inspec 2.0.16 → 2.0.17

data/lib/resources/windows_feature.rb

@@ -1,84 +1,84 @@
-# encoding: utf-8
-
-# check for a Windows feature
-# Usage:
-# describe windows_feature('DHCP Server') do
-#   it{ should be_installed }
-# end
-#
-# deprecated serverspec syntax:
-# describe windows_feature('IIS-Webserver') do
-#   it{ should be_installed.by("dism") }
-# end
-#
-# describe windows_feature('Web-Webserver') do
-#   it{ should be_installed.by("powershell") }
-# end
-#
-# This implementation uses the Get-WindowsFeature commandlet:
-# Get-WindowsFeature | Where-Object {$_.Name -eq 'XPS Viewer' -or $_.DisplayName -eq 'XPS Viewe
-# r'} | Select-Object -Property Name,DisplayName,Description,Installed,InstallState | ConvertTo-Json
-# {
-#     "Name":  "XPS-Viewer",
-#     "DisplayName":  "XPS Viewer",
-#     "Description":  "The XPS Viewer is used to read, set permissions for, and digitally sign XPS documents.",
-#     "Installed":  false,
-#     "InstallState":  0
-# }
-module Inspec::Resources
-  class WindowsFeature < Inspec.resource(1)
-    name 'windows_feature'
-    supports platform: 'windows'
-    desc 'Use the windows_feature InSpec audit resource to test features on Microsoft Windows.'
-    example "
-      describe windows_feature('dhcp') do
-        it { should be_installed }
-      end
-    "
-
-    def initialize(feature)
-      @feature = feature
-      @cache = nil
-
-      # verify that this resource is only supported on Windows
-      return skip_resource 'The `windows_feature` resource is not supported on your OS.' if !inspec.os.windows?
-    end
-
-    # returns true if the package is installed
-    def installed?(_provider = nil, _version = nil)
-      info[:installed] == true
-    end
-
-    # returns the package description
-    def info
-      return @cache if !@cache.nil?
-      features_cmd = "Get-WindowsFeature | Where-Object {$_.Name -eq '#{@feature}' -or $_.DisplayName -eq '#{@feature}'} | Select-Object -Property Name,DisplayName,Description,Installed,InstallState | ConvertTo-Json"
-      cmd = inspec.command(features_cmd)
-
-      @cache = {
-        name: @feature,
-        type: 'windows-feature',
-      }
-
-      # cannot rely on exit code for now, successful command returns exit code 1
-      # return nil if cmd.exit_status != 0
-      # try to parse json
-      begin
-        params = JSON.parse(cmd.stdout)
-      rescue JSON::ParserError => _e
-        return @cache
-      end
-
-      @cache = {
-        name: params['Name'],
-        description: params['Description'],
-        installed: params['Installed'],
-        type: 'windows-feature',
-      }
-    end
-
-    def to_s
-      "Windows Feature '#{@feature}'"
-    end
-  end
-end
+# encoding: utf-8
+
+# check for a Windows feature
+# Usage:
+# describe windows_feature('DHCP Server') do
+#   it{ should be_installed }
+# end
+#
+# deprecated serverspec syntax:
+# describe windows_feature('IIS-Webserver') do
+#   it{ should be_installed.by("dism") }
+# end
+#
+# describe windows_feature('Web-Webserver') do
+#   it{ should be_installed.by("powershell") }
+# end
+#
+# This implementation uses the Get-WindowsFeature commandlet:
+# Get-WindowsFeature | Where-Object {$_.Name -eq 'XPS Viewer' -or $_.DisplayName -eq 'XPS Viewe
+# r'} | Select-Object -Property Name,DisplayName,Description,Installed,InstallState | ConvertTo-Json
+# {
+#     "Name":  "XPS-Viewer",
+#     "DisplayName":  "XPS Viewer",
+#     "Description":  "The XPS Viewer is used to read, set permissions for, and digitally sign XPS documents.",
+#     "Installed":  false,
+#     "InstallState":  0
+# }
+module Inspec::Resources
+  class WindowsFeature < Inspec.resource(1)
+    name 'windows_feature'
+    supports platform: 'windows'
+    desc 'Use the windows_feature InSpec audit resource to test features on Microsoft Windows.'
+    example "
+      describe windows_feature('dhcp') do
+        it { should be_installed }
+      end
+    "
+
+    def initialize(feature)
+      @feature = feature
+      @cache = nil
+
+      # verify that this resource is only supported on Windows
+      return skip_resource 'The `windows_feature` resource is not supported on your OS.' if !inspec.os.windows?
