inspec 2.0.32 → 2.0.45
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +101 -101
- data/CHANGELOG.md +2991 -2970
- data/Gemfile +55 -55
- data/LICENSE +14 -14
- data/MAINTAINERS.md +33 -33
- data/MAINTAINERS.toml +52 -52
- data/README.md +446 -437
- data/Rakefile +322 -322
- data/bin/inspec +12 -12
- data/docs/.gitignore +2 -2
- data/docs/README.md +40 -40
- data/docs/dsl_inspec.md +258 -258
- data/docs/dsl_resource.md +93 -93
- data/docs/glossary.md +99 -99
- data/docs/habitat.md +191 -191
- data/docs/inspec_and_friends.md +107 -107
- data/docs/matchers.md +169 -168
- data/docs/migration.md +293 -293
- data/docs/platforms.md +118 -118
- data/docs/plugin_kitchen_inspec.md +49 -49
- data/docs/profiles.md +370 -370
- data/docs/reporters.md +105 -105
- data/docs/resources/aide_conf.md.erb +75 -75
- data/docs/resources/apache.md.erb +67 -67
- data/docs/resources/apache_conf.md.erb +68 -68
- data/docs/resources/apt.md.erb +71 -71
- data/docs/resources/audit_policy.md.erb +47 -47
- data/docs/resources/auditd.md.erb +79 -79
- data/docs/resources/auditd_conf.md.erb +68 -68
- data/docs/resources/aws_cloudtrail_trail.md.erb +140 -140
- data/docs/resources/aws_cloudtrail_trails.md.erb +81 -81
- data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -86
- data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -151
- data/docs/resources/aws_config_recorder.md.erb +71 -71
- data/docs/resources/aws_ec2_instance.md.erb +106 -106
- data/docs/resources/aws_iam_access_key.md.erb +123 -123
- data/docs/resources/aws_iam_access_keys.md.erb +198 -198
- data/docs/resources/aws_iam_group.md.erb +46 -46
- data/docs/resources/aws_iam_groups.md.erb +43 -43
- data/docs/resources/aws_iam_password_policy.md.erb +76 -76
- data/docs/resources/aws_iam_policies.md.erb +82 -82
- data/docs/resources/aws_iam_policy.md.erb +144 -144
- data/docs/resources/aws_iam_role.md.erb +63 -63
- data/docs/resources/aws_iam_root_user.md.erb +58 -58
- data/docs/resources/aws_iam_user.md.erb +64 -64
- data/docs/resources/aws_iam_users.md.erb +89 -89
- data/docs/resources/aws_kms_keys.md.erb +84 -84
- data/docs/resources/aws_route_table.md.erb +47 -47
- data/docs/resources/aws_s3_bucket.md.erb +134 -134
- data/docs/resources/aws_security_group.md.erb +151 -151
- data/docs/resources/aws_security_groups.md.erb +91 -91
- data/docs/resources/aws_sns_topic.md.erb +63 -63
- data/docs/resources/aws_subnet.md.erb +133 -133
- data/docs/resources/aws_subnets.md.erb +126 -126
- data/docs/resources/aws_vpc.md.erb +120 -120
- data/docs/resources/aws_vpcs.md.erb +48 -48
- data/docs/resources/azure_generic_resource.md.erb +170 -170
- data/docs/resources/azure_resource_group.md.erb +284 -284
- data/docs/resources/azure_virtual_machine.md.erb +347 -347
- data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
- data/docs/resources/bash.md.erb +75 -75
- data/docs/resources/bond.md.erb +90 -90
- data/docs/resources/bridge.md.erb +57 -57
- data/docs/resources/bsd_service.md.erb +67 -67
- data/docs/resources/command.md.erb +138 -138
- data/docs/resources/cpan.md.erb +79 -79
- data/docs/resources/cran.md.erb +64 -64
- data/docs/resources/crontab.md.erb +89 -89
- data/docs/resources/csv.md.erb +54 -54
- data/docs/resources/dh_params.md.erb +205 -205
- data/docs/resources/directory.md.erb +30 -30
- data/docs/resources/docker.md.erb +219 -219
- data/docs/resources/docker_container.md.erb +104 -104
- data/docs/resources/docker_image.md.erb +94 -94
- data/docs/resources/docker_service.md.erb +114 -114
- data/docs/resources/elasticsearch.md.erb +242 -242
- data/docs/resources/etc_fstab.md.erb +125 -125
- data/docs/resources/etc_group.md.erb +75 -75
- data/docs/resources/etc_hosts.md.erb +78 -78
- data/docs/resources/etc_hosts_allow.md.erb +74 -74
- data/docs/resources/etc_hosts_deny.md.erb +74 -74
- data/docs/resources/file.md.erb +526 -515
- data/docs/resources/filesystem.md.erb +41 -41
- data/docs/resources/firewalld.md.erb +107 -107
- data/docs/resources/gem.md.erb +79 -79
- data/docs/resources/group.md.erb +61 -61
- data/docs/resources/grub_conf.md.erb +101 -101
- data/docs/resources/host.md.erb +86 -86
- data/docs/resources/http.md.erb +196 -196
- data/docs/resources/iis_app.md.erb +122 -122
- data/docs/resources/iis_site.md.erb +135 -135
- data/docs/resources/inetd_conf.md.erb +94 -94
- data/docs/resources/ini.md.erb +76 -76
- data/docs/resources/interface.md.erb +58 -58
- data/docs/resources/iptables.md.erb +64 -64
- data/docs/resources/json.md.erb +63 -63
- data/docs/resources/kernel_module.md.erb +120 -120
- data/docs/resources/kernel_parameter.md.erb +53 -53
- data/docs/resources/key_rsa.md.erb +85 -85
- data/docs/resources/launchd_service.md.erb +57 -57
- data/docs/resources/limits_conf.md.erb +75 -75
- data/docs/resources/login_def.md.erb +71 -71
- data/docs/resources/mount.md.erb +69 -69
- data/docs/resources/mssql_session.md.erb +60 -60
- data/docs/resources/mysql_conf.md.erb +99 -99
- data/docs/resources/mysql_session.md.erb +74 -74
- data/docs/resources/nginx.md.erb +79 -79
- data/docs/resources/nginx_conf.md.erb +128 -128
- data/docs/resources/npm.md.erb +60 -60
- data/docs/resources/ntp_conf.md.erb +60 -60
- data/docs/resources/oneget.md.erb +53 -53
- data/docs/resources/oracledb_session.md.erb +52 -52
- data/docs/resources/os.md.erb +141 -141
- data/docs/resources/os_env.md.erb +78 -78
- data/docs/resources/package.md.erb +120 -120
- data/docs/resources/packages.md.erb +67 -67
- data/docs/resources/parse_config.md.erb +103 -103
- data/docs/resources/parse_config_file.md.erb +138 -138
- data/docs/resources/passwd.md.erb +141 -141
- data/docs/resources/pip.md.erb +67 -67
- data/docs/resources/port.md.erb +137 -137
- data/docs/resources/postgres_conf.md.erb +79 -79
- data/docs/resources/postgres_hba_conf.md.erb +93 -93
- data/docs/resources/postgres_ident_conf.md.erb +76 -76
- data/docs/resources/postgres_session.md.erb +69 -69
- data/docs/resources/powershell.md.erb +102 -102
- data/docs/resources/processes.md.erb +109 -109
- data/docs/resources/rabbitmq_config.md.erb +41 -41
- data/docs/resources/registry_key.md.erb +158 -158
- data/docs/resources/runit_service.md.erb +57 -57
- data/docs/resources/security_policy.md.erb +47 -47
- data/docs/resources/service.md.erb +121 -121
