inspec 1.13.0 → 1.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d2e2aeebe40a757983d190ca0921c507e1158c33
-  data.tar.gz: 99aad400d64fd3da51392aaa752cbbb2a2647a6b
+  metadata.gz: fb888c0cb724974ef7d939097b4f2b035653d6d7
+  data.tar.gz: 9e7eb4ff65ea768f8fe1782ce998a1c0ed825896
 SHA512:
-  metadata.gz: 538a625e9eb9019e46b72095139215548f2f5aa96bb4cfba9e54ac0c4ad64375a4be36f0d15d099b9dde0cb0c8e34f6bc2894dff712adbdffe68d5ffb57c5e7b
-  data.tar.gz: 75fa86184262907ea53bff79ba9c708671970c7825ee33e966b88feb2739c7ed0c38b189a13394edd1e6e2a70060853f3e8e2ced4488f0d888cf011ccce0aa7e
+  metadata.gz: cd794bbc14da92dc306a9c7b8faa71a2d4fecd272c95918de9de5e59ac5669e8d93b880684f2263b751a10ff20bc9eb843b06692c00673abba3af22707dba85e
+  data.tar.gz: a6e46c9012ad7d3a368d90f3f0912c02ab7ca62a90619af69d204f2864b641e22448f32b3679337f231665ca2fda820d490ddcfb7fea2bb71b93c82bd5a51192

data/CHANGELOG.md

@@ -1,7 +1,25 @@
 # Change Log
 
-## [1.13.0](https://github.com/chef/inspec/tree/1.13.0) (2017-02-07)
-[Full Changelog](https://github.com/chef/inspec/compare/v1.12.0...1.13.0)
+## [1.14.0](https://github.com/chef/inspec/tree/1.14.0) (2017-02-09)
+[Full Changelog](https://github.com/chef/inspec/compare/v1.13.0...1.14.0)
+
+**Fixed bugs:**
+
+- map url to https for compliance plugin [\#1471](https://github.com/chef/inspec/pull/1471) ([arlimus](https://github.com/arlimus))
+
+**Closed issues:**
+
+- Display meaningful error message when uploading profiles to a server with self-signed certs [\#1469](https://github.com/chef/inspec/issues/1469)
+
+**Merged pull requests:**
+
+- Use RuboCop 0.39.0 \(same as chefstyle\) [\#1478](https://github.com/chef/inspec/pull/1478) ([tduffield](https://github.com/tduffield))
+- bugfix: warn users about insecure login requirements [\#1472](https://github.com/chef/inspec/pull/1472) ([arlimus](https://github.com/arlimus))
+- Add support for "inspec -v" showing the version [\#1470](https://github.com/chef/inspec/pull/1470) ([adamleff](https://github.com/adamleff))
+- Replace slack invite form on Community, fix surprise code example [\#1468](https://github.com/chef/inspec/pull/1468) ([adamleff](https://github.com/adamleff))
+
+## [v1.13.0](https://github.com/chef/inspec/tree/v1.13.0) (2017-02-07)
+[Full Changelog](https://github.com/chef/inspec/compare/v1.12.0...v1.13.0)
 
 **Implemented enhancements:**
 

data/Gemfile

@@ -14,7 +14,7 @@ group :test do
   gem 'bundler', '~> 1.5'
   gem 'minitest', '~> 5.5'
   gem 'rake', '~> 10'
-  gem 'rubocop', '~> 0.36.0'
+  gem 'rubocop', '= 0.39.0'
   gem 'simplecov', '~> 0.10'
   gem 'concurrent-ruby', '~> 0.9'
   gem 'mocha', '~> 1.1'

