inspec 1.51.6 → 1.51.15

Sign up to get free protection for your applications and to get access to all the features.
Files changed (404) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +101 -101
  3. data/CHANGELOG.md +2915 -2902
  4. data/Gemfile +53 -53
  5. data/LICENSE +14 -14
  6. data/MAINTAINERS.md +31 -31
  7. data/MAINTAINERS.toml +47 -47
  8. data/README.md +419 -419
  9. data/Rakefile +167 -167
  10. data/bin/inspec +12 -12
  11. data/docs/.gitignore +2 -2
  12. data/docs/README.md +40 -40
  13. data/docs/dsl_inspec.md +258 -258
  14. data/docs/dsl_resource.md +93 -93
  15. data/docs/glossary.md +99 -99
  16. data/docs/habitat.md +191 -191
  17. data/docs/inspec_and_friends.md +107 -107
  18. data/docs/matchers.md +165 -165
  19. data/docs/migration.md +293 -293
  20. data/docs/plugin_kitchen_inspec.md +49 -49
  21. data/docs/profiles.md +370 -370
  22. data/docs/resources/aide_conf.md.erb +78 -78
  23. data/docs/resources/apache.md.erb +66 -66
  24. data/docs/resources/apache_conf.md.erb +67 -67
  25. data/docs/resources/apt.md.erb +70 -70
  26. data/docs/resources/audit_policy.md.erb +46 -46
  27. data/docs/resources/auditd.md.erb +78 -78
  28. data/docs/resources/auditd_conf.md.erb +68 -68
  29. data/docs/resources/auditd_rules.md.erb +116 -116
  30. data/docs/resources/bash.md.erb +74 -74
  31. data/docs/resources/bond.md.erb +89 -89
  32. data/docs/resources/bridge.md.erb +54 -54
  33. data/docs/resources/bsd_service.md.erb +65 -65
  34. data/docs/resources/command.md.erb +137 -137
  35. data/docs/resources/cpan.md.erb +77 -77
  36. data/docs/resources/cran.md.erb +63 -63
  37. data/docs/resources/crontab.md.erb +87 -87
  38. data/docs/resources/csv.md.erb +53 -53
  39. data/docs/resources/dh_params.md.erb +216 -216
  40. data/docs/resources/directory.md.erb +28 -28
  41. data/docs/resources/docker.md.erb +163 -163
  42. data/docs/resources/docker_container.md.erb +99 -99
  43. data/docs/resources/docker_image.md.erb +93 -93
  44. data/docs/resources/docker_service.md.erb +113 -113
  45. data/docs/resources/elasticsearch.md.erb +230 -230
  46. data/docs/resources/etc_fstab.md.erb +124 -124
  47. data/docs/resources/etc_group.md.erb +74 -74
  48. data/docs/resources/etc_hosts.md.erb +75 -75
  49. data/docs/resources/etc_hosts_allow.md.erb +73 -73
  50. data/docs/resources/etc_hosts_deny.md.erb +73 -73
  51. data/docs/resources/file.md.erb +512 -512
  52. data/docs/resources/filesystem.md.erb +40 -40
  53. data/docs/resources/firewalld.md.erb +105 -105
  54. data/docs/resources/gem.md.erb +78 -78
  55. data/docs/resources/group.md.erb +60 -60
  56. data/docs/resources/grub_conf.md.erb +101 -100
  57. data/docs/resources/host.md.erb +77 -77
  58. data/docs/resources/http.md.erb +104 -98
  59. data/docs/resources/iis_app.md.erb +120 -116
  60. data/docs/resources/iis_site.md.erb +132 -128
  61. data/docs/resources/inetd_conf.md.erb +95 -84
  62. data/docs/resources/ini.md.erb +72 -69
  63. data/docs/resources/interface.md.erb +55 -46
  64. data/docs/resources/iptables.md.erb +63 -63
  65. data/docs/resources/json.md.erb +61 -61
  66. data/docs/resources/kernel_module.md.erb +106 -106
  67. data/docs/resources/kernel_parameter.md.erb +58 -58
  68. data/docs/resources/key_rsa.md.erb +73 -73
  69. data/docs/resources/launchd_service.md.erb +56 -56
  70. data/docs/resources/limits_conf.md.erb +66 -66
  71. data/docs/resources/login_def.md.erb +62 -62
  72. data/docs/resources/mount.md.erb +68 -68
  73. data/docs/resources/mssql_session.md.erb +59 -59
  74. data/docs/resources/mysql_conf.md.erb +98 -98
  75. data/docs/resources/mysql_session.md.erb +73 -73
  76. data/docs/resources/nginx.md.erb +78 -78
  77. data/docs/resources/nginx_conf.md.erb +127 -127
  78. data/docs/resources/npm.md.erb +59 -59
  79. data/docs/resources/ntp_conf.md.erb +59 -59
  80. data/docs/resources/oneget.md.erb +52 -52
  81. data/docs/resources/oracledb_session.md.erb +51 -51
  82. data/docs/resources/os.md.erb +140 -140
  83. data/docs/resources/os_env.md.erb +77 -77
  84. data/docs/resources/package.md.erb +119 -119
  85. data/docs/resources/packages.md.erb +66 -66
  86. data/docs/resources/parse_config.md.erb +102 -102
  87. data/docs/resources/parse_config_file.md.erb +137 -137
  88. data/docs/resources/passwd.md.erb +140 -140
  89. data/docs/resources/pip.md.erb +66 -66
  90. data/docs/resources/port.md.erb +136 -136
  91. data/docs/resources/postgres_conf.md.erb +78 -78
  92. data/docs/resources/postgres_hba_conf.md.erb +92 -92
  93. data/docs/resources/postgres_ident_conf.md.erb +75 -75
  94. data/docs/resources/postgres_session.md.erb +68 -68
  95. data/docs/resources/powershell.md.erb +101 -101
  96. data/docs/resources/processes.md.erb +107 -107
  97. data/docs/resources/rabbitmq_config.md.erb +40 -40
  98. data/docs/resources/registry_key.md.erb +157 -157
  99. data/docs/resources/runit_service.md.erb +56 -56
  100. data/docs/resources/security_policy.md.erb +46 -46
  101. data/docs/resources/service.md.erb +120 -120
  102. data/docs/resources/shadow.md.erb +143 -143
  103. data/docs/resources/ssh_config.md.erb +79 -79
  104. data/docs/resources/sshd_config.md.erb +82 -82
  105. data/docs/resources/ssl.md.erb +118 -118
  106. data/docs/resources/sys_info.md.erb +41 -41
  107. data/docs/resources/systemd_service.md.erb +56 -56
  108. data/docs/resources/sysv_service.md.erb +56 -56
  109. data/docs/resources/upstart_service.md.erb +56 -56
  110. data/docs/resources/user.md.erb +139 -139
  111. data/docs/resources/users.md.erb +126 -126
  112. data/docs/resources/vbscript.md.erb +54 -54
  113. data/docs/resources/virtualization.md.erb +56 -56
  114. data/docs/resources/windows_feature.md.erb +46 -46
  115. data/docs/resources/windows_hotfix.md.erb +52 -52
  116. data/docs/resources/windows_task.md.erb +89 -89
  117. data/docs/resources/wmi.md.erb +80 -80
  118. data/docs/resources/x509_certificate.md.erb +150 -150
  119. data/docs/resources/xinetd_conf.md.erb +155 -155
  120. data/docs/resources/xml.md.erb +84 -84
  121. data/docs/resources/yaml.md.erb +68 -68
  122. data/docs/resources/yum.md.erb +97 -97
  123. data/docs/resources/zfs_dataset.md.erb +52 -52
