inspec 2.2.20 → 2.2.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (50) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +29 -12
  3. data/docs/resources/file.md.erb +10 -3
  4. data/lib/inspec/base_cli.rb +2 -0
  5. data/lib/inspec/cli.rb +5 -0
  6. data/lib/inspec/dependencies/dependency_set.rb +3 -3
  7. data/lib/inspec/dependencies/requirement.rb +18 -11
  8. data/lib/inspec/profile.rb +9 -1
  9. data/lib/inspec/reporters/json.rb +1 -0
  10. data/lib/inspec/resource.rb +21 -9
  11. data/lib/inspec/runner_rspec.rb +2 -2
  12. data/lib/inspec/version.rb +1 -1
  13. data/lib/resources/aide_conf.rb +3 -5
  14. data/lib/resources/apache_conf.rb +8 -0
  15. data/lib/resources/auditd.rb +13 -15
  16. data/lib/resources/aws/aws_cloudtrail_trails.rb +4 -5
  17. data/lib/resources/aws/aws_ec2_instances.rb +3 -4
  18. data/lib/resources/aws/aws_iam_access_keys.rb +16 -18
  19. data/lib/resources/aws/aws_iam_groups.rb +2 -2
  20. data/lib/resources/aws/aws_iam_policies.rb +4 -5
  21. data/lib/resources/aws/aws_iam_users.rb +17 -22
  22. data/lib/resources/aws/aws_kms_keys.rb +4 -5
  23. data/lib/resources/aws/aws_route_tables.rb +4 -5
  24. data/lib/resources/aws/aws_s3_buckets.rb +3 -5
  25. data/lib/resources/aws/aws_security_groups.rb +3 -5
  26. data/lib/resources/aws/aws_sns_topics.rb +3 -5
  27. data/lib/resources/aws/aws_subnets.rb +6 -8
  28. data/lib/resources/aws/aws_vpcs.rb +6 -8
  29. data/lib/resources/azure/azure_generic_resource.rb +7 -11
  30. data/lib/resources/azure/azure_virtual_machine_data_disk.rb +15 -17
  31. data/lib/resources/crontab.rb +9 -11
  32. data/lib/resources/docker.rb +32 -38
  33. data/lib/resources/elasticsearch.rb +24 -26
  34. data/lib/resources/etc_fstab.rb +8 -10
  35. data/lib/resources/etc_hosts.rb +4 -6
  36. data/lib/resources/etc_hosts_allow_deny.rb +4 -6
  37. data/lib/resources/file.rb +1 -1
  38. data/lib/resources/firewalld.rb +6 -8
  39. data/lib/resources/groups.rb +6 -8
  40. data/lib/resources/nginx_conf.rb +4 -6
  41. data/lib/resources/packages.rb +5 -7
  42. data/lib/resources/passwd.rb +9 -11
  43. data/lib/resources/port.rb +7 -9
  44. data/lib/resources/postgres_hba_conf.rb +7 -9
  45. data/lib/resources/postgres_ident_conf.rb +4 -6
  46. data/lib/resources/processes.rb +13 -15
  47. data/lib/resources/ssl.rb +5 -7
  48. data/lib/resources/users.rb +15 -17
  49. data/lib/resources/xinetd.rb +9 -11
  50. metadata +2 -2
@@ -38,17 +38,15 @@ module Inspec::Resources
38
38
  end
39
39
 
40
40
  filter = FilterTable.create
41
- filter.add_accessor(:where)
42
- .add_accessor(:entries)
43
- .add(:device_name, field: 'device_name')
44
- .add(:mount_point, field: 'mount_point')
45
- .add(:file_system_type, field: 'file_system_type')
46
- .add(:mount_options, field: 'mount_options')
47
- .add(:dump_options, field: 'dump_options')
48
- .add(:file_system_options, field: 'file_system_options')
49
- .add(:configured?) { |x| x.entries.any? }
41
+ filter.register_column(:device_name, field: 'device_name')
42
+ .register_column(:mount_point, field: 'mount_point')
43
+ .register_column(:file_system_type, field: 'file_system_type')
44
+ .register_column(:mount_options, field: 'mount_options')
45
+ .register_column(:dump_options, field: 'dump_options')
46
+ .register_column(:file_system_options, field: 'file_system_options')
47
+ .register_custom_matcher(:configured?) { |x| x.entries.any? }
50
48
 
