RubyGems - inspec - Versions diffs - 2.1.30 → 2.1.43 - Mend

inspec 2.1.30 → 2.1.43

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (503) hide show

checksums.yaml +4 -4
data/.rubocop.yml +0 -0
data/CHANGELOG.md +39 -18
data/Gemfile +0 -0
data/LICENSE +0 -0
data/MAINTAINERS.md +0 -0
data/MAINTAINERS.toml +0 -0
data/README.md +2 -2
data/Rakefile +4 -2
data/docs/.gitignore +0 -0
data/docs/README.md +0 -0
data/docs/dsl_inspec.md +0 -0
data/docs/dsl_resource.md +0 -0
data/docs/glossary.md +0 -0
data/docs/habitat.md +0 -0
data/docs/inspec_and_friends.md +0 -0
data/docs/matchers.md +0 -0
data/docs/migration.md +0 -0
data/docs/platforms.md +0 -0
data/docs/plugin_kitchen_inspec.md +0 -0
data/docs/profiles.md +2 -0
data/docs/reporters.md +0 -0
data/docs/resources/aide_conf.md.erb +0 -0
data/docs/resources/apache.md.erb +0 -0
data/docs/resources/apache_conf.md.erb +0 -0
data/docs/resources/apt.md.erb +0 -0
data/docs/resources/audit_policy.md.erb +0 -0
data/docs/resources/auditd.md.erb +0 -0
data/docs/resources/auditd_conf.md.erb +0 -0
data/docs/resources/aws_cloudtrail_trail.md.erb +9 -0
data/docs/resources/aws_cloudtrail_trails.md.erb +0 -0
data/docs/resources/aws_cloudwatch_alarm.md.erb +1 -1
data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -0
data/docs/resources/aws_config_delivery_channel.md +0 -0
data/docs/resources/aws_config_recorder.md.erb +0 -0
data/docs/resources/aws_ec2_instance.md.erb +0 -0
data/docs/resources/aws_iam_access_key.md.erb +0 -0
data/docs/resources/aws_iam_access_keys.md.erb +0 -0
data/docs/resources/aws_iam_group.md.erb +12 -0
data/docs/resources/aws_iam_groups.md.erb +0 -0
data/docs/resources/aws_iam_password_policy.md.erb +0 -0
data/docs/resources/aws_iam_policies.md.erb +0 -0
data/docs/resources/aws_iam_policy.md.erb +99 -4
data/docs/resources/aws_iam_role.md.erb +0 -0
data/docs/resources/aws_iam_root_user.md.erb +2 -2
data/docs/resources/aws_iam_user.md.erb +0 -0
data/docs/resources/aws_iam_users.md.erb +0 -0
data/docs/resources/aws_kms_key.md.erb +0 -0
data/docs/resources/aws_kms_keys.md.erb +0 -0
data/docs/resources/aws_rds_instance.md.erb +0 -0
data/docs/resources/aws_route_table.md.erb +0 -0
data/docs/resources/aws_route_tables.md.erb +0 -0
data/docs/resources/aws_s3_bucket.md.erb +0 -0
data/docs/resources/aws_s3_bucket_object.md.erb +0 -0
data/docs/resources/aws_s3_buckets.md.erb +0 -0
data/docs/resources/aws_security_group.md.erb +160 -21
data/docs/resources/aws_security_groups.md.erb +0 -0
data/docs/resources/aws_sns_subscription.md.erb +0 -0
data/docs/resources/aws_sns_topic.md.erb +0 -0
data/docs/resources/aws_sns_topics.md.erb +0 -0
data/docs/resources/aws_subnet.md.erb +0 -0
data/docs/resources/aws_subnets.md.erb +0 -0
data/docs/resources/aws_vpc.md.erb +0 -0
data/docs/resources/aws_vpcs.md.erb +73 -2
data/docs/resources/azure_generic_resource.md.erb +0 -0
data/docs/resources/azure_resource_group.md.erb +0 -0
data/docs/resources/azure_virtual_machine.md.erb +0 -0
data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -0
data/docs/resources/bash.md.erb +0 -0
data/docs/resources/bond.md.erb +0 -0
data/docs/resources/bridge.md.erb +0 -0
data/docs/resources/bsd_service.md.erb +0 -0
data/docs/resources/chocolatey_package.md.erb +0 -0
data/docs/resources/command.md.erb +0 -0
data/docs/resources/cpan.md.erb +0 -0
data/docs/resources/cran.md.erb +0 -0
data/docs/resources/crontab.md.erb +0 -0
data/docs/resources/csv.md.erb +0 -0
data/docs/resources/dh_params.md.erb +0 -0
data/docs/resources/directory.md.erb +0 -0
data/docs/resources/docker.md.erb +0 -0
data/docs/resources/docker_container.md.erb +0 -0
data/docs/resources/docker_image.md.erb +0 -0
data/docs/resources/docker_service.md.erb +0 -0
data/docs/resources/elasticsearch.md.erb +0 -0
data/docs/resources/etc_fstab.md.erb +0 -0
data/docs/resources/etc_group.md.erb +0 -0
data/docs/resources/etc_hosts.md.erb +0 -0
data/docs/resources/etc_hosts_allow.md.erb +0 -0
data/docs/resources/etc_hosts_deny.md.erb +0 -0
data/docs/resources/file.md.erb +0 -0
data/docs/resources/filesystem.md.erb +1 -1
data/docs/resources/firewalld.md.erb +0 -0
data/docs/resources/gem.md.erb +0 -0
data/docs/resources/group.md.erb +0 -0
data/docs/resources/grub_conf.md.erb +0 -0
data/docs/resources/host.md.erb +0 -0
data/docs/resources/http.md.erb +0 -0
data/docs/resources/iis_app.md.erb +0 -0
