inspec 1.13.0 → 1.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -2
- data/Gemfile +1 -1
- data/examples/meta-profile/inspec.lock +18 -0
- data/examples/meta-profile/vendor/3d473e72d8b70018386a53e0a105e92ccbb4115dc268cadc16ff53d550d2898e.tar.gz +0 -0
- data/examples/meta-profile/vendor/793adcbb91cfc2da0044bb9cbf0863773ae2cf89ce9b8343b4295b137f70897b.tar.gz +0 -0
- data/examples/meta-profile/vendor/e25d521fb1093b4c23b31a7dc8f41b5540236f4a433960b151bc427523662ab6.tar.gz +0 -0
- data/lib/bundles/inspec-artifact/cli.rb +6 -6
- data/lib/bundles/inspec-compliance/http.rb +11 -3
- data/lib/bundles/inspec-compliance/target.rb +2 -2
- data/lib/bundles/inspec-supermarket/cli.rb +1 -1
- data/lib/fetchers/git.rb +1 -1
- data/lib/inspec/backend.rb +2 -2
- data/lib/inspec/base_cli.rb +1 -1
- data/lib/inspec/cached_fetcher.rb +2 -2
- data/lib/inspec/cli.rb +1 -0
- data/lib/inspec/control_eval_context.rb +0 -2
- data/lib/inspec/dependencies/lockfile.rb +6 -4
- data/lib/inspec/dependencies/requirement.rb +1 -1
- data/lib/inspec/dependencies/resolver.rb +4 -4
- data/lib/inspec/dsl.rb +2 -2
- data/lib/inspec/fetcher.rb +1 -1
- data/lib/inspec/file_provider.rb +4 -4
- data/lib/inspec/library_eval_context.rb +1 -1
- data/lib/inspec/objects/list.rb +1 -1
- data/lib/inspec/plugins.rb +1 -1
- data/lib/inspec/plugins/fetcher.rb +4 -4
- data/lib/inspec/plugins/resource.rb +0 -1
- data/lib/inspec/plugins/source_reader.rb +3 -3
- data/lib/inspec/profile.rb +4 -4
- data/lib/inspec/profile_context.rb +1 -1
- data/lib/inspec/resource.rb +2 -2
- data/lib/inspec/runner.rb +4 -4
- data/lib/inspec/secrets.rb +1 -1
- data/lib/inspec/shell.rb +1 -1
- data/lib/inspec/source_reader.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +7 -7
- data/lib/resources/apache_conf.rb +1 -1
- data/lib/resources/auditd_conf.rb +1 -1
- data/lib/resources/auditd_rules.rb +1 -1
- data/lib/resources/bridge.rb +1 -1
- data/lib/resources/etc_group.rb +2 -2
- data/lib/resources/file.rb +6 -6
- data/lib/resources/groups.rb +4 -4
- data/lib/resources/grub_conf.rb +3 -3
- data/lib/resources/host.rb +1 -1
- data/lib/resources/inetd_conf.rb +1 -1
- data/lib/resources/interface.rb +1 -1
- data/lib/resources/json.rb +1 -1
- data/lib/resources/limits_conf.rb +1 -1
- data/lib/resources/login_def.rb +1 -1
- data/lib/resources/mysql_conf.rb +1 -1
- data/lib/resources/ntp_conf.rb +1 -1
- data/lib/resources/packages.rb +2 -2
- data/lib/resources/parse_config.rb +1 -1
- data/lib/resources/port.rb +2 -2
- data/lib/resources/postgres_conf.rb +1 -1
- data/lib/resources/security_policy.rb +1 -1
- data/lib/resources/ssh_conf.rb +1 -1
- data/lib/resources/ssl.rb +1 -1
- data/lib/resources/users.rb +5 -5
- data/lib/resources/xinetd.rb +1 -1
- data/lib/utils/command_wrapper.rb +3 -3
- data/lib/utils/filter.rb +1 -1
- data/lib/utils/plugin_registry.rb +3 -3
- data/lib/utils/simpleconfig.rb +1 -1
- metadata +6 -2
data/lib/resources/ntp_conf.rb
CHANGED
@@ -43,7 +43,7 @@ module Inspec::Resources
|
|
43
43
|
end
|
44
44
|
|
45
45
|
content = inspec.file(@conf_path).content
|
46
|
-
if content.empty? && inspec.file(@conf_path).
|
46
|
+
if content.empty? && !inspec.file(@conf_path).empty?
|
47
47
|
skip_resource "Can't read file \"#{@conf_path}\""
|
48
48
|
return @params = {}
|
49
49
|
end
|
data/lib/resources/packages.rb
CHANGED
@@ -50,7 +50,7 @@ module Inspec::Resources
|
|
50
50
|
elsif p.class == Regexp
|
51
51
|
p
|
52
52
|
else
|
53
|
-
|
53
|
+
raise 'invalid name argument to packages resource, please use a "string" or /regexp/'
|
54
54
|
end
|
55
55
|
end
|
56
56
|
|
@@ -64,7 +64,7 @@ module Inspec::Resources
|
|
64
64
|
if os.debian?
