RubyGems - inspec - Versions diffs - 2.0.16 → 2.0.17 - Mend

inspec 2.0.16 → 2.0.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (480) hide show

checksums.yaml +4 -4
data/.rubocop.yml +101 -101
data/CHANGELOG.md +2949 -2944
data/Gemfile +55 -55
data/LICENSE +14 -14
data/MAINTAINERS.md +31 -31
data/MAINTAINERS.toml +47 -47
data/README.md +438 -438
data/Rakefile +284 -284
data/bin/inspec +12 -12
data/docs/.gitignore +2 -2
data/docs/README.md +40 -40
data/docs/dsl_inspec.md +258 -258
data/docs/dsl_resource.md +93 -93
data/docs/glossary.md +99 -99
data/docs/habitat.md +191 -191
data/docs/inspec_and_friends.md +107 -107
data/docs/matchers.md +165 -165
data/docs/migration.md +293 -293
data/docs/platforms.md +118 -118
data/docs/plugin_kitchen_inspec.md +49 -49
data/docs/profiles.md +370 -370
data/docs/reporters.md +105 -105
data/docs/resources/aide_conf.md.erb +75 -75
data/docs/resources/apache.md.erb +67 -67
data/docs/resources/apache_conf.md.erb +68 -68
data/docs/resources/apt.md.erb +71 -71
data/docs/resources/audit_policy.md.erb +47 -47
data/docs/resources/auditd.md.erb +79 -79
data/docs/resources/auditd_conf.md.erb +68 -68
data/docs/resources/aws_cloudtrail_trail.md.erb +140 -140
data/docs/resources/aws_cloudtrail_trails.md.erb +81 -81
data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -86
data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -151
data/docs/resources/aws_ec2_instance.md.erb +106 -106
data/docs/resources/aws_iam_access_key.md.erb +123 -123
data/docs/resources/aws_iam_access_keys.md.erb +198 -198
data/docs/resources/aws_iam_group.md.erb +46 -46
data/docs/resources/aws_iam_groups.md.erb +43 -43
data/docs/resources/aws_iam_password_policy.md.erb +76 -76
data/docs/resources/aws_iam_policies.md.erb +82 -82
data/docs/resources/aws_iam_policy.md.erb +146 -146
data/docs/resources/aws_iam_role.md.erb +65 -65
data/docs/resources/aws_iam_root_user.md.erb +58 -58
data/docs/resources/aws_iam_user.md.erb +64 -64
data/docs/resources/aws_iam_users.md.erb +89 -89
data/docs/resources/aws_kms_keys.md.erb +84 -84
data/docs/resources/aws_route_table.md.erb +47 -47
data/docs/resources/aws_s3_bucket.md.erb +134 -134
data/docs/resources/aws_security_group.md.erb +152 -152
data/docs/resources/aws_security_groups.md.erb +92 -92
data/docs/resources/aws_sns_topic.md.erb +62 -62
data/docs/resources/aws_subnet.md.erb +133 -133
data/docs/resources/aws_subnets.md.erb +126 -126
data/docs/resources/aws_vpc.md.erb +120 -120
data/docs/resources/aws_vpcs.md.erb +48 -48
data/docs/resources/azure_generic_resource.md.erb +170 -139
data/docs/resources/azure_resource_group.md.erb +284 -284
data/docs/resources/azure_virtual_machine.md.erb +347 -314
data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -182
data/docs/resources/bash.md.erb +75 -75
data/docs/resources/bond.md.erb +90 -90
data/docs/resources/bridge.md.erb +57 -57
data/docs/resources/bsd_service.md.erb +67 -67
data/docs/resources/command.md.erb +138 -138
data/docs/resources/cpan.md.erb +79 -79
data/docs/resources/cran.md.erb +64 -64
data/docs/resources/crontab.md.erb +88 -88
data/docs/resources/csv.md.erb +54 -54
data/docs/resources/dh_params.md.erb +217 -217
data/docs/resources/directory.md.erb +30 -30
data/docs/resources/docker.md.erb +164 -164
data/docs/resources/docker_container.md.erb +104 -104
data/docs/resources/docker_image.md.erb +94 -94
data/docs/resources/docker_service.md.erb +114 -114
data/docs/resources/elasticsearch.md.erb +242 -242
data/docs/resources/etc_fstab.md.erb +125 -125
data/docs/resources/etc_group.md.erb +75 -75
data/docs/resources/etc_hosts.md.erb +78 -78
data/docs/resources/etc_hosts_allow.md.erb +74 -74
data/docs/resources/etc_hosts_deny.md.erb +74 -74
data/docs/resources/file.md.erb +515 -515
data/docs/resources/filesystem.md.erb +41 -41
data/docs/resources/firewalld.md.erb +107 -107
data/docs/resources/gem.md.erb +79 -79
data/docs/resources/group.md.erb +61 -61
data/docs/resources/grub_conf.md.erb +101 -101
data/docs/resources/host.md.erb +78 -78
data/docs/resources/http.md.erb +101 -101
data/docs/resources/iis_app.md.erb +122 -122
data/docs/resources/iis_site.md.erb +135 -135
data/docs/resources/inetd_conf.md.erb +94 -94
data/docs/resources/ini.md.erb +76 -76
data/docs/resources/interface.md.erb +58 -58
data/docs/resources/iptables.md.erb +64 -64
data/docs/resources/json.md.erb +62 -62
data/docs/resources/kernel_module.md.erb +107 -107
data/docs/resources/kernel_parameter.md.erb +53 -53
data/docs/resources/key_rsa.md.erb +85 -85
data/docs/resources/launchd_service.md.erb +57 -57
data/docs/resources/limits_conf.md.erb +75 -75
data/docs/resources/login_def.md.erb +71 -71
data/docs/resources/mount.md.erb +69 -69
data/docs/resources/mssql_session.md.erb +60 -60
data/docs/resources/mysql_conf.md.erb +99 -99
data/docs/resources/mysql_session.md.erb +74 -74
data/docs/resources/nginx.md.erb +79 -79
data/docs/resources/nginx_conf.md.erb +128 -128
data/docs/resources/npm.md.erb +60 -60
data/docs/resources/ntp_conf.md.erb +60 -60
data/docs/resources/oneget.md.erb +53 -53
data/docs/resources/oracledb_session.md.erb +52 -52
data/docs/resources/os.md.erb +141 -141
data/docs/resources/os_env.md.erb +78 -78
data/docs/resources/package.md.erb +120 -120
data/docs/resources/packages.md.erb +67 -67
data/docs/resources/parse_config.md.erb +103 -103
data/docs/resources/parse_config_file.md.erb +138 -138
data/docs/resources/passwd.md.erb +141 -141
data/docs/resources/pip.md.erb +67 -67
data/docs/resources/port.md.erb +137 -137
