path
+      @file = inspec.backend.file(@path)
+    end
+    %w{
+      type exist? file? block_device? character_device? socket? directory?
+      symlink? pipe? mode mode? owner owned_by? group grouped_into? link_target
+      link_path linked_to? content mtime size selinux_label mounted? immutable?
+      product_version file_version version? md5sum sha256sum
+    }.each do |m|
+      define_method m.to_sym do |*args|
+        @file.method(m.to_sym).call(*args)
+      end
+    end
+    def contain(*_)
+      fail 'Contain is not supported. Please use standard RSpec matchers.'
+    end
+    def readable?(by_owner, by_user)
+      if inspec.os.unix?
+        by_owner, by_user = check_preconditions(by_owner, by_user)
+        if by_user.nil?
+          m = @file.unix_mode_mask(by_owner, 'r') ||
+              fail("#{by_owner} is not a valid unix owner.")
+          (@file.mode & m) != 0
+        else
+          check_user_access(by_user, @path, 'r')
+        end
+      else
+        fail "`file(#{@path}).executable?` is not suported on you OS: #{inspec.os['family']}"
+      end
+    end
+    def writable?(by_owner, by_user)
+      if inspec.os.unix?
+        by_owner, by_user = check_preconditions(by_owner, by_user)
+        if by_user.nil?
+          m = @file.unix_mode_mask(by_owner, 'w') ||
+              fail("#{by_owner} is not a valid unix owner.")
+          (@file.mode & m) != 0
+        else
+          check_user_access(by_user, @path, 'w')
+        end
+      else
+        fail "`file(#{@path}).executable?` is not suported on you OS: #{inspec.os['family']}"
+      end
+    end
+    def executable?(by_owner, by_user)
+      if inspec.os.unix?
+        by_owner, by_user = check_preconditions(by_owner, by_user)
+        if by_user.nil?
+          m = @file.unix_mode_mask(by_owner, 'x') ||
+              fail("#{by_owner} is not a valid unix owner.")
+          return (@file.mode & m) != 0
+        else
+          return check_user_access(by_user, @path, 'x')
+        end
+      else
+        fail "`file(#{@path}).executable?` is not suported on you OS: #{inspec.os['family']}"
+      end
+    end
+    def to_s
+      "File #{@path}"
+    end
+    private
+    def check_preconditions(by_owner, by_user)
+      by_owner = 'other' if by_owner == 'others'
+      by_owner = 'all' if (by_owner.nil? || by_owner.empty?) && (by_user.nil?)
+      [by_owner, by_user]
+    end
+    # check permissions on linux
+    def check_user_access(user, file, flag)
+      if inspec.os.linux? == true
+        # use sh on linux
+        perm_cmd = "su -s /bin/sh -c \"test -#{flag} #{file}\" #{user}"
+      elsif inspec.os[:family] == 'freebsd'
+        # use sudo on freebsd
+        perm_cmd = "sudo -u #{user} test -#{flag} #{file}"
+      end
+      if !perm_cmd.nil?
+        cmd = inspec.command(perm_cmd)
+        cmd.exit_status == 0 ? true : false
+      else
+        return skip_resource 'The `file` resource does not support `by_user` on your OS.'
+      end
+    end
+  end
+end