inspec 0.9.6 → 0.9.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2a0409ea39853cce8b89f828d6c639c48c0adfe4
-  data.tar.gz: a424f575ac78ec70775f6d84d577330f278be8fc
+  metadata.gz: 521db4877e62abdfe0b3314d45f1a1510ca6afc0
+  data.tar.gz: 53255bfa015cb24273b887670a09eda05e10f12e
 SHA512:
-  metadata.gz: 4be07873774b1a7b9bb11160c9078d004808aaad09be4c91841cc5af5e4a896d0d3c5f6c83d184fadd88048e26c4611ff26e688bc499149e32b91c66fca27071
-  data.tar.gz: a11ee4ab19c53b5c7f8e3a8d30a1047655ffe62d562a8874818bb29050005e7cb917c7e7d93fd8e396535147530aae450ce24f4f31c36f5c7415c029362c9d83
+  metadata.gz: 7a291a8c658ef86fce86c3aedcea6518edf90a0c0314fd3503449349d3ee590b857b6248281d29d9a8ab77baea7dd84d58f1bffe17eccbc3b61fbc62ef906a62
+  data.tar.gz: 977dafda6c3a71f952ec1a2b043bb6a8cc84482db9a9a501509957444b00de4a676b652e329e7cdc8ff8af5914354e5758ac5ee6fbd30d66105b914bf7ff5e11

data/CHANGELOG.md

@@ -1,7 +1,32 @@
 # Change Log
 
-## [0.9.6](https://github.com/chef/inspec/tree/0.9.6) (2015-12-11)
-[Full Changelog](https://github.com/chef/inspec/compare/v0.9.5...0.9.6)
+## [0.9.7](https://github.com/chef/inspec/tree/0.9.7) (2015-12-21)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.9.6...0.9.7)
+
+**Implemented enhancements:**
+
+- Configuration number comparisons [\#308](https://github.com/chef/inspec/issues/308)
+- Allow for reading options from a file [\#284](https://github.com/chef/inspec/issues/284)
+- file resource mode matcher does not display file permissions correctly on failure [\#230](https://github.com/chef/inspec/issues/230)
+
+**Fixed bugs:**
+
+- remove commandline defaults, they break json config [\#327](https://github.com/chef/inspec/pull/327) ([srenatus](https://github.com/srenatus))
+- Fixing issue with security policy always returning nil [\#321](https://github.com/chef/inspec/pull/321) ([jeremymv2](https://github.com/jeremymv2))
+- reset rspec configuration when initializing Inspec::Runner [\#320](https://github.com/chef/inspec/pull/320) ([srenatus](https://github.com/srenatus))
+- EL package resource improvements: catch missing newlines & add release info [\#248](https://github.com/chef/inspec/pull/248) ([troyready](https://github.com/troyready))
+
+**Closed issues:**
+
+- convert logindef values to integer if possible [\#121](https://github.com/chef/inspec/issues/121)
+
+**Merged pull requests:**
+
+- remove format default for `inspec exec` [\#326](https://github.com/chef/inspec/pull/326) ([srenatus](https://github.com/srenatus))
+- teach `cmp` matcher octal tricks [\#324](https://github.com/chef/inspec/pull/324) ([srenatus](https://github.com/srenatus))
+
+## [v0.9.6](https://github.com/chef/inspec/tree/v0.9.6) (2015-12-11)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.9.5...v0.9.6)
 
 **Implemented enhancements:**
 
@@ -33,6 +58,7 @@
 
 **Merged pull requests:**
 
+- 0.9.6 [\#319](https://github.com/chef/inspec/pull/319) ([arlimus](https://github.com/arlimus))
 - Bugfix: Properly initialize script resource [\#316](https://github.com/chef/inspec/pull/316) ([chris-rock](https://github.com/chris-rock))
 - improve shell prompt and help [\#315](https://github.com/chef/inspec/pull/315) ([chris-rock](https://github.com/chris-rock))
 - port resource: array attributes, resource alternative [\#303](https://github.com/chef/inspec/pull/303) ([srenatus](https://github.com/srenatus))

data/bin/inspec

@@ -14,31 +14,31 @@ class InspecCLI < Thor # rubocop:disable Metrics/ClassLength
     desc: 'Show diagnostics (versions, configurations)'
 
