inspec 1.14.1 → 1.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7c359edd56805488af68139d6281b72e60991ee5
-  data.tar.gz: c06f8586568f4e29cb9b86f5a0b96b8ef58054f3
+  metadata.gz: 6d6a9596b5e8f107982bbf0772679d92bd903b24
+  data.tar.gz: 87f6fd87e179535f8d78512cc6a35798076cb51f
 SHA512:
-  metadata.gz: d3f2d5d72a3e088374e6bd1186453d3d0302827289b10229f0ce736fbf91f3e65c8e5baf6f5cc1856bedf36e97f3f17a37d43a00ac23ac54be4ca3b04abe4c44
-  data.tar.gz: a91488295b33e93b04669a29166f32923305361dca7e455a8908787549ee9dbd16ac3f395ed22ad76762ea983a5556c03ee3badd1409f009d2b6c55bf5b50983
+  metadata.gz: 73b6a1520ce732b59972ab69a1de54febd1512d06cf3102d81ad678ad7bedf85755a214d1ddc803fe7deda9cf2b1f26c0abc49716281f2690f3c4514dea15f3f
+  data.tar.gz: 1333f99c255ff0853315186c023fa22d419a3a9ec1e770bc2e6983eed371a15d5f91f3d65ff889deead3cef15d7eec0641fb4b33dc72abaaa1f2c3346de0a173

data/CHANGELOG.md

@@ -1,7 +1,43 @@
 # Change Log
 
-## [1.14.1](https://github.com/chef/inspec/tree/1.14.1) (2017-02-10)
-[Full Changelog](https://github.com/chef/inspec/compare/v1.14.0...1.14.1)
+## [v1.15.0](https://github.com/chef/inspec/tree/v1.15.0) (2017-02-27)
+[Full Changelog](https://github.com/chef/inspec/compare/v1.14.1...v1.15.0)
+
+**Implemented enhancements:**
+
+- Wrong rendering of InSpec.io header [\#1421](https://github.com/chef/inspec/issues/1421)
+
+**Fixed bugs:**
+
+- New Inspec.io is crashing on Edge if window is resized to a smaller window [\#1420](https://github.com/chef/inspec/issues/1420)
+
+**Closed issues:**
+
+- Colours and symbols broken on Windows [\#1508](https://github.com/chef/inspec/issues/1508)
+- be\_reacheable matcher for host resource should not always use ping on linux [\#1504](https://github.com/chef/inspec/issues/1504)
+- Inspec login fails [\#1503](https://github.com/chef/inspec/issues/1503)
+- Develop an inspec test for selinux [\#1496](https://github.com/chef/inspec/issues/1496)
+- Inspec.io: Add webinar/notifications bar in index.html [\#1495](https://github.com/chef/inspec/issues/1495)
+- Inspec.io: Try Demo Button Bug [\#1494](https://github.com/chef/inspec/issues/1494)
+- \[chef-compliance\]  Scan Report Calculations [\#1491](https://github.com/chef/inspec/issues/1491)
+- Create url for demo that can be pointed to from outbound campaigns [\#1485](https://github.com/chef/inspec/issues/1485)
+- After inspec update from 1.5 to 1.10 it breaks with \[undefined method `\[\]=' for nil:NilClass\] [\#1456](https://github.com/chef/inspec/issues/1456)
+- Inspec.io and IE11 [\#1437](https://github.com/chef/inspec/issues/1437)
+- Link to robert\_config.rb is broken on inspec.io [\#1226](https://github.com/chef/inspec/issues/1226)
+
+**Merged pull requests:**
+
+- Fix formatting and colors on Windows [\#1510](https://github.com/chef/inspec/pull/1510) ([trickyearlobe](https://github.com/trickyearlobe))
+- Adding a Habitat profile artifact creator [\#1505](https://github.com/chef/inspec/pull/1505) ([adamleff](https://github.com/adamleff))
+- create inspec.io/tutorial.html [\#1490](https://github.com/chef/inspec/pull/1490) ([arlimus](https://github.com/arlimus))
+- Doc fix for SourceReaders::InspecReader [\#1489](https://github.com/chef/inspec/pull/1489) ([adamleff](https://github.com/adamleff))
+- Generate default profile names, fix bug when using multiple flat profiles [\#1488](https://github.com/chef/inspec/pull/1488) ([adamleff](https://github.com/adamleff))
+- Packages resource support for RedHat [\#1487](https://github.com/chef/inspec/pull/1487) ([alexpop](https://github.com/alexpop))
+- Adding new crontab resource [\#1482](https://github.com/chef/inspec/pull/1482) ([adamleff](https://github.com/adamleff))
+- Provide target info on shell invocation [\#1475](https://github.com/chef/inspec/pull/1475) ([adamleff](https://github.com/adamleff))
+
+## [v1.14.1](https://github.com/chef/inspec/tree/v1.14.1) (2017-02-10)
+[Full Changelog](https://github.com/chef/inspec/compare/v1.14.0...v1.14.1)
 