data/docs/resources/postgres_conf.md.erb +79 -79
data/docs/resources/postgres_hba_conf.md.erb +93 -93
data/docs/resources/postgres_ident_conf.md.erb +76 -76
data/docs/resources/postgres_session.md.erb +69 -69
data/docs/resources/powershell.md.erb +102 -102
data/docs/resources/processes.md.erb +109 -109
data/docs/resources/rabbitmq_config.md.erb +41 -41
data/docs/resources/registry_key.md.erb +158 -158
data/docs/resources/runit_service.md.erb +57 -57
data/docs/resources/security_policy.md.erb +47 -47
data/docs/resources/service.md.erb +121 -121
data/docs/resources/shadow.md.erb +144 -144
data/docs/resources/ssh_config.md.erb +80 -80
data/docs/resources/sshd_config.md.erb +83 -83
data/docs/resources/ssl.md.erb +119 -119
data/docs/resources/sys_info.md.erb +42 -42
data/docs/resources/systemd_service.md.erb +57 -57
data/docs/resources/sysv_service.md.erb +57 -57
data/docs/resources/upstart_service.md.erb +57 -57
data/docs/resources/user.md.erb +140 -140
data/docs/resources/users.md.erb +127 -127
data/docs/resources/vbscript.md.erb +55 -55
data/docs/resources/virtualization.md.erb +57 -57
data/docs/resources/windows_feature.md.erb +47 -47
data/docs/resources/windows_hotfix.md.erb +53 -53
data/docs/resources/windows_task.md.erb +95 -95
data/docs/resources/wmi.md.erb +81 -81
data/docs/resources/x509_certificate.md.erb +151 -151
data/docs/resources/xinetd_conf.md.erb +156 -156
data/docs/resources/xml.md.erb +85 -85
data/docs/resources/yaml.md.erb +69 -69
data/docs/resources/yum.md.erb +98 -98
data/docs/resources/zfs_dataset.md.erb +53 -53
data/docs/resources/zfs_pool.md.erb +47 -47
data/docs/ruby_usage.md +203 -203
data/docs/shared/matcher_be.md.erb +1 -1
data/docs/shared/matcher_cmp.md.erb +43 -43
data/docs/shared/matcher_eq.md.erb +3 -3
data/docs/shared/matcher_include.md.erb +1 -1
data/docs/shared/matcher_match.md.erb +1 -1
data/docs/shell.md +172 -172
data/examples/README.md +8 -8
data/examples/inheritance/README.md +65 -65
data/examples/inheritance/controls/example.rb +14 -14
data/examples/inheritance/inspec.yml +15 -15
data/examples/kitchen-ansible/.kitchen.yml +25 -25
data/examples/kitchen-ansible/Gemfile +19 -19
data/examples/kitchen-ansible/README.md +53 -53
data/examples/kitchen-ansible/files/nginx.repo +6 -6
data/examples/kitchen-ansible/tasks/main.yml +16 -16
data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
data/examples/kitchen-chef/.kitchen.yml +20 -20
data/examples/kitchen-chef/Berksfile +3 -3
data/examples/kitchen-chef/Gemfile +19 -19
data/examples/kitchen-chef/README.md +27 -27
data/examples/kitchen-chef/metadata.rb +7 -7
data/examples/kitchen-chef/recipes/default.rb +6 -6
data/examples/kitchen-chef/recipes/nginx.rb +30 -30
data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
data/examples/kitchen-puppet/.kitchen.yml +22 -22
data/examples/kitchen-puppet/Gemfile +20 -20
data/examples/kitchen-puppet/Puppetfile +25 -25
data/examples/kitchen-puppet/README.md +53 -53
data/examples/kitchen-puppet/manifests/site.pp +33 -33
data/examples/kitchen-puppet/metadata.json +11 -11
data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
data/examples/meta-profile/README.md +37 -37
data/examples/meta-profile/controls/example.rb +13 -13
data/examples/meta-profile/inspec.yml +13 -13
data/examples/profile-attribute.yml +2 -2
data/examples/profile-attribute/README.md +14 -14
data/examples/profile-attribute/controls/example.rb +11 -11
data/examples/profile-attribute/inspec.yml +8 -8
data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
data/examples/profile-aws/inspec.yml +11 -11
data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
data/examples/profile-azure/inspec.yml +11 -11
data/examples/profile-sensitive/README.md +29 -29
data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
data/examples/profile-sensitive/controls/sensitive.rb +9 -9
data/examples/profile-sensitive/inspec.yml +8 -8
data/examples/profile/README.md +48 -48
data/examples/profile/controls/example.rb +23 -23
data/examples/profile/controls/gordon.rb +36 -36
data/examples/profile/controls/meta.rb +34 -34
data/examples/profile/inspec.yml +10 -10
data/examples/profile/libraries/gordon_config.rb +53 -53
data/inspec.gemspec +47 -47
data/lib/bundles/README.md +3 -3
data/lib/bundles/inspec-artifact.rb +7 -7
data/lib/bundles/inspec-artifact/README.md +1 -1
data/lib/bundles/inspec-artifact/cli.rb +277 -277
data/lib/bundles/inspec-compliance.rb +16 -16
data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
data/lib/bundles/inspec-compliance/README.md +185 -185
data/lib/bundles/inspec-compliance/api.rb +316 -316
data/lib/bundles/inspec-compliance/api/login.rb +152 -152
data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
data/lib/bundles/inspec-compliance/cli.rb +254 -254
data/lib/bundles/inspec-compliance/configuration.rb +103 -103
data/lib/bundles/inspec-compliance/http.rb +86 -86
data/lib/bundles/inspec-compliance/support.rb +36 -36
data/lib/bundles/inspec-compliance/target.rb +98 -98
data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
data/lib/bundles/inspec-habitat.rb +12 -12
data/lib/bundles/inspec-habitat/cli.rb +36 -36
data/lib/bundles/inspec-habitat/log.rb +10 -10
data/lib/bundles/inspec-habitat/profile.rb +390 -390
data/lib/bundles/inspec-init.rb +8 -8
data/lib/bundles/inspec-init/README.md +31 -31
data/lib/bundles/inspec-init/cli.rb +97 -97
data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
data/lib/bundles/inspec-supermarket.rb +13 -13
data/lib/bundles/inspec-supermarket/README.md +45 -45
