inspec 1.51.0 → 1.51.6

data/lib/inspec/reporters/json.rb

@@ -0,0 +1,132 @@
+# encoding: utf-8
+
+require 'json'
+
+module Inspec::Reporters
+  class Json < Base
+    def render
+      report = {
+        platform: platform,
+        profiles: profiles,
+        statistics: { duration: run_data[:statistics][:duration] },
+        version: run_data[:version],
+        controls: controls,
+        other_checks: run_data[:other_checks],
+      }
+
+      output(report.to_json)
+    end
+
+    private
+
+    def platform
+      {
+        name: run_data[:platform][:name],
+        release: run_data[:platform][:release],
+      }
+    end
+
+    def controls
+      controls = []
+      return controls if run_data[:controls].nil?
+
+      run_data[:controls].each do |c|
+        control = {
+          status: c[:status],
+          start_time: c[:start_time],
+          run_time: c[:run_time],
+          code_desc: c[:code_desc],
+        }
+        control[:resource] = c[:resource] if c[:resource]
+        control[:skip_message] = c[:skip_message] if c[:skip_message]
+        control[:exception] = c[:exception] if c[:exception]
+        control[:backtrace] = c[:backtrace] if c[:backtrace]
+
+        controls << control
+      end
+      controls
+    end
+
+    def profile_results(control)
+      results = []
+      return results if control[:results].nil?
+
+      control[:results].each do |r|
+        result = {
+          status: r[:status],
+          code_desc: r[:code_desc],
+          run_time: r[:run_time],
+          start_time: r[:start_time],
+        }
+        result[:resource] = r[:resource] if r[:resource]
+        result[:skip_message] = r[:skip_message] if r[:skip_message]
+
+        results << result
+      end
+      results
+    end
+
+    def profile_controls(profile)
+      controls = []
+      return controls if profile[:controls].nil?
+
+      profile[:controls].each do |c|
+        control = {
+          id: c[:id],
+          title: c[:title],
+          desc: c[:desc],
+          impact: c[:impact],
+          refs: c[:refs],
+          tags: c[:tags],
+          code: c[:code],
+          source_location: {
+            line: c[:source_location][:line],
+            ref: c[:source_location][:ref],
+          },
+          results: profile_results(c),
+        }
+        controls << control
+      end
+      controls
+    end
+
+    def profile_groups(profile)
+      groups = []
+      return groups if profile[:groups].nil?
+
+      profile[:groups].each do |g|
+        group = {
+          id: g[:id],
+          controls: g[:controls],
+        }
+        group[:title] = g[:title] if g[:title]
+
+        groups << group
+      end
+      groups
+    end
+
+    def profiles
+      profiles = []
+      run_data[:profiles].each do |p|
+        profile = {
+          name: p[:name],
+          version: p[:version],
+          sha256: p[:sha256],
+          title: p[:title],
+          maintainer: p[:maintainer],
+          summary: p[:summary],
+          license: p[:license],
+          copyright: p[:copyright],
+          copyright_email: p[:copyright_email],
+          supports: p[:supports],
+          attributes: p[:attributes],
+          groups: profile_groups(p),
+          controls: profile_controls(p),
+        }
+        profiles << profile.reject { |_k, v| v.nil? }
+      end
+      profiles
+    end
+  end
+end

data/lib/inspec/reporters/json_min.rb

@@ -0,0 +1,44 @@
+# encoding: utf-8
+
+require 'json'
+
+module Inspec::Reporters
+  class JsonMin < Base
+    def render # rubocop:disable Metrics/AbcSize
+      report = {
+        controls: [],
+        statistics: { duration: run_data[:statistics][:duration] },
+        version: run_data[:version],
+      }
+
+      # collect all test results and add them to the report
+      run_data[:profiles].each do |profile|
+        profile_id = profile[:name]
+        next unless profile[:controls]
+        profile[:controls].each do |control|
+          control_id = control[:id]
+          next unless control[:results]
+          control[:results].each do |result|
+            result_for_report = {
+              id: control_id,
+              profile_id: profile_id,
+              profile_sha256: profile[:sha256],
+              status: result[:status],
+              code_desc: result[:code_desc],
+            }
+
+            result_for_report[:skip_message] = result[:skip_message] if result.key?(:skip_message)
+            result_for_report[:resource] = result[:resource] if result.key?(:resource)
+            result_for_report[:message] = result[:message] if result.key?(:message)
+            result_for_report[:exception] = result[:exception] if result.key?(:exception)
+            result_for_report[:backtrace] = result[:backtrace] if result.key?(:backtrace)
+
+            report[:controls] << result_for_report
+          end
+        end
+      end
+
+      output(report.to_json)
+    end
+  end
+end