  124. data/docs/resources/zfs_pool.md.erb +46 -46
  125. data/docs/ruby_usage.md +203 -203
  126. data/docs/shared/matcher_be.md.erb +1 -1
  127. data/docs/shared/matcher_cmp.md.erb +43 -43
  128. data/docs/shared/matcher_eq.md.erb +3 -3
  129. data/docs/shared/matcher_include.md.erb +1 -1
  130. data/docs/shared/matcher_match.md.erb +1 -1
  131. data/docs/shell.md +172 -172
  132. data/examples/README.md +8 -8
  133. data/examples/inheritance/README.md +65 -65
  134. data/examples/inheritance/controls/example.rb +14 -14
  135. data/examples/inheritance/inspec.yml +15 -15
  136. data/examples/kitchen-ansible/.kitchen.yml +25 -25
  137. data/examples/kitchen-ansible/Gemfile +19 -19
  138. data/examples/kitchen-ansible/README.md +53 -53
  139. data/examples/kitchen-ansible/files/nginx.repo +6 -6
  140. data/examples/kitchen-ansible/tasks/main.yml +16 -16
  141. data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
  142. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
  143. data/examples/kitchen-chef/.kitchen.yml +20 -20
  144. data/examples/kitchen-chef/Berksfile +3 -3
  145. data/examples/kitchen-chef/Gemfile +19 -19
  146. data/examples/kitchen-chef/README.md +27 -27
  147. data/examples/kitchen-chef/metadata.rb +7 -7
  148. data/examples/kitchen-chef/recipes/default.rb +6 -6
  149. data/examples/kitchen-chef/recipes/nginx.rb +30 -30
  150. data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
  151. data/examples/kitchen-puppet/.kitchen.yml +22 -22
  152. data/examples/kitchen-puppet/Gemfile +20 -20
  153. data/examples/kitchen-puppet/Puppetfile +25 -25
  154. data/examples/kitchen-puppet/README.md +53 -53
  155. data/examples/kitchen-puppet/manifests/site.pp +33 -33
  156. data/examples/kitchen-puppet/metadata.json +11 -11
  157. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
  158. data/examples/meta-profile/README.md +37 -37
  159. data/examples/meta-profile/controls/example.rb +13 -13
  160. data/examples/meta-profile/inspec.yml +13 -13
  161. data/examples/profile-attribute.yml +2 -2
  162. data/examples/profile-attribute/README.md +14 -14
  163. data/examples/profile-attribute/controls/example.rb +11 -11
  164. data/examples/profile-attribute/inspec.yml +8 -8
  165. data/examples/profile-sensitive/README.md +29 -29
  166. data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
  167. data/examples/profile-sensitive/controls/sensitive.rb +9 -9
  168. data/examples/profile-sensitive/inspec.yml +8 -8
  169. data/examples/profile/README.md +48 -48
  170. data/examples/profile/controls/example.rb +23 -23
  171. data/examples/profile/controls/gordon.rb +36 -36
  172. data/examples/profile/controls/meta.rb +34 -34
  173. data/examples/profile/inspec.yml +10 -10
  174. data/examples/profile/libraries/gordon_config.rb +53 -53
  175. data/inspec.gemspec +47 -47
  176. data/lib/bundles/README.md +3 -3
  177. data/lib/bundles/inspec-artifact.rb +7 -7
  178. data/lib/bundles/inspec-artifact/README.md +1 -1
  179. data/lib/bundles/inspec-artifact/cli.rb +277 -277
  180. data/lib/bundles/inspec-compliance.rb +16 -16
  181. data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
  182. data/lib/bundles/inspec-compliance/README.md +185 -185
  183. data/lib/bundles/inspec-compliance/api.rb +316 -316
  184. data/lib/bundles/inspec-compliance/api/login.rb +152 -152
  185. data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
  186. data/lib/bundles/inspec-compliance/cli.rb +277 -277
  187. data/lib/bundles/inspec-compliance/configuration.rb +103 -103
  188. data/lib/bundles/inspec-compliance/http.rb +86 -86
  189. data/lib/bundles/inspec-compliance/support.rb +36 -36
  190. data/lib/bundles/inspec-compliance/target.rb +98 -98
  191. data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
  192. data/lib/bundles/inspec-habitat.rb +12 -12
  193. data/lib/bundles/inspec-habitat/cli.rb +36 -36
  194. data/lib/bundles/inspec-habitat/log.rb +10 -10
  195. data/lib/bundles/inspec-habitat/profile.rb +390 -390
  196. data/lib/bundles/inspec-init.rb +8 -8
  197. data/lib/bundles/inspec-init/README.md +31 -31
  198. data/lib/bundles/inspec-init/cli.rb +97 -97
  199. data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
  200. data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
  201. data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
  202. data/lib/bundles/inspec-supermarket.rb +13 -13
  203. data/lib/bundles/inspec-supermarket/README.md +45 -45
  204. data/lib/bundles/inspec-supermarket/api.rb +84 -84
  205. data/lib/bundles/inspec-supermarket/cli.rb +65 -65
  206. data/lib/bundles/inspec-supermarket/target.rb +34 -34
  207. data/lib/fetchers/git.rb +163 -163
  208. data/lib/fetchers/local.rb +74 -74
  209. data/lib/fetchers/mock.rb +35 -35
  210. data/lib/fetchers/url.rb +204 -204
  211. data/lib/inspec.rb +24 -24
  212. data/lib/inspec/archive/tar.rb +29 -29
  213. data/lib/inspec/archive/zip.rb +19 -19
  214. data/lib/inspec/backend.rb +92 -92
  215. data/lib/inspec/base_cli.rb +324 -322
  216. data/lib/inspec/cached_fetcher.rb +66 -66
  217. data/lib/inspec/cli.rb +298 -298
  218. data/lib/inspec/completions/bash.sh.erb +45 -45
  219. data/lib/inspec/completions/fish.sh.erb +34 -34
  220. data/lib/inspec/completions/zsh.sh.erb +61 -61
  221. data/lib/inspec/control_eval_context.rb +179 -179
  222. data/lib/inspec/dependencies/cache.rb +72 -72
  223. data/lib/inspec/dependencies/dependency_set.rb +92 -92
  224. data/lib/inspec/dependencies/lockfile.rb +115 -115
  225. data/lib/inspec/dependencies/requirement.rb +123 -123
  226. data/lib/inspec/dependencies/resolver.rb +86 -86
  227. data/lib/inspec/describe.rb +27 -27
  228. data/lib/inspec/dsl.rb +66 -66
  229. data/lib/inspec/dsl_shared.rb +33 -33
  230. data/lib/inspec/env_printer.rb +157 -157
  231. data/lib/inspec/errors.rb +13 -13
  232. data/lib/inspec/exceptions.rb +12 -12
  233. data/lib/inspec/expect.rb +45 -45
  234. data/lib/inspec/fetcher.rb +45 -45
  235. data/lib/inspec/file_provider.rb +275 -275
  236. data/lib/inspec/formatters.rb +3 -3
  237. data/lib/inspec/formatters/base.rb +208 -208
  238. data/lib/inspec/formatters/json_rspec.rb +20 -20