 **Closed issues:**
 

data/docs/resources/crontab.md.erb

@@ -0,0 +1,62 @@
+---
+title: About the crontab Resource
+---
+
+# crontab
+
+Use the `crontab` InSpec audit resource to test the crontab entries for a particular user on the system.
+
+## Syntax
+
+A `crontab` resource block declares a user (which defaults to the current user, if not specified), and then the details to be tested, such as the schedule elements for each crontab entry or the commands itself:
+
+    describe crontab do
+      its('commands') { should include '/some/scheduled/task.sh' }
+    end
+
+## Matchers
+
+This InSpec audit resource has the following matchers:
+
+### be
+
+<%= partial "/shared/matcher_be" %>
+
+### cmp
+
+<%= partial "/shared/matcher_cmp" %>
+
+### eq
+
+<%= partial "/shared/matcher_eq" %>
+
+### include
+
+<%= partial "/shared/matcher_include" %>
+
+### match
+
+<%= partial "/shared/matcher_match" %>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test that root's crontab has a particular command
+
+    describe crontab('root') do
+      its('commands') { should include '/path/to/some/script' }
+    end
+
+### Test that myuser's crontab entry for command '/home/myuser/build.sh' runs every minute
+
+    describe crontab('myuser').commands('/home/myuser/build.sh') do
+      its('hours') { should cmp '*' }
+      its('minutes') { should cmp '*' }
+    end
+
+### Test that the logged-in user's crontab has no tasks set to run on every hour and every minute
+
+    describe crontab.where({'hour' => '*', 'minute' => '*'}) do
+      its('entries.length') { should cmp '0' }
+    end

data/examples/inheritance/inspec.lock

@@ -3,9 +3,9 @@ lockfile_version: 1
 depends:
 - name: profile
   resolved_source:
-    path: "/pub/git/inspec/examples/profile"
+    path: "/Users/aleff/projects/inspec/examples/profile"
   version_constraints: ">= 0"
 - name: profile-attribute
   resolved_source:
-    path: "/pub/git/inspec/examples/profile-attribute"
+    path: "/Users/aleff/projects/inspec/examples/profile-attribute"
   version_constraints: ">= 0"

data/examples/meta-profile/inspec.lock

@@ -9,7 +9,7 @@ depends:
 - name: ssl-benchmark
   resolved_source:
     url: https://github.com/dev-sec/ssl-benchmark/archive/master.tar.gz
-    sha256: 793adcbb91cfc2da0044bb9cbf0863773ae2cf89ce9b8343b4295b137f70897b
+    sha256: 9ad48391d4e6efff0a13d06736c5b075fb021410e0a629e087bc21e9617d957c
   version_constraints: ">= 0"
 - name: windows-patch-benchmark
   resolved_source:

data/inspec.gemspec

@@ -39,4 +39,5 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'parallel', '~> 1.9'
   spec.add_dependency 'rspec_junit_formatter', '~> 0.2.3'
   spec.add_dependency 'faraday', '>=0.9.0'
+  spec.add_dependency 'toml', '~> 0.1'
 end

data/lib/bundles/inspec-habitat.rb

@@ -0,0 +1,12 @@
+# encoding: utf-8
+# author: Adam Leff
+
+libdir = File.dirname(__FILE__)
+$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
+
+module Habitat
+  autoload :Log,     'inspec-habitat/log'
+  autoload :Profile, 'inspec-habitat/profile'
+end
+
+require 'inspec-habitat/cli'

data/lib/bundles/inspec-habitat/cli.rb

@@ -0,0 +1,32 @@
+# encoding: utf-8
+# author: Adam Leff
+
+require 'thor'
+
+module Habitat
+  class HabitatProfileCLI < Thor
+    namespace 'habitat profile'
+
+    desc 'create PATH', 'Create a Habitat artifact for the profile found at PATH'
+    option :output_dir, type: :string, required: false,
+      desc: 'Directory in which to save the generated Habitat artifact. Default: current directory'
+    def create(path)
+      puts options
+      Habitat::Profile.create(path, options)
+    end
+
+    desc 'upload PATH', 'Create a Habitat artifact for the profile found at PATH, and upload it to a Habitat Depot'
+    def upload(path)
+      Habitat::Profile.upload(path, options)
+    end
+  end
+
+  class HabitatCLI < Inspec::BaseCLI
+    namespace 'habitat'
+
+    desc 'profile', 'Manage InSpec profiles as Habitat artifacts'
+    subcommand 'profile', HabitatProfileCLI
+  end
+
+  Inspec::Plugins::CLI.add_subcommand(HabitatCLI, 'habitat', 'habitat SUBCOMMAND ...', 'Commands for InSpec + Habitat Integration', {})
+end

data/lib/bundles/inspec-habitat/log.rb

@@ -0,0 +1,10 @@
+# encoding: utf-8
+# author: Adam Leff
+
+require 'mixlib/log'
+
+module Habitat
+  class Log
+    extend Mixlib::Log
+  end
+end

