inspec 2.0.32 → 2.0.45

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (482) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +101 -101
  3. data/CHANGELOG.md +2991 -2970
  4. data/Gemfile +55 -55
  5. data/LICENSE +14 -14
  6. data/MAINTAINERS.md +33 -33
  7. data/MAINTAINERS.toml +52 -52
  8. data/README.md +446 -437
  9. data/Rakefile +322 -322
  10. data/bin/inspec +12 -12
  11. data/docs/.gitignore +2 -2
  12. data/docs/README.md +40 -40
  13. data/docs/dsl_inspec.md +258 -258
  14. data/docs/dsl_resource.md +93 -93
  15. data/docs/glossary.md +99 -99
  16. data/docs/habitat.md +191 -191
  17. data/docs/inspec_and_friends.md +107 -107
  18. data/docs/matchers.md +169 -168
  19. data/docs/migration.md +293 -293
  20. data/docs/platforms.md +118 -118
  21. data/docs/plugin_kitchen_inspec.md +49 -49
  22. data/docs/profiles.md +370 -370
  23. data/docs/reporters.md +105 -105
  24. data/docs/resources/aide_conf.md.erb +75 -75
  25. data/docs/resources/apache.md.erb +67 -67
  26. data/docs/resources/apache_conf.md.erb +68 -68
  27. data/docs/resources/apt.md.erb +71 -71
  28. data/docs/resources/audit_policy.md.erb +47 -47
  29. data/docs/resources/auditd.md.erb +79 -79
  30. data/docs/resources/auditd_conf.md.erb +68 -68
  31. data/docs/resources/aws_cloudtrail_trail.md.erb +140 -140
  32. data/docs/resources/aws_cloudtrail_trails.md.erb +81 -81
  33. data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -86
  34. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -151
  35. data/docs/resources/aws_config_recorder.md.erb +71 -71
  36. data/docs/resources/aws_ec2_instance.md.erb +106 -106
  37. data/docs/resources/aws_iam_access_key.md.erb +123 -123
  38. data/docs/resources/aws_iam_access_keys.md.erb +198 -198
  39. data/docs/resources/aws_iam_group.md.erb +46 -46
  40. data/docs/resources/aws_iam_groups.md.erb +43 -43
  41. data/docs/resources/aws_iam_password_policy.md.erb +76 -76
  42. data/docs/resources/aws_iam_policies.md.erb +82 -82
  43. data/docs/resources/aws_iam_policy.md.erb +144 -144
  44. data/docs/resources/aws_iam_role.md.erb +63 -63
  45. data/docs/resources/aws_iam_root_user.md.erb +58 -58
  46. data/docs/resources/aws_iam_user.md.erb +64 -64
  47. data/docs/resources/aws_iam_users.md.erb +89 -89
  48. data/docs/resources/aws_kms_keys.md.erb +84 -84
  49. data/docs/resources/aws_route_table.md.erb +47 -47
  50. data/docs/resources/aws_s3_bucket.md.erb +134 -134
  51. data/docs/resources/aws_security_group.md.erb +151 -151
  52. data/docs/resources/aws_security_groups.md.erb +91 -91
  53. data/docs/resources/aws_sns_topic.md.erb +63 -63
  54. data/docs/resources/aws_subnet.md.erb +133 -133
  55. data/docs/resources/aws_subnets.md.erb +126 -126
  56. data/docs/resources/aws_vpc.md.erb +120 -120
  57. data/docs/resources/aws_vpcs.md.erb +48 -48
  58. data/docs/resources/azure_generic_resource.md.erb +170 -170
  59. data/docs/resources/azure_resource_group.md.erb +284 -284
  60. data/docs/resources/azure_virtual_machine.md.erb +347 -347
  61. data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
  62. data/docs/resources/bash.md.erb +75 -75
  63. data/docs/resources/bond.md.erb +90 -90
  64. data/docs/resources/bridge.md.erb +57 -57
  65. data/docs/resources/bsd_service.md.erb +67 -67
  66. data/docs/resources/command.md.erb +138 -138
  67. data/docs/resources/cpan.md.erb +79 -79
  68. data/docs/resources/cran.md.erb +64 -64
  69. data/docs/resources/crontab.md.erb +89 -89
  70. data/docs/resources/csv.md.erb +54 -54
  71. data/docs/resources/dh_params.md.erb +205 -205
  72. data/docs/resources/directory.md.erb +30 -30
  73. data/docs/resources/docker.md.erb +219 -219
  74. data/docs/resources/docker_container.md.erb +104 -104
  75. data/docs/resources/docker_image.md.erb +94 -94
  76. data/docs/resources/docker_service.md.erb +114 -114
  77. data/docs/resources/elasticsearch.md.erb +242 -242
  78. data/docs/resources/etc_fstab.md.erb +125 -125
  79. data/docs/resources/etc_group.md.erb +75 -75
  80. data/docs/resources/etc_hosts.md.erb +78 -78
  81. data/docs/resources/etc_hosts_allow.md.erb +74 -74
  82. data/docs/resources/etc_hosts_deny.md.erb +74 -74
  83. data/docs/resources/file.md.erb +526 -515
  84. data/docs/resources/filesystem.md.erb +41 -41
  85. data/docs/resources/firewalld.md.erb +107 -107
  86. data/docs/resources/gem.md.erb +79 -79
  87. data/docs/resources/group.md.erb +61 -61
  88. data/docs/resources/grub_conf.md.erb +101 -101
  89. data/docs/resources/host.md.erb +86 -86
  90. data/docs/resources/http.md.erb +196 -196
  91. data/docs/resources/iis_app.md.erb +122 -122
  92. data/docs/resources/iis_site.md.erb +135 -135
  93. data/docs/resources/inetd_conf.md.erb +94 -94
  94. data/docs/resources/ini.md.erb +76 -76
  95. data/docs/resources/interface.md.erb +58 -58
  96. data/docs/resources/iptables.md.erb +64 -64
  97. data/docs/resources/json.md.erb +63 -63
  98. data/docs/resources/kernel_module.md.erb +120 -120
  99. data/docs/resources/kernel_parameter.md.erb +53 -53
  100. data/docs/resources/key_rsa.md.erb +85 -85
  101. data/docs/resources/launchd_service.md.erb +57 -57
  102. data/docs/resources/limits_conf.md.erb +75 -75
  103. data/docs/resources/login_def.md.erb +71 -71
  104. data/docs/resources/mount.md.erb +69 -69
  105. data/docs/resources/mssql_session.md.erb +60 -60
  106. data/docs/resources/mysql_conf.md.erb +99 -99
  107. data/docs/resources/mysql_session.md.erb +74 -74
  108. data/docs/resources/nginx.md.erb +79 -79