data/examples/meta-profile/inspec.lock

@@ -0,0 +1,18 @@
+---
+lockfile_version: 1
+depends:
+- name: dev-sec/ssh-baseline
+  resolved_source:
+    url: https://github.com/dev-sec/ssh-baseline/archive/master.tar.gz
+    sha256: e25d521fb1093b4c23b31a7dc8f41b5540236f4a433960b151bc427523662ab6
+  version_constraints: ">= 0"
+- name: ssl-benchmark
+  resolved_source:
+    url: https://github.com/dev-sec/ssl-benchmark/archive/master.tar.gz
+    sha256: 793adcbb91cfc2da0044bb9cbf0863773ae2cf89ce9b8343b4295b137f70897b
+  version_constraints: ">= 0"
+- name: windows-patch-benchmark
+  resolved_source:
+    url: https://github.com/chris-rock/windows-patch-benchmark/archive/master.tar.gz
+    sha256: 3d473e72d8b70018386a53e0a105e92ccbb4115dc268cadc16ff53d550d2898e
+  version_constraints: ">= 0"

data/lib/bundles/inspec-artifact/cli.rb

@@ -154,17 +154,17 @@ module Artifact
         p = Pathname.new(path_to_profile)
         p = p.join('inspec.yml')
         if not p.exist?
-          fail "#{path_to_profile} doesn't appear to be a valid Inspec profile"
+          raise "#{path_to_profile} doesn't appear to be a valid Inspec profile"
         end
         yaml = YAML.load_file(p.to_s)
         yaml = yaml.to_hash
 
         if not yaml.key? 'name'
-          fail 'Profile is invalid, name is not defined'
+          raise 'Profile is invalid, name is not defined'
         end
 
         if not yaml.key? 'version'
-          fail 'Profile is invalid, version is not defined'
+          raise 'Profile is invalid, version is not defined'
         end
       rescue => e
         # rewrap it and pass it up to the CLI
@@ -212,15 +212,15 @@ module Artifact
       public_keyfile = "#{file_keyname}.pem.pub"
       puts "Looking for #{public_keyfile} to verify artifact"
       if not File.exist? public_keyfile
-        fail "Can't find #{public_keyfile}"
+        raise "Can't find #{public_keyfile}"
       end
 
       if not VALID_PROFILE_DIGESTS.member? file_alg
-        fail 'Invalid artifact digest algorithm detected'
+        raise 'Invalid artifact digest algorithm detected'
       end
 
       if not VALID_PROFILE_VERSIONS.member? file_version
-        fail 'Invalid artifact version detected'
+        raise 'Invalid artifact version detected'
       end
     end
 

data/lib/bundles/inspec-compliance/http.rb

@@ -10,6 +10,7 @@ module Compliance
   class HTTP
     # generic get requires
     def self.get(url, headers = nil, insecure)
+      url = "https://#{url}" if URI.parse(url).scheme.nil?
       uri = URI.parse(url)
       req = Net::HTTP::Get.new(uri.path)
       if !headers.nil?
@@ -38,7 +39,7 @@ module Compliance
     # post a file
     def self.post_file(url, headers, file_path, insecure)
       uri = URI.parse(url)
-      fail "Unable to parse URL: #{url}" if uri.nil? || uri.host.nil?
+      raise "Unable to parse URL: #{url}" if uri.nil? || uri.host.nil?
       http = Net::HTTP.new(uri.host, uri.port)
 
       # set connection flags
@@ -67,11 +68,18 @@ module Compliance
       }
       opts[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if insecure
 
-      fail "Unable to parse URI: #{uri}" if uri.nil? || uri.host.nil?
-      res = Net::HTTP.start(uri.host, uri.port, opts) {|http|
+      raise "Unable to parse URI: #{uri}" if uri.nil? || uri.host.nil?
+      res = Net::HTTP.start(uri.host, uri.port, opts) { |http|
         http.request(req)
       }
       res
+
+    rescue OpenSSL::SSL::SSLError => e
+      raise e unless e.message.include? 'certificate verify failed'
+
+      puts "Error: Failed to connect to #{uri}."
+      puts 'If the server uses a self-signed certificate, please re-run the login command with the --insecure option.'
+      exit 1
     end
   end
 end

data/lib/bundles/inspec-compliance/target.rb

@@ -37,7 +37,7 @@ module Compliance
             server = 'compliance'
             msg = "inspec compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
           end
-          fail Inspec::FetcherFailure, <<EOF
+          raise Inspec::FetcherFailure, <<EOF
 