data/docs/resources/iis_site.md.erb +0 -0
data/docs/resources/inetd_conf.md.erb +0 -0
data/docs/resources/ini.md.erb +0 -0
data/docs/resources/interface.md.erb +0 -0
data/docs/resources/iptables.md.erb +0 -0
data/docs/resources/json.md.erb +0 -0
data/docs/resources/kernel_module.md.erb +0 -0
data/docs/resources/kernel_parameter.md.erb +0 -0
data/docs/resources/key_rsa.md.erb +0 -0
data/docs/resources/launchd_service.md.erb +0 -0
data/docs/resources/limits_conf.md.erb +0 -0
data/docs/resources/login_defs.md.erb +0 -0
data/docs/resources/mount.md.erb +0 -0
data/docs/resources/mssql_session.md.erb +0 -0
data/docs/resources/mysql_conf.md.erb +0 -0
data/docs/resources/mysql_session.md.erb +0 -0
data/docs/resources/nginx.md.erb +0 -0
data/docs/resources/nginx_conf.md.erb +0 -0
data/docs/resources/npm.md.erb +0 -0
data/docs/resources/ntp_conf.md.erb +0 -0
data/docs/resources/oneget.md.erb +0 -0
data/docs/resources/oracledb_session.md.erb +0 -0
data/docs/resources/os.md.erb +0 -0
data/docs/resources/os_env.md.erb +0 -0
data/docs/resources/package.md.erb +4 -4
data/docs/resources/packages.md.erb +0 -0
data/docs/resources/parse_config.md.erb +0 -0
data/docs/resources/parse_config_file.md.erb +0 -0
data/docs/resources/passwd.md.erb +0 -0
data/docs/resources/pip.md.erb +0 -0
data/docs/resources/port.md.erb +0 -0
data/docs/resources/postgres_conf.md.erb +0 -0
data/docs/resources/postgres_hba_conf.md.erb +0 -0
data/docs/resources/postgres_ident_conf.md.erb +0 -0
data/docs/resources/postgres_session.md.erb +0 -0
data/docs/resources/powershell.md.erb +0 -0
data/docs/resources/processes.md.erb +0 -0
data/docs/resources/rabbitmq_config.md.erb +0 -0
data/docs/resources/registry_key.md.erb +0 -0
data/docs/resources/runit_service.md.erb +0 -0
data/docs/resources/security_policy.md.erb +0 -0
data/docs/resources/service.md.erb +0 -0
data/docs/resources/shadow.md.erb +0 -0
data/docs/resources/ssh_config.md.erb +0 -0
data/docs/resources/sshd_config.md.erb +0 -0
data/docs/resources/ssl.md.erb +0 -0
data/docs/resources/sys_info.md.erb +0 -0
data/docs/resources/systemd_service.md.erb +0 -0
data/docs/resources/sysv_service.md.erb +0 -0
data/docs/resources/upstart_service.md.erb +0 -0
data/docs/resources/user.md.erb +0 -0
data/docs/resources/users.md.erb +0 -0
data/docs/resources/vbscript.md.erb +0 -0
data/docs/resources/virtualization.md.erb +0 -0
data/docs/resources/windows_feature.md.erb +0 -0
data/docs/resources/windows_hotfix.md.erb +0 -0
data/docs/resources/windows_task.md.erb +0 -0
data/docs/resources/wmi.md.erb +0 -0
data/docs/resources/x509_certificate.md.erb +0 -0
data/docs/resources/xinetd_conf.md.erb +0 -0
data/docs/resources/xml.md.erb +0 -0
data/docs/resources/yaml.md.erb +0 -0
data/docs/resources/yum.md.erb +0 -0
data/docs/resources/zfs_dataset.md.erb +0 -0
data/docs/resources/zfs_pool.md.erb +0 -0
data/docs/ruby_usage.md +0 -0
data/docs/shared/matcher_be.md.erb +0 -0
data/docs/shared/matcher_cmp.md.erb +0 -0
data/docs/shared/matcher_eq.md.erb +0 -0
data/docs/shared/matcher_include.md.erb +0 -0
data/docs/shared/matcher_match.md.erb +0 -0
data/docs/shell.md +0 -0
data/examples/README.md +0 -0
data/examples/inheritance/README.md +0 -0
data/examples/inheritance/controls/example.rb +0 -0
data/examples/inheritance/inspec.yml +0 -0
data/examples/kitchen-ansible/.kitchen.yml +0 -0
data/examples/kitchen-ansible/Gemfile +0 -0
data/examples/kitchen-ansible/README.md +0 -0
data/examples/kitchen-ansible/files/nginx.repo +0 -0
data/examples/kitchen-ansible/tasks/main.yml +0 -0
data/examples/kitchen-ansible/test/integration/default/default.yml +0 -0
data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -0
data/examples/kitchen-chef/.kitchen.yml +0 -0
data/examples/kitchen-chef/Berksfile +0 -0
data/examples/kitchen-chef/Gemfile +0 -0
data/examples/kitchen-chef/README.md +0 -0
data/examples/kitchen-chef/metadata.rb +0 -0
data/examples/kitchen-chef/recipes/default.rb +0 -0
data/examples/kitchen-chef/recipes/nginx.rb +0 -0
data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -0
data/examples/kitchen-puppet/.kitchen.yml +0 -0
data/examples/kitchen-puppet/Gemfile +0 -0
data/examples/kitchen-puppet/Puppetfile +0 -0
data/examples/kitchen-puppet/README.md +0 -0
data/examples/kitchen-puppet/manifests/site.pp +0 -0
data/examples/kitchen-puppet/metadata.json +0 -0