  109. data/docs/resources/nginx_conf.md.erb +128 -128
  110. data/docs/resources/npm.md.erb +60 -60
  111. data/docs/resources/ntp_conf.md.erb +60 -60
  112. data/docs/resources/oneget.md.erb +53 -53
  113. data/docs/resources/oracledb_session.md.erb +52 -52
  114. data/docs/resources/os.md.erb +141 -141
  115. data/docs/resources/os_env.md.erb +78 -78
  116. data/docs/resources/package.md.erb +120 -120
  117. data/docs/resources/packages.md.erb +67 -67
  118. data/docs/resources/parse_config.md.erb +103 -103
  119. data/docs/resources/parse_config_file.md.erb +138 -138
  120. data/docs/resources/passwd.md.erb +141 -141
  121. data/docs/resources/pip.md.erb +67 -67
  122. data/docs/resources/port.md.erb +137 -137
  123. data/docs/resources/postgres_conf.md.erb +79 -79
  124. data/docs/resources/postgres_hba_conf.md.erb +93 -93
  125. data/docs/resources/postgres_ident_conf.md.erb +76 -76
  126. data/docs/resources/postgres_session.md.erb +69 -69
  127. data/docs/resources/powershell.md.erb +102 -102
  128. data/docs/resources/processes.md.erb +109 -109
  129. data/docs/resources/rabbitmq_config.md.erb +41 -41
  130. data/docs/resources/registry_key.md.erb +158 -158
  131. data/docs/resources/runit_service.md.erb +57 -57
  132. data/docs/resources/security_policy.md.erb +47 -47
  133. data/docs/resources/service.md.erb +121 -121
  134. data/docs/resources/shadow.md.erb +146 -144
  135. data/docs/resources/ssh_config.md.erb +80 -80
  136. data/docs/resources/sshd_config.md.erb +83 -83
  137. data/docs/resources/ssl.md.erb +119 -119
  138. data/docs/resources/sys_info.md.erb +42 -42
  139. data/docs/resources/systemd_service.md.erb +57 -57
  140. data/docs/resources/sysv_service.md.erb +57 -57
  141. data/docs/resources/upstart_service.md.erb +57 -57
  142. data/docs/resources/user.md.erb +140 -140
  143. data/docs/resources/users.md.erb +127 -127
  144. data/docs/resources/vbscript.md.erb +55 -55
  145. data/docs/resources/virtualization.md.erb +57 -57
  146. data/docs/resources/windows_feature.md.erb +47 -47
  147. data/docs/resources/windows_hotfix.md.erb +53 -53
  148. data/docs/resources/windows_task.md.erb +95 -95
  149. data/docs/resources/wmi.md.erb +81 -81
  150. data/docs/resources/x509_certificate.md.erb +151 -151
  151. data/docs/resources/xinetd_conf.md.erb +156 -156
  152. data/docs/resources/xml.md.erb +85 -85
  153. data/docs/resources/yaml.md.erb +69 -69
  154. data/docs/resources/yum.md.erb +98 -98
  155. data/docs/resources/zfs_dataset.md.erb +53 -53
  156. data/docs/resources/zfs_pool.md.erb +47 -47
  157. data/docs/ruby_usage.md +203 -203
  158. data/docs/shared/matcher_be.md.erb +1 -1
  159. data/docs/shared/matcher_cmp.md.erb +43 -43
  160. data/docs/shared/matcher_eq.md.erb +3 -3
  161. data/docs/shared/matcher_include.md.erb +1 -1
  162. data/docs/shared/matcher_match.md.erb +1 -1
  163. data/docs/shell.md +215 -215
  164. data/examples/README.md +8 -8
  165. data/examples/inheritance/README.md +65 -65
  166. data/examples/inheritance/controls/example.rb +14 -14
  167. data/examples/inheritance/inspec.yml +15 -15
  168. data/examples/kitchen-ansible/.kitchen.yml +25 -25
  169. data/examples/kitchen-ansible/Gemfile +19 -19
  170. data/examples/kitchen-ansible/README.md +53 -53
  171. data/examples/kitchen-ansible/files/nginx.repo +6 -6
  172. data/examples/kitchen-ansible/tasks/main.yml +16 -16
  173. data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
  174. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
  175. data/examples/kitchen-chef/.kitchen.yml +20 -20
  176. data/examples/kitchen-chef/Berksfile +3 -3
  177. data/examples/kitchen-chef/Gemfile +19 -19
  178. data/examples/kitchen-chef/README.md +27 -27
  179. data/examples/kitchen-chef/metadata.rb +7 -7
  180. data/examples/kitchen-chef/recipes/default.rb +6 -6
  181. data/examples/kitchen-chef/recipes/nginx.rb +30 -30
  182. data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
  183. data/examples/kitchen-puppet/.kitchen.yml +22 -22
  184. data/examples/kitchen-puppet/Gemfile +20 -20
  185. data/examples/kitchen-puppet/Puppetfile +25 -25
  186. data/examples/kitchen-puppet/README.md +53 -53
  187. data/examples/kitchen-puppet/manifests/site.pp +33 -33
  188. data/examples/kitchen-puppet/metadata.json +11 -11
  189. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
  190. data/examples/meta-profile/README.md +37 -37
  191. data/examples/meta-profile/controls/example.rb +13 -13
  192. data/examples/meta-profile/inspec.yml +13 -13
  193. data/examples/profile-attribute.yml +2 -2
  194. data/examples/profile-attribute/README.md +14 -14
  195. data/examples/profile-attribute/controls/example.rb +11 -11
  196. data/examples/profile-attribute/inspec.yml +8 -8
  197. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
  198. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
  199. data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
  200. data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
  201. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
  202. data/examples/profile-aws/inspec.yml +11 -11
  203. data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
  204. data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
  205. data/examples/profile-azure/inspec.yml +11 -11
  206. data/examples/profile-sensitive/README.md +29 -29
  207. data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
  208. data/examples/profile-sensitive/controls/sensitive.rb +9 -9
  209. data/examples/profile-sensitive/inspec.yml +8 -8