 Cannot fetch #{uri} because your #{server} token has not been
 configured.
@@ -51,7 +51,7 @@ EOF
         # verifies that the target e.g base/ssh exists
         profile = uri.host + uri.path
         if !Compliance::API.exist?(config, profile)
-          fail Inspec::FetcherFailure, "The compliance profile #{profile} was not found on the configured compliance server"
+          raise Inspec::FetcherFailure, "The compliance profile #{profile} was not found on the configured compliance server"
         end
         profile_fetch_url = Compliance::API.target_url(config, profile)
       end

data/lib/bundles/inspec-supermarket/cli.rb

@@ -45,7 +45,7 @@ module Supermarket
         "#{p['tool_owner']}/#{p['slug']}" == profile
       }
 
-      if found.length == 0
+      if found.empty?
         puts "#{mark_text(profile)} is not available on Supermarket"
         return
       end

data/lib/fetchers/git.rb

@@ -86,7 +86,7 @@ module Fetchers
       cmd = shellout("git ls-remote \"#{@remote_url}\" \"#{ref_name}*\"")
       ref = parse_ls_remote(cmd.stdout, ref_name)
       if !ref
-        fail "Unable to resolve #{ref_name} to a specific git commit for #{@remote_url}"
+        raise "Unable to resolve #{ref_name} to a specific git commit for #{@remote_url}"
       end
       ref
     end

data/lib/inspec/backend.rb

@@ -17,12 +17,12 @@ module Inspec
       name = Train.validate_backend(conf)
       transport = Train.create(name, conf)
       if transport.nil?
-        fail "Can't find transport backend '#{name}'."
+        raise "Can't find transport backend '#{name}'."
       end
 
       connection = transport.connection
       if connection.nil?
-        fail "Can't connect to transport backend '#{name}'."
+        raise "Can't connect to transport backend '#{name}'."
       end
 
       cls = Class.new do

data/lib/inspec/base_cli.rb

@@ -142,7 +142,7 @@ module Inspec
         $stderr.puts exception.message
         exit(1)
       else
-        raise exception # rubocop:disable Style/SignalException
+        raise exception
       end
     end
 

data/lib/inspec/cached_fetcher.rb

@@ -12,7 +12,7 @@ module Inspec
       @fetcher = Inspec::Fetcher.resolve(target)
 
       if @fetcher.nil?
-        fail("Could not fetch inspec profile in #{target.inspect}.")
+        raise("Could not fetch inspec profile in #{target.inspect}.")
       end
 
       @cache = cache
@@ -50,7 +50,7 @@ module Inspec
     def assert_cache_sanity!
       if target.respond_to?(:key?) && target.key?(:sha256)
         if fetcher.resolved_source[:sha256] != target[:sha256]
-          fail <<EOF
+          raise <<EOF
 The remote source #{fetcher} no longer has the requested content:
 
 Request Content Hash: #{target[:sha256]}

data/lib/inspec/cli.rb

@@ -230,6 +230,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
       puts "\nYour version of InSpec is out of date! The latest version is #{latest}."
     end
   end
+  map %w{-v --version} => :version
 
   private
 

data/lib/inspec/control_eval_context.rb

@@ -35,8 +35,6 @@ module Inspec
     # @param profile_context [Inspec::ProfileContext]
     # @param outer_dsl [OuterDSLClass]
     # @return [ProfileContextClass]
-    #
-    # rubocop:disable Lint/NestedMethodDefinition
     def self.create(profile_context, resources_dsl) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
       rule_class = rule_context(resources_dsl)
       profile_context_owner = profile_context

data/lib/inspec/dependencies/lockfile.rb

@@ -18,7 +18,7 @@ module Inspec
     def self.from_content(content)
       parsed_content = YAML.load(content)
       version = parsed_content['lockfile_version']
-      fail "No lockfile_version set in #{path}!" if version.nil?
+      raise "No lockfile_version set in #{path}!" if version.nil?
       validate_lockfile_version!(version.to_i)
       new(parsed_content)
     end
@@ -28,9 +28,10 @@ module Inspec
       from_content(content)
     end
 
+    # rubocop:disable Style/GuardClause
     def self.validate_lockfile_version!(version)
       if version < MINIMUM_SUPPORTED_VERSION
-        fail <<EOF
+        raise <<EOF
 This lockfile specifies a lockfile_version of #{version} which is
 lower than the minimum supported version #{MINIMUM_SUPPORTED_VERSION}.
 