+    end
+
+    # returns true if the package is installed
+    def installed?(_provider = nil, _version = nil)
+      info[:installed] == true
+    end
+
+    # returns the package description
+    def info
+      return @cache if !@cache.nil?
+      features_cmd = "Get-WindowsFeature | Where-Object {$_.Name -eq '#{@feature}' -or $_.DisplayName -eq '#{@feature}'} | Select-Object -Property Name,DisplayName,Description,Installed,InstallState | ConvertTo-Json"
+      cmd = inspec.command(features_cmd)
+
+      @cache = {
+        name: @feature,
+        type: 'windows-feature',
+      }
+
+      # cannot rely on exit code for now, successful command returns exit code 1
+      # return nil if cmd.exit_status != 0
+      # try to parse json
+      begin
+        params = JSON.parse(cmd.stdout)
+      rescue JSON::ParserError => _e
+        return @cache
+      end
+
+      @cache = {
+        name: params['Name'],
+        description: params['Description'],
+        installed: params['Installed'],
+        type: 'windows-feature',
+      }
+    end
+
+    def to_s
+      "Windows Feature '#{@feature}'"
+    end
+  end
+end

data/lib/resources/windows_hotfix.rb

@@ -1,35 +1,35 @@
-# encoding: utf-8
-
-module Inspec::Resources
-  class WindowsHotfix < Inspec.resource(1)
-    name 'windows_hotfix'
-    supports platform: 'windows'
-    desc 'Use the windows_hotfix InSpec audit resource to test if the hotfix has been installed on the Windows system.'
-    example "
-      describe windows_hotfix('KB4012212') do
-        it { should be_installed }
-      end
-    "
-
-    attr_accessor :content
-
-    def initialize(hotfix_id = nil)
-      @id = hotfix_id.upcase
-      @content = nil
-      os = inspec.os
-      return skip_resource 'The `windows_hotfix` resource is not a feature of your OS.' unless os.windows?
-      query = "get-hotfix -id #{@id}"
-      cmd = inspec.powershell(query)
-      @content = cmd.stdout
-    end
-
-    def to_s
-      "Windows Hotfix #{@id}"
-    end
-
-    def installed?
-      return false if @content.nil?
-      @content.include?(@id)
-    end
-  end
-end
+# encoding: utf-8
+
+module Inspec::Resources
+  class WindowsHotfix < Inspec.resource(1)
+    name 'windows_hotfix'
+    supports platform: 'windows'
+    desc 'Use the windows_hotfix InSpec audit resource to test if the hotfix has been installed on the Windows system.'
+    example "
+      describe windows_hotfix('KB4012212') do
+        it { should be_installed }
+      end
+    "
+
+    attr_accessor :content
+
+    def initialize(hotfix_id = nil)
+      @id = hotfix_id.upcase
+      @content = nil
+      os = inspec.os
+      return skip_resource 'The `windows_hotfix` resource is not a feature of your OS.' unless os.windows?
+      query = "get-hotfix -id #{@id}"
+      cmd = inspec.powershell(query)
+      @content = cmd.stdout
+    end
+
+    def to_s
+      "Windows Hotfix #{@id}"
+    end
+
+    def installed?
+      return false if @content.nil?
+      @content.include?(@id)
+    end
+  end
+end

data/lib/resources/windows_task.rb

@@ -1,105 +1,105 @@
-# encoding: utf-8
-module Inspec::Resources
-  class WindowsTasks < Inspec.resource(1)
-    name 'windows_task'
-    supports platform: 'windows'
-    desc 'Use the windows_task InSpec audit resource to test task schedules on Microsoft Windows.'
-    example "
-      describe windows_task('\\Microsoft\\Windows\\Time Synchronization\\SynchronizeTime') do
-        it { should be_enabled }
-      end
-
-      describe windows_task('\\Microsoft\\Windows\\AppID\\PolicyConverter') do
-        it { should be_disabled }
-      end
-
-      describe windows_task('\\Microsoft\\Windows\\Defrag\\ScheduledDefrag') do
-        it { should exist }
-      end
-
-      describe windows_task('\\Microsoft\\Windows\\AppID\\PolicyConverter') do
-        its('logon_mode') { should eq 'Interactive/Background' }
-        its('last_result') { should eq '1' }
-        its('task_to_run') { should cmp '%Windir%\\system32\\appidpolicyconverter.exe' }
-        its('run_as_user') { should eq 'LOCAL SERVICE' }
-      end
-    "
-
-    def initialize(taskuri)
-      @taskuri = taskuri
-      @cache = nil
-
-      # verify that this resource is only supported on Windows
-      return skip_resource 'The `windows_task` resource is not supported on your OS.' unless inspec.os.windows?
