inspec 2.0.32 → 2.0.45
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +101 -101
- data/CHANGELOG.md +2991 -2970
- data/Gemfile +55 -55
- data/LICENSE +14 -14
- data/MAINTAINERS.md +33 -33
- data/MAINTAINERS.toml +52 -52
- data/README.md +446 -437
- data/Rakefile +322 -322
- data/bin/inspec +12 -12
- data/docs/.gitignore +2 -2
- data/docs/README.md +40 -40
- data/docs/dsl_inspec.md +258 -258
- data/docs/dsl_resource.md +93 -93
- data/docs/glossary.md +99 -99
- data/docs/habitat.md +191 -191
- data/docs/inspec_and_friends.md +107 -107
- data/docs/matchers.md +169 -168
- data/docs/migration.md +293 -293
- data/docs/platforms.md +118 -118
- data/docs/plugin_kitchen_inspec.md +49 -49
- data/docs/profiles.md +370 -370
- data/docs/reporters.md +105 -105
- data/docs/resources/aide_conf.md.erb +75 -75
- data/docs/resources/apache.md.erb +67 -67
- data/docs/resources/apache_conf.md.erb +68 -68
- data/docs/resources/apt.md.erb +71 -71
- data/docs/resources/audit_policy.md.erb +47 -47
- data/docs/resources/auditd.md.erb +79 -79
- data/docs/resources/auditd_conf.md.erb +68 -68
- data/docs/resources/aws_cloudtrail_trail.md.erb +140 -140
- data/docs/resources/aws_cloudtrail_trails.md.erb +81 -81
- data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -86
- data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -151
- data/docs/resources/aws_config_recorder.md.erb +71 -71
- data/docs/resources/aws_ec2_instance.md.erb +106 -106
- data/docs/resources/aws_iam_access_key.md.erb +123 -123
- data/docs/resources/aws_iam_access_keys.md.erb +198 -198
- data/docs/resources/aws_iam_group.md.erb +46 -46
- data/docs/resources/aws_iam_groups.md.erb +43 -43
- data/docs/resources/aws_iam_password_policy.md.erb +76 -76
- data/docs/resources/aws_iam_policies.md.erb +82 -82
- data/docs/resources/aws_iam_policy.md.erb +144 -144
- data/docs/resources/aws_iam_role.md.erb +63 -63
- data/docs/resources/aws_iam_root_user.md.erb +58 -58
- data/docs/resources/aws_iam_user.md.erb +64 -64
- data/docs/resources/aws_iam_users.md.erb +89 -89
- data/docs/resources/aws_kms_keys.md.erb +84 -84
- data/docs/resources/aws_route_table.md.erb +47 -47
- data/docs/resources/aws_s3_bucket.md.erb +134 -134
- data/docs/resources/aws_security_group.md.erb +151 -151
- data/docs/resources/aws_security_groups.md.erb +91 -91
- data/docs/resources/aws_sns_topic.md.erb +63 -63
- data/docs/resources/aws_subnet.md.erb +133 -133
- data/docs/resources/aws_subnets.md.erb +126 -126
- data/docs/resources/aws_vpc.md.erb +120 -120
- data/docs/resources/aws_vpcs.md.erb +48 -48
- data/docs/resources/azure_generic_resource.md.erb +170 -170
- data/docs/resources/azure_resource_group.md.erb +284 -284
- data/docs/resources/azure_virtual_machine.md.erb +347 -347
- data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
- data/docs/resources/bash.md.erb +75 -75
- data/docs/resources/bond.md.erb +90 -90
- data/docs/resources/bridge.md.erb +57 -57
- data/docs/resources/bsd_service.md.erb +67 -67
- data/docs/resources/command.md.erb +138 -138
- data/docs/resources/cpan.md.erb +79 -79
- data/docs/resources/cran.md.erb +64 -64
- data/docs/resources/crontab.md.erb +89 -89
- data/docs/resources/csv.md.erb +54 -54
- data/docs/resources/dh_params.md.erb +205 -205
- data/docs/resources/directory.md.erb +30 -30
- data/docs/resources/docker.md.erb +219 -219
- data/docs/resources/docker_container.md.erb +104 -104
- data/docs/resources/docker_image.md.erb +94 -94
- data/docs/resources/docker_service.md.erb +114 -114
- data/docs/resources/elasticsearch.md.erb +242 -242
- data/docs/resources/etc_fstab.md.erb +125 -125
- data/docs/resources/etc_group.md.erb +75 -75
- data/docs/resources/etc_hosts.md.erb +78 -78
- data/docs/resources/etc_hosts_allow.md.erb +74 -74
- data/docs/resources/etc_hosts_deny.md.erb +74 -74
- data/docs/resources/file.md.erb +526 -515
- data/docs/resources/filesystem.md.erb +41 -41
- data/docs/resources/firewalld.md.erb +107 -107
- data/docs/resources/gem.md.erb +79 -79
- data/docs/resources/group.md.erb +61 -61
- data/docs/resources/grub_conf.md.erb +101 -101
- data/docs/resources/host.md.erb +86 -86
- data/docs/resources/http.md.erb +196 -196
- data/docs/resources/iis_app.md.erb +122 -122
- data/docs/resources/iis_site.md.erb +135 -135
- data/docs/resources/inetd_conf.md.erb +94 -94
- data/docs/resources/ini.md.erb +76 -76
- data/docs/resources/interface.md.erb +58 -58
- data/docs/resources/iptables.md.erb +64 -64
- data/docs/resources/json.md.erb +63 -63
- data/docs/resources/kernel_module.md.erb +120 -120
- data/docs/resources/kernel_parameter.md.erb +53 -53
- data/docs/resources/key_rsa.md.erb +85 -85
- data/docs/resources/launchd_service.md.erb +57 -57
- data/docs/resources/limits_conf.md.erb +75 -75
- data/docs/resources/login_def.md.erb +71 -71
- data/docs/resources/mount.md.erb +69 -69
- data/docs/resources/mssql_session.md.erb +60 -60
- data/docs/resources/mysql_conf.md.erb +99 -99
- data/docs/resources/mysql_session.md.erb +74 -74
- data/docs/resources/nginx.md.erb +79 -79
- data/docs/resources/nginx_conf.md.erb +128 -128
- data/docs/resources/npm.md.erb +60 -60
- data/docs/resources/ntp_conf.md.erb +60 -60
- data/docs/resources/oneget.md.erb +53 -53
- data/docs/resources/oracledb_session.md.erb +52 -52
- data/docs/resources/os.md.erb +141 -141
- data/docs/resources/os_env.md.erb +78 -78
- data/docs/resources/package.md.erb +120 -120
- data/docs/resources/packages.md.erb +67 -67
- data/docs/resources/parse_config.md.erb +103 -103
- data/docs/resources/parse_config_file.md.erb +138 -138
- data/docs/resources/passwd.md.erb +141 -141
- data/docs/resources/pip.md.erb +67 -67
- data/docs/resources/port.md.erb +137 -137
- data/docs/resources/postgres_conf.md.erb +79 -79
- data/docs/resources/postgres_hba_conf.md.erb +93 -93
- data/docs/resources/postgres_ident_conf.md.erb +76 -76