data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -0
data/examples/meta-profile/README.md +0 -0
data/examples/meta-profile/controls/example.rb +0 -0
data/examples/meta-profile/inspec.yml +0 -0
data/examples/profile-attribute.yml +0 -0
data/examples/profile-attribute/README.md +0 -0
data/examples/profile-attribute/controls/example.rb +0 -0
data/examples/profile-attribute/inspec.yml +0 -0
data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -0
data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -0
data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -0
data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -0
data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -0
data/examples/profile-aws/inspec.yml +0 -0
data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -0
data/examples/profile-azure/controls/azure_vm_example.rb +0 -0
data/examples/profile-azure/inspec.yml +0 -0
data/examples/profile-sensitive/README.md +0 -0
data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -0
data/examples/profile-sensitive/controls/sensitive.rb +0 -0
data/examples/profile-sensitive/inspec.yml +0 -0
data/examples/profile/README.md +0 -0
data/examples/profile/controls/example.rb +0 -0
data/examples/profile/controls/gordon.rb +0 -0
data/examples/profile/controls/meta.rb +0 -0
data/examples/profile/inspec.yml +0 -0
data/examples/profile/libraries/gordon_config.rb +0 -0
data/inspec.gemspec +1 -1
data/lib/bundles/README.md +0 -0
data/lib/bundles/inspec-artifact.rb +0 -0
data/lib/bundles/inspec-artifact/README.md +0 -0
data/lib/bundles/inspec-artifact/cli.rb +0 -0
data/lib/bundles/inspec-compliance.rb +0 -0
data/lib/bundles/inspec-compliance/.kitchen.yml +0 -0
data/lib/bundles/inspec-compliance/README.md +0 -0
data/lib/bundles/inspec-compliance/api/login.rb +0 -0
data/lib/bundles/inspec-compliance/bootstrap.sh +0 -0
data/lib/bundles/inspec-compliance/cli.rb +0 -0
data/lib/bundles/inspec-compliance/configuration.rb +0 -0
data/lib/bundles/inspec-compliance/http.rb +0 -0
data/lib/bundles/inspec-compliance/images/cc-token.png +0 -0
data/lib/bundles/inspec-compliance/support.rb +0 -0
data/lib/bundles/inspec-compliance/target.rb +0 -0
data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +0 -0
data/lib/bundles/inspec-habitat.rb +0 -0
data/lib/bundles/inspec-habitat/cli.rb +0 -0
data/lib/bundles/inspec-habitat/log.rb +0 -0
data/lib/bundles/inspec-habitat/profile.rb +0 -0
data/lib/bundles/inspec-init.rb +0 -0
data/lib/bundles/inspec-init/README.md +0 -0
data/lib/bundles/inspec-init/cli.rb +0 -0
data/lib/bundles/inspec-init/templates/profile/README.md +0 -0
data/lib/bundles/inspec-init/templates/profile/controls/example.rb +0 -0
data/lib/bundles/inspec-init/templates/profile/inspec.yml +0 -0
data/lib/bundles/inspec-init/templates/profile/libraries/.gitkeep +0 -0
data/lib/bundles/inspec-supermarket.rb +0 -0
data/lib/bundles/inspec-supermarket/README.md +0 -0
data/lib/bundles/inspec-supermarket/api.rb +0 -0
data/lib/bundles/inspec-supermarket/cli.rb +0 -0
data/lib/bundles/inspec-supermarket/target.rb +0 -0
data/lib/fetchers/git.rb +0 -0
data/lib/fetchers/local.rb +0 -0
data/lib/fetchers/mock.rb +0 -0
data/lib/fetchers/url.rb +0 -0
data/lib/inspec.rb +0 -0
data/lib/inspec/archive/tar.rb +0 -0
data/lib/inspec/archive/zip.rb +0 -0
data/lib/inspec/backend.rb +0 -0
data/lib/inspec/base_cli.rb +2 -0
data/lib/inspec/cached_fetcher.rb +0 -0
data/lib/inspec/cli.rb +0 -0
data/lib/inspec/completions/bash.sh.erb +0 -0
data/lib/inspec/completions/fish.sh.erb +0 -0
data/lib/inspec/completions/zsh.sh.erb +0 -0
data/lib/inspec/control_eval_context.rb +0 -0
data/lib/inspec/dependencies/cache.rb +0 -0
data/lib/inspec/dependencies/dependency_set.rb +0 -0
data/lib/inspec/dependencies/lockfile.rb +0 -0
data/lib/inspec/dependencies/requirement.rb +0 -0
data/lib/inspec/dependencies/resolver.rb +0 -0
data/lib/inspec/describe.rb +0 -0
data/lib/inspec/dsl.rb +0 -0
data/lib/inspec/dsl_shared.rb +0 -0
data/lib/inspec/env_printer.rb +0 -0
data/lib/inspec/errors.rb +0 -0
data/lib/inspec/exceptions.rb +0 -0
data/lib/inspec/expect.rb +0 -0
data/lib/inspec/fetcher.rb +0 -0
data/lib/inspec/file_provider.rb +0 -0
data/lib/inspec/formatters.rb +0 -0
data/lib/inspec/formatters/base.rb +0 -0
data/lib/inspec/formatters/json_rspec.rb +0 -0
data/lib/inspec/formatters/show_progress.rb +0 -0