data/lib/bundles/inspec-supermarket/api.rb +84 -84
data/lib/bundles/inspec-supermarket/cli.rb +73 -73
data/lib/bundles/inspec-supermarket/target.rb +34 -34
data/lib/fetchers/git.rb +163 -163
data/lib/fetchers/local.rb +74 -74
data/lib/fetchers/mock.rb +35 -35
data/lib/fetchers/url.rb +204 -204
data/lib/inspec.rb +24 -24
data/lib/inspec/archive/tar.rb +29 -29
data/lib/inspec/archive/zip.rb +19 -19
data/lib/inspec/backend.rb +92 -92
data/lib/inspec/base_cli.rb +350 -333
data/lib/inspec/cached_fetcher.rb +66 -66
data/lib/inspec/cli.rb +292 -302
data/lib/inspec/completions/bash.sh.erb +45 -45
data/lib/inspec/completions/fish.sh.erb +34 -34
data/lib/inspec/completions/zsh.sh.erb +61 -61
data/lib/inspec/control_eval_context.rb +179 -179
data/lib/inspec/dependencies/cache.rb +72 -72
data/lib/inspec/dependencies/dependency_set.rb +92 -92
data/lib/inspec/dependencies/lockfile.rb +115 -115
data/lib/inspec/dependencies/requirement.rb +123 -123
data/lib/inspec/dependencies/resolver.rb +86 -86
data/lib/inspec/describe.rb +27 -27
data/lib/inspec/dsl.rb +66 -66
data/lib/inspec/dsl_shared.rb +33 -33
data/lib/inspec/env_printer.rb +157 -157
data/lib/inspec/errors.rb +13 -13
data/lib/inspec/exceptions.rb +12 -12
data/lib/inspec/expect.rb +45 -45
data/lib/inspec/fetcher.rb +45 -45
data/lib/inspec/file_provider.rb +275 -275
data/lib/inspec/formatters.rb +3 -3
data/lib/inspec/formatters/base.rb +250 -250
data/lib/inspec/formatters/json_rspec.rb +20 -20
data/lib/inspec/formatters/show_progress.rb +12 -12
data/lib/inspec/library_eval_context.rb +58 -58
data/lib/inspec/log.rb +11 -11
data/lib/inspec/metadata.rb +247 -247
data/lib/inspec/method_source.rb +24 -24
data/lib/inspec/objects.rb +14 -14
data/lib/inspec/objects/attribute.rb +65 -65
data/lib/inspec/objects/control.rb +61 -61
data/lib/inspec/objects/describe.rb +92 -92
data/lib/inspec/objects/each_loop.rb +36 -36
data/lib/inspec/objects/list.rb +15 -15
data/lib/inspec/objects/or_test.rb +40 -40
data/lib/inspec/objects/ruby_helper.rb +15 -15
data/lib/inspec/objects/tag.rb +27 -27
data/lib/inspec/objects/test.rb +87 -87
data/lib/inspec/objects/value.rb +27 -27
data/lib/inspec/plugins.rb +60 -60
data/lib/inspec/plugins/cli.rb +24 -24
data/lib/inspec/plugins/fetcher.rb +86 -86
data/lib/inspec/plugins/resource.rb +133 -133
data/lib/inspec/plugins/secret.rb +15 -15
data/lib/inspec/plugins/source_reader.rb +40 -40
data/lib/inspec/polyfill.rb +12 -12
data/lib/inspec/profile.rb +510 -510
data/lib/inspec/profile_context.rb +207 -207
data/lib/inspec/profile_vendor.rb +66 -66
data/lib/inspec/reporters.rb +50 -50
data/lib/inspec/reporters/base.rb +24 -24
data/lib/inspec/reporters/cli.rb +356 -356
data/lib/inspec/reporters/json.rb +116 -116
data/lib/inspec/reporters/json_min.rb +48 -48
data/lib/inspec/reporters/junit.rb +77 -77
data/lib/inspec/require_loader.rb +33 -33
data/lib/inspec/resource.rb +186 -186
data/lib/inspec/rule.rb +266 -266
data/lib/inspec/runner.rb +344 -344
data/lib/inspec/runner_mock.rb +41 -41
data/lib/inspec/runner_rspec.rb +174 -174
data/lib/inspec/runtime_profile.rb +26 -26
data/lib/inspec/schema.rb +213 -213
data/lib/inspec/secrets.rb +19 -19
data/lib/inspec/secrets/yaml.rb +30 -30
data/lib/inspec/shell.rb +220 -223
data/lib/inspec/shell_detector.rb +90 -90
data/lib/inspec/source_reader.rb +29 -29
data/lib/inspec/version.rb +8 -8
data/lib/matchers/matchers.rb +339 -339
data/lib/resource_support/aws.rb +40 -40
data/lib/resource_support/aws/aws_backend_base.rb +12 -12
data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
data/lib/resources/aide_conf.rb +160 -160
data/lib/resources/apache.rb +48 -48
data/lib/resources/apache_conf.rb +156 -156
data/lib/resources/apt.rb +149 -149
data/lib/resources/audit_policy.rb +63 -63
data/lib/resources/auditd.rb +231 -231
data/lib/resources/auditd_conf.rb +55 -55
data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -77
data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
data/lib/resources/aws/aws_ec2_instance.rb +157 -157
data/lib/resources/aws/aws_iam_access_key.rb +106 -106
data/lib/resources/aws/aws_iam_access_keys.rb +144 -144
data/lib/resources/aws/aws_iam_group.rb +56 -56
data/lib/resources/aws/aws_iam_groups.rb +45 -45
data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
data/lib/resources/aws/aws_iam_policies.rb +46 -46
data/lib/resources/aws/aws_iam_policy.rb +119 -119
data/lib/resources/aws/aws_iam_role.rb +51 -51
data/lib/resources/aws/aws_iam_root_user.rb +60 -60
data/lib/resources/aws/aws_iam_user.rb +111 -111
data/lib/resources/aws/aws_iam_users.rb +96 -96
data/lib/resources/aws/aws_kms_keys.rb +46 -46
data/lib/resources/aws/aws_route_table.rb +61 -61
data/lib/resources/aws/aws_s3_bucket.rb +115 -115
data/lib/resources/aws/aws_security_group.rb +93 -93
data/lib/resources/aws/aws_security_groups.rb +68 -68
data/lib/resources/aws/aws_sns_topic.rb +53 -53
data/lib/resources/aws/aws_subnet.rb +88 -88
data/lib/resources/aws/aws_subnets.rb +53 -53
data/lib/resources/aws/aws_vpc.rb +69 -69
data/lib/resources/aws/aws_vpcs.rb +45 -45
data/lib/resources/azure/azure_backend.rb +377 -377
data/lib/resources/azure/azure_generic_resource.rb +59 -59
data/lib/resources/azure/azure_resource_group.rb +152 -152
data/lib/resources/azure/azure_virtual_machine.rb +264 -264
data/lib/resources/azure/azure_virtual_machine_data_disk.rb +136 -136
data/lib/resources/bash.rb +35 -35
data/lib/resources/bond.rb +68 -68
data/lib/resources/bridge.rb +122 -122
data/lib/resources/command.rb +69 -69