-    end
-
-    def exists?
-      return true unless info.nil? || info[:uri].nil?
-      false
-    end
-
-    # rubocop:disable Style/WordArray
-    def enabled?
-      return false if info.nil? || info[:state].nil?
-      ['Ready', 'Running'].include?(info[:state])
-    end
-
-    def disabled?
-      return false if info.nil? || info[:state].nil?
-      info[:scheduled_task_state] == 'Disabled' || info[:state] == 'Disabled'
-    end
-
-    def logon_mode
-      info[:logon_mode]
-    end
-
-    def last_result
-      info[:last_result]
-    end
-
-    def task_to_run
-      info[:task_to_run].to_s.strip
-    end
-
-    def run_as_user
-      info[:run_as_user]
-    end
-
-    def type
-      info[:type] unless info.nil?
-    end
-
-    def info
-      return @cache unless @cache.nil?
-      # PowerShell v5 has Get-ScheduledTask cmdlet,
-      # _using something with backward support to v3_
-      # script = "Get-ScheduledTask | ? { $_.URI -eq '#{@taskuri}' } | Select-Object URI,@{N='State';E={$_.State.ToString()}} | ConvertTo-Json"
-
-      # Using schtasks as suggested by @modille but aligning property names to match cmdlet to future proof.
-      script = "schtasks /query /v /fo csv /tn '#{@taskuri}' | ConvertFrom-Csv | Select @{N='URI';E={$_.TaskName}},@{N='State';E={$_.Status.ToString()}},'Logon Mode','Last Result','Task To Run','Run As User','Scheduled Task State' | ConvertTo-Json -Compress"
-
-      cmd = inspec.powershell(script)
-
-      begin
-        params = JSON.parse(cmd.stdout)
-      rescue JSON::ParserError => _e
-        return nil
-      end
-
-      @cache = {
-        uri: params['URI'],
-        state: params['State'],
-        logon_mode: params['Logon Mode'],
-        last_result: params['Last Result'],
-        task_to_run: params['Task To Run'],
-        run_as_user: params['Run As User'],
-        scheduled_task_state: params['Scheduled Task State'],
-        type: 'windows-task',
-      }
-    end
-
-    def to_s
-      "Windows Task '#{@taskuri}'"
-    end
-  end
-end
+# encoding: utf-8
+module Inspec::Resources
+  class WindowsTasks < Inspec.resource(1)
+    name 'windows_task'
+    supports platform: 'windows'
+    desc 'Use the windows_task InSpec audit resource to test task schedules on Microsoft Windows.'
+    example "
+      describe windows_task('\\Microsoft\\Windows\\Time Synchronization\\SynchronizeTime') do
+        it { should be_enabled }
+      end
+
+      describe windows_task('\\Microsoft\\Windows\\AppID\\PolicyConverter') do
+        it { should be_disabled }
+      end
+
+      describe windows_task('\\Microsoft\\Windows\\Defrag\\ScheduledDefrag') do
+        it { should exist }
+      end
+
+      describe windows_task('\\Microsoft\\Windows\\AppID\\PolicyConverter') do
+        its('logon_mode') { should eq 'Interactive/Background' }
+        its('last_result') { should eq '1' }
+        its('task_to_run') { should cmp '%Windir%\\system32\\appidpolicyconverter.exe' }
+        its('run_as_user') { should eq 'LOCAL SERVICE' }
+      end
+    "
+
+    def initialize(taskuri)
+      @taskuri = taskuri
+      @cache = nil
+
+      # verify that this resource is only supported on Windows
+      return skip_resource 'The `windows_task` resource is not supported on your OS.' unless inspec.os.windows?
+    end
+
+    def exists?
+      return true unless info.nil? || info[:uri].nil?
+      false
+    end
+
+    # rubocop:disable Style/WordArray
+    def enabled?
+      return false if info.nil? || info[:state].nil?
+      ['Ready', 'Running'].include?(info[:state])
+    end
+
+    def disabled?
+      return false if info.nil? || info[:state].nil?