  210. data/examples/profile/README.md +48 -48
  211. data/examples/profile/controls/example.rb +23 -23
  212. data/examples/profile/controls/gordon.rb +36 -36
  213. data/examples/profile/controls/meta.rb +34 -34
  214. data/examples/profile/inspec.yml +10 -10
  215. data/examples/profile/libraries/gordon_config.rb +53 -53
  216. data/inspec.gemspec +47 -47
  217. data/lib/bundles/README.md +3 -3
  218. data/lib/bundles/inspec-artifact.rb +7 -7
  219. data/lib/bundles/inspec-artifact/README.md +1 -1
  220. data/lib/bundles/inspec-artifact/cli.rb +277 -277
  221. data/lib/bundles/inspec-compliance.rb +16 -16
  222. data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
  223. data/lib/bundles/inspec-compliance/README.md +185 -185
  224. data/lib/bundles/inspec-compliance/api.rb +316 -316
  225. data/lib/bundles/inspec-compliance/api/login.rb +152 -152
  226. data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
  227. data/lib/bundles/inspec-compliance/cli.rb +254 -254
  228. data/lib/bundles/inspec-compliance/configuration.rb +103 -103
  229. data/lib/bundles/inspec-compliance/http.rb +86 -86
  230. data/lib/bundles/inspec-compliance/support.rb +36 -36
  231. data/lib/bundles/inspec-compliance/target.rb +98 -98
  232. data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
  233. data/lib/bundles/inspec-habitat.rb +12 -12
  234. data/lib/bundles/inspec-habitat/cli.rb +36 -36
  235. data/lib/bundles/inspec-habitat/log.rb +10 -10
  236. data/lib/bundles/inspec-habitat/profile.rb +390 -390
  237. data/lib/bundles/inspec-init.rb +8 -8
  238. data/lib/bundles/inspec-init/README.md +31 -31
  239. data/lib/bundles/inspec-init/cli.rb +97 -97
  240. data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
  241. data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
  242. data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
  243. data/lib/bundles/inspec-supermarket.rb +13 -13
  244. data/lib/bundles/inspec-supermarket/README.md +45 -45
  245. data/lib/bundles/inspec-supermarket/api.rb +84 -84
  246. data/lib/bundles/inspec-supermarket/cli.rb +73 -73
  247. data/lib/bundles/inspec-supermarket/target.rb +34 -34
  248. data/lib/fetchers/git.rb +163 -163
  249. data/lib/fetchers/local.rb +74 -74
  250. data/lib/fetchers/mock.rb +35 -35
  251. data/lib/fetchers/url.rb +204 -204
  252. data/lib/inspec.rb +24 -24
  253. data/lib/inspec/archive/tar.rb +29 -29
  254. data/lib/inspec/archive/zip.rb +19 -19
  255. data/lib/inspec/backend.rb +92 -92
  256. data/lib/inspec/base_cli.rb +355 -350
  257. data/lib/inspec/cached_fetcher.rb +66 -66
  258. data/lib/inspec/cli.rb +292 -292
  259. data/lib/inspec/completions/bash.sh.erb +45 -45
  260. data/lib/inspec/completions/fish.sh.erb +34 -34
  261. data/lib/inspec/completions/zsh.sh.erb +61 -61
  262. data/lib/inspec/control_eval_context.rb +179 -179
  263. data/lib/inspec/dependencies/cache.rb +72 -72
  264. data/lib/inspec/dependencies/dependency_set.rb +92 -92
  265. data/lib/inspec/dependencies/lockfile.rb +115 -115
  266. data/lib/inspec/dependencies/requirement.rb +123 -123
  267. data/lib/inspec/dependencies/resolver.rb +86 -86
  268. data/lib/inspec/describe.rb +27 -27
  269. data/lib/inspec/dsl.rb +66 -66
  270. data/lib/inspec/dsl_shared.rb +33 -33
  271. data/lib/inspec/env_printer.rb +157 -157
  272. data/lib/inspec/errors.rb +13 -13
  273. data/lib/inspec/exceptions.rb +12 -12
  274. data/lib/inspec/expect.rb +45 -45
  275. data/lib/inspec/fetcher.rb +45 -45
  276. data/lib/inspec/file_provider.rb +275 -275
  277. data/lib/inspec/formatters.rb +3 -3
  278. data/lib/inspec/formatters/base.rb +250 -250
  279. data/lib/inspec/formatters/json_rspec.rb +20 -20
  280. data/lib/inspec/formatters/show_progress.rb +12 -12
  281. data/lib/inspec/library_eval_context.rb +58 -58
  282. data/lib/inspec/log.rb +11 -11
  283. data/lib/inspec/metadata.rb +247 -247
  284. data/lib/inspec/method_source.rb +24 -24
  285. data/lib/inspec/objects.rb +14 -14
  286. data/lib/inspec/objects/attribute.rb +65 -65
  287. data/lib/inspec/objects/control.rb +61 -61
  288. data/lib/inspec/objects/describe.rb +92 -92
  289. data/lib/inspec/objects/each_loop.rb +36 -36
  290. data/lib/inspec/objects/list.rb +15 -15
  291. data/lib/inspec/objects/or_test.rb +40 -40
  292. data/lib/inspec/objects/ruby_helper.rb +15 -15
  293. data/lib/inspec/objects/tag.rb +27 -27
  294. data/lib/inspec/objects/test.rb +87 -87
  295. data/lib/inspec/objects/value.rb +27 -27
  296. data/lib/inspec/plugins.rb +60 -60
  297. data/lib/inspec/plugins/cli.rb +24 -24
  298. data/lib/inspec/plugins/fetcher.rb +86 -86
  299. data/lib/inspec/plugins/resource.rb +135 -135
  300. data/lib/inspec/plugins/secret.rb +15 -15
  301. data/lib/inspec/plugins/source_reader.rb +40 -40
  302. data/lib/inspec/polyfill.rb +12 -12
  303. data/lib/inspec/profile.rb +510 -510
  304. data/lib/inspec/profile_context.rb +207 -207
  305. data/lib/inspec/profile_vendor.rb +66 -66
  306. data/lib/inspec/reporters.rb +54 -50
  307. data/lib/inspec/reporters/base.rb +24 -24
  308. data/lib/inspec/reporters/cli.rb +356 -356
  309. data/lib/inspec/reporters/json.rb +116 -116
  310. data/lib/inspec/reporters/json_min.rb +48 -48
  311. data/lib/inspec/reporters/junit.rb +77 -77
  312. data/lib/inspec/require_loader.rb +33 -33
  313. data/lib/inspec/resource.rb +186 -186
  314. data/lib/inspec/rule.rb +266 -266
  315. data/lib/inspec/runner.rb +345 -345
  316. data/lib/inspec/runner_mock.rb +41 -41