data/lib/resources/cpan.rb +58 -58
data/lib/resources/cran.rb +64 -64
data/lib/resources/crontab.rb +170 -170
data/lib/resources/csv.rb +60 -60
data/lib/resources/dh_params.rb +82 -82
data/lib/resources/directory.rb +25 -25
data/lib/resources/docker.rb +236 -236
data/lib/resources/docker_container.rb +89 -89
data/lib/resources/docker_image.rb +83 -83
data/lib/resources/docker_object.rb +57 -57
data/lib/resources/docker_service.rb +90 -90
data/lib/resources/elasticsearch.rb +169 -169
data/lib/resources/etc_fstab.rb +102 -102
data/lib/resources/etc_group.rb +156 -156
data/lib/resources/etc_hosts.rb +81 -81
data/lib/resources/etc_hosts_allow_deny.rb +123 -123
data/lib/resources/file.rb +298 -298
data/lib/resources/filesystem.rb +31 -31
data/lib/resources/firewalld.rb +144 -144
data/lib/resources/gem.rb +70 -70
data/lib/resources/groups.rb +215 -215
data/lib/resources/grub_conf.rb +237 -237
data/lib/resources/host.rb +300 -300
data/lib/resources/http.rb +250 -250
data/lib/resources/iis_app.rb +104 -104
data/lib/resources/iis_site.rb +148 -148
data/lib/resources/inetd_conf.rb +62 -62
data/lib/resources/ini.rb +29 -29
data/lib/resources/interface.rb +129 -129
data/lib/resources/iptables.rb +69 -69
data/lib/resources/json.rb +117 -117
data/lib/resources/kernel_module.rb +107 -107
data/lib/resources/kernel_parameter.rb +58 -58
data/lib/resources/key_rsa.rb +67 -67
data/lib/resources/limits_conf.rb +55 -55
data/lib/resources/login_def.rb +66 -66
data/lib/resources/mount.rb +88 -88
data/lib/resources/mssql_session.rb +101 -101
data/lib/resources/mysql.rb +81 -81
data/lib/resources/mysql_conf.rb +134 -134
data/lib/resources/mysql_session.rb +71 -71
data/lib/resources/nginx.rb +96 -96
data/lib/resources/nginx_conf.rb +227 -227
data/lib/resources/npm.rb +48 -48
data/lib/resources/ntp_conf.rb +58 -58
data/lib/resources/oneget.rb +71 -71
data/lib/resources/oracledb_session.rb +139 -139
data/lib/resources/os.rb +36 -36
data/lib/resources/os_env.rb +76 -76
data/lib/resources/package.rb +363 -363
data/lib/resources/packages.rb +111 -111
data/lib/resources/parse_config.rb +116 -116
data/lib/resources/passwd.rb +74 -74
data/lib/resources/pip.rb +89 -89
data/lib/resources/platform.rb +109 -109
data/lib/resources/port.rb +771 -771
data/lib/resources/postgres.rb +130 -130
data/lib/resources/postgres_conf.rb +121 -121
data/lib/resources/postgres_hba_conf.rb +100 -100
data/lib/resources/postgres_ident_conf.rb +78 -78
data/lib/resources/postgres_session.rb +71 -71
data/lib/resources/powershell.rb +57 -57
data/lib/resources/processes.rb +204 -204
data/lib/resources/rabbitmq_conf.rb +52 -52
data/lib/resources/registry_key.rb +296 -296
data/lib/resources/security_policy.rb +180 -180
data/lib/resources/service.rb +789 -789
data/lib/resources/shadow.rb +140 -140
data/lib/resources/ssh_conf.rb +102 -102
data/lib/resources/ssl.rb +99 -99
data/lib/resources/sys_info.rb +28 -28
data/lib/resources/toml.rb +32 -32
data/lib/resources/users.rb +654 -654
data/lib/resources/vbscript.rb +69 -69
data/lib/resources/virtualization.rb +251 -251
data/lib/resources/windows_feature.rb +84 -84
data/lib/resources/windows_hotfix.rb +35 -35
data/lib/resources/windows_task.rb +105 -105
data/lib/resources/wmi.rb +113 -113
data/lib/resources/x509_certificate.rb +143 -143
data/lib/resources/xinetd.rb +111 -111
data/lib/resources/xml.rb +46 -46
data/lib/resources/yaml.rb +47 -47
data/lib/resources/yum.rb +180 -180
data/lib/resources/zfs_dataset.rb +60 -60
data/lib/resources/zfs_pool.rb +49 -49
data/lib/source_readers/flat.rb +39 -39
data/lib/source_readers/inspec.rb +75 -75
data/lib/utils/command_wrapper.rb +27 -27
data/lib/utils/convert.rb +12 -12
data/lib/utils/database_helpers.rb +77 -77
data/lib/utils/erlang_parser.rb +192 -192
data/lib/utils/filter.rb +272 -272
data/lib/utils/filter_array.rb +27 -27
data/lib/utils/find_files.rb +44 -44
data/lib/utils/hash.rb +41 -41
data/lib/utils/json_log.rb +18 -18
data/lib/utils/latest_version.rb +22 -22
data/lib/utils/modulator.rb +12 -12
data/lib/utils/nginx_parser.rb +85 -85
data/lib/utils/object_traversal.rb +49 -49
data/lib/utils/parser.rb +274 -274
data/lib/utils/plugin_registry.rb +93 -93
data/lib/utils/simpleconfig.rb +120 -120
data/lib/utils/spdx.rb +13 -13
data/lib/utils/spdx.txt +343 -343
metadata +1 -1

data/lib/resources/os.rb CHANGED

@@ -1,36 +1,36 @@
-# encoding: utf-8
-require 'resources/platform'
-module Inspec::Resources
-  class OSResource < PlatformResource
-    name 'os'
-    supports platform: 'unix'
-    supports platform: 'windows'
-    desc 'Use the os InSpec audit resource to test the platform on which the system is running.'
-    example "
-      describe os[:family] do
-        it { should eq 'redhat' }
-      end
-      describe os.redhat? do
-        it { should eq true }
-      end
-      describe os.linux? do
-        it { should eq true }
-      end
-    "
-    # reuse helper methods from backend
-    %w{aix? redhat? debian? suse? bsd? solaris? linux? unix? windows? hpux? darwin?}.each do |os_family|
-      define_method(os_family.to_sym) do
-        @platform.send(os_family)
-      end
-    end
-    def to_s
-      'Operating System Detection'
-    end
-  end
-end
+# encoding: utf-8
+require 'resources/platform'
+module Inspec::Resources
+  class OSResource < PlatformResource
+    name 'os'
+    supports platform: 'unix'
+    supports platform: 'windows'
+    desc 'Use the os InSpec audit resource to test the platform on which the system is running.'
