inspec 2.1.21 → 2.1.30

Sign up to get free protection for your applications and to get access to all the features.
Files changed (502) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +101 -101
  3. data/CHANGELOG.md +3062 -3045
  4. data/Gemfile +56 -56
  5. data/LICENSE +14 -14
  6. data/MAINTAINERS.md +33 -33
  7. data/MAINTAINERS.toml +52 -52
  8. data/README.md +447 -447
  9. data/Rakefile +322 -322
  10. data/bin/inspec +12 -12
  11. data/docs/.gitignore +2 -2
  12. data/docs/README.md +40 -40
  13. data/docs/dsl_inspec.md +258 -258
  14. data/docs/dsl_resource.md +100 -100
  15. data/docs/glossary.md +99 -99
  16. data/docs/habitat.md +191 -191
  17. data/docs/inspec_and_friends.md +114 -114
  18. data/docs/matchers.md +169 -169
  19. data/docs/migration.md +293 -293
  20. data/docs/platforms.md +118 -118
  21. data/docs/plugin_kitchen_inspec.md +50 -50
  22. data/docs/profiles.md +376 -376
  23. data/docs/reporters.md +105 -105
  24. data/docs/resources/aide_conf.md.erb +75 -75
  25. data/docs/resources/apache.md.erb +67 -67
  26. data/docs/resources/apache_conf.md.erb +68 -68
  27. data/docs/resources/apt.md.erb +71 -71
  28. data/docs/resources/audit_policy.md.erb +47 -47
  29. data/docs/resources/auditd.md.erb +79 -79
  30. data/docs/resources/auditd_conf.md.erb +68 -68
  31. data/docs/resources/aws_cloudtrail_trail.md.erb +140 -140
  32. data/docs/resources/aws_cloudtrail_trails.md.erb +81 -81
  33. data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -86
  34. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -151
  35. data/docs/resources/aws_config_delivery_channel.md +79 -79
  36. data/docs/resources/aws_config_recorder.md.erb +71 -71
  37. data/docs/resources/aws_ec2_instance.md.erb +106 -106
  38. data/docs/resources/aws_iam_access_key.md.erb +123 -123
  39. data/docs/resources/aws_iam_access_keys.md.erb +198 -198
  40. data/docs/resources/aws_iam_group.md.erb +46 -46
  41. data/docs/resources/aws_iam_groups.md.erb +43 -43
  42. data/docs/resources/aws_iam_password_policy.md.erb +76 -76
  43. data/docs/resources/aws_iam_policies.md.erb +82 -82
  44. data/docs/resources/aws_iam_policy.md.erb +144 -144
  45. data/docs/resources/aws_iam_role.md.erb +63 -63
  46. data/docs/resources/aws_iam_root_user.md.erb +70 -58
  47. data/docs/resources/aws_iam_user.md.erb +64 -64
  48. data/docs/resources/aws_iam_users.md.erb +89 -89
  49. data/docs/resources/aws_kms_key.md.erb +171 -171
  50. data/docs/resources/aws_kms_keys.md.erb +84 -84
  51. data/docs/resources/aws_rds_instance.md.erb +60 -60
  52. data/docs/resources/aws_route_table.md.erb +47 -47
  53. data/docs/resources/aws_route_tables.md.erb +49 -0
  54. data/docs/resources/aws_s3_bucket.md.erb +134 -134
  55. data/docs/resources/aws_s3_bucket_object.md.erb +83 -83
  56. data/docs/resources/aws_s3_buckets.md.erb +53 -0
  57. data/docs/resources/aws_security_group.md.erb +151 -151
  58. data/docs/resources/aws_security_groups.md.erb +91 -91
  59. data/docs/resources/aws_sns_subscription.md.erb +124 -124
  60. data/docs/resources/aws_sns_topic.md.erb +63 -63
  61. data/docs/resources/aws_sns_topics.md.erb +52 -52
  62. data/docs/resources/aws_subnet.md.erb +134 -134
  63. data/docs/resources/aws_subnets.md.erb +126 -126
  64. data/docs/resources/aws_vpc.md.erb +120 -120
  65. data/docs/resources/aws_vpcs.md.erb +48 -48
  66. data/docs/resources/azure_generic_resource.md.erb +171 -171
  67. data/docs/resources/azure_resource_group.md.erb +284 -284
  68. data/docs/resources/azure_virtual_machine.md.erb +347 -347
  69. data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
  70. data/docs/resources/bash.md.erb +75 -75
  71. data/docs/resources/bond.md.erb +90 -90
  72. data/docs/resources/bridge.md.erb +57 -57
  73. data/docs/resources/bsd_service.md.erb +67 -67
  74. data/docs/resources/chocolatey_package.md.erb +58 -0
  75. data/docs/resources/command.md.erb +138 -138
  76. data/docs/resources/cpan.md.erb +79 -79
  77. data/docs/resources/cran.md.erb +64 -64
  78. data/docs/resources/crontab.md.erb +89 -89
  79. data/docs/resources/csv.md.erb +54 -54
  80. data/docs/resources/dh_params.md.erb +205 -205
  81. data/docs/resources/directory.md.erb +30 -30
  82. data/docs/resources/docker.md.erb +219 -219
  83. data/docs/resources/docker_container.md.erb +103 -103
  84. data/docs/resources/docker_image.md.erb +94 -94
  85. data/docs/resources/docker_service.md.erb +114 -114
  86. data/docs/resources/elasticsearch.md.erb +242 -242
  87. data/docs/resources/etc_fstab.md.erb +125 -125
  88. data/docs/resources/etc_group.md.erb +75 -75
  89. data/docs/resources/etc_hosts.md.erb +78 -78
  90. data/docs/resources/etc_hosts_allow.md.erb +74 -74
  91. data/docs/resources/etc_hosts_deny.md.erb +74 -74
  92. data/docs/resources/file.md.erb +526 -526
  93. data/docs/resources/filesystem.md.erb +41 -41
  94. data/docs/resources/firewalld.md.erb +107 -107
  95. data/docs/resources/gem.md.erb +79 -79
  96. data/docs/resources/group.md.erb +61 -61
  97. data/docs/resources/grub_conf.md.erb +101 -101
  98. data/docs/resources/host.md.erb +86 -86
  99. data/docs/resources/http.md.erb +196 -196
  100. data/docs/resources/iis_app.md.erb +122 -122
  101. data/docs/resources/iis_site.md.erb +135 -135
  102. data/docs/resources/inetd_conf.md.erb +94 -94
  103. data/docs/resources/ini.md.erb +76 -76
  104. data/docs/resources/interface.md.erb +58 -58
  105. data/docs/resources/iptables.md.erb +64 -64
  106. data/docs/resources/json.md.erb +63 -63
  107. data/docs/resources/kernel_module.md.erb +120 -120
  108. data/docs/resources/kernel_parameter.md.erb +53 -53
  109. data/docs/resources/key_rsa.md.erb +85 -85
  110. data/docs/resources/launchd_service.md.erb +57 -57
  111. data/docs/resources/limits_conf.md.erb +75 -75
  112. data/docs/resources/login_defs.md.erb +71 -71
  113. data/docs/resources/mount.md.erb +69 -69
  114. data/docs/resources/mssql_session.md.erb +60 -60
  115. data/docs/resources/mysql_conf.md.erb +99 -99
  116. data/docs/resources/mysql_session.md.erb +74 -74
  117. data/docs/resources/nginx.md.erb +79 -79
  118. data/docs/resources/nginx_conf.md.erb +138 -138
  119. data/docs/resources/npm.md.erb +60 -60
  120. data/docs/resources/ntp_conf.md.erb +60 -60
  121. data/docs/resources/oneget.md.erb +53 -53
  122. data/docs/resources/oracledb_session.md.erb +52 -52
  123. data/docs/resources/os.md.erb +141 -141
  124. data/docs/resources/os_env.md.erb +78 -78
  125. data/docs/resources/package.md.erb +120 -120
  126. data/docs/resources/packages.md.erb +67 -67
  127. data/docs/resources/parse_config.md.erb +103 -103
  128. data/docs/resources/parse_config_file.md.erb +138 -138
  129. data/docs/resources/passwd.md.erb +141 -141
  130. data/docs/resources/pip.md.erb +67 -67
  131. data/docs/resources/port.md.erb +137 -137
  132. data/docs/resources/postgres_conf.md.erb +79 -79
  133. data/docs/resources/postgres_hba_conf.md.erb +93 -93
  134. data/docs/resources/postgres_ident_conf.md.erb +76 -76
  135. data/docs/resources/postgres_session.md.erb +69 -69
  136. data/docs/resources/powershell.md.erb +102 -102
  137. data/docs/resources/processes.md.erb +109 -109