- data/docs/resources/postgres_session.md.erb +69 -69
- data/docs/resources/powershell.md.erb +102 -102
- data/docs/resources/processes.md.erb +109 -109
- data/docs/resources/rabbitmq_config.md.erb +41 -41
- data/docs/resources/registry_key.md.erb +158 -158
- data/docs/resources/runit_service.md.erb +57 -57
- data/docs/resources/security_policy.md.erb +47 -47
- data/docs/resources/service.md.erb +121 -121
- data/docs/resources/shadow.md.erb +146 -144
- data/docs/resources/ssh_config.md.erb +80 -80
- data/docs/resources/sshd_config.md.erb +83 -83
- data/docs/resources/ssl.md.erb +119 -119
- data/docs/resources/sys_info.md.erb +42 -42
- data/docs/resources/systemd_service.md.erb +57 -57
- data/docs/resources/sysv_service.md.erb +57 -57
- data/docs/resources/upstart_service.md.erb +57 -57
- data/docs/resources/user.md.erb +140 -140
- data/docs/resources/users.md.erb +127 -127
- data/docs/resources/vbscript.md.erb +55 -55
- data/docs/resources/virtualization.md.erb +57 -57
- data/docs/resources/windows_feature.md.erb +47 -47
- data/docs/resources/windows_hotfix.md.erb +53 -53
- data/docs/resources/windows_task.md.erb +95 -95
- data/docs/resources/wmi.md.erb +81 -81
- data/docs/resources/x509_certificate.md.erb +151 -151
- data/docs/resources/xinetd_conf.md.erb +156 -156
- data/docs/resources/xml.md.erb +85 -85
- data/docs/resources/yaml.md.erb +69 -69
- data/docs/resources/yum.md.erb +98 -98
- data/docs/resources/zfs_dataset.md.erb +53 -53
- data/docs/resources/zfs_pool.md.erb +47 -47
- data/docs/ruby_usage.md +203 -203
- data/docs/shared/matcher_be.md.erb +1 -1
- data/docs/shared/matcher_cmp.md.erb +43 -43
- data/docs/shared/matcher_eq.md.erb +3 -3
- data/docs/shared/matcher_include.md.erb +1 -1
- data/docs/shared/matcher_match.md.erb +1 -1
- data/docs/shell.md +215 -215
- data/examples/README.md +8 -8
- data/examples/inheritance/README.md +65 -65
- data/examples/inheritance/controls/example.rb +14 -14
- data/examples/inheritance/inspec.yml +15 -15
- data/examples/kitchen-ansible/.kitchen.yml +25 -25
- data/examples/kitchen-ansible/Gemfile +19 -19
- data/examples/kitchen-ansible/README.md +53 -53
- data/examples/kitchen-ansible/files/nginx.repo +6 -6
- data/examples/kitchen-ansible/tasks/main.yml +16 -16
- data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-chef/.kitchen.yml +20 -20
- data/examples/kitchen-chef/Berksfile +3 -3
- data/examples/kitchen-chef/Gemfile +19 -19
- data/examples/kitchen-chef/README.md +27 -27
- data/examples/kitchen-chef/metadata.rb +7 -7
- data/examples/kitchen-chef/recipes/default.rb +6 -6
- data/examples/kitchen-chef/recipes/nginx.rb +30 -30
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-puppet/.kitchen.yml +22 -22
- data/examples/kitchen-puppet/Gemfile +20 -20
- data/examples/kitchen-puppet/Puppetfile +25 -25
- data/examples/kitchen-puppet/README.md +53 -53
- data/examples/kitchen-puppet/manifests/site.pp +33 -33
- data/examples/kitchen-puppet/metadata.json +11 -11
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
- data/examples/meta-profile/README.md +37 -37
- data/examples/meta-profile/controls/example.rb +13 -13
- data/examples/meta-profile/inspec.yml +13 -13
- data/examples/profile-attribute.yml +2 -2
- data/examples/profile-attribute/README.md +14 -14
- data/examples/profile-attribute/controls/example.rb +11 -11
- data/examples/profile-attribute/inspec.yml +8 -8
- data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
- data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
- data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
- data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
- data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
- data/examples/profile-aws/inspec.yml +11 -11
- data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
- data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
- data/examples/profile-azure/inspec.yml +11 -11
- data/examples/profile-sensitive/README.md +29 -29
- data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
- data/examples/profile-sensitive/controls/sensitive.rb +9 -9
- data/examples/profile-sensitive/inspec.yml +8 -8
- data/examples/profile/README.md +48 -48
- data/examples/profile/controls/example.rb +23 -23
- data/examples/profile/controls/gordon.rb +36 -36
- data/examples/profile/controls/meta.rb +34 -34
- data/examples/profile/inspec.yml +10 -10
- data/examples/profile/libraries/gordon_config.rb +53 -53
- data/inspec.gemspec +47 -47
- data/lib/bundles/README.md +3 -3
- data/lib/bundles/inspec-artifact.rb +7 -7
- data/lib/bundles/inspec-artifact/README.md +1 -1
- data/lib/bundles/inspec-artifact/cli.rb +277 -277
- data/lib/bundles/inspec-compliance.rb +16 -16
- data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
- data/lib/bundles/inspec-compliance/README.md +185 -185
- data/lib/bundles/inspec-compliance/api.rb +316 -316
- data/lib/bundles/inspec-compliance/api/login.rb +152 -152
- data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
- data/lib/bundles/inspec-compliance/cli.rb +254 -254
- data/lib/bundles/inspec-compliance/configuration.rb +103 -103
- data/lib/bundles/inspec-compliance/http.rb +86 -86
- data/lib/bundles/inspec-compliance/support.rb +36 -36
- data/lib/bundles/inspec-compliance/target.rb +98 -98
- data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
- data/lib/bundles/inspec-habitat.rb +12 -12
- data/lib/bundles/inspec-habitat/cli.rb +36 -36
- data/lib/bundles/inspec-habitat/log.rb +10 -10
- data/lib/bundles/inspec-habitat/profile.rb +390 -390
- data/lib/bundles/inspec-init.rb +8 -8
- data/lib/bundles/inspec-init/README.md +31 -31
- data/lib/bundles/inspec-init/cli.rb +97 -97
- data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
- data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
- data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