51
- filter.connect(self, :params)
49
+ filter.install_filter_methods_on_resource(self, :params)
52
50
 
53
51
  def nfs_file_systems
54
52
  where { file_system_type.match(/nfs/) }
@@ -33,12 +33,10 @@ class EtcHosts < Inspec.resource(1)
33
33
  end
34
34
 
35
35
  FilterTable.create
36
- .add_accessor(:where)
37
- .add_accessor(:entries)
38
- .add(:ip_address, field: 'ip_address')
39
- .add(:primary_name, field: 'primary_name')
40
- .add(:all_host_names, field: 'all_host_names')
41
- .connect(self, :params)
36
+ .register_column(:ip_address, field: 'ip_address')
37
+ .register_column(:primary_name, field: 'primary_name')
38
+ .register_column(:all_host_names, field: 'all_host_names')
39
+ .install_filter_methods_on_resource(self, :params)
42
40
 
43
41
  private
44
42
 
@@ -29,13 +29,11 @@ module Inspec::Resources
29
29
  end
30
30
 
31
31
  filter = FilterTable.create
32
- filter.add_accessor(:where)
33
- .add_accessor(:entries)
34
- .add(:daemon, field: 'daemon')
35
- .add(:client_list, field: 'client_list')
36
- .add(:options, field: 'options')
32
+ filter.register_column(:daemon, field: 'daemon')
33
+ .register_column(:client_list, field: 'client_list')
34
+ .register_column(:options, field: 'options')
37
35
 
38
- filter.connect(self, :params)
36
+ filter.install_filter_methods_on_resource(self, :params)
39
37
 
40
38
  private
41
39
 
@@ -44,7 +44,7 @@ module Inspec::Resources
44
44
  %w{
45
45
  type exist? file? block_device? character_device? socket? directory?
46
46
  symlink? pipe? mode mode? owner owned_by? group grouped_into?
47
- link_path linked_to? mtime size selinux_label immutable?
47
+ link_path shallow_link_path linked_to? mtime size selinux_label immutable?
48
48
  product_version file_version version? md5sum sha256sum
49
49
  path basename source source_path uid gid
50
50
  }.each do |m|
@@ -28,14 +28,12 @@ module Inspec::Resources
28
28
  attr_reader :params
29
29
 
30
30
  filter = FilterTable.create
31
- filter.add_accessor(:where)
32
- .add_accessor(:entries)
33
- .add(:zone, field: 'zone')
34
- .add(:interfaces, field: 'interfaces')
35
- .add(:sources, field: 'sources')
36
- .add(:services, field: 'services')
37
-
38
- filter.connect(self, :params)
31
+ filter.register_column(:zone, field: 'zone')
32
+ .register_column(:interfaces, field: 'interfaces')
33
+ .register_column(:sources, field: 'sources')
34
+ .register_column(:services, field: 'services')
35
+
36
+ filter.install_filter_methods_on_resource(self, :params)
39
37
 
40
38
  def initialize
41
39
  @params = parse_active_zones(active_zones)
@@ -47,14 +47,12 @@ module Inspec::Resources
47
47
  end
48
48
 
49
49
  filter = FilterTable.create
50
- filter.add_accessor(:where)
51
- .add_accessor(:entries)
52
- .add(:names, field: 'name')
53
- .add(:gids, field: 'gid')
54
- .add(:domains, field: 'domain')
55
- .add(:members, field: 'members')
56
- .add(:exists?) { |x| !x.entries.empty? }
57
- filter.connect(self, :collect_group_details)
50
+ filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
51
+ filter.register_column(:names, field: 'name')
52
+ .register_column(:gids, field: 'gid')
53
+ .register_column(:domains, field: 'domain')
54
+ .register_column(:members, field: 'members')
55
+ filter.install_filter_methods_on_resource(self, :collect_group_details)
58
56
 
59
57
  def to_s
60
58
  'Groups'
@@ -156,9 +156,8 @@ module Inspec::Resources
156
156
  end
157
157
 
