inspec 2.2.34 → 2.2.35
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +22 -17
- data/docs/resources/oracledb_session.md.erb +41 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/resources/oracledb_session.rb +19 -7
- data/lib/utils/database_helpers.rb +12 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7b68a3dbcdc7b0027e8ea20219c6a9c79ce05a74fbe97a99c05e3c1850d5f440
|
|
4
|
+
data.tar.gz: dbfe2c8d73e50157beed8645da83e1e0b97f94367e6b2da81473b5484299a1cc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b770c51a3b4fd4c5252d197866b6daded7168a1c1bc14532de5edd9ef1b5e22bbec92200b4d8a16f46cbd42b38ab063baed53bba2c550b112575edccf45b695a
|
|
7
|
+
data.tar.gz: b8e6fbdcdf4debfdc57ce0a16ccedc67450cfaf4d7d4da11578e111df18f4ecad88e1250ebec04b3153680db7f9e00267247179b8adc0f6e898e27792dbbec05
|
data/CHANGELOG.md
CHANGED
|
@@ -1,32 +1,38 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
|
|
3
|
-
<!-- latest_release 2.2.
|
|
4
|
-
## [v2.2.
|
|
3
|
+
<!-- latest_release 2.2.35 -->
|
|
4
|
+
## [v2.2.35](https://github.com/inspec/inspec/tree/v2.2.35) (2018-07-09)
|
|
5
5
|
|
|
6
|
-
####
|
|
7
|
-
-
|
|
6
|
+
#### New Features
|
|
7
|
+
- A number of bug fixes and new features for oracledb_session resource [#3170](https://github.com/inspec/inspec/pull/3170) ([voroniys](https://github.com/voroniys))
|
|
8
8
|
<!-- latest_release -->
|
|
9
9
|
|
|
10
|
-
<!-- release_rollup since=2.2.
|
|
11
|
-
### Changes since 2.2.
|
|
10
|
+
<!-- release_rollup since=2.2.34 -->
|
|
11
|
+
### Changes since 2.2.34 release
|
|
12
12
|
|
|
13
13
|
#### New Features
|
|
14
|
-
-
|
|
14
|
+
- A number of bug fixes and new features for oracledb_session resource [#3170](https://github.com/inspec/inspec/pull/3170) ([voroniys](https://github.com/voroniys)) <!-- 2.2.35 -->
|
|
15
|
+
<!-- release_rollup -->
|
|
15
16
|
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
- Fix some issues with the vendor functional tests [#3196](https://github.com/inspec/inspec/pull/3196) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.2.30 -->
|
|
17
|
+
<!-- latest_stable_release -->
|
|
18
|
+
## [v2.2.34](https://github.com/inspec/inspec/tree/v2.2.34) (2018-07-05)
|
|
19
19
|
|
|
20
|
-
####
|
|
21
|
-
-
|
|
22
|
-
- Fix vendor functional test to not validate a repo hash that can change. [#3198](https://github.com/inspec/inspec/pull/3198) ([miah](https://github.com/miah)) <!-- 2.2.29 -->
|
|
20
|
+
#### New Features
|
|
21
|
+
- cli: Add `--insecure` option for `exec` and `shell` [#3195](https://github.com/inspec/inspec/pull/3195) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
23
22
|
|
|
24
23
|
#### Enhancements
|
|
25
|
-
-
|
|
26
|
-
-
|
|
27
|
-
|
|
24
|
+
- Update the node platform issues to warn severity [#3186](https://github.com/inspec/inspec/pull/3186) ([jquick](https://github.com/jquick))
|
|
25
|
+
- Accept regexes for --controls option to inspec exec [#3179](https://github.com/inspec/inspec/pull/3179) ([clintoncwolfe](https://github.com/clintoncwolfe))
|
|
26
|
+
|
|
27
|
+
#### Bug Fixes
|
|
28
|
+
- Fix some issues with the vendor functional tests [#3196](https://github.com/inspec/inspec/pull/3196) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
29
|
+
- fix for apache_conf to handle quoted Includes [#3193](https://github.com/inspec/inspec/pull/3193) ([voroniys](https://github.com/voroniys))
|
|
28
30
|
|
|
31
|
+
#### Merged Pull Requests
|
|
32
|
+
- Fix vendor functional test to not validate a repo hash that can change. [#3198](https://github.com/inspec/inspec/pull/3198) ([miah](https://github.com/miah))
|
|
33
|
+
- Prevent Slashes in profile names [#3175](https://github.com/inspec/inspec/pull/3175) ([miah](https://github.com/miah))
|
|
29
34
|
<!-- latest_stable_release -->
|
|
35
|
+
|
|
30
36
|
## [v2.2.27](https://github.com/inspec/inspec/tree/v2.2.27) (2018-06-29)
|
|
31
37
|
|
|
32
38
|
#### New Features
|
|
@@ -43,7 +49,6 @@
|
|
|
43
49
|
|
|
44
50
|
#### Merged Pull Requests
|
|
45
51
|
- Add functional tests for nested attributes [#3157](https://github.com/inspec/inspec/pull/3157) ([clintoncwolfe](https://github.com/clintoncwolfe))
|
|
46
|
-
<!-- latest_stable_release -->
|
|
47
52
|
|
|
48
53
|
## [v2.2.20](https://github.com/inspec/inspec/tree/v2.2.20) (2018-06-21)
|
|
49
54
|
|
|
@@ -20,11 +20,17 @@ A `oracledb_session` resource block declares the username and password to use fo
|
|
|
20
20
|
where
|
|
21
21
|
|
|
22
22
|
* `oracledb_session` declares a username and password with permission to run the query (required), and an optional parameters for host (default: `localhost`), SID (default: `nil`, which uses the default SID, and path to the sqlplus binary (default: `sqlplus`).