- data/lib/bundles/inspec-supermarket.rb +13 -13
- data/lib/bundles/inspec-supermarket/README.md +45 -45
- data/lib/bundles/inspec-supermarket/api.rb +84 -84
- data/lib/bundles/inspec-supermarket/cli.rb +73 -73
- data/lib/bundles/inspec-supermarket/target.rb +34 -34
- data/lib/fetchers/git.rb +163 -163
- data/lib/fetchers/local.rb +74 -74
- data/lib/fetchers/mock.rb +35 -35
- data/lib/fetchers/url.rb +204 -204
- data/lib/inspec.rb +24 -24
- data/lib/inspec/archive/tar.rb +29 -29
- data/lib/inspec/archive/zip.rb +19 -19
- data/lib/inspec/backend.rb +92 -92
- data/lib/inspec/base_cli.rb +355 -350
- data/lib/inspec/cached_fetcher.rb +66 -66
- data/lib/inspec/cli.rb +292 -292
- data/lib/inspec/completions/bash.sh.erb +45 -45
- data/lib/inspec/completions/fish.sh.erb +34 -34
- data/lib/inspec/completions/zsh.sh.erb +61 -61
- data/lib/inspec/control_eval_context.rb +179 -179
- data/lib/inspec/dependencies/cache.rb +72 -72
- data/lib/inspec/dependencies/dependency_set.rb +92 -92
- data/lib/inspec/dependencies/lockfile.rb +115 -115
- data/lib/inspec/dependencies/requirement.rb +123 -123
- data/lib/inspec/dependencies/resolver.rb +86 -86
- data/lib/inspec/describe.rb +27 -27
- data/lib/inspec/dsl.rb +66 -66
- data/lib/inspec/dsl_shared.rb +33 -33
- data/lib/inspec/env_printer.rb +157 -157
- data/lib/inspec/errors.rb +13 -13
- data/lib/inspec/exceptions.rb +12 -12
- data/lib/inspec/expect.rb +45 -45
- data/lib/inspec/fetcher.rb +45 -45
- data/lib/inspec/file_provider.rb +275 -275
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +250 -250
- data/lib/inspec/formatters/json_rspec.rb +20 -20
- data/lib/inspec/formatters/show_progress.rb +12 -12
- data/lib/inspec/library_eval_context.rb +58 -58
- data/lib/inspec/log.rb +11 -11
- data/lib/inspec/metadata.rb +247 -247
- data/lib/inspec/method_source.rb +24 -24
- data/lib/inspec/objects.rb +14 -14
- data/lib/inspec/objects/attribute.rb +65 -65
- data/lib/inspec/objects/control.rb +61 -61
- data/lib/inspec/objects/describe.rb +92 -92
- data/lib/inspec/objects/each_loop.rb +36 -36
- data/lib/inspec/objects/list.rb +15 -15
- data/lib/inspec/objects/or_test.rb +40 -40
- data/lib/inspec/objects/ruby_helper.rb +15 -15
- data/lib/inspec/objects/tag.rb +27 -27
- data/lib/inspec/objects/test.rb +87 -87
- data/lib/inspec/objects/value.rb +27 -27
- data/lib/inspec/plugins.rb +60 -60
- data/lib/inspec/plugins/cli.rb +24 -24
- data/lib/inspec/plugins/fetcher.rb +86 -86
- data/lib/inspec/plugins/resource.rb +135 -135
- data/lib/inspec/plugins/secret.rb +15 -15
- data/lib/inspec/plugins/source_reader.rb +40 -40
- data/lib/inspec/polyfill.rb +12 -12
- data/lib/inspec/profile.rb +510 -510
- data/lib/inspec/profile_context.rb +207 -207
- data/lib/inspec/profile_vendor.rb +66 -66
- data/lib/inspec/reporters.rb +54 -50
- data/lib/inspec/reporters/base.rb +24 -24
- data/lib/inspec/reporters/cli.rb +356 -356
- data/lib/inspec/reporters/json.rb +116 -116
- data/lib/inspec/reporters/json_min.rb +48 -48
- data/lib/inspec/reporters/junit.rb +77 -77
- data/lib/inspec/require_loader.rb +33 -33
- data/lib/inspec/resource.rb +186 -186
- data/lib/inspec/rule.rb +266 -266
- data/lib/inspec/runner.rb +345 -345
- data/lib/inspec/runner_mock.rb +41 -41
- data/lib/inspec/runner_rspec.rb +175 -175
- data/lib/inspec/runtime_profile.rb +26 -26
- data/lib/inspec/schema.rb +213 -213
- data/lib/inspec/secrets.rb +19 -19
- data/lib/inspec/secrets/yaml.rb +30 -30
- data/lib/inspec/shell.rb +220 -220
- data/lib/inspec/shell_detector.rb +90 -90
- data/lib/inspec/source_reader.rb +29 -29
- data/lib/inspec/version.rb +8 -8
- data/lib/matchers/matchers.rb +339 -339
- data/lib/resource_support/aws.rb +41 -41
- data/lib/resource_support/aws/aws_backend_base.rb +12 -12
- data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
- data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
- data/lib/resources/aide_conf.rb +159 -160
- data/lib/resources/apache.rb +48 -48
- data/lib/resources/apache_conf.rb +156 -156
- data/lib/resources/apt.rb +149 -149
- data/lib/resources/audit_policy.rb +63 -63
- data/lib/resources/auditd.rb +231 -231
- data/lib/resources/auditd_conf.rb +55 -55
- data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -77
- data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
- data/lib/resources/aws/aws_config_recorder.rb +98 -98
- data/lib/resources/aws/aws_ec2_instance.rb +157 -157
- data/lib/resources/aws/aws_iam_access_key.rb +106 -106
- data/lib/resources/aws/aws_iam_access_keys.rb +149 -144
- data/lib/resources/aws/aws_iam_group.rb +56 -56
- data/lib/resources/aws/aws_iam_groups.rb +52 -45
- data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
- data/lib/resources/aws/aws_iam_policies.rb +53 -46
- data/lib/resources/aws/aws_iam_policy.rb +125 -119
- data/lib/resources/aws/aws_iam_role.rb +51 -51
- data/lib/resources/aws/aws_iam_root_user.rb +60 -60
- data/lib/resources/aws/aws_iam_user.rb +111 -111
- data/lib/resources/aws/aws_iam_users.rb +108 -96
- data/lib/resources/aws/aws_kms_keys.rb +53 -46
- data/lib/resources/aws/aws_route_table.rb +61 -61
- data/lib/resources/aws/aws_s3_bucket.rb +115 -115
- data/lib/resources/aws/aws_security_group.rb +93 -93
- data/lib/resources/aws/aws_security_groups.rb +68 -68
- data/lib/resources/aws/aws_sns_topic.rb +53 -53
- data/lib/resources/aws/aws_subnet.rb +88 -88
- data/lib/resources/aws/aws_subnets.rb +53 -53
- data/lib/resources/aws/aws_vpc.rb +69 -69
- data/lib/resources/aws/aws_vpcs.rb +45 -45
- data/lib/resources/azure/azure_backend.rb +377 -377
- data/lib/resources/azure/azure_generic_resource.rb +59 -59
- data/lib/resources/azure/azure_resource_group.rb +152 -152
- data/lib/resources/azure/azure_virtual_machine.rb +264 -264
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +136 -136
- data/lib/resources/bash.rb +35 -35
- data/lib/resources/bond.rb +68 -68
- data/lib/resources/bridge.rb +122 -122
