inspec 0.9.11 → 0.10.1

data/lib/inspec/plugins/cli.rb

@@ -0,0 +1,24 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+module Inspec
+  module Plugins
+    # stores all CLI plugin, we expect those to the `Thor` subclasses
+    class CLI
+      def self.registry
+        @registry ||= {}
+      end
+
+      def self.register(klass, subcommand_name, usage, description, options = {})
+        registry[subcommand_name] = {
+          klass: klass,
+          subcommand_name: subcommand_name,
+          usage: usage,
+          description: description,
+          options: options,
+        }
+      end
+    end
+  end
+end

data/lib/inspec/profile.rb

@@ -19,29 +19,33 @@ module Inspec
     attr_reader :path
     attr_reader :metadata
 
+    # rubocop:disable Metrics/AbcSize
     def initialize(options = nil)
       @options = options || {}
-
-      @params = {}
       @logger = options[:logger] || Logger.new(nil)
-
       @path = @options[:path]
-      fail 'Cannot read an empty path.' if @path.nil? || @path.empty?
-      fail "Cannot find directory #{@path}" unless File.directory?(@path)
-
-      @metadata = read_metadata
-      @params = @metadata.params
-      # use the id from parameter, name or fallback to nil
-      @profile_id = options[:id] || params[:name] || nil
-      @params[:name] = @profile_id
+      @profile_id = options[:id]
 
-      @params[:rules] = rules = {}
       @runner = Runner.new(
         id: @profile_id,
         backend: :mock,
         test_collector: @options.delete(:test_collector),
       )
-      @runner.add_tests([@path], @options)
+
+      # we're checking a profile, we don't care if it runs on the host machine
+      @options[:ignore_supports] = true
+      tests, libs, metadata = @runner.add_tests([@path], @options)
+      @content = tests + libs + metadata
+
+      # NB if you want to check more than one profile, use one
+      # Inspec::Profile#from_file per profile
+      @metadata_source = metadata.first
+      @metadata = Metadata.from_ref(@metadata_source[:ref], @metadata_source[:content], @profile_id, @logger)
+      @params = @metadata.params
+      @profile_id ||= params[:name]
+      @params[:name] = @profile_id
+      @params[:rules] = rules = {}
+
       @runner.rules.each do |id, rule|
         file = rule.instance_variable_get(:@__file)
         rules[file] ||= {}
@@ -51,6 +55,7 @@ module Inspec
           impact: rule.impact,
           checks: rule.instance_variable_get(:@checks),
           code: rule.instance_variable_get(:@__code),
+          source_location: rule.instance_variable_get(:@__source_location),
           group_title: rule.instance_variable_get(:@__group_title),
         }
       end
@@ -84,55 +89,91 @@ module Inspec
     # used to print information on errors and warnings which are found.
     #
     # @return [Boolean] true if no errors were found, false otherwise
-    def check # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
-      no_errors = true
-      no_warnings = true
-      warn = lambda { |msg|
+    def check # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/MethodLength
+      # initial values for response object
+      result = {
+        summary: {
+          valid: false,
+          timestamp: Time.now.iso8601,
+          location: @path,
+          profile: nil,
+          controls: 0,
+        },
+        errors: [],
+        warnings: [],
+      }
+
+      entry = lambda { |file, line, column, control, msg|
+        {
+          file: file,
+          line: line,
+          column: column,
+          control_id: control,
+          msg: msg,
+        }
+      }
+
+      warn = lambda { |file, line, column, control, msg|
         @logger.warn(msg)
-        no_warnings = false
+        result[:warnings].push(entry.call(file, line, column, control, msg))
       }
-      error = lambda { |msg|
+
+      error = lambda { |file, line, column, control, msg|
         @logger.error(msg)
-        no_warnings = no_errors = false
+        result[:errors].push(entry.call(file, line, column, control, msg))
       }
 
       @logger.info "Checking profile in #{@path}"
 
-      if Pathname.new(path).join('metadata.rb').exist?
-        warn.call('The use of `metadata.rb` is deprecated. Use `inspec.yml`.')
+      if @content.any? { |h| h[:type] == :metadata && h[:ref] =~ /metadata\.rb$/ }
+        warn.call(Pathname.new(path).join('metadata.rb'), 0, 0, nil, 'The use of `metadata.rb` is deprecated. Use `inspec.yml`.')
       end
 