  138. data/docs/resources/rabbitmq_config.md.erb +41 -41
  139. data/docs/resources/registry_key.md.erb +158 -158
  140. data/docs/resources/runit_service.md.erb +57 -57
  141. data/docs/resources/security_policy.md.erb +47 -47
  142. data/docs/resources/service.md.erb +121 -121
  143. data/docs/resources/shadow.md.erb +146 -146
  144. data/docs/resources/ssh_config.md.erb +73 -73
  145. data/docs/resources/sshd_config.md.erb +83 -83
  146. data/docs/resources/ssl.md.erb +119 -119
  147. data/docs/resources/sys_info.md.erb +42 -42
  148. data/docs/resources/systemd_service.md.erb +57 -57
  149. data/docs/resources/sysv_service.md.erb +57 -57
  150. data/docs/resources/upstart_service.md.erb +57 -57
  151. data/docs/resources/user.md.erb +140 -140
  152. data/docs/resources/users.md.erb +127 -127
  153. data/docs/resources/vbscript.md.erb +55 -55
  154. data/docs/resources/virtualization.md.erb +57 -57
  155. data/docs/resources/windows_feature.md.erb +47 -47
  156. data/docs/resources/windows_hotfix.md.erb +53 -53
  157. data/docs/resources/windows_task.md.erb +95 -95
  158. data/docs/resources/wmi.md.erb +81 -81
  159. data/docs/resources/x509_certificate.md.erb +151 -151
  160. data/docs/resources/xinetd_conf.md.erb +156 -156
  161. data/docs/resources/xml.md.erb +85 -85
  162. data/docs/resources/yaml.md.erb +69 -69
  163. data/docs/resources/yum.md.erb +98 -98
  164. data/docs/resources/zfs_dataset.md.erb +53 -53
  165. data/docs/resources/zfs_pool.md.erb +47 -47
  166. data/docs/ruby_usage.md +203 -203
  167. data/docs/shared/matcher_be.md.erb +1 -1
  168. data/docs/shared/matcher_cmp.md.erb +43 -43
  169. data/docs/shared/matcher_eq.md.erb +3 -3
  170. data/docs/shared/matcher_include.md.erb +1 -1
  171. data/docs/shared/matcher_match.md.erb +1 -1
  172. data/docs/shell.md +217 -217
  173. data/examples/README.md +8 -8
  174. data/examples/inheritance/README.md +65 -65
  175. data/examples/inheritance/controls/example.rb +14 -14
  176. data/examples/inheritance/inspec.yml +15 -15
  177. data/examples/kitchen-ansible/.kitchen.yml +25 -25
  178. data/examples/kitchen-ansible/Gemfile +19 -19
  179. data/examples/kitchen-ansible/README.md +53 -53
  180. data/examples/kitchen-ansible/files/nginx.repo +6 -6
  181. data/examples/kitchen-ansible/tasks/main.yml +16 -16
  182. data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
  183. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
  184. data/examples/kitchen-chef/.kitchen.yml +20 -20
  185. data/examples/kitchen-chef/Berksfile +3 -3
  186. data/examples/kitchen-chef/Gemfile +19 -19
  187. data/examples/kitchen-chef/README.md +27 -27
  188. data/examples/kitchen-chef/metadata.rb +7 -7
  189. data/examples/kitchen-chef/recipes/default.rb +6 -6
  190. data/examples/kitchen-chef/recipes/nginx.rb +30 -30
  191. data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
  192. data/examples/kitchen-puppet/.kitchen.yml +22 -22
  193. data/examples/kitchen-puppet/Gemfile +20 -20
  194. data/examples/kitchen-puppet/Puppetfile +25 -25
  195. data/examples/kitchen-puppet/README.md +53 -53
  196. data/examples/kitchen-puppet/manifests/site.pp +33 -33
  197. data/examples/kitchen-puppet/metadata.json +11 -11
  198. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
  199. data/examples/meta-profile/README.md +37 -37
  200. data/examples/meta-profile/controls/example.rb +13 -13
  201. data/examples/meta-profile/inspec.yml +13 -13
  202. data/examples/profile-attribute.yml +2 -2
  203. data/examples/profile-attribute/README.md +14 -14
  204. data/examples/profile-attribute/controls/example.rb +11 -11
  205. data/examples/profile-attribute/inspec.yml +8 -8
  206. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
  207. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
  208. data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
  209. data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
  210. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
  211. data/examples/profile-aws/inspec.yml +11 -11
  212. data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
  213. data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
  214. data/examples/profile-azure/inspec.yml +11 -11
  215. data/examples/profile-sensitive/README.md +29 -29
  216. data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
  217. data/examples/profile-sensitive/controls/sensitive.rb +9 -9
  218. data/examples/profile-sensitive/inspec.yml +8 -8
  219. data/examples/profile/README.md +48 -48
  220. data/examples/profile/controls/example.rb +23 -23
  221. data/examples/profile/controls/gordon.rb +36 -36
  222. data/examples/profile/controls/meta.rb +34 -34
  223. data/examples/profile/inspec.yml +10 -10
  224. data/examples/profile/libraries/gordon_config.rb +59 -53
  225. data/inspec.gemspec +47 -47
  226. data/lib/bundles/README.md +3 -3
  227. data/lib/bundles/inspec-artifact.rb +7 -7
  228. data/lib/bundles/inspec-artifact/README.md +1 -1
  229. data/lib/bundles/inspec-artifact/cli.rb +277 -277
  230. data/lib/bundles/inspec-compliance.rb +16 -16
  231. data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
  232. data/lib/bundles/inspec-compliance/README.md +185 -185
  233. data/lib/bundles/inspec-compliance/api.rb +316 -316
  234. data/lib/bundles/inspec-compliance/api/login.rb +152 -152
  235. data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
  236. data/lib/bundles/inspec-compliance/cli.rb +254 -254
  237. data/lib/bundles/inspec-compliance/configuration.rb +103 -103
  238. data/lib/bundles/inspec-compliance/http.rb +86 -86
  239. data/lib/bundles/inspec-compliance/support.rb +36 -36
  240. data/lib/bundles/inspec-compliance/target.rb +98 -98
  241. data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
  242. data/lib/bundles/inspec-habitat.rb +12 -12
  243. data/lib/bundles/inspec-habitat/cli.rb +36 -36
  244. data/lib/bundles/inspec-habitat/log.rb +10 -10
  245. data/lib/bundles/inspec-habitat/profile.rb +391 -391
  246. data/lib/bundles/inspec-init.rb +8 -8
  247. data/lib/bundles/inspec-init/README.md +31 -31
  248. data/lib/bundles/inspec-init/cli.rb +97 -97
  249. data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
  250. data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
  251. data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
  252. data/lib/bundles/inspec-supermarket.rb +13 -13
  253. data/lib/bundles/inspec-supermarket/README.md +45 -45
  254. data/lib/bundles/inspec-supermarket/api.rb +84 -84
  255. data/lib/bundles/inspec-supermarket/cli.rb +73 -73
  256. data/lib/bundles/inspec-supermarket/target.rb +34 -34
  257. data/lib/fetchers/git.rb +163 -163
  258. data/lib/fetchers/local.rb +74 -74
  259. data/lib/fetchers/mock.rb +35 -35
  260. data/lib/fetchers/url.rb +204 -204
  261. data/lib/inspec.rb +24 -24
  262. data/lib/inspec/archive/tar.rb +29 -29
  263. data/lib/inspec/archive/zip.rb +19 -19
  264. data/lib/inspec/backend.rb +93 -93
  265. data/lib/inspec/base_cli.rb +363 -357
  266. data/lib/inspec/cached_fetcher.rb +66 -66
  267. data/lib/inspec/cli.rb +292 -292
  268. data/lib/inspec/completions/bash.sh.erb +45 -45
  269. data/lib/inspec/completions/fish.sh.erb +34 -34
