inspec 2.1.81 → 2.1.83

data/lib/resources/mysql_session.rb

@@ -1,85 +1,85 @@
-# encoding: utf-8
-# copyright: 2015, Vulcano Security GmbH
-
-require 'shellwords'
-
-module Inspec::Resources
-  class MysqlSession < Inspec.resource(1)
-    name 'mysql_session'
-    supports platform: 'unix'
-    supports platform: 'windows'
-    desc 'Use the mysql_session InSpec audit resource to test SQL commands run against a MySQL database.'
-    example "
-      sql = mysql_session('my_user','password','host')
-      describe sql.query('show databases like \'test\';') do
-        its('stdout') { should_not match(/test/) }
-      end
-    "
-
-    def initialize(user = nil, pass = nil, host = 'localhost', port = nil, socket = nil)
-      @user = user
-      @pass = pass
-      @host = host
-      @port = port
-      @socket = socket
-      init_fallback if user.nil? or pass.nil?
-      skip_resource("Can't run MySQL SQL checks without authentication") if @user.nil? or @pass.nil?
-    end
-
-    def query(q, db = '')
-      mysql_cmd = create_mysql_cmd(q, db)
-      cmd = inspec.command(mysql_cmd)
-      out = cmd.stdout + "\n" + cmd.stderr
-      if out =~ /Can't connect to .* MySQL server/ || out.downcase =~ /^error/
-        # skip this test if the server can't run the query
-        warn("Can't connect to MySQL instance for SQL checks.")
-      end
-
-      # return the raw command output
-      cmd
-    end
-
-    def to_s
-      'MySQL Session'
-    end
-
-    private
-
-    def escape_string(query)
-      Shellwords.escape(query)
-    end
-
-    def create_mysql_cmd(q, db = '')
-      # TODO: simple escape, must be handled by a library
-      # that does this securely
-      escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
-
-      # construct the query
-      command = 'mysql'
-      command += " -u#{escape_string(@user)}" unless @user.nil?
-      command += " -p#{escape_string(@pass)}" unless @pass.nil?
-
-      if !@socket.nil?
-        command += " -S #{@socket}"
-      else
-        command += " -h #{@host}"
-      end
-      command += " --port #{@port}" unless @port.nil?
-      command += " #{db}" unless db.empty?
-      command += %{ -s -e "#{escaped_query}"}
-      command
-    end
-
-    def init_fallback
-      # support debian mysql administration login
-      debian = inspec.command('test -f /etc/mysql/debian.cnf && cat /etc/mysql/debian.cnf').stdout
-      return if debian.empty?
-
-      user = debian.match(/^\s*user\s*=\s*([^ ]*)\s*$/)
-      pass = debian.match(/^\s*password\s*=\s*([^ ]*)\s*$/)
-      return if user.nil? or pass.nil?
-      @user = user[1]
-      @pass = pass[1]
-    end
-  end
-end
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+
+require 'shellwords'
+
+module Inspec::Resources
+  class MysqlSession < Inspec.resource(1)
+    name 'mysql_session'
+    supports platform: 'unix'
+    supports platform: 'windows'
+    desc 'Use the mysql_session InSpec audit resource to test SQL commands run against a MySQL database.'
+    example "
+      sql = mysql_session('my_user','password','host')
+      describe sql.query('show databases like \'test\';') do
+        its('stdout') { should_not match(/test/) }
+      end
+    "
+
+    def initialize(user = nil, pass = nil, host = 'localhost', port = nil, socket = nil)
+      @user = user
+      @pass = pass
+      @host = host
+      @port = port
+      @socket = socket
+      init_fallback if user.nil? or pass.nil?
+      skip_resource("Can't run MySQL SQL checks without authentication") if @user.nil? or @pass.nil?