- data/docs/resources/shadow.md.erb +146 -144
- data/docs/resources/ssh_config.md.erb +80 -80
- data/docs/resources/sshd_config.md.erb +83 -83
- data/docs/resources/ssl.md.erb +119 -119
- data/docs/resources/sys_info.md.erb +42 -42
- data/docs/resources/systemd_service.md.erb +57 -57
- data/docs/resources/sysv_service.md.erb +57 -57
- data/docs/resources/upstart_service.md.erb +57 -57
- data/docs/resources/user.md.erb +140 -140
- data/docs/resources/users.md.erb +127 -127
- data/docs/resources/vbscript.md.erb +55 -55
- data/docs/resources/virtualization.md.erb +57 -57
- data/docs/resources/windows_feature.md.erb +47 -47
- data/docs/resources/windows_hotfix.md.erb +53 -53
- data/docs/resources/windows_task.md.erb +95 -95
- data/docs/resources/wmi.md.erb +81 -81
- data/docs/resources/x509_certificate.md.erb +151 -151
- data/docs/resources/xinetd_conf.md.erb +156 -156
- data/docs/resources/xml.md.erb +85 -85
- data/docs/resources/yaml.md.erb +69 -69
- data/docs/resources/yum.md.erb +98 -98
- data/docs/resources/zfs_dataset.md.erb +53 -53
- data/docs/resources/zfs_pool.md.erb +47 -47
- data/docs/ruby_usage.md +203 -203
- data/docs/shared/matcher_be.md.erb +1 -1
- data/docs/shared/matcher_cmp.md.erb +43 -43
- data/docs/shared/matcher_eq.md.erb +3 -3
- data/docs/shared/matcher_include.md.erb +1 -1
- data/docs/shared/matcher_match.md.erb +1 -1
- data/docs/shell.md +215 -215
- data/examples/README.md +8 -8
- data/examples/inheritance/README.md +65 -65
- data/examples/inheritance/controls/example.rb +14 -14
- data/examples/inheritance/inspec.yml +15 -15
- data/examples/kitchen-ansible/.kitchen.yml +25 -25
- data/examples/kitchen-ansible/Gemfile +19 -19
- data/examples/kitchen-ansible/README.md +53 -53
- data/examples/kitchen-ansible/files/nginx.repo +6 -6
- data/examples/kitchen-ansible/tasks/main.yml +16 -16
- data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-chef/.kitchen.yml +20 -20
- data/examples/kitchen-chef/Berksfile +3 -3
- data/examples/kitchen-chef/Gemfile +19 -19
- data/examples/kitchen-chef/README.md +27 -27
- data/examples/kitchen-chef/metadata.rb +7 -7
- data/examples/kitchen-chef/recipes/default.rb +6 -6
- data/examples/kitchen-chef/recipes/nginx.rb +30 -30
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-puppet/.kitchen.yml +22 -22
- data/examples/kitchen-puppet/Gemfile +20 -20
- data/examples/kitchen-puppet/Puppetfile +25 -25
- data/examples/kitchen-puppet/README.md +53 -53
- data/examples/kitchen-puppet/manifests/site.pp +33 -33
- data/examples/kitchen-puppet/metadata.json +11 -11
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
- data/examples/meta-profile/README.md +37 -37
- data/examples/meta-profile/controls/example.rb +13 -13
- data/examples/meta-profile/inspec.yml +13 -13
- data/examples/profile-attribute.yml +2 -2
- data/examples/profile-attribute/README.md +14 -14
- data/examples/profile-attribute/controls/example.rb +11 -11
- data/examples/profile-attribute/inspec.yml +8 -8
- data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
- data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
- data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
- data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
- data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
- data/examples/profile-aws/inspec.yml +11 -11
- data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
- data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
- data/examples/profile-azure/inspec.yml +11 -11
- data/examples/profile-sensitive/README.md +29 -29
- data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
- data/examples/profile-sensitive/controls/sensitive.rb +9 -9
- data/examples/profile-sensitive/inspec.yml +8 -8
- data/examples/profile/README.md +48 -48
- data/examples/profile/controls/example.rb +23 -23
- data/examples/profile/controls/gordon.rb +36 -36
- data/examples/profile/controls/meta.rb +34 -34
- data/examples/profile/inspec.yml +10 -10
- data/examples/profile/libraries/gordon_config.rb +53 -53
- data/inspec.gemspec +47 -47
- data/lib/bundles/README.md +3 -3
- data/lib/bundles/inspec-artifact.rb +7 -7
- data/lib/bundles/inspec-artifact/README.md +1 -1
- data/lib/bundles/inspec-artifact/cli.rb +277 -277
- data/lib/bundles/inspec-compliance.rb +16 -16
- data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
- data/lib/bundles/inspec-compliance/README.md +185 -185
- data/lib/bundles/inspec-compliance/api.rb +316 -316
- data/lib/bundles/inspec-compliance/api/login.rb +152 -152
- data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
- data/lib/bundles/inspec-compliance/cli.rb +254 -254
- data/lib/bundles/inspec-compliance/configuration.rb +103 -103
- data/lib/bundles/inspec-compliance/http.rb +86 -86
- data/lib/bundles/inspec-compliance/support.rb +36 -36
- data/lib/bundles/inspec-compliance/target.rb +98 -98
- data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
- data/lib/bundles/inspec-habitat.rb +12 -12
- data/lib/bundles/inspec-habitat/cli.rb +36 -36
- data/lib/bundles/inspec-habitat/log.rb +10 -10
- data/lib/bundles/inspec-habitat/profile.rb +390 -390
- data/lib/bundles/inspec-init.rb +8 -8
- data/lib/bundles/inspec-init/README.md +31 -31
- data/lib/bundles/inspec-init/cli.rb +97 -97
- data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
- data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
- data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
- data/lib/bundles/inspec-supermarket.rb +13 -13
- data/lib/bundles/inspec-supermarket/README.md +45 -45
- data/lib/bundles/inspec-supermarket/api.rb +84 -84
- data/lib/bundles/inspec-supermarket/cli.rb +73 -73
- data/lib/bundles/inspec-supermarket/target.rb +34 -34
- data/lib/fetchers/git.rb +163 -163
- data/lib/fetchers/local.rb +74 -74
- data/lib/fetchers/mock.rb +35 -35
- data/lib/fetchers/url.rb +204 -204
- data/lib/inspec.rb +24 -24
- data/lib/inspec/archive/tar.rb +29 -29
- data/lib/inspec/archive/zip.rb +19 -19
- data/lib/inspec/backend.rb +92 -92
- data/lib/inspec/base_cli.rb +355 -350
- data/lib/inspec/cached_fetcher.rb +66 -66
- data/lib/inspec/cli.rb +292 -292
- data/lib/inspec/completions/bash.sh.erb +45 -45
- data/lib/inspec/completions/fish.sh.erb +34 -34
- data/lib/inspec/completions/zsh.sh.erb +61 -61