  239. data/lib/inspec/formatters/show_progress.rb +12 -12
  240. data/lib/inspec/library_eval_context.rb +58 -58
  241. data/lib/inspec/log.rb +11 -11
  242. data/lib/inspec/metadata.rb +253 -253
  243. data/lib/inspec/method_source.rb +24 -24
  244. data/lib/inspec/objects.rb +14 -14
  245. data/lib/inspec/objects/attribute.rb +65 -65
  246. data/lib/inspec/objects/control.rb +61 -61
  247. data/lib/inspec/objects/describe.rb +92 -92
  248. data/lib/inspec/objects/each_loop.rb +36 -36
  249. data/lib/inspec/objects/list.rb +15 -15
  250. data/lib/inspec/objects/or_test.rb +40 -40
  251. data/lib/inspec/objects/ruby_helper.rb +15 -15
  252. data/lib/inspec/objects/tag.rb +27 -27
  253. data/lib/inspec/objects/test.rb +87 -87
  254. data/lib/inspec/objects/value.rb +27 -27
  255. data/lib/inspec/plugins.rb +60 -60
  256. data/lib/inspec/plugins/cli.rb +24 -24
  257. data/lib/inspec/plugins/fetcher.rb +86 -86
  258. data/lib/inspec/plugins/resource.rb +132 -132
  259. data/lib/inspec/plugins/secret.rb +15 -15
  260. data/lib/inspec/plugins/source_reader.rb +40 -40
  261. data/lib/inspec/polyfill.rb +12 -12
  262. data/lib/inspec/profile.rb +510 -510
  263. data/lib/inspec/profile_context.rb +207 -207
  264. data/lib/inspec/profile_vendor.rb +66 -66
  265. data/lib/inspec/reporters.rb +50 -33
  266. data/lib/inspec/reporters/base.rb +24 -23
  267. data/lib/inspec/reporters/cli.rb +395 -395
  268. data/lib/inspec/reporters/json.rb +134 -132
  269. data/lib/inspec/reporters/json_min.rb +48 -44
  270. data/lib/inspec/reporters/junit.rb +77 -77
  271. data/lib/inspec/require_loader.rb +33 -33
  272. data/lib/inspec/resource.rb +176 -176
  273. data/lib/inspec/rule.rb +266 -266
  274. data/lib/inspec/runner.rb +340 -337
  275. data/lib/inspec/runner_mock.rb +41 -41
  276. data/lib/inspec/runner_rspec.rb +163 -185
  277. data/lib/inspec/runtime_profile.rb +26 -26
  278. data/lib/inspec/schema.rb +186 -186
  279. data/lib/inspec/secrets.rb +19 -19
  280. data/lib/inspec/secrets/yaml.rb +30 -30
  281. data/lib/inspec/shell.rb +223 -223
  282. data/lib/inspec/shell_detector.rb +90 -90
  283. data/lib/inspec/source_reader.rb +29 -29
  284. data/lib/inspec/version.rb +8 -8
  285. data/lib/matchers/matchers.rb +397 -397
  286. data/lib/resources/aide_conf.rb +160 -160
  287. data/lib/resources/apache.rb +49 -49
  288. data/lib/resources/apache_conf.rb +158 -158
  289. data/lib/resources/apt.rb +150 -150
  290. data/lib/resources/audit_policy.rb +64 -64
  291. data/lib/resources/auditd.rb +233 -233
  292. data/lib/resources/auditd_conf.rb +56 -56
  293. data/lib/resources/auditd_rules.rb +205 -205
  294. data/lib/resources/bash.rb +36 -36
  295. data/lib/resources/bond.rb +69 -69
  296. data/lib/resources/bridge.rb +123 -123
  297. data/lib/resources/command.rb +69 -69
  298. data/lib/resources/cpan.rb +60 -60
  299. data/lib/resources/cran.rb +66 -66
  300. data/lib/resources/crontab.rb +169 -169
  301. data/lib/resources/csv.rb +58 -58
  302. data/lib/resources/dh_params.rb +83 -83
  303. data/lib/resources/directory.rb +25 -25
  304. data/lib/resources/docker.rb +239 -239
  305. data/lib/resources/docker_container.rb +92 -92
  306. data/lib/resources/docker_image.rb +86 -86
  307. data/lib/resources/docker_object.rb +57 -57
  308. data/lib/resources/docker_service.rb +94 -94
  309. data/lib/resources/elasticsearch.rb +168 -168
  310. data/lib/resources/etc_fstab.rb +102 -102
  311. data/lib/resources/etc_group.rb +157 -157
  312. data/lib/resources/etc_hosts.rb +81 -81
  313. data/lib/resources/etc_hosts_allow_deny.rb +122 -122
  314. data/lib/resources/file.rb +298 -298
  315. data/lib/resources/filesystem.rb +31 -31
  316. data/lib/resources/firewalld.rb +144 -144
  317. data/lib/resources/gem.rb +71 -71
  318. data/lib/resources/groups.rb +213 -213
  319. data/lib/resources/grub_conf.rb +237 -237
  320. data/lib/resources/host.rb +300 -300
  321. data/lib/resources/http.rb +252 -252
  322. data/lib/resources/iis_app.rb +103 -103
  323. data/lib/resources/iis_site.rb +147 -147
  324. data/lib/resources/inetd_conf.rb +63 -63
  325. data/lib/resources/ini.rb +29 -29
  326. data/lib/resources/interface.rb +130 -130
  327. data/lib/resources/iptables.rb +70 -70
  328. data/lib/resources/json.rb +115 -115
  329. data/lib/resources/kernel_module.rb +110 -110
  330. data/lib/resources/kernel_parameter.rb +58 -58
  331. data/lib/resources/key_rsa.rb +67 -67
  332. data/lib/resources/limits_conf.rb +56 -56
  333. data/lib/resources/login_def.rb +67 -67
  334. data/lib/resources/mount.rb +90 -90
  335. data/lib/resources/mssql_session.rb +103 -103
  336. data/lib/resources/mysql.rb +82 -82
  337. data/lib/resources/mysql_conf.rb +133 -133
  338. data/lib/resources/mysql_session.rb +72 -72
  339. data/lib/resources/nginx.rb +97 -97
  340. data/lib/resources/nginx_conf.rb +228 -228
  341. data/lib/resources/npm.rb +48 -48
  342. data/lib/resources/ntp_conf.rb +59 -59
  343. data/lib/resources/oneget.rb +72 -72
  344. data/lib/resources/oracledb_session.rb +140 -140
  345. data/lib/resources/os.rb +46 -46
  346. data/lib/resources/os_env.rb +76 -76
  347. data/lib/resources/package.rb +357 -357
  348. data/lib/resources/packages.rb +112 -112
  349. data/lib/resources/parse_config.rb +116 -116
  350. data/lib/resources/passwd.rb +96 -96
  351. data/lib/resources/pip.rb +89 -89
  352. data/lib/resources/platform.rb +112 -112
  353. data/lib/resources/port.rb +771 -771
  354. data/lib/resources/postgres.rb +132 -132
  355. data/lib/resources/postgres_conf.rb +122 -122
  356. data/lib/resources/postgres_hba_conf.rb +101 -101
  357. data/lib/resources/postgres_ident_conf.rb +79 -79
  358. data/lib/resources/postgres_session.rb +72 -72
  359. data/lib/resources/powershell.rb +58 -58
  360. data/lib/resources/processes.rb +204 -204
  361. data/lib/resources/rabbitmq_conf.rb +53 -53
  362. data/lib/resources/registry_key.rb +296 -296
  363. data/lib/resources/security_policy.rb +181 -181
  364. data/lib/resources/service.rb +784 -784
  365. data/lib/resources/shadow.rb +141 -141
  366. data/lib/resources/ssh_conf.rb +102 -102
  367. data/lib/resources/ssl.rb +99 -99
  368. data/lib/resources/sys_info.rb +26 -26
