inspec 1.45.9 → 1.45.13

data/lib/inspec/objects/test.rb

@@ -42,7 +42,7 @@ module Inspec
     def describe_chain
       return nil if @qualifier.empty?
 
-      resource = (@qualifier.length > 1) ? @qualifier[0..-2] : [@qualifier[0]]
+      resource = @qualifier.length > 1 ? @qualifier[0..-2] : [@qualifier[0]]
       res = resource.map { |q| ruby_qualifier(q) }.join('.')
       xres = nil
 

data/lib/inspec/profile.rb

@@ -106,7 +106,7 @@ module Inspec
       # we share the backend between profiles.
       #
       # This will cause issues if a profile attempts to load a file via `inspec.profile.file`
-      train_options = options.select { |k, _| k != 'target' } # See https://github.com/chef/inspec/pull/1646
+      train_options = options.reject { |k, _| k == 'target' } # See https://github.com/chef/inspec/pull/1646
       @backend = options[:backend].nil? ? Inspec::Backend.create(train_options) : options[:backend].dup
       @runtime_profile = RuntimeProfile.new(self)
       @backend.profile = @runtime_profile
@@ -421,7 +421,7 @@ module Inspec
               [['inspec.yml', source_reader.metadata.content]] +
               [['inspec.lock.deps', YAML.dump(deps)]]
 
-      files.sort { |a, b| a[0] <=> b[0] }
+      files.sort_by { |a| a[0] }
            .map { |f| res << f[0] << "\0" << f[1] << "\0" }
 
       res.digest.unpack('H*')[0]

data/lib/inspec/resource.rb

@@ -66,9 +66,7 @@ module Inspec
   end
 
   def self.validate_resource_dsl_version!(version)
-    if version != 1
-      raise 'Only resource version 1 is supported!'
-    end
+    raise 'Only resource version 1 is supported!' if version != 1
   end
 end
 

data/lib/inspec/rspec_json_formatter.rb

@@ -455,10 +455,10 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
   end
 
   def print_last_control_with_examples
-    if @last_control
-      print_control(@last_control)
-      @last_control.examples.each { |example| print_result(example) }
-    end
+    return unless @last_control
+
+    print_control(@last_control)
+    @last_control.examples.each { |example| print_result(example) }
   end
 
   def last_control_is_anonymous?
@@ -634,8 +634,7 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     s = format('Profile Summary: %s, %s, %s',
                format_with_color(success_color, success_str),
                format_with_color(failed_color, failed_str),
-               format_with_color(skipped_color, skipped_str),
-              )
+               format_with_color(skipped_color, skipped_str))
     output.puts(s) if summary['total'] > 0
   end
 
@@ -651,8 +650,7 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     s = format('Test Summary: %s, %s, %s',
                format_with_color(success_color, "#{summary['passed']} successful"),
                format_with_color(failed_color, failed_str),
-               format_with_color(skipped_color, "#{summary['skipped']} skipped"),
-              )
+               format_with_color(skipped_color, "#{summary['skipped']} skipped"))
 
     output.puts(s)
   end

data/lib/inspec/shell.rb

@@ -103,35 +103,34 @@ module Inspec
 
     def print_target_info
       ctx = @runner.backend
-      puts <<EOF
-You are currently running on:
+      puts <<~EOF
+        You are currently running on:
 
-    OS platform: #{mark ctx.os[:name] || 'unknown'}
-    OS family: #{mark ctx.os[:family] || 'unknown'}
-    OS release: #{mark ctx.os[:release] || 'unknown'}
-EOF
+            OS platform: #{mark ctx.os[:name] || 'unknown'}
+            OS family: #{mark ctx.os[:family] || 'unknown'}
+            OS release: #{mark ctx.os[:release] || 'unknown'}
+      EOF
     end
 
     def help(topic = nil)
       if topic.nil?
 