+    end
+
+    def query(q, db = '')
+      mysql_cmd = create_mysql_cmd(q, db)
+      cmd = inspec.command(mysql_cmd)
+      out = cmd.stdout + "\n" + cmd.stderr
+      if out =~ /Can't connect to .* MySQL server/ || out.downcase =~ /^error/
+        # skip this test if the server can't run the query
+        warn("Can't connect to MySQL instance for SQL checks.")
+      end
+
+      # return the raw command output
+      cmd
+    end
+
+    def to_s
+      'MySQL Session'
+    end
+
+    private
+
+    def escape_string(query)
+      Shellwords.escape(query)
+    end
+
+    def create_mysql_cmd(q, db = '')
+      # TODO: simple escape, must be handled by a library
+      # that does this securely
+      escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
+
+      # construct the query
+      command = 'mysql'
+      command += " -u#{escape_string(@user)}" unless @user.nil?
+      command += " -p#{escape_string(@pass)}" unless @pass.nil?
+
+      if !@socket.nil?
+        command += " -S #{@socket}"
+      else
+        command += " -h #{@host}"
+      end
+      command += " --port #{@port}" unless @port.nil?
+      command += " #{db}" unless db.empty?
+      command += %{ -s -e "#{escaped_query}"}
+      command
+    end
+
+    def init_fallback
+      # support debian mysql administration login
+      debian = inspec.command('test -f /etc/mysql/debian.cnf && cat /etc/mysql/debian.cnf').stdout
+      return if debian.empty?
+
+      user = debian.match(/^\s*user\s*=\s*([^ ]*)\s*$/)
+      pass = debian.match(/^\s*password\s*=\s*([^ ]*)\s*$/)
+      return if user.nil? or pass.nil?
+      @user = user[1]
+      @pass = pass[1]
+    end
+  end
+end

data/lib/resources/nginx.rb

@@ -1,96 +1,96 @@
-# encoding: utf-8
-
-require 'pathname'
-require 'hashie/mash'
-
-module Inspec::Resources
-  class Nginx < Inspec.resource(1)
-    name 'nginx'
-    supports platform: 'unix'
-    desc 'Use the nginx InSpec audit resource to test information about your NGINX instance.'
-    example "
-      describe nginx do
-        its('conf_path') { should cmp '/etc/nginx/nginx.conf' }
-      end
-      describe nginx('/etc/sbin/') do
-        its('version') { should be >= '1.0.0' }
-      end
-      describe nginx do
-        its('modules') { should include 'my_module' }
-      end
-    "
-    attr_reader :params, :bin_dir
-
-    def initialize(nginx_path = '/usr/sbin/nginx')
-      return skip_resource 'The `nginx` resource is not yet available on your OS.' if inspec.os.windows?
-      return skip_resource 'The `nginx` binary not found in the path provided.' unless inspec.command(nginx_path).exist?
-
-      cmd = inspec.command("#{nginx_path} -V 2>&1")
-      if !cmd.exit_status.zero?