  317. data/lib/inspec/runner_rspec.rb +175 -175
  318. data/lib/inspec/runtime_profile.rb +26 -26
  319. data/lib/inspec/schema.rb +213 -213
  320. data/lib/inspec/secrets.rb +19 -19
  321. data/lib/inspec/secrets/yaml.rb +30 -30
  322. data/lib/inspec/shell.rb +220 -220
  323. data/lib/inspec/shell_detector.rb +90 -90
  324. data/lib/inspec/source_reader.rb +29 -29
  325. data/lib/inspec/version.rb +8 -8
  326. data/lib/matchers/matchers.rb +339 -339
  327. data/lib/resource_support/aws.rb +41 -41
  328. data/lib/resource_support/aws/aws_backend_base.rb +12 -12
  329. data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
  330. data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
  331. data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
  332. data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
  333. data/lib/resources/aide_conf.rb +159 -160
  334. data/lib/resources/apache.rb +48 -48
  335. data/lib/resources/apache_conf.rb +156 -156
  336. data/lib/resources/apt.rb +149 -149
  337. data/lib/resources/audit_policy.rb +63 -63
  338. data/lib/resources/auditd.rb +231 -231
  339. data/lib/resources/auditd_conf.rb +55 -55
  340. data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -77
  341. data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
  342. data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
  343. data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
  344. data/lib/resources/aws/aws_config_recorder.rb +98 -98
  345. data/lib/resources/aws/aws_ec2_instance.rb +157 -157
  346. data/lib/resources/aws/aws_iam_access_key.rb +106 -106
  347. data/lib/resources/aws/aws_iam_access_keys.rb +149 -144
  348. data/lib/resources/aws/aws_iam_group.rb +56 -56
  349. data/lib/resources/aws/aws_iam_groups.rb +52 -45
  350. data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
  351. data/lib/resources/aws/aws_iam_policies.rb +53 -46
  352. data/lib/resources/aws/aws_iam_policy.rb +125 -119
  353. data/lib/resources/aws/aws_iam_role.rb +51 -51
  354. data/lib/resources/aws/aws_iam_root_user.rb +60 -60
  355. data/lib/resources/aws/aws_iam_user.rb +111 -111
  356. data/lib/resources/aws/aws_iam_users.rb +108 -96
  357. data/lib/resources/aws/aws_kms_keys.rb +53 -46
  358. data/lib/resources/aws/aws_route_table.rb +61 -61
  359. data/lib/resources/aws/aws_s3_bucket.rb +115 -115
  360. data/lib/resources/aws/aws_security_group.rb +93 -93
  361. data/lib/resources/aws/aws_security_groups.rb +68 -68
  362. data/lib/resources/aws/aws_sns_topic.rb +53 -53
  363. data/lib/resources/aws/aws_subnet.rb +88 -88
  364. data/lib/resources/aws/aws_subnets.rb +53 -53
  365. data/lib/resources/aws/aws_vpc.rb +69 -69
  366. data/lib/resources/aws/aws_vpcs.rb +45 -45
  367. data/lib/resources/azure/azure_backend.rb +377 -377
  368. data/lib/resources/azure/azure_generic_resource.rb +59 -59
  369. data/lib/resources/azure/azure_resource_group.rb +152 -152
  370. data/lib/resources/azure/azure_virtual_machine.rb +264 -264
  371. data/lib/resources/azure/azure_virtual_machine_data_disk.rb +136 -136
  372. data/lib/resources/bash.rb +35 -35
  373. data/lib/resources/bond.rb +68 -68
  374. data/lib/resources/bridge.rb +122 -122
  375. data/lib/resources/command.rb +73 -69
  376. data/lib/resources/cpan.rb +58 -58
  377. data/lib/resources/cran.rb +64 -64
  378. data/lib/resources/crontab.rb +169 -170
  379. data/lib/resources/csv.rb +60 -60
  380. data/lib/resources/dh_params.rb +82 -82
  381. data/lib/resources/directory.rb +25 -25
  382. data/lib/resources/docker.rb +236 -236
  383. data/lib/resources/docker_container.rb +89 -89
  384. data/lib/resources/docker_image.rb +83 -83
  385. data/lib/resources/docker_object.rb +57 -57
  386. data/lib/resources/docker_service.rb +90 -90
  387. data/lib/resources/elasticsearch.rb +169 -169
  388. data/lib/resources/etc_fstab.rb +101 -102
  389. data/lib/resources/etc_group.rb +152 -156
  390. data/lib/resources/etc_hosts.rb +82 -81
  391. data/lib/resources/etc_hosts_allow_deny.rb +122 -123
  392. data/lib/resources/file.rb +298 -298
  393. data/lib/resources/filesystem.rb +31 -31
  394. data/lib/resources/firewalld.rb +143 -144
  395. data/lib/resources/gem.rb +70 -70
  396. data/lib/resources/groups.rb +215 -215
  397. data/lib/resources/grub_conf.rb +237 -237
  398. data/lib/resources/host.rb +306 -300
  399. data/lib/resources/http.rb +251 -250
  400. data/lib/resources/iis_app.rb +101 -104
  401. data/lib/resources/iis_site.rb +148 -148
  402. data/lib/resources/inetd_conf.rb +62 -62
  403. data/lib/resources/ini.rb +29 -29
  404. data/lib/resources/interface.rb +129 -129
  405. data/lib/resources/iptables.rb +80 -69
  406. data/lib/resources/json.rb +117 -117
  407. data/lib/resources/kernel_module.rb +107 -107
  408. data/lib/resources/kernel_parameter.rb +58 -58
  409. data/lib/resources/key_rsa.rb +67 -67
  410. data/lib/resources/limits_conf.rb +55 -55
  411. data/lib/resources/login_def.rb +66 -66
  412. data/lib/resources/mount.rb +88 -88
  413. data/lib/resources/mssql_session.rb +101 -101
  414. data/lib/resources/mysql.rb +81 -81
  415. data/lib/resources/mysql_conf.rb +134 -134
  416. data/lib/resources/mysql_session.rb +71 -71
  417. data/lib/resources/nginx.rb +96 -96
  418. data/lib/resources/nginx_conf.rb +227 -227
  419. data/lib/resources/npm.rb +48 -48
  420. data/lib/resources/ntp_conf.rb +58 -58
  421. data/lib/resources/oneget.rb +71 -71
  422. data/lib/resources/oracledb_session.rb +139 -139
  423. data/lib/resources/os.rb +36 -36