-        puts <<EOF
+        puts <<~EOF
+          Available commands:
 
-Available commands:
+              `[resource]` - run resource on target machine
+              `help resources` - show all available resources that can be used as commands
+              `help [resource]` - information about a specific resource
+              `help matchers` - show information about common matchers
+              `exit` - exit the InSpec shell
 
-    `[resource]` - run resource on target machine
-    `help resources` - show all available resources that can be used as commands
-    `help [resource]` - information about a specific resource
-    `help matchers` - show information about common matchers
-    `exit` - exit the InSpec shell
+          You can use resources in this environment to test the target machine. For example:
 
-You can use resources in this environment to test the target machine. For example:
+              command('uname -a').stdout
+              file('/proc/cpuinfo').content => "value"
 
-    command('uname -a').stdout
-    file('/proc/cpuinfo').content => "value"
-
-#{print_target_info}
-EOF
+          #{print_target_info}
+        EOF
       elsif topic == 'resources'
         resources.sort.each do |resource|
           puts " - #{resource}"
@@ -164,60 +163,60 @@ EOF
     end
 
     def print_matchers_help
-      puts <<-EOL
-Matchers are used to compare resource values to expectations. While some
-resources implement their own custom matchers, the following matchers are
-common amongst all resources:
+      puts <<~EOL
+        Matchers are used to compare resource values to expectations. While some
+        resources implement their own custom matchers, the following matchers are
+        common amongst all resources:
 
-#{mark 'be'}
+        #{mark 'be'}
 
-The #{mark 'be'} matcher can be used to compare numeric values.
+        The #{mark 'be'} matcher can be used to compare numeric values.
 
-   its('size') { should be >= 10 }
+          its('size') { should be >= 10 }
 
-#{mark 'cmp'}
+        #{mark 'cmp'}
 
-The #{mark 'cmp'} matcher is like #{mark 'eq'} but less restrictive. It will try
-to fit the resource value to the expectation.
+        The #{mark 'cmp'} matcher is like #{mark 'eq'} but less restrictive. It will try
+        to fit the resource value to the expectation.
 
-"Protocol" likely returns a string, but cmp will ensure it's a number before
-comparing:
+        "Protocol" likely returns a string, but cmp will ensure it's a number before
+        comparing:
 
-  its('Protocol') { should cmp 2 }
-  its('Protocol') { should cmp '2' }
+          its('Protocol') { should cmp 2 }
+          its('Protocol') { should cmp '2' }
 
-"users" may return an array, but if it contains only one item, cmp will compare
-it as a string or number as needed:
+        "users" may return an array, but if it contains only one item, cmp will compare
+        it as a string or number as needed:
 
-  its('users') { should cmp 'root' }
+          its('users') { should cmp 'root' }
 
-cmp is not case-sensitive:
+        cmp is not case-sensitive:
 
-  its('log_format') { should cmp 'raw' }
-  its('log_format') { should cmp 'RAW' }
+          its('log_format') { should cmp 'raw' }
+          its('log_format') { should cmp 'RAW' }
 
-#{mark 'eq'}
+        #{mark 'eq'}
 
-The #{mark 'eq'} matcher tests for exact equality of two values. Value type
-(string, number, etc.) is important and must be the same. For a less-restrictive
-comparison matcher, use the #{mark 'cmp'} matcher.
+        The #{mark 'eq'} matcher tests for exact equality of two values. Value type
+        (string, number, etc.) is important and must be the same. For a less-restrictive
+        comparison matcher, use the #{mark 'cmp'} matcher.
 
-  its('RSAAuthentication') { should_not eq 'no' }
+          its('RSAAuthentication') { should_not eq 'no' }
 
-#{mark 'include'}
+        #{mark 'include'}
 
-The #{mark 'include'} matcher tests to see if a value is included in a list.
+        The #{mark 'include'} matcher tests to see if a value is included in a list.
 
-  its('users') { should include 'my_user' }
+          its('users') { should include 'my_user' }
 
-#{mark 'match'}
+        #{mark 'match'}
 
-The #{mark 'match'} matcher can be used to test a string for a match using a
-regular expression.
+        The #{mark 'match'} matcher can be used to test a string for a match using a
+        regular expression.
 