  270. data/lib/inspec/completions/zsh.sh.erb +61 -61
  271. data/lib/inspec/control_eval_context.rb +179 -179
  272. data/lib/inspec/dependencies/cache.rb +72 -72
  273. data/lib/inspec/dependencies/dependency_set.rb +92 -92
  274. data/lib/inspec/dependencies/lockfile.rb +115 -115
  275. data/lib/inspec/dependencies/requirement.rb +123 -123
  276. data/lib/inspec/dependencies/resolver.rb +86 -86
  277. data/lib/inspec/describe.rb +27 -27
  278. data/lib/inspec/dsl.rb +66 -66
  279. data/lib/inspec/dsl_shared.rb +33 -33
  280. data/lib/inspec/env_printer.rb +157 -157
  281. data/lib/inspec/errors.rb +14 -13
  282. data/lib/inspec/exceptions.rb +12 -12
  283. data/lib/inspec/expect.rb +45 -45
  284. data/lib/inspec/fetcher.rb +45 -45
  285. data/lib/inspec/file_provider.rb +275 -275
  286. data/lib/inspec/formatters.rb +3 -3
  287. data/lib/inspec/formatters/base.rb +259 -250
  288. data/lib/inspec/formatters/json_rspec.rb +20 -20
  289. data/lib/inspec/formatters/show_progress.rb +12 -12
  290. data/lib/inspec/library_eval_context.rb +58 -58
  291. data/lib/inspec/log.rb +11 -11
  292. data/lib/inspec/metadata.rb +247 -247
  293. data/lib/inspec/method_source.rb +24 -24
  294. data/lib/inspec/objects.rb +14 -14
  295. data/lib/inspec/objects/attribute.rb +65 -65
  296. data/lib/inspec/objects/control.rb +61 -61
  297. data/lib/inspec/objects/describe.rb +92 -92
  298. data/lib/inspec/objects/each_loop.rb +36 -36
  299. data/lib/inspec/objects/list.rb +15 -15
  300. data/lib/inspec/objects/or_test.rb +40 -40
  301. data/lib/inspec/objects/ruby_helper.rb +15 -15
  302. data/lib/inspec/objects/tag.rb +27 -27
  303. data/lib/inspec/objects/test.rb +87 -87
  304. data/lib/inspec/objects/value.rb +27 -27
  305. data/lib/inspec/plugins.rb +60 -60
  306. data/lib/inspec/plugins/cli.rb +24 -24
  307. data/lib/inspec/plugins/fetcher.rb +86 -86
  308. data/lib/inspec/plugins/resource.rb +135 -135
  309. data/lib/inspec/plugins/secret.rb +15 -15
  310. data/lib/inspec/plugins/source_reader.rb +40 -40
  311. data/lib/inspec/polyfill.rb +12 -12
  312. data/lib/inspec/profile.rb +513 -513
  313. data/lib/inspec/profile_context.rb +208 -208
  314. data/lib/inspec/profile_vendor.rb +66 -66
  315. data/lib/inspec/reporters.rb +60 -54
  316. data/lib/inspec/reporters/automate.rb +76 -0
  317. data/lib/inspec/reporters/base.rb +25 -24
  318. data/lib/inspec/reporters/cli.rb +356 -356
  319. data/lib/inspec/reporters/json.rb +116 -116
  320. data/lib/inspec/reporters/json_min.rb +48 -48
  321. data/lib/inspec/reporters/junit.rb +77 -77
  322. data/lib/inspec/require_loader.rb +33 -33
  323. data/lib/inspec/resource.rb +187 -186
  324. data/lib/inspec/rule.rb +266 -266
  325. data/lib/inspec/runner.rb +345 -345
  326. data/lib/inspec/runner_mock.rb +41 -41
  327. data/lib/inspec/runner_rspec.rb +175 -175
  328. data/lib/inspec/runtime_profile.rb +26 -26
  329. data/lib/inspec/schema.rb +213 -213
  330. data/lib/inspec/secrets.rb +19 -19
  331. data/lib/inspec/secrets/yaml.rb +30 -30
  332. data/lib/inspec/shell.rb +220 -220
  333. data/lib/inspec/shell_detector.rb +90 -90
  334. data/lib/inspec/source_reader.rb +29 -29
  335. data/lib/inspec/version.rb +8 -8
  336. data/lib/matchers/matchers.rb +339 -339
  337. data/lib/resource_support/aws.rb +49 -47
  338. data/lib/resource_support/aws/aws_backend_base.rb +12 -12
  339. data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
  340. data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
  341. data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
  342. data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
  343. data/lib/resources/aide_conf.rb +151 -151
  344. data/lib/resources/apache.rb +48 -48
  345. data/lib/resources/apache_conf.rb +149 -149
  346. data/lib/resources/apt.rb +149 -149
  347. data/lib/resources/audit_policy.rb +63 -63
  348. data/lib/resources/auditd.rb +231 -231
  349. data/lib/resources/auditd_conf.rb +46 -46
  350. data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -77
  351. data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
  352. data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
  353. data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
  354. data/lib/resources/aws/aws_config_delivery_channel.rb +76 -76
  355. data/lib/resources/aws/aws_config_recorder.rb +98 -98
  356. data/lib/resources/aws/aws_ec2_instance.rb +157 -157
  357. data/lib/resources/aws/aws_iam_access_key.rb +106 -106
  358. data/lib/resources/aws/aws_iam_access_keys.rb +149 -149
  359. data/lib/resources/aws/aws_iam_group.rb +56 -56
  360. data/lib/resources/aws/aws_iam_groups.rb +52 -52
  361. data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
  362. data/lib/resources/aws/aws_iam_policies.rb +53 -53
  363. data/lib/resources/aws/aws_iam_policy.rb +125 -125
  364. data/lib/resources/aws/aws_iam_role.rb +51 -51
  365. data/lib/resources/aws/aws_iam_root_user.rb +78 -60
  366. data/lib/resources/aws/aws_iam_user.rb +111 -111
  367. data/lib/resources/aws/aws_iam_users.rb +108 -108
  368. data/lib/resources/aws/aws_kms_key.rb +96 -96
  369. data/lib/resources/aws/aws_kms_keys.rb +53 -53
  370. data/lib/resources/aws/aws_rds_instance.rb +71 -71
  371. data/lib/resources/aws/aws_route_table.rb +63 -63
  372. data/lib/resources/aws/aws_route_tables.rb +60 -0
  373. data/lib/resources/aws/aws_s3_bucket.rb +115 -115
  374. data/lib/resources/aws/aws_s3_bucket_object.rb +82 -82
  375. data/lib/resources/aws/aws_s3_buckets.rb +51 -0
  376. data/lib/resources/aws/aws_security_group.rb +93 -93
  377. data/lib/resources/aws/aws_security_groups.rb +68 -68
  378. data/lib/resources/aws/aws_sns_subscription.rb +78 -78
  379. data/lib/resources/aws/aws_sns_topic.rb +53 -53
  380. data/lib/resources/aws/aws_sns_topics.rb +56 -56
  381. data/lib/resources/aws/aws_subnet.rb +88 -88
  382. data/lib/resources/aws/aws_subnets.rb +53 -53
  383. data/lib/resources/aws/aws_vpc.rb +69 -69
  384. data/lib/resources/aws/aws_vpcs.rb +45 -45
  385. data/lib/resources/azure/azure_backend.rb +377 -377
  386. data/lib/resources/azure/azure_generic_resource.rb +59 -59
  387. data/lib/resources/azure/azure_resource_group.rb +152 -152
  388. data/lib/resources/azure/azure_virtual_machine.rb +264 -264
  389. data/lib/resources/azure/azure_virtual_machine_data_disk.rb +134 -134
  390. data/lib/resources/bash.rb +35 -35
  391. data/lib/resources/bond.rb +69 -69
  392. data/lib/resources/bridge.rb +122 -122
  393. data/lib/resources/chocolatey_package.rb +78 -0
  394. data/lib/resources/command.rb +73 -73
  395. data/lib/resources/cpan.rb +58 -58
  396. data/lib/resources/cran.rb +64 -64
  397. data/lib/resources/crontab.rb +169 -169
  398. data/lib/resources/csv.rb +56 -56
  399. data/lib/resources/dh_params.rb +77 -77
  400. data/lib/resources/directory.rb +25 -25
  401. data/lib/resources/docker.rb +236 -236
  402. data/lib/resources/docker_container.rb +89 -89
  403. data/lib/resources/docker_image.rb +83 -83
  404. data/lib/resources/docker_object.rb +57 -57
  405. data/lib/resources/docker_service.rb +90 -90
  406. data/lib/resources/elasticsearch.rb +169 -169
  407. data/lib/resources/etc_fstab.rb +94 -94