@@ -39,7 +40,7 @@ Please create a new lockfile for this project by running:
     inspec vendor
 EOF
       elsif version > CURRENT_LOCKFILE_VERSION
-        fail <<EOF
+        raise <<EOF
 This lockfile claims to be version #{version} which is greater than
 the most recent lockfile version(#{CURRENT_LOCKFILE_VERSION}).
 
@@ -48,6 +49,7 @@ used to create the lockfile.
 EOF
       end
     end
+    # rubocop:enable Style/GuardClause
 
     attr_reader :version, :deps
     def initialize(lockfile_content_hash)
@@ -80,7 +82,7 @@ EOF
       else
         # If we've gotten here, there is likely a mistake in the
         # lockfile version validation in the constructor.
-        fail "No lockfile parser for version #{version}"
+        raise "No lockfile parser for version #{version}"
       end
     end
 

data/lib/inspec/dependencies/requirement.rb

@@ -10,7 +10,7 @@ module Inspec
   #
   class Requirement
     def self.from_metadata(dep, cache, opts)
-      fail 'Cannot load empty dependency.' if dep.nil? || dep.empty?
+      raise 'Cannot load empty dependency.' if dep.nil? || dep.empty?
       new(dep[:name], dep[:version], cache, opts[:cwd], opts.merge(dep))
     end
 

data/lib/inspec/dependencies/resolver.rb

@@ -26,7 +26,7 @@ module Inspec
     def self.resolve(dependencies, cache, working_dir, backend)
       reqs = dependencies.map do |dep|
         req = Inspec::Requirement.from_metadata(dep, cache, cwd: working_dir, backend: backend)
-        req || fail("Cannot initialize dependency: #{req}")
+        req || raise("Cannot initialize dependency: #{req}")
       end
       new.resolve(reqs)
     end
@@ -40,7 +40,7 @@ module Inspec
                              else
                                "the dependency information for #{path_string.split(' ').last}"
                              end
-          fail Inspec::DuplicateDep, "The dependency #{dep.name} is listed twice in #{problem_cookbook}"
+          raise Inspec::DuplicateDep, "The dependency #{dep.name} is listed twice in #{problem_cookbook}"
         else
           seen_items_local << dep.name
         end
@@ -65,13 +65,13 @@ module Inspec
                           end
 
         if new_seen_items.key?(dep.resolved_source)
-          fail Inspec::CyclicDependencyError, "Dependency #{dep} would cause a dependency cycle (#{new_path_string})"
+          raise Inspec::CyclicDependencyError, "Dependency #{dep} would cause a dependency cycle (#{new_path_string})"
         else
           new_seen_items[dep.resolved_source] = true
         end
 
         if !dep.source_satisfies_spec?
-          fail Inspec::UnsatisfiedVersionSpecification, "The profile #{dep.name} from #{dep.resolved_source} has a version #{dep.source_version} which doesn't match #{dep.required_version}"
+          raise Inspec::UnsatisfiedVersionSpecification, "The profile #{dep.name} from #{dep.resolved_source} has a version #{dep.source_version} which doesn't match #{dep.required_version}"
         end
 
         Inspec::Log.debug("Adding dependency #{dep.name} (#{dep.resolved_source})")

data/lib/inspec/dsl.rb

@@ -19,7 +19,7 @@ module Inspec::DSL
   alias include_rules include_controls
 
   def require_resource(options = {})
-    fail 'You must specify a specific resource name when calling require_resource()' if options[:resource].nil?
+    raise 'You must specify a specific resource name when calling require_resource()' if options[:resource].nil?
 