-  its('content') { should_not match /^MyKey:\\s+some value/ }
+          its('content') { should_not match /^MyKey:\\s+some value/ }
 
-For more examples, see: https://www.inspec.io/docs/reference/matchers/
+        For more examples, see: https://www.inspec.io/docs/reference/matchers/
 
       EOL
     end

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '1.45.9'
+  VERSION = '1.45.13'
 end

data/lib/matchers/matchers.rb

@@ -266,7 +266,7 @@ end
 # - compare strings case-insensitive
 # - you expect a number (strings will be converted if possible)
 #
-RSpec::Matchers.define :cmp do |first_expected|
+RSpec::Matchers.define :cmp do |first_expected| # rubocop:disable Metrics/BlockLength
 
   def integer?(value)
     !(value =~ /\A0+\Z|\A[1-9]\d*\Z/).nil?
@@ -324,7 +324,6 @@ RSpec::Matchers.define :cmp do |first_expected|
 
     # fallback to simple operation
     actual.method(op).call(expected)
-
   rescue NameError => _
     false
   rescue ArgumentError

data/lib/resources/audit_policy.rb

@@ -43,9 +43,9 @@ module Inspec::Resources
 
       # find line
       target = nil
-      result.each_line {|s|
+      result.each_line do |s|
         target = s.strip if s =~ /\b.*#{key}.*\b/
-      }
+      end
 
       # extract value
       values = nil

data/lib/resources/auditd.rb

@@ -101,7 +101,8 @@ module Inspec::Resources
           'permissions' => perms,
           'key' => key,
           'fields_nokey' => fields_nokey,
-        },)
+        },
+      )
     end
 
     def syscall_rules_for(line)
@@ -128,7 +129,8 @@ module Inspec::Resources
             'permissions' => perms,
             'exit' => exit_field,
             'fields_nokey' => fields_nokey,
-          },)
+          },
+        )
       end
     end
 
@@ -142,7 +144,8 @@ module Inspec::Resources
           'file' => file,
           'key' => key,
           'permissions' => perms,
-        },)
+        },
+      )
     end
 
     def to_s

data/lib/resources/dh_params.rb

@@ -26,8 +26,7 @@ class DhParams < Inspec.resource(1)
   def initialize(filename)
     @dh_params_path = filename
     file = inspec.file(@dh_params_path)
-    return skip_resource 'Unable to find DH parameters file ' \
-      "#{@dh_params_path}" unless file.exist?
+    return skip_resource "Unable to find DH parameters file #{@dh_params_path}" unless file.exist?
 
     begin
       @dh_params = OpenSSL::PKey::DH.new file.content

data/lib/resources/docker.rb

@@ -146,7 +146,7 @@ module Inspec::Resources
       # @see https://github.com/moby/moby/issues/20625, works for docker 1.13+
       # raw_containers = inspec.command('docker ps -a --no-trunc --format \'{{ json . }}\'').stdout
       # therefore we stick with older approach
-      labels = %w{Command CreatedAt ID Image Labels  Mounts Names Ports RunningFor Size Status}
+      labels = %w{Command CreatedAt ID Image Labels Mounts Names Ports RunningFor Size Status}
 
       # Networks LocalVolumes work with 1.13+ only
       if !version.empty? && Gem::Version.new(version['Client']['Version']) >= Gem::Version.new('1.13')
@@ -183,7 +183,7 @@ module Inspec::Resources
     end
 
     def ensure_container_keys(entry)
-      %w{Command CreatedAt ID Image Labels  Mounts Names Ports RunningFor Size Status Networks LocalVolumes}.each { |key|
+      %w{Command CreatedAt ID Image Labels Mounts Names Ports RunningFor Size Status Networks LocalVolumes}.each { |key|
         entry[key.downcase] = nil if !entry.key?(key.downcase)
       }
       entry

data/lib/resources/docker_container.rb

@@ -63,10 +63,10 @@ module Inspec::Resources
     end
 
     def command
-      if container_info.entries.length == 1
-        cmd = container_info.commands[0]
-        cmd.slice(1, cmd.length - 2)
-      end
+      return unless container_info.entries.length == 1
+
+      cmd = container_info.commands[0]
+      cmd.slice(1, cmd.length - 2)
     end
 
     def image

data/lib/resources/elasticsearch.rb

@@ -154,9 +154,7 @@ module Inspec::Resources
         raise 'Connection refused - peer certificate issuer is not recognized'
       end
 
-      if !cmd.exit_status.zero?
-        raise "Error fetching Elastcsearch data from curl #{url}: #{cmd.stderr}"
-      end
+      raise "Error fetching Elastcsearch data from curl #{url}: #{cmd.stderr}" unless cmd.exit_status.zero?
     end
 
     def verify_json_payload!(content)
@@ -164,9 +162,7 @@ module Inspec::Resources
         raise "#{content['error']['type']}: #{content['error']['reason']}"
       end
 