-      @logger.info 'Metadata OK.' if @metadata.valid?
+      # verify metadata
+      m_errors, m_warnings = @metadata.valid
+      m_errors.each { |msg| error.call(@metadata_source[:ref], 0, 0, nil, msg) }
+      m_warnings.each { |msg| warn.call(@metadata_source[:ref], 0, 0, nil, msg) }
+      m_unsupported = @metadata.unsupported
+      m_unsupported.each { |u| warn.call(@metadata_source[:ref], 0, 0, nil, "doesn't support: #{u}") }
+      @logger.info 'Metadata OK.' if m_errors.empty? && m_unsupported.empty?
+
+      # extract profile name
+      result[:summary][:profile] = @metadata.params[:name]
 
       # check if the profile is using the old test directory instead of the
       # new controls directory
-      if Pathname.new(path).join('test').exist? && !Pathname.new(path).join('controls').exist?
-        warn.call('Profile uses deprecated `test` directory, rename it to `controls`.')
+      if @content.any? { |h| h[:type] == :test && h[:ref] =~ %r{test/[^/]+$} }
+        warn.call(Pathname.new(path).join('test'), 0, 0, nil, 'Profile uses deprecated `test` directory, rename it to `controls`.')
       end
 
       count = rules_count
+      result[:summary][:controls] = count
       if count == 0
-        warn.call('No controls or tests were defined.')
+        warn.call(nil, nil, nil, nil, 'No controls or tests were defined.')
       else
-        @logger.info("Found #{count} rules.")
+        @logger.info("Found #{count} controls.")
       end
 
       # iterate over hash of groups
-      @params[:rules].each do |group, rules_array|
-        @logger.debug "Verify all rules in  #{group}"
-        rules_array.each do |id, rule|
-          error.call('Avoid rules with empty IDs') if id.nil? or id.empty?
+      @params[:rules].each { |group, controls|
+        @logger.info "Verify all controls in #{group}"
+        controls.each { |id, control|
+          sfile, sline = control[:source_location]
+          error.call(sfile, sline, nil, id, 'Avoid controls with empty IDs') if id.nil? or id.empty?
           next if id.start_with? '(generated '
-          warn.call("Rule #{id} has no title") if rule[:title].to_s.empty?
-          warn.call("Rule #{id} has no description") if rule[:desc].to_s.empty?
-          warn.call("Rule #{id} has impact > 1.0") if rule[:impact].to_f > 1.0
-          warn.call("Rule #{id} has impact < 0.0") if rule[:impact].to_f < 0.0
-          warn.call("Rule #{id} has no tests defined") if rule[:checks].nil? or rule[:checks].empty?
-        end
-      end
+          warn.call(sfile, sline, nil, id, "Control #{id} has no title") if control[:title].to_s.empty?
+          warn.call(sfile, sline, nil, id, "Control #{id} has no description") if control[:desc].to_s.empty?
+          warn.call(sfile, sline, nil, id, "Control #{id} has impact > 1.0") if control[:impact].to_f > 1.0
+          warn.call(sfile, sline, nil, id, "Control #{id} has impact < 0.0") if control[:impact].to_f < 0.0
+          warn.call(sfile, sline, nil, id, "Control #{id} has no tests defined") if control[:checks].nil? or control[:checks].empty?
+        }
+      }
 
-      @logger.info 'Rule definitions OK.' if no_warnings
-      no_errors
+      # profile is valid if we could not find any error
+      result[:summary][:valid] = result[:errors].empty?
+
+      @logger.info 'Control definitions OK.' if result[:warnings].empty?
+      result
     end
 
     def rules_count
@@ -140,19 +181,18 @@ module Inspec
     end
 
     # generates a archive of a folder profile
+    # assumes that the profile was checked before
     def archive(opts) # rubocop:disable Metrics/AbcSize
-      check_result = check
-
-      if check_result && !opts.ignore_errors == false
-        @logger.info 'Profile check failed. Please fix the profile before generating an archive.'
-        return false
-      end
-
       profile_name = @params[:name]
 