data/lib/bundles/inspec-habitat/profile.rb

@@ -0,0 +1,334 @@
+# encoding: utf-8
+# author: Adam Leff
+
+require 'mixlib/shellout'
+require 'toml'
+
+module Habitat
+  class Profile # rubocop:disable Metrics/ClassLength
+    attr_reader :options, :path, :profile
+
+    def self.create(path, options = {})
+      creator = new(path, options)
+      hart_file = creator.create
+      creator.copy(hart_file)
+    ensure
+      creator.delete_work_dir
+    end
+
+    def self.upload(path, options = {})
+      uploader = new(path, options)
+      uploader.upload
+    ensure
+      uploader.delete_work_dir
+    end
+
+    def initialize(path, options = {})
+      @path    = path
+      @options = options
+
+      log_level = options.fetch('log_level', 'info')
+      Habitat::Log.level(log_level.to_sym)
+    end
+
+    def create
+      Habitat::Log.info("Creating a Habitat artifact for profile: #{path}")
+
+      validate_habitat_installed
+      validate_habitat_origin
+      create_profile_object
+      copy_profile_to_work_dir
+      create_plan
+      create_run_hook
+      create_default_config
+
+      # returns the path to the .hart file in the work directory
+      build_hart
+    rescue => e
+      Habitat::Log.debug(e.backtrace.join("\n"))
+      exit_with_error(
+        'Unable to generate Habitat artifact.',
+        "#{e.class} -- #{e.message}",
+      )
+    end
+
+    def copy(hart_file)
+      validate_output_dir
+
+      Habitat::Log.info("Copying artifact to #{output_dir}...")
+      copy_hart(hart_file)
+    end
+
+    def upload
+      validate_habitat_auth_token
+      hart_file = create
+      upload_hart(hart_file)
+    rescue => e
+      Habitat::Log.debug(e.backtrace.join("\n"))
+      exit_with_error(
+        'Unable to upload Habitat artifact.',
+        "#{e.class} -- #{e.message}",
+      )
+    end
+
+    def delete_work_dir
+      Habitat::Log.debug("Deleting work directory #{work_dir}")
+      FileUtils.rm_rf(work_dir) if Dir.exist?(work_dir)
+    end
+
+    private
+
+    def create_profile_object
+      @profile = Inspec::Profile.for_target(path, {})
+    end
+
+    def verify_profile
+      Habitat::Log.info('Checking to see if the profile is valid...')
+
+      unless profile.check[:summary][:valid]
+        exit_with_error('Profile check failed. Please fix the profile before creating a Habitat artifact.')
+      end
+
+      Habitat::Log.info('Profile is valid.')
+    end
+
+    def validate_habitat_installed
+      Habitat::Log.info('Checking to see if Habitat is installed...')
+      cmd = Mixlib::ShellOut.new('hab --version')
+      cmd.run_command
+      if cmd.error?
+        exit_with_error('Unable to run Habitat commands.', cmd.stderr)
+      end
+    end
+
+    def validate_habitat_origin
+      if habitat_origin.nil?
+        exit_with_error(
+          'Unable to determine Habitat origin name.',
+          'Run `hab setup` or set the HAB_ORIGIN environment variable.',
+        )
+      end
+    end
+
+    def validate_habitat_auth_token
+      if habitat_auth_token.nil?
+        exit_with_error(
+          'Unable to determine Habitat auth token for publishing.',
+          'Run `hab setup` or set the HAB_AUTH_TOKEN environment variable.',
+        )
+      end
+    end
+
+    def validate_output_dir
+      exit_with_error("Output directory #{output_dir} is not a directory or does not exist.") unless
+        File.directory?(output_dir)
+    end
+
+    def work_dir
+      return @work_dir if @work_dir
+
+      @work_dir ||= Dir.mktmpdir('inspec-habitat-exporter')
+      Dir.mkdir(File.join(@work_dir, 'src'))
+      Dir.mkdir(File.join(@work_dir, 'habitat'))
+      Dir.mkdir(File.join(@work_dir, 'habitat', 'hooks'))
+      Habitat::Log.debug("Generated work directory #{@work_dir}")
+
+      @work_dir
+    end
+
+    def copy_profile_to_work_dir
+      Habitat::Log.info('Copying profile contents to the work directory...')
+      profile.files.each do |f|
+        src = File.join(profile.root_path, f)
+        dst = File.join(work_dir, 'src', f)
+        if File.directory?(f)
+          Habitat::Log.debug("Creating directory #{dst}")
+          FileUtils.mkdir_p(dst)
+        else
+          Habitat::Log.debug("Copying file #{src} to #{dst}")
+          FileUtils.cp_r(src, dst)
+        end
+      end
+    end
+
+    def create_plan
+      plan_file = File.join(work_dir, 'habitat', 'plan.sh')
+      Habitat::Log.info("Generating Habitat plan at #{plan_file}...")