  408. data/lib/resources/etc_group.rb +152 -152
  409. data/lib/resources/etc_hosts.rb +66 -66
  410. data/lib/resources/etc_hosts_allow_deny.rb +112 -112
  411. data/lib/resources/file.rb +298 -298
  412. data/lib/resources/filesystem.rb +31 -31
  413. data/lib/resources/firewalld.rb +143 -143
  414. data/lib/resources/gem.rb +70 -70
  415. data/lib/resources/groups.rb +215 -215
  416. data/lib/resources/grub_conf.rb +227 -227
  417. data/lib/resources/host.rb +306 -306
  418. data/lib/resources/http.rb +253 -253
  419. data/lib/resources/iis_app.rb +101 -101
  420. data/lib/resources/iis_site.rb +148 -148
  421. data/lib/resources/inetd_conf.rb +54 -54
  422. data/lib/resources/ini.rb +29 -29
  423. data/lib/resources/interface.rb +129 -129
  424. data/lib/resources/iptables.rb +80 -80
  425. data/lib/resources/json.rb +107 -107
  426. data/lib/resources/kernel_module.rb +107 -107
  427. data/lib/resources/kernel_parameter.rb +58 -58
  428. data/lib/resources/key_rsa.rb +61 -61
  429. data/lib/resources/limits_conf.rb +46 -46
  430. data/lib/resources/login_def.rb +57 -57
  431. data/lib/resources/mount.rb +88 -88
  432. data/lib/resources/mssql_session.rb +101 -101
  433. data/lib/resources/mysql.rb +82 -81
  434. data/lib/resources/mysql_conf.rb +127 -127
  435. data/lib/resources/mysql_session.rb +85 -85
  436. data/lib/resources/nginx.rb +96 -96
  437. data/lib/resources/nginx_conf.rb +226 -226
  438. data/lib/resources/npm.rb +48 -48
  439. data/lib/resources/ntp_conf.rb +51 -51
  440. data/lib/resources/oneget.rb +71 -71
  441. data/lib/resources/oracledb_session.rb +139 -139
  442. data/lib/resources/os.rb +36 -36
  443. data/lib/resources/os_env.rb +75 -75
  444. data/lib/resources/package.rb +370 -370
  445. data/lib/resources/packages.rb +111 -111
  446. data/lib/resources/parse_config.rb +112 -112
  447. data/lib/resources/passwd.rb +76 -76
  448. data/lib/resources/pip.rb +130 -130
  449. data/lib/resources/platform.rb +109 -109
  450. data/lib/resources/port.rb +771 -771
  451. data/lib/resources/postgres.rb +131 -130
  452. data/lib/resources/postgres_conf.rb +114 -114
  453. data/lib/resources/postgres_hba_conf.rb +90 -90
  454. data/lib/resources/postgres_ident_conf.rb +79 -79
  455. data/lib/resources/postgres_session.rb +71 -71
  456. data/lib/resources/powershell.rb +66 -66
  457. data/lib/resources/processes.rb +204 -204
  458. data/lib/resources/rabbitmq_conf.rb +51 -51
  459. data/lib/resources/registry_key.rb +297 -297
  460. data/lib/resources/security_policy.rb +180 -180
  461. data/lib/resources/service.rb +794 -790
  462. data/lib/resources/shadow.rb +149 -149
  463. data/lib/resources/ssh_conf.rb +97 -97
  464. data/lib/resources/ssl.rb +99 -99
  465. data/lib/resources/sys_info.rb +28 -28
  466. data/lib/resources/toml.rb +32 -32
  467. data/lib/resources/users.rb +654 -654
  468. data/lib/resources/vbscript.rb +68 -68
  469. data/lib/resources/virtualization.rb +247 -247
  470. data/lib/resources/windows_feature.rb +84 -84
  471. data/lib/resources/windows_hotfix.rb +35 -35
  472. data/lib/resources/windows_task.rb +102 -102
  473. data/lib/resources/wmi.rb +110 -110
  474. data/lib/resources/x509_certificate.rb +137 -137
  475. data/lib/resources/xinetd.rb +106 -106
  476. data/lib/resources/xml.rb +46 -46
  477. data/lib/resources/yaml.rb +43 -43
  478. data/lib/resources/yum.rb +180 -180
  479. data/lib/resources/zfs_dataset.rb +60 -60
  480. data/lib/resources/zfs_pool.rb +49 -49
  481. data/lib/source_readers/flat.rb +39 -39
  482. data/lib/source_readers/inspec.rb +75 -75
  483. data/lib/utils/command_wrapper.rb +27 -27
  484. data/lib/utils/convert.rb +12 -12
  485. data/lib/utils/database_helpers.rb +77 -77
  486. data/lib/utils/erlang_parser.rb +192 -192
  487. data/lib/utils/file_reader.rb +25 -25
  488. data/lib/utils/filter.rb +273 -273
  489. data/lib/utils/filter_array.rb +27 -27
  490. data/lib/utils/find_files.rb +44 -44
  491. data/lib/utils/hash.rb +41 -41
  492. data/lib/utils/json_log.rb +18 -18
  493. data/lib/utils/latest_version.rb +22 -22
  494. data/lib/utils/modulator.rb +12 -12
  495. data/lib/utils/nginx_parser.rb +85 -85
  496. data/lib/utils/object_traversal.rb +49 -49
  497. data/lib/utils/parser.rb +274 -274
  498. data/lib/utils/plugin_registry.rb +93 -93
  499. data/lib/utils/simpleconfig.rb +120 -120
  500. data/lib/utils/spdx.rb +13 -13
  501. data/lib/utils/spdx.txt +343 -343
  502. metadata +9 -2
data/lib/inspec.rb CHANGED
@@ -1,24 +1,24 @@
1
- # encoding: utf-8
2
- # copyright: 2015, Dominik Richter
3
- # author: Dominik Richter
4
- # author: Christoph Hartmann
5
-
6
- libdir = File.dirname(__FILE__)
7
- $LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
8
-
9
- require 'inspec/version'
10
- require 'inspec/exceptions'
11
- require 'inspec/profile'
12
- require 'inspec/rule'
13
- require 'matchers/matchers'
14
- require 'inspec/runner'
15
- require 'inspec/shell'
16
- require 'inspec/formatters'
17
- require 'inspec/reporters'
18
-
19
- # all utils that may be required by plugins
20
- require 'inspec/base_cli'
21
- require 'inspec/fetcher'
22
- require 'inspec/source_reader'
23
- require 'inspec/resource'
24
- require 'inspec/plugins'
1
+ # encoding: utf-8
2
+ # copyright: 2015, Dominik Richter
3
+ # author: Dominik Richter
4
+ # author: Christoph Hartmann
5
+
6
+ libdir = File.dirname(__FILE__)
7
+ $LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
8
+
9
+ require 'inspec/version'
10
+ require 'inspec/exceptions'
11
+ require 'inspec/profile'
12
+ require 'inspec/rule'
13
+ require 'matchers/matchers'
14
+ require 'inspec/runner'
15
+ require 'inspec/shell'
16
+ require 'inspec/formatters'
17
+ require 'inspec/reporters'
18
+
19
+ # all utils that may be required by plugins
20
+ require 'inspec/base_cli'
21
+ require 'inspec/fetcher'
22
+ require 'inspec/source_reader'
23
+ require 'inspec/resource'
24
+ require 'inspec/plugins'
@@ -1,29 +1,29 @@
1
- # encoding: utf-8
2
- # author: Christoph Hartmann
3
- # author: Dominik Richter
4
-
5
- require 'rubygems/package'
6
-
7
- module Inspec::Archive
8
- class TarArchiveGenerator
9
- def archive(base_dir, files, archive)
10
- File.open(archive, 'wb') do |file|
11
- Zlib::GzipWriter.wrap(file) do |gz|
12
- Gem::Package::TarWriter.new(gz) do |tar|
13
- files.each do |input_filename|
14
- path = Pathname.new(base_dir).join(input_filename)
15
- stat = File.stat(path)
16
- if path.directory?
17
- tar.mkdir(input_filename, stat.mode)
18
- else
19
- tar.add_file_simple(input_filename, stat.mode, stat.size) do |io|
20
- io.write(File.binread(path))
21
- end
22
- end
23
- end
24
- end
25
- end
26
- end
27
- end
28
- end
29
- end
1
+ # encoding: utf-8
2
+ # author: Christoph Hartmann
3
+ # author: Dominik Richter
4
+
5
+ require 'rubygems/package'
6
+
7
+ module Inspec::Archive
8
+ class TarArchiveGenerator
9
+ def archive(base_dir, files, archive)
10
+ File.open(archive, 'wb') do |file|
11
+ Zlib::GzipWriter.wrap(file) do |gz|
12
+ Gem::Package::TarWriter.new(gz) do |tar|
13
+ files.each do |input_filename|
14
+ path = Pathname.new(base_dir).join(input_filename)
15
+ stat = File.stat(path)
16
+ if path.directory?