  369. data/lib/resources/toml.rb +32 -32
  370. data/lib/resources/users.rb +652 -652
  371. data/lib/resources/vbscript.rb +70 -70
  372. data/lib/resources/virtualization.rb +251 -251
  373. data/lib/resources/windows_feature.rb +85 -85
  374. data/lib/resources/windows_hotfix.rb +35 -35
  375. data/lib/resources/windows_task.rb +106 -106
  376. data/lib/resources/wmi.rb +114 -114
  377. data/lib/resources/x509_certificate.rb +143 -143
  378. data/lib/resources/xinetd.rb +112 -112
  379. data/lib/resources/xml.rb +45 -45
  380. data/lib/resources/yaml.rb +45 -45
  381. data/lib/resources/yum.rb +181 -181
  382. data/lib/resources/zfs_dataset.rb +60 -60
  383. data/lib/resources/zfs_pool.rb +49 -49
  384. data/lib/source_readers/flat.rb +39 -39
  385. data/lib/source_readers/inspec.rb +75 -75
  386. data/lib/utils/command_wrapper.rb +27 -27
  387. data/lib/utils/convert.rb +12 -12
  388. data/lib/utils/database_helpers.rb +77 -77
  389. data/lib/utils/erlang_parser.rb +192 -192
  390. data/lib/utils/filter.rb +272 -272
  391. data/lib/utils/filter_array.rb +27 -27
  392. data/lib/utils/find_files.rb +44 -44
  393. data/lib/utils/hash.rb +41 -41
  394. data/lib/utils/json_log.rb +18 -18
  395. data/lib/utils/latest_version.rb +22 -22
  396. data/lib/utils/modulator.rb +12 -12
  397. data/lib/utils/nginx_parser.rb +85 -85
  398. data/lib/utils/object_traversal.rb +49 -49
  399. data/lib/utils/parser.rb +274 -274
  400. data/lib/utils/plugin_registry.rb +93 -93
  401. data/lib/utils/simpleconfig.rb +132 -132
  402. data/lib/utils/spdx.rb +13 -13
  403. data/lib/utils/spdx.txt +343 -343
  404. metadata +2 -2
@@ -1,24 +1,24 @@
1
- # encoding: utf-8
2
- # copyright: 2015, Dominik Richter
3
- # author: Dominik Richter
4
- # author: Christoph Hartmann
5
-
6
- libdir = File.dirname(__FILE__)
7
- $LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
8
-
9
- require 'inspec/version'
10
- require 'inspec/exceptions'
11
- require 'inspec/profile'
12
- require 'inspec/rule'
13
- require 'matchers/matchers'
14
- require 'inspec/runner'
15
- require 'inspec/shell'
16
- require 'inspec/formatters'
17
- require 'inspec/reporters'
18
-
19
- # all utils that may be required by plugins
20
- require 'inspec/base_cli'
21
- require 'inspec/fetcher'
22
- require 'inspec/source_reader'
23
- require 'inspec/resource'
24
- require 'inspec/plugins'
1
+ # encoding: utf-8
2
+ # copyright: 2015, Dominik Richter
3
+ # author: Dominik Richter
4
+ # author: Christoph Hartmann
5
+
6
+ libdir = File.dirname(__FILE__)
7
+ $LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
8
+
9
+ require 'inspec/version'
10
+ require 'inspec/exceptions'
11
+ require 'inspec/profile'
12
+ require 'inspec/rule'
13
+ require 'matchers/matchers'
14
+ require 'inspec/runner'
15
+ require 'inspec/shell'
16
+ require 'inspec/formatters'
17
+ require 'inspec/reporters'
18
+
19
+ # all utils that may be required by plugins
20
+ require 'inspec/base_cli'
21
+ require 'inspec/fetcher'
22
+ require 'inspec/source_reader'
23
+ require 'inspec/resource'
24
+ require 'inspec/plugins'
@@ -1,29 +1,29 @@
1
- # encoding: utf-8
2
- # author: Christoph Hartmann
3
- # author: Dominik Richter
4
-
5
- require 'rubygems/package'
6
-
7
- module Inspec::Archive
8
- class TarArchiveGenerator
9
- def archive(base_dir, files, archive)
10
- File.open(archive, 'wb') do |file|
11
- Zlib::GzipWriter.wrap(file) do |gz|
12
- Gem::Package::TarWriter.new(gz) do |tar|
13
- files.each do |input_filename|
14
- path = Pathname.new(base_dir).join(input_filename)
15
- stat = File.stat(path)
16
- if path.directory?
17
- tar.mkdir(input_filename, stat.mode)
18
- else
19
- tar.add_file_simple(input_filename, stat.mode, stat.size) do |io|
20
- io.write(File.binread(path))
21
- end
22
- end
23
- end
24
- end
25
- end
26
- end
27
- end
28
- end
29
- end
1
+ # encoding: utf-8
2
+ # author: Christoph Hartmann
3
+ # author: Dominik Richter
4
+
5
+ require 'rubygems/package'
6
+
7
+ module Inspec::Archive
8
+ class TarArchiveGenerator
9
+ def archive(base_dir, files, archive)
10
+ File.open(archive, 'wb') do |file|
11
+ Zlib::GzipWriter.wrap(file) do |gz|
12
+ Gem::Package::TarWriter.new(gz) do |tar|
13
+ files.each do |input_filename|
14
+ path = Pathname.new(base_dir).join(input_filename)
15
+ stat = File.stat(path)
16
+ if path.directory?
17
+ tar.mkdir(input_filename, stat.mode)
18
+ else
19
+ tar.add_file_simple(input_filename, stat.mode, stat.size) do |io|
20
+ io.write(File.binread(path))
21
+ end
22
+ end
23
+ end
24
+ end
25
+ end
26
+ end
27
+ end
28
+ end
29
+ end
@@ -1,19 +1,19 @@
1
- # encoding: utf-8
2
- # author: Christoph Hartmann
3
- # author: Dominik Richter
4
-
5
- require 'rubygems'
6
- require 'zip'
7
- require 'pathname'
8
-
9
- module Inspec::Archive
10
- class ZipArchiveGenerator
11
- def archive(base_dir, files, archive)
12
- Zip::File.open(archive, Zip::File::CREATE) do |zipfile|
13
- files.each do |input_filename|
14
- zipfile.add(input_filename, Pathname.new(base_dir).join(input_filename))
15
- end
16
- end
17
- end
18
- end
19
- end
1
+ # encoding: utf-8
2
+ # author: Christoph Hartmann
3
+ # author: Dominik Richter
4
+
5
+ require 'rubygems'
6
+ require 'zip'
7
+ require 'pathname'
8
+
9
+ module Inspec::Archive
10
+ class ZipArchiveGenerator
11
+ def archive(base_dir, files, archive)
12
+ Zip::File.open(archive, Zip::File::CREATE) do |zipfile|
13
+ files.each do |input_filename|
14
+ zipfile.add(input_filename, Pathname.new(base_dir).join(input_filename))
15
+ end
16
+ end
17
+ end
18
+ end
19
+ end
@@ -1,92 +1,92 @@
1
- # encoding: utf-8
2
- # copyright: 2015, Dominik Richter
3
- # author: Dominik Richter
4
- # author: Christoph Hartmann
5
-
6
- require 'train'
7
-
8
- module Inspec
9
- module Backend
10
- module Base
11
- attr_accessor :profile
12
-
13
- # Provide a shorthand to retrieve the inspec version from within a profile
14
- #
15
- # @return [String] inspec version
16
- def version
17
- Inspec::VERSION
18
- end
19
-
20
- # Determine whether the connection/transport is a local connection
21
- # Useful for resources to modify behavior as necessary, such as using
22
- # the Ruby stdlib for a better experience.