- data/lib/resources/command.rb +73 -69
- data/lib/resources/cpan.rb +58 -58
- data/lib/resources/cran.rb +64 -64
- data/lib/resources/crontab.rb +169 -170
- data/lib/resources/csv.rb +60 -60
- data/lib/resources/dh_params.rb +82 -82
- data/lib/resources/directory.rb +25 -25
- data/lib/resources/docker.rb +236 -236
- data/lib/resources/docker_container.rb +89 -89
- data/lib/resources/docker_image.rb +83 -83
- data/lib/resources/docker_object.rb +57 -57
- data/lib/resources/docker_service.rb +90 -90
- data/lib/resources/elasticsearch.rb +169 -169
- data/lib/resources/etc_fstab.rb +101 -102
- data/lib/resources/etc_group.rb +152 -156
- data/lib/resources/etc_hosts.rb +82 -81
- data/lib/resources/etc_hosts_allow_deny.rb +122 -123
- data/lib/resources/file.rb +298 -298
- data/lib/resources/filesystem.rb +31 -31
- data/lib/resources/firewalld.rb +143 -144
- data/lib/resources/gem.rb +70 -70
- data/lib/resources/groups.rb +215 -215
- data/lib/resources/grub_conf.rb +237 -237
- data/lib/resources/host.rb +306 -300
- data/lib/resources/http.rb +251 -250
- data/lib/resources/iis_app.rb +101 -104
- data/lib/resources/iis_site.rb +148 -148
- data/lib/resources/inetd_conf.rb +62 -62
- data/lib/resources/ini.rb +29 -29
- data/lib/resources/interface.rb +129 -129
- data/lib/resources/iptables.rb +80 -69
- data/lib/resources/json.rb +117 -117
- data/lib/resources/kernel_module.rb +107 -107
- data/lib/resources/kernel_parameter.rb +58 -58
- data/lib/resources/key_rsa.rb +67 -67
- data/lib/resources/limits_conf.rb +55 -55
- data/lib/resources/login_def.rb +66 -66
- data/lib/resources/mount.rb +88 -88
- data/lib/resources/mssql_session.rb +101 -101
- data/lib/resources/mysql.rb +81 -81
- data/lib/resources/mysql_conf.rb +134 -134
- data/lib/resources/mysql_session.rb +71 -71
- data/lib/resources/nginx.rb +96 -96
- data/lib/resources/nginx_conf.rb +227 -227
- data/lib/resources/npm.rb +48 -48
- data/lib/resources/ntp_conf.rb +58 -58
- data/lib/resources/oneget.rb +71 -71
- data/lib/resources/oracledb_session.rb +139 -139
- data/lib/resources/os.rb +36 -36
- data/lib/resources/os_env.rb +76 -76
- data/lib/resources/package.rb +370 -370
- data/lib/resources/packages.rb +111 -111
- data/lib/resources/parse_config.rb +116 -116
- data/lib/resources/passwd.rb +74 -74
- data/lib/resources/pip.rb +89 -89
- data/lib/resources/platform.rb +109 -109
- data/lib/resources/port.rb +771 -771
- data/lib/resources/postgres.rb +130 -130
- data/lib/resources/postgres_conf.rb +121 -121
- data/lib/resources/postgres_hba_conf.rb +99 -100
- data/lib/resources/postgres_ident_conf.rb +76 -78
- data/lib/resources/postgres_session.rb +71 -71
- data/lib/resources/powershell.rb +53 -57
- data/lib/resources/processes.rb +204 -204
- data/lib/resources/rabbitmq_conf.rb +52 -52
- data/lib/resources/registry_key.rb +296 -296
- data/lib/resources/security_policy.rb +180 -180
- data/lib/resources/service.rb +789 -789
- data/lib/resources/shadow.rb +146 -140
- data/lib/resources/ssh_conf.rb +102 -102
- data/lib/resources/ssl.rb +99 -99
- data/lib/resources/sys_info.rb +28 -28
- data/lib/resources/toml.rb +32 -32
- data/lib/resources/users.rb +654 -654
- data/lib/resources/vbscript.rb +68 -69
- data/lib/resources/virtualization.rb +247 -247
- data/lib/resources/windows_feature.rb +84 -84
- data/lib/resources/windows_hotfix.rb +35 -35
- data/lib/resources/windows_task.rb +102 -105
- data/lib/resources/wmi.rb +110 -113
- data/lib/resources/x509_certificate.rb +143 -143
- data/lib/resources/xinetd.rb +111 -111
- data/lib/resources/xml.rb +46 -46
- data/lib/resources/yaml.rb +47 -47
- data/lib/resources/yum.rb +180 -180
- data/lib/resources/zfs_dataset.rb +60 -60
- data/lib/resources/zfs_pool.rb +49 -49
- data/lib/source_readers/flat.rb +39 -39
- data/lib/source_readers/inspec.rb +75 -75
- data/lib/utils/command_wrapper.rb +27 -27
- data/lib/utils/convert.rb +12 -12
- data/lib/utils/database_helpers.rb +77 -77
- data/lib/utils/erlang_parser.rb +192 -192
- data/lib/utils/filter.rb +272 -272
- data/lib/utils/filter_array.rb +27 -27
- data/lib/utils/find_files.rb +44 -44
- data/lib/utils/hash.rb +41 -41
- data/lib/utils/json_log.rb +18 -18
- data/lib/utils/latest_version.rb +22 -22
- data/lib/utils/modulator.rb +12 -12
- data/lib/utils/nginx_parser.rb +85 -85
- data/lib/utils/object_traversal.rb +49 -49
- data/lib/utils/parser.rb +274 -274
- data/lib/utils/plugin_registry.rb +93 -93
- data/lib/utils/simpleconfig.rb +120 -120
- data/lib/utils/spdx.rb +13 -13
- data/lib/utils/spdx.txt +343 -343
- metadata +2 -2
data/lib/resources/npm.rb
CHANGED
|
@@ -1,48 +1,48 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
|
-
|
|
3
|
-
module Inspec::Resources
|
|
4
|
-
class NpmPackage < Inspec.resource(1)
|
|
5
|
-
name 'npm'
|
|
6
|
-
supports platform: 'unix'
|
|
7
|
-
supports platform: 'windows'
|
|
8
|
-
desc 'Use the npm InSpec audit resource to test if a global npm package is installed. npm is the the package manager for Nodejs packages, such as bower and StatsD.'
|
|
9
|
-
example "
|
|
10
|
-
describe npm('bower') do
|
|
11
|
-
it { should be_installed }
|
|
12
|
-
end
|
|
13
|
-
"
|
|
14
|
-
|
|
15
|
-
def initialize(package_name)
|
|
16
|
-
@package_name = package_name
|
|
17
|
-
@cache = nil
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
def info
|
|
21
|
-
return @info if defined?(@info)
|
|
22
|
-
|
|
23
|
-
cmd = inspec.command("npm ls -g --json #{@package_name}")
|
|
24
|
-
@info = {
|
|
25
|
-
name: @package_name,
|
|
26
|
-
type: 'npm',
|
|
27
|
-
installed: cmd.exit_status == 0,
|
|
28
|
-
}
|
|
29
|
-
return @info unless @info[:installed]
|
|
30
|
-
|
|
31
|
-
pkgs = JSON.parse(cmd.stdout)
|
|
32
|
-
@info[:version] = pkgs['dependencies'][@package_name]['version']
|
|
33
|
-
@info
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
def installed?