- data/lib/inspec/control_eval_context.rb +179 -179
- data/lib/inspec/dependencies/cache.rb +72 -72
- data/lib/inspec/dependencies/dependency_set.rb +92 -92
- data/lib/inspec/dependencies/lockfile.rb +115 -115
- data/lib/inspec/dependencies/requirement.rb +123 -123
- data/lib/inspec/dependencies/resolver.rb +86 -86
- data/lib/inspec/describe.rb +27 -27
- data/lib/inspec/dsl.rb +66 -66
- data/lib/inspec/dsl_shared.rb +33 -33
- data/lib/inspec/env_printer.rb +157 -157
- data/lib/inspec/errors.rb +13 -13
- data/lib/inspec/exceptions.rb +12 -12
- data/lib/inspec/expect.rb +45 -45
- data/lib/inspec/fetcher.rb +45 -45
- data/lib/inspec/file_provider.rb +275 -275
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +250 -250
- data/lib/inspec/formatters/json_rspec.rb +20 -20
- data/lib/inspec/formatters/show_progress.rb +12 -12
- data/lib/inspec/library_eval_context.rb +58 -58
- data/lib/inspec/log.rb +11 -11
- data/lib/inspec/metadata.rb +247 -247
- data/lib/inspec/method_source.rb +24 -24
- data/lib/inspec/objects.rb +14 -14
- data/lib/inspec/objects/attribute.rb +65 -65
- data/lib/inspec/objects/control.rb +61 -61
- data/lib/inspec/objects/describe.rb +92 -92
- data/lib/inspec/objects/each_loop.rb +36 -36
- data/lib/inspec/objects/list.rb +15 -15
- data/lib/inspec/objects/or_test.rb +40 -40
- data/lib/inspec/objects/ruby_helper.rb +15 -15
- data/lib/inspec/objects/tag.rb +27 -27
- data/lib/inspec/objects/test.rb +87 -87
- data/lib/inspec/objects/value.rb +27 -27
- data/lib/inspec/plugins.rb +60 -60
- data/lib/inspec/plugins/cli.rb +24 -24
- data/lib/inspec/plugins/fetcher.rb +86 -86
- data/lib/inspec/plugins/resource.rb +135 -135
- data/lib/inspec/plugins/secret.rb +15 -15
- data/lib/inspec/plugins/source_reader.rb +40 -40
- data/lib/inspec/polyfill.rb +12 -12
- data/lib/inspec/profile.rb +510 -510
- data/lib/inspec/profile_context.rb +207 -207
- data/lib/inspec/profile_vendor.rb +66 -66
- data/lib/inspec/reporters.rb +54 -50
- data/lib/inspec/reporters/base.rb +24 -24
- data/lib/inspec/reporters/cli.rb +356 -356
- data/lib/inspec/reporters/json.rb +116 -116
- data/lib/inspec/reporters/json_min.rb +48 -48
- data/lib/inspec/reporters/junit.rb +77 -77
- data/lib/inspec/require_loader.rb +33 -33
- data/lib/inspec/resource.rb +186 -186
- data/lib/inspec/rule.rb +266 -266
- data/lib/inspec/runner.rb +345 -345
- data/lib/inspec/runner_mock.rb +41 -41
- data/lib/inspec/runner_rspec.rb +175 -175
- data/lib/inspec/runtime_profile.rb +26 -26
- data/lib/inspec/schema.rb +213 -213
- data/lib/inspec/secrets.rb +19 -19
- data/lib/inspec/secrets/yaml.rb +30 -30
- data/lib/inspec/shell.rb +220 -220
- data/lib/inspec/shell_detector.rb +90 -90
- data/lib/inspec/source_reader.rb +29 -29
- data/lib/inspec/version.rb +8 -8
- data/lib/matchers/matchers.rb +339 -339
- data/lib/resource_support/aws.rb +41 -41
- data/lib/resource_support/aws/aws_backend_base.rb +12 -12
- data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
- data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
- data/lib/resources/aide_conf.rb +159 -160
- data/lib/resources/apache.rb +48 -48
- data/lib/resources/apache_conf.rb +156 -156
- data/lib/resources/apt.rb +149 -149
- data/lib/resources/audit_policy.rb +63 -63
- data/lib/resources/auditd.rb +231 -231
- data/lib/resources/auditd_conf.rb +55 -55
- data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -77
- data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
- data/lib/resources/aws/aws_config_recorder.rb +98 -98
- data/lib/resources/aws/aws_ec2_instance.rb +157 -157
- data/lib/resources/aws/aws_iam_access_key.rb +106 -106
- data/lib/resources/aws/aws_iam_access_keys.rb +149 -144
- data/lib/resources/aws/aws_iam_group.rb +56 -56
- data/lib/resources/aws/aws_iam_groups.rb +52 -45
- data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
- data/lib/resources/aws/aws_iam_policies.rb +53 -46
- data/lib/resources/aws/aws_iam_policy.rb +125 -119
- data/lib/resources/aws/aws_iam_role.rb +51 -51
- data/lib/resources/aws/aws_iam_root_user.rb +60 -60
- data/lib/resources/aws/aws_iam_user.rb +111 -111
- data/lib/resources/aws/aws_iam_users.rb +108 -96
- data/lib/resources/aws/aws_kms_keys.rb +53 -46
- data/lib/resources/aws/aws_route_table.rb +61 -61
- data/lib/resources/aws/aws_s3_bucket.rb +115 -115
- data/lib/resources/aws/aws_security_group.rb +93 -93
- data/lib/resources/aws/aws_security_groups.rb +68 -68
- data/lib/resources/aws/aws_sns_topic.rb +53 -53
- data/lib/resources/aws/aws_subnet.rb +88 -88
- data/lib/resources/aws/aws_subnets.rb +53 -53
- data/lib/resources/aws/aws_vpc.rb +69 -69
- data/lib/resources/aws/aws_vpcs.rb +45 -45
- data/lib/resources/azure/azure_backend.rb +377 -377
- data/lib/resources/azure/azure_generic_resource.rb +59 -59
- data/lib/resources/azure/azure_resource_group.rb +152 -152
- data/lib/resources/azure/azure_virtual_machine.rb +264 -264
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +136 -136
- data/lib/resources/bash.rb +35 -35
- data/lib/resources/bond.rb +68 -68
- data/lib/resources/bridge.rb +122 -122
- data/lib/resources/command.rb +73 -69
- data/lib/resources/cpan.rb +58 -58
- data/lib/resources/cran.rb +64 -64
- data/lib/resources/crontab.rb +169 -170
- data/lib/resources/csv.rb +60 -60
- data/lib/resources/dh_params.rb +82 -82
- data/lib/resources/directory.rb +25 -25
- data/lib/resources/docker.rb +236 -236
- data/lib/resources/docker_container.rb +89 -89
- data/lib/resources/docker_image.rb +83 -83
- data/lib/resources/docker_object.rb +57 -57
- data/lib/resources/docker_service.rb +90 -90
- data/lib/resources/elasticsearch.rb +169 -169
- data/lib/resources/etc_fstab.rb +101 -102
- data/lib/resources/etc_group.rb +152 -156
- data/lib/resources/etc_hosts.rb +82 -81
- data/lib/resources/etc_hosts_allow_deny.rb +122 -123
- data/lib/resources/file.rb +298 -298
- data/lib/resources/filesystem.rb +31 -31
- data/lib/resources/firewalld.rb +143 -144
- data/lib/resources/gem.rb +70 -70
- data/lib/resources/groups.rb +215 -215
- data/lib/resources/grub_conf.rb +237 -237
- data/lib/resources/host.rb +306 -300
- data/lib/resources/http.rb +251 -250
- data/lib/resources/iis_app.rb +101 -104
- data/lib/resources/iis_site.rb +148 -148
- data/lib/resources/inetd_conf.rb +62 -62
