inspec 0.9.7 → 0.9.8

data/lib/inspec/targets.rb

@@ -6,4 +6,5 @@ require 'inspec/targets/core'
 require 'inspec/targets/file'
 require 'inspec/targets/folder'
 require 'inspec/targets/url'
-require 'inspec/targets/dir'
+require 'inspec/targets/zip'
+require 'inspec/targets/tar'

data/lib/inspec/targets/archive.rb

@@ -0,0 +1,39 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'rubygems/package'
+require 'zlib'
+
+module Inspec::Targets
+  class ArchiveHelper
+    def resolve(target, _opts = {})
+      files, rootdir = structure(target)
+
+      # remove trailing slashes
+      files = files.collect { |f| f.chomp('/') }
+
+      # remove leading directory
+      files = files.collect { |f|
+        Pathname(f).relative_path_from(Pathname(rootdir)).to_s
+      }
+
+      helper = DirsHelper.get_handler(files)
+      if helper.nil?
+        fail "Don't know how to handle folder #{target}"
+      end
+
+      # get all test file contents
+      raw_files = helper.get_filenames(files)
+      tests = content(target, raw_files, rootdir, base_folder: target)
+
+      libs = []
+      if helper.respond_to? :get_libraries
+        raw_libs = helper.get_libraries(files)
+        libs = content(target, raw_libs, rootdir, base_folder: target, as: :library)
+      end
+
+      libs + tests
+    end
+  end
+end

data/lib/inspec/targets/core.rb

@@ -14,13 +14,13 @@ module Inspec
       end.flatten
     end
 
-    def self.resolve(targets)
+    def self.resolve(targets, opts = {})
       Array(targets).map do |target|
         handler = modules.values.find { |m| m.handles?(target) }
         if handler.nil?
           fail "Don't know how to handle target: #{target}"
         end
-        handler.resolve(target)
+        handler.resolve(target, opts)
       end.flatten
     end
   end

data/lib/inspec/targets/dir.rb

@@ -4,9 +4,20 @@
 
 module Inspec::Targets
   module DirsHelper
+    # InSpec profile Loader
+    # Previous versions used the `test` directory instead of the new `controls`
+    # directory. Usage of the test directory is deprecated and not recommended
+    # anymore. Support for `test` will be removed in InSpec 1.0
+    # TODO: remove `test` support for InSpec 1.0
     class ProfileDir
       def handles?(paths)
-        paths.include?('test') && paths.include?('metadata.rb')
+        (
+          !paths.grep(/^controls/).empty? ||
+          !paths.grep(/^test/).empty?
+        ) && (
+          paths.include?('inspec.yml') ||
+          paths.include?('metadata.rb')
+        )
       end
 
       def get_libraries(paths)
@@ -17,9 +28,14 @@ module Inspec::Targets
 
       def get_filenames(paths)
         paths.find_all do |path|
-          path.start_with?('test') && path.end_with?('.rb')
+          (path.start_with?('controls') || path.start_with?('test')) && path.end_with?('.rb')
         end
       end
+
+      def get_metadata(paths)
+        return 'inspec.yml' if paths.include?('inspec.yml')
+        return 'metadata.rb' if paths.include?('metadata.rb')
+      end
     end
 
     class ChefAuditDir

data/lib/inspec/targets/file.rb

@@ -23,6 +23,10 @@ module Inspec::Targets
         resolve(target, opts)
       end
     end
+
+    def to_s
+      'File Loader'
+    end
   end
 
   Inspec::Targets.add_module('file', FileHelper.new)

data/lib/inspec/targets/folder.rb

@@ -11,7 +11,7 @@ module Inspec::Targets
       File.directory?(target)
     end
 
-    def resolve(target)
+    def resolve(target, _opts = {})
       # find all files in the folder
       files = Dir[File.join(target, '**', '*')]
       # remove the prefix
@@ -25,17 +25,27 @@ module Inspec::Targets
 
       # get all test file contents
       file_handler = Inspec::Targets.modules['file']
-      raw_files = helper.get_filenames(files)
-      tests = file_handler.resolve_all(raw_files, base_folder: target)
-
-      libs = []
-      if helper.respond_to? :get_libraries
-        raw_libs = helper.get_libraries(files)
-        libs = file_handler.resolve_all(raw_libs,
-                                        base_folder: target, as: :library)
-      end
+      res = {
+        test:     collect(helper, files, :get_filenames),
+        library:  collect(helper, files, :get_libraries),
+        metadata: collect(helper, files, :get_metadata),
+      }.map { |as, list|
+        file_handler.resolve_all(list, base_folder: target, as: as)
+      }
+
+      # flatten the outer list layer
+      res.inject(&:+)
+    end
+
+    def to_s
+      'Folder Loader'
+    end
+
+    private
 