23
- def local_transport?
24
- return false unless defined?(Train::Transports::Local)
25
- backend.is_a?(Train::Transports::Local::Connection)
26
- end
27
-
28
- # Ruby internal for printing a nice name for this class
29
- def to_s
30
- 'Inspec::Backend::Class'
31
- end
32
-
33
- # Ruby internal for pretty-printing a summary for this class
34
- def inspect
35
- "Inspec::Backend::Class @transport=#{backend.class}"
36
- end
37
- end
38
-
39
- # Create the transport backend with aggregated resources.
40
- #
41
- # @param [Hash] config for the transport backend
42
- # @return [TransportBackend] enriched transport instance
43
- def self.create(config) # rubocop:disable Metrics/AbcSize
44
- conf = Train.target_config(config)
45
- name = Train.validate_backend(conf)
46
- transport = Train.create(name, conf)
47
- if transport.nil?
48
- raise "Can't find transport backend '#{name}'."
49
- end
50
-
51
- connection = transport.connection
52
- if connection.nil?
53
- raise "Can't connect to transport backend '#{name}'."
54
- end
55
-
56
- # Set caching settings. We always want to enable caching for
57
- # the Mock transport for testing.
58
- if config[:backend_cache] || config[:backend] == :mock
59
- Inspec::Log.debug 'Option backend_cache is enabled'
60
- connection.enable_cache(:file)
61
- connection.enable_cache(:command)
62
- elsif config[:debug_shell]
63
- Inspec::Log.debug 'Option backend_cache is disabled'
64
- connection.disable_cache(:file)
65
- connection.disable_cache(:command)
66
- else
67
- Inspec::Log.debug 'Option backend_cache is disabled'
68
- connection.disable_cache(:command)
69
- end
70
-
71
- cls = Class.new do
72
- include Base
73
-
74
- define_method :backend do
75
- connection
76
- end
77
-
78
- Inspec::Resource.registry.each do |id, r|
79
- define_method id.to_sym do |*args|
80
- r.new(self, id.to_s, *args)
81
- end
82
- end
83
- end
84
-
85
- cls.new
86
- rescue Train::ClientError => e
87
- raise "Client error, can't connect to '#{name}' backend: #{e.message}"
88
- rescue Train::TransportError => e
89
- raise "Transport error, can't connect to '#{name}' backend: #{e.message}"
90
- end
91
- end
92
- end
1
+ # encoding: utf-8
2
+ # copyright: 2015, Dominik Richter
3
+ # author: Dominik Richter
4
+ # author: Christoph Hartmann
5
+
6
+ require 'train'
7
+
8
+ module Inspec
9
+ module Backend
10
+ module Base
11
+ attr_accessor :profile
12
+
13
+ # Provide a shorthand to retrieve the inspec version from within a profile
14
+ #
15
+ # @return [String] inspec version
16
+ def version
17
+ Inspec::VERSION
18
+ end
19
+
20
+ # Determine whether the connection/transport is a local connection
21
+ # Useful for resources to modify behavior as necessary, such as using
22
+ # the Ruby stdlib for a better experience.
23
+ def local_transport?
24
+ return false unless defined?(Train::Transports::Local)
25
+ backend.is_a?(Train::Transports::Local::Connection)
26
+ end
27
+
28
+ # Ruby internal for printing a nice name for this class
29
+ def to_s
30
+ 'Inspec::Backend::Class'
31
+ end
32
+
33
+ # Ruby internal for pretty-printing a summary for this class
34
+ def inspect
35
+ "Inspec::Backend::Class @transport=#{backend.class}"
36
+ end
37
+ end
38
+
39
+ # Create the transport backend with aggregated resources.
40
+ #
41
+ # @param [Hash] config for the transport backend
42
+ # @return [TransportBackend] enriched transport instance
43
+ def self.create(config) # rubocop:disable Metrics/AbcSize
44
+ conf = Train.target_config(config)
45
+ name = Train.validate_backend(conf)
46
+ transport = Train.create(name, conf)
47
+ if transport.nil?
48
+ raise "Can't find transport backend '#{name}'."
49
+ end
50
+
51
+ connection = transport.connection
52
+ if connection.nil?
53
+ raise "Can't connect to transport backend '#{name}'."
54
+ end
55
+
56
+ # Set caching settings. We always want to enable caching for
57
+ # the Mock transport for testing.
58
+ if config[:backend_cache] || config[:backend] == :mock
59
+ Inspec::Log.debug 'Option backend_cache is enabled'
60
+ connection.enable_cache(:file)
61
+ connection.enable_cache(:command)
62
+ elsif config[:debug_shell]
63
+ Inspec::Log.debug 'Option backend_cache is disabled'
64
+ connection.disable_cache(:file)
65
+ connection.disable_cache(:command)
66
+ else
67
+ Inspec::Log.debug 'Option backend_cache is disabled'
68
+ connection.disable_cache(:command)
69
+ end
70
+
71
+ cls = Class.new do
72
+ include Base
73
+
74
+ define_method :backend do
75
+ connection
76
+ end
77
+
78
+ Inspec::Resource.registry.each do |id, r|
79
+ define_method id.to_sym do |*args|
80
+ r.new(self, id.to_s, *args)
81
+ end
82
+ end
83
+ end
84
+
85
+ cls.new
86
+ rescue Train::ClientError => e
87
+ raise "Client error, can't connect to '#{name}' backend: #{e.message}"
88
+ rescue Train::TransportError => e
89
+ raise "Transport error, can't connect to '#{name}' backend: #{e.message}"
90
+ end
91
+ end
92
+ end
@@ -1,322 +1,324 @@
1
- # encoding: utf-8
2
- # author: Christoph Hartmann
3
- # author: Dominik Richter
4
-
5
- require 'thor'
6
- require 'inspec/log'
7
- require 'inspec/profile_vendor'
8
-
9
- module Inspec
10
- class BaseCLI < Thor
11
- def self.target_options
12
- option :target, aliases: :t, type: :string,
13
- desc: 'Simple targeting option using URIs, e.g. ssh://user:pass@host:port'
14
- option :backend, aliases: :b, type: :string,
15
- desc: 'Choose a backend: local, ssh, winrm, docker.'
16
- option :host, type: :string,
17
- desc: 'Specify a remote host which is tested.'
18
- option :port, aliases: :p, type: :numeric,
19
- desc: 'Specify the login port for a remote scan.'
20
- option :user, type: :string,
21
- desc: 'The login user for a remote scan.'
22
- option :password, type: :string, lazy_default: -1,
23
- desc: 'Login password for a remote scan, if required.'
24
- option :key_files, aliases: :i, type: :array,
25
- desc: 'Login key or certificate file for a remote scan.'
26
- option :path, type: :string,
27
- desc: 'Login path to use when connecting to the target (WinRM).'
28
- option :sudo, type: :boolean,
29
- desc: 'Run scans with sudo. Only activates on Unix and non-root user.'