+    example "
+      describe os[:family] do
+        it { should eq 'redhat' }
+      end
+      describe os.redhat? do
+        it { should eq true }
+      end
+      describe os.linux? do
+        it { should eq true }
+      end
+    "
+    # reuse helper methods from backend
+    %w{aix? redhat? debian? suse? bsd? solaris? linux? unix? windows? hpux? darwin?}.each do |os_family|
+      define_method(os_family.to_sym) do
+        @platform.send(os_family)
+      end
+    end
+    def to_s
+      'Operating System Detection'
+    end
+  end
+end

data/lib/resources/os_env.rb CHANGED

@@ -1,76 +1,76 @@
-# encoding: utf-8
-# copyright: 2015, Vulcano Security GmbH
-# Usage:
-#
-# describe os_env('PATH') do
-#   its('split') { should_not include('') }
-#   its('split') { should_not include('.') }
-# end
-require 'utils/simpleconfig'
-module Inspec::Resources
-  class OsEnv < Inspec.resource(1)
-    name 'os_env'
-    supports platform: 'unix'
-    supports platform: 'windows'
-    desc 'Use the os_env InSpec audit resource to test the environment variables for the platform on which the system is running.'
-    example "
-      describe os_env('VARIABLE') do
-        its('matcher') { should eq 1 }
-      end
-    "
-    attr_reader :content
-    def initialize(env = nil)
-      @osenv = env
-    end
-    def split
-      # we can't take advantage of `File::PATH_SEPARATOR` as code is
-      # evaluated on the host machine
-      path_separator = inspec.os.windows? ? ';' : ':'
-      # -1 is required to catch cases like dir1::dir2:
-      # where we have a trailing :
-      content.nil? ? [] : content.split(path_separator, -1)
-    end
-    def content
-      return @content if defined?(@content)
-      @content = value_for(@osenv) unless @osenv.nil?
-    end
-    def to_s
-      if @osenv.nil?
-        'Environment variables'
-      else
-        "Environment variable #{@osenv}"
-      end
-    end
-    private
-    def value_for(env)
-      command = if inspec.os.windows?
-                  "${Env:#{env}}"
-                else
-                  'env'
-                end
-      out = inspec.command(command)
-      unless out.exit_status == 0
-        skip_resource "Can't read environment variables on #{inspec.os.name}. "\
-          "Tried `#{command}` which returned #{out.exit_status}"
-      end
-      if inspec.os.windows?
-        out.stdout.strip
-      else
-        params = SimpleConfig.new(out.stdout).params
-        params[env]
-      end
-    end
-  end
-end
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# Usage:
+#
+# describe os_env('PATH') do
+#   its('split') { should_not include('') }
+#   its('split') { should_not include('.') }
+# end
+require 'utils/simpleconfig'
+module Inspec::Resources
+  class OsEnv < Inspec.resource(1)
+    name 'os_env'
+    supports platform: 'unix'
+    supports platform: 'windows'
+    desc 'Use the os_env InSpec audit resource to test the environment variables for the platform on which the system is running.'
+    example "
+      describe os_env('VARIABLE') do
+        its('matcher') { should eq 1 }
+      end
+    "
+    attr_reader :content
+    def initialize(env = nil)
+      @osenv = env
+    end
+    def split
+      # we can't take advantage of `File::PATH_SEPARATOR` as code is
+      # evaluated on the host machine
+      path_separator = inspec.os.windows? ? ';' : ':'
+      # -1 is required to catch cases like dir1::dir2:
+      # where we have a trailing :
+      content.nil? ? [] : content.split(path_separator, -1)
+    end
+    def content
+      return @content if defined?(@content)
+      @content = value_for(@osenv) unless @osenv.nil?
+    end
+    def to_s
+      if @osenv.nil?
+        'Environment variables'
+      else
+        "Environment variable #{@osenv}"
+      end
+    end
+    private
+    def value_for(env)
+      command = if inspec.os.windows?
+                  "${Env:#{env}}"
+                else
+                  'env'
+                end
+      out = inspec.command(command)
+      unless out.exit_status == 0
+        skip_resource "Can't read environment variables on #{inspec.os.name}. "\
+          "Tried `#{command}` which returned #{out.exit_status}"
+      end
+      if inspec.os.windows?
+        out.stdout.strip
+      else
+        params = SimpleConfig.new(out.stdout).params
+        params[env]
+      end
+    end
+  end
+end

data/lib/resources/package.rb CHANGED

@@ -1,363 +1,363 @@
-# encoding: utf-8
-# Resource to determine package information
-#
-# Usage:
-# describe package('nginx') do
-#   it { should be_installed }
-# end
-module Inspec::Resources
-  class Package < Inspec.resource(1)
-    name 'package'
-    supports platform: 'unix'
-    supports platform: 'windows'
-    desc 'Use the package InSpec audit resource to test if the named package and/or package version is installed on the system.'
-    example "
-      describe package('nginx') do
-        it { should be_installed }
-        it { should_not be_held } # for dpkg platforms that support holding a version from being upgraded
-        its('version') { should eq 1.9.5 }
-      end
-    "
-    def initialize(package_name, opts = {}) # rubocop:disable Metrics/AbcSize
-      @package_name = package_name
-      @name = @package_name
-      @cache = nil
-      # select package manager
-      @pkgman = nil
-      os = inspec.os
-      if os.debian?
-        @pkgman = Deb.new(inspec)
-      elsif os.redhat? || %w{suse amazon fedora}.include?(os[:family])
-        @pkgman = Rpm.new(inspec, opts)
-      elsif ['arch'].include?(os[:name])
-        @pkgman = Pacman.new(inspec)
-      elsif ['darwin'].include?(os[:family])
-        @pkgman = Brew.new(inspec)
-      elsif inspec.os.windows?
-        @pkgman = WindowsPkg.new(inspec)
-      elsif ['aix'].include?(os[:family])
-        @pkgman = BffPkg.new(inspec)
-      elsif os.solaris?
-        @pkgman = SolarisPkg.new(inspec)
-      elsif ['hpux'].include?(os[:family])
-        @pkgman = HpuxPkg.new(inspec)
-      else
-        raise Inspec::Exceptions::ResourceSkipped, 'The `package` resource is not supported on your OS yet.'