data/lib/inspec/reporters/junit.rb

@@ -0,0 +1,77 @@
+# encoding: utf-8
+
+module Inspec::Reporters
+  class Junit < Base
+    def render
+      require 'rexml/document'
+      xml_output = REXML::Document.new
+      xml_output.add(REXML::XMLDecl.new)
+
+      testsuites = REXML::Element.new('testsuites')
+      xml_output.add(testsuites)
+
+      run_data[:profiles].each do |profile|
+        testsuites.add(build_profile_xml(profile))
+      end
+
+      formatter = REXML::Formatters::Pretty.new
+      formatter.compact = true
+      output(formatter.write(xml_output.xml_decl, ''))
+      output(formatter.write(xml_output.root, ''))
+    end
+
+    private
+
+    def build_profile_xml(profile)
+      profile_xml = REXML::Element.new('testsuite')
+      profile_xml.add_attribute('name', profile[:name])
+      profile_xml.add_attribute('tests', count_profile_tests(profile))
+      profile_xml.add_attribute('failed', count_profile_failed_tests(profile))
+
+      profile[:controls].each do |control|
+        next if control[:results].nil?
+
+        control[:results].each do |result|
+          profile_xml.add(build_result_xml(profile[:name], control, result))
+        end
+      end
+
+      profile_xml
+    end
+
+    def build_result_xml(profile_name, control, result)
+      result_xml = REXML::Element.new('testcase')
+      result_xml.add_attribute('name', result[:code_desc])
+      result_xml.add_attribute('classname', control[:title].nil? ? "#{profile_name}.Anonymous" : "#{profile_name}.#{control[:id]}")
+      result_xml.add_attribute('time', result[:run_time])
+
+      if result[:status] == 'failed'
+        failure_element = REXML::Element.new('failure')
+        failure_element.add_attribute('message', result[:message])
+        result_xml.add(failure_element)
+      elsif result[:status] == 'skipped'
+        result_xml.add_element('skipped')
+      end
+
+      result_xml
+    end
+
+    def count_profile_tests(profile)
+      profile[:controls].reduce(0) { |acc, elem|
+        acc + (elem[:results].nil? ? 0 : elem[:results].count)
+      }
+    end
+
+    def count_profile_failed_tests(profile)
+      profile[:controls].reduce(0) { |acc, elem|
+        if elem[:results].nil?
+          acc
+        else
+          acc + elem[:results].reduce(0) { |fail_test_total, test_case|
+            test_case[:status] == 'failed' ? fail_test_total + 1 : fail_test_total
+          }
+        end
+      }
+    end
+  end
+end

data/lib/inspec/runner.rb

@@ -49,6 +49,9 @@ module Inspec
         RunnerRspec.new(@conf)
       end
 
+      # parse any ad-hoc runners reporter formats
+      @conf = Inspec::BaseCLI.parse_reporters(@conf) if @conf[:type].nil?
+
       # list of profile attributes
       @attributes = []
 
@@ -101,6 +104,14 @@ module Inspec
       run_tests(with)
     end
 
+    def render_output(run_data)
+      return if @conf['reporter'].nil?
+
+      @conf['reporter'].each do |reporter|
+        Inspec::Reporters.render(reporter, run_data)
+      end
+    end
+
     def write_lockfile(profile)
       return false if !profile.writable?
 