-        return skip_resource 'Error using the command nginx -V'
-      end
-      @data = cmd.stdout
-      @params = {}
-      read_content
-    end
-
-    %w{error_log_path http_client_body_temp_path http_fastcgi_temp_path http_log_path http_proxy_temp_path http_scgi_temp_path http_uwsgi_temp_path lock_path modules_path prefix sbin_path service version}.each do |property|
-      define_method(property.to_sym) do
-        @params[property.to_sym]
-      end
-    end
-
-    def openssl_version
-      result = @data.scan(/built with OpenSSL\s(\S+)\s(\d+\s\S+\s\d{4})/).flatten
-      Hashie::Mash.new({ 'version' => result[0], 'date' => result[1] })
-    end
-
-    def compiler_info
-      result = @data.scan(/built by (\S+)\s(\S+)\s(\S+)/).flatten
-      Hashie::Mash.new({ 'compiler' => result[0], 'version' => result[1], 'date' => result[2] })
-    end
-
-    def support_info
-      support_info = @data.scan(/(.*\S+) support enabled/).flatten
-      support_info.empty? ? nil : support_info.join(' ')
-    end
-
-    def modules
-      @data.scan(/--with-(\S+)_module/).flatten
-    end
-
-    def to_s
-      'Nginx Environment'
-    end
-
-    private
-
-    def read_content
-      parse_config
-      parse_path
-      parse_http_path
-    end
-
-    def parse_config
-      @params[:prefix] = @data.scan(/--prefix=(\S+)\s/).flatten.first
-      @params[:service] = 'nginx'
-      @params[:version] = @data.scan(%r{nginx version: nginx\/(\S+)\s}).flatten.first
-    end
-
-    def parse_path
-      @params[:sbin_path] = @data.scan(/--sbin-path=(\S+)\s/).flatten.first
-      @params[:modules_path] = @data.scan(/--modules-path=(\S+)\s/).flatten.first
-      @params[:error_log_path] = @data.scan(/--error-log-path=(\S+)\s/).flatten.first
-      @params[:http_log_path] = @data.scan(/--http-log-path=(\S+)\s/).flatten.first
-      @params[:lock_path] = @data.scan(/--lock-path=(\S+)\s/).flatten.first
-    end
-
-    def parse_http_path
-      @params[:http_client_body_temp_path] = @data.scan(/--http-client-body-temp-path=(\S+)\s/).flatten.first
-      @params[:http_proxy_temp_path] = @data.scan(/--http-proxy-temp-path=(\S+)\s/).flatten.first
-      @params[:http_fastcgi_temp_path] = @data.scan(/--http-fastcgi-temp-path=(\S+)\s/).flatten.first
-      @params[:http_uwsgi_temp_path] = @data.scan(/--http-uwsgi-temp-path=(\S+)\s/).flatten.first
-      @params[:http_scgi_temp_path] = @data.scan(/--http-scgi-temp-path=(\S+)\s/).flatten.first
-    end
-  end
-end
+# encoding: utf-8
+
+require 'pathname'
+require 'hashie/mash'
+
+module Inspec::Resources
+  class Nginx < Inspec.resource(1)
+    name 'nginx'
+    supports platform: 'unix'
+    desc 'Use the nginx InSpec audit resource to test information about your NGINX instance.'
+    example "
+      describe nginx do
+        its('conf_path') { should cmp '/etc/nginx/nginx.conf' }
+      end
+      describe nginx('/etc/sbin/') do
+        its('version') { should be >= '1.0.0' }
+      end
+      describe nginx do
+        its('modules') { should include 'my_module' }
+      end
+    "
+    attr_reader :params, :bin_dir
+
+    def initialize(nginx_path = '/usr/sbin/nginx')
+      return skip_resource 'The `nginx` resource is not yet available on your OS.' if inspec.os.windows?
+      return skip_resource 'The `nginx` binary not found in the path provided.' unless inspec.command(nginx_path).exist?
+
+      cmd = inspec.command("#{nginx_path} -V 2>&1")
+      if !cmd.exit_status.zero?