|
65
65
|
command = "dpkg-query -W -f='${db:Status-Abbrev} ${Package} ${Version}\\n'"
|
66
66
|
else
|
67
|
-
|
67
|
+
raise "packages resource is not yet supported on #{os.name}"
|
68
68
|
end
|
69
69
|
build_package_list(command)
|
70
70
|
end
|
@@ -76,7 +76,7 @@ module Inspec::Resources
|
|
76
76
|
return skip_resource "Can't find file \"#{conf_path}\""
|
77
77
|
end
|
78
78
|
@content = read_file(conf_path).to_s
|
79
|
-
if @content.empty? && inspec.file(conf_path).
|
79
|
+
if @content.empty? && !inspec.file(conf_path).empty?
|
80
80
|
return skip_resource "Can't read file \"#{conf_path}\""
|
81
81
|
end
|
82
82
|
|
data/lib/resources/port.rb
CHANGED
@@ -45,7 +45,7 @@ module Inspec::Resources
|
|
45
45
|
.add(:protocols, field: 'protocol', style: :simple)
|
46
46
|
.add(:processes, field: 'process', style: :simple)
|
47
47
|
.add(:pids, field: 'pid', style: :simple)
|
48
|
-
.add(:listening?) { |x| x.entries.
|
48
|
+
.add(:listening?) { |x| !x.entries.empty? }
|
49
49
|
filter.connect(self, :info)
|
50
50
|
|
51
51
|
def to_s
|
@@ -169,7 +169,7 @@ module Inspec::Resources
|
|
169
169
|
ports = []
|
170
170
|
|
171
171
|
# check that lsof is available, otherwise fail
|
172
|
-
|
172
|
+
raise 'Please ensure `lsof` is available on the machine.' if !inspec.command(@lsof.to_s).exist?
|
173
173
|
|
174
174
|
# -F p=pid, c=command, P=protocol name, t=type, n=internet addresses
|
175
175
|
# see 'OUTPUT FOR OTHER PROGRAMS' in LSOF(8)
|
@@ -65,7 +65,7 @@ module Inspec::Resources
|
|
65
65
|
return skip_resource "Can't find file \"#{@conf_path}\""
|
66
66
|
end
|
67
67
|
raw_conf = read_file(@conf_path)
|
68
|
-
if raw_conf.empty? && inspec.file(@conf_path).
|
68
|
+
if raw_conf.empty? && !inspec.file(@conf_path).empty?
|
69
69
|
return skip_resource("Can't read file \"#{@conf_path}\"")
|
70
70
|
end
|
71
71
|
|
@@ -117,7 +117,7 @@ module Inspec::Resources
|
|
117
117
|
return skip_resource "Can't read security policy" if cmd.exit_status.to_i != 0
|
118
118
|
@content = cmd.stdout
|
119
119
|
|
120
|
-
if @content.empty? && file.
|
120
|
+
if @content.empty? && !file.empty?
|
121
121
|
return skip_resource "Can't read security policy"
|
122
122
|
end
|
123
123
|
@content
|
data/lib/resources/ssh_conf.rb
CHANGED
data/lib/resources/ssl.rb
CHANGED
@@ -52,7 +52,7 @@ class SSL < Inspec.resource(1)
|
|
52
52
|
elsif inspec.backend.class.to_s == 'Train::Transports::Local::Connection'
|
53
53
|
@host = 'localhost'
|
54
54
|
else
|
55
|
-
|
55
|
+
raise 'Cannot determine host for SSL test. Please specify it or use a different target.'
|
56
56
|
end
|
57
57
|
end
|
58
58
|
@port = opts[:port] || 443
|
data/lib/resources/users.rb
CHANGED
@@ -242,7 +242,7 @@ module Inspec::Resources
|
|
242
242
|
|
243
243
|
def has_authorized_key?(_compare_key)
|
244
244
|
deprecated('has_authorized_key?')
|
245
|
-
|
245
|
+
raise NotImplementedError
|
246
246
|
end
|
247
247
|
|
248
248
|
def deprecated(name, alternative = nil)
|
@@ -292,7 +292,7 @@ module Inspec::Resources
|
|
292
292
|
# groups: '',
|
293
293
|
# }
|
294
294
|
def identity(_username)
|
295
|
-
|
295
|
+
raise 'user provider must implement the `identity` method'
|
296
296
|
end
|
297
297
|
|
298
298
|
# returns optional information about a user, eg shell
|
@@ -313,7 +313,7 @@ module Inspec::Resources
|
|
313
313
|
|
314
314
|
# returns an array with users
|
315
315
|
def list_users
|
316
|
-
|
316
|
+
raise 'user provider must implement the `list_users` method'
|
317
317
|
end
|
318
318
|
|
319
319
|
# retuns all aspects of the user as one hash
|
@@ -556,7 +556,7 @@ module Inspec::Resources
|
|
556
556
|
def parse_windows_account(username)
|
557
557
|
account = username.split('\\')
|
558
558
|
name = account.pop
|
559
|
-
domain = account.pop if account.