   def self.target_options
-    option :target, aliases: :t, type: :string, default: nil,
+    option :target, aliases: :t, type: :string,
       desc: 'Simple targeting option using URIs, e.g. ssh://user:pass@host:port'
-    option :backend, aliases: :b, type: :string, default: nil,
+    option :backend, aliases: :b, type: :string,
       desc: 'Choose a backend: local, ssh, winrm, docker.'
     option :host, type: :string,
       desc: 'Specify a remote host which is tested.'
     option :port, aliases: :p, type: :numeric,
       desc: 'Specify the login port for a remote scan.'
-    option :user, type: :string, default: nil,
+    option :user, type: :string,
       desc: 'The login user for a remote scan.'
-    option :password, type: :string, default: nil,
+    option :password, type: :string,
       desc: 'Login password for a remote scan, if required.'
-    option :key_files, aliases: :i, type: :array, default: nil,
+    option :key_files, aliases: :i, type: :array,
       desc: 'Login key or certificate file for a remote scan.'
-    option :path, type: :string, default: nil,
+    option :path, type: :string,
       desc: 'Login path to use when connecting to the target (WinRM).'
-    option :sudo, type: :boolean, default: false,
+    option :sudo, type: :boolean,
       desc: 'Run scans with sudo. Only activates on Unix and non-root user.'
-    option :sudo_password, type: :string, default: nil,
+    option :sudo_password, type: :string,
       desc: 'Specify a sudo password, if it is required.'
-    option :sudo_options, type: :string, default: '',
+    option :sudo_options, type: :string,
       desc: 'Additional sudo options for a remote scan.'
-    option :ssl, type: :boolean, default: false,
+    option :ssl, type: :boolean,
       desc: 'Use SSL for transport layer encryption (WinRM).'
-    option :self_signed, type: :boolean, default: false,
+    option :self_signed, type: :boolean,
       desc: 'Allow remote scans with self-signed certificates (WinRM).'
     option :json_config, type: :string,
       desc: 'Read configuration from JSON file (`-` reads from stdin).'
@@ -81,7 +81,7 @@ class InspecCLI < Thor # rubocop:disable Metrics/ClassLength
   option :id, type: :string,
     desc: 'Attach a profile ID to all test results'
   target_options
-  option :format, type: :string, default: 'progress'
+  option :format, type: :string
   def exec(*tests)
     diagnose
 

data/docs/dsl_inspec.rst

@@ -2,7 +2,7 @@
 InSpec DSL
 =====================================================
 
-|inspec| is a run-time framework and rule language used to specify compliance, securuty, and policy requirements. It includes a collection of resources that help you write auditing controls quickly and easily. The syntax used by both open source and |chef compliance| auditing is the same. The open source |inspec resource| framework is compatible with |chef compliance|.
+|inspec| is a run-time framework and rule language used to specify compliance, security, and policy requirements. It includes a collection of resources that help you write auditing controls quickly and easily. The syntax used by both open source and |chef compliance| auditing is the same. The open source |inspec resource| framework is compatible with |chef compliance|.
 
 The InSpec DSL is a Ruby DSL for writing audit controls, which includes audit resources that you can invoke.
 

data/lib/inspec/runner.rb

@@ -23,6 +23,9 @@ module Inspec
       @conf[:logger] ||= Logger.new(nil)
       @tests = RSpec::Core::World.new
 
+      # resets "pending examples" in reporter
+      RSpec.configuration.reset
+
       configure_output
       configure_transport
     end

data/lib/inspec/version.rb

@@ -3,5 +3,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '0.9.6'
+  VERSION = '0.9.7'
 end

data/lib/matchers/matchers.rb

@@ -240,14 +240,21 @@ RSpec::Matchers.define :cmp do |expected|
     false
   end
 
+  def octal?(value)
+    return true if value =~ /\A0+\d+\Z/
+    false
+  end
+
   match do |actual|
     # if actual and expected are strings
-    if actual.is_a?(String) && expected.is_a?(String)
+    if expected.is_a?(String) && actual.is_a?(String)
       actual.casecmp(expected) == 0
     elsif expected.is_a?(Integer) && integer?(actual)
       expected == actual.to_i
     elsif expected.is_a?(Float) && float?(actual)
       expected == actual.to_f
+    elsif octal?(expected) && actual.is_a?(Integer)
+      expected.to_i(8) == actual
     # fallback to equal
     else
       actual == expected
@@ -255,10 +262,12 @@ RSpec::Matchers.define :cmp do |expected|
   end
 
   failure_message do |actual|
+    actual = '0' + actual.to_s(8) if octal?(expected)
     "\nexpected: #{expected}\n     got: #{actual}\n\n(compared using `cmp` matcher)\n"
   end
 
   failure_message_when_negated do |actual|
+    actual = '0' + actual.to_s(8) if octal?(expected)
     "\nexpected: value != #{expected}\n     got: #{actual}\n\n(compared using `cmp` matcher)\n"
   end
 end

data/lib/resources/package.rb

@@ -105,10 +105,22 @@ class Rpm < PkgManagement
       assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
       multiple_values: false,
     ).params
+    # On some (all?) systems, the linebreak before the vendor line is missing
+    if params['Version'] =~ /\s*Vendor:/
+      v = params['Version'].split(' ')[0]
+    else
+      v = params['Version']
+    end
+    # On some (all?) systems, the linebreak before the build line is missing
+    if params['Release'] =~ /\s*Build Date:/
+      r = params['Release'].split(' ')[0]
+    else
+      r = params['Release']
+    end
     {
       name: params['Name'],
       installed: true,
-      version: params['Version'],
+      version: "#{v}-#{r}",
       type: 'rpm',
     }
   end