|
|
23
|
+
* it is possible to run queries as sysdba/sysoper by using `as_db_role option`, see examples
|
|
23
24
|
* `query('QUERY')` contains the query to be run
|
|
24
25
|
* `its('value') { should eq('') }` compares the results of the query against the expected result in the test
|
|
25
26
|
|
|
26
27
|
<br>
|
|
27
28
|
|
|
29
|
+
## oracledb_session(...).query method Properties
|
|
30
|
+
* rows the query result as array of hashes
|
|
31
|
+
* row(number) selected row from query result, where number is just a row number in the query result
|
|
32
|
+
* column(name) array with values from selected column
|
|
33
|
+
|
|
28
34
|
## Examples
|
|
29
35
|
|
|
30
36
|
The following examples show how to use this InSpec audit resource.
|
|
@@ -45,6 +51,41 @@ The following examples show how to use this InSpec audit resource.
|
|
|
45
51
|
its('value') { should cmp 'ORCL' }
|
|
46
52
|
end
|
|
47
53
|
|
|
54
|
+
### Test for table contains a specified value in any row for the given column name
|
|
55
|
+
|
|
56
|
+
sql = oracledb_session(user: 'my_user', pass: 'password', service: 'MYSID')
|
|
57
|
+
|
|
58
|
+
describe sql.query('SELECT * FROM my_table;').column('my_column') do
|
|
59
|
+
it { should include 'my_value' }
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
### Test tablespace exists as sysdba
|
|
63
|
+
The check will change user (with su) to specified user and run 'sqlplus / as sysdba' (sysoper, sysasm)
|
|
64
|
+
|
|
65
|
+
sql = oracledb_session(as_os_user: 'oracle', as_db_role: 'sysdba', service: 'MYSID')
|
|
66
|
+
|
|
67
|
+
describe sql.query('SELECT tablespace_name AS name FROM dba_tablespaces;').column('name') do
|
|
68
|
+
it { should include 'MYTABLESPACE' }
|
|
69
|
+
end
|
|
70
|
+
NOTE: option `as_os_user` available only on unix-like systems and not supported on Windows. Also this option requires that you are running inspec as `root` or with `--sudo`
|
|
71
|
+
|
|
72
|
+
### Test number of rows in the query result
|
|
73
|
+
|
|
74
|
+
sql = oracledb_session(user: 'my_user', pass: 'password')
|
|
75
|
+
|
|
76
|
+
describe sql.query('SELECT * FROM my_table;').rows do
|
|
77
|
+
its('count') { should eq 20 }
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
### Use data out of (remote) DB query to build other tests
|
|
81
|
+
|
|
82
|
+
sql = oracledb_session(user: 'my_user', pass: 'password', host: 'my.remote.db', service: 'MYSID')
|
|
83
|
+
|
|
84
|
+
sql.query('SELECT * FROM files;').rows.each do |file_row|
|
|
85
|
+
describe file(file_row['path']) do
|
|
86
|
+
its('owner') { should eq file_row['owner']}
|
|
87
|
+
end
|
|
88
|
+
end
|
|
48
89
|
<br>
|
|
49
90
|
|
|
50
91
|
## Matchers
|
data/lib/inspec/version.rb
CHANGED
|
@@ -22,7 +22,8 @@ module Inspec::Resources
|
|
|
22
22
|
end
|
|
23
23
|
"
|
|
24
24
|
|
|
25
|
-
attr_reader :user, :password, :host, :service
|
|
25
|
+
attr_reader :user, :password, :host, :service, :as_os_user, :as_db_role
|
|
26
|
+
# rubocop:disable Metrics/PerceivedComplexity,Metrics/CyclomaticComplexity
|
|
26
27
|
def initialize(opts = {})
|
|
27
28
|
@user = opts[:user]
|
|
28
29
|
@password = opts[:password] || opts[:pass]
|
|
@@ -34,12 +35,17 @@ module Inspec::Resources
|
|
|
34
35
|
@port = opts[:port] || '1521'
|
|
35
36
|
@service = opts[:service]
|
|
36
37
|
|
|
38
|
+
# connection as sysdba stuff
|
|
39
|
+
return skip_resource "Option 'as_os_user' not available in Windows" if inspec.os.windows? && opts[:as_os_user]
|
|
40
|
+
@su_user = opts[:as_os_user]
|
|
41
|
+
@db_role = opts[:as_db_role]
|
|
42
|
+
|
|
37
43
|
# we prefer sqlci although it is way slower than sqlplus, but it understands csv properly
|
|
38
|
-
@sqlcl_bin = 'sql'
|
|
44
|
+
@sqlcl_bin = 'sql' unless opts.key?(:sqlplus_bin) # don't use it if user specified sqlplus_bin option
|
|
39
45
|
@sqlplus_bin = opts[:sqlplus_bin] || 'sqlplus'
|
|
40
46
|
|
|
41
|
-
return
|
|
42
|
-
return
|
|
47
|
+
return fail_resource "Can't run Oracle checks without authentication" if @su_user.nil? && (@user.nil? || @password.nil?)