  424. data/lib/resources/os_env.rb +76 -76
  425. data/lib/resources/package.rb +370 -370
  426. data/lib/resources/packages.rb +111 -111
  427. data/lib/resources/parse_config.rb +116 -116
  428. data/lib/resources/passwd.rb +74 -74
  429. data/lib/resources/pip.rb +89 -89
  430. data/lib/resources/platform.rb +109 -109
  431. data/lib/resources/port.rb +771 -771
  432. data/lib/resources/postgres.rb +130 -130
  433. data/lib/resources/postgres_conf.rb +121 -121
  434. data/lib/resources/postgres_hba_conf.rb +99 -100
  435. data/lib/resources/postgres_ident_conf.rb +76 -78
  436. data/lib/resources/postgres_session.rb +71 -71
  437. data/lib/resources/powershell.rb +53 -57
  438. data/lib/resources/processes.rb +204 -204
  439. data/lib/resources/rabbitmq_conf.rb +52 -52
  440. data/lib/resources/registry_key.rb +296 -296
  441. data/lib/resources/security_policy.rb +180 -180
  442. data/lib/resources/service.rb +789 -789
  443. data/lib/resources/shadow.rb +146 -140
  444. data/lib/resources/ssh_conf.rb +102 -102
  445. data/lib/resources/ssl.rb +99 -99
  446. data/lib/resources/sys_info.rb +28 -28
  447. data/lib/resources/toml.rb +32 -32
  448. data/lib/resources/users.rb +654 -654
  449. data/lib/resources/vbscript.rb +68 -69
  450. data/lib/resources/virtualization.rb +247 -247
  451. data/lib/resources/windows_feature.rb +84 -84
  452. data/lib/resources/windows_hotfix.rb +35 -35
  453. data/lib/resources/windows_task.rb +102 -105
  454. data/lib/resources/wmi.rb +110 -113
  455. data/lib/resources/x509_certificate.rb +143 -143
  456. data/lib/resources/xinetd.rb +111 -111
  457. data/lib/resources/xml.rb +46 -46
  458. data/lib/resources/yaml.rb +47 -47
  459. data/lib/resources/yum.rb +180 -180
  460. data/lib/resources/zfs_dataset.rb +60 -60
  461. data/lib/resources/zfs_pool.rb +49 -49
  462. data/lib/source_readers/flat.rb +39 -39
  463. data/lib/source_readers/inspec.rb +75 -75
  464. data/lib/utils/command_wrapper.rb +27 -27
  465. data/lib/utils/convert.rb +12 -12
  466. data/lib/utils/database_helpers.rb +77 -77
  467. data/lib/utils/erlang_parser.rb +192 -192
  468. data/lib/utils/filter.rb +272 -272
  469. data/lib/utils/filter_array.rb +27 -27
  470. data/lib/utils/find_files.rb +44 -44
  471. data/lib/utils/hash.rb +41 -41
  472. data/lib/utils/json_log.rb +18 -18
  473. data/lib/utils/latest_version.rb +22 -22
  474. data/lib/utils/modulator.rb +12 -12
  475. data/lib/utils/nginx_parser.rb +85 -85
  476. data/lib/utils/object_traversal.rb +49 -49
  477. data/lib/utils/parser.rb +274 -274
  478. data/lib/utils/plugin_registry.rb +93 -93
  479. data/lib/utils/simpleconfig.rb +120 -120
  480. data/lib/utils/spdx.rb +13 -13
  481. data/lib/utils/spdx.txt +343 -343
  482. metadata +2 -2
data/lib/resources/npm.rb CHANGED
@@ -1,48 +1,48 @@
1
- # encoding: utf-8
2
-
3
- module Inspec::Resources
4
- class NpmPackage < Inspec.resource(1)
5
- name 'npm'
6
- supports platform: 'unix'
7
- supports platform: 'windows'
8
- desc 'Use the npm InSpec audit resource to test if a global npm package is installed. npm is the the package manager for Nodejs packages, such as bower and StatsD.'
9
- example "
10
- describe npm('bower') do
11
- it { should be_installed }
12
- end
13
- "
14
-
15
- def initialize(package_name)
16
- @package_name = package_name
17
- @cache = nil
18
- end
19
-
20
- def info
21
- return @info if defined?(@info)
22
-
23
- cmd = inspec.command("npm ls -g --json #{@package_name}")
24
- @info = {
25
- name: @package_name,
26
- type: 'npm',
27
- installed: cmd.exit_status == 0,
28
- }
29
- return @info unless @info[:installed]
30
-
31
- pkgs = JSON.parse(cmd.stdout)
32
- @info[:version] = pkgs['dependencies'][@package_name]['version']
33
- @info
34
- end
35
-
36
- def installed?
37
- info[:installed] == true
38
- end
39
-
40
- def version
41
- info[:version]
42
- end
43
-
44
- def to_s
45
- "Npm Package #{@package_name}"
46
- end
47
- end
48
- end
1
+ # encoding: utf-8
2
+
3
+ module Inspec::Resources
4
+ class NpmPackage < Inspec.resource(1)
5
+ name 'npm'
6
+ supports platform: 'unix'
7
+ supports platform: 'windows'
8
+ desc 'Use the npm InSpec audit resource to test if a global npm package is installed. npm is the the package manager for Nodejs packages, such as bower and StatsD.'
9
+ example "
10
+ describe npm('bower') do
11
+ it { should be_installed }
12
+ end
13
+ "
14
+
15
+ def initialize(package_name)
16
+ @package_name = package_name
17
+ @cache = nil
18
+ end
19
+
20
+ def info
21
+ return @info if defined?(@info)
22
+
23
+ cmd = inspec.command("npm ls -g --json #{@package_name}")
24
+ @info = {
25
+ name: @package_name,
26
+ type: 'npm',
27
+ installed: cmd.exit_status == 0,
28
+ }
29
+ return @info unless @info[:installed]
30
+
31
+ pkgs = JSON.parse(cmd.stdout)
32
+ @info[:version] = pkgs['dependencies'][@package_name]['version']
33
+ @info
34
+ end
35
+
36
+ def installed?
37
+ info[:installed] == true
38
+ end
39
+
40
+ def version
41
+ info[:version]
42
+ end
43
+
44
+ def to_s
45
+ "Npm Package #{@package_name}"
46
+ end
47
+ end
48
+ end
@@ -1,58 +1,58 @@
1
- # encoding: utf-8
2
- # copyright: 2015, Vulcano Security GmbH
3
-
4
- require 'utils/simpleconfig'
5
-
6
- module Inspec::Resources
7
- class NtpConf < Inspec.resource(1)
8
- name 'ntp_conf'
9
- supports platform: 'unix'
10
- desc 'Use the ntp_conf InSpec audit resource to test the synchronization settings defined in the ntp.conf file. This file is typically located at /etc/ntp.conf.'