+      info[:scheduled_task_state] == 'Disabled' || info[:state] == 'Disabled'
+    end
+
+    def logon_mode
+      info[:logon_mode]
+    end
+
+    def last_result
+      info[:last_result]
+    end
+
+    def task_to_run
+      info[:task_to_run].to_s.strip
+    end
+
+    def run_as_user
+      info[:run_as_user]
+    end
+
+    def type
+      info[:type] unless info.nil?
+    end
+
+    def info
+      return @cache unless @cache.nil?
+      # PowerShell v5 has Get-ScheduledTask cmdlet,
+      # _using something with backward support to v3_
+      # script = "Get-ScheduledTask | ? { $_.URI -eq '#{@taskuri}' } | Select-Object URI,@{N='State';E={$_.State.ToString()}} | ConvertTo-Json"
+
+      # Using schtasks as suggested by @modille but aligning property names to match cmdlet to future proof.
+      script = "schtasks /query /v /fo csv /tn '#{@taskuri}' | ConvertFrom-Csv | Select @{N='URI';E={$_.TaskName}},@{N='State';E={$_.Status.ToString()}},'Logon Mode','Last Result','Task To Run','Run As User','Scheduled Task State' | ConvertTo-Json -Compress"
+
+      cmd = inspec.powershell(script)
+
+      begin
+        params = JSON.parse(cmd.stdout)
+      rescue JSON::ParserError => _e
+        return nil
+      end
+
+      @cache = {
+        uri: params['URI'],
+        state: params['State'],
+        logon_mode: params['Logon Mode'],
+        last_result: params['Last Result'],
+        task_to_run: params['Task To Run'],
+        run_as_user: params['Run As User'],
+        scheduled_task_state: params['Scheduled Task State'],
+        type: 'windows-task',
+      }
+    end
+
+    def to_s
+      "Windows Task '#{@taskuri}'"
+    end
+  end
+end

data/lib/resources/wmi.rb

@@ -1,113 +1,113 @@
-# encoding: utf-8
-
-require 'utils/object_traversal'
-
-module Inspec::Resources
-  # This resource simplifies the access to wmi
-  # on CLI you would use:
-  # WMIC /NAMESPACE:\\root\rsop\computer PATH RSOP_SecuritySettingNumeric WHERE "KeyName = 'MinimumPasswordAge' And precedence=1" GET Setting
-  # We use Get-WmiObject via Powershell to retrieve all values.
-  class WMI < Inspec.resource(1)
-    name 'wmi'
-    supports platform: 'windows'
-    desc 'request wmi information'
-    example "
-      describe wmi({
-        class: 'RSOP_SecuritySettingNumeric',
-        namespace: 'root\\rsop\\computer',
-        filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'
-      }) do
-         its('Setting') { should eq true }
-      end
-    "
-
-    include ObjectTraverser
-    attr_accessor :content
-
-    def initialize(wmiclass = nil, opts = nil)
-      # verify that this resource is only supported on Windows
-      return skip_resource 'The `wmi` resource is not supported on your OS.' unless inspec.os.windows?
-
-      @options = opts || {}
-      # if wmiclass is not a hash, we have to handle deprecation behavior
-      if wmiclass.is_a?(Hash)
-        @options.merge!(wmiclass)
-      else
-        warn '[DEPRECATION] `wmi(\'wmiclass\')` is deprecated.  Please use `wmi({class: \'wmiclass\'})` instead.'