- data/lib/resources/ini.rb +29 -29
- data/lib/resources/interface.rb +129 -129
- data/lib/resources/iptables.rb +80 -69
- data/lib/resources/json.rb +117 -117
- data/lib/resources/kernel_module.rb +107 -107
- data/lib/resources/kernel_parameter.rb +58 -58
- data/lib/resources/key_rsa.rb +67 -67
- data/lib/resources/limits_conf.rb +55 -55
- data/lib/resources/login_def.rb +66 -66
- data/lib/resources/mount.rb +88 -88
- data/lib/resources/mssql_session.rb +101 -101
- data/lib/resources/mysql.rb +81 -81
- data/lib/resources/mysql_conf.rb +134 -134
- data/lib/resources/mysql_session.rb +71 -71
- data/lib/resources/nginx.rb +96 -96
- data/lib/resources/nginx_conf.rb +227 -227
- data/lib/resources/npm.rb +48 -48
- data/lib/resources/ntp_conf.rb +58 -58
- data/lib/resources/oneget.rb +71 -71
- data/lib/resources/oracledb_session.rb +139 -139
- data/lib/resources/os.rb +36 -36
- data/lib/resources/os_env.rb +76 -76
- data/lib/resources/package.rb +370 -370
- data/lib/resources/packages.rb +111 -111
- data/lib/resources/parse_config.rb +116 -116
- data/lib/resources/passwd.rb +74 -74
- data/lib/resources/pip.rb +89 -89
- data/lib/resources/platform.rb +109 -109
- data/lib/resources/port.rb +771 -771
- data/lib/resources/postgres.rb +130 -130
- data/lib/resources/postgres_conf.rb +121 -121
- data/lib/resources/postgres_hba_conf.rb +99 -100
- data/lib/resources/postgres_ident_conf.rb +76 -78
- data/lib/resources/postgres_session.rb +71 -71
- data/lib/resources/powershell.rb +53 -57
- data/lib/resources/processes.rb +204 -204
- data/lib/resources/rabbitmq_conf.rb +52 -52
- data/lib/resources/registry_key.rb +296 -296
- data/lib/resources/security_policy.rb +180 -180
- data/lib/resources/service.rb +789 -789
- data/lib/resources/shadow.rb +146 -140
- data/lib/resources/ssh_conf.rb +102 -102
- data/lib/resources/ssl.rb +99 -99
- data/lib/resources/sys_info.rb +28 -28
- data/lib/resources/toml.rb +32 -32
- data/lib/resources/users.rb +654 -654
- data/lib/resources/vbscript.rb +68 -69
- data/lib/resources/virtualization.rb +247 -247
- data/lib/resources/windows_feature.rb +84 -84
- data/lib/resources/windows_hotfix.rb +35 -35
- data/lib/resources/windows_task.rb +102 -105
- data/lib/resources/wmi.rb +110 -113
- data/lib/resources/x509_certificate.rb +143 -143
- data/lib/resources/xinetd.rb +111 -111
- data/lib/resources/xml.rb +46 -46
- data/lib/resources/yaml.rb +47 -47
- data/lib/resources/yum.rb +180 -180
- data/lib/resources/zfs_dataset.rb +60 -60
- data/lib/resources/zfs_pool.rb +49 -49
- data/lib/source_readers/flat.rb +39 -39
- data/lib/source_readers/inspec.rb +75 -75
- data/lib/utils/command_wrapper.rb +27 -27
- data/lib/utils/convert.rb +12 -12
- data/lib/utils/database_helpers.rb +77 -77
- data/lib/utils/erlang_parser.rb +192 -192
- data/lib/utils/filter.rb +272 -272
- data/lib/utils/filter_array.rb +27 -27
- data/lib/utils/find_files.rb +44 -44
- data/lib/utils/hash.rb +41 -41
- data/lib/utils/json_log.rb +18 -18
- data/lib/utils/latest_version.rb +22 -22
- data/lib/utils/modulator.rb +12 -12
- data/lib/utils/nginx_parser.rb +85 -85
- data/lib/utils/object_traversal.rb +49 -49
- data/lib/utils/parser.rb +274 -274
- data/lib/utils/plugin_registry.rb +93 -93
- data/lib/utils/simpleconfig.rb +120 -120
- data/lib/utils/spdx.rb +13 -13
- data/lib/utils/spdx.txt +343 -343
- metadata +2 -2
|
@@ -1,20 +1,20 @@
|
|
|
1
|
-
module Inspec::Formatters
|
|
2
|
-
class RspecJson < RSpec::Core::Formatters::JsonFormatter
|
|
3
|
-
RSpec::Core::Formatters.register self
|
|
4
|
-
|
|
5
|
-
private
|
|
6
|
-
|
|
7
|
-
# We are cheating and overriding a private method in RSpec's core JsonFormatter.
|
|
8
|
-
# This is to avoid having to repeat this id functionality in both dump_summary
|
|
9
|
-
# and dump_profile (both of which call format_example).
|
|
10
|
-
# See https://github.com/rspec/rspec-core/blob/master/lib/rspec/core/formatters/json_formatter.rb
|
|
11
|
-
#
|
|
12
|
-
# rspec's example id here corresponds to an inspec test's control name -
|
|
13
|
-
# either explicitly specified or auto-generated by rspec itself.
|
|
14
|
-
def format_example(example)
|
|
15
|
-
res = super(example)
|
|
16
|
-
res[:id] = example.metadata[:id]
|
|
17
|
-
res
|
|
18
|
-
end
|
|
19
|
-
end
|
|
20
|
-
end
|
|
1
|
+
module Inspec::Formatters
|
|
2
|
+
class RspecJson < RSpec::Core::Formatters::JsonFormatter
|
|
3
|
+
RSpec::Core::Formatters.register self
|
|
4
|
+
|
|
5
|
+
private
|
|
6
|
+
|
|
7
|
+
# We are cheating and overriding a private method in RSpec's core JsonFormatter.
|
|
8
|
+
# This is to avoid having to repeat this id functionality in both dump_summary
|
|
9
|
+
# and dump_profile (both of which call format_example).
|
|
10
|
+
# See https://github.com/rspec/rspec-core/blob/master/lib/rspec/core/formatters/json_formatter.rb
|
|
11
|
+
#
|
|
12
|
+
# rspec's example id here corresponds to an inspec test's control name -
|
|
13
|
+
# either explicitly specified or auto-generated by rspec itself.
|
|
14
|
+
def format_example(example)
|
|
15
|
+
res = super(example)
|
|
16
|
+
res[:id] = example.metadata[:id]
|
|
17
|
+
res
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -1,12 +1,12 @@
|
|
|
1
|
-
module Inspec::Formatters
|
|
2
|
-
class ShowProgress < RSpec::Core::Formatters::ProgressFormatter
|
|
3
|
-
RSpec::Core::Formatters.register self
|
|
4
|
-
|
|
5
|
-
# remove summary output from progress
|
|
6
|
-
%w{dump_summary dump_failures dump_pending message seed start_dump}.each do |m|
|
|
7
|
-
define_method(m) do |*args|
|
|
8
|
-
# override
|
|
9
|
-
end
|
|
10
|
-
end
|
|
11
|
-
end
|
|
12
|
-
end
|
|
1
|
+
module Inspec::Formatters
|
|
2
|
+
class ShowProgress < RSpec::Core::Formatters::ProgressFormatter
|
|
3
|
+
RSpec::Core::Formatters.register self
|
|
4
|
+
|
|
5
|
+
# remove summary output from progress
|
|
6
|
+
%w{dump_summary dump_failures dump_pending message seed start_dump}.each do |m|
|
|
7
|
+
define_method(m) do |*args|
|
|
8
|
+
# override
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
end
|
|
12
|
+
end
|
|
@@ -1,58 +1,58 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
|
-
# author: Steven Danna
|
|
3
|
-
# author: Victoria Jeffrey
|
|
4
|
-
require 'inspec/plugins/resource'
|
|
5
|
-
require 'inspec/dsl_shared'