30
- option :sudo_password, type: :string, lazy_default: -1,
31
- desc: 'Specify a sudo password, if it is required.'
32
- option :sudo_options, type: :string,
33
- desc: 'Additional sudo options for a remote scan.'
34
- option :sudo_command, type: :string,
35
- desc: 'Alternate command for sudo.'
36
- option :shell, type: :boolean,
37
- desc: 'Run scans in a subshell. Only activates on Unix.'
38
- option :shell_options, type: :string,
39
- desc: 'Additional shell options.'
40
- option :shell_command, type: :string,
41
- desc: 'Specify a particular shell to use.'
42
- option :ssl, type: :boolean,
43
- desc: 'Use SSL for transport layer encryption (WinRM).'
44
- option :self_signed, type: :boolean,
45
- desc: 'Allow remote scans with self-signed certificates (WinRM).'
46
- option :json_config, type: :string,
47
- desc: 'Read configuration from JSON file (`-` reads from stdin).'
48
- end
49
-
50
- def self.profile_options
51
- option :profiles_path, type: :string,
52
- desc: 'Folder which contains referenced profiles.'
53
- end
54
-
55
- def self.exec_options
56
- target_options
57
- profile_options
58
- option :controls, type: :array,
59
- desc: 'A list of controls to run. Ignore all other tests.'
60
- option :format, type: :string,
61
- desc: '[DEPRECATED] Please use --reporter - this will be removed in InSpec 3.0'
62
- option :reporter, type: :array,
63
- banner: 'one two:/output/file/path',
64
- desc: 'Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit'
65
- option :color, type: :boolean,
66
- desc: 'Use colors in output.'
67
- option :attrs, type: :array,
68
- desc: 'Load attributes file (experimental)'
69
- option :cache, type: :string,
70
- desc: '[DEPRECATED] Please use --vendor-cache - this will be removed in InSpec 2.0'
71
- option :vendor_cache, type: :string,
72
- desc: 'Use the given path for caching dependencies. (default: ~/.inspec/cache)'
73
- option :create_lockfile, type: :boolean,
74
- desc: 'Write out a lockfile based on this execution (unless one already exists)'
75
- option :backend_cache, type: :boolean,
76
- desc: 'Allow caching for backend command output.'
77
- option :show_progress, type: :boolean,
78
- desc: 'Show progress while executing tests.'
79
- end
80
-
81
- def self.default_options
82
- {
83
- exec: {
84
- 'reporter' => ['cli'],
85
- 'show_progress' => false,
86
- 'color' => true,
87
- 'create_lockfile' => true,
88
- 'backend_cache' => false,
89
- },
90
- shell: {
91
- 'reporter' => ['cli'],
92
- },
93
- }
94
- end
95
-
96
- def self.parse_reporters(opts)
97
- # merge in any legacy formats as reporter
98
- # this method will only be used for ad-hoc runners
99
- if !opts['format'].nil? && opts['reporter'].nil?
100
- warn '[DEPRECATED] The option --format is being is being deprecated and will be removed in inspec 3.0. Please use --reporter'
101
- opts['reporter'] = Array(opts['format'])
102
- opts.delete('format')
103
- end
104
-
105
- # parse out cli to proper report format
106
- if opts['reporter'].is_a?(Array)
107
- reports = {}
108
- opts['reporter'].each do |report|
109
- reporter_name, target = report.split(':')
110
- if target.nil? || target.strip == '-'
111
- reports[reporter_name] = { 'stdout' => true }
112
- else
113
- reports[reporter_name] = {
114
- 'file' => target,
115
- 'stdout' => false,
116
- }
117
- end
118
- end
119
- opts['reporter'] = reports
120
- end
121
-
122
- # add in stdout if not specified
123
- if opts['reporter'].is_a?(Hash)
124
- opts['reporter'].each do |reporter_name, config|
125
- opts['reporter'][reporter_name] = {} if config.nil?
126
- opts['reporter'][reporter_name]['stdout'] = true if opts['reporter'][reporter_name].empty?
127
- end
128
- end
129
-
130
- validate_reporters(opts['reporter'])
131
- opts
132
- end
133
-
134
- def self.validate_reporters(reporters)
135
- return if reporters.nil?
136
-
137
- valid_types = [
138
- 'json',
139
- 'json-min',
140
- 'json-rspec',
141
- 'cli',
142
- 'junit',
143
- 'html',
144
- 'documentation',
145
- 'progress',
146
- ]
147
-
148
- reporters.each do |k, _v|
149
- raise NotImplementedError, "'#{k}' is not a valid reporter type." unless valid_types.include?(k)
150
- end
151
-
152
- # check to make sure we are only reporting one type to stdout
153
- stdout = 0
154
- reporters.each_value do |v|
155
- stdout += 1 if v['stdout'] == true
156
- end
157
-
158
- raise ArgumentError, 'The option --reporter can only have a single report outputting to stdout.' if stdout > 1
159
- end
160
-
161
- private
162
-
163
- def suppress_log_output?(opts)
164
- return false if opts['reporter'].nil?
165
- match = %w{json json-min json-rspec junit html} & opts['reporter'].keys
166
- unless match.empty?
167
- match.each do |m|
168
- # check to see if we are outputting to stdout
169
- return true if opts['reporter'][m]['stdout'] == true
170
- end
171
- end
172
- false
173
- end
174
-
175
- def diagnose(opts)
176
- return unless opts['diagnose']
177
- puts "InSpec version: #{Inspec::VERSION}"
178
- puts "Train version: #{Train::VERSION}"
179
- puts 'Command line configuration:'
180
- pp options
181
- puts 'JSON configuration file:'
182
- pp options_json
183
- puts 'Merged configuration:'
184
- pp opts
185
- puts
186
- end
187
-
188
- def opts(type = nil)
189
- o = merged_opts(type)
190
-
191
- # Due to limitations in Thor it is not possible to set an argument to be
192
- # both optional and its value to be mandatory. E.g. the user supplying
193
- # the --password argument is optional and not always required, but
194
- # whenever it is used, it requires a value. Handle options that were
195
- # defined above and require a value here:
196
- %w{password sudo-password}.each do |v|
197
- id = v.tr('-', '_').to_sym
198
- next unless o[id] == -1
199
- raise ArgumentError, "Please provide a value for --#{v}. For example: --#{v}=hello."
200
- end
201
-
202
- o
203
- end
204
-
205
- def merged_opts(type = nil)
206
- opts = {}
207
- opts[:type] = type unless type.nil?
208
-
209
- # start with default options if we have any
210
- opts = BaseCLI.default_options[type] unless type.nil? || BaseCLI.default_options[type].nil?
211
-
212
- # merge in any options from json-config
213
- opts.merge!(options_json)
214
-
215
- # remove the default reporter if we are setting a legacy format on the cli
216
- opts.delete('reporter') if options['format']
217
-
218
- # merge in any options defined via thor
219
- opts.merge!(options)
220
-
221
- # parse reporter options
222
- opts = BaseCLI.parse_reporters(opts) if %i(exec shell).include?(type)
223
-
224
- Thor::CoreExt::HashWithIndifferentAccess.new(opts)
225
- end
226
-
227
- def options_json
228
- conffile = options['json_config']
229
- @json ||= conffile ? read_config(conffile) : {}
230
- end
231
-
232
- def read_config(file)
233
- if file == '-'
234
- puts 'WARN: reading JSON config from standard input' if STDIN.tty?