-      end
-      evaluate_missing_requirements
-    end
-    # returns true if the package is installed
-    def installed?(_provider = nil, _version = nil)
-      info[:installed] == true
-    end
-    # returns true it the package is held (if the OS supports it)
-    def held?(_provider = nil, _version = nil)
-      info[:held] == true
-    end
-    # returns the package description
-    def info
-      return @cache if !@cache.nil?
-      # All `@pkgman.info` methods return `{}`. This matches that
-      # behavior if `@pkgman` can't be determined, thus avoiding the
-      # `undefined method 'info' for nil:NilClass` error
-      return {} if @pkgman.nil?
-      @pkgman.info(@package_name)
-    end
-    # return the package version
-    def version
-      info = @pkgman.info(@package_name)
-      info[:version]
-    end
-    def to_s
-      "System Package #{@package_name}"
-    end
-    private
-    def evaluate_missing_requirements
-      missing_requirements_string = @pkgman.missing_requirements.uniq.join(', ')
-      return if missing_requirements_string.empty?
-      raise Inspec::Exceptions::ResourceSkipped, "The following requirements are not met for this resource: #{missing_requirements_string}"
-    end
-  end
-  class PkgManagement
-    attr_reader :inspec
-    def initialize(inspec)
-      @inspec = inspec
-    end
-    def missing_requirements
-      # Each provider can provide an Array of missing requirements that will be
-      # combined into a `ResourceSkipped` exception message.
-      []
-    end
-  end
-  # Debian / Ubuntu
-  class Deb < PkgManagement
-    def info(package_name)
-      cmd = inspec.command("dpkg -s #{package_name}")
-      return {} if cmd.exit_status.to_i != 0
-      params = SimpleConfig.new(
-        cmd.stdout.chomp,
-        assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
-        multiple_values: false,
-      ).params
-      # If the package is installed, Status is "install ok installed"
-      # If the package is installed and marked hold, Status is "hold ok installed"
-      # If the package is removed and not purged, Status is "deinstall ok config-files" with exit_status 0
-      # If the package is purged cmd fails with non-zero exit status
-      {
-        name: params['Package'],
-        installed: params['Status'].split(' ')[2] == 'installed',
-        held: params['Status'].split(' ')[0] == 'hold',
-        version: params['Version'],
-        type: 'deb',
-      }
-    end
-  end
-  # RHEL family
-  class Rpm < PkgManagement
-    def initialize(inspec, opts)
-      super(inspec)
-      @dbpath = opts.fetch(:rpm_dbpath, nil)
-    end
-    def missing_requirements
-      missing_requirements = []
-      unless @dbpath.nil? || inspec.directory(@dbpath).directory?
-        missing_requirements << "RPMDB #{@dbpath} does not exist"
-      end
-      missing_requirements
-    end
-    def info(package_name)
-      rpm_cmd = rpm_command(package_name)
-      cmd = inspec.command(rpm_cmd)
-      # CentOS does not return an error code if the package is not installed,
-      # therefore we need to check for emptyness
-      return {} if cmd.exit_status.to_i != 0 || cmd.stdout.chomp.empty?
-      params = SimpleConfig.new(
-        cmd.stdout.chomp,
-        assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
-        multiple_values: false,
-      ).params
-      # On some (all?) systems, the linebreak before the vendor line is missing
-      if params['Version'] =~ /\s*Vendor:/
-        v = params['Version'].split(' ')[0]
-      else
-        v = params['Version']
-      end
-      # On some (all?) systems, the linebreak before the build line is missing
-      if params['Release'] =~ /\s*Build Date:/
-        r = params['Release'].split(' ')[0]
-      else
-        r = params['Release']
-      end
-      {
-        name: params['Name'],
-        installed: true,
-        version: "#{v}-#{r}",
-        type: 'rpm',
-      }
-    end
-    private
-    def rpm_command(package_name)
-      cmd = ''
-      cmd += 'rpm -qia'
-      cmd += " --dbpath #{@dbpath}" if @dbpath
-      cmd += ' ' + package_name
-      cmd
-    end
-  end
-  # MacOS / Darwin implementation
-  class Brew < PkgManagement
-    def info(package_name)
-      brew_path = inspec.command('brew').exist? ? 'brew' : '/usr/local/bin/brew'
-      cmd = inspec.command("#{brew_path} info --json=v1 #{package_name}")
-      return {} if cmd.exit_status.to_i != 0
-      # parse data
-      pkg = JSON.parse(cmd.stdout)[0]
-      {
-        name: pkg['name'],
-        installed: true,
-        version: pkg['installed'][0]['version'],
-        type: 'brew',
-      }
-    rescue JSON::ParserError => e
-      raise Inspec::Exceptions::ResourceFailed,
-            'Failed to parse JSON from `brew` command. ' \
-            "Error: #{e}"
-    end
-  end
-  # Arch Linux
-  class Pacman < PkgManagement
-    def info(package_name)
-      cmd = inspec.command("pacman -Qi #{package_name}")
-      return {} if cmd.exit_status.to_i != 0
-      params = SimpleConfig.new(
-        cmd.stdout.chomp,
-        assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
-        multiple_values: false,
-      ).params
-      {
-        name: params['Name'],
-        installed: true,
-        version: params['Version'],
-        type: 'pacman',
-      }
-    end
-  end
-  class HpuxPkg < PkgManagement
-    def info(package_name)
-      cmd = inspec.command("swlist -l product | grep #{package_name}")
-      return {} if cmd.exit_status.to_i != 0
-      pkg = cmd.stdout.strip.split(' ')
-      {
-        name: pkg[0],
-        installed: true,
-        version: pkg[1],
-        type: 'pkg',
-      }
-    end
-  end
-  # Determines the installed packages on Windows using the Windows package registry entries.
-  # @see: http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/15/use-powershell-to-find-installed-software.aspx
-  class WindowsPkg < PkgManagement
-    def info(package_name)
-      search_paths = [
-        'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*',
-        'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*',
-      ]
-      # add 64 bit search paths
-      if inspec.os.arch == 'x86_64'
-        search_paths << 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*'
-        search_paths << 'HKCU:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*'
-      end
-      # Find the package
-      cmd = inspec.command <<-EOF.gsub(/^\s*/, '')
-        Get-ItemProperty (@("#{search_paths.join('", "')}") | Where-Object { Test-Path $_ }) |
-        Where-Object { $_.DisplayName -like "#{package_name}" -or $_.PSChildName -like "#{package_name}" } |
-        Select-Object -Property DisplayName,DisplayVersion | ConvertTo-Json
-      EOF
-      # We cannot rely on `exit_status` since PowerShell always exits 0 from the
-      # above command. Instead, if no package is found the output of the command
-      # will be `''` so we can use that to return `{}` to match the behavior of
-      # other package managers.