|
|
6
|
-
|
|
7
|
-
module Inspec
|
|
8
|
-
#
|
|
9
|
-
# LibaryEvalContext constructs an instance of an anonymous class
|
|
10
|
-
# that library files will be instance_exec'd against.
|
|
11
|
-
#
|
|
12
|
-
# The anonymous class ensures that `Inspec.resource(1)` will return
|
|
13
|
-
# an anonymouse class that is suitable as the parent class of an
|
|
14
|
-
# inspec resource. The class returned will have the resource
|
|
15
|
-
# registry used by all dsl methods bound to the resource registry
|
|
16
|
-
# passed into the #create constructor.
|
|
17
|
-
#
|
|
18
|
-
#
|
|
19
|
-
class LibraryEvalContext
|
|
20
|
-
def self.create(registry, require_loader)
|
|
21
|
-
c = Class.new do
|
|
22
|
-
extend Inspec::ResourceDSL
|
|
23
|
-
include Inspec::ResourceBehaviors
|
|
24
|
-
define_singleton_method :__resource_registry do
|
|
25
|
-
registry
|
|
26
|
-
end
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
c2 = Class.new do
|
|
30
|
-
define_singleton_method :resource do |version|
|
|
31
|
-
Inspec.validate_resource_dsl_version!(version)
|
|
32
|
-
c
|
|
33
|
-
end
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
c3 = Class.new do
|
|
37
|
-
include Inspec::DSL::RequireOverride
|
|
38
|
-
def initialize(require_loader)
|
|
39
|
-
@require_loader = require_loader
|
|
40
|
-
@inspec_binding = nil
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
def __inspec_binding
|
|
44
|
-
@inspec_binding
|
|
45
|
-
end
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
c3.const_set(:Inspec, c2)
|
|
49
|
-
res = c3.new(require_loader)
|
|
50
|
-
|
|
51
|
-
# Provide the local binding for this context which is necessary for
|
|
52
|
-
# calls to `require` to create all dependent objects in the correct
|
|
53
|
-
# context.
|
|
54
|
-
res.instance_variable_set('@inspec_binding', res.instance_eval('binding'))
|
|
55
|
-
res
|
|
56
|
-
end
|
|
57
|
-
end
|
|
58
|
-
end
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# author: Steven Danna
|
|
3
|
+
# author: Victoria Jeffrey
|
|
4
|
+
require 'inspec/plugins/resource'
|
|
5
|
+
require 'inspec/dsl_shared'
|
|
6
|
+
|
|
7
|
+
module Inspec
|
|
8
|
+
#
|
|
9
|
+
# LibaryEvalContext constructs an instance of an anonymous class
|
|
10
|
+
# that library files will be instance_exec'd against.
|
|
11
|
+
#
|
|
12
|
+
# The anonymous class ensures that `Inspec.resource(1)` will return
|
|
13
|
+
# an anonymouse class that is suitable as the parent class of an
|
|
14
|
+
# inspec resource. The class returned will have the resource
|
|
15
|
+
# registry used by all dsl methods bound to the resource registry
|
|
16
|
+
# passed into the #create constructor.
|
|
17
|
+
#
|
|
18
|
+
#
|
|
19
|
+
class LibraryEvalContext
|
|
20
|
+
def self.create(registry, require_loader)
|
|
21
|
+
c = Class.new do
|
|
22
|
+
extend Inspec::ResourceDSL
|
|
23
|
+
include Inspec::ResourceBehaviors
|
|
24
|
+
define_singleton_method :__resource_registry do
|
|
25
|
+
registry
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
c2 = Class.new do
|
|
30
|
+
define_singleton_method :resource do |version|
|
|
31
|
+
Inspec.validate_resource_dsl_version!(version)
|
|
32
|
+
c
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
c3 = Class.new do
|
|
37
|
+
include Inspec::DSL::RequireOverride
|
|
38
|
+
def initialize(require_loader)
|
|
39
|
+
@require_loader = require_loader
|
|
40
|
+
@inspec_binding = nil
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def __inspec_binding
|
|
44
|
+
@inspec_binding
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
c3.const_set(:Inspec, c2)
|
|
49
|
+
res = c3.new(require_loader)
|
|
50
|
+
|
|
51
|
+
# Provide the local binding for this context which is necessary for
|
|
52
|
+
# calls to `require` to create all dependent objects in the correct
|
|
53
|
+
# context.
|
|
54
|
+
res.instance_variable_set('@inspec_binding', res.instance_eval('binding'))
|
|
55
|
+
res
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
|
+
end
|
data/lib/inspec/log.rb
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
|
-
# author: Dominik Richter
|
|
3
|
-
# author: Christoph Hartmann
|
|
4
|
-
|
|
5
|
-
require 'mixlib/log'
|
|
6
|
-
|
|
7
|
-
module Inspec
|
|
8
|
-
class Log
|
|
9
|
-
extend Mixlib::Log
|
|
10
|
-
end
|
|
11
|
-
end
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# author: Dominik Richter
|
|
3
|
+
# author: Christoph Hartmann
|
|
4
|
+
|
|
5
|
+
require 'mixlib/log'
|
|
6
|
+
|
|
7
|
+
module Inspec
|
|
8
|
+
class Log
|
|
9
|
+
extend Mixlib::Log
|
|
10
|
+
end
|
|
11
|
+
end
|
data/lib/inspec/metadata.rb
CHANGED
|
@@ -1,247 +1,247 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
|
-
# Copyright 2015 Dominik Richter
|
|
3
|
-
# author: Dominik Richter
|
|
4
|
-
# author: Christoph Hartmann
|
|
5
|
-
|
|
6
|
-
require 'logger'
|
|
7
|
-
require 'rubygems/version'
|
|
8
|
-
require 'rubygems/requirement'
|
|
9
|
-
require 'semverse'
|
|
10
|
-
require 'utils/spdx'