     from_profile = options[:profile] || profile_name
     target_name = options[:as] || options[:resource]
@@ -33,7 +33,7 @@ module Inspec::DSL
 
     dep_entry = dependencies.list[profile_id]
     if dep_entry.nil?
-      fail <<EOF
+      raise <<EOF
 Cannot load #{profile_id} since it is not listed as a dependency
 of #{bind_context.profile_name}.
 

data/lib/inspec/fetcher.rb

@@ -34,7 +34,7 @@ module Inspec
 
   def self.fetcher(version)
     if version != 1
-      fail 'Only fetcher version 1 is supported!'
+      raise 'Only fetcher version 1 is supported!'
     end
     Inspec::Plugins::Fetcher
   end

data/lib/inspec/file_provider.rb

@@ -17,7 +17,7 @@ module Inspec
       elsif File.exist?(path)
         DirProvider.new(path)
       else
-        fail "No file provider for the provided path: #{path}"
+        raise "No file provider for the provided path: #{path}"
       end
     end
 
@@ -25,11 +25,11 @@ module Inspec
     end
 
     def read(_file)
-      fail "#{self} does not implement `read(...)`. This is required."
+      raise "#{self} does not implement `read(...)`. This is required."
     end
 
     def files
-      fail "Fetcher #{self} does not implement `files()`. This is required."
+      raise "Fetcher #{self} does not implement `files()`. This is required."
     end
 
     def relative_provider
@@ -148,7 +148,7 @@ module Inspec
       @parent = parent_provider
       @prefix = get_prefix(parent.files)
       if @prefix.nil?
-        fail "Could not determine path prefix for #{parent}"
+        raise "Could not determine path prefix for #{parent}"
       end
       @files = parent.files.find_all { |x| x.start_with?(prefix) && x != prefix }
                      .map { |x| x[prefix.length..-1] }

data/lib/inspec/library_eval_context.rb

@@ -35,7 +35,7 @@ module Inspec
 
       c3 = Class.new do
         include Inspec::DSL::RequireOverride
-        def initialize(require_loader) # rubocop:disable Lint/NestedMethodDefinition
+        def initialize(require_loader)
           @require_loader = require_loader
         end
       end

data/lib/inspec/objects/list.rb

@@ -3,7 +3,7 @@
 module Inspec
   class List < Value
     def map
-      fail 'Inspec::List.map needs to be called with a block' unless block_given?
+      raise 'Inspec::List.map needs to be called with a block' unless block_given?
       t = List.new
       t.qualifier = [['x']]
       yield(t)

data/lib/inspec/plugins.rb

@@ -51,7 +51,7 @@ module Inspec
     def load(name)
       path = @registry[name]
       if path.nil?
-        fail "Couldn't find plugin #{name}. Searching in #{@home}"
+        raise "Couldn't find plugin #{name}. Searching in #{@home}"
       end
       # puts "Loading plugin #{name} from #{path}"
       require path

data/lib/inspec/plugins/fetcher.rb

@@ -36,7 +36,7 @@ module Inspec
       # profile.
       #
       def archive_path
-        fail "Fetcher #{self} does not implement `archive_path()`. This is required."
+        raise "Fetcher #{self} does not implement `archive_path()`. This is required."
       end
 
       #
@@ -49,7 +49,7 @@ module Inspec
       # /foo/bar/baz.zip
       #
       def fetch(_path)
-        fail "Fetcher #{self} does not implement `fetch()`. This is required."
+        raise "Fetcher #{self} does not implement `fetch()`. This is required."
       end
 
       #
@@ -59,14 +59,14 @@ module Inspec
       # tag will be resolved to an exact revision.
       #
       def resolved_source
-        fail "Fetcher #{self} does not implement `resolved_source()`. This is required for terminal fetchers."
+        raise "Fetcher #{self} does not implement `resolved_source()`. This is required for terminal fetchers."
       end
 
       #
       # The unique key based on the content of the remote archive.
       #
       def cache_key
-        fail "Fetcher #{self} does not implement `cache_key()`. This is required for terminal fetchers."
+        raise "Fetcher #{self} does not implement `cache_key()`. This is required for terminal fetchers."
       end
 
       #