inspec 2.2.41 → 2.2.50

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3d55e24934410cb4a4eca689c5125ba03a5dbe18711856fdeb8e6aaafbcaf7b3
-  data.tar.gz: 6571c1a3d486c2b20e6a1ba706ccca8f143872ba504e408e3c311cc4a36f3fcb
+  metadata.gz: 18a37b35268f58619b53379d49c9abecf4cd2173ed4f8d007718d98f7438da7d
+  data.tar.gz: 176561770b98d46ffc5f69ec38ebd0eef169ef9ad770ec921fa1ad16a45d6a92
 SHA512:
-  metadata.gz: 540657cfc1af9cbcf611b5c7346a2b14a138b033bb94ba7272042f772cc4fa7ec6691b91d14b2f50b1618488699f2658d72198bfe5a187adef68622977dc8515
-  data.tar.gz: 33faa8dd7576c7914e4419956440e7e74faa4bb476d5a3607952767244a1d73ca27ba1d7e655065f6438f51075ccdc9776c5edc67c8e3dda3110aa83ed0b4240
+  metadata.gz: 61c08ae2ca27909e61c788616caf71f9c079d12f10fdd773cdef79cabd5d70b73b569519bac3981e1b68cf478b9cf7215fe773cd15d98063210c53b323e36ae2
+  data.tar.gz: 6b54b6a415680bec602497fecc81905bdf0a5ad8b31831014d03a8433b1b48c359f56b3e38c0bac9eaf3c71f5e9a9695f88bd545c6f1390ade4c7157d3f97e91

data/CHANGELOG.md

@@ -1,9 +1,29 @@
 # Change Log
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
-<!-- latest_release -->
+<!-- latest_release 2.2.50 -->
+## [v2.2.50](https://github.com/inspec/inspec/tree/v2.2.50) (2018-07-26)
+
+#### Enhancements
+- Since /proc/xen is an empty dir in Amazon Linux, inspec falsely detects docker instances as platform=&#39;xen&#39; [#3243](https://github.com/inspec/inspec/pull/3243) ([woneill](https://github.com/woneill))
 <!-- latest_release -->
 
-<!-- release_rollup -->
+<!-- release_rollup since=2.2.41 -->
+### Changes since 2.2.41 release
+
+#### New Features
+- windows_feature resource: Add DISM support [#3224](https://github.com/inspec/inspec/pull/3224) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.2.47 -->
+
+#### Enhancements
+- Since /proc/xen is an empty dir in Amazon Linux, inspec falsely detects docker instances as platform=&#39;xen&#39; [#3243](https://github.com/inspec/inspec/pull/3243) ([woneill](https://github.com/woneill)) <!-- 2.2.50 -->
+- alpine resource: Fix small style issues [#3238](https://github.com/inspec/inspec/pull/3238) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.2.45 -->
+- Add extra fault checking to git fetcher [#3239](https://github.com/inspec/inspec/pull/3239) ([james-stocks](https://github.com/james-stocks)) <!-- 2.2.44 -->
+
+#### Merged Pull Requests
+- Fix for profile version not being included in the compliance upload c… [#3252](https://github.com/inspec/inspec/pull/3252) ([devoptimist](https://github.com/devoptimist)) <!-- 2.2.49 -->
+- Satisfy RuboCop by adding `x` bit to `bin/inspec` [#3249](https://github.com/inspec/inspec/pull/3249) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.2.48 -->
+- cli: Downcase supermarket tool name to match URL [#3242](https://github.com/inspec/inspec/pull/3242) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.2.46 -->
+- Fix the unit tests ssl issue [#3251](https://github.com/inspec/inspec/pull/3251) ([jquick](https://github.com/jquick)) <!-- 2.2.43 -->
+- update README.md to fix travis and appveyor&#39;s badges. [#3244](https://github.com/inspec/inspec/pull/3244) ([takahashim](https://github.com/takahashim)) <!-- 2.2.42 -->
 <!-- release_rollup -->
 