|
|
11
|
-
|
|
12
|
-
module Inspec
|
|
13
|
-
# Extract metadata.rb information
|
|
14
|
-
# A Metadata object may be created and finalized with invalid data.
|
|
15
|
-
# This allows the check CLI command to analyse the issues.
|
|
16
|
-
# Use valid? to determine if the metadata is coherent.
|
|
17
|
-
class Metadata
|
|
18
|
-
attr_reader :ref
|
|
19
|
-
attr_accessor :params, :content
|
|
20
|
-
def initialize(ref, logger = nil)
|
|
21
|
-
@ref = ref
|
|
22
|
-
@logger = logger || Logger.new(nil)
|
|
23
|
-
@content = ''
|
|
24
|
-
@params = {}
|
|
25
|
-
@missing_methods = []
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
%w{
|
|
29
|
-
name
|
|
30
|
-
title
|
|
31
|
-
maintainer
|
|
32
|
-
maintainer_email
|
|
33
|
-
copyright
|
|
34
|
-
copyright_email
|
|
35
|
-
license
|
|
36
|
-
summary
|
|
37
|
-
description
|
|
38
|
-
version
|
|
39
|
-
inspec_version
|
|
40
|
-
}.each do |name|
|
|
41
|
-
define_method name.to_sym do |arg|
|
|
42
|
-
params[name.to_sym] = arg
|
|
43
|
-
end
|
|
44
|
-
end
|
|
45
|
-
|
|
46
|
-
def dependencies
|
|
47
|
-
params[:depends] || []
|
|
48
|
-
end
|
|
49
|
-
|
|
50
|
-
def supports(sth, version = nil)
|
|
51
|
-
# Ignore supports with metadata.rb. This file is legacy and the way it
|
|
52
|
-
# it handles `supports` deprecated. A deprecation warning will be printed
|
|
53
|
-
# already.
|
|
54
|
-
end
|
|
55
|
-
|
|
56
|
-
def inspec_requirement
|
|
57
|
-
# using Gem::Requirement here to allow nil values which
|
|
58
|
-
# translate to [">= 0"]
|
|
59
|
-
Gem::Requirement.create(params[:inspec_version])
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
def supports_runtime?
|
|
63
|
-
running = Gem::Version.new(Inspec::VERSION)
|
|
64
|
-
inspec_requirement.satisfied_by?(running)
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
def supports_platform?(backend)
|
|
68
|
-
backend.platform.supported?(params[:supports])
|
|
69
|
-
end
|
|
70
|
-
|
|
71
|
-
# return all warn and errors
|
|
72
|
-
def valid # rubocop:disable Metrics/AbcSize
|
|
73
|
-
errors = []
|
|
74
|
-
warnings = []
|
|
75
|
-
|
|
76
|
-
%w{name version}.each do |field|
|
|
77
|
-
next unless params[field.to_sym].nil?
|
|
78
|
-
errors.push("Missing profile #{field} in #{ref}")
|
|
79
|
-
end
|
|
80
|
-
|
|
81
|
-
if params[:name] =~ %r{[\/\\]}
|
|
82
|
-
warnings.push("Your profile name (#{params[:name]}) contains a slash " \
|
|
83
|
-
'which will not be permitted in InSpec 2.0. Please change your profile ' \
|
|
84
|
-
'name in the `inspec.yml` file.')
|
|
85
|
-
end
|
|
86
|
-
|
|
87
|
-
# if version is set, ensure it is correct
|
|
88
|
-
if !params[:version].nil? && !valid_version?(params[:version])
|
|
89
|
-
errors.push('Version needs to be in SemVer format')
|
|
90
|
-
end
|
|
91
|
-
|
|
92
|
-
%w{title summary maintainer copyright license}.each do |field|
|
|
93
|
-
next unless params[field.to_sym].nil?
|
|
94
|
-
warnings.push("Missing profile #{field} in #{ref}")
|
|
95
|
-
end
|
|
96
|
-
|
|
97
|
-
# if version is set, ensure it is in SPDX format
|
|
98
|
-
if !params[:license].nil? && !Spdx.valid_license?(params[:license])
|
|
99
|
-
warnings.push("License '#{params[:license]}' needs to be in SPDX format. See https://spdx.org/licenses/.")
|
|
100
|
-
end
|
|
101
|
-
|
|
102
|
-
[errors, warnings]
|
|
103
|
-
end
|
|
104
|
-
|
|
105
|
-
# returns true or false
|
|
106
|
-
def valid?
|
|
107
|
-
errors, _warnings = valid
|
|
108
|
-
errors.empty? && unsupported.empty?
|
|
109
|
-
end
|
|
110
|
-
|
|
111
|
-
def valid_version?(value)
|
|
112
|
-
Semverse::Version.new(value)
|
|
113
|
-
true
|
|
114
|
-
rescue Semverse::InvalidVersionFormat
|
|
115
|
-
false
|
|
116
|
-
end
|
|
117
|
-
|
|
118
|
-
def method_missing(sth, *args)
|
|
119
|
-
@logger.warn "#{ref} doesn't support: #{sth} #{args}"
|
|
120
|
-
@missing_methods.push(sth)
|
|
121
|
-
end
|
|
122
|
-
|
|
123
|
-
def unsupported
|
|
124
|
-
@missing_methods
|
|
125
|
-
end
|
|
126
|
-
|
|
127
|
-
def self.symbolize_keys(obj)
|
|
128
|
-
return obj.map { |i| symbolize_keys(i) } if obj.is_a?(Array)
|
|
129
|
-
return obj unless obj.is_a?(Hash)
|
|
130
|
-
|
|
131
|
-
obj.each_with_object({}) do |(k, v), h|
|
|
132
|
-
v = symbolize_keys(v) if v.is_a?(Hash)
|
|
133
|
-
v = symbolize_keys(v) if v.is_a?(Array)
|
|
134
|
-
h[k.to_sym] = v
|
|
135
|
-
end
|
|
136
|
-
end
|
|
137
|
-
|
|
138
|
-
def self.finalize_supports_elem(elem, logger)
|
|
139
|
-
case x = elem
|
|
140
|
-
when Hash
|
|
141
|
-
x[:release] = x[:release].to_s if x[:release]
|
|
142
|
-
x
|
|
143
|
-
when Array
|
|
144
|
-
logger.warn(
|
|
145
|
-
'Failed to read supports entry that is an array. Please use '\
|
|
146
|
-
'the `supports: {os-family: xyz}` syntax.',
|
|
147
|
-
)
|
|
148
|
-
nil
|
|
149
|
-
when nil then nil
|
|
150
|
-
else
|
|
151
|
-
logger ||= Logger.new(nil)
|
|
152
|
-
logger.warn(
|
|
153
|
-
"Do not use deprecated `supports: #{x}` syntax. Instead use:\n"\
|
|
154
|
-
"supports:\n - os-family: #{x}\n\n",
|
|
155
|
-
)
|
|
156
|
-
{ :'os-family' => x } # rubocop:disable Style/HashSyntax
|
|
157
|
-
end
|
|
158
|
-
end
|
|
159
|
-
|
|
160
|
-
def self.finalize_supports(supports, logger)
|
|
161
|
-
case x = supports
|
|
162
|
-
when Hash then [finalize_supports_elem(x, logger)]
|
|
163
|
-
when Array then x.map { |e| finalize_supports_elem(e, logger) }.compact
|
|
164
|
-
when nil then []
|
|
165
|
-
else
|
|
166
|
-
logger ||= Logger.new(nil)
|
|
167
|
-
logger.warn(
|
|
168
|
-
"Do not use deprecated `supports: #{x}` syntax. Instead use:\n"\
|
|
169
|
-
"supports:\n - os-family: #{x}\n\n",
|
|
170
|
-
)
|
|
171
|
-
[{ :'os-family' => x }] # rubocop:disable Style/HashSyntax
|
|
172
|
-
end
|
|
173
|
-
end
|
|
174
|
-
|
|
175
|
-
def self.finalize_name(metadata, profile_id, original_target)
|
|
176
|
-
# profile_id always overwrites whatever already exists as the name
|
|
177
|
-
unless profile_id.to_s.empty?
|
|
178
|
-
metadata.params[:name] = profile_id.to_s
|
|
179
|
-
return
|
|
180
|
-
end
|
|
181
|
-
|
|
182
|
-
# don't overwrite an existing name
|
|
183
|
-
return unless metadata.params[:name].nil?