+      File.write(plan_file, plan_contents)
+    end
+
+    def create_run_hook
+      run_hook_file = File.join(work_dir, 'habitat', 'hooks', 'run')
+      Habitat::Log.info("Generating a Habitat run hook at #{run_hook_file}...")
+      File.write(run_hook_file, run_hook_contents)
+    end
+
+    def create_default_config
+      default_toml = File.join(work_dir, 'habitat', 'default.toml')
+      Habitat::Log.info("Generating Habitat's default.toml configuration...")
+      File.write(default_toml, 'sleep_time = 300')
+    end
+
+    def build_hart
+      Habitat::Log.info('Building our Habitat artifact...')
+
+      env = {
+        'TERM'               => 'vt100',
+        'HAB_ORIGIN'         => habitat_origin,
+        'HAB_NONINTERACTIVE' => 'true',
+      }
+
+      env['RUST_LOG'] = 'debug' if Habitat::Log.level == :debug
+
+      # TODO: Would love to use Mixlib::ShellOut here, but it doesn't
+      # seem to preserve the STDIN tty, and docker gets angry.
+      Dir.chdir(work_dir) do
+        unless system(env, 'hab studio build .')
+          exit_with_error('Unable to build the Habitat artifact.')
+        end
+      end
+
+      hart_files = Dir.glob(File.join(work_dir, 'results', '*.hart'))
+
+      if hart_files.length > 1
+        exit_with_error('More than one Habitat artifact was created which was not expected.')
+      elsif hart_files.empty?
+        exit_with_error('No Habitat artifact was created.')
+      end
+
+      hart_files.first
+    end
+
+    def copy_hart(working_dir_hart)
+      hart_basename = File.basename(working_dir_hart)
+      dst = File.join(output_dir, hart_basename)
+      FileUtils.cp(working_dir_hart, dst)
+
+      dst
+    end
+
+    def upload_hart(hart_file)
+      Habitat::Log.info('Uploading the Habitat artifact to our Depot...')
+
+      env = {
+        'TERM'               => 'vt100',
+        'HAB_AUTH_TOKEN'     => habitat_auth_token,
+        'HAB_NONINTERACTIVE' => 'true',
+      }
+
+      env['HAB_DEPOT_URL'] = ENV['HAB_DEPOT_URL'] if ENV['HAB_DEPOT_URL']
+
+      cmd = Mixlib::ShellOut.new("hab pkg upload #{hart_file}", env: env)
+      cmd.run_command
+      if cmd.error?
+        exit_with_error(
+          'Unable to upload Habitat artifact to the Depot.',
+          cmd.stdout,
+          cmd.stderr,
+        )
+      end
+
+      Habitat::Log.info('Upload complete!')
+    end
+
+    def habitat_origin
+      ENV['HAB_ORIGIN'] || habitat_cli_config['origin']
+    end
+
+    def habitat_auth_token
+      ENV['HAB_AUTH_TOKEN'] || habitat_cli_config['auth_token']
+    end
+
+    def habitat_cli_config
+      return @cli_config if @cli_config
+
+      config_file = File.join(ENV['HOME'], '.hab', 'etc', 'cli.toml')
+      return {} unless File.exist?(config_file)
+
+      @cli_config = TOML.load_file(config_file)
+    end
+
+    def output_dir
+      options[:output_dir] || Dir.pwd
+    end
+
+    def exit_with_error(*errors)
+      errors.each do |error_msg|
+        Habitat::Log.error(error_msg)
+      end
+
+      exit 1
+    end
+
+    def package_name
+      "inspec-profile-#{profile.name}"
+    end
+
+    def plan_contents
+      plan = <<-EOL
+pkg_name=#{package_name}
+pkg_version=#{profile.version}
+pkg_origin=#{habitat_origin}
+pkg_source="nosuchfile.tar.gz"
+pkg_deps=(chef/inspec)
+pkg_build_deps=()
+EOL
+
+      plan += "pkg_license='#{profile.metadata.params[:license]}'\n\n" if profile.metadata.params[:license]
+
+      plan += <<-EOL
+do_download() {
+  return 0
+}
+
+do_verify() {
+  return 0
+}
+
+do_unpack() {
+  return 0
+}
+
+do_build() {
+  cp -vr $PLAN_CONTEXT/../src/* $HAB_CACHE_SRC_PATH/$pkg_dirname
+}
+
+do_install() {
+  cp -R . ${pkg_prefix}/dist
+}
+      EOL
+
+      plan
+    end
+
+    def run_hook_contents
+      <<-EOL
+#!/bin/sh
+
+export PATH=${PATH}:$(hab pkg path core/ruby)/bin
+
+PROFILE_IDENT="#{habitat_origin}/#{package_name}"
+SLEEP_TIME={{cfg.sleep_time}}
+
+# InSpec will try to create a .inspec directory, so this needs to be somewhere writable by the hab user
+cd {{pkg.svc_var_path}}
+
+while true; do
+  echo "Executing InSpec for ${PROFILE_IDENT}"
+  hab pkg exec chef/inspec inspec exec $(hab pkg path ${PROFILE_IDENT})/dist --format=cli 2>&1
+  RC=$?
+
+  echo ""
+  if [ "x${RC}" == "x0" ]; then
+    echo "InSpec run completed successfully."
+  else
+    echo "InSpec run did NOT complete successfully."
+  fi
+
+  echo "sleeping for ${SLEEP_TIME} seconds"
+  sleep ${SLEEP_TIME}
+done
+      EOL
+    end
+  end
+end