data/lib/inspec/library_eval_context.rb +0 -0
data/lib/inspec/log.rb +0 -0
data/lib/inspec/metadata.rb +0 -0
data/lib/inspec/method_source.rb +0 -0
data/lib/inspec/objects.rb +0 -0
data/lib/inspec/objects/attribute.rb +11 -1
data/lib/inspec/objects/control.rb +0 -0
data/lib/inspec/objects/describe.rb +0 -0
data/lib/inspec/objects/each_loop.rb +0 -0
data/lib/inspec/objects/list.rb +0 -0
data/lib/inspec/objects/or_test.rb +0 -0
data/lib/inspec/objects/ruby_helper.rb +0 -0
data/lib/inspec/objects/tag.rb +0 -0
data/lib/inspec/objects/test.rb +0 -0
data/lib/inspec/objects/value.rb +0 -0
data/lib/inspec/plugins.rb +0 -0
data/lib/inspec/plugins/cli.rb +0 -0
data/lib/inspec/plugins/fetcher.rb +0 -0
data/lib/inspec/plugins/resource.rb +0 -0
data/lib/inspec/plugins/secret.rb +0 -0
data/lib/inspec/plugins/source_reader.rb +0 -0
data/lib/inspec/polyfill.rb +0 -0
data/lib/inspec/profile.rb +0 -0
data/lib/inspec/profile_context.rb +0 -0
data/lib/inspec/profile_vendor.rb +0 -0
data/lib/inspec/reporters.rb +0 -0
data/lib/inspec/reporters/automate.rb +0 -0
data/lib/inspec/reporters/base.rb +0 -0
data/lib/inspec/reporters/cli.rb +0 -0
data/lib/inspec/reporters/json.rb +0 -0
data/lib/inspec/reporters/json_min.rb +0 -0
data/lib/inspec/reporters/junit.rb +1 -0
data/lib/inspec/require_loader.rb +0 -0
data/lib/inspec/resource.rb +0 -0
data/lib/inspec/rule.rb +0 -0
data/lib/inspec/runner.rb +0 -0
data/lib/inspec/runner_mock.rb +0 -0
data/lib/inspec/runner_rspec.rb +0 -0
data/lib/inspec/runtime_profile.rb +0 -0
data/lib/inspec/schema.rb +0 -0
data/lib/inspec/secrets.rb +0 -0
data/lib/inspec/secrets/yaml.rb +0 -0
data/lib/inspec/shell.rb +0 -0
data/lib/inspec/shell_detector.rb +0 -0
data/lib/inspec/source_reader.rb +0 -0
data/lib/inspec/version.rb +1 -1
data/lib/matchers/matchers.rb +0 -0
data/lib/resource_support/aws.rb +0 -0
data/lib/resource_support/aws/aws_backend_base.rb +0 -0
data/lib/resource_support/aws/aws_backend_factory_mixin.rb +0 -0
data/lib/resource_support/aws/aws_plural_resource_mixin.rb +0 -0
data/lib/resource_support/aws/aws_resource_mixin.rb +0 -0
data/lib/resource_support/aws/aws_singular_resource_mixin.rb +0 -0
data/lib/resources/aide_conf.rb +0 -0
data/lib/resources/apache.rb +0 -0
data/lib/resources/apache_conf.rb +0 -0
data/lib/resources/apt.rb +0 -0
data/lib/resources/audit_policy.rb +0 -0
data/lib/resources/auditd.rb +0 -0
data/lib/resources/auditd_conf.rb +0 -0
data/lib/resources/aws/aws_cloudtrail_trail.rb +16 -0
data/lib/resources/aws/aws_cloudtrail_trails.rb +0 -0
data/lib/resources/aws/aws_cloudwatch_alarm.rb +1 -1
data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +0 -0
data/lib/resources/aws/aws_config_delivery_channel.rb +0 -0
data/lib/resources/aws/aws_config_recorder.rb +0 -0
data/lib/resources/aws/aws_ec2_instance.rb +0 -0
data/lib/resources/aws/aws_iam_access_key.rb +0 -0
data/lib/resources/aws/aws_iam_access_keys.rb +0 -0
data/lib/resources/aws/aws_iam_group.rb +4 -2
data/lib/resources/aws/aws_iam_groups.rb +0 -0
data/lib/resources/aws/aws_iam_password_policy.rb +0 -0
data/lib/resources/aws/aws_iam_policies.rb +0 -0
data/lib/resources/aws/aws_iam_policy.rb +148 -0
data/lib/resources/aws/aws_iam_role.rb +0 -0
data/lib/resources/aws/aws_iam_root_user.rb +0 -0
data/lib/resources/aws/aws_iam_user.rb +0 -0
data/lib/resources/aws/aws_iam_users.rb +0 -0
data/lib/resources/aws/aws_kms_key.rb +0 -0
data/lib/resources/aws/aws_kms_keys.rb +0 -0
data/lib/resources/aws/aws_rds_instance.rb +0 -0
data/lib/resources/aws/aws_route_table.rb +0 -0
data/lib/resources/aws/aws_route_tables.rb +0 -0
data/lib/resources/aws/aws_s3_bucket.rb +0 -0
data/lib/resources/aws/aws_s3_bucket_object.rb +0 -0
data/lib/resources/aws/aws_s3_buckets.rb +0 -0
data/lib/resources/aws/aws_security_group.rb +163 -7
data/lib/resources/aws/aws_security_groups.rb +0 -0
data/lib/resources/aws/aws_sns_subscription.rb +0 -0
data/lib/resources/aws/aws_sns_topic.rb +0 -0
data/lib/resources/aws/aws_sns_topics.rb +0 -0
data/lib/resources/aws/aws_subnet.rb +0 -0
data/lib/resources/aws/aws_subnets.rb +0 -0
data/lib/resources/aws/aws_vpc.rb +12 -8
data/lib/resources/aws/aws_vpcs.rb +8 -1
data/lib/resources/azure/azure_backend.rb +0 -0
data/lib/resources/azure/azure_generic_resource.rb +0 -0
data/lib/resources/azure/azure_resource_group.rb +0 -0
data/lib/resources/azure/azure_virtual_machine.rb +0 -0