|
|
184
|
-
|
|
185
|
-
# if there's a title, there is no need to set a name too
|
|
186
|
-
return unless metadata.params[:title].nil?
|
|
187
|
-
|
|
188
|
-
# create a new name based on the original target if it exists
|
|
189
|
-
# Crudely slug the target to not contain slashes, to avoid breaking
|
|
190
|
-
# unit tests that look for warning sequences
|
|
191
|
-
return if original_target.to_s.empty?
|
|
192
|
-
metadata.params[:title] = "tests from #{original_target}"
|
|
193
|
-
metadata.params[:name] = metadata.params[:title].gsub(%r{[\\\/]}, '.')
|
|
194
|
-
end
|
|
195
|
-
|
|
196
|
-
def self.finalize(metadata, profile_id, options, logger = nil)
|
|
197
|
-
return nil if metadata.nil?
|
|
198
|
-
param = metadata.params || {}
|
|
199
|
-
options ||= {}
|
|
200
|
-
param['version'] = param['version'].to_s unless param['version'].nil?
|
|
201
|
-
metadata.params = symbolize_keys(param)
|
|
202
|
-
metadata.params[:supports] = finalize_supports(metadata.params[:supports], logger)
|
|
203
|
-
finalize_name(metadata, profile_id, options[:target])
|
|
204
|
-
|
|
205
|
-
metadata
|
|
206
|
-
end
|
|
207
|
-
|
|
208
|
-
def self.from_yaml(ref, content, profile_id, logger = nil)
|
|
209
|
-
res = Metadata.new(ref, logger)
|
|
210
|
-
res.params = YAML.load(content)
|
|
211
|
-
res.content = content
|
|
212
|
-
finalize(res, profile_id, {}, logger)
|
|
213
|
-
end
|
|
214
|
-
|
|
215
|
-
def self.from_ruby(ref, content, profile_id, logger = nil)
|
|
216
|
-
res = Metadata.new(ref, logger)
|
|
217
|
-
res.instance_eval(content, ref, 1)
|
|
218
|
-
res.content = content
|
|
219
|
-
finalize(res, profile_id, {}, logger)
|
|
220
|
-
end
|
|
221
|
-
|
|
222
|
-
def self.from_ref(ref, content, profile_id, logger = nil)
|
|
223
|
-
# NOTE there doesn't have to exist an actual file, it may come from an
|
|
224
|
-
# archive (i.e., content)
|
|
225
|
-
case File.basename(ref)
|
|
226
|
-
when 'inspec.yml'
|
|
227
|
-
from_yaml(ref, content, profile_id, logger)
|
|
228
|
-
when 'metadata.rb'
|
|
229
|
-
from_ruby(ref, content, profile_id, logger)
|
|
230
|
-
else
|
|
231
|
-
logger ||= Logger.new(nil)
|
|
232
|
-
logger.error "Don't know how to handle metadata in #{ref}"
|
|
233
|
-
nil
|
|
234
|
-
end
|
|
235
|
-
end
|
|
236
|
-
|
|
237
|
-
def self.from_file(path, profile_id, logger = nil)
|
|
238
|
-
unless File.file?(path)
|
|
239
|
-
logger ||= Logger.new(nil)
|
|
240
|
-
logger.error "Can't find metadata file #{path}"
|
|
241
|
-
return nil
|
|
242
|
-
end
|
|
243
|
-
|
|
244
|
-
from_ref(File.basename(path), File.read(path), profile_id, logger)
|
|
245
|
-
end
|
|
246
|
-
end
|
|
247
|
-
end
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# Copyright 2015 Dominik Richter
|
|
3
|
+
# author: Dominik Richter
|
|
4
|
+
# author: Christoph Hartmann
|
|
5
|
+
|
|
6
|
+
require 'logger'
|
|
7
|
+
require 'rubygems/version'
|
|
8
|
+
require 'rubygems/requirement'
|
|
9
|
+
require 'semverse'
|
|
10
|
+
require 'utils/spdx'
|
|
11
|
+
|
|
12
|
+
module Inspec
|
|
13
|
+
# Extract metadata.rb information
|
|
14
|
+
# A Metadata object may be created and finalized with invalid data.
|
|
15
|
+
# This allows the check CLI command to analyse the issues.
|
|
16
|
+
# Use valid? to determine if the metadata is coherent.
|
|
17
|
+
class Metadata
|
|
18
|
+
attr_reader :ref
|
|
19
|
+
attr_accessor :params, :content
|
|
20
|
+
def initialize(ref, logger = nil)
|
|
21
|
+
@ref = ref
|
|
22
|
+
@logger = logger || Logger.new(nil)
|
|
23
|
+
@content = ''
|
|
24
|
+
@params = {}
|
|
25
|
+
@missing_methods = []
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
%w{
|
|
29
|
+
name
|
|
30
|
+
title
|
|
31
|
+
maintainer
|
|
32
|
+
maintainer_email
|
|
33
|
+
copyright
|
|
34
|
+
copyright_email
|
|
35
|
+
license
|
|
36
|
+
summary
|
|
37
|
+
description
|
|
38
|
+
version
|
|
39
|
+
inspec_version
|
|
40
|
+
}.each do |name|
|
|
41
|
+
define_method name.to_sym do |arg|
|
|
42
|
+
params[name.to_sym] = arg
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def dependencies
|
|
47
|
+
params[:depends] || []
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
def supports(sth, version = nil)
|
|
51
|
+
# Ignore supports with metadata.rb. This file is legacy and the way it
|
|
52
|
+
# it handles `supports` deprecated. A deprecation warning will be printed
|
|
53
|
+
# already.
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
def inspec_requirement
|
|
57
|
+
# using Gem::Requirement here to allow nil values which
|
|
58
|
+
# translate to [">= 0"]
|
|
59
|
+
Gem::Requirement.create(params[:inspec_version])
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
def supports_runtime?
|
|
63
|
+
running = Gem::Version.new(Inspec::VERSION)
|
|
64
|
+
inspec_requirement.satisfied_by?(running)
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
def supports_platform?(backend)
|
|
68
|
+
backend.platform.supported?(params[:supports])
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
# return all warn and errors
|
|
72
|
+
def valid # rubocop:disable Metrics/AbcSize
|
|
73
|
+
errors = []
|
|
74
|
+
warnings = []
|
|
75
|
+
|
|
76
|
+
%w{name version}.each do |field|
|
|
77
|
+
next unless params[field.to_sym].nil?
|
|
78
|
+
errors.push("Missing profile #{field} in #{ref}")
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
if params[:name] =~ %r{[\/\\]}
|
|
82
|
+
warnings.push("Your profile name (#{params[:name]}) contains a slash " \
|
|
83
|
+
'which will not be permitted in InSpec 2.0. Please change your profile ' \
|
|
84
|
+
'name in the `inspec.yml` file.')
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
# if version is set, ensure it is correct
|
|
88
|
+
if !params[:version].nil? && !valid_version?(params[:version])
|
|
89
|
+
errors.push('Version needs to be in SemVer format')
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
%w{title summary maintainer copyright license}.each do |field|
|
|
93
|
+
next unless params[field.to_sym].nil?
|
|
94
|
+
warnings.push("Missing profile #{field} in #{ref}")
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
# if version is set, ensure it is in SPDX format
|
|
98
|
+
if !params[:license].nil? && !Spdx.valid_license?(params[:license])
|
|
99
|
+
warnings.push("License '#{params[:license]}' needs to be in SPDX format. See https://spdx.org/licenses/.")