17
+ tar.mkdir(input_filename, stat.mode)
18
+ else
19
+ tar.add_file_simple(input_filename, stat.mode, stat.size) do |io|
20
+ io.write(File.binread(path))
21
+ end
22
+ end
23
+ end
24
+ end
25
+ end
26
+ end
27
+ end
28
+ end
29
+ end
@@ -1,19 +1,19 @@
1
- # encoding: utf-8
2
- # author: Christoph Hartmann
3
- # author: Dominik Richter
4
-
5
- require 'rubygems'
6
- require 'zip'
7
- require 'pathname'
8
-
9
- module Inspec::Archive
10
- class ZipArchiveGenerator
11
- def archive(base_dir, files, archive)
12
- Zip::File.open(archive, Zip::File::CREATE) do |zipfile|
13
- files.each do |input_filename|
14
- zipfile.add(input_filename, Pathname.new(base_dir).join(input_filename))
15
- end
16
- end
17
- end
18
- end
19
- end
1
+ # encoding: utf-8
2
+ # author: Christoph Hartmann
3
+ # author: Dominik Richter
4
+
5
+ require 'rubygems'
6
+ require 'zip'
7
+ require 'pathname'
8
+
9
+ module Inspec::Archive
10
+ class ZipArchiveGenerator
11
+ def archive(base_dir, files, archive)
12
+ Zip::File.open(archive, Zip::File::CREATE) do |zipfile|
13
+ files.each do |input_filename|
14
+ zipfile.add(input_filename, Pathname.new(base_dir).join(input_filename))
15
+ end
16
+ end
17
+ end
18
+ end
19
+ end
@@ -1,93 +1,93 @@
1
- # encoding: utf-8
2
- # copyright: 2015, Dominik Richter
3
- # author: Dominik Richter
4
- # author: Christoph Hartmann
5
-
6
- require 'train'
7
-
8
- module Inspec
9
- module Backend
10
- module Base
11
- attr_accessor :profile
12
-
13
- # Provide a shorthand to retrieve the inspec version from within a profile
14
- #
15
- # @return [String] inspec version
16
- def version
17
- Inspec::VERSION
18
- end
19
-
20
- # Determine whether the connection/transport is a local connection
21
- # Useful for resources to modify behavior as necessary, such as using
22
- # the Ruby stdlib for a better experience.
23
- def local_transport?
24
- return false unless defined?(Train::Transports::Local)
25
- backend.is_a?(Train::Transports::Local::Connection)
26
- end
27
-
28
- # Ruby internal for printing a nice name for this class
29
- def to_s
30
- 'Inspec::Backend::Class'
31
- end
32
-
33
- # Ruby internal for pretty-printing a summary for this class
34
- def inspect
35
- "Inspec::Backend::Class @transport=#{backend.class}"
36
- end
37
- end
38
-
39
- # Create the transport backend with aggregated resources.
40
- #
41
- # @param [Hash] config for the transport backend
42
- # @return [TransportBackend] enriched transport instance
43
- def self.create(config) # rubocop:disable Metrics/AbcSize
44
- conf = Train.target_config(config)
45
- name = Train.validate_backend(conf)
46
- transport = Train.create(name, conf)
47
- if transport.nil?
48
- raise "Can't find transport backend '#{name}'."
49
- end
50
-
51
- connection = transport.connection
52
- if connection.nil?
53
- raise "Can't connect to transport backend '#{name}'."
54
- end
55
-
56
- # Set caching settings. We always want to enable caching for
57
- # the Mock transport for testing.
58
- if config[:backend_cache] || config[:backend] == :mock
59
- Inspec::Log.debug 'Option backend_cache is enabled'
60
- connection.enable_cache(:file)
61
- connection.enable_cache(:command)
62
- elsif config[:debug_shell]
63
- Inspec::Log.debug 'Option backend_cache is disabled'
64
- connection.disable_cache(:file)
65
- connection.disable_cache(:command)
66
- else
67
- Inspec::Log.debug 'Option backend_cache is disabled'
68
- connection.disable_cache(:file)
69
- connection.disable_cache(:command)
70
- end
71
-
72
- cls = Class.new do
73
- include Base
74
-
75
- define_method :backend do
76
- connection
77
- end
78
-
79
- Inspec::Resource.registry.each do |id, r|
80
- define_method id.to_sym do |*args|
81
- r.new(self, id.to_s, *args)
82
- end
83
- end
84
- end
85
-
86
- cls.new
87
- rescue Train::ClientError => e
88
- raise "Client error, can't connect to '#{name}' backend: #{e.message}"
89
- rescue Train::TransportError => e
90
- raise "Transport error, can't connect to '#{name}' backend: #{e.message}"
91
- end
92
- end
93
- end
1
+ # encoding: utf-8
2
+ # copyright: 2015, Dominik Richter
3
+ # author: Dominik Richter
4
+ # author: Christoph Hartmann
5
+
6
+ require 'train'
7
+
8
+ module Inspec
9
+ module Backend
10
+ module Base
11
+ attr_accessor :profile
12
+
13
+ # Provide a shorthand to retrieve the inspec version from within a profile
14
+ #
15
+ # @return [String] inspec version
16
+ def version
17
+ Inspec::VERSION
18
+ end
19
+
20
+ # Determine whether the connection/transport is a local connection
21
+ # Useful for resources to modify behavior as necessary, such as using
22
+ # the Ruby stdlib for a better experience.
23
+ def local_transport?
24
+ return false unless defined?(Train::Transports::Local)
25
+ backend.is_a?(Train::Transports::Local::Connection)
26
+ end
27
+
28
+ # Ruby internal for printing a nice name for this class
29
+ def to_s
30
+ 'Inspec::Backend::Class'
31
+ end
32
+
33
+ # Ruby internal for pretty-printing a summary for this class
34
+ def inspect
35
+ "Inspec::Backend::Class @transport=#{backend.class}"
36
+ end
37
+ end
38
+
39
+ # Create the transport backend with aggregated resources.
40
+ #
41
+ # @param [Hash] config for the transport backend
42
+ # @return [TransportBackend] enriched transport instance
43
+ def self.create(config) # rubocop:disable Metrics/AbcSize
44
+ conf = Train.target_config(config)
45
+ name = Train.validate_backend(conf)
46
+ transport = Train.create(name, conf)
47
+ if transport.nil?
48
+ raise "Can't find transport backend '#{name}'."
49
+ end
50
+
51
+ connection = transport.connection
52
+ if connection.nil?
53
+ raise "Can't connect to transport backend '#{name}'."
54
+ end
55
+
56
+ # Set caching settings. We always want to enable caching for
57
+ # the Mock transport for testing.
58
+ if config[:backend_cache] || config[:backend] == :mock
59
+ Inspec::Log.debug 'Option backend_cache is enabled'
60
+ connection.enable_cache(:file)
61
+ connection.enable_cache(:command)
62
+ elsif config[:debug_shell]
63
+ Inspec::Log.debug 'Option backend_cache is disabled'
64
+ connection.disable_cache(:file)
65
+ connection.disable_cache(:command)
66
+ else
67
+ Inspec::Log.debug 'Option backend_cache is disabled'
68
+ connection.disable_cache(:file)
69
+ connection.disable_cache(:command)
70
+ end
71
+
72
+ cls = Class.new do
73
+ include Base
74
+
75
+ define_method :backend do
76
+ connection
77
+ end
78
+
79
+ Inspec::Resource.registry.each do |id, r|
80
+ define_method id.to_sym do |*args|
81
+ r.new(self, id.to_s, *args)
82
+ end
83
+ end
84
+ end
85
+
86
+ cls.new
87
+ rescue Train::ClientError => e
88
+ raise "Client error, can't connect to '#{name}' backend: #{e.message}"
89
+ rescue Train::TransportError => e
90
+ raise "Transport error, can't connect to '#{name}' backend: #{e.message}"
91
+ end
92
+ end
93
+ end
@@ -1,357 +1,363 @@
1
- # encoding: utf-8
2
- # author: Christoph Hartmann
3
- # author: Dominik Richter
4
-
5
- require 'thor'
6
- require 'inspec/log'
7
- require 'inspec/profile_vendor'
8
-
9
- module Inspec
10
- class BaseCLI < Thor
11
- # https://github.com/erikhuda/thor/issues/244
12
- def self.exit_on_failure?
13
- true
14
- end
15
-
16
- def self.target_options
17
- option :target, aliases: :t, type: :string,
18
- desc: 'Simple targeting option using URIs, e.g. ssh://user:pass@host:port'
19
- option :backend, aliases: :b, type: :string,
20
- desc: 'Choose a backend: local, ssh, winrm, docker.'