data/lib/inspec/metadata.rb

@@ -177,13 +177,31 @@ module Inspec
       end
     end
 
-    def self.finalize(metadata, profile_id, logger = nil)
+    def self.finalize_name(metadata, profile_id, original_target)
+      # profile_id always overwrites whatever already exists as the name
+      unless profile_id.to_s.empty?
+        metadata.params[:name] = profile_id.to_s
+        return
+      end
+
+      # don't overwrite an existing name
+      return unless metadata.params[:name].nil?
+
+      # if there's a title, there is no need to set a name too
+      return unless metadata.params[:title].nil?
+
+      # create a new name based on the original target if it exists
+      metadata.params[:name] = "tests from #{original_target}" unless original_target.to_s.empty?
+    end
+
+    def self.finalize(metadata, profile_id, options, logger = nil)
       return nil if metadata.nil?
       param = metadata.params || {}
-      param['name'] = profile_id.to_s unless profile_id.to_s.empty?
+      options ||= {}
       param['version'] = param['version'].to_s unless param['version'].nil?
       metadata.params = symbolize_keys(param)
       metadata.params[:supports] = finalize_supports(metadata.params[:supports], logger)
+      finalize_name(metadata, profile_id, options[:target])
 
       metadata
     end
@@ -191,13 +209,13 @@ module Inspec
     def self.from_yaml(ref, contents, profile_id, logger = nil)
       res = Metadata.new(ref, logger)
       res.params = YAML.load(contents)
-      finalize(res, profile_id, logger)
+      finalize(res, profile_id, {}, logger)
     end
 
     def self.from_ruby(ref, contents, profile_id, logger = nil)
       res = Metadata.new(ref, logger)
       res.instance_eval(contents, ref, 1)
-      finalize(res, profile_id, logger)
+      finalize(res, profile_id, {}, logger)
     end
 
     def self.from_ref(ref, contents, profile_id, logger = nil)

data/lib/inspec/profile.rb

@@ -82,7 +82,7 @@ module Inspec
 
     # rubocop:disable Metrics/AbcSize
     def initialize(source_reader, options = {})
-      @target = options.delete(:target)
+      @target = options[:target]
       @logger = options[:logger] || Logger.new(nil)
       @locked_dependencies = options[:dependencies]
       @controls = options[:controls] || []
@@ -94,7 +94,7 @@ module Inspec
       @source_reader = source_reader
       @tests_collected = false
       @libraries_loaded = false
-      Metadata.finalize(@source_reader.metadata, @profile_id)
+      Metadata.finalize(@source_reader.metadata, @profile_id, options)
       @runner_context =
         options[:profile_context] ||
         Inspec::ProfileContext.for_profile(self, @backend, @attr_values)
@@ -318,8 +318,6 @@ module Inspec
 
       # display all files that will be part of the archive
       @logger.debug 'Add the following files to archive:'
-      root_path = @source_reader.target.prefix
-      files = @source_reader.target.files
       files.each { |f| @logger.debug '    ' + f }
 
       if opts[:zip]
@@ -350,6 +348,14 @@ module Inspec
       File.join(cwd, 'inspec.lock')
     end
 
+    def root_path
+      @source_reader.target.prefix
+    end
+
+    def files
+      @source_reader.target.files
+    end
+
     #
     # TODO(ssd): Relative path handling really needs to be carefully
     # thought through, especially with respect to relative paths in

data/lib/inspec/resource.rb

@@ -79,6 +79,7 @@ require 'resources/bash'
 require 'resources/bond'
 require 'resources/bridge'
 require 'resources/command'
+require 'resources/crontab'
 require 'resources/directory'
 require 'resources/etc_group'
 require 'resources/file'

data/lib/inspec/rspec_json_formatter.rb

@@ -217,7 +217,17 @@ class InspecRspecJson < InspecRspecMiniJson # rubocop:disable Metrics/ClassLengt
   end
 
   def profile_contains_example?(profile, example)
-    profile[:name] == example[:profile_id]
+    profile_name = profile[:name]
+    example_profile_id = example[:profile_id]
+
+    # if either the profile name is nil or the profile in the given example
+    # is nil, assume the profile doesn't contain the example and default
+    # to creating a new profile. Otherwise, for profiles that have no
+    # metadata, this may incorrectly match a profile that does not contain
+    # this example, leading to Ruby exceptions.
+    return false if profile_name.nil? || example_profile_id.nil?
+
+    profile_name == example_profile_id
   end
 
   def move_example_into_control(example, control)
@@ -238,27 +248,60 @@ end
 class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
   RSpec::Core::Formatters.register self, :close
 