-      return {} if cmd.stdout == ''
-      begin
-        package = JSON.parse(cmd.stdout)
-      rescue JSON::ParserError => e
-        raise Inspec::Exceptions::ResourceFailed,
-              'Failed to parse JSON from PowerShell. ' \
-              "Error: #{e}"
-      end
-      # What if we match multiple packages?  just pick the first one for now.
-      package = package[0] if package.is_a?(Array)
-      {
-        name: package['DisplayName'],
-        installed: true,
-        version: package['DisplayVersion'],
-        type: 'windows',
-      }
-    end
-  end
-  # AIX
-  class BffPkg < PkgManagement
-    def info(package_name)
-      cmd = inspec.command("lslpp -cL #{package_name}")
-      return {} if cmd.exit_status.to_i != 0
-      bff_pkg = cmd.stdout.split("\n").last.split(':')
-      {
-        name:      bff_pkg[1],
-        installed: true,
-        version:   bff_pkg[2],
-        type:      'bff',
-      }
-    end
-  end
-  # Solaris
-  class SolarisPkg < PkgManagement
-    def info(package_name)
-      if inspec.os[:release].to_i <= 10
-        solaris10_info(package_name)
-      else
-        solaris11_info(package_name)
-      end
-    end
-    # solaris 10
-    def solaris10_info(package_name)
-      cmd = inspec.command("pkginfo -l #{package_name}")
-      return {} if cmd.exit_status.to_i != 0
-      params = SimpleConfig.new(
-        cmd.stdout.chomp,
-        assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
-        multiple_values: false,
-      ).params
-      # parse 11.10.0,REV=2006.05.18.01.46
-      v = params['VERSION'].split(',')
-      {
-        name: params['PKGINST'],
-        installed: true,
-        version: v[0] + '-' + v[1].split('=')[1],
-        type: 'pkg',
-      }
-    end
-    # solaris 11
-    def solaris11_info(package_name)
-      cmd = inspec.command("pkg info #{package_name}")
-      return {} if cmd.exit_status.to_i != 0
-      params = SimpleConfig.new(
-        cmd.stdout.chomp,
-        assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
-        multiple_values: false,
-      ).params
-      {
-        name: params['Name'],
-        installed: true,
-        # 0.5.11-0.175.3.1.0.5.0
-        version: "#{params['Version']}-#{params['Branch']}",
-        type: 'pkg',
-      }
-    end
-  end
-end
+# encoding: utf-8
+# Resource to determine package information
+#
+# Usage:
+# describe package('nginx') do
+#   it { should be_installed }
+# end
+module Inspec::Resources
+  class Package < Inspec.resource(1)
+    name 'package'
+    supports platform: 'unix'
+    supports platform: 'windows'
+    desc 'Use the package InSpec audit resource to test if the named package and/or package version is installed on the system.'
+    example "
+      describe package('nginx') do
+        it { should be_installed }
+        it { should_not be_held } # for dpkg platforms that support holding a version from being upgraded
+        its('version') { should eq 1.9.5 }
+      end
+    "
+    def initialize(package_name, opts = {}) # rubocop:disable Metrics/AbcSize
+      @package_name = package_name
+      @name = @package_name
+      @cache = nil
+      # select package manager
+      @pkgman = nil
+      os = inspec.os
+      if os.debian?
+        @pkgman = Deb.new(inspec)
+      elsif os.redhat? || %w{suse amazon fedora}.include?(os[:family])
+        @pkgman = Rpm.new(inspec, opts)
+      elsif ['arch'].include?(os[:name])
+        @pkgman = Pacman.new(inspec)
+      elsif ['darwin'].include?(os[:family])
+        @pkgman = Brew.new(inspec)
+      elsif inspec.os.windows?
+        @pkgman = WindowsPkg.new(inspec)
+      elsif ['aix'].include?(os[:family])
+        @pkgman = BffPkg.new(inspec)
+      elsif os.solaris?
+        @pkgman = SolarisPkg.new(inspec)
+      elsif ['hpux'].include?(os[:family])
+        @pkgman = HpuxPkg.new(inspec)
+      else
+        raise Inspec::Exceptions::ResourceSkipped, 'The `package` resource is not supported on your OS yet.'
+      end
+      evaluate_missing_requirements
+    end
+    # returns true if the package is installed
+    def installed?(_provider = nil, _version = nil)
+      info[:installed] == true
+    end
+    # returns true it the package is held (if the OS supports it)
+    def held?(_provider = nil, _version = nil)
+      info[:held] == true
+    end
+    # returns the package description
+    def info
+      return @cache if !@cache.nil?
+      # All `@pkgman.info` methods return `{}`. This matches that
+      # behavior if `@pkgman` can't be determined, thus avoiding the
+      # `undefined method 'info' for nil:NilClass` error
+      return {} if @pkgman.nil?
+      @pkgman.info(@package_name)
+    end
+    # return the package version
+    def version
+      info = @pkgman.info(@package_name)
+      info[:version]
+    end
+    def to_s
+      "System Package #{@package_name}"
+    end
+    private
+    def evaluate_missing_requirements
+      missing_requirements_string = @pkgman.missing_requirements.uniq.join(', ')
+      return if missing_requirements_string.empty?
+      raise Inspec::Exceptions::ResourceSkipped, "The following requirements are not met for this resource: #{missing_requirements_string}"
+    end
+  end
+  class PkgManagement
+    attr_reader :inspec
+    def initialize(inspec)
+      @inspec = inspec
+    end
+    def missing_requirements
+      # Each provider can provide an Array of missing requirements that will be
+      # combined into a `ResourceSkipped` exception message.
+      []
+    end
+  end
+  # Debian / Ubuntu
+  class Deb < PkgManagement
+    def info(package_name)
+      cmd = inspec.command("dpkg -s #{package_name}")
+      return {} if cmd.exit_status.to_i != 0
+      params = SimpleConfig.new(
+        cmd.stdout.chomp,
+        assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+        multiple_values: false,
+      ).params
+      # If the package is installed, Status is "install ok installed"
+      # If the package is installed and marked hold, Status is "hold ok installed"
+      # If the package is removed and not purged, Status is "deinstall ok config-files" with exit_status 0
+      # If the package is purged cmd fails with non-zero exit status
+      {
+        name: params['Package'],
+        installed: params['Status'].split(' ')[2] == 'installed',
+        held: params['Status'].split(' ')[0] == 'hold',
+        version: params['Version'],
+        type: 'deb',
+      }
+    end
+  end
+  # RHEL family
+  class Rpm < PkgManagement
+    def initialize(inspec, opts)
+      super(inspec)
+      @dbpath = opts.fetch(:rpm_dbpath, nil)
+    end
+    def missing_requirements
+      missing_requirements = []
+      unless @dbpath.nil? || inspec.directory(@dbpath).directory?