235
- config = STDIN.read
236
- else
237
- config = File.read(file)
238
- end
239
-
240
- JSON.parse(config)
241
- rescue JSON::ParserError => e
242
- puts "Failed to load JSON configuration: #{e}\nConfig was: #{config.inspect}"
243
- exit 1
244
- end
245
-
246
- # get the log level
247
- # DEBUG < INFO < WARN < ERROR < FATAL < UNKNOWN
248
- def get_log_level(level)
249
- valid = %w{debug info warn error fatal}
250
-
251
- if valid.include?(level)
252
- l = level
253
- else
254
- l = 'info'
255
- end
256
-
257
- Logger.const_get(l.upcase)
258
- end
259
-
260
- def pretty_handle_exception(exception)
261
- case exception
262
- when Inspec::Error
263
- $stderr.puts exception.message
264
- exit(1)
265
- else
266
- raise exception
267
- end
268
- end
269
-
270
- def vendor_deps(path, opts)
271
- profile_path = path || Dir.pwd
272
- profile_vendor = Inspec::ProfileVendor.new(profile_path)
273
-
274
- if (profile_vendor.cache_path.exist? || profile_vendor.lockfile.exist?) && !opts[:overwrite]
275
- puts 'Profile is already vendored. Use --overwrite.'
276
- return false
277
- end
278
-
279
- profile_vendor.vendor!
280
- puts "Dependencies for profile #{profile_path} successfully vendored to #{profile_vendor.cache_path}"
281
- rescue StandardError => e
282
- pretty_handle_exception(e)
283
- end
284
-
285
- def configure_logger(o)
286
- #
287
- # TODO(ssd): This is a big gross, but this configures the
288
- # logging singleton Inspec::Log. Eventually it would be nice to
289
- # move internal debug logging to use this logging singleton.
290
- #
291
- loc = if o.log_location
292
- o.log_location
293
- elsif suppress_log_output?(o)
294
- STDERR
295
- else
296
- STDOUT
297
- end
298
-
299
- Inspec::Log.init(loc)
300
- Inspec::Log.level = get_log_level(o.log_level)
301
-
302
- o[:logger] = Logger.new(STDOUT)
303
- # output json if we have activated the json formatter
304
- if o['log-format'] == 'json'
305
- o[:logger].formatter = Logger::JSONFormatter.new
306
- end
307
- o[:logger].level = get_log_level(o.log_level)
308
- end
309
-
310
- def mark_text(text)
311
- "\e[0;36m#{text}\e[0m"
312
- end
313
-
314
- def headline(title)
315
- puts "\n== #{title}\n\n"
316
- end
317
-
318
- def li(entry)
319
- puts " #{mark_text('*')} #{entry}"
320
- end
321
- end
322
- end
1
+ # encoding: utf-8
2
+ # author: Christoph Hartmann
3
+ # author: Dominik Richter
4
+
5
+ require 'thor'
6
+ require 'inspec/log'
7
+ require 'inspec/profile_vendor'
8
+
9
+ module Inspec
10
+ class BaseCLI < Thor
11
+ def self.target_options
12
+ option :target, aliases: :t, type: :string,
13
+ desc: 'Simple targeting option using URIs, e.g. ssh://user:pass@host:port'
14
+ option :backend, aliases: :b, type: :string,
15
+ desc: 'Choose a backend: local, ssh, winrm, docker.'
16
+ option :host, type: :string,
17
+ desc: 'Specify a remote host which is tested.'
18
+ option :port, aliases: :p, type: :numeric,
19
+ desc: 'Specify the login port for a remote scan.'
20
+ option :user, type: :string,
21
+ desc: 'The login user for a remote scan.'
22
+ option :password, type: :string, lazy_default: -1,
23
+ desc: 'Login password for a remote scan, if required.'
24
+ option :key_files, aliases: :i, type: :array,
25
+ desc: 'Login key or certificate file for a remote scan.'
26
+ option :path, type: :string,
27
+ desc: 'Login path to use when connecting to the target (WinRM).'
28
+ option :sudo, type: :boolean,
29
+ desc: 'Run scans with sudo. Only activates on Unix and non-root user.'
30
+ option :sudo_password, type: :string, lazy_default: -1,
31
+ desc: 'Specify a sudo password, if it is required.'
32
+ option :sudo_options, type: :string,
33
+ desc: 'Additional sudo options for a remote scan.'
34
+ option :sudo_command, type: :string,
35
+ desc: 'Alternate command for sudo.'
36
+ option :shell, type: :boolean,
37
+ desc: 'Run scans in a subshell. Only activates on Unix.'
38
+ option :shell_options, type: :string,
39
+ desc: 'Additional shell options.'
40
+ option :shell_command, type: :string,
41
+ desc: 'Specify a particular shell to use.'
42
+ option :ssl, type: :boolean,
43
+ desc: 'Use SSL for transport layer encryption (WinRM).'
44
+ option :self_signed, type: :boolean,
45
+ desc: 'Allow remote scans with self-signed certificates (WinRM).'
46
+ option :json_config, type: :string,
47
+ desc: 'Read configuration from JSON file (`-` reads from stdin).'
48
+ end
49
+
50
+ def self.profile_options
51
+ option :profiles_path, type: :string,
52
+ desc: 'Folder which contains referenced profiles.'
53
+ end
54
+
55
+ def self.exec_options
56
+ target_options
57
+ profile_options
58
+ option :controls, type: :array,
59
+ desc: 'A list of controls to run. Ignore all other tests.'
60
+ option :format, type: :string,
61
+ desc: '[DEPRECATED] Please use --reporter - this will be removed in InSpec 3.0'
62
+ option :reporter, type: :array,
63
+ banner: 'one two:/output/file/path',
64
+ desc: 'Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit'
65
+ option :color, type: :boolean,
66
+ desc: 'Use colors in output.'
67
+ option :attrs, type: :array,
68
+ desc: 'Load attributes file (experimental)'
69
+ option :cache, type: :string,
70
+ desc: '[DEPRECATED] Please use --vendor-cache - this will be removed in InSpec 2.0'
71
+ option :vendor_cache, type: :string,
72
+ desc: 'Use the given path for caching dependencies. (default: ~/.inspec/cache)'
73
+ option :create_lockfile, type: :boolean,
74
+ desc: 'Write out a lockfile based on this execution (unless one already exists)'
75
+ option :backend_cache, type: :boolean,
76
+ desc: 'Allow caching for backend command output.'
77
+ option :show_progress, type: :boolean,
78
+ desc: 'Show progress while executing tests.'
79
+ end
80
+
81
+ def self.default_options
82
+ {
83
+ exec: {
84
+ 'reporter' => ['cli'],
85
+ 'show_progress' => false,
86
+ 'color' => true,
87
+ 'create_lockfile' => true,
88
+ 'backend_cache' => false,
89
+ },
90
+ shell: {
91
+ 'reporter' => ['cli'],
92
+ },
93
+ }
94
+ end
95
+
96
+ def self.parse_reporters(opts)
97
+ # merge in any legacy formats as reporter
98
+ # this method will only be used for ad-hoc runners
99
+ if !opts['format'].nil? && opts['reporter'].nil?