-      libs + tests
+    def collect(helper, files, getter)
+      return [] unless helper.respond_to? getter
+      helper.method(getter).call(files)
     end
   end
 

data/lib/inspec/targets/tar.rb

@@ -4,25 +4,50 @@
 
 require 'rubygems/package'
 require 'zlib'
+require 'inspec/targets/archive'
 
 module Inspec::Targets
-  class TarHelper
+  class TarHelper < ArchiveHelper
+    def handles?(target)
+      File.file?(target) and (
+        target.end_with?('.tar.gz') ||
+        target.end_with?('.tgz')
+      )
+    end
+
     def structure(input)
       files = []
+      rootdir = ''
       Gem::Package::TarReader.new(Zlib::GzipReader.open input) do |tar|
         files = tar.map(&:full_name)
       end
-      files
+
+      # find root dir of profile
+      files.each { |f|
+        pn = Pathname(f)
+        rootdir = pn.dirname.to_s if pn.basename.to_s == 'inspec.yml' || pn.basename.to_s == 'metadata.rb'
+      }
+
+      # stores the rootdir of metadata.rb or inspec.yml
+      rootdir += '/' if !rootdir.empty?
+      [files, rootdir]
     end
 
-    def content(input)
-      content = {}
+    def content(input, files, rootdir = nil, opts = {})
+      content = []
       Gem::Package::TarReader.new(Zlib::GzipReader.open input) do |tar|
         tar.each do |entry|
           if entry.directory?
             # nothing to do
           elsif entry.file?
-            content[entry.full_name] = entry.read
+            if files.include?(entry.full_name.gsub(rootdir, ''))
+              h = {
+                content: entry.read,
+                type: opts[:as] || :test,
+                # ref: File.join(input, entry.name),
+              }
+              content.push(h)
+            end
           elsif entry.header.typeflag == '2'
             # ignore symlinks for now
           end
@@ -30,5 +55,11 @@ module Inspec::Targets
       end
       content
     end
+
+    def to_s
+      'tar.gz Loader'
+    end
   end
+
+  Inspec::Targets.add_module('tar', TarHelper.new)
 end

data/lib/inspec/targets/url.rb

@@ -15,24 +15,56 @@ module Inspec::Targets
       %{ http https }.include? uri.scheme
     end
 
-    def resolve(target)
-      return nil unless target.start_with? 'https://github.com' and
-                        target.end_with? '.git'
+    def resolve(target, opts = {})
+      # abort if the target does not start with http or https
+      return nil unless target.start_with? 'https://' or target.start_with? 'http://'
 
-      url = target.sub(/.git$/, '') + '/archive/master.zip'
-      resolve_zip(url)
+      # support for github https url
+      if target.start_with? 'https://github.com' and target.end_with? '.git'
+        url = target.sub(/.git$/, '') + '/archive/master.tar.gz'
+      else
+        url = target
+      end
+
+      resolve_zip(url, opts)
     end
 
-    def resolve_zip(url)
-      zipfile = Tempfile.new('inspec-dl-')
-      zipfile.binmode
-      zipfile.write(open(url).read)
-      zipfile.rewind
-      content = ZipHelper.new.resolve(zipfile.path)
-      zipfile.close
-      zipfile.unlink
+    def resolve_zip(url, opts)
+      archive = Tempfile.new(['inspec-dl-', '.tar.gz'])
+      archive.binmode
+
+      remote = open(
+        url,
+        http_basic_authentication: [opts['user'] || '', opts['password'] || ''],
+      )
+
+      # download content
+      archive.write(remote.read)
+      archive.rewind
+      archive.close
+
+      content_type = remote.meta['content-type']
+      # replace extension with zip if we detected a zip content type
+      if ['application/x-zip-compressed', 'application/zip'].include?(content_type)
+        # rename file for proper detection in DirHelper
+        pn = Pathname.new(archive.path)
+        new_path = pn.dirname.join(pn.basename.to_s.gsub('tar.gz', 'zip'))
+        File.rename(pn.to_s, new_path.to_s)
+
+        content = ZipHelper.new.resolve(new_path)
+        File.unlink(new_path)
+      # use tar helper as default
+      elsif ['application/x-gzip', 'application/gzip'].include?(content_type)
+        content = TarHelper.new.resolve(archive.path)
+        archive.unlink
+      end
+
       content
     end
+
+    def to_s
+      'URL Loader'
+    end
   end
 
   Inspec::Targets.add_module('url', UrlHelper.new)

data/lib/inspec/targets/zip.rb

@@ -4,16 +4,23 @@
 
 require 'zip'
 require 'inspec/targets/dir'
+require 'inspec/targets/archive'
 
 module Inspec::Targets
-  class ZipHelper
-    def content(input, _filter)
+  class ZipHelper < ArchiveHelper
+    def handles?(target)
+      File.file?(target) and target.end_with?('.zip')
+    end
+
+    def content(input, files, rootdir = nil, opts = {})
       content = []
       ::Zip::InputStream.open(input) do |io|
         while (entry = io.get_next_entry)
+          next if !files.include?(entry.name.gsub(rootdir, ''))
           h = {
             content: io.read,
-            ref: File.join(input, entry.name),
+            type: opts[:as] || :test,
+            # ref: File.join(input, entry.name),
           }
           content.push(h)
         end
@@ -23,25 +30,25 @@ module Inspec::Targets
 
     def structure(input)
       files = []
+      rootdir = ''
+
       ::Zip::InputStream.open(input) do |io|
         while (entry = io.get_next_entry)
+          pn = Pathname(entry.name)
+          rootdir = pn.dirname.to_s if pn.basename.to_s == 'inspec.yml' || pn.basename.to_s == 'metadata.rb'
           files.push(entry.name)
         end
       end
-      files
+
+      # stores the rootdir of metadata.rb or inspec.yml
+      rootdir += '/' if !rootdir.empty?
+      [files, rootdir]
     end
 