data/lib/resources/azure/azure_virtual_machine_data_disk.rb +0 -0
data/lib/resources/bash.rb +0 -0
data/lib/resources/bond.rb +0 -0
data/lib/resources/bridge.rb +0 -0
data/lib/resources/chocolatey_package.rb +0 -0
data/lib/resources/command.rb +0 -0
data/lib/resources/cpan.rb +0 -0
data/lib/resources/cran.rb +0 -0
data/lib/resources/crontab.rb +0 -0
data/lib/resources/csv.rb +0 -0
data/lib/resources/dh_params.rb +0 -0
data/lib/resources/directory.rb +0 -0
data/lib/resources/docker.rb +0 -0
data/lib/resources/docker_container.rb +0 -0
data/lib/resources/docker_image.rb +0 -0
data/lib/resources/docker_object.rb +0 -0
data/lib/resources/docker_service.rb +0 -0
data/lib/resources/elasticsearch.rb +0 -0
data/lib/resources/etc_fstab.rb +0 -0
data/lib/resources/etc_group.rb +0 -0
data/lib/resources/etc_hosts.rb +0 -0
data/lib/resources/etc_hosts_allow_deny.rb +0 -0
data/lib/resources/file.rb +0 -0
data/lib/resources/filesystem.rb +0 -0
data/lib/resources/firewalld.rb +0 -0
data/lib/resources/gem.rb +0 -0
data/lib/resources/groups.rb +0 -0
data/lib/resources/grub_conf.rb +0 -0
data/lib/resources/host.rb +0 -0
data/lib/resources/http.rb +0 -0
data/lib/resources/iis_app.rb +0 -0
data/lib/resources/iis_site.rb +0 -0
data/lib/resources/inetd_conf.rb +0 -0
data/lib/resources/ini.rb +0 -0
data/lib/resources/interface.rb +0 -0
data/lib/resources/iptables.rb +0 -0
data/lib/resources/json.rb +0 -0
data/lib/resources/kernel_module.rb +0 -0
data/lib/resources/kernel_parameter.rb +0 -0
data/lib/resources/key_rsa.rb +3 -1
data/lib/resources/limits_conf.rb +0 -0
data/lib/resources/login_def.rb +0 -0
data/lib/resources/mount.rb +0 -0
data/lib/resources/mssql_session.rb +0 -0
data/lib/resources/mysql.rb +0 -0
data/lib/resources/mysql_conf.rb +0 -0
data/lib/resources/mysql_session.rb +0 -0
data/lib/resources/nginx.rb +0 -0
data/lib/resources/nginx_conf.rb +0 -0
data/lib/resources/npm.rb +0 -0
data/lib/resources/ntp_conf.rb +0 -0
data/lib/resources/oneget.rb +0 -0
data/lib/resources/oracledb_session.rb +0 -0
data/lib/resources/os.rb +0 -0
data/lib/resources/os_env.rb +0 -0
data/lib/resources/package.rb +0 -0
data/lib/resources/packages.rb +0 -0
data/lib/resources/parse_config.rb +0 -0
data/lib/resources/passwd.rb +0 -0
data/lib/resources/pip.rb +0 -0
data/lib/resources/platform.rb +0 -0
data/lib/resources/port.rb +0 -0
data/lib/resources/postgres.rb +0 -0
data/lib/resources/postgres_conf.rb +0 -0
data/lib/resources/postgres_hba_conf.rb +0 -0
data/lib/resources/postgres_ident_conf.rb +0 -0
data/lib/resources/postgres_session.rb +0 -0
data/lib/resources/powershell.rb +1 -0
data/lib/resources/processes.rb +0 -0
data/lib/resources/rabbitmq_conf.rb +0 -0
data/lib/resources/registry_key.rb +0 -0
data/lib/resources/security_policy.rb +0 -0
data/lib/resources/service.rb +0 -0
data/lib/resources/shadow.rb +20 -10
data/lib/resources/ssh_conf.rb +0 -0
data/lib/resources/ssl.rb +0 -0
data/lib/resources/sys_info.rb +0 -0
data/lib/resources/toml.rb +0 -0
data/lib/resources/users.rb +0 -0
data/lib/resources/vbscript.rb +0 -0
data/lib/resources/virtualization.rb +0 -0
data/lib/resources/windows_feature.rb +0 -0
data/lib/resources/windows_hotfix.rb +0 -0
data/lib/resources/windows_task.rb +0 -0
data/lib/resources/wmi.rb +0 -0
data/lib/resources/x509_certificate.rb +0 -0
data/lib/resources/xinetd.rb +0 -0
data/lib/resources/xml.rb +0 -0
data/lib/resources/yaml.rb +0 -0
data/lib/resources/yum.rb +0 -0
data/lib/resources/zfs_dataset.rb +0 -0
data/lib/resources/zfs_pool.rb +0 -0
data/lib/source_readers/flat.rb +0 -0
data/lib/source_readers/inspec.rb +0 -0
data/lib/utils/command_wrapper.rb +0 -0
data/lib/utils/convert.rb +0 -0
data/lib/utils/database_helpers.rb +0 -0
data/lib/utils/erlang_parser.rb +0 -0
data/lib/utils/file_reader.rb +0 -0
data/lib/utils/filter.rb +0 -0
data/lib/utils/filter_array.rb +0 -0
data/lib/utils/find_files.rb +0 -0
data/lib/utils/hash.rb +0 -0
data/lib/utils/json_log.rb +0 -0
data/lib/utils/latest_version.rb +0 -0
data/lib/utils/modulator.rb +0 -0
data/lib/utils/nginx_parser.rb +0 -0
data/lib/utils/object_traversal.rb +0 -0
data/lib/utils/parser.rb +0 -0
data/lib/utils/pkey_reader.rb +15 -0
data/lib/utils/plugin_registry.rb +0 -0
data/lib/utils/simpleconfig.rb +0 -0
data/lib/utils/spdx.rb +0 -0
data/lib/utils/spdx.txt +0 -0
metadata +5 -4