data/lib/resources/security_policy.rb

@@ -30,18 +30,22 @@ class SecurityPolicy < Inspec.resource(1)
   # load security content
   def load
     # export the security policy
-    inspec.command('secedit /export /cfg win_secpol.cfg')
-    # store file content
-    command_result ||= inspec.command('type win_secpol.cfg')
-    # delete temp file
-    inspec.command('del win_secpol.cfg')
+    cmd = inspec.command('secedit /export /cfg win_secpol.cfg')
+    return nil if cmd.exit_status.to_i != 0
 
-    @exit_status = command_result.exit_status.to_i
-    @policy = command_result.stdout
+    # store file content
+    cmd = inspec.command('Get-Content win_secpol.cfg')
+    @exit_status = cmd.exit_status.to_i
+    return nil if @exit_status != 0
+    @policy = cmd.stdout
     @loaded = true
 
     # returns self
     self
+
+  ensure
+    # delete temp file
+    inspec.command('Remove-Item win_secpol.cfg').exit_status.to_i
   end
 
   def method_missing(method)

data/test/helper.rb

@@ -111,9 +111,9 @@ class MockLoader
 
     mock.commands = {
       'ps aux' => cmd.call('ps-aux'),
-      'type win_secpol.cfg' => cmd.call('secedit-export'),
+      'Get-Content win_secpol.cfg' => cmd.call('secedit-export'),
       'secedit /export /cfg win_secpol.cfg' => cmd.call('success'),
-      'del win_secpol.cfg' => cmd.call('success'),
+      'Remove-Item win_secpol.cfg' => cmd.call('success'),
       'env' => cmd.call('env'),
       '$Env:PATH'  => cmd.call('$env-PATH'),
       # registry key test

data/test/integration/test/integration/default/file_spec.rb

@@ -40,6 +40,8 @@ if os.unix?
     # it { should have_mode }
     its('mode') { should eq 00765 }
     it { should be_mode 00765 }
+    its('mode') { should cmp '0765' }
+    its('mode') { should_not cmp '0777' }
 
     it { should be_readable }
     it { should be_readable.by('owner') }

data/test/integration/test/integration/default/secpol_spec.rb

@@ -0,0 +1,8 @@
+# encoding: utf-8
+
+if os.windows?
+  describe security_policy do
+    its('EnableAdminAccount') { should eq 1 }
+    its('EnableGuestAccount') { should eq 0 }
+  end
+end

data/test/unit/resources/package_test.rb

@@ -27,18 +27,18 @@ describe 'Inspec::Resources::Package' do
   # centos
   it 'verify centos package parsing' do
     resource = MockLoader.new(:centos7).load_resource('package', 'curl')
-    pkg = { name: 'curl', installed: true, version: '7.29.0', type: 'rpm' }
+    pkg = { name: 'curl', installed: true, version: '7.29.0-19.el7', type: 'rpm' }
     _(resource.installed?).must_equal true
-    _(resource.version).must_equal '7.29.0'
+    _(resource.version).must_equal '7.29.0-19.el7'
     _(resource.info).must_equal pkg
   end
 
   # wrlinux
   it 'verify wrlinux package parsing' do
     resource = MockLoader.new(:wrlinux).load_resource('package', 'curl')
-    pkg = { name: 'curl', installed: true, version: '7.29.0', type: 'rpm' }
+    pkg = { name: 'curl', installed: true, version: '7.29.0-19.el7', type: 'rpm' }
     _(resource.installed?).must_equal true
-    _(resource.version).must_equal '7.29.0'
+    _(resource.version).must_equal '7.29.0-19.el7'
     _(resource.info).must_equal pkg
   end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 0.9.6
+  version: 0.9.7
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-12-11 00:00:00.000000000 Z
+date: 2015-12-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: r-train
@@ -312,6 +312,7 @@ files:
 - test/integration/test/integration/default/package_spec.rb
 - test/integration/test/integration/default/port_spec.rb
 - test/integration/test/integration/default/registry_key_spec.rb
+- test/integration/test/integration/default/secpol_spec.rb
 - test/integration/test/integration/default/service_spec.rb
 - test/integration/test/integration/default/user_spec.rb
 - test/integration/test/integration/default/yaml_spec.rb
@@ -504,6 +505,7 @@ test_files:
 - test/integration/test/integration/default/package_spec.rb
 - test/integration/test/integration/default/port_spec.rb
 - test/integration/test/integration/default/registry_key_spec.rb
+- test/integration/test/integration/default/secpol_spec.rb
 - test/integration/test/integration/default/service_spec.rb
 - test/integration/test/integration/default/user_spec.rb
 - test/integration/test/integration/default/yaml_spec.rb