+        missing_requirements << "RPMDB #{@dbpath} does not exist"
+      end
+      missing_requirements
+    end
+    def info(package_name)
+      rpm_cmd = rpm_command(package_name)
+      cmd = inspec.command(rpm_cmd)
+      # CentOS does not return an error code if the package is not installed,
+      # therefore we need to check for emptyness
+      return {} if cmd.exit_status.to_i != 0 || cmd.stdout.chomp.empty?
+      params = SimpleConfig.new(
+        cmd.stdout.chomp,
+        assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+        multiple_values: false,
+      ).params
+      # On some (all?) systems, the linebreak before the vendor line is missing
+      if params['Version'] =~ /\s*Vendor:/
+        v = params['Version'].split(' ')[0]
+      else
+        v = params['Version']
+      end
+      # On some (all?) systems, the linebreak before the build line is missing
+      if params['Release'] =~ /\s*Build Date:/
+        r = params['Release'].split(' ')[0]
+      else
+        r = params['Release']
+      end
+      {
+        name: params['Name'],
+        installed: true,
+        version: "#{v}-#{r}",
+        type: 'rpm',
+      }
+    end
+    private
+    def rpm_command(package_name)
+      cmd = ''
+      cmd += 'rpm -qia'
+      cmd += " --dbpath #{@dbpath}" if @dbpath
+      cmd += ' ' + package_name
+      cmd
+    end
+  end
+  # MacOS / Darwin implementation
+  class Brew < PkgManagement
+    def info(package_name)
+      brew_path = inspec.command('brew').exist? ? 'brew' : '/usr/local/bin/brew'
+      cmd = inspec.command("#{brew_path} info --json=v1 #{package_name}")
+      return {} if cmd.exit_status.to_i != 0
+      # parse data
+      pkg = JSON.parse(cmd.stdout)[0]
+      {
+        name: pkg['name'],
+        installed: true,
+        version: pkg['installed'][0]['version'],
+        type: 'brew',
+      }
+    rescue JSON::ParserError => e
+      raise Inspec::Exceptions::ResourceFailed,
+            'Failed to parse JSON from `brew` command. ' \
+            "Error: #{e}"
+    end
+  end
+  # Arch Linux
+  class Pacman < PkgManagement
+    def info(package_name)
+      cmd = inspec.command("pacman -Qi #{package_name}")
+      return {} if cmd.exit_status.to_i != 0
+      params = SimpleConfig.new(
+        cmd.stdout.chomp,
+        assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+        multiple_values: false,
+      ).params
+      {
+        name: params['Name'],
+        installed: true,
+        version: params['Version'],
+        type: 'pacman',
+      }
+    end
+  end
+  class HpuxPkg < PkgManagement
+    def info(package_name)
+      cmd = inspec.command("swlist -l product | grep #{package_name}")
+      return {} if cmd.exit_status.to_i != 0
+      pkg = cmd.stdout.strip.split(' ')
+      {
+        name: pkg[0],
+        installed: true,
+        version: pkg[1],
+        type: 'pkg',
+      }
+    end
+  end
+  # Determines the installed packages on Windows using the Windows package registry entries.
+  # @see: http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/15/use-powershell-to-find-installed-software.aspx
+  class WindowsPkg < PkgManagement
+    def info(package_name)
+      search_paths = [
+        'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*',
+        'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*',
+      ]
+      # add 64 bit search paths
+      if inspec.os.arch == 'x86_64'
+        search_paths << 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*'
+        search_paths << 'HKCU:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*'
+      end
+      # Find the package
+      cmd = inspec.command <<-EOF.gsub(/^\s*/, '')
+        Get-ItemProperty (@("#{search_paths.join('", "')}") | Where-Object { Test-Path $_ }) |
+        Where-Object { $_.DisplayName -like "#{package_name}" -or $_.PSChildName -like "#{package_name}" } |
+        Select-Object -Property DisplayName,DisplayVersion | ConvertTo-Json
+      EOF
+      # We cannot rely on `exit_status` since PowerShell always exits 0 from the
+      # above command. Instead, if no package is found the output of the command
+      # will be `''` so we can use that to return `{}` to match the behavior of
+      # other package managers.
+      return {} if cmd.stdout == ''
+      begin
+        package = JSON.parse(cmd.stdout)
+      rescue JSON::ParserError => e
+        raise Inspec::Exceptions::ResourceFailed,
+              'Failed to parse JSON from PowerShell. ' \
+              "Error: #{e}"
+      end
+      # What if we match multiple packages?  just pick the first one for now.
+      package = package[0] if package.is_a?(Array)
+      {
+        name: package['DisplayName'],
+        installed: true,
+        version: package['DisplayVersion'],
+        type: 'windows',
+      }
+    end
+  end
+  # AIX
+  class BffPkg < PkgManagement
+    def info(package_name)
+      cmd = inspec.command("lslpp -cL #{package_name}")
+      return {} if cmd.exit_status.to_i != 0
+      bff_pkg = cmd.stdout.split("\n").last.split(':')
+      {
+        name:      bff_pkg[1],
+        installed: true,
+        version:   bff_pkg[2],
+        type:      'bff',
+      }
+    end
+  end
+  # Solaris
+  class SolarisPkg < PkgManagement
+    def info(package_name)
+      if inspec.os[:release].to_i <= 10
+        solaris10_info(package_name)
+      else
+        solaris11_info(package_name)
+      end
+    end
+    # solaris 10
+    def solaris10_info(package_name)
+      cmd = inspec.command("pkginfo -l #{package_name}")
+      return {} if cmd.exit_status.to_i != 0
+      params = SimpleConfig.new(
+        cmd.stdout.chomp,
+        assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+        multiple_values: false,
+      ).params
+      # parse 11.10.0,REV=2006.05.18.01.46
+      v = params['VERSION'].split(',')
+      {
+        name: params['PKGINST'],
+        installed: true,
+        version: v[0] + '-' + v[1].split('=')[1],
+        type: 'pkg',
+      }
+    end
+    # solaris 11
+    def solaris11_info(package_name)
+      cmd = inspec.command("pkg info #{package_name}")
+      return {} if cmd.exit_status.to_i != 0
+      params = SimpleConfig.new(
+        cmd.stdout.chomp,
+        assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+        multiple_values: false,
+      ).params
+      {
+        name: params['Name'],
+        installed: true,
+        # 0.5.11-0.175.3.1.0.5.0
+        version: "#{params['Version']}-#{params['Branch']}",
+        type: 'pkg',
+      }
+    end
+  end
+end