11
- example "
12
- describe ntp_conf do
13
- its('server') { should_not eq nil }
14
- its('restrict') { should include '-4 default kod notrap nomodify nopeer noquery'}
15
- end
16
- "
17
-
18
- def initialize(path = nil)
19
- @conf_path = path || '/etc/ntp.conf'
20
- end
21
-
22
- def method_missing(name)
23
- param = read_params[name.to_s]
24
- # extract first value if we have only one value in array
25
- return param[0] if param.is_a?(Array) and param.length == 1
26
- param
27
- end
28
-
29
- def to_s
30
- 'ntp.conf'
31
- end
32
-
33
- private
34
-
35
- def read_params
36
- return @params if defined?(@params)
37
-
38
- if !inspec.file(@conf_path).file?
39
- skip_resource "Can't find file \"#{@conf_path}\""
40
- return @params = {}
41
- end
42
-
43
- content = inspec.file(@conf_path).content
44
- if content.empty? && !inspec.file(@conf_path).empty?
45
- skip_resource "Can't read file \"#{@conf_path}\""
46
- return @params = {}
47
- end
48
-
49
- # parse the file
50
- conf = SimpleConfig.new(
51
- content,
52
- assignment_regex: /^\s*(\S+)\s+(.*)\s*$/,
53
- multiple_values: true,
54
- )
55
- @params = conf.params
56
- end
57
- end
58
- end
1
+ # encoding: utf-8
2
+ # copyright: 2015, Vulcano Security GmbH
3
+
4
+ require 'utils/simpleconfig'
5
+
6
+ module Inspec::Resources
7
+ class NtpConf < Inspec.resource(1)
8
+ name 'ntp_conf'
9
+ supports platform: 'unix'
10
+ desc 'Use the ntp_conf InSpec audit resource to test the synchronization settings defined in the ntp.conf file. This file is typically located at /etc/ntp.conf.'
11
+ example "
12
+ describe ntp_conf do
13
+ its('server') { should_not eq nil }
14
+ its('restrict') { should include '-4 default kod notrap nomodify nopeer noquery'}
15
+ end
16
+ "
17
+
18
+ def initialize(path = nil)
19
+ @conf_path = path || '/etc/ntp.conf'
20
+ end
21
+
22
+ def method_missing(name)
23
+ param = read_params[name.to_s]
24
+ # extract first value if we have only one value in array
25
+ return param[0] if param.is_a?(Array) and param.length == 1
26
+ param
27
+ end
28
+
29
+ def to_s
30
+ 'ntp.conf'
31
+ end
32
+
33
+ private
34
+
35
+ def read_params
36
+ return @params if defined?(@params)
37
+
38
+ if !inspec.file(@conf_path).file?
39
+ skip_resource "Can't find file \"#{@conf_path}\""
40
+ return @params = {}
41
+ end
42
+
43
+ content = inspec.file(@conf_path).content
44
+ if content.empty? && !inspec.file(@conf_path).empty?
45
+ skip_resource "Can't read file \"#{@conf_path}\""
46
+ return @params = {}
47
+ end
48
+
49
+ # parse the file
50
+ conf = SimpleConfig.new(
51
+ content,
52
+ assignment_regex: /^\s*(\S+)\s+(.*)\s*$/,
53
+ multiple_values: true,
54
+ )
55
+ @params = conf.params
56
+ end
57
+ end
58
+ end
@@ -1,71 +1,71 @@
1
- # encoding: utf-8
2
-
3
- # This resource talks with OneGet (https://github.com/OneGet/oneget)
4
- # Its part of Windows Management Framework 5.0 and part of Windows 10
5
- #
6
- # Usage:
7
- # describe oneget('zoomit') do
8
- # it { should be_installed }
9
- # end
10
- module Inspec::Resources
11
- class OneGetPackage < Inspec.resource(1)
12
- name 'oneget'
13
- supports platform: 'windows'
14
- desc 'Use the oneget InSpec audit resource to test if the named package and/or package version is installed on the system. This resource uses OneGet, which is part of the Windows Management Framework 5.0 and Windows 10. This resource uses the Get-Package cmdlet to return all of the package names in the OneGet repository.'
15
- example "
16
- describe oneget('zoomit') do
17
- it { should be_installed }
18
- its('version') { should eq '1.2.3' }
19
- end
20
- "
21
-
22
- def initialize(package_name)
23
- @package_name = package_name
24
-
25
- # verify that this resource is only supported on Windows
26
- return skip_resource 'The `oneget` resource is not supported on your OS.' if !inspec.os.windows?
27
- end
28
-
29
- def info
30
- return @info if defined?(@info)
31
-
32
- @info = {}
33
- @info[:type] = 'oneget'
34
- @info[:installed] = false
35
-
36
- cmd = inspec.command("Get-Package -Name '#{@package_name}' | ConvertTo-Json")
37
- # cannot rely on exit code for now, successful command returns exit code 1
38
- # return nil if cmd.exit_status != 0
39
- # try to parse json
40
-
41
- begin
42
- pkgs = JSON.parse(cmd.stdout)
43
- @info[:installed] = true
44
-
45
- # sometimes we get multiple values
46
- if pkgs.is_a?(Array)
47
- # select the first entry
48
- pkgs = pkgs.first
49
- end
50
- rescue JSON::ParserError => _e
51
- return @info
52
- end
53
-
54
- @info[:name] = pkgs['Name'] if pkgs.key?('Name')
55
- @info[:version] = pkgs['Version'] if pkgs.key?('Version')
56
- @info
57
- end
58
-
59
- def installed?
60
- info[:installed] == true
61
- end
62
-
63
- def version
64
- info[:version]
65
- end
66
-
67
- def to_s
68
- "OneGet Package #{@package_name}"
69
- end
70
- end
71
- end
1
+ # encoding: utf-8
2
+
3
+ # This resource talks with OneGet (https://github.com/OneGet/oneget)
4
+ # Its part of Windows Management Framework 5.0 and part of Windows 10
5
+ #
6
+ # Usage:
7
+ # describe oneget('zoomit') do
8
+ # it { should be_installed }
9
+ # end
10
+ module Inspec::Resources
11
+ class OneGetPackage < Inspec.resource(1)
12
+ name 'oneget'
13
+ supports platform: 'windows'
14
+ desc 'Use the oneget InSpec audit resource to test if the named package and/or package version is installed on the system. This resource uses OneGet, which is part of the Windows Management Framework 5.0 and Windows 10. This resource uses the Get-Package cmdlet to return all of the package names in the OneGet repository.'