 <!-- latest_stable_release -->

data/README.md

@@ -1,8 +1,8 @@
 # InSpec: Inspect Your Infrastructure
 
 [![Slack](https://community-slack.chef.io/badge.svg)](https://community-slack.chef.io/)
-[![Build Status Master](https://travis-ci.org/chef/inspec.svg?branch=master)](https://travis-ci.org/chef/inspec)
-[![Build Status Master](https://ci.appveyor.com/api/projects/status/github/chef/inspec?branch=master&svg=true&passingText=master%20-%20Ok&pendingText=master%20-%20Pending&failingText=master%20-%20Failing)](https://ci.appveyor.com/project/Chef/inspec/branch/master)
+[![Build Status Master](https://travis-ci.org/inspec/inspec.svg?branch=master)](https://travis-ci.org/inspec/inspec)
+[![Build Status Master](https://ci.appveyor.com/api/projects/status/github/inspec/inspec?branch=master&svg=true&passingText=master%20-%20Ok&pendingText=master%20-%20Pending&failingText=master%20-%20Failing)](https://ci.appveyor.com/project/Chef/inspec/branch/master)
 
 InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.
 

data/docs/resources/windows_feature.md.erb

@@ -28,9 +28,21 @@ where
 
 The following examples show how to use this InSpec audit resource.
 
-### Test the DHCP Server feature
+### Test the DHCP feature (Attempts PowerShell then DISM)
 
-    describe windows_feature('DHCP Server') do
+    describe windows_feature('DHCP') do
+      it{ should be_installed }
+    end
+
+### Test the IIS-WebServer feature using DISM
+
+    describe windows_feature('IIS-WebServer', DISM) do
+      it{ should be_installed }
+    end
+
+### Test the NetFx3 feature using DISM
+
+    describe windows_feature('NetFx3', :dism) do
       it{ should be_installed }
     end
 

data/lib/bundles/inspec-compliance/cli.rb

@@ -173,9 +173,12 @@ module Compliance
       # read profile name from inspec.yml
       profile_name = profile.params[:name]
 
+      # read profile version from inspec.yml
+      profile_version = profile.params[:version]
+
       # check that the profile is not uploaded already,
       # confirm upload to the user (overwrite with --force)
-      if Compliance::API.exist?(config, "#{config['owner']}/#{profile_name}") && !options['overwrite']
+      if Compliance::API.exist?(config, "#{config['owner']}/#{profile_name}##{profile_version}") && !options['overwrite']
         error.call('Profile exists on the server, use --overwrite')
       end
 

data/lib/bundles/inspec-supermarket/api.rb

@@ -38,7 +38,8 @@ module Supermarket
     def self.info(profile, supermarket_url = SUPERMARKET_URL)
       _tool_owner, tool_name = profile_name("supermarket://#{profile}")
       return if tool_name.nil? || tool_name.empty?
-      url = "#{supermarket_url}/api/v1/tools/#{tool_name}"
+      # Tool name in Supermarket URL is downcased so we need to downcase
+      url = "#{supermarket_url}/api/v1/tools/#{tool_name.downcase}"
       _success, data = get(url, {})
       JSON.parse(data) if !data.nil?
     rescue JSON::ParserError
@@ -48,7 +49,11 @@ module Supermarket
     # compares a profile with the supermarket tool info
     def self.same?(profile, supermarket_tool, supermarket_url = SUPERMARKET_URL)
       tool_owner, tool_name = profile_name(profile)
-      tool = "#{supermarket_url}/api/v1/tools/#{tool_name}"
+
+      raise "Could not parse tool name from #{profile}" if tool_name.nil?
+
+      # Tool name in Supermarket URL is downcased so we need to downcase
+      tool = "#{supermarket_url}/api/v1/tools/#{tool_name.downcase}"
       supermarket_tool['tool_owner'] == tool_owner && supermarket_tool['tool'] == tool
     end
 

data/lib/fetchers/git.rb

@@ -83,7 +83,9 @@ module Fetchers
     end
 
     def resolve_ref(ref_name)
-      cmd = shellout("git ls-remote \"#{@remote_url}\" \"#{ref_name}*\"")
+      command_string = "git ls-remote \"#{@remote_url}\" \"#{ref_name}*\""
+      cmd = shellout(command_string)
+      raise "Error running '#{command_string}': #{cmd.stderr}" unless cmd.stderr == ''
       ref = parse_ls_remote(cmd.stdout, ref_name)
       if !ref
         raise "Unable to resolve #{ref_name} to a specific git commit for #{@remote_url}"