data/lib/resources/aws/aws_iam_role.rb CHANGED Viewed

File without changes

data/lib/resources/aws/aws_iam_root_user.rb CHANGED Viewed

File without changes

data/lib/resources/aws/aws_iam_user.rb CHANGED Viewed

File without changes

data/lib/resources/aws/aws_iam_users.rb CHANGED Viewed

File without changes

data/lib/resources/aws/aws_kms_key.rb CHANGED Viewed

File without changes

data/lib/resources/aws/aws_kms_keys.rb CHANGED Viewed

File without changes

data/lib/resources/aws/aws_rds_instance.rb CHANGED Viewed

File without changes

data/lib/resources/aws/aws_route_table.rb CHANGED Viewed

File without changes

data/lib/resources/aws/aws_route_tables.rb CHANGED Viewed

File without changes

data/lib/resources/aws/aws_s3_bucket.rb CHANGED Viewed

File without changes

data/lib/resources/aws/aws_s3_bucket_object.rb CHANGED Viewed

File without changes

data/lib/resources/aws/aws_s3_buckets.rb CHANGED Viewed

File without changes

data/lib/resources/aws/aws_security_group.rb CHANGED Viewed

@@ -1,22 +1,174 @@
+require 'set'
+require 'ipaddr'
 class AwsSecurityGroup < Inspec.resource(1)
   name 'aws_security_group'
   desc 'Verifies settings for an individual AWS Security Group.'
-  example '
-    describe aws_security_group("sg-12345678") do
-      it { should exist }
-    end
-  '
+  example "
+  describe aws_security_group('sg-12345678') do
+    it { should exist }
+  end
+  "
   supports platform: 'aws'
   include AwsSingularResourceMixin
-  attr_reader :description, :group_id, :group_name, :vpc_id
+  attr_reader :description, :group_id, :group_name, :vpc_id, :inbound_rules, :outbound_rules
   def to_s
     "EC2 Security Group #{@group_id}"
   end
+  def allow_in?(criteria = {})
+    allow(inbound_rules, criteria)
+  end
+  RSpec::Matchers.alias_matcher :allow_in, :be_allow_in
+  def allow_out?(criteria = {})
+    allow(outbound_rules, criteria)
+  end
+  RSpec::Matchers.alias_matcher :allow_out, :be_allow_out
+  def allow_in_only?(criteria = {})
+    allow_only(inbound_rules, criteria)
+  end
+  RSpec::Matchers.alias_matcher :allow_in_only, :be_allow_in_only
+  def allow_out_only?(criteria = {})
+    allow_only(outbound_rules, criteria)
+  end
+  RSpec::Matchers.alias_matcher :allow_out_only, :be_allow_out_only
   private
+  def allow_only(rules, criteria)
+    # allow_{in_out}_only require either a single-rule group, or you
+    # to select a rule using position.
+    return false unless rules.count == 1 || criteria.key?(:position)
+    criteria[:exact] = true
+    allow(rules, criteria)
+  end
+  def allow(rules, criteria)
+    criteria = allow__check_criteria(criteria)
+    rules = allow__focus_on_position(rules, criteria)
+    rules.any? do |rule|
+      matched = true
+      matched &&= allow__match_port(rule, criteria)
+      matched &&= allow__match_protocol(rule, criteria)
+      matched &&= allow__match_ipv4_range(rule, criteria)
+      matched
+    end
+  end
+  def allow__check_criteria(raw_criteria)
+    allowed_criteria = [
+      :from_port,
+      :ipv4_range,
+      :port,
+      :position,
+      :protocol,
+      :to_port,
+      :exact, # Internal
+    ]
+    recognized_criteria = {}
+    allowed_criteria.each do |expected_criterion|
+      if raw_criteria.key?(expected_criterion)
+        recognized_criteria[expected_criterion] = raw_criteria.delete(expected_criterion)
+      end
+    end
+    # Any leftovers are unwelcome
+    unless raw_criteria.empty?
+      raise ArgumentError, "Unrecognized security group rule 'allow' criteria '#{raw_criteria.keys.join(',')}'. Expected criteria: #{allowed_criteria.join(', ')}"
+    end
+    recognized_criteria
+  end
+  def allow__focus_on_position(rules, criteria)
+    return rules unless criteria.key?(:position)
+    idx = criteria.delete(:position)
+    # Normalize to a zero-based numeric index
+    case # rubocop: disable Style/EmptyCaseCondition
+    when idx.is_a?(Symbol) && idx == :first
+      idx = 0
+    when idx.is_a?(Symbol) && idx == :last
+      idx = rules.count - 1
+    when idx.is_a?(String)
+      idx = idx.to_i - 1 # We document this as 1-based, so adjust to be zero-based.
+    when idx.is_a?(Numeric)
+      idx -= 1 # We document this as 1-based, so adjust to be zero-based.
+    else
+      raise ArgumentError, "aws_security_group 'allow' 'position' criteria must be an integer or the symbols :first or :last"
+    end
+    unless idx < rules.count
+      raise ArgumentError, "aws_security_group 'allow' 'position' criteria #{idx+1} is out of range - there are only #{rules.count} rules for security group #{group_id}."
+    end