158
158
  filter = FilterTable.create
159
- filter.add_accessor(:where)
160
- .add(:servers, field: 'server')
161
- .connect(self, :server_table)
159
+ filter.register_column(:servers, field: 'server')
160
+ .install_filter_methods_on_resource(self, :server_table)
162
161
 
163
162
  def locations
164
163
  servers.map(&:locations).flatten
@@ -184,9 +183,8 @@ module Inspec::Resources
184
183
  end
185
184
 
186
185
  filter = FilterTable.create
187
- filter.add_accessor(:where)
188
- .add(:locations, field: 'location')
189
- .connect(self, :location_table)
186
+ filter.register_column(:locations, field: 'location')
187
+ .install_filter_methods_on_resource(self, :location_table)
190
188
 
191
189
  def to_s
192
190
  server = ''
@@ -42,13 +42,11 @@ module Inspec::Resources
42
42
  end
43
43
 
44
44
  filter = FilterTable.create
45
- filter.add_accessor(:where)
46
- .add_accessor(:entries)
47
- .add(:statuses, field: 'status', style: :simple)
48
- .add(:names, field: 'name')
49
- .add(:versions, field: 'version')
50
- .add(:architectures, field: 'architecture')
51
- .connect(self, :filtered_packages)
45
+ filter.register_column(:statuses, field: 'status', style: :simple)
46
+ .register_column(:names, field: 'name')
47
+ .register_column(:versions, field: 'version')
48
+ .register_column(:architectures, field: 'architecture')
49
+ .install_filter_methods_on_resource(self, :filtered_packages)
52
50
 
53
51
  private
54
52
 
@@ -50,24 +50,22 @@ module Inspec::Resources
50
50
  end
51
51
 
52
52
  filter = FilterTable.create
53
- filter.add_accessor(:where)
54
- .add_accessor(:entries)
55
- .add(:users, field: 'user')
56
- .add(:passwords, field: 'password')
57
- .add(:uids, field: 'uid')
58
- .add(:gids, field: 'gid')
59
- .add(:descs, field: 'desc')
60
- .add(:homes, field: 'home')
61
- .add(:shells, field: 'shell')
53
+ filter.register_column(:users, field: 'user')
54
+ .register_column(:passwords, field: 'password')
55
+ .register_column(:uids, field: 'uid')
56
+ .register_column(:gids, field: 'gid')
57
+ .register_column(:descs, field: 'desc')
58
+ .register_column(:homes, field: 'home')
59
+ .register_column(:shells, field: 'shell')
62
60
 
63
61
  # rebuild the passwd line from raw content
64
- filter.add(:content) { |t, _|
62
+ filter.register_custom_property(:content) { |t, _|
65
63
  t.entries.map do |e|
66
64
  [e.user, e.password, e.uid, e.gid, e.desc, e.home, e.shell].join(':')
67
65
  end.join("\n")
68
66
  }
69
67
 
70
- filter.connect(self, :params)
68
+ filter.install_filter_methods_on_resource(self, :params)
71
69
 
72
70
  def to_s
73
71
  '/etc/passwd'
@@ -39,15 +39,13 @@ module Inspec::Resources
39
39
  end
40
40
 
41
41
  filter = FilterTable.create
42
- filter.add_accessor(:where)
43
- .add_accessor(:entries)
44
- .add(:ports, field: 'port', style: :simple)
45
- .add(:addresses, field: 'address', style: :simple)
46
- .add(:protocols, field: 'protocol', style: :simple)
47
- .add(:processes, field: 'process', style: :simple)
48
- .add(:pids, field: 'pid', style: :simple)
49
- .add(:listening?) { |x| !x.entries.empty? }
50
- filter.connect(self, :info)
42
+ filter.register_column(:ports, field: 'port', style: :simple)
43
+ .register_column(:addresses, field: 'address', style: :simple)
44
+ .register_column(:protocols, field: 'protocol', style: :simple)
45
+ .register_column(:processes, field: 'process', style: :simple)
46
+ .register_column(:pids, field: 'pid', style: :simple)
47
+ .register_custom_matcher(:listening?) { |x| !x.entries.empty? }
48
+ filter.install_filter_methods_on_resource(self, :info)
51
49
 