|
559
|
+
domain = account.pop if !account.empty?
|
560
560
|
[name, domain]
|
561
561
|
end
|
562
562
|
|
@@ -565,7 +565,7 @@ module Inspec::Resources
|
|
565
565
|
name, _domain = parse_windows_account(username)
|
566
566
|
return if collect_user_details.nil?
|
567
567
|
res = collect_user_details.select { |user| user[:username] == name }
|
568
|
-
res[0] if res.
|
568
|
+
res[0] if !res.empty?
|
569
569
|
end
|
570
570
|
|
571
571
|
def list_users
|
data/lib/resources/xinetd.rb
CHANGED
@@ -9,20 +9,20 @@ class CommandWrapper
|
|
9
9
|
|
10
10
|
def self.wrap(cmd, options)
|
11
11
|
unless options.is_a?(Hash)
|
12
|
-
|
12
|
+
raise 'All options for the command wrapper must be provided as a hash. '\
|
13
13
|
"You entered: #{options.inspect}. Please consult the documentation."
|
14
14
|
end
|
15
15
|
|
16
16
|
wrap = options[:wrap]
|
17
17
|
if !wrap.nil? && !wrap.is_a?(Proc)
|
18
|
-
|
18
|
+
raise "Called command wrapper with wrap: #{wrap.inspect}. It must be called with a Proc."
|
19
19
|
elsif !wrap.nil?
|
20
20
|
return wrap.call(cmd)
|
21
21
|
end
|
22
22
|
|
23
23
|
shell = options[:shell]
|
24
24
|
unless UNIX_SHELLS.include?(shell)
|
25
|
-
|
25
|
+
raise "Don't know how to wrap commands for shell: #{shell.inspect}."
|
26
26
|
end
|
27
27
|
|
28
28
|
path = options[:path] || shell
|
data/lib/utils/filter.rb
CHANGED
@@ -70,7 +70,7 @@ module FilterTable
|
|
70
70
|
end
|
71
71
|
|
72
72
|
def new_entry(*_)
|
73
|
-
|
73
|
+
raise "#{self.class} must not be used on its own. It must be inherited "\
|
74
74
|
'and the #new_entry method must be implemented. This is an internal '\
|
75
75
|
'error and should not happen.'
|
76
76
|
end
|
@@ -39,7 +39,7 @@ class PluginRegistry
|
|
39
39
|
#
|
40
40
|
# @return [PluginRegistry] plugin registry for this plugin
|
41
41
|
def self.plugin_registry
|
42
|
-
|
42
|
+
raise "Plugin #{self} does not implement `self.plugin_registry()`. This method is required"
|
43
43
|
end
|
44
44
|
|
45
45
|
# Register a new plugin by name
|
@@ -47,7 +47,7 @@ class PluginRegistry
|
|
47
47
|
# @param [String] the unique name of this plugin
|
48
48
|
# @return [nil] disregard
|
49
49
|
def self.name(name)
|
50
|
-
|
50
|
+
raise "Trying to register #{self} with name == nil" if name.nil?
|
51
51
|
@name = name
|
52
52
|
plugin_registry.registry[name] = self
|
53
53
|
end
|
@@ -72,7 +72,7 @@ class PluginRegistry
|
|
72
72
|
# @param [String] target to try to resolve
|
73
73
|
# @return [Plugin] instance if it can be resolved, nil otherwise
|
74
74
|
def self.resolve(_target)
|
75
|
-
|
75
|
+
raise "Plugin #{self} does not implement `self.resolve(target)`. This method is required"
|
76
76
|
end
|
77
77
|
|
78
78
|
# When a plugin's resolve doesn't lead to the final state, it can
|
data/lib/utils/simpleconfig.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.14.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dominik Richter
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-02-
|
11
|
+
date: 2017-02-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: train
|
@@ -367,7 +367,11 @@ files:
|
|
367
367
|
- examples/kitchen-puppet/test/integration/default/web_spec.rb
|
368
368
|
- examples/meta-profile/README.md
|
369
369
|
- examples/meta-profile/controls/example.rb
|
370
|
+
- examples/meta-profile/inspec.lock
|
370
371
|
- examples/meta-profile/inspec.yml
|
372
|
+
- examples/meta-profile/vendor/3d473e72d8b70018386a53e0a105e92ccbb4115dc268cadc16ff53d550d2898e.tar.gz
|
373
|
+
- examples/meta-profile/vendor/793adcbb91cfc2da0044bb9cbf0863773ae2cf89ce9b8343b4295b137f70897b.tar.gz
|
374
|
+
- examples/meta-profile/vendor/e25d521fb1093b4c23b31a7dc8f41b5540236f4a433960b151bc427523662ab6.tar.gz
|
371
375
|
- examples/profile-attribute.yml
|
372
376
|
- examples/profile-attribute/README.md
|
373
377
|
- examples/profile-attribute/controls/example.rb
|