+        return skip_resource 'Error using the command nginx -V'
+      end
+      @data = cmd.stdout
+      @params = {}
+      read_content
+    end
+
+    %w{error_log_path http_client_body_temp_path http_fastcgi_temp_path http_log_path http_proxy_temp_path http_scgi_temp_path http_uwsgi_temp_path lock_path modules_path prefix sbin_path service version}.each do |property|
+      define_method(property.to_sym) do
+        @params[property.to_sym]
+      end
+    end
+
+    def openssl_version
+      result = @data.scan(/built with OpenSSL\s(\S+)\s(\d+\s\S+\s\d{4})/).flatten
+      Hashie::Mash.new({ 'version' => result[0], 'date' => result[1] })
+    end
+
+    def compiler_info
+      result = @data.scan(/built by (\S+)\s(\S+)\s(\S+)/).flatten
+      Hashie::Mash.new({ 'compiler' => result[0], 'version' => result[1], 'date' => result[2] })
+    end
+
+    def support_info
+      support_info = @data.scan(/(.*\S+) support enabled/).flatten
+      support_info.empty? ? nil : support_info.join(' ')
+    end
+
+    def modules
+      @data.scan(/--with-(\S+)_module/).flatten
+    end
+
+    def to_s
+      'Nginx Environment'
+    end
+
+    private
+
+    def read_content
+      parse_config
+      parse_path
+      parse_http_path
+    end
+
+    def parse_config
+      @params[:prefix] = @data.scan(/--prefix=(\S+)\s/).flatten.first
+      @params[:service] = 'nginx'
+      @params[:version] = @data.scan(%r{nginx version: nginx\/(\S+)\s}).flatten.first
+    end
+
+    def parse_path
+      @params[:sbin_path] = @data.scan(/--sbin-path=(\S+)\s/).flatten.first
+      @params[:modules_path] = @data.scan(/--modules-path=(\S+)\s/).flatten.first
+      @params[:error_log_path] = @data.scan(/--error-log-path=(\S+)\s/).flatten.first
+      @params[:http_log_path] = @data.scan(/--http-log-path=(\S+)\s/).flatten.first
+      @params[:lock_path] = @data.scan(/--lock-path=(\S+)\s/).flatten.first
+    end
+
+    def parse_http_path
+      @params[:http_client_body_temp_path] = @data.scan(/--http-client-body-temp-path=(\S+)\s/).flatten.first
+      @params[:http_proxy_temp_path] = @data.scan(/--http-proxy-temp-path=(\S+)\s/).flatten.first
+      @params[:http_fastcgi_temp_path] = @data.scan(/--http-fastcgi-temp-path=(\S+)\s/).flatten.first
+      @params[:http_uwsgi_temp_path] = @data.scan(/--http-uwsgi-temp-path=(\S+)\s/).flatten.first
+      @params[:http_scgi_temp_path] = @data.scan(/--http-scgi-temp-path=(\S+)\s/).flatten.first
+    end
+  end
+end

data/lib/resources/nginx_conf.rb

@@ -1,226 +1,226 @@
-# encoding: utf-8
-
-require 'utils/nginx_parser'
-require 'utils/find_files'
-require 'utils/file_reader'
-require 'forwardable'
-
-# STABILITY: Experimental
-# This resouce needs a proper interace to the underlying data, which is currently missing.
-# Until it is added, we will keep it experimental.
-#
-# TODO: Support it on Windows. To do so, we need to recognize the base os and how
-# it combines the file path. Calling `File.join` or similar methods may lead to errors
-# when running remotely.
-module Inspec::Resources
-  class NginxConf < Inspec.resource(1)
-    name 'nginx_conf'
-    supports platform: 'unix'
-    desc 'Use the nginx_conf InSpec resource to test configuration data '\
-         'for the NginX web server located in /etc/nginx/nginx.conf on '\
-         'Linux and UNIX platforms.'
-    example "
-      describe nginx_conf.params ...
-      describe nginx_conf('/path/to/my/nginx.conf').params ...
-    "
-
-    extend Forwardable
-
-    include FindFiles
-    include FileReader
-
-    attr_reader :contents
-
-    def initialize(conf_path = nil)
-      @conf_path = conf_path || '/etc/nginx/nginx.conf'
-      @contents = {}
-      return skip_resource 'The `nginx_conf` resource is currently not supported on Windows.' if inspec.os.windows?
-      read_content(@conf_path)
-    end
-
-    def params
-      @params ||= parse_nginx(@conf_path)
-    rescue StandardError => e
-      skip_resource e.message
-      @params = {}
-    end
-
-    def http
-      NginxConfHttp.new(params['http'], self)
-    end
-
-    def_delegators :http, :servers, :locations
-
-    def to_s
-      "nginx_conf #{@conf_path}"
-    end
-
-    private
-
-    def read_content(path)
-      return @contents[path] if @contents.key?(path)
-      @contents[path] = read_file_content(path, allow_empty: true)
-    end
-
-    def parse_nginx(path)
-      return nil if inspec.os.windows?