21
- option :host, type: :string,
22
- desc: 'Specify a remote host which is tested.'
23
- option :port, aliases: :p, type: :numeric,
24
- desc: 'Specify the login port for a remote scan.'
25
- option :user, type: :string,
26
- desc: 'The login user for a remote scan.'
27
- option :password, type: :string, lazy_default: -1,
28
- desc: 'Login password for a remote scan, if required.'
29
- option :key_files, aliases: :i, type: :array,
30
- desc: 'Login key or certificate file for a remote scan.'
31
- option :path, type: :string,
32
- desc: 'Login path to use when connecting to the target (WinRM).'
33
- option :sudo, type: :boolean,
34
- desc: 'Run scans with sudo. Only activates on Unix and non-root user.'
35
- option :sudo_password, type: :string, lazy_default: -1,
36
- desc: 'Specify a sudo password, if it is required.'
37
- option :sudo_options, type: :string,
38
- desc: 'Additional sudo options for a remote scan.'
39
- option :sudo_command, type: :string,
40
- desc: 'Alternate command for sudo.'
41
- option :shell, type: :boolean,
42
- desc: 'Run scans in a subshell. Only activates on Unix.'
43
- option :shell_options, type: :string,
44
- desc: 'Additional shell options.'
45
- option :shell_command, type: :string,
46
- desc: 'Specify a particular shell to use.'
47
- option :ssl, type: :boolean,
48
- desc: 'Use SSL for transport layer encryption (WinRM).'
49
- option :self_signed, type: :boolean,
50
- desc: 'Allow remote scans with self-signed certificates (WinRM).'
51
- option :json_config, type: :string,
52
- desc: 'Read configuration from JSON file (`-` reads from stdin).'
53
- option :proxy_command, type: :string,
54
- desc: 'Specifies the command to use to connect to the server'
55
- end
56
-
57
- def self.profile_options
58
- option :profiles_path, type: :string,
59
- desc: 'Folder which contains referenced profiles.'
60
- end
61
-
62
- def self.exec_options
63
- target_options
64
- profile_options
65
- option :controls, type: :array,
66
- desc: 'A list of controls to run. Ignore all other tests.'
67
- option :format, type: :string,
68
- desc: '[DEPRECATED] Please use --reporter - this will be removed in InSpec 3.0'
69
- option :reporter, type: :array,
70
- banner: 'one two:/output/file/path',
71
- desc: 'Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit'
72
- option :color, type: :boolean,
73
- desc: 'Use colors in output.'
74
- option :attrs, type: :array,
75
- desc: 'Load attributes file (experimental)'
76
- option :vendor_cache, type: :string,
77
- desc: 'Use the given path for caching dependencies. (default: ~/.inspec/cache)'
78
- option :create_lockfile, type: :boolean,
79
- desc: 'Write out a lockfile based on this execution (unless one already exists)'
80
- option :backend_cache, type: :boolean,
81
- desc: 'Allow caching for backend command output. (default: true)'
82
- option :show_progress, type: :boolean,
83
- desc: 'Show progress while executing tests.'
84
- end
85
-
86
- def self.default_options
87
- {
88
- exec: {
89
- 'reporter' => ['cli'],
90
- 'show_progress' => false,
91
- 'color' => true,
92
- 'create_lockfile' => true,
93
- 'backend_cache' => true,
94
- },
95
- shell: {
96
- 'reporter' => ['cli'],
97
- },
98
- }
99
- end
100
-
101
- def self.parse_reporters(opts) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
102
- # merge in any legacy formats as reporter
103
- # this method will only be used for ad-hoc runners
104
- if !opts['format'].nil? && opts['reporter'].nil?
105
- warn '[DEPRECATED] The option --format is being deprecated and will be removed in inspec 3.0. Please use --reporter'
106
-
107
- # see if we are using the legacy output to write to files
108
- if opts['output']
109
- warn '[DEPRECATED] The option \'output\' is being deprecated and will be removed in inspec 3.0. Please use --reporter name:path'
110
- opts['format'] = "#{opts['format']}:#{opts['output']}"
111
- opts.delete('output')
112
- end
113
-
114
- opts['reporter'] = Array(opts['format'])
115
- opts.delete('format')
116
- end
117
-
118
- # default to cli report for ad-hoc runners
119
- opts['reporter'] = ['cli'] if opts['reporter'].nil?
120
-
121
- # parse out cli to proper report format
122
- if opts['reporter'].is_a?(Array)
123
- reports = {}
124
- opts['reporter'].each do |report|
125
- reporter_name, target = report.split(':')
126
- if target.nil? || target.strip == '-'
127
- reports[reporter_name] = { 'stdout' => true }
128
- else
129
- reports[reporter_name] = {
130
- 'file' => target,
131
- 'stdout' => false,
132
- }
133
- end
134
- end
135
- opts['reporter'] = reports
136
- end
137
-
138
- # add in stdout if not specified
139
- if opts['reporter'].is_a?(Hash)
140
- opts['reporter'].each do |reporter_name, config|
141
- opts['reporter'][reporter_name] = {} if config.nil?
142
- opts['reporter'][reporter_name]['stdout'] = true if opts['reporter'][reporter_name].empty?
143
- end
144
- end
145
-
146
- validate_reporters(opts['reporter'])
147
- opts
148
- end
149
-
150
- def self.validate_reporters(reporters)
151
- return if reporters.nil?
152
-
153
- valid_types = [
154
- 'json',
155
- 'json-min',
156
- 'json-rspec',
157
- 'cli',
158
- 'junit',
159
- 'html',
160
- 'documentation',
161
- 'progress',
162
- ]
163
-
164
- reporters.each do |k, _v|
165
- raise NotImplementedError, "'#{k}' is not a valid reporter type." unless valid_types.include?(k)
166
- end
167
-
168
- # check to make sure we are only reporting one type to stdout
169
- stdout = 0
170
- reporters.each_value do |v|
171
- stdout += 1 if v['stdout'] == true
172
- end
173
-
174
- raise ArgumentError, 'The option --reporter can only have a single report outputting to stdout.' if stdout > 1
175
- end
176
-
177
- def self.detect(params: {}, indent: 0, color: 39)
178
- str = ''
179
- params.each { |item, info|
180
- data = info
181
-
182
- # Format Array for better output if applicable
183
- data = data.join(', ') if data.is_a?(Array)
184
-
185
- # Do not output fields of data is missing ('unknown' is fine)
186
- next if data.nil?
187
-
188
- data = "\e[1m\e[#{color}m#{data}\e[0m"
189
- str << format("#{' ' * indent}%-10s %s\n", item.to_s.capitalize + ':', data)
190
- }
191
- str
192
- end
193
-
194
- private
195
-
196
- def suppress_log_output?(opts)
197
- return false if opts['reporter'].nil?
198
- match = %w{json json-min json-rspec junit html} & opts['reporter'].keys
199
- unless match.empty?
200
- match.each do |m|
201
- # check to see if we are outputting to stdout
202
- return true if opts['reporter'][m]['stdout'] == true
203
- end
204
- end
205
- false
206
- end
207
-
208
- def diagnose(opts)
209
- return unless opts['diagnose']
210
- puts "InSpec version: #{Inspec::VERSION}"
211
- puts "Train version: #{Train::VERSION}"
212
- puts 'Command line configuration:'
213
- pp options
214
- puts 'JSON configuration file:'
215
- pp options_json
216
- puts 'Merged configuration:'
217
- pp opts
218
- puts
219
- end
220
-
221
- def opts(type = nil)
222
- o = merged_opts(type)
223
-
224
- # Due to limitations in Thor it is not possible to set an argument to be
225
- # both optional and its value to be mandatory. E.g. the user supplying
226
- # the --password argument is optional and not always required, but
227
- # whenever it is used, it requires a value. Handle options that were
228
- # defined above and require a value here:
229
- %w{password sudo-password}.each do |v|
230
- id = v.tr('-', '_').to_sym
231
- next unless o[id] == -1
232
- raise ArgumentError, "Please provide a value for --#{v}. For example: --#{v}=hello."
233
- end
234
-
235
- o
236
- end
237
-
238
- def merged_opts(type = nil)
239
- opts = {}
240
- opts[:type] = type unless type.nil?
241
-
242
- # start with default options if we have any
243
- opts = BaseCLI.default_options[type] unless type.nil? || BaseCLI.default_options[type].nil?