+    [rules[idx]]
+  end
+  def allow__match_port(rule, criteria) # rubocop: disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize
+    if criteria[:exact] || criteria[:from_port] || criteria[:to_port]
+      # Exact match mode
+      # :port is shorthand for a single-valued port range.
+      criteria[:to_port] = criteria[:from_port] = criteria[:port] if criteria[:port]
+      to = criteria[:to_port]
+      from = criteria[:from_port]
+      # It's a match if neither criteria was specified
+      return true if to.nil? && from.nil?
+      # Normalize to integers
+      to = to.to_i unless to.nil?
+      from = from.to_i unless from.nil?
+      # It's a match if either was specified and the other was not
+      return true if rule[:to_port] == to && from.nil?
+      return true if rule[:from_port] == from && to.nil?
+      # Finally, both must match.
+      rule[:to_port] == to && rule[:from_port] == from
+    elsif !criteria[:port]
+      # port not specified, match anything
+      true
+    else
+      # Range membership mode
+      rule_from = rule[:from_port] || 0
+      rule_to = rule[:to_port] || 65535
+      (rule_from..rule_to).cover?(criteria[:port].to_i)
+    end
+  end
+  def allow__match_protocol(rule, criteria)
+    return true unless criteria.key?(:protocol)
+    prot = criteria[:protocol]
+    # We provide a "fluency alias" for -1 (any).
+    prot = '-1' if prot == 'any'
+    rule[:ip_protocol] == prot
+  end
+  def allow__match_ipv4_range(rule, criteria)
+    return true unless criteria.key?(:ipv4_range)
+    query = criteria[:ipv4_range]
+    query = [query] unless query.is_a?(Array)
+    ranges = rule[:ip_ranges].map { |rng| rng[:cidr_ip] }
+    if criteria[:exact]
+      Set.new(query) == Set.new(ranges)
+    else
+      # CIDR subset mode
+      # "Each of the provided IP ranges must be a member of one of the rule's listed IP ranges"
+      query.all? do |candidate|
+        candidate = IPAddr.new(candidate)
+        ranges.any? do |range|
+          range = IPAddr.new(range)
+          range.include?(candidate)
+        end
+      end
+    end
+  end
   def validate_params(raw_params)
     recognized_params = check_resource_param_names(
       raw_params: raw_params,
@@ -44,7 +196,7 @@ class AwsSecurityGroup < Inspec.resource(1)
     validated_params
   end
-  def fetch_from_api
+  def fetch_from_api # rubocop: disable Metrics/AbcSize
     backend = BackendFactory.create(inspec_runner)
     # Transform into filter format expected by AWS
@@ -70,6 +222,8 @@ class AwsSecurityGroup < Inspec.resource(1)
     if dsg_response.security_groups.empty?
       @exists = false
+      @inbound_rules = []
+      @outbound_rules = []
       return
     end
@@ -78,6 +232,8 @@ class AwsSecurityGroup < Inspec.resource(1)
     @group_id   = dsg_response.security_groups[0].group_id
     @group_name = dsg_response.security_groups[0].group_name
     @vpc_id     = dsg_response.security_groups[0].vpc_id
+    @inbound_rules = dsg_response.security_groups[0].ip_permissions.map(&:to_h)
+    @outbound_rules = dsg_response.security_groups[0].ip_permissions_egress.map(&:to_h)
   end
   class Backend

data/lib/resources/aws/aws_security_groups.rb CHANGED Viewed

File without changes

data/lib/resources/aws/aws_sns_subscription.rb CHANGED Viewed

File without changes

data/lib/resources/aws/aws_sns_topic.rb CHANGED Viewed

File without changes

data/lib/resources/aws/aws_sns_topics.rb CHANGED Viewed

File without changes

data/lib/resources/aws/aws_subnet.rb CHANGED Viewed

File without changes

data/lib/resources/aws/aws_subnets.rb CHANGED Viewed

File without changes

data/lib/resources/aws/aws_vpc.rb CHANGED Viewed

@@ -15,11 +15,8 @@ class AwsVpc < Inspec.resource(1)
     "VPC #{vpc_id}"
   end
-  [:cidr_block, :dhcp_options_id, :state, :vpc_id, :instance_tenancy, :is_default].each do |property|
-    define_method(property) do
-      @vpc[property]
-    end
-  end
+  attr_reader :cidr_block, :dhcp_options_id, :instance_tenancy, :is_default,\
+              :state, :vpc_id
   alias default? is_default
@@ -51,9 +48,16 @@ class AwsVpc < Inspec.resource(1)
     resp = backend.describe_vpcs({ filters: [filter] })
-    @vpc = resp.vpcs[0].to_h
-    @vpc_id = @vpc[:vpc_id]
-    @exists = !@vpc.empty?
+    vpc = resp.vpcs[0].to_h
+    @exists = !vpc.empty?
+    return unless @exists
+    @cidr_block = vpc[:cidr_block]
+    @dhcp_options_id = vpc[:dhcp_options_id]
+    @instance_tenancy = vpc[:instance_tenancy]
+    @is_default = vpc[:is_default]
+    @state = vpc[:state]
+    @vpc_id = vpc[:vpc_id]
   end
   class Backend