-  COLORS = {
-    'critical' => "\033[38;5;9m",
-    'major'    => "\033[38;5;208m",
-    'minor'    => "\033[0;36m",
-    'failed'   => "\033[38;5;9m",
-    'passed'   => "\033[38;5;41m",
-    'skipped'  => "\033[38;5;247m",
-    'reset'    => "\033[0m",
-  }.freeze
-
-  INDICATORS = {
-    'critical' => '  ×  ',
-    'major'    => '  ∅  ',
-    'minor'    => '  ⊚  ',
-    'failed'   => '  ×  ',
-    'skipped'  => '  ↺  ',
-    'passed'   => '  ✔  ',
-    'unknown'  => '  ?  ',
-    'empty'    => '     ',
-    'small'    => '   ',
-  }.freeze
+  case RUBY_PLATFORM
+  when /windows|mswin|msys|mingw|cygwin/
+
+    # Most currently available Windows terminals have poor support
+    # for ANSI extended colors
+    COLORS = {
+      'critical' => "\033[0;1;31m",
+      'major'    => "\033[0;1;31m",
+      'minor'    => "\033[0;36m",
+      'failed'   => "\033[0;1;31m",
+      'passed'   => "\033[0;1;32m",
+      'skipped'  => "\033[0;37m",
+      'reset'    => "\033[0m",
+    }.freeze
+
+    # Most currently available Windows terminals have poor support
+    # for UTF-8 characters so use these boring indicators
+    INDICATORS = {
+      'critical' => '  [CRIT]  ',
+      'major'    => '  [MAJR]  ',
+      'minor'    => '  [MINR]  ',
+      'failed'   => '  [FAIL]  ',
+      'skipped'  => '  [SKIP]  ',
+      'passed'   => '  [PASS]  ',
+      'unknown'  => '  [UNKN]  ',
+      'empty'    => '     ',
+      'small'    => '   ',
+    }.freeze
+  else
+    # Extended colors for everyone else
+    COLORS = {
+      'critical' => "\033[38;5;9m",
+      'major'    => "\033[38;5;208m",
+      'minor'    => "\033[0;36m",
+      'failed'   => "\033[38;5;9m",
+      'passed'   => "\033[38;5;41m",
+      'skipped'  => "\033[38;5;247m",
+      'reset'    => "\033[0m",
+    }.freeze
+
+    # Groovy UTF-8 characters for everyone else...
+    # ...even though they probably only work on Mac
+    INDICATORS = {
+      'critical' => '  ×  ',
+      'major'    => '  ∅  ',
+      'minor'    => '  ⊚  ',
+      'failed'   => '  ×  ',
+      'skipped'  => '  ↺  ',
+      'passed'   => '  ✔  ',
+      'unknown'  => '  ?  ',
+      'empty'    => '     ',
+      'small'    => '   ',
+    }.freeze
+  end
 
   MULTI_TEST_CONTROL_SUMMARY_MAX_LEN = 60
 
@@ -458,7 +501,7 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
       output.puts "Profile: #{profile[:title]} (#{profile[:name] || 'unknown'})"
     end
 
-    output.puts 'Version: ' + (profile[:version] || 'unknown')
+    output.puts 'Version: ' + (profile[:version] || '(not specified)')
     print_target
     profile[:already_printed] = true
   end

data/lib/inspec/shell.rb

@@ -42,6 +42,8 @@ module Inspec
       # Add a help menu as the default intro
       Pry.hooks.add_hook(:before_session, 'inspec_intro') do
         intro
+        print_target_info
+        puts
       end
 
       # Track the rules currently registered and what their merge count is.
@@ -94,10 +96,20 @@ module Inspec
       puts
     end
 
+    def print_target_info
+      ctx = @runner.backend
+      puts <<EOF
+You are currently running on:
+
+    OS platform:  #{mark ctx.os[:name] || 'unknown'}
+    OS family:  #{mark ctx.os[:family] || 'unknown'}
+    OS release: #{mark ctx.os[:release] || 'unknown'}
+EOF
+    end
+
     def help(resource = nil)
       if resource.nil?
 
-        ctx = @runner.backend
         puts <<EOF
 
 Available commands:
@@ -110,14 +122,9 @@ Available commands:
 You can use resources in this environment to test the target machine. For example:
 
     command('uname -a').stdout
-    file('/proc/cpuinfo').content => "value",
-
-You are currently running on:
-
-    OS platform:  #{mark ctx.os[:name] || 'unknown'}
-    OS family:  #{mark ctx.os[:family] || 'unknown'}
-    OS release: #{mark ctx.os[:release] || 'unknown'}
+    file('/proc/cpuinfo').content => "value"
 
+#{print_target_info}
 EOF
       elsif resource == 'resources'
         resources