-      if content['_nodes']['successful'].zero?
-        raise 'No successful nodes available in cluster'
-      end
+      raise 'No successful nodes available in cluster' if content['_nodes']['successful'].zero?
     end
   end
 end

data/lib/resources/etc_group.rb

@@ -49,13 +49,11 @@ module Inspec::Resources
     end
 
     def groups(filter = nil)
-      entries = filter || @entries
-      entries.map { |x| x['name'] } if !entries.nil?
+      (filter || @entries)&.map { |x| x['name'] }
     end
 
     def gids(filter = nil)
-      entries = filter || @entries
-      entries.map { |x| x['gid'] } if !entries.nil?
+      (filter || @entries)&.map { |x| x['gid'] }
     end
 
     def users(filter = nil)

data/lib/resources/groups.rb

@@ -157,20 +157,20 @@ module Inspec::Resources
   class WindowsGroup < GroupInfo
     # returns all local groups
     def groups
-      script = <<-EOH
-Function  ConvertTo-SID { Param([byte[]]$BinarySID)
-  (New-Object  System.Security.Principal.SecurityIdentifier($BinarySID,0)).Value
-}
-
-$Computername =  $Env:Computername
-$adsi  = [ADSI]"WinNT://$Computername"
-$groups = $adsi.Children | where {$_.SchemaClassName -eq  'group'} |  ForEach {
-  $name = $_.Name[0]
-  $sid = ConvertTo-SID -BinarySID $_.ObjectSID[0]
-  $group =[ADSI]$_.Path
-  new-object psobject -property @{name = $group.Name[0]; gid = $sid; domain=$Computername}
-}
-$groups | ConvertTo-Json -Depth 3
+      script = <<~EOH
+        Function  ConvertTo-SID { Param([byte[]]$BinarySID)
+          (New-Object  System.Security.Principal.SecurityIdentifier($BinarySID,0)).Value
+        }
+
+        $Computername =  $Env:Computername
+        $adsi  = [ADSI]"WinNT://$Computername"
+        $groups = $adsi.Children | where {$_.SchemaClassName -eq  'group'} |  ForEach {
+          $name = $_.Name[0]
+          $sid = ConvertTo-SID -BinarySID $_.ObjectSID[0]
+          $group =[ADSI]$_.Path
+          new-object psobject -property @{name = $group.Name[0]; gid = $sid; domain=$Computername}
+        }
+        $groups | ConvertTo-Json -Depth 3
       EOH
       cmd = inspec.powershell(script)
       # cannot rely on exit code for now, successful command returns exit code 1

data/lib/resources/host.rb

@@ -70,9 +70,8 @@ module Inspec::Resources
       end
 
       missing_requirements = @host_provider.missing_requirements(protocol)
-      unless missing_requirements.empty?
-        return skip_resource "The following requirements are not met for this resource: #{missing_requirements.join(', ')}"
-      end
+      return skip_resource 'The following requirements are not met for this resource: ' \
+        "#{missing_requirements.join(', ')}" unless missing_requirements.empty?
     end
 
     def proto

data/lib/resources/packages.rb

@@ -97,7 +97,7 @@ module Inspec::Resources
   class Rpms < PkgsManagement
     def build_package_list
       # use two spaces as delimiter in case any of the fields has a space in it
-      command = "rpm -qa --queryformat '%{NAME}  %{VERSION}-%{RELEASE}\\n'"
+      command = "rpm -qa --queryformat '%{NAME}  %{VERSION}-%{RELEASE}\\n'" # rubocop:disable Style/FormatStringToken
       cmd = inspec.command(command)
       all = cmd.stdout.split("\n")
       return [] if all.nil?

data/lib/resources/port.rb

@@ -242,7 +242,7 @@ module Inspec::Resources
           procs[proc_id] = [] unless procs.key?(proc_id)
 
           # change address '*' to zero
-          host = (port_id =~ /^ipv6:/) ? '[::]' : '0.0.0.0' if host == '*'
+          host = port_id =~ /^ipv6:/ ? '[::]' : '0.0.0.0' if host == '*'
           # entrust URI to scrub the host and port
           begin
             uri = URI("addr://#{host}:#{port}")