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
[errors, warnings]
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
# returns true or false
|
|
106
|
+
def valid?
|
|
107
|
+
errors, _warnings = valid
|
|
108
|
+
errors.empty? && unsupported.empty?
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
def valid_version?(value)
|
|
112
|
+
Semverse::Version.new(value)
|
|
113
|
+
true
|
|
114
|
+
rescue Semverse::InvalidVersionFormat
|
|
115
|
+
false
|
|
116
|
+
end
|
|
117
|
+
|
|
118
|
+
def method_missing(sth, *args)
|
|
119
|
+
@logger.warn "#{ref} doesn't support: #{sth} #{args}"
|
|
120
|
+
@missing_methods.push(sth)
|
|
121
|
+
end
|
|
122
|
+
|
|
123
|
+
def unsupported
|
|
124
|
+
@missing_methods
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
def self.symbolize_keys(obj)
|
|
128
|
+
return obj.map { |i| symbolize_keys(i) } if obj.is_a?(Array)
|
|
129
|
+
return obj unless obj.is_a?(Hash)
|
|
130
|
+
|
|
131
|
+
obj.each_with_object({}) do |(k, v), h|
|
|
132
|
+
v = symbolize_keys(v) if v.is_a?(Hash)
|
|
133
|
+
v = symbolize_keys(v) if v.is_a?(Array)
|
|
134
|
+
h[k.to_sym] = v
|
|
135
|
+
end
|
|
136
|
+
end
|
|
137
|
+
|
|
138
|
+
def self.finalize_supports_elem(elem, logger)
|
|
139
|
+
case x = elem
|
|
140
|
+
when Hash
|
|
141
|
+
x[:release] = x[:release].to_s if x[:release]
|
|
142
|
+
x
|
|
143
|
+
when Array
|
|
144
|
+
logger.warn(
|
|
145
|
+
'Failed to read supports entry that is an array. Please use '\
|
|
146
|
+
'the `supports: {os-family: xyz}` syntax.',
|
|
147
|
+
)
|
|
148
|
+
nil
|
|
149
|
+
when nil then nil
|
|
150
|
+
else
|
|
151
|
+
logger ||= Logger.new(nil)
|
|
152
|
+
logger.warn(
|
|
153
|
+
"Do not use deprecated `supports: #{x}` syntax. Instead use:\n"\
|
|
154
|
+
"supports:\n - os-family: #{x}\n\n",
|
|
155
|
+
)
|
|
156
|
+
{ :'os-family' => x } # rubocop:disable Style/HashSyntax
|
|
157
|
+
end
|
|
158
|
+
end
|
|
159
|
+
|
|
160
|
+
def self.finalize_supports(supports, logger)
|
|
161
|
+
case x = supports
|
|
162
|
+
when Hash then [finalize_supports_elem(x, logger)]
|
|
163
|
+
when Array then x.map { |e| finalize_supports_elem(e, logger) }.compact
|
|
164
|
+
when nil then []
|
|
165
|
+
else
|
|
166
|
+
logger ||= Logger.new(nil)
|
|
167
|
+
logger.warn(
|
|
168
|
+
"Do not use deprecated `supports: #{x}` syntax. Instead use:\n"\
|
|
169
|
+
"supports:\n - os-family: #{x}\n\n",
|
|
170
|
+
)
|
|
171
|
+
[{ :'os-family' => x }] # rubocop:disable Style/HashSyntax
|
|
172
|
+
end
|
|
173
|
+
end
|
|
174
|
+
|
|
175
|
+
def self.finalize_name(metadata, profile_id, original_target)
|
|
176
|
+
# profile_id always overwrites whatever already exists as the name
|
|
177
|
+
unless profile_id.to_s.empty?
|
|
178
|
+
metadata.params[:name] = profile_id.to_s
|
|
179
|
+
return
|
|
180
|
+
end
|
|
181
|
+
|
|
182
|
+
# don't overwrite an existing name
|
|
183
|
+
return unless metadata.params[:name].nil?
|
|
184
|
+
|
|
185
|
+
# if there's a title, there is no need to set a name too
|
|
186
|
+
return unless metadata.params[:title].nil?
|
|
187
|
+
|
|
188
|
+
# create a new name based on the original target if it exists
|
|
189
|
+
# Crudely slug the target to not contain slashes, to avoid breaking
|
|
190
|
+
# unit tests that look for warning sequences
|
|
191
|
+
return if original_target.to_s.empty?
|
|
192
|
+
metadata.params[:title] = "tests from #{original_target}"
|
|
193
|
+
metadata.params[:name] = metadata.params[:title].gsub(%r{[\\\/]}, '.')
|
|
194
|
+
end
|
|
195
|
+
|
|
196
|
+
def self.finalize(metadata, profile_id, options, logger = nil)
|
|
197
|
+
return nil if metadata.nil?
|
|
198
|
+
param = metadata.params || {}
|
|
199
|
+
options ||= {}
|
|
200
|
+
param['version'] = param['version'].to_s unless param['version'].nil?
|
|
201
|
+
metadata.params = symbolize_keys(param)
|
|
202
|
+
metadata.params[:supports] = finalize_supports(metadata.params[:supports], logger)
|
|
203
|
+
finalize_name(metadata, profile_id, options[:target])
|
|
204
|
+
|
|
205
|
+
metadata
|
|
206
|
+
end
|
|
207
|
+
|
|
208
|
+
def self.from_yaml(ref, content, profile_id, logger = nil)
|
|
209
|
+
res = Metadata.new(ref, logger)
|
|
210
|
+
res.params = YAML.load(content)
|
|
211
|
+
res.content = content
|
|
212
|
+
finalize(res, profile_id, {}, logger)
|
|
213
|
+
end
|
|
214
|
+
|
|
215
|
+
def self.from_ruby(ref, content, profile_id, logger = nil)
|
|
216
|
+
res = Metadata.new(ref, logger)
|
|
217
|
+
res.instance_eval(content, ref, 1)
|
|
218
|
+
res.content = content
|
|
219
|
+
finalize(res, profile_id, {}, logger)
|
|
220
|
+
end
|
|
221
|
+
|
|
222
|
+
def self.from_ref(ref, content, profile_id, logger = nil)
|
|
223
|
+
# NOTE there doesn't have to exist an actual file, it may come from an
|
|
224
|
+
# archive (i.e., content)
|
|
225
|
+
case File.basename(ref)
|
|
226
|
+
when 'inspec.yml'
|
|
227
|
+
from_yaml(ref, content, profile_id, logger)
|
|
228
|
+
when 'metadata.rb'
|
|
229
|
+
from_ruby(ref, content, profile_id, logger)
|
|
230
|
+
else
|
|
231
|
+
logger ||= Logger.new(nil)
|
|
232
|
+
logger.error "Don't know how to handle metadata in #{ref}"
|
|
233
|
+
nil
|
|
234
|
+
end
|
|
235
|
+
end
|
|
236
|
+
|
|
237
|
+
def self.from_file(path, profile_id, logger = nil)
|
|
238
|
+
unless File.file?(path)
|
|
239
|
+
logger ||= Logger.new(nil)
|
|
240
|
+
logger.error "Can't find metadata file #{path}"
|
|
241
|
+
return nil
|
|
242
|
+
end
|
|
243
|
+
|
|
244
|
+
from_ref(File.basename(path), File.read(path), profile_id, logger)
|
|
245
|
+
end
|
|
246
|
+
end
|
|
247
|
+
end
|