|
|
37
|
-
info[:installed] == true
|
|
38
|
-
end
|
|
39
|
-
|
|
40
|
-
def version
|
|
41
|
-
info[:version]
|
|
42
|
-
end
|
|
43
|
-
|
|
44
|
-
def to_s
|
|
45
|
-
"Npm Package #{@package_name}"
|
|
46
|
-
end
|
|
47
|
-
end
|
|
48
|
-
end
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
|
|
3
|
+
module Inspec::Resources
|
|
4
|
+
class NpmPackage < Inspec.resource(1)
|
|
5
|
+
name 'npm'
|
|
6
|
+
supports platform: 'unix'
|
|
7
|
+
supports platform: 'windows'
|
|
8
|
+
desc 'Use the npm InSpec audit resource to test if a global npm package is installed. npm is the the package manager for Nodejs packages, such as bower and StatsD.'
|
|
9
|
+
example "
|
|
10
|
+
describe npm('bower') do
|
|
11
|
+
it { should be_installed }
|
|
12
|
+
end
|
|
13
|
+
"
|
|
14
|
+
|
|
15
|
+
def initialize(package_name)
|
|
16
|
+
@package_name = package_name
|
|
17
|
+
@cache = nil
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def info
|
|
21
|
+
return @info if defined?(@info)
|
|
22
|
+
|
|
23
|
+
cmd = inspec.command("npm ls -g --json #{@package_name}")
|
|
24
|
+
@info = {
|
|
25
|
+
name: @package_name,
|
|
26
|
+
type: 'npm',
|
|
27
|
+
installed: cmd.exit_status == 0,
|
|
28
|
+
}
|
|
29
|
+
return @info unless @info[:installed]
|
|
30
|
+
|
|
31
|
+
pkgs = JSON.parse(cmd.stdout)
|
|
32
|
+
@info[:version] = pkgs['dependencies'][@package_name]['version']
|
|
33
|
+
@info
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def installed?
|
|
37
|
+
info[:installed] == true
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def version
|
|
41
|
+
info[:version]
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def to_s
|
|
45
|
+
"Npm Package #{@package_name}"
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
data/lib/resources/ntp_conf.rb
CHANGED
|
@@ -1,58 +1,58 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
|
-
# copyright: 2015, Vulcano Security GmbH
|
|
3
|
-
|
|
4
|
-
require 'utils/simpleconfig'
|
|
5
|
-
|
|
6
|
-
module Inspec::Resources
|
|
7
|
-
class NtpConf < Inspec.resource(1)
|
|
8
|
-
name 'ntp_conf'
|
|
9
|
-
supports platform: 'unix'
|
|
10
|
-
desc 'Use the ntp_conf InSpec audit resource to test the synchronization settings defined in the ntp.conf file. This file is typically located at /etc/ntp.conf.'
|
|
11
|
-
example "
|
|
12
|
-
describe ntp_conf do
|
|
13
|
-
its('server') { should_not eq nil }
|
|
14
|
-
its('restrict') { should include '-4 default kod notrap nomodify nopeer noquery'}
|
|
15
|
-
end
|
|
16
|
-
"
|
|
17
|
-
|
|
18
|
-
def initialize(path = nil)
|
|
19
|
-
@conf_path = path || '/etc/ntp.conf'
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
def method_missing(name)
|
|
23
|
-
param = read_params[name.to_s]
|
|
24
|
-
# extract first value if we have only one value in array
|
|
25
|
-
return param[0] if param.is_a?(Array) and param.length == 1
|
|
26
|
-
param
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
def to_s
|
|
30
|
-
'ntp.conf'
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
private
|
|
34
|
-
|
|
35
|
-
def read_params
|
|
36
|
-
return @params if defined?(@params)
|
|
37
|
-
|
|
38
|
-
if !inspec.file(@conf_path).file?
|
|
39
|
-
skip_resource "Can't find file \"#{@conf_path}\""
|
|
40
|
-
return @params = {}
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
content = inspec.file(@conf_path).content
|
|
44
|
-
if content.empty? && !inspec.file(@conf_path).empty?
|
|
45
|
-
skip_resource "Can't read file \"#{@conf_path}\""
|
|
46
|
-
return @params = {}
|
|
47
|
-
end
|
|
48
|
-
|
|
49
|
-
# parse the file
|
|
50
|
-
conf = SimpleConfig.new(
|
|
51
|
-
content,
|
|
52
|
-
assignment_regex: /^\s*(\S+)\s+(.*)\s*$/,
|
|
53
|
-
multiple_values: true,
|
|
54
|
-
)
|
|
55
|
-
@params = conf.params
|
|
56
|
-
end
|
|
57
|
-
end
|
|
58
|
-
end
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# copyright: 2015, Vulcano Security GmbH
|
|
3
|
+
|
|
4
|
+
require 'utils/simpleconfig'
|
|
5
|
+
|
|
6
|
+
module Inspec::Resources
|
|
7
|
+
class NtpConf < Inspec.resource(1)
|
|
8
|
+
name 'ntp_conf'
|
|
9
|
+
supports platform: 'unix'
|
|
10
|
+
desc 'Use the ntp_conf InSpec audit resource to test the synchronization settings defined in the ntp.conf file. This file is typically located at /etc/ntp.conf.'
|
|
11
|
+
example "
|
|
12
|
+
describe ntp_conf do
|
|
13
|
+
its('server') { should_not eq nil }
|
|
14
|
+
its('restrict') { should include '-4 default kod notrap nomodify nopeer noquery'}
|
|
15
|
+
end
|
|
16
|
+
"
|
|
17
|
+
|
|
18
|
+
def initialize(path = nil)
|
|
19
|
+
@conf_path = path || '/etc/ntp.conf'
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def method_missing(name)
|
|
23
|
+
param = read_params[name.to_s]
|
|
24
|
+
# extract first value if we have only one value in array
|
|
25
|
+
return param[0] if param.is_a?(Array) and param.length == 1
|
|
26
|
+
param
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def to_s
|
|
30
|
+
'ntp.conf'
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
private
|
|
34
|
+
|
|
35
|
+
def read_params
|
|
36
|
+
return @params if defined?(@params)
|
|
37
|
+
|
|
38
|
+
if !inspec.file(@conf_path).file?
|
|
39
|
+
skip_resource "Can't find file \"#{@conf_path}\""
|
|
40
|
+
return @params = {}
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
content = inspec.file(@conf_path).content
|
|
44
|
+
if content.empty? && !inspec.file(@conf_path).empty?