       ext = opts[:zip] ? 'zip' : 'tar.gz'
-      slug = profile_name.downcase.strip.tr(' ', '-').gsub(/[^\w-]/, '_')
-      archive = Pathname.new(File.dirname(__FILE__)).join('../..', "#{slug}.#{ext}")
+
+      if opts[:archive]
+        archive = Pathname.new(opts[:archive])
+      else
+        slug = profile_name.downcase.strip.tr(' ', '-').gsub(/[^\w-]/, '_')
+        archive = Pathname.new(File.dirname(__FILE__)).join('../..', "#{slug}.#{ext}")
+      end
 
       # check if file exists otherwise overwrite the archive
       if archive.exist? && !opts[:overwrite]
@@ -163,7 +203,7 @@ module Inspec
       # remove existing archive
       File.delete(archive) if archive.exist?
 
-      @logger.info "Profile check finished. Generate archive #{archive}."
+      @logger.info "Generate archive #{archive}."
 
       # find all files
       files = Dir.glob("#{path}/**/*")
@@ -195,16 +235,5 @@ module Inspec
       @logger.info 'Finished archive generation.'
       true
     end
-
-    private
-
-    def read_metadata
-      mpath = Pathname.new(path).join('inspec.yml')
-
-      # fallback to metadata.rb if inspec.yml does not exist
-      # TODO deprecated, will be removed in InSpec 1.0
-      mpath = File.join(@path, 'metadata.rb') if !mpath.exist?
-      Metadata.from_file(mpath, @profile_id, @logger)
-    end
   end
 end

data/lib/inspec/rule.rb

@@ -53,6 +53,7 @@ module Inspec
       @impact = nil
       @__block = block
       @__code = __get_block_source(&block)
+      @__source_location = __get_block_source_location(&block)
       @title = nil
       @desc = nil
       # not changeable by the user:
@@ -166,5 +167,13 @@ module Inspec
     rescue MethodSource::SourceNotFoundError
       ''
     end
+
+    # get the source location of the block
+    def __get_block_source_location(&block)
+      return [nil, nil] unless block_given?
+      block.source_location
+    rescue MethodSource::SourceNotFoundError
+      [nil, nil]
+    end
   end
 end

data/lib/inspec/runner.rb

@@ -4,6 +4,7 @@
 # author: Dominik Richter
 # author: Christoph Hartmann
 
+require 'forwardable'
 require 'uri'
 require 'inspec/backend'
 require 'inspec/profile_context'
@@ -13,6 +14,7 @@ require 'inspec/metadata'
 
 module Inspec
   class Runner # rubocop:disable Metrics/ClassLength
+    extend Forwardable
     attr_reader :backend, :rules
     def initialize(conf = {})
       @rules = {}
@@ -64,6 +66,7 @@ module Inspec
 
       tests = items.find_all { |i| i[:type] == :test }
       libs = items.find_all { |i| i[:type] == :library }
+      meta = items.find_all { |i| i[:type] == :metadata }
 
       # Ensure each test directory exists on the $LOAD_PATH. This
       # will ensure traditional RSpec-isms like `require 'spec_helper'`
@@ -80,6 +83,8 @@ module Inspec
       tests.flatten.each do |test|
         add_content(test, libs)
       end
+
+      [tests, libs, meta]
     end
 
     def create_context
@@ -106,9 +111,8 @@ module Inspec
       end
     end
 
-    def run(with = nil)
-      @test_collector.run(with)
-    end
+    def_delegator :@test_collector, :run
+    def_delegator :@test_collector, :report
 
     private
 

data/lib/inspec/runner_rspec.rb

@@ -55,6 +55,11 @@ module Inspec
       with.run_specs(tests)
     end
 
+    def report
+      reporter = RSpec.configuration.formatters.find { |f| f.is_a? Inspec::RSpecReporter }
+      reporter.output_hash
+    end
+
     private
 
     # Empty the list of registered tests.
@@ -71,6 +76,12 @@ module Inspec
     # @return [nil]
     def configure_output
       RSpec.configuration.add_formatter(@conf['format'] || 'progress')
+
+      setup_reporting if @conf['report']
+    end
+
+    def setup_reporting
+      RSpec.configuration.add_formatter(Inspec::RSpecReporter)
     end
 