52
50
  def to_s
53
51
  "Port #{@port}"
@@ -28,16 +28,14 @@ module Inspec::Resources
28
28
  end
29
29
 
30
30
  filter = FilterTable.create
31
- filter.add_accessor(:where)
32
- .add_accessor(:entries)
33
- .add(:type, field: 'type')
34
- .add(:database, field: 'database')
35
- .add(:user, field: 'user')
36
- .add(:address, field: 'address')
37
- .add(:auth_method, field: 'auth_method')
38
- .add(:auth_params, field: 'auth_params')
31
+ filter.register_column(:type, field: 'type')
32
+ .register_column(:database, field: 'database')
33
+ .register_column(:user, field: 'user')
34
+ .register_column(:address, field: 'address')
35
+ .register_column(:auth_method, field: 'auth_method')
36
+ .register_column(:auth_params, field: 'auth_params')
39
37
 
40
- filter.connect(self, :params)
38
+ filter.install_filter_methods_on_resource(self, :params)
41
39
 
42
40
  def to_s
43
41
  "Postgres Hba Config #{@conf_file}"
@@ -27,13 +27,11 @@ module Inspec::Resources
27
27
  end
28
28
 
29
29
  filter = FilterTable.create
30
- filter.add_accessor(:where)
31
- .add_accessor(:entries)
32
- .add(:map_name, field: 'map_name')
33
- .add(:system_username, field: 'system_username')
34
- .add(:pg_username, field: 'pg_username')
30
+ filter.register_column(:map_name, field: 'map_name')
31
+ .register_column(:system_username, field: 'system_username')
32
+ .register_column(:pg_username, field: 'pg_username')
35
33
 
36
- filter.connect(self, :params)
34
+ filter.install_filter_methods_on_resource(self, :params)
37
35
 
38
36
  def to_s
39
37
  "PostgreSQL Ident Config #{@conf_file}"
@@ -61,21 +61,19 @@ module Inspec::Resources
61
61
  end
62
62
 
63
63
  filter = FilterTable.create
64
- filter.add_accessor(:where)
65
- .add_accessor(:entries)
66
- .add(:labels, field: 'label')
67
- .add(:pids, field: 'pid')
68
- .add(:cpus, field: 'cpu')
69
- .add(:mem, field: 'mem')
70
- .add(:vsz, field: 'vsz')
71
- .add(:rss, field: 'rss')
72
- .add(:tty, field: 'tty')
73
- .add(:states, field: 'stat')
74
- .add(:start, field: 'start')
75
- .add(:time, field: 'time')
76
- .add(:users, field: 'user')
77
- .add(:commands, field: 'command')
78
- .connect(self, :filtered_processes)
64
+ filter.register_column(:labels, field: 'label')
65
+ .register_column(:pids, field: 'pid')
66
+ .register_column(:cpus, field: 'cpu')
67
+ .register_column(:mem, field: 'mem')
68
+ .register_column(:vsz, field: 'vsz')
69
+ .register_column(:rss, field: 'rss')
70
+ .register_column(:tty, field: 'tty')
71
+ .register_column(:states, field: 'stat')
72
+ .register_column(:start, field: 'start')
73
+ .register_column(:time, field: 'time')
74
+ .register_column(:users, field: 'user')
75
+ .register_column(:commands, field: 'command')
76
+ .install_filter_methods_on_resource(self, :filtered_processes)
79
77
 
80
78
  private
81
79
 
@@ -58,15 +58,13 @@ class SSL < Inspec.resource(1)
58
58
  end
59
59
 
60
60
  filter = FilterTable.create
61
- filter.add(:enabled?) do |x|
61
+ filter.register_custom_matcher(:enabled?) do |x|
62
62
  raise 'Cannot determine host for SSL test. Please specify it or use a different target.' if x.resource.host.nil?
63
63
  x.handshake.values.any? { |i| i['success'] }
64
64
  end
65
- filter.add_accessor(:where)
66
- .add_accessor(:entries)
67
- .add(:ciphers, field: 'cipher')
68
- .add(:protocols, field: 'protocol')
69
- .add(:handshake) { |x|
65
+ filter.register_column(:ciphers, field: 'cipher')
66
+ .register_column(:protocols, field: 'protocol')
67
+ .register_custom_property(:handshake) { |x|
70
68
  groups = x.entries.group_by(&:protocol)
71
69
  res = Parallel.map(groups, in_threads: 8) do |proto, e|
72
70
  [proto, SSLShake.hello(x.resource.host, port: x.resource.port,
@@ -75,7 +73,7 @@ class SSL < Inspec.resource(1)
75
73
  end
76
74
  Hash[res]
77
75
  }
78
- .connect(self, :scan_config)
76
+ .install_filter_methods_on_resource(self, :scan_config)
79
77
 