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '2.2.41'
+  VERSION = '2.2.50'
 end

data/lib/resources/package.rb

@@ -19,10 +19,7 @@ module Inspec::Resources
         its('version') { should eq 1.9.5 }
       end
     "
-    # rubocop:disable Metrics/AbcSize
-    # rubocop:disable Metrics/CyclomaticComplexity
-    # rubocop:disable Metrics/PerceivedComplexity
-    def initialize(package_name, opts = {})
+    def initialize(package_name, opts = {}) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
       @package_name = package_name
       @name = @package_name
       @cache = nil
@@ -54,9 +51,6 @@ module Inspec::Resources
 
       evaluate_missing_requirements
     end
-    # rubocop:enable Metrics/AbcSize
-    # rubocop:enable Metrics/CyclomaticComplexity
-    # rubocop:enable Metrics/PerceivedComplexity
 
     # returns true if the package is installed
     def installed?(_provider = nil, _version = nil)

data/lib/resources/virtualization.rb

@@ -67,15 +67,15 @@ module Inspec::Resources
     # - Additional edge cases likely should not change the above assumptions
     #   but rather be additive - btm
     def detect_xen
-      return false unless inspec.file('/proc/xen').exist?
-      @virtualization_data[:system] = 'xen'
-      @virtualization_data[:role] = 'guest'
-
       # This file should exist on most Xen systems, normally empty for guests
-      if inspec.file('/proc/xen/capabilities').exist? &&
-          inspec.file('/proc/xen/capabilities').content =~ /control_d/i # rubocop:disable Layout/MultilineOperationIndentation
+      return false unless inspec.file('/proc/xen/capabilities').exist?
+      @virtualization_data[:system] = 'xen'
+      if inspec.file('/proc/xen/capabilities').content =~ /control_d/i
         @virtualization_data[:role] = 'host'
+      else
+        @virtualization_data[:role] = 'guest'
       end
+
       true
     end
 

data/lib/resources/windows_feature.rb

@@ -1,84 +1,126 @@
 # encoding: utf-8
 
-# check for a Windows feature
-# Usage:
-# describe windows_feature('DHCP Server') do
-#   it{ should be_installed }
-# end
-#
-# deprecated serverspec syntax:
-# describe windows_feature('IIS-Webserver') do
-#   it{ should be_installed.by("dism") }
-# end
-#
-# describe windows_feature('Web-Webserver') do
-#   it{ should be_installed.by("powershell") }
-# end
-#
-# This implementation uses the Get-WindowsFeature commandlet:
-# Get-WindowsFeature | Where-Object {$_.Name -eq 'XPS Viewer' -or $_.DisplayName -eq 'XPS Viewe
-# r'} | Select-Object -Property Name,DisplayName,Description,Installed,InstallState | ConvertTo-Json
-# {
-#     "Name":  "XPS-Viewer",
-#     "DisplayName":  "XPS Viewer",
-#     "Description":  "The XPS Viewer is used to read, set permissions for, and digitally sign XPS documents.",
-#     "Installed":  false,
-#     "InstallState":  0
-# }
 module Inspec::Resources
   class WindowsFeature < Inspec.resource(1)
     name 'windows_feature'
     supports platform: 'windows'
     desc 'Use the windows_feature InSpec audit resource to test features on Microsoft Windows.'
-    example "
-      describe windows_feature('dhcp') do
+    example <<-EOX
+      # By default this resource will use Get-WindowsFeature.
+      # Failing that, it will use DISM.
+
+      # Get-WindowsFeature Example
+      describe windows_feature('Web-WebServer', :powershell) do
+        it { should be_installed }
+      end
+
+      # DISM Example
+      describe windows_feature('IIS-WebServer', :dism) do
+        it { should be_installed }
+      end
+
+      # Try PowerShell then DISM Example
+      describe windows_feature('IIS-WebServer') do
         it { should be_installed }
       end
-    "
+    EOX
 