-      content = read_content(path)
-      data = NginxConfig.parse(content)
-      resolve_references(data, File.dirname(path))
-    rescue StandardError => _
-      raise "Cannot parse NginX config in #{path}."
-    end
-
-    # Cycle through the complete parsed data structure and try to find any
-    # calls to `include`. In NginX, this is used to embed data from other
-    # files into the current data structure.
-    #
-    # The method steps through the object structure that is passed in to
-    # find any calls to 'include' and returns the object structure with the
-    # included data merged in.
-    #
-    # @param data [Hash] data structure from NginxConfig.parse
-    # @param rel_path [String] the relative path from which this config is read
-    # @return [Hash] data structure with references included
-    def resolve_references(data, rel_path)
-      # Walk through all array entries to find more references
-      return data.map { |x| resolve_references(x, rel_path) } if data.is_a?(Array)
-
-      # Return any data that we cannot step into to find more `include` calls
-      return data unless data.is_a?(Hash)
-
-      # Any call to `include` gets its data read, parsed, and merged back
-      # into the current data structure
-      if data.key?('include')
-        data.delete('include').flatten
-            .map { |x| File.expand_path(x, rel_path) }
-            .map { |x| find_files(x) }.flatten
-            .map { |path| parse_nginx(path) }
-            .each { |conf| merge_config!(data, conf) }
-      end
-
-      # Walk through the remaining hash fields to find more references
-      Hash[data.map { |k, v| [k, resolve_references(v, rel_path)] }]
-    end
-
-    # Deep merge fields from NginxConfig.parse.
-    # A regular merge would overwrite values so a deep merge is needed.
-    # @param data [Hash] data structure from NginxConfig.parse
-    # @param conf [Hash] data structure to be deep merged into data
-    # @return [Hash] data structure with conf and data deep merged
-    def merge_config!(data, conf)
-      # Catch edge-cases
-      return if data.nil? || conf.nil?
-      # Step through all conf items and create combined return value
-      data.merge!(conf) do |_, v1, v2|
-        if v1.is_a?(Array) && v2.is_a?(Array)
-          # If both the data field and the conf field are arrays, then combine them
-          v1 + v2
-        elsif v1.is_a?(Hash) && v2.is_a?(Hash)
-          # If both the data field and the conf field are maps, then deep merge them
-          merge_config!(v1, v2)
-        else
-          # All other cases, just use the new value (regular merge behavior)
-          v2
-        end
-      end
-    end
-  end
-
-  class NginxConfHttp
-    attr_reader :entries
-    def initialize(params, parent)
-      @parent = parent
-      @entries = (params || []).map { |x| NginxConfHttpEntry.new(x, parent) }
-    end
-
-    def servers
-      @entries.map(&:servers).flatten
-    end
-
-    def locations
-      servers.map(&:locations).flatten
-    end
-
-    def to_s
-      @parent.to_s + ', http entries'
-    end
-    alias inspect to_s
-  end
-
-  class NginxConfHttpEntry
-    attr_reader :params, :parent
-    def initialize(params, parent)
-      @params = params || {}
-      @parent = parent
-    end
-
-    filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add(:servers, field: 'server')
-          .connect(self, :server_table)
-
-    def locations
-      servers.map(&:locations).flatten
-    end
-
-    def to_s
-      @parent.to_s + ', http entry'
-    end
-    alias inspect to_s
-
-    private
-
-    def server_table
-      @server_table ||= (params['server'] || []).map { |x| { 'server' => NginxConfServer.new(x, self) } }
-    end
-  end
-
-  class NginxConfServer
-    attr_reader :params, :parent
-    def initialize(params, parent)
-      @parent = parent
-      @params = params || {}
-    end
-
-    filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add(:locations, field: 'location')
-          .connect(self, :location_table)
-
-    def to_s
-      server = ''
-      name = Array(params['server_name']).flatten.first
-      unless name.nil?