|
|
45
|
+
skip_resource "Can't read file \"#{@conf_path}\""
|
|
46
|
+
return @params = {}
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
# parse the file
|
|
50
|
+
conf = SimpleConfig.new(
|
|
51
|
+
content,
|
|
52
|
+
assignment_regex: /^\s*(\S+)\s+(.*)\s*$/,
|
|
53
|
+
multiple_values: true,
|
|
54
|
+
)
|
|
55
|
+
@params = conf.params
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
|
+
end
|
data/lib/resources/oneget.rb
CHANGED
|
@@ -1,71 +1,71 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
|
-
|
|
3
|
-
# This resource talks with OneGet (https://github.com/OneGet/oneget)
|
|
4
|
-
# Its part of Windows Management Framework 5.0 and part of Windows 10
|
|
5
|
-
#
|
|
6
|
-
# Usage:
|
|
7
|
-
# describe oneget('zoomit') do
|
|
8
|
-
# it { should be_installed }
|
|
9
|
-
# end
|
|
10
|
-
module Inspec::Resources
|
|
11
|
-
class OneGetPackage < Inspec.resource(1)
|
|
12
|
-
name 'oneget'
|
|
13
|
-
supports platform: 'windows'
|
|
14
|
-
desc 'Use the oneget InSpec audit resource to test if the named package and/or package version is installed on the system. This resource uses OneGet, which is part of the Windows Management Framework 5.0 and Windows 10. This resource uses the Get-Package cmdlet to return all of the package names in the OneGet repository.'
|
|
15
|
-
example "
|
|
16
|
-
describe oneget('zoomit') do
|
|
17
|
-
it { should be_installed }
|
|
18
|
-
its('version') { should eq '1.2.3' }
|
|
19
|
-
end
|
|
20
|
-
"
|
|
21
|
-
|
|
22
|
-
def initialize(package_name)
|
|
23
|
-
@package_name = package_name
|
|
24
|
-
|
|
25
|
-
# verify that this resource is only supported on Windows
|
|
26
|
-
return skip_resource 'The `oneget` resource is not supported on your OS.' if !inspec.os.windows?
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
def info
|
|
30
|
-
return @info if defined?(@info)
|
|
31
|
-
|
|
32
|
-
@info = {}
|
|
33
|
-
@info[:type] = 'oneget'
|
|
34
|
-
@info[:installed] = false
|
|
35
|
-
|
|
36
|
-
cmd = inspec.command("Get-Package -Name '#{@package_name}' | ConvertTo-Json")
|
|
37
|
-
# cannot rely on exit code for now, successful command returns exit code 1
|
|
38
|
-
# return nil if cmd.exit_status != 0
|
|
39
|
-
# try to parse json
|
|
40
|
-
|
|
41
|
-
begin
|
|
42
|
-
pkgs = JSON.parse(cmd.stdout)
|
|
43
|
-
@info[:installed] = true
|
|
44
|
-
|
|
45
|
-
# sometimes we get multiple values
|
|
46
|
-
if pkgs.is_a?(Array)
|
|
47
|
-
# select the first entry
|
|
48
|
-
pkgs = pkgs.first
|
|
49
|
-
end
|
|
50
|
-
rescue JSON::ParserError => _e
|
|
51
|
-
return @info
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
@info[:name] = pkgs['Name'] if pkgs.key?('Name')
|
|
55
|
-
@info[:version] = pkgs['Version'] if pkgs.key?('Version')
|
|
56
|
-
@info
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
def installed?
|
|
60
|
-
info[:installed] == true
|
|
61
|
-
end
|
|
62
|
-
|
|
63
|
-
def version
|
|
64
|
-
info[:version]
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
def to_s
|
|
68
|
-
"OneGet Package #{@package_name}"
|
|
69
|
-
end
|
|
70
|
-
end
|
|
71
|
-
end
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
|
|
3
|
+
# This resource talks with OneGet (https://github.com/OneGet/oneget)
|
|
4
|
+
# Its part of Windows Management Framework 5.0 and part of Windows 10
|
|
5
|
+
#
|
|
6
|
+
# Usage:
|
|
7
|
+
# describe oneget('zoomit') do
|
|
8
|
+
# it { should be_installed }
|
|
9
|
+
# end
|
|
10
|
+
module Inspec::Resources
|
|
11
|
+
class OneGetPackage < Inspec.resource(1)
|
|
12
|
+
name 'oneget'
|
|
13
|
+
supports platform: 'windows'
|
|
14
|
+
desc 'Use the oneget InSpec audit resource to test if the named package and/or package version is installed on the system. This resource uses OneGet, which is part of the Windows Management Framework 5.0 and Windows 10. This resource uses the Get-Package cmdlet to return all of the package names in the OneGet repository.'
|
|
15
|
+
example "
|
|
16
|
+
describe oneget('zoomit') do
|
|
17
|
+
it { should be_installed }
|
|
18
|
+
its('version') { should eq '1.2.3' }
|
|
19
|
+
end
|
|
20
|
+
"
|
|
21
|
+
|
|
22
|
+
def initialize(package_name)
|
|
23
|
+
@package_name = package_name
|
|
24
|
+
|
|
25
|
+
# verify that this resource is only supported on Windows
|
|
26
|
+
return skip_resource 'The `oneget` resource is not supported on your OS.' if !inspec.os.windows?
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def info
|
|
30
|
+
return @info if defined?(@info)
|
|
31
|
+
|
|
32
|
+
@info = {}
|
|
33
|
+
@info[:type] = 'oneget'
|
|
34
|
+
@info[:installed] = false
|
|
35
|
+
|
|
36
|
+
cmd = inspec.command("Get-Package -Name '#{@package_name}' | ConvertTo-Json")
|
|
37
|
+
# cannot rely on exit code for now, successful command returns exit code 1
|
|
38
|
+
# return nil if cmd.exit_status != 0
|
|
39
|
+
# try to parse json
|
|
40
|
+
|
|
41
|
+
begin
|
|
42
|
+
pkgs = JSON.parse(cmd.stdout)
|
|
43
|
+
@info[:installed] = true
|
|
44
|
+
|
|
45
|
+
# sometimes we get multiple values
|
|
46
|
+
if pkgs.is_a?(Array)
|
|
47
|
+
# select the first entry
|
|
48
|
+
pkgs = pkgs.first
|
|
49
|
+
end
|
|
50
|
+
rescue JSON::ParserError => _e
|
|
51
|
+
return @info
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
@info[:name] = pkgs['Name'] if pkgs.key?('Name')
|
|
55
|
+
@info[:version] = pkgs['Version'] if pkgs.key?('Version')
|
|
56
|
+
@info
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def installed?