-    def initialize(feature)
+    def initialize(feature, method = nil)
       @feature = feature
+      @method = method
       @cache = nil
-
-      # verify that this resource is only supported on Windows
-      return skip_resource 'The `windows_feature` resource is not supported on your OS.' if !inspec.os.windows?
     end
 
     # returns true if the package is installed
-    def installed?(_provider = nil, _version = nil)
+    def installed?
       info[:installed] == true
     end
 
     # returns the package description
     def info
       return @cache if !@cache.nil?
-      features_cmd = "Get-WindowsFeature | Where-Object {$_.Name -eq '#{@feature}' -or $_.DisplayName -eq '#{@feature}'} | Select-Object -Property Name,DisplayName,Description,Installed,InstallState | ConvertTo-Json"
-      cmd = inspec.command(features_cmd)
 
-      @cache = {
-        name: @feature,
-        type: 'windows-feature',
-      }
-
-      # cannot rely on exit code for now, successful command returns exit code 1
-      # return nil if cmd.exit_status != 0
-      # try to parse json
-      begin
-        params = JSON.parse(cmd.stdout)
-      rescue JSON::ParserError => _e
-        return @cache
+      case @method
+      when :powershell
+        @cache = info_via_powershell(@feature)
+        if @cache[:error]
+          # TODO: Allow handling `Inspec::Exception` outside of initialize
+          # See: https://github.com/inspec/inspec/issues/3237
+          # The below will fail the resource regardless of what is raised
+          raise Inspec::Exceptions::ResourceFailed, @cache[:error]
+        end
+      when :dism
+        @cache = info_via_dism(@feature)
+      else
+        @cache = info_via_powershell(@feature)
+        @cache = info_via_dism(@feature) if @cache[:error]
       end
 
-      @cache = {
-        name: params['Name'],
-        description: params['Description'],
-        installed: params['Installed'],
-        type: 'windows-feature',
-      }
+      @cache
     end
 
     def to_s
       "Windows Feature '#{@feature}'"
     end
+
+    private
+
+    def info_via_dism(feature)
+      dism_command = "dism /online /get-featureinfo /featurename:#{feature}"
+      cmd = inspec.command(dism_command)
+
+      if cmd.exit_status != 0
+        feature_info = {
+          name: feature,
+          description: 'N/A',
+          installed: false,
+        }
+      else
+        result = cmd.stdout
+        feature_name_regex = /Feature Name : (.*)(\r\n|\n)/
+        description_regex = /Description : (.*)(\r\n|\n)/
+        feature_info = {
+          name: result.match(feature_name_regex).captures[0].chomp,
+          description: result.match(description_regex).captures[0].chomp,
+          installed: true,
+        }
+      end
+
+      feature_info[:method] = :dism
+      feature_info
+    end
+
+    def info_via_powershell(feature)
+      features_cmd = "Get-WindowsFeature | Where-Object {$_.Name -eq '#{feature}' -or $_.DisplayName -eq '#{feature}'} | Select-Object -Property Name,DisplayName,Description,Installed,InstallState | ConvertTo-Json"
+      cmd = inspec.command(features_cmd)
+
+      feature_info = {}
+
+      # The `Get-WindowsFeature` command is not available on the Windows
+      # non-server OS. This attempts to use the `dism` command to get the info.
+      if cmd.stderr =~ /The term 'Get-WindowsFeature' is not recognized/
+        feature_info[:name] = feature
+        feature_info[:error] = 'Could not find `Get-WindowsFeature`'
+      else
+        # We cannot rely on `cmd.exit_status != 0` because by default the
+        # command will exit 1 even on success. So, if we cannot parse the JSON
+        # we know that the feature is not installed.
+        begin
+          result = JSON.parse(cmd.stdout)
+
+          feature_info = {
+            name: result['Name'],
+            description: result['Description'],
+            installed: result['Installed'],
+          }
+        rescue JSON::ParserError => _e
+          feature_info[:name] = feature
+          feature_info[:installed] = false
+        end
+      end
+
+      feature_info[:method] = :powershell
+      feature_info
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 2.2.41
+  version: 2.2.50
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-07-20 00:00:00.000000000 Z
+date: 2018-07-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train