@@ -114,7 +125,9 @@ module Inspec
     end
 
     def run_tests(with = nil)
-      @test_collector.run(with)
+      status, run_data = @test_collector.run(with)
+      render_output(run_data)
+      status
     end
 
     # determine all attributes before the execution, fetch data from secrets backend

data/lib/inspec/runner_rspec.rb

@@ -4,7 +4,7 @@
 
 require 'rspec/core'
 require 'rspec/its'
-require 'inspec/rspec_json_formatter'
+require 'inspec/formatters'
 
 # There be dragons!! Or borgs, or something...
 # This file and all its contents cannot be unit-tested. both test-suits
@@ -33,7 +33,7 @@ module Inspec
     # @return [nil]
     def add_profile(profile)
       RSpec.configuration.formatters
-           .find_all { |c| c.is_a? InspecRspecJson }
+           .find_all { |c| c.is_a?(Inspec::Formatters::Base) }
            .each do |fmt|
         fmt.add_profile(profile)
       end
@@ -45,7 +45,7 @@ module Inspec
     # @return [nil]
     def backend=(backend)
       RSpec.configuration.formatters
-           .find_all { |c| c.is_a? InspecRspecJson }
+           .find_all { |c| c.is_a?(Inspec::Formatters::Base) }
            .each do |fmt|
         fmt.backend = backend
       end
@@ -74,7 +74,8 @@ module Inspec
     # @return [int] 0 if all went well; otherwise nonzero
     def run(with = nil)
       with ||= RSpec::Core::Runner.new(nil)
-      with.run_specs(tests)
+      status = with.run_specs(tests)
+      [status, @formatter.run_data]
     end
 
     # Provide an output hash of the run's report
@@ -98,13 +99,32 @@ module Inspec
 
     private
 
-    FORMATTERS = {
-      'json-min' => 'InspecRspecMiniJson',
-      'json' => 'InspecRspecJson',
-      'json-rspec' => 'InspecRspecVanilla',
-      'cli' => 'InspecRspecCli',
-      'junit' => 'InspecRspecJUnit',
-    }.freeze
+    # Set optional formatters and output
+    #
+    #
+    def set_optional_formatters
+      return if @conf[:reporter].nil?
+      if @conf[:reporter].key?('json-rspec')
+        # We cannot pass in a nil output path. Rspec only accepts a valid string or a IO object.
+        if @conf[:reporter]['json-rspec']&.[]('file').nil?
+          RSpec.configuration.add_formatter(Inspec::Formatters::RspecJson)
+        else
+          RSpec.configuration.add_formatter(Inspec::Formatters::RspecJson, @conf[:reporter]['json-rspec']['file'])
+        end
+        @conf[:reporter].delete('json-rspec')
+      end
+
+      formats = @conf[:reporter].select { |k, _v| %w{documentation progress html}.include?(k) }
+      formats.each do |k, v|
+        # We cannot pass in a nil output path. Rspec only accepts a valid string or a IO object.
+        if v&.[]('file').nil?
+          RSpec.configuration.add_formatter(k.to_sym)
+        else
+          RSpec.configuration.add_formatter(k.to_sym, v['file'])
+        end
+        @conf[:reporter].delete(k)
+      end
+    end
 
     # Configure the output formatter and stream to be used with RSpec.
     #
@@ -116,10 +136,10 @@ module Inspec
         RSpec.configuration.output_stream = @conf['output']
       end
 
-      format = FORMATTERS[@conf['format']] || @conf['format'] || FORMATTERS['cli']
-      @formatter = RSpec.configuration.add_formatter(format)
+      @formatter = RSpec.configuration.add_formatter(Inspec::Formatters::Base)
+      RSpec.configuration.add_formatter(Inspec::Formatters::ShowProgress, $stderr) if @conf[:show_progress]
+      set_optional_formatters
       RSpec.configuration.color = @conf['color']
-
       setup_reporting if @conf['report']
     end
 

data/lib/inspec/schema.rb

@@ -147,6 +147,7 @@ module Inspec
       'properties' => {
         'id' => { 'type' => 'string' },
         'profile_id' => { 'type' => %w{string null} },
+        'profile_sha256' => { 'type' => 'string' },
         'status' => { 'type' => 'string' },
         'code_desc' => { 'type' => 'string' },
         'skip_message' => { 'type' => 'string', 'optional' => true },

data/lib/inspec/shell.rb

@@ -2,7 +2,6 @@
 # author: Dominik Richter
 # author: Christoph Hartmann
 
-require 'rspec/core/formatters/base_text_formatter'
 require 'pry'
 