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '1.14.1'.freeze
+  VERSION = '1.15.0'.freeze
 end

data/lib/resources/crontab.rb

@@ -0,0 +1,83 @@
+# encoding: utf-8
+# author: Adam Leff
+
+require 'utils/parser'
+require 'utils/filter'
+
+module Inspec::Resources
+  class Crontab < Inspec.resource(1)
+    name 'crontab'
+    desc 'Use the crontab InSpec audit resource to test the contents of the crontab for a given user which contains information about scheduled tasks owned by that user.'
+    example "
+      describe crontab('root') do
+        its('commands') { should include '/path/to/some/script' }
+      end
+
+      describe crontab('myuser').commands('/home/myuser/build.sh') do
+        its('hours') { should cmp '*' }
+        its('minutes') { should cmp '*' }
+      end
+
+      describe crontab.where({'hour' => '*', 'minute' => '*'}) do
+        its('entries.length') { should cmp '0' }
+      end
+    "
+
+    attr_reader :params
+
+    include CommentParser
+
+    def initialize(user = nil)
+      @user   = user
+      @params = read_crontab
+
+      return skip_resource 'The `crontab` resource is not supported on your OS.' unless inspec.os.unix?
+    end
+
+    def read_crontab
+      inspec.command(crontab_cmd).stdout.lines.map { |l| parse_crontab_line(l) }.compact
+    end
+
+    def parse_crontab_line(l)
+      data, = parse_comment_line(l, comment_char: '#', standalone_comments: false)
+      return nil if data.nil? || data.empty?
+
+      elements = data.split(/\s+/, 6)
+      {
+        'minute'  => elements.at(0),
+        'hour'    => elements.at(1),
+        'day'     => elements.at(2),
+        'month'   => elements.at(3),
+        'weekday' => elements.at(4),
+        'command' => elements.at(5),
+      }
+    end
+
+    def crontab_cmd
+      @user.nil? ? 'crontab -l' : "crontab -l -u #{@user}"
+    end
+
+    filter = FilterTable.create
+    filter.add_accessor(:where)
+          .add_accessor(:entries)
+          .add(:minutes,  field: 'minute')
+          .add(:hours,    field: 'hour')
+          .add(:days,     field: 'day')
+          .add(:months,   field: 'month')
+          .add(:weekdays, field: 'weekday')
+          .add(:commands, field: 'command')
+
+    # rebuild the crontab line from raw content
+    filter.add(:content) { |t, _|
+      t.entries.map do |e|
+        [e.minute, e.hour, e.day, e.month, e.weekday, e.command].join(' ')
+      end.join("\n")
+    }
+
+    filter.connect(self, :params)
+
+    def to_s
+      @user.nil? ? 'crontab for current user' : "crontab for user #{@user}"
+    end
+  end
+end

data/lib/resources/package.rb

@@ -29,7 +29,7 @@ module Inspec::Resources
       os = inspec.os
       if os.debian?
         @pkgman = Deb.new(inspec)
-      elsif %w{redhat suse amazon fedora}.include?(os[:family])
+      elsif os.redhat? || %w{suse amazon fedora}.include?(os[:family])
         @pkgman = Rpm.new(inspec)
       elsif ['arch'].include?(os[:family])
         @pkgman = Pacman.new(inspec)

data/lib/resources/packages.rb

@@ -23,12 +23,17 @@ module Inspec::Resources
     "
 
     def initialize(pattern)
-      @command = packages_command
-
-      return skip_resource "The packages resource is not yet supported on OS #{inspec.os.name}" unless @command
+      os = inspec.os
+      if os.debian?
+        @pkgs = Debs.new(inspec)
+      elsif os.redhat? || %w{suse amazon fedora}.include?(os[:family])
+        @pkgs = Rpms.new(inspec)
+      else
+        return skip_resource "The packages resource is not yet supported on OS #{inspec.os.name}"
+      end
 
       @pattern = pattern_regexp(pattern)
-      all_pkgs = build_package_list(@command)
+      all_pkgs = @pkgs.build_package_list
       @list = all_pkgs.find_all do |hm|
         hm[:name] =~ @pattern
       end
@@ -48,14 +53,6 @@ module Inspec::Resources
 
     private
 
-    def packages_command
-      os = inspec.os
-      if os.debian?
-        command = "dpkg-query -W -f='${db:Status-Abbrev} ${Package} ${Version}\\n'"
-      end
-      command
-    end
-
     def pattern_regexp(p)
       if p.class == String
         Regexp.new(Regexp.escape(p))
@@ -67,21 +64,48 @@ module Inspec::Resources
     end
 
     def filtered_packages
-      warn "The packages resource is not yet supported on OS #{inspec.os.name}" unless @command
+      warn "The packages resource is not yet supported on OS #{inspec.os.name}" if resource_skipped
       @list
     end
+  end
 
-    Package = Struct.new(:status, :name, :version)
+  class PkgsManagement
+    PackageStruct = Struct.new(:status, :name, :version)
+    attr_reader :inspec
+    def initialize(inspec)
+      @inspec = inspec
+    end
+  end
 