244
-
245
- # merge in any options from json-config
246
- json_config = options_json
247
- opts.merge!(json_config)
248
-
249
- # remove the default reporter if we are setting a legacy format on the cli
250
- # or via json-config
251
- opts.delete('reporter') if options['format'] || json_config['format']
252
-
253
- # merge in any options defined via thor
254
- opts.merge!(options)
255
-
256
- # parse reporter options
257
- opts = BaseCLI.parse_reporters(opts) if %i(exec shell).include?(type)
258
-
259
- Thor::CoreExt::HashWithIndifferentAccess.new(opts)
260
- end
261
-
262
- def options_json
263
- conffile = options['json_config']
264
- @json ||= conffile ? read_config(conffile) : {}
265
- end
266
-
267
- def read_config(file)
268
- if file == '-'
269
- puts 'WARN: reading JSON config from standard input' if STDIN.tty?
270
- config = STDIN.read
271
- else
272
- config = File.read(file)
273
- end
274
-
275
- JSON.parse(config)
276
- rescue JSON::ParserError => e
277
- puts "Failed to load JSON configuration: #{e}\nConfig was: #{config.inspect}"
278
- exit 1
279
- end
280
-
281
- # get the log level
282
- # DEBUG < INFO < WARN < ERROR < FATAL < UNKNOWN
283
- def get_log_level(level)
284
- valid = %w{debug info warn error fatal}
285
-
286
- if valid.include?(level)
287
- l = level
288
- else
289
- l = 'info'
290
- end
291
-
292
- Logger.const_get(l.upcase)
293
- end
294
-
295
- def pretty_handle_exception(exception)
296
- case exception
297
- when Inspec::Error
298
- $stderr.puts exception.message
299
- exit(1)
300
- else
301
- raise exception
302
- end
303
- end
304
-
305
- def vendor_deps(path, opts)
306
- profile_path = path || Dir.pwd
307
- profile_vendor = Inspec::ProfileVendor.new(profile_path)
308
-
309
- if (profile_vendor.cache_path.exist? || profile_vendor.lockfile.exist?) && !opts[:overwrite]
310
- puts 'Profile is already vendored. Use --overwrite.'
311
- return false
312
- end
313
-
314
- profile_vendor.vendor!
315
- puts "Dependencies for profile #{profile_path} successfully vendored to #{profile_vendor.cache_path}"
316
- rescue StandardError => e
317
- pretty_handle_exception(e)
318
- end
319
-
320
- def configure_logger(o)
321
- #
322
- # TODO(ssd): This is a big gross, but this configures the
323
- # logging singleton Inspec::Log. Eventually it would be nice to
324
- # move internal debug logging to use this logging singleton.
325
- #
326
- loc = if o.log_location
327
- o.log_location
328
- elsif suppress_log_output?(o)
329
- STDERR
330
- else
331
- STDOUT
332
- end
333
-
334
- Inspec::Log.init(loc)
335
- Inspec::Log.level = get_log_level(o.log_level)
336
-
337
- o[:logger] = Logger.new(loc)
338
- # output json if we have activated the json formatter
339
- if o['log-format'] == 'json'
340
- o[:logger].formatter = Logger::JSONFormatter.new
341
- end
342
- o[:logger].level = get_log_level(o.log_level)
343
- end
344
-
345
- def mark_text(text)
346
- "\e[0;36m#{text}\e[0m"
347
- end
348
-
349
- def headline(title)
350
- puts "\n== #{title}\n\n"
351
- end
352
-
353
- def li(entry)
354
- puts " #{mark_text('*')} #{entry}"
355
- end
356
- end
357
- end
1
+ # encoding: utf-8
2
+ # author: Christoph Hartmann
3
+ # author: Dominik Richter
4
+
5
+ require 'thor'
6
+ require 'inspec/log'
7
+ require 'inspec/profile_vendor'
8
+
9
+ module Inspec
10
+ class BaseCLI < Thor
11
+ # https://github.com/erikhuda/thor/issues/244
12
+ def self.exit_on_failure?
13
+ true
14
+ end
15
+
16
+ def self.target_options
17
+ option :target, aliases: :t, type: :string,
18
+ desc: 'Simple targeting option using URIs, e.g. ssh://user:pass@host:port'
19
+ option :backend, aliases: :b, type: :string,
20
+ desc: 'Choose a backend: local, ssh, winrm, docker.'
21
+ option :host, type: :string,
22
+ desc: 'Specify a remote host which is tested.'
23
+ option :port, aliases: :p, type: :numeric,
24
+ desc: 'Specify the login port for a remote scan.'
25
+ option :user, type: :string,
26
+ desc: 'The login user for a remote scan.'
27
+ option :password, type: :string, lazy_default: -1,
28
+ desc: 'Login password for a remote scan, if required.'
29
+ option :key_files, aliases: :i, type: :array,
30
+ desc: 'Login key or certificate file for a remote scan.'
31
+ option :path, type: :string,
32
+ desc: 'Login path to use when connecting to the target (WinRM).'
33
+ option :sudo, type: :boolean,
34
+ desc: 'Run scans with sudo. Only activates on Unix and non-root user.'
35
+ option :sudo_password, type: :string, lazy_default: -1,
36
+ desc: 'Specify a sudo password, if it is required.'
37
+ option :sudo_options, type: :string,
38
+ desc: 'Additional sudo options for a remote scan.'
39
+ option :sudo_command, type: :string,
40
+ desc: 'Alternate command for sudo.'
41
+ option :shell, type: :boolean,
42
+ desc: 'Run scans in a subshell. Only activates on Unix.'
43
+ option :shell_options, type: :string,
44
+ desc: 'Additional shell options.'
45
+ option :shell_command, type: :string,
46
+ desc: 'Specify a particular shell to use.'
47
+ option :ssl, type: :boolean,
48
+ desc: 'Use SSL for transport layer encryption (WinRM).'
49
+ option :self_signed, type: :boolean,
50
+ desc: 'Allow remote scans with self-signed certificates (WinRM).'
51
+ option :json_config, type: :string,
52
+ desc: 'Read configuration from JSON file (`-` reads from stdin).'
53
+ option :proxy_command, type: :string,
54
+ desc: 'Specifies the command to use to connect to the server'
55
+ end
56
+
57
+ def self.profile_options
58
+ option :profiles_path, type: :string,
59
+ desc: 'Folder which contains referenced profiles.'
60
+ end
61
+
62
+ def self.exec_options
63
+ target_options
64
+ profile_options
65
+ option :controls, type: :array,
66
+ desc: 'A list of controls to run. Ignore all other tests.'
67
+ option :format, type: :string,
68
+ desc: '[DEPRECATED] Please use --reporter - this will be removed in InSpec 3.0'
69
+ option :reporter, type: :array,
70
+ banner: 'one two:/output/file/path',
71
+ desc: 'Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit'
72
+ option :color, type: :boolean,
73
+ desc: 'Use colors in output.'
74
+ option :attrs, type: :array,
75
+ desc: 'Load attributes file (experimental)'
76
+ option :vendor_cache, type: :string,
77
+ desc: 'Use the given path for caching dependencies. (default: ~/.inspec/cache)'
78
+ option :create_lockfile, type: :boolean,
79
+ desc: 'Write out a lockfile based on this execution (unless one already exists)'
80
+ option :backend_cache, type: :boolean,
81
+ desc: 'Allow caching for backend command output. (default: true)'
82
+ option :show_progress, type: :boolean,
83
+ desc: 'Show progress while executing tests.'
84
+ end
85
+
86
+ def self.default_options
87
+ {
88
+ exec: {
89
+ 'reporter' => ['cli'],
90
+ 'show_progress' => false,
91
+ 'color' => true,
92
+ 'create_lockfile' => true,
93
+ 'backend_cache' => true,
94
+ },
95
+ shell: {
96
+ 'reporter' => ['cli'],
97
+ },
98
+ }
99
+ end
100
+
101
+ def self.parse_reporters(opts) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
102
+ # merge in any legacy formats as reporter
103
+ # this method will only be used for ad-hoc runners
104
+ if !opts['format'].nil? && opts['reporter'].nil?
105
+ warn '[DEPRECATED] The option --format is being deprecated and will be removed in inspec 3.0. Please use --reporter'
106
+
107
+ # see if we are using the legacy output to write to files
108
+ if opts['output']
109
+ warn '[DEPRECATED] The option \'output\' is being deprecated and will be removed in inspec 3.0. Please use --reporter name:path'
110
+ opts['format'] = "#{opts['format']}:#{opts['output']}"
111
+ opts.delete('output')
112
+ end
113
+
114
+ opts['reporter'] = Array(opts['format'])
115
+ opts.delete('format')
116
+ end
117
+
118
+ # default to cli report for ad-hoc runners
119
+ opts['reporter'] = ['cli'] if opts['reporter'].nil?