-        @options[:class] = wmiclass
-      end
-    end
-
-    # returns nil, if not existant or value
-    def method_missing(*keys)
-      # catch behavior of rspec its implementation
-      # @see https://github.com/rspec/rspec-its/blob/master/lib/rspec/its.rb#L110
-      keys.shift if keys.is_a?(Array) && keys[0] == :[]
-
-      # map all symbols to strings
-      keys = keys.map { |x| x.to_s.downcase } if keys.is_a?(Array)
-
-      value(keys)
-    end
-
-    def value(key)
-      extract_value(key, params)
-    end
-
-    def params
-      return @content if defined?(@content)
-      @content = {}
-
-      # abort if no options are available
-      return @content unless defined?(@options)
-
-      # filter for supported options
-      args = @options.select { |key, _value| [:class, :namespace, :query, :filter].include?(key) }
-
-      # convert to Get-WmiObject arguments
-      params = ''
-      args.each { |key, value| params += " -#{key} \"#{value.gsub('"', '`"')}\"" }
-
-      # run wmi command and filter empty wmi
-      script = <<-EOH
-      Filter Aggregate
-      {
-          $arr = @{}
-          $_.properties | % {
-              $arr.Add($_.name, $_.value)
-          }
-          $arr
-      }
-      Get-WmiObject #{params} | Aggregate | ConvertTo-Json
-      EOH
-
-      # run wmi command
-      cmd = inspec.powershell(script)
-      @content = JSON.parse(cmd.stdout)
-
-      # make all keys case-insensitive
-      @content = lowercase_keys(@content)
-    rescue JSON::ParserError => _e
-      @content
-    end
-
-    def to_s
-      "WMI with #{@options}"
-    end
-
-    private
-
-    def lowercase_keys(content)
-      if content.is_a?(Hash)
-        content.keys.each do |key|
-          new_key = key.to_s.downcase
-          content[new_key] = content.delete(key)
-          lowercase_keys(content[new_key])
-        end
-      elsif content.respond_to?(:each)
-        content.each { |item| lowercase_keys(item) }
-      end
-      content
-    end
-  end
-end
+# encoding: utf-8
+
+require 'utils/object_traversal'
+
+module Inspec::Resources
+  # This resource simplifies the access to wmi
+  # on CLI you would use:
+  # WMIC /NAMESPACE:\\root\rsop\computer PATH RSOP_SecuritySettingNumeric WHERE "KeyName = 'MinimumPasswordAge' And precedence=1" GET Setting
+  # We use Get-WmiObject via Powershell to retrieve all values.
+  class WMI < Inspec.resource(1)
+    name 'wmi'
+    supports platform: 'windows'
+    desc 'request wmi information'
+    example "
+      describe wmi({
+        class: 'RSOP_SecuritySettingNumeric',
+        namespace: 'root\\rsop\\computer',
+        filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'
+      }) do
+         its('Setting') { should eq true }
+      end
+    "
+
+    include ObjectTraverser
+    attr_accessor :content
+
+    def initialize(wmiclass = nil, opts = nil)
+      # verify that this resource is only supported on Windows
+      return skip_resource 'The `wmi` resource is not supported on your OS.' unless inspec.os.windows?
+
+      @options = opts || {}
+      # if wmiclass is not a hash, we have to handle deprecation behavior
+      if wmiclass.is_a?(Hash)
+        @options.merge!(wmiclass)
+      else
+        warn '[DEPRECATION] `wmi(\'wmiclass\')` is deprecated.  Please use `wmi({class: \'wmiclass\'})` instead.'
+        @options[:class] = wmiclass
+      end
+    end
+
+    # returns nil, if not existant or value
+    def method_missing(*keys)
+      # catch behavior of rspec its implementation
+      # @see https://github.com/rspec/rspec-its/blob/master/lib/rspec/its.rb#L110
+      keys.shift if keys.is_a?(Array) && keys[0] == :[]
+
+      # map all symbols to strings
+      keys = keys.map { |x| x.to_s.downcase } if keys.is_a?(Array)
+
+      value(keys)
+    end
+
+    def value(key)
+      extract_value(key, params)
+    end
+
+    def params
+      return @content if defined?(@content)
+      @content = {}
+
+      # abort if no options are available
+      return @content unless defined?(@options)
+
+      # filter for supported options
+      args = @options.select { |key, _value| [:class, :namespace, :query, :filter].include?(key) }
+
+      # convert to Get-WmiObject arguments
+      params = ''
+      args.each { |key, value| params += " -#{key} \"#{value.gsub('"', '`"')}\"" }
+
+      # run wmi command and filter empty wmi
+      script = <<-EOH
+      Filter Aggregate
+      {
+          $arr = @{}
+          $_.properties | % {
+              $arr.Add($_.name, $_.value)
+          }
+          $arr
+      }
+      Get-WmiObject #{params} | Aggregate | ConvertTo-Json
+      EOH
+
+      # run wmi command
+      cmd = inspec.powershell(script)
+      @content = JSON.parse(cmd.stdout)
+
+      # make all keys case-insensitive
+      @content = lowercase_keys(@content)
+    rescue JSON::ParserError => _e
+      @content
+    end
+
+    def to_s
+      "WMI with #{@options}"
+    end
+
+    private
+
+    def lowercase_keys(content)
+      if content.is_a?(Hash)
+        content.keys.each do |key|
+          new_key = key.to_s.downcase
+          content[new_key] = content.delete(key)
+          lowercase_keys(content[new_key])
+        end
+      elsif content.respond_to?(:each)
+        content.each { |item| lowercase_keys(item) }
+      end
+      content
+    end
+  end
+end