15
+ example "
16
+ describe oneget('zoomit') do
17
+ it { should be_installed }
18
+ its('version') { should eq '1.2.3' }
19
+ end
20
+ "
21
+
22
+ def initialize(package_name)
23
+ @package_name = package_name
24
+
25
+ # verify that this resource is only supported on Windows
26
+ return skip_resource 'The `oneget` resource is not supported on your OS.' if !inspec.os.windows?
27
+ end
28
+
29
+ def info
30
+ return @info if defined?(@info)
31
+
32
+ @info = {}
33
+ @info[:type] = 'oneget'
34
+ @info[:installed] = false
35
+
36
+ cmd = inspec.command("Get-Package -Name '#{@package_name}' | ConvertTo-Json")
37
+ # cannot rely on exit code for now, successful command returns exit code 1
38
+ # return nil if cmd.exit_status != 0
39
+ # try to parse json
40
+
41
+ begin
42
+ pkgs = JSON.parse(cmd.stdout)
43
+ @info[:installed] = true
44
+
45
+ # sometimes we get multiple values
46
+ if pkgs.is_a?(Array)
47
+ # select the first entry
48
+ pkgs = pkgs.first
49
+ end
50
+ rescue JSON::ParserError => _e
51
+ return @info
52
+ end
53
+
54
+ @info[:name] = pkgs['Name'] if pkgs.key?('Name')
55
+ @info[:version] = pkgs['Version'] if pkgs.key?('Version')
56
+ @info
57
+ end
58
+
59
+ def installed?
60
+ info[:installed] == true
61
+ end
62
+
63
+ def version
64
+ info[:version]
65
+ end
66
+
67
+ def to_s
68
+ "OneGet Package #{@package_name}"
69
+ end
70
+ end
71
+ end
@@ -1,139 +1,139 @@
1
- # encoding: utf-8
2
-
3
- require 'hashie/mash'
4
- require 'utils/database_helpers'
5
- require 'htmlentities'
6
- require 'rexml/document'
7
- require 'csv'
8
-
9
- module Inspec::Resources
10
- # STABILITY: Experimental
11
- # This resource needs further testing and refinement
12
- #
13
- class OracledbSession < Inspec.resource(1)
14
- name 'oracledb_session'
15
- supports platform: 'unix'
16
- supports platform: 'windows'
17
- desc 'Use the oracledb_session InSpec resource to test commands against an Oracle database'
18
- example "
19
- sql = oracledb_session(user: 'my_user', pass: 'password')
20
- describe sql.query(\"SELECT UPPER(VALUE) AS VALUE FROM V$PARAMETER WHERE UPPER(NAME)='AUDIT_SYS_OPERATIONS'\").row(0).column('value') do
21
- its('value') { should eq 'TRUE' }
22
- end
23
- "
24
-
25
- attr_reader :user, :password, :host, :service
26
- def initialize(opts = {})
27
- @user = opts[:user]
28
- @password = opts[:password] || opts[:pass]
29
- if opts[:pass]
30
- warn '[DEPRECATED] use `password` option to supply password instead of `pass`'
31
- end
32
-
33
- @host = opts[:host] || 'localhost'
34
- @port = opts[:port] || '1521'
35
- @service = opts[:service]
36
-
37
- # we prefer sqlci although it is way slower than sqlplus, but it understands csv properly
38
- @sqlcl_bin = 'sql'
39
- @sqlplus_bin = opts[:sqlplus_bin] || 'sqlplus'
40
-
41
- return skip_resource "Can't run Oracle checks without authentication" if @user.nil? || @password.nil?
42
- return skip_resource 'You must provide a service name for the session' if @service.nil?
43
- end
44
-
45
- def query(q)
46
- escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"')
47
- # escape tables with $
48
- escaped_query = escaped_query.gsub('$', '\\$')
49
-
50
- p = nil
51
- # use sqlplus if sqlcl is not available
52
- if inspec.command(@sqlcl_bin).exist?
53
- bin = @sqlcl_bin
54
- opts = "set sqlformat csv\nSET FEEDBACK OFF"
55
- p = :parse_csv_result
56
- else
57
- bin = @sqlplus_bin
58
- opts = "SET MARKUP HTML ON\nSET FEEDBACK OFF"
59
- p = :parse_html_result
60
- end
61
-
62
- query = verify_query(escaped_query)
63
- query += ';' unless query.end_with?(';')
64
- command = %{echo "#{opts}\n#{query}\nEXIT" | #{bin} "#{@user}"/"#{@password}"@#{@host}:#{@port}/#{@service}}
65
- cmd = inspec.command(command)
66
-
67
- out = cmd.stdout + "\n" + cmd.stderr
68
- if out.downcase =~ /^error/
69
- # TODO: we need to throw an exception here
70
- # change once https://github.com/chef/inspec/issues/1205 is in
71
- warn "Could not execute the sql query #{out}"
72
- DatabaseHelper::SQLQueryResult.new(cmd, Hashie::Mash.new({}))
73
- end
74
- DatabaseHelper::SQLQueryResult.new(cmd, send(p, cmd.stdout))
75
- end
76
-
77
- def to_s
78
- 'Oracle Session'
79
- end
80
-
81
- private
82
-
83
- def verify_query(query)
84
- # ensure we have a ; at the end
85
- query + ';' if !query.strip.end_with?(';')
86
- query
87
- end
88
-
89
- def parse_csv_result(stdout)
90
- output = stdout.delete(/\r/)
91
- table = CSV.parse(output, { headers: true })
92
-
93
- # convert to hash
94
- headers = table.headers
95
-
96
- results = table.map { |row|
97
- res = {}
98
- headers.each { |header|
99
- res[header.downcase] = row[header]
100
- }
101
- Hashie::Mash.new(res)
102
- }
103
- results
104
- end
105
-
106
- def parse_html_result(stdout) # rubocop:disable Metrics/AbcSize
107
- result = stdout
108
- # make oracle html valid html by removing the p tag, it does not include a closing tag
109
- result = result.gsub('<p>', '').gsub('</p>', '').gsub('<br>', '')
110
- doc = REXML::Document.new result
111
- table = doc.elements['table']
112
- hash = []
113
- if !table.nil?