80
78
  def to_s
81
79
  "SSL/TLS on #{@host}:#{@port}"
@@ -70,23 +70,21 @@ module Inspec::Resources
70
70
  end
71
71
 
72
72
  filter = FilterTable.create
73
- filter.add_accessor(:where)
74
- .add_accessor(:entries)
75
- .add(:usernames, field: :username)
76
- .add(:uids, field: :uid)
77
- .add(:gids, field: :gid)
78
- .add(:groupnames, field: :groupname)
79
- .add(:groups, field: :groups)
80
- .add(:homes, field: :home)
81
- .add(:shells, field: :shell)
82
- .add(:mindays, field: :mindays)
83
- .add(:maxdays, field: :maxdays)
84
- .add(:warndays, field: :warndays)
85
- .add(:disabled, field: :disabled)
86
- .add(:exists?) { |x| !x.entries.empty? }
87
- .add(:disabled?) { |x| x.where { disabled == false }.entries.empty? }
88
- .add(:enabled?) { |x| x.where { disabled == true }.entries.empty? }
89
- filter.connect(self, :collect_user_details)
73
+ filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
74
+ filter.register_column(:usernames, field: :username)
75
+ .register_column(:uids, field: :uid)
76
+ .register_column(:gids, field: :gid)
77
+ .register_column(:groupnames, field: :groupname)
78
+ .register_column(:groups, field: :groups)
79
+ .register_column(:homes, field: :home)
80
+ .register_column(:shells, field: :shell)
81
+ .register_column(:mindays, field: :mindays)
82
+ .register_column(:maxdays, field: :maxdays)
83
+ .register_column(:warndays, field: :warndays)
84
+ .register_column(:disabled, field: :disabled)
85
+ .register_custom_matcher(:disabled?) { |x| x.where { disabled == false }.entries.empty? }
86
+ .register_custom_matcher(:enabled?) { |x| x.where { disabled == true }.entries.empty? }
87
+ filter.install_filter_methods_on_resource(self, :collect_user_details)
90
88
 
91
89
  def to_s
92
90
  'Users'
@@ -37,17 +37,15 @@ module Inspec::Resources
37
37
  end
38
38
 
39
39
  filter = FilterTable.create
40
- filter.add_accessor(:where)
41
- .add_accessor(:entries)
42
- .add(:services, field: 'service')
43
- .add(:ids, field: 'id')
44
- .add(:socket_types, field: 'socket_type')
45
- .add(:types, field: 'type')
46
- .add(:protocols, field: 'protocol')
47
- .add(:wait, field: 'wait')
48
- .add(:disabled?) { |x| x.where('disable' => 'no').services.empty? }
49
- .add(:enabled?) { |x| x.where('disable' => 'yes').services.empty? }
50
- .connect(self, :service_lines)
40
+ filter.register_column(:services, field: 'service')
41
+ .register_column(:ids, field: 'id')
42
+ .register_column(:socket_types, field: 'socket_type')
43
+ .register_column(:types, field: 'type')
44
+ .register_column(:protocols, field: 'protocol')
45
+ .register_column(:wait, field: 'wait')
46
+ .register_custom_matcher(:disabled?) { |x| x.where('disable' => 'no').services.empty? }
47
+ .register_custom_matcher(:enabled?) { |x| x.where('disable' => 'yes').services.empty? }
48
+ .install_filter_methods_on_resource(self, :service_lines)
51
49
 
52
50
  private
53
51
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.20
4
+ version: 2.2.27
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dominik Richter
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-06-21 00:00:00.000000000 Z
11
+ date: 2018-06-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: train