-    def build_package_list(command)
+  # Debian / Ubuntu
+  class Debs < PkgsManagement
+    def build_package_list
+      # use two spaces as delimiter in case any of the fields has a space in it
+      command = "dpkg-query -W -f='${db:Status-Abbrev}  ${Package}  ${Version}\\n'"
       cmd = inspec.command(command)
-      all = cmd.stdout.split("\n")[1..-1]
+      all = cmd.stdout.split("\n")
       return [] if all.nil?
       all.map do |m|
-        a = m.split
+        a = m.split(/ {2,}/)
         a[0] = 'installed' if a[0] =~ /^.i/
         a[2] = a[2].split(':').last
-        Package.new(*a)
+        PackageStruct.new(*a)
+      end
+    end
+  end
+
+  # RedHat family
+  class Rpms < PkgsManagement
+    def build_package_list
+      # use two spaces as delimiter in case any of the fields has a space in it
+      command = "rpm -qa --queryformat '%{NAME}  %{VERSION}-%{RELEASE}\\n'"
+      cmd = inspec.command(command)
+      all = cmd.stdout.split("\n")
+      return [] if all.nil?
+      all.map do |m|
+        a = m.split('  ')
+        a.unshift('installed')
+        PackageStruct.new(*a)
       end
     end
   end

data/lib/source_readers/inspec.rb

@@ -27,7 +27,7 @@ module SourceReaders
 
     # This create a new instance of an InSpec profile source reader
     #
-    # @param [SourceReader] target
+    # @param [FileProvider] target An instance of a FileProvider object that can list files and read them
     # @param [String] metadata_source eg. inspec.yml or metadata.rb
     def initialize(target, metadata_source)
       @target = target

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 1.14.1
+  version: 1.15.0
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-02-10 00:00:00.000000000 Z
+date: 2017-02-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
@@ -232,6 +232,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.9.0
+- !ruby/object:Gem::Dependency
+  name: toml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
 description: InSpec provides a framework for creating end-to-end infrastructure tests.
   You can use it for integration or even compliance testing. Create fully portable
   test profiles and use them in your workflow to ensure stability and security. Integrate
@@ -272,6 +286,7 @@ files:
 - docs/resources/bridge.md.erb
 - docs/resources/bsd_service.md.erb
 - docs/resources/command.md.erb
+- docs/resources/crontab.md.erb
 - docs/resources/csv.md.erb
 - docs/resources/directory.md.erb
 - docs/resources/etc_group.md.erb
@@ -370,7 +385,7 @@ files:
 - examples/meta-profile/inspec.lock
 - examples/meta-profile/inspec.yml
 - examples/meta-profile/vendor/3d473e72d8b70018386a53e0a105e92ccbb4115dc268cadc16ff53d550d2898e.tar.gz
-- examples/meta-profile/vendor/793adcbb91cfc2da0044bb9cbf0863773ae2cf89ce9b8343b4295b137f70897b.tar.gz
+- examples/meta-profile/vendor/9ad48391d4e6efff0a13d06736c5b075fb021410e0a629e087bc21e9617d957c.tar.gz
 - examples/meta-profile/vendor/e25d521fb1093b4c23b31a7dc8f41b5540236f4a433960b151bc427523662ab6.tar.gz
 - examples/profile-attribute.yml
 - examples/profile-attribute/README.md
@@ -380,7 +395,6 @@ files:
 - examples/profile/controls/example.rb
 - examples/profile/controls/gordon.rb
 - examples/profile/controls/meta.rb
-- examples/profile/inspec.lock
 - examples/profile/inspec.yml
 - examples/profile/libraries/gordon_config.rb
 - inspec.gemspec
@@ -400,6 +414,10 @@ files:
 - lib/bundles/inspec-compliance/support.rb
 - lib/bundles/inspec-compliance/target.rb
 - lib/bundles/inspec-compliance/test/integration/default/cli.rb
+- lib/bundles/inspec-habitat.rb
+- lib/bundles/inspec-habitat/cli.rb
+- lib/bundles/inspec-habitat/log.rb
+- lib/bundles/inspec-habitat/profile.rb
 - lib/bundles/inspec-init.rb
 - lib/bundles/inspec-init/README.md
 - lib/bundles/inspec-init/cli.rb
@@ -474,7 +492,6 @@ files:
 - lib/inspec/source_reader.rb
 - lib/inspec/version.rb
 - lib/matchers/matchers.rb
-- lib/resources/.ssh_conf.rb.swp
 - lib/resources/apache.rb
 - lib/resources/apache_conf.rb
 - lib/resources/apt.rb
@@ -485,6 +502,7 @@ files:
 - lib/resources/bond.rb
 - lib/resources/bridge.rb
 - lib/resources/command.rb
+- lib/resources/crontab.rb
 - lib/resources/csv.rb
 - lib/resources/directory.rb
 - lib/resources/etc_group.rb
@@ -575,7 +593,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: Infrastructure and compliance testing.

data/examples/profile/inspec.lock

@@ -1,3 +0,0 @@
----
-lockfile_version: 1
-depends: []