114
- rows = table.elements.to_a
115
- headers = rows[0].elements.to_a('th').map { |entry| entry.text.strip }
116
- rows.delete_at(0)
117
-
118
- # iterate over each row, first row is header
119
- hash = []
120
- if !rows.nil? && !rows.empty?
121
- hash = rows.map { |row|
122
- res = {}
123
- entries = row.elements.to_a('td')
124
- # ignore if we have empty entries, oracle is adding th rows in between
125
- return nil if entries.empty?
126
- headers.each_with_index { |header, index|
127
- # we need htmlentities since we do not have nokogiri
128
- coder = HTMLEntities.new
129
- val = coder.decode(entries[index].text).strip
130
- res[header.downcase] = val
131
- }
132
- Hashie::Mash.new(res)
133
- }.compact
134
- end
135
- end
136
- hash
137
- end
138
- end
139
- end
1
+ # encoding: utf-8
2
+
3
+ require 'hashie/mash'
4
+ require 'utils/database_helpers'
5
+ require 'htmlentities'
6
+ require 'rexml/document'
7
+ require 'csv'
8
+
9
+ module Inspec::Resources
10
+ # STABILITY: Experimental
11
+ # This resource needs further testing and refinement
12
+ #
13
+ class OracledbSession < Inspec.resource(1)
14
+ name 'oracledb_session'
15
+ supports platform: 'unix'
16
+ supports platform: 'windows'
17
+ desc 'Use the oracledb_session InSpec resource to test commands against an Oracle database'
18
+ example "
19
+ sql = oracledb_session(user: 'my_user', pass: 'password')
20
+ describe sql.query(\"SELECT UPPER(VALUE) AS VALUE FROM V$PARAMETER WHERE UPPER(NAME)='AUDIT_SYS_OPERATIONS'\").row(0).column('value') do
21
+ its('value') { should eq 'TRUE' }
22
+ end
23
+ "
24
+
25
+ attr_reader :user, :password, :host, :service
26
+ def initialize(opts = {})
27
+ @user = opts[:user]
28
+ @password = opts[:password] || opts[:pass]
29
+ if opts[:pass]
30
+ warn '[DEPRECATED] use `password` option to supply password instead of `pass`'
31
+ end
32
+
33
+ @host = opts[:host] || 'localhost'
34
+ @port = opts[:port] || '1521'
35
+ @service = opts[:service]
36
+
37
+ # we prefer sqlci although it is way slower than sqlplus, but it understands csv properly
38
+ @sqlcl_bin = 'sql'
39
+ @sqlplus_bin = opts[:sqlplus_bin] || 'sqlplus'
40
+
41
+ return skip_resource "Can't run Oracle checks without authentication" if @user.nil? || @password.nil?
42
+ return skip_resource 'You must provide a service name for the session' if @service.nil?
43
+ end
44
+
45
+ def query(q)
46
+ escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"')
47
+ # escape tables with $
48
+ escaped_query = escaped_query.gsub('$', '\\$')
49
+
50
+ p = nil
51
+ # use sqlplus if sqlcl is not available
52
+ if inspec.command(@sqlcl_bin).exist?
53
+ bin = @sqlcl_bin
54
+ opts = "set sqlformat csv\nSET FEEDBACK OFF"
55
+ p = :parse_csv_result
56
+ else
57
+ bin = @sqlplus_bin
58
+ opts = "SET MARKUP HTML ON\nSET FEEDBACK OFF"
59
+ p = :parse_html_result
60
+ end
61
+
62
+ query = verify_query(escaped_query)
63
+ query += ';' unless query.end_with?(';')
64
+ command = %{echo "#{opts}\n#{query}\nEXIT" | #{bin} "#{@user}"/"#{@password}"@#{@host}:#{@port}/#{@service}}
65
+ cmd = inspec.command(command)
66
+
67
+ out = cmd.stdout + "\n" + cmd.stderr
68
+ if out.downcase =~ /^error/
69
+ # TODO: we need to throw an exception here
70
+ # change once https://github.com/chef/inspec/issues/1205 is in
71
+ warn "Could not execute the sql query #{out}"
72
+ DatabaseHelper::SQLQueryResult.new(cmd, Hashie::Mash.new({}))
73
+ end
74
+ DatabaseHelper::SQLQueryResult.new(cmd, send(p, cmd.stdout))
75
+ end
76
+
77
+ def to_s
78
+ 'Oracle Session'
79
+ end
80
+
81
+ private
82
+
83
+ def verify_query(query)
84
+ # ensure we have a ; at the end
85
+ query + ';' if !query.strip.end_with?(';')
86
+ query
87
+ end
88
+
89
+ def parse_csv_result(stdout)
90
+ output = stdout.delete(/\r/)
91
+ table = CSV.parse(output, { headers: true })
92
+
93
+ # convert to hash
94
+ headers = table.headers
95
+
96
+ results = table.map { |row|
97
+ res = {}
98
+ headers.each { |header|
99
+ res[header.downcase] = row[header]
100
+ }
101
+ Hashie::Mash.new(res)
102
+ }
103
+ results
104
+ end
105
+
106
+ def parse_html_result(stdout) # rubocop:disable Metrics/AbcSize
107
+ result = stdout
108
+ # make oracle html valid html by removing the p tag, it does not include a closing tag
109
+ result = result.gsub('<p>', '').gsub('</p>', '').gsub('<br>', '')
110
+ doc = REXML::Document.new result
111
+ table = doc.elements['table']
112
+ hash = []
113
+ if !table.nil?
114
+ rows = table.elements.to_a
115
+ headers = rows[0].elements.to_a('th').map { |entry| entry.text.strip }
116
+ rows.delete_at(0)
117
+
118
+ # iterate over each row, first row is header
119
+ hash = []
120
+ if !rows.nil? && !rows.empty?
121
+ hash = rows.map { |row|
122
+ res = {}
123
+ entries = row.elements.to_a('td')
124
+ # ignore if we have empty entries, oracle is adding th rows in between
125
+ return nil if entries.empty?
126
+ headers.each_with_index { |header, index|
127
+ # we need htmlentities since we do not have nokogiri
128
+ coder = HTMLEntities.new
129
+ val = coder.decode(entries[index].text).strip
130
+ res[header.downcase] = val
131
+ }
132
+ Hashie::Mash.new(res)
133
+ }.compact
134
+ end
135
+ end
136
+ hash
137
+ end
138
+ end
139
+ end