|
|
60
|
+
info[:installed] == true
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def version
|
|
64
|
+
info[:version]
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
def to_s
|
|
68
|
+
"OneGet Package #{@package_name}"
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
end
|
|
@@ -1,139 +1,139 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
|
-
|
|
3
|
-
require 'hashie/mash'
|
|
4
|
-
require 'utils/database_helpers'
|
|
5
|
-
require 'htmlentities'
|
|
6
|
-
require 'rexml/document'
|
|
7
|
-
require 'csv'
|
|
8
|
-
|
|
9
|
-
module Inspec::Resources
|
|
10
|
-
# STABILITY: Experimental
|
|
11
|
-
# This resource needs further testing and refinement
|
|
12
|
-
#
|
|
13
|
-
class OracledbSession < Inspec.resource(1)
|
|
14
|
-
name 'oracledb_session'
|
|
15
|
-
supports platform: 'unix'
|
|
16
|
-
supports platform: 'windows'
|
|
17
|
-
desc 'Use the oracledb_session InSpec resource to test commands against an Oracle database'
|
|
18
|
-
example "
|
|
19
|
-
sql = oracledb_session(user: 'my_user', pass: 'password')
|
|
20
|
-
describe sql.query(\"SELECT UPPER(VALUE) AS VALUE FROM V$PARAMETER WHERE UPPER(NAME)='AUDIT_SYS_OPERATIONS'\").row(0).column('value') do
|
|
21
|
-
its('value') { should eq 'TRUE' }
|
|
22
|
-
end
|
|
23
|
-
"
|
|
24
|
-
|
|
25
|
-
attr_reader :user, :password, :host, :service
|
|
26
|
-
def initialize(opts = {})
|
|
27
|
-
@user = opts[:user]
|
|
28
|
-
@password = opts[:password] || opts[:pass]
|
|
29
|
-
if opts[:pass]
|
|
30
|
-
warn '[DEPRECATED] use `password` option to supply password instead of `pass`'
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
@host = opts[:host] || 'localhost'
|
|
34
|
-
@port = opts[:port] || '1521'
|
|
35
|
-
@service = opts[:service]
|
|
36
|
-
|
|
37
|
-
# we prefer sqlci although it is way slower than sqlplus, but it understands csv properly
|
|
38
|
-
@sqlcl_bin = 'sql'
|
|
39
|
-
@sqlplus_bin = opts[:sqlplus_bin] || 'sqlplus'
|
|
40
|
-
|
|
41
|
-
return skip_resource "Can't run Oracle checks without authentication" if @user.nil? || @password.nil?
|
|
42
|
-
return skip_resource 'You must provide a service name for the session' if @service.nil?
|
|
43
|
-
end
|
|
44
|
-
|
|
45
|
-
def query(q)
|
|
46
|
-
escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"')
|
|
47
|
-
# escape tables with $
|
|
48
|
-
escaped_query = escaped_query.gsub('$', '\\$')
|
|
49
|
-
|
|
50
|
-
p = nil
|
|
51
|
-
# use sqlplus if sqlcl is not available
|
|
52
|
-
if inspec.command(@sqlcl_bin).exist?
|
|
53
|
-
bin = @sqlcl_bin
|
|
54
|
-
opts = "set sqlformat csv\nSET FEEDBACK OFF"
|
|
55
|
-
p = :parse_csv_result
|
|
56
|
-
else
|
|
57
|
-
bin = @sqlplus_bin
|
|
58
|
-
opts = "SET MARKUP HTML ON\nSET FEEDBACK OFF"
|
|
59
|
-
p = :parse_html_result
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
query = verify_query(escaped_query)
|
|
63
|
-
query += ';' unless query.end_with?(';')
|
|
64
|
-
command = %{echo "#{opts}\n#{query}\nEXIT" | #{bin} "#{@user}"/"#{@password}"@#{@host}:#{@port}/#{@service}}
|
|
65
|
-
cmd = inspec.command(command)
|
|
66
|
-
|
|
67
|
-
out = cmd.stdout + "\n" + cmd.stderr
|
|
68
|
-
if out.downcase =~ /^error/
|
|
69
|
-
# TODO: we need to throw an exception here
|
|
70
|
-
# change once https://github.com/chef/inspec/issues/1205 is in
|
|
71
|
-
warn "Could not execute the sql query #{out}"
|
|
72
|
-
DatabaseHelper::SQLQueryResult.new(cmd, Hashie::Mash.new({}))
|
|
73
|
-
end
|
|
74
|
-
DatabaseHelper::SQLQueryResult.new(cmd, send(p, cmd.stdout))
|
|
75
|
-
end
|
|
76
|
-
|
|
77
|
-
def to_s
|
|
78
|
-
'Oracle Session'
|
|
79
|
-
end
|
|
80
|
-
|
|
81
|
-
private
|
|
82
|
-
|
|
83
|
-
def verify_query(query)
|
|
84
|
-
# ensure we have a ; at the end
|
|
85
|
-
query + ';' if !query.strip.end_with?(';')
|
|
86
|
-
query
|
|
87
|
-
end
|
|
88
|
-
|
|
89
|
-
def parse_csv_result(stdout)
|
|
90
|
-
output = stdout.delete(/\r/)
|
|
91
|
-
table = CSV.parse(output, { headers: true })
|
|
92
|
-
|
|
93
|
-
# convert to hash
|
|
94
|
-
headers = table.headers
|
|
95
|
-
|
|
96
|
-
results = table.map { |row|
|
|
97
|
-
res = {}
|
|
98
|
-
headers.each { |header|
|
|
99
|
-
res[header.downcase] = row[header]
|
|
100
|
-
}
|
|
101
|
-
Hashie::Mash.new(res)
|
|
102
|
-
}
|
|
103
|
-
results
|
|
104
|
-
end
|
|
105
|
-
|
|
106
|
-
def parse_html_result(stdout) # rubocop:disable Metrics/AbcSize
|
|
107
|
-
result = stdout
|
|
108
|
-
# make oracle html valid html by removing the p tag, it does not include a closing tag
|
|
109
|
-
result = result.gsub('<p>', '').gsub('</p>', '').gsub('<br>', '')
|
|
110
|
-
doc = REXML::Document.new result
|
|
111
|
-
table = doc.elements['table']
|
|
112
|
-
hash = []
|
|
113
|
-
if !table.nil?
|
|
114
|
-
rows = table.elements.to_a
|
|
115
|
-
headers = rows[0].elements.to_a('th').map { |entry| entry.text.strip }
|
|
116
|
-
rows.delete_at(0)
|
|
117
|
-
|
|
118
|
-
# iterate over each row, first row is header
|
|
119
|
-
hash = []
|
|
120
|
-
if !rows.nil? && !rows.empty?
|
|
121
|
-
hash = rows.map { |row|
|
|
122
|
-
res = {}
|
|
123
|
-
entries = row.elements.to_a('td')
|
|
124
|
-
# ignore if we have empty entries, oracle is adding th rows in between
|
|
125
|
-
return nil if entries.empty?