-        server += name
-        listen = Array(params['listen']).flatten.first
-        server += ":#{listen}" unless listen.nil?
-      end
-
-      # go two levels up: 1. to the http entry and 2. to the root nginx conf
-      @parent.parent.to_s + ", server #{server}"
-    end
-    alias inspect to_s
-
-    private
-
-    def location_table
-      @location_table ||= (params['location'] || []).map { |x| { 'location' => NginxConfLocation.new(x, self) } }
-    end
-  end
-
-  class NginxConfLocation
-    attr_reader :params, :parent
-    def initialize(params, parent)
-      @parent = parent
-      @params = params || {}
-    end
-
-    def to_s
-      location = Array(params['_']).join(' ')
-      # go three levels up: 1. to the server entry, 2. http entry and 3. to the root nginx conf
-      @parent.parent.parent.to_s + ", location #{location.inspect}"
-    end
-    alias inspect to_s
-  end
-end
+# encoding: utf-8
+
+require 'utils/nginx_parser'
+require 'utils/find_files'
+require 'utils/file_reader'
+require 'forwardable'
+
+# STABILITY: Experimental
+# This resouce needs a proper interace to the underlying data, which is currently missing.
+# Until it is added, we will keep it experimental.
+#
+# TODO: Support it on Windows. To do so, we need to recognize the base os and how
+# it combines the file path. Calling `File.join` or similar methods may lead to errors
+# when running remotely.
+module Inspec::Resources
+  class NginxConf < Inspec.resource(1)
+    name 'nginx_conf'
+    supports platform: 'unix'
+    desc 'Use the nginx_conf InSpec resource to test configuration data '\
+         'for the NginX web server located in /etc/nginx/nginx.conf on '\
+         'Linux and UNIX platforms.'
+    example "
+      describe nginx_conf.params ...
+      describe nginx_conf('/path/to/my/nginx.conf').params ...
+    "
+
+    extend Forwardable
+
+    include FindFiles
+    include FileReader
+
+    attr_reader :contents
+
+    def initialize(conf_path = nil)
+      @conf_path = conf_path || '/etc/nginx/nginx.conf'
+      @contents = {}
+      return skip_resource 'The `nginx_conf` resource is currently not supported on Windows.' if inspec.os.windows?
+      read_content(@conf_path)
+    end
+
+    def params
+      @params ||= parse_nginx(@conf_path)
+    rescue StandardError => e
+      skip_resource e.message
+      @params = {}
+    end
+
+    def http
+      NginxConfHttp.new(params['http'], self)
+    end
+
+    def_delegators :http, :servers, :locations
+
+    def to_s
+      "nginx_conf #{@conf_path}"
+    end
+
+    private
+
+    def read_content(path)
+      return @contents[path] if @contents.key?(path)
+      @contents[path] = read_file_content(path, allow_empty: true)
+    end
+
+    def parse_nginx(path)
+      return nil if inspec.os.windows?
+      content = read_content(path)
+      data = NginxConfig.parse(content)
+      resolve_references(data, File.dirname(path))
+    rescue StandardError => _
+      raise "Cannot parse NginX config in #{path}."
+    end
+
+    # Cycle through the complete parsed data structure and try to find any
+    # calls to `include`. In NginX, this is used to embed data from other
+    # files into the current data structure.
+    #
+    # The method steps through the object structure that is passed in to
+    # find any calls to 'include' and returns the object structure with the
+    # included data merged in.