 module Inspec

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '1.51.0'
+  VERSION = '1.51.6'
 end

data/lib/resources/apache.rb

@@ -6,9 +6,29 @@
 module Inspec::Resources
   class Apache < Inspec.resource(1)
     name 'apache'
+    desc 'Use the apache InSpec audit resource to retrieve Apache environment settings.'
+    example "
+      describe apache do
+        its ('service') { should cmp 'apache2' }
+      end
+
+      describe apache do
+        its ('conf_dir') { should cmp '/etc/apache2' }
+      end
+
+      describe apache do
+        its ('conf_path') { should cmp '/etc/apache2/apache2.conf' }
+      end
+
+      describe apache do
+        its ('user') { should cmp 'www-data' }
+      end
+    "
 
     attr_reader :service, :conf_dir, :conf_path, :user
     def initialize
+      warn '[DEPRECATED] The `apache` resource is deprecated and will be removed in InSpec 3.0.'
+
       if inspec.os.debian?
         @service = 'apache2'
         @conf_dir = '/etc/apache2/'

data/lib/resources/apache_conf.rb

@@ -9,6 +9,8 @@ require 'utils/find_files'
 module Inspec::Resources
   class ApacheConf < Inspec.resource(1)
     name 'apache_conf'
+    supports os_family: 'linux'
+    supports os_family: 'debian'
     desc 'Use the apache_conf InSpec audit resource to test the configuration settings for Apache. This file is typically located under /etc/apache2 on the Debian and Ubuntu platforms and under /etc/httpd on the Fedora, CentOS, Red Hat Enterprise Linux, and Arch Linux platforms. The configuration settings may vary significantly from platform to platform.'
     example "
       describe apache_conf do
@@ -18,9 +20,10 @@ module Inspec::Resources
 
     include FindFiles
 
+    attr_reader :conf_path
+
     def initialize(conf_path = nil)
-      @conf_path = conf_path || inspec.apache.conf_path
-      @conf_dir = conf_path ? File.dirname(@conf_path) : inspec.apache.conf_dir
+      @conf_path = conf_path || default_conf_path
       @files_contents = {}
       @content = nil
       @params = nil
@@ -63,17 +66,17 @@ module Inspec::Resources
       @params = {}
 
       # skip if the main configuration file doesn't exist
-      file = inspec.file(@conf_path)
+      file = inspec.file(conf_path)
       if !file.file?
-        return skip_resource "Can't find file \"#{@conf_path}\""
+        return skip_resource "Can't find file \"#{conf_path}\""
       end
 
       raw_conf = file.content
       if raw_conf.empty? && !file.empty?
-        return skip_resource("Can't read file \"#{@conf_path}\"")
+        return skip_resource("Can't read file \"#{conf_path}\"")
       end
 
-      to_read = [@conf_path]
+      to_read = [conf_path]
       until to_read.empty?
         raw_conf = read_file(to_read[0])
         @content += raw_conf
@@ -111,7 +114,7 @@ module Inspec::Resources
 
       includes = []
       (include_files + include_files_optional).each do |f|
-        id    = Pathname.new(f).absolute? ? f : File.join(@conf_dir, f)
+        id    = Pathname.new(f).absolute? ? f : File.join(conf_dir, f)
         files = find_files(id, depth: 1, type: 'file')
         files += find_files(id, depth: 1, type: 'link')
 
@@ -126,8 +129,30 @@ module Inspec::Resources
       @files_contents[path] ||= inspec.file(path).content
     end
 
+    def conf_dir
+      if inspec.os.debian?
+        File.dirname(conf_path)
+      else
+        # On RHEL-based systems, the configuration is usually in a /conf directory
+        # that contains the primary config file. We assume the "config path" is the
+        # directory that contains the /conf directory, such as /etc/httpd, so that
+        # the conf.d directory can be properly located.
+        Pathname.new(File.dirname(conf_path)).parent.to_s
+      end
+    end
+
     def to_s
-      "Apache Config #{@conf_path}"
+      "Apache Config #{conf_path}"
+    end
+
+    private
+
+    def default_conf_path
+      if inspec.os.debian?
+        '/etc/apache2/apache2.conf'
+      else
+        '/etc/httpd/conf/httpd.conf'
+      end
     end
   end
 end