|
|
48
|
+
return fail_resource 'You must provide a service name for the session' if @service.nil?
|
|
43
49
|
end
|
|
44
50
|
|
|
45
51
|
def query(q)
|
|
@@ -49,19 +55,25 @@ module Inspec::Resources
|
|
|
49
55
|
|
|
50
56
|
p = nil
|
|
51
57
|
# use sqlplus if sqlcl is not available
|
|
52
|
-
if inspec.command(@sqlcl_bin).exist?
|
|
58
|
+
if @sqlcl_bin and inspec.command(@sqlcl_bin).exist?
|
|
53
59
|
bin = @sqlcl_bin
|
|
54
60
|
opts = "set sqlformat csv\nSET FEEDBACK OFF"
|
|
55
61
|
p = :parse_csv_result
|
|
56
62
|
else
|
|
57
63
|
bin = @sqlplus_bin
|
|
58
|
-
opts = "SET MARKUP HTML ON\nSET FEEDBACK OFF"
|
|
64
|
+
opts = "SET MARKUP HTML ON\nSET PAGESIZE 32000\nSET FEEDBACK OFF"
|
|
59
65
|
p = :parse_html_result
|
|
60
66
|
end
|
|
61
67
|
|
|
62
68
|
query = verify_query(escaped_query)
|
|
63
69
|
query += ';' unless query.end_with?(';')
|
|
64
|
-
|
|
70
|
+
if @db_role.nil?
|
|
71
|
+
command = %{#{bin} "#{@user}"/"#{@password}"@#{@host}:#{@port}/#{@service} <<EOC\n#{opts}\n#{query}\nEXIT\nEOC}
|
|
72
|
+
elsif @su_user.nil?
|
|
73
|
+
command = %{#{bin} "#{@user}"/"#{@password}"@#{@host}:#{@port}/#{@service} as #{@db_role} <<EOC\n#{opts}\n#{query}\nEXIT\nEOC}
|
|
74
|
+
else
|
|
75
|
+
command = %{su - #{@su_user} -c "env ORACLE_SID=#{@service} #{bin} / as #{@db_role} <<EOC\n#{opts}\n#{query}\nEXIT\nEOC"}
|
|
76
|
+
end
|
|
65
77
|
cmd = inspec.command(command)
|
|
66
78
|
|
|
67
79
|
out = cmd.stdout + "\n" + cmd.stderr
|
|
@@ -48,10 +48,22 @@ module DatabaseHelper
|
|
|
48
48
|
@cmd.exit_status == 0 && @error.nil?
|
|
49
49
|
end
|
|
50
50
|
|
|
51
|
+
def rows
|
|
52
|
+
@results
|
|
53
|
+
end
|
|
54
|
+
|
|
51
55
|
def row(id)
|
|
52
56
|
SQLRow.new(self, @results[id])
|
|
53
57
|
end
|
|
54
58
|
|
|
59
|
+
def column(column)
|
|
60
|
+
result = []
|
|
61
|
+
@results.each do |row|
|
|
62
|
+
result << row[column]
|
|
63
|
+
end
|
|
64
|
+
result
|
|
65
|
+
end
|
|
66
|
+
|
|
55
67
|
def size
|
|
56
68
|
@results.size
|
|
57
69
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.2.
|
|
4
|
+
version: 2.2.35
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dominik Richter
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-07-
|
|
11
|
+
date: 2018-07-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: train
|