|
|
126
|
-
headers.each_with_index { |header, index|
|
|
127
|
-
# we need htmlentities since we do not have nokogiri
|
|
128
|
-
coder = HTMLEntities.new
|
|
129
|
-
val = coder.decode(entries[index].text).strip
|
|
130
|
-
res[header.downcase] = val
|
|
131
|
-
}
|
|
132
|
-
Hashie::Mash.new(res)
|
|
133
|
-
}.compact
|
|
134
|
-
end
|
|
135
|
-
end
|
|
136
|
-
hash
|
|
137
|
-
end
|
|
138
|
-
end
|
|
139
|
-
end
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
|
|
3
|
+
require 'hashie/mash'
|
|
4
|
+
require 'utils/database_helpers'
|
|
5
|
+
require 'htmlentities'
|
|
6
|
+
require 'rexml/document'
|
|
7
|
+
require 'csv'
|
|
8
|
+
|
|
9
|
+
module Inspec::Resources
|
|
10
|
+
# STABILITY: Experimental
|
|
11
|
+
# This resource needs further testing and refinement
|
|
12
|
+
#
|
|
13
|
+
class OracledbSession < Inspec.resource(1)
|
|
14
|
+
name 'oracledb_session'
|
|
15
|
+
supports platform: 'unix'
|
|
16
|
+
supports platform: 'windows'
|
|
17
|
+
desc 'Use the oracledb_session InSpec resource to test commands against an Oracle database'
|
|
18
|
+
example "
|
|
19
|
+
sql = oracledb_session(user: 'my_user', pass: 'password')
|
|
20
|
+
describe sql.query(\"SELECT UPPER(VALUE) AS VALUE FROM V$PARAMETER WHERE UPPER(NAME)='AUDIT_SYS_OPERATIONS'\").row(0).column('value') do
|
|
21
|
+
its('value') { should eq 'TRUE' }
|
|
22
|
+
end
|
|
23
|
+
"
|
|
24
|
+
|
|
25
|
+
attr_reader :user, :password, :host, :service
|
|
26
|
+
def initialize(opts = {})
|
|
27
|
+
@user = opts[:user]
|
|
28
|
+
@password = opts[:password] || opts[:pass]
|
|
29
|
+
if opts[:pass]
|
|
30
|
+
warn '[DEPRECATED] use `password` option to supply password instead of `pass`'
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
@host = opts[:host] || 'localhost'
|
|
34
|
+
@port = opts[:port] || '1521'
|
|
35
|
+
@service = opts[:service]
|
|
36
|
+
|
|
37
|
+
# we prefer sqlci although it is way slower than sqlplus, but it understands csv properly
|
|
38
|
+
@sqlcl_bin = 'sql'
|
|
39
|
+
@sqlplus_bin = opts[:sqlplus_bin] || 'sqlplus'
|
|
40
|
+
|
|
41
|
+
return skip_resource "Can't run Oracle checks without authentication" if @user.nil? || @password.nil?
|
|
42
|
+
return skip_resource 'You must provide a service name for the session' if @service.nil?
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def query(q)
|
|
46
|
+
escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"')
|
|
47
|
+
# escape tables with $
|
|
48
|
+
escaped_query = escaped_query.gsub('$', '\\$')
|
|
49
|
+
|
|
50
|
+
p = nil
|
|
51
|
+
# use sqlplus if sqlcl is not available
|
|
52
|
+
if inspec.command(@sqlcl_bin).exist?
|
|
53
|
+
bin = @sqlcl_bin
|
|
54
|
+
opts = "set sqlformat csv\nSET FEEDBACK OFF"
|
|
55
|
+
p = :parse_csv_result
|
|
56
|
+
else
|
|
57
|
+
bin = @sqlplus_bin
|
|
58
|
+
opts = "SET MARKUP HTML ON\nSET FEEDBACK OFF"
|
|
59
|
+
p = :parse_html_result
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
query = verify_query(escaped_query)
|
|
63
|
+
query += ';' unless query.end_with?(';')
|
|
64
|
+
command = %{echo "#{opts}\n#{query}\nEXIT" | #{bin} "#{@user}"/"#{@password}"@#{@host}:#{@port}/#{@service}}
|
|
65
|
+
cmd = inspec.command(command)
|
|
66
|
+
|
|
67
|
+
out = cmd.stdout + "\n" + cmd.stderr
|
|
68
|
+
if out.downcase =~ /^error/
|
|
69
|
+
# TODO: we need to throw an exception here
|
|
70
|
+
# change once https://github.com/chef/inspec/issues/1205 is in
|
|
71
|
+
warn "Could not execute the sql query #{out}"
|
|
72
|
+
DatabaseHelper::SQLQueryResult.new(cmd, Hashie::Mash.new({}))
|
|
73
|
+
end
|
|
74
|
+
DatabaseHelper::SQLQueryResult.new(cmd, send(p, cmd.stdout))
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
def to_s
|
|
78
|
+
'Oracle Session'
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
private
|
|
82
|
+
|
|
83
|
+
def verify_query(query)
|
|
84
|
+
# ensure we have a ; at the end
|
|
85
|
+
query + ';' if !query.strip.end_with?(';')
|
|
86
|
+
query
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
def parse_csv_result(stdout)
|
|
90
|
+
output = stdout.delete(/\r/)
|
|
91
|
+
table = CSV.parse(output, { headers: true })
|
|
92
|
+
|
|
93
|
+
# convert to hash
|
|
94
|
+
headers = table.headers
|
|
95
|
+
|
|
96
|
+
results = table.map { |row|
|
|
97
|
+
res = {}
|
|
98
|
+
headers.each { |header|
|
|
99
|
+
res[header.downcase] = row[header]
|
|
100
|
+
}
|
|
101
|
+
Hashie::Mash.new(res)
|
|
102
|
+
}
|
|
103
|
+
results
|
|
104
|
+
end
|
|
105
|
+
|
|
106
|
+
def parse_html_result(stdout) # rubocop:disable Metrics/AbcSize
|
|
107
|
+
result = stdout
|
|
108
|
+
# make oracle html valid html by removing the p tag, it does not include a closing tag
|
|
109
|
+
result = result.gsub('<p>', '').gsub('</p>', '').gsub('<br>', '')
|
|
110
|
+
doc = REXML::Document.new result
|
|
111
|
+
table = doc.elements['table']
|
|
112
|
+
hash = []
|
|
113
|
+
if !table.nil?
|
|
114
|
+
rows = table.elements.to_a
|
|
115
|
+
headers = rows[0].elements.to_a('th').map { |entry| entry.text.strip }
|
|
116
|
+
rows.delete_at(0)
|
|
117
|
+
|
|
118
|
+
# iterate over each row, first row is header
|
|
119
|
+
hash = []
|
|
120
|
+
if !rows.nil? && !rows.empty?
|
|
121
|
+
hash = rows.map { |row|
|
|
122
|
+
res = {}
|
|
123
|
+
entries = row.elements.to_a('td')
|
|
124
|
+
# ignore if we have empty entries, oracle is adding th rows in between
|
|
125
|
+
return nil if entries.empty?
|
|
126
|
+
headers.each_with_index { |header, index|
|
|
127
|
+
# we need htmlentities since we do not have nokogiri
|
|
128
|
+
coder = HTMLEntities.new
|
|
129
|
+
val = coder.decode(entries[index].text).strip
|
|
130
|
+
res[header.downcase] = val
|
|
131
|
+
}
|
|
132
|
+
Hashie::Mash.new(res)
|
|
133
|
+
}.compact
|
|
134
|
+
end
|
|
135
|
+
end
|
|
136
|
+
hash
|
|
137
|
+
end
|
|
138
|
+
end
|
|
139
|
+
end
|