+    #
+    # @param data [Hash] data structure from NginxConfig.parse
+    # @param rel_path [String] the relative path from which this config is read
+    # @return [Hash] data structure with references included
+    def resolve_references(data, rel_path)
+      # Walk through all array entries to find more references
+      return data.map { |x| resolve_references(x, rel_path) } if data.is_a?(Array)
+
+      # Return any data that we cannot step into to find more `include` calls
+      return data unless data.is_a?(Hash)
+
+      # Any call to `include` gets its data read, parsed, and merged back
+      # into the current data structure
+      if data.key?('include')
+        data.delete('include').flatten
+            .map { |x| File.expand_path(x, rel_path) }
+            .map { |x| find_files(x) }.flatten
+            .map { |path| parse_nginx(path) }
+            .each { |conf| merge_config!(data, conf) }
+      end
+
+      # Walk through the remaining hash fields to find more references
+      Hash[data.map { |k, v| [k, resolve_references(v, rel_path)] }]
+    end
+
+    # Deep merge fields from NginxConfig.parse.
+    # A regular merge would overwrite values so a deep merge is needed.
+    # @param data [Hash] data structure from NginxConfig.parse
+    # @param conf [Hash] data structure to be deep merged into data
+    # @return [Hash] data structure with conf and data deep merged
+    def merge_config!(data, conf)
+      # Catch edge-cases
+      return if data.nil? || conf.nil?
+      # Step through all conf items and create combined return value
+      data.merge!(conf) do |_, v1, v2|
+        if v1.is_a?(Array) && v2.is_a?(Array)
+          # If both the data field and the conf field are arrays, then combine them
+          v1 + v2
+        elsif v1.is_a?(Hash) && v2.is_a?(Hash)
+          # If both the data field and the conf field are maps, then deep merge them
+          merge_config!(v1, v2)
+        else
+          # All other cases, just use the new value (regular merge behavior)
+          v2
+        end
+      end
+    end
+  end
+
+  class NginxConfHttp
+    attr_reader :entries
+    def initialize(params, parent)
+      @parent = parent
+      @entries = (params || []).map { |x| NginxConfHttpEntry.new(x, parent) }
+    end
+
+    def servers
+      @entries.map(&:servers).flatten
+    end
+
+    def locations
+      servers.map(&:locations).flatten
+    end
+
+    def to_s
+      @parent.to_s + ', http entries'
+    end
+    alias inspect to_s
+  end
+
+  class NginxConfHttpEntry
+    attr_reader :params, :parent
+    def initialize(params, parent)
+      @params = params || {}
+      @parent = parent
+    end
+
+    filter = FilterTable.create
+    filter.add_accessor(:where)
+          .add(:servers, field: 'server')
+          .connect(self, :server_table)
+
+    def locations
+      servers.map(&:locations).flatten
+    end
+
+    def to_s
+      @parent.to_s + ', http entry'
+    end
+    alias inspect to_s
+
+    private
+
+    def server_table
+      @server_table ||= (params['server'] || []).map { |x| { 'server' => NginxConfServer.new(x, self) } }
+    end
+  end
+
+  class NginxConfServer
+    attr_reader :params, :parent
+    def initialize(params, parent)
+      @parent = parent
+      @params = params || {}
+    end
+
+    filter = FilterTable.create
+    filter.add_accessor(:where)
+          .add(:locations, field: 'location')
+          .connect(self, :location_table)
+
+    def to_s
+      server = ''
+      name = Array(params['server_name']).flatten.first
+      unless name.nil?
+        server += name
+        listen = Array(params['listen']).flatten.first
+        server += ":#{listen}" unless listen.nil?
+      end
+
+      # go two levels up: 1. to the http entry and 2. to the root nginx conf
+      @parent.parent.to_s + ", server #{server}"
+    end
+    alias inspect to_s
+
+    private
+
+    def location_table
+      @location_table ||= (params['location'] || []).map { |x| { 'location' => NginxConfLocation.new(x, self) } }
+    end
+  end
+
+  class NginxConfLocation
+    attr_reader :params, :parent
+    def initialize(params, parent)
+      @parent = parent
+      @params = params || {}
+    end
+
+    def to_s
+      location = Array(params['_']).join(' ')
+      # go three levels up: 1. to the server entry, 2. http entry and 3. to the root nginx conf
+      @parent.parent.parent.to_s + ", location #{location.inspect}"
+    end
+    alias inspect to_s
+  end
+end