120
+
121
+ # parse out cli to proper report format
122
+ if opts['reporter'].is_a?(Array)
123
+ reports = {}
124
+ opts['reporter'].each do |report|
125
+ reporter_name, target = report.split(':')
126
+ if target.nil? || target.strip == '-'
127
+ reports[reporter_name] = { 'stdout' => true }
128
+ else
129
+ reports[reporter_name] = {
130
+ 'file' => target,
131
+ 'stdout' => false,
132
+ }
133
+ end
134
+ end
135
+ opts['reporter'] = reports
136
+ end
137
+
138
+ # add in stdout if not specified
139
+ if opts['reporter'].is_a?(Hash)
140
+ opts['reporter'].each do |reporter_name, config|
141
+ opts['reporter'][reporter_name] = {} if config.nil?
142
+ opts['reporter'][reporter_name]['stdout'] = true if opts['reporter'][reporter_name].empty?
143
+ end
144
+ end
145
+
146
+ validate_reporters(opts['reporter'])
147
+ opts
148
+ end
149
+
150
+ def self.validate_reporters(reporters)
151
+ return if reporters.nil?
152
+
153
+ valid_types = [
154
+ 'automate',
155
+ 'cli',
156
+ 'documentation',
157
+ 'html',
158
+ 'json',
159
+ 'json-min',
160
+ 'json-rspec',
161
+ 'junit',
162
+ 'progress',
163
+ ]
164
+
165
+ reporters.each do |k, v|
166
+ raise NotImplementedError, "'#{k}' is not a valid reporter type." unless valid_types.include?(k)
167
+
168
+ next unless k == 'automate'
169
+ %w{token url}.each do |option|
170
+ raise Inspec::ReporterError, "You must specify a automate #{option} via the json-config." if v[option].nil?
171
+ end
172
+ end
173
+
174
+ # check to make sure we are only reporting one type to stdout
175
+ stdout = 0
176
+ reporters.each_value do |v|
177
+ stdout += 1 if v['stdout'] == true
178
+ end
179
+
180
+ raise ArgumentError, 'The option --reporter can only have a single report outputting to stdout.' if stdout > 1
181
+ end
182
+
183
+ def self.detect(params: {}, indent: 0, color: 39)
184
+ str = ''
185
+ params.each { |item, info|
186
+ data = info
187
+
188
+ # Format Array for better output if applicable
189
+ data = data.join(', ') if data.is_a?(Array)
190
+
191
+ # Do not output fields of data is missing ('unknown' is fine)
192
+ next if data.nil?
193
+
194
+ data = "\e[1m\e[#{color}m#{data}\e[0m"
195
+ str << format("#{' ' * indent}%-10s %s\n", item.to_s.capitalize + ':', data)
196
+ }
197
+ str
198
+ end
199
+
200
+ private
201
+
202
+ def suppress_log_output?(opts)
203
+ return false if opts['reporter'].nil?
204
+ match = %w{json json-min json-rspec junit html} & opts['reporter'].keys
205
+ unless match.empty?
206
+ match.each do |m|
207
+ # check to see if we are outputting to stdout
208
+ return true if opts['reporter'][m]['stdout'] == true
209
+ end
210
+ end
211
+ false
212
+ end
213
+
214
+ def diagnose(opts)
215
+ return unless opts['diagnose']
216
+ puts "InSpec version: #{Inspec::VERSION}"
217
+ puts "Train version: #{Train::VERSION}"
218
+ puts 'Command line configuration:'
219
+ pp options
220
+ puts 'JSON configuration file:'
221
+ pp options_json
222
+ puts 'Merged configuration:'
223
+ pp opts
224
+ puts
225
+ end
226
+
227
+ def opts(type = nil)
228
+ o = merged_opts(type)
229
+
230
+ # Due to limitations in Thor it is not possible to set an argument to be
231
+ # both optional and its value to be mandatory. E.g. the user supplying
232
+ # the --password argument is optional and not always required, but
233
+ # whenever it is used, it requires a value. Handle options that were
234
+ # defined above and require a value here:
235
+ %w{password sudo-password}.each do |v|
236
+ id = v.tr('-', '_').to_sym
237
+ next unless o[id] == -1
238
+ raise ArgumentError, "Please provide a value for --#{v}. For example: --#{v}=hello."
239
+ end
240
+
241
+ o
242
+ end
243
+
244
+ def merged_opts(type = nil)
245
+ opts = {}
246
+
247
+ # start with default options if we have any
248
+ opts = BaseCLI.default_options[type] unless type.nil? || BaseCLI.default_options[type].nil?
249
+ opts['type'] = type unless type.nil?
250
+
251
+ # merge in any options from json-config
252
+ json_config = options_json
253
+ opts.merge!(json_config)
254
+
255
+ # remove the default reporter if we are setting a legacy format on the cli
256
+ # or via json-config
257
+ opts.delete('reporter') if options['format'] || json_config['format']
258
+
259
+ # merge in any options defined via thor
260
+ opts.merge!(options)
261
+
262
+ # parse reporter options
263
+ opts = BaseCLI.parse_reporters(opts) if %i(exec shell).include?(type)
264
+
265
+ Thor::CoreExt::HashWithIndifferentAccess.new(opts)
266
+ end
267
+
268
+ def options_json
269
+ conffile = options['json_config']
270
+ @json ||= conffile ? read_config(conffile) : {}
271
+ end
272
+
273
+ def read_config(file)
274
+ if file == '-'
275
+ puts 'WARN: reading JSON config from standard input' if STDIN.tty?
276
+ config = STDIN.read
277
+ else
278
+ config = File.read(file)
279
+ end
280
+
281
+ JSON.parse(config)
282
+ rescue JSON::ParserError => e
283
+ puts "Failed to load JSON configuration: #{e}\nConfig was: #{config.inspect}"
284
+ exit 1
285
+ end
286
+
287
+ # get the log level
288
+ # DEBUG < INFO < WARN < ERROR < FATAL < UNKNOWN
289
+ def get_log_level(level)
290
+ valid = %w{debug info warn error fatal}
291
+
292
+ if valid.include?(level)
293
+ l = level
294
+ else
295
+ l = 'info'
296
+ end
297
+
298
+ Logger.const_get(l.upcase)
299
+ end
300
+
301
+ def pretty_handle_exception(exception)
302
+ case exception
303
+ when Inspec::Error
304
+ $stderr.puts exception.message
305
+ exit(1)
306
+ else
307
+ raise exception
308
+ end
309
+ end
310
+
311
+ def vendor_deps(path, opts)
312
+ profile_path = path || Dir.pwd
313
+ profile_vendor = Inspec::ProfileVendor.new(profile_path)
314
+
315
+ if (profile_vendor.cache_path.exist? || profile_vendor.lockfile.exist?) && !opts[:overwrite]
316
+ puts 'Profile is already vendored. Use --overwrite.'
317
+ return false
318
+ end
319
+
320
+ profile_vendor.vendor!
321
+ puts "Dependencies for profile #{profile_path} successfully vendored to #{profile_vendor.cache_path}"
322
+ rescue StandardError => e
323
+ pretty_handle_exception(e)
324
+ end
325
+
326
+ def configure_logger(o)
327
+ #
328
+ # TODO(ssd): This is a big gross, but this configures the
329
+ # logging singleton Inspec::Log. Eventually it would be nice to
330
+ # move internal debug logging to use this logging singleton.
331
+ #
332
+ loc = if o.log_location
333
+ o.log_location
334
+ elsif suppress_log_output?(o)
335
+ STDERR
336
+ else
337
+ STDOUT
338
+ end
339
+
340
+ Inspec::Log.init(loc)
341
+ Inspec::Log.level = get_log_level(o.log_level)
342
+
343
+ o[:logger] = Logger.new(loc)
344
+ # output json if we have activated the json formatter
345
+ if o['log-format'] == 'json'
346
+ o[:logger].formatter = Logger::JSONFormatter.new
347
+ end
348
+ o[:logger].level = get_log_level(o.log_level)
349
+ end
350
+
351
+ def mark_text(text)
352
+ "\e[0;36m#{text}\e[0m"
353
+ end
354
+
355
+ def headline(title)
356
+ puts "\n== #{title}\n\n"
357
+ end
358
+
359
+ def li(entry)
360
+ puts " #{mark_text('*')} #{entry}"
361
+ end
362
+ end
363
+ end