-    def resolve(path)
-      files = structure(path)
-      helper = DirsHelper.get_handler(files)
-      if helper.nil?
-        fail "Don't know how to handle folder #{path}"
-      end
-      # get all file contents
-      # @TODO
-      _file_handler = Inspec::Targets.modules['file']
-      test_files = helper.get_filenames(files)
-      content(path, test_files)
+    def to_s
+      'zip Loader'
     end
   end
+
+  Inspec::Targets.add_module('zip', ZipHelper.new)
 end

data/lib/inspec/version.rb

@@ -3,5 +3,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '0.9.7'
+  VERSION = '0.9.8'
 end

data/lib/matchers/matchers.rb

@@ -271,3 +271,33 @@ RSpec::Matchers.define :cmp do |expected|
     "\nexpected: value != #{expected}\n     got: #{actual}\n\n(compared using `cmp` matcher)\n"
   end
 end
+
+# user resource matcher for serverspec compatibility
+# This matcher will be deprecated in future
+RSpec::Matchers.define :be_mounted do
+  match do |path|
+    if !@options.nil?
+      path.mounted?(@options, @identical)
+    else
+      path.mounted?
+    end
+  end
+
+  chain :with do |attr|
+    @options = attr
+    @identical = false
+  end
+
+  chain :only_with do |attr|
+    @options = attr
+    @identical = true
+  end
+
+  failure_message do |path|
+    if !@options.nil?
+      "\n#{path} is not mounted with the options\n     expected: #{@options}\n     got: #{path.mount_options}\n"
+    else
+      "\n#{path} is not mounted\n"
+    end
+  end
+end

data/lib/resources/etc_group.rb

@@ -26,7 +26,7 @@ require 'utils/parser'
 
 class EtcGroup < Inspec.resource(1)
   include Converter
-  include ContentParser
+  include CommentParser
 
   name 'etc_group'
   desc 'Use the etc_group InSpec audit resource to test groups that are defined on Linux and UNIX platforms. The /etc/group file stores details about each group---group name, password, group identifier, along with a comma-separate list of users that belong to the group.'

data/lib/resources/file.rb

@@ -5,7 +5,7 @@
 # license: All rights reserved
 
 module Inspec::Resources
-  class File < Inspec.resource(1)
+  class File < Inspec.resource(1) # rubocop:disable Metrics/ClassLength
     name 'file'
     desc 'Use the file InSpec audit resource to test all system file types, including files, directories, symbolic links, named pipes, sockets, character devices, block devices, and doors.'
     example "
@@ -18,8 +18,9 @@ module Inspec::Resources
         its('mode') { should eq 0644 }
       end
     "
+    include MountParser
 
-    attr_reader :file, :path
+    attr_reader :file, :path, :mount_options
     def initialize(path)
       @path = path
       @file = inspec.backend.file(@path)
@@ -28,7 +29,7 @@ module Inspec::Resources
     %w{
       type exist? file? block_device? character_device? socket? directory?
       symlink? pipe? mode mode? owner owned_by? group grouped_into? link_target
-      link_path linked_to? content mtime size selinux_label mounted? immutable?
+      link_path linked_to? content mtime size selinux_label immutable?
       product_version file_version version? md5sum sha256sum
     }.each do |m|
       define_method m.to_sym do |*args|
@@ -58,6 +59,30 @@ module Inspec::Resources
       file_permission_granted?('x', by_usergroup, by_specific_user)
     end
 
+    def mounted?(expected_options = nil, identical = false)
+      mounted = file.mounted
+
+      # return if no additional parameters have been provided
+      return file.mounted? if expected_options.nil?
+
+      # deprecation warning, this functionality will be removed in future version
+      warn "[DEPRECATION] `be_mounted.with and be_mounted.only_with` are deprecated.  Please use `mount('#{path}')` instead."
+
+      # we cannot read mount data on non-Linux systems
+      return nil if !inspec.os.linux?
+
+      # parse content if we are on linux
+      @mount_options ||= parse_mount_options(mounted.stdout, true)
+
+      if identical
+        # check if the options should be identical
+        @mount_options == expected_options
+      else
+        # otherwise compare the selected values
+        @mount_options.contains(expected_options)
+      end
+    end
+
     def to_s
       "File #{path}"
     end