     # Make sure that all RSpec example groups use the provided ID.
@@ -91,4 +102,12 @@ module Inspec
       end
     end
   end
+
+  class RSpecReporter < RSpec::Core::Formatters::JsonFormatter
+    RSpec::Core::Formatters.register Inspec::RSpecReporter
+
+    def initialize(*)
+      super(StringIO.new)
+    end
+  end
 end

data/lib/inspec/targets/archive.rb

@@ -23,17 +23,21 @@ module Inspec::Targets
         fail "Don't know how to handle folder #{target}"
       end
 
-      # get all test file contents
-      raw_files = helper.get_filenames(files)
-      tests = content(target, raw_files, rootdir, base_folder: target)
-
-      libs = []
-      if helper.respond_to? :get_libraries
-        raw_libs = helper.get_libraries(files)
-        libs = content(target, raw_libs, rootdir, base_folder: target, as: :library)
-      end
+      res = {
+        test:     collect(helper, files, :get_filenames),
+        library:  collect(helper, files, :get_libraries),
+        metadata: collect(helper, files, :get_metadata),
+      }.map { |as, list|
+        content(target, list, rootdir, base_folder: target, as: as)
+      }
+
+      res.flatten
+    end
 
-      libs + tests
+    # FIXME(sr) dedup inspec/targets/folder
+    def collect(helper, files, getter)
+      return [] unless helper.respond_to? getter
+      helper.method(getter).call(files)
     end
   end
 end

data/lib/inspec/targets/tar.rb

@@ -39,9 +39,10 @@ module Inspec::Targets
           elsif entry.file?
             if files.include?(entry.full_name.gsub(rootdir, ''))
               h = {
-                content: entry.read,
+                # NB if some file is empty, return empty-string, not nil
+                content: entry.read || '',
                 type: opts[:as] || :test,
-                # ref: File.join(input, entry.name),
+                ref: entry.full_name,
               }
               content.push(h)
             end

data/lib/inspec/targets/url.rb

@@ -13,6 +13,8 @@ module Inspec::Targets
       uri = URI.parse(target)
       return false if uri.nil? or uri.scheme.nil?
       %{ http https }.include? uri.scheme
+    rescue URI::Error => _e
+      false
     end
 
     def resolve(target, opts = {})
@@ -20,14 +22,13 @@ module Inspec::Targets
       return nil unless target.start_with?('https://', 'http://')
 
       # support for github url
-      m = %r{^https?://(www\.)?github\.com/(?<user>[\w-]+)/(?<repo>[\w-]+)(\.git)?$}.match(target)
+      m = %r{^https?://(www\.)?github\.com/(?<user>[\w-]+)/(?<repo>[\w-]+)(\.git)?(/)?$}.match(target)
       if m
         url = "https://github.com/#{m[:user]}/#{m[:repo]}/archive/master.tar.gz"
       else
         url = target
       end
-
-      resolve_zip(url, opts)
+      resolve_archive(url, opts)
     end
 
     # download url into archive using opts,
@@ -47,7 +48,7 @@ module Inspec::Targets
       [archive, remote.meta['content-type']]
     end
 
-    def resolve_zip(url, opts)
+    def resolve_archive(url, opts)
       archive, content_type = download_archive(url, Tempfile.new(['inspec-dl-', '.tar.gz']), opts)
 
       # replace extension with zip if we detected a zip content type

data/lib/inspec/targets/zip.rb

@@ -18,9 +18,10 @@ module Inspec::Targets
         while (entry = io.get_next_entry)
           next if !files.include?(entry.name.gsub(rootdir, ''))
           h = {
-            content: io.read,
+            # NB if some file is empty, return empty-string, not nil
+            content: io.read || '',
             type: opts[:as] || :test,
-            # ref: File.join(input, entry.name),
+            ref: entry.name,
           }
           content.push(h)
         end

data/lib/inspec/version.rb

@@ -3,5 +3,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '0.9.11'.freeze
+  VERSION = '0.10.1'.freeze
 end