data/lib/resources/aws/aws_vpcs.rb CHANGED Viewed

@@ -13,7 +13,13 @@ class AwsVpcs < Inspec.resource(1)
   # Underlying FilterTable implementation.
   filter = FilterTable.create
   filter.add_accessor(:entries)
+        .add_accessor(:where)
         .add(:exists?) { |x| !x.entries.empty? }
+        .add(:cidr_blocks, field: :cidr_block)
+        .add(:vpc_ids, field: :vpc_id)
+  # We need a dummy here, so FilterTable will define and populate the dhcp_options_id field
+  filter.add(:dummy, field: :dhcp_options_id)
+        .add(:dhcp_options_ids) { |obj| obj.entries.map(&:dhcp_options_id).uniq }
   filter.connect(self, :table)
   def validate_params(raw_params)
@@ -29,7 +35,8 @@ class AwsVpcs < Inspec.resource(1)
   end
   def fetch_from_api
-    @table = BackendFactory.create(inspec_runner).describe_vpcs.to_h[:vpcs]
+    describe_vpcs_response = BackendFactory.create(inspec_runner).describe_vpcs
+    @table = describe_vpcs_response.to_h[:vpcs].map(&:to_h)
   end
   class Backend

data/lib/resources/azure/azure_backend.rb CHANGED Viewed

File without changes

data/lib/resources/azure/azure_generic_resource.rb CHANGED Viewed

File without changes

data/lib/resources/azure/azure_resource_group.rb CHANGED Viewed

File without changes

data/lib/resources/azure/azure_virtual_machine.rb CHANGED Viewed

File without changes

data/lib/resources/azure/azure_virtual_machine_data_disk.rb CHANGED Viewed

File without changes

data/lib/resources/bash.rb CHANGED Viewed

File without changes

data/lib/resources/bond.rb CHANGED Viewed

File without changes

data/lib/resources/bridge.rb CHANGED Viewed

File without changes

data/lib/resources/chocolatey_package.rb CHANGED Viewed

File without changes

data/lib/resources/command.rb CHANGED Viewed

File without changes

data/lib/resources/cpan.rb CHANGED Viewed

File without changes

data/lib/resources/cran.rb CHANGED Viewed

File without changes

data/lib/resources/crontab.rb CHANGED Viewed

File without changes

data/lib/resources/csv.rb CHANGED Viewed

File without changes

data/lib/resources/dh_params.rb CHANGED Viewed

File without changes

data/lib/resources/directory.rb CHANGED Viewed

File without changes

data/lib/resources/docker.rb CHANGED Viewed

File without changes

data/lib/resources/docker_container.rb CHANGED Viewed

File without changes

data/lib/resources/docker_image.rb CHANGED Viewed

File without changes

data/lib/resources/docker_object.rb CHANGED Viewed

File without changes

data/lib/resources/docker_service.rb CHANGED Viewed

File without changes

data/lib/resources/elasticsearch.rb CHANGED Viewed

File without changes

data/lib/resources/etc_fstab.rb CHANGED Viewed

File without changes

data/lib/resources/etc_group.rb CHANGED Viewed

File without changes

data/lib/resources/etc_hosts.rb CHANGED Viewed

File without changes

data/lib/resources/etc_hosts_allow_deny.rb CHANGED Viewed

File without changes

data/lib/resources/file.rb CHANGED Viewed

File without changes

data/lib/resources/filesystem.rb CHANGED Viewed

File without changes

data/lib/resources/firewalld.rb CHANGED Viewed

File without changes

data/lib/resources/gem.rb CHANGED Viewed

File without changes

data/lib/resources/groups.rb CHANGED Viewed

File without changes

data/lib/resources/grub_conf.rb CHANGED Viewed

File without changes

data/lib/resources/host.rb CHANGED Viewed

File without changes

data/lib/resources/http.rb CHANGED Viewed

File without changes

data/lib/resources/iis_app.rb CHANGED Viewed

File without changes

data/lib/resources/iis_site.rb CHANGED Viewed

File without changes

data/lib/resources/inetd_conf.rb CHANGED Viewed

File without changes

data/lib/resources/ini.rb CHANGED Viewed

File without changes

data/lib/resources/interface.rb CHANGED Viewed

File without changes

data/lib/resources/iptables.rb CHANGED Viewed

File without changes

data/lib/resources/json.rb CHANGED Viewed

File without changes

data/lib/resources/kernel_module.rb CHANGED Viewed

File without changes

data/lib/resources/kernel_parameter.rb CHANGED Viewed

File without changes

data/lib/resources/key_rsa.rb CHANGED Viewed

@@ -3,6 +3,7 @@
 require 'openssl'
 require 'hashie/mash'
 require 'utils/file_reader'
+require 'utils/pkey_reader'
 module Inspec::Resources
   class RsaKey < Inspec.resource(1)
@@ -22,11 +23,12 @@ module Inspec::Resources
     "
     include FileReader
+    include PkeyReader
     def initialize(keypath, passphrase = nil)
       @key_path = keypath
       @passphrase = passphrase
-      @key = OpenSSL::PKey.read(read_file_content(@key_path, allow_empty: true), @passphrase)
+      @key = read_pkey(read_file_content(@key_path, allow_empty: true), @passphrase)
     end
     def public?

data/lib/resources/limits_conf.rb CHANGED Viewed

File without changes

data/lib/resources/login_def.rb CHANGED Viewed

File without changes

data/lib/resources/mount.rb CHANGED Viewed

File without changes

data/lib/resources/mssql_session.rb CHANGED Viewed

File without changes