100
+ warn '[DEPRECATED] The option --format is being is being deprecated and will be removed in inspec 3.0. Please use --reporter'
101
+ opts['reporter'] = Array(opts['format'])
102
+ opts.delete('format')
103
+ end
104
+
105
+ # parse out cli to proper report format
106
+ if opts['reporter'].is_a?(Array)
107
+ reports = {}
108
+ opts['reporter'].each do |report|
109
+ reporter_name, target = report.split(':')
110
+ if target.nil? || target.strip == '-'
111
+ reports[reporter_name] = { 'stdout' => true }
112
+ else
113
+ reports[reporter_name] = {
114
+ 'file' => target,
115
+ 'stdout' => false,
116
+ }
117
+ end
118
+ end
119
+ opts['reporter'] = reports
120
+ end
121
+
122
+ # add in stdout if not specified
123
+ if opts['reporter'].is_a?(Hash)
124
+ opts['reporter'].each do |reporter_name, config|
125
+ opts['reporter'][reporter_name] = {} if config.nil?
126
+ opts['reporter'][reporter_name]['stdout'] = true if opts['reporter'][reporter_name].empty?
127
+ end
128
+ end
129
+
130
+ validate_reporters(opts['reporter'])
131
+ opts
132
+ end
133
+
134
+ def self.validate_reporters(reporters)
135
+ return if reporters.nil?
136
+
137
+ valid_types = [
138
+ 'json',
139
+ 'json-min',
140
+ 'json-rspec',
141
+ 'cli',
142
+ 'junit',
143
+ 'html',
144
+ 'documentation',
145
+ 'progress',
146
+ ]
147
+
148
+ reporters.each do |k, _v|
149
+ raise NotImplementedError, "'#{k}' is not a valid reporter type." unless valid_types.include?(k)
150
+ end
151
+
152
+ # check to make sure we are only reporting one type to stdout
153
+ stdout = 0
154
+ reporters.each_value do |v|
155
+ stdout += 1 if v['stdout'] == true
156
+ end
157
+
158
+ raise ArgumentError, 'The option --reporter can only have a single report outputting to stdout.' if stdout > 1
159
+ end
160
+
161
+ private
162
+
163
+ def suppress_log_output?(opts)
164
+ return false if opts['reporter'].nil?
165
+ match = %w{json json-min json-rspec junit html} & opts['reporter'].keys
166
+ unless match.empty?
167
+ match.each do |m|
168
+ # check to see if we are outputting to stdout
169
+ return true if opts['reporter'][m]['stdout'] == true
170
+ end
171
+ end
172
+ false
173
+ end
174
+
175
+ def diagnose(opts)
176
+ return unless opts['diagnose']
177
+ puts "InSpec version: #{Inspec::VERSION}"
178
+ puts "Train version: #{Train::VERSION}"
179
+ puts 'Command line configuration:'
180
+ pp options
181
+ puts 'JSON configuration file:'
182
+ pp options_json
183
+ puts 'Merged configuration:'
184
+ pp opts
185
+ puts
186
+ end
187
+
188
+ def opts(type = nil)
189
+ o = merged_opts(type)
190
+
191
+ # Due to limitations in Thor it is not possible to set an argument to be
192
+ # both optional and its value to be mandatory. E.g. the user supplying
193
+ # the --password argument is optional and not always required, but
194
+ # whenever it is used, it requires a value. Handle options that were
195
+ # defined above and require a value here:
196
+ %w{password sudo-password}.each do |v|
197
+ id = v.tr('-', '_').to_sym
198
+ next unless o[id] == -1
199
+ raise ArgumentError, "Please provide a value for --#{v}. For example: --#{v}=hello."
200
+ end
201
+
202
+ o
203
+ end
204
+
205
+ def merged_opts(type = nil)
206
+ opts = {}
207
+ opts[:type] = type unless type.nil?
208
+
209
+ # start with default options if we have any
210
+ opts = BaseCLI.default_options[type] unless type.nil? || BaseCLI.default_options[type].nil?
211
+
212
+ # merge in any options from json-config
213
+ json_config = options_json
214
+ opts.merge!(json_config)
215
+
216
+ # remove the default reporter if we are setting a legacy format on the cli
217
+ # or via json-config
218
+ opts.delete('reporter') if options['format'] || json_config['format']
219
+
220
+ # merge in any options defined via thor
221
+ opts.merge!(options)
222
+
223
+ # parse reporter options
224
+ opts = BaseCLI.parse_reporters(opts) if %i(exec shell).include?(type)
225
+
226
+ Thor::CoreExt::HashWithIndifferentAccess.new(opts)
227
+ end
228
+
229
+ def options_json
230
+ conffile = options['json_config']
231
+ @json ||= conffile ? read_config(conffile) : {}
232
+ end
233
+
234
+ def read_config(file)
235
+ if file == '-'
236
+ puts 'WARN: reading JSON config from standard input' if STDIN.tty?
237
+ config = STDIN.read
238
+ else
239
+ config = File.read(file)
240
+ end
241
+
242
+ JSON.parse(config)
243
+ rescue JSON::ParserError => e
244
+ puts "Failed to load JSON configuration: #{e}\nConfig was: #{config.inspect}"
245
+ exit 1
246
+ end
247
+
248
+ # get the log level
249
+ # DEBUG < INFO < WARN < ERROR < FATAL < UNKNOWN
250
+ def get_log_level(level)
251
+ valid = %w{debug info warn error fatal}
252
+
253
+ if valid.include?(level)
254
+ l = level
255
+ else
256
+ l = 'info'
257
+ end
258
+
259
+ Logger.const_get(l.upcase)
260
+ end
261
+
262
+ def pretty_handle_exception(exception)
263
+ case exception
264
+ when Inspec::Error
265
+ $stderr.puts exception.message
266
+ exit(1)
267
+ else
268
+ raise exception
269
+ end
270
+ end
271
+
272
+ def vendor_deps(path, opts)
273
+ profile_path = path || Dir.pwd
274
+ profile_vendor = Inspec::ProfileVendor.new(profile_path)
275
+
276
+ if (profile_vendor.cache_path.exist? || profile_vendor.lockfile.exist?) && !opts[:overwrite]
277
+ puts 'Profile is already vendored. Use --overwrite.'
278
+ return false
279
+ end
280
+
281
+ profile_vendor.vendor!
282
+ puts "Dependencies for profile #{profile_path} successfully vendored to #{profile_vendor.cache_path}"
283
+ rescue StandardError => e
284
+ pretty_handle_exception(e)
285
+ end
286
+
287
+ def configure_logger(o)
288
+ #
289
+ # TODO(ssd): This is a big gross, but this configures the
290
+ # logging singleton Inspec::Log. Eventually it would be nice to
291
+ # move internal debug logging to use this logging singleton.
292
+ #
293
+ loc = if o.log_location
294
+ o.log_location
295
+ elsif suppress_log_output?(o)
296
+ STDERR
297
+ else
298
+ STDOUT
299
+ end
300
+
301
+ Inspec::Log.init(loc)
302
+ Inspec::Log.level = get_log_level(o.log_level)
303
+
304
+ o[:logger] = Logger.new(loc)
305
+ # output json if we have activated the json formatter
306
+ if o['log-format'] == 'json'
307
+ o[:logger].formatter = Logger::JSONFormatter.new
308
+ end
309
+ o[:logger].level = get_log_level(o.log_level)
310
+ end
311
+
312
+ def mark_text(text)
313
+ "\e[0;36m#{text}\e[0m"
314
+ end
315
+
316
+ def headline(title)
317
+ puts "\n== #{title}\n\n"
318
+ end
319
+
320
+ def li(entry)
321
+ puts " #{mark_text('*')} #{entry}"
322
+ end
323
+ end
324
+ end