inspec 3.0.9 → 3.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +29 -18
- data/etc/plugin_filters.json +9 -1
- data/lib/inspec/resource.rb +2 -0
- data/lib/inspec/runner_rspec.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/resources/ksh.rb +35 -0
- data/lib/resources/security_identifier.rb +84 -0
- data/lib/utils/command_wrapper.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b84e3860f60f0346c8284b8eff2633018d13c3f48c43f214d883f472e96881e8
|
|
4
|
+
data.tar.gz: d336c4d15225faf7cd54644426bf06111848e2aaa8697519c485fc47bc322e6a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 54976889ef811f88ace3a5eda1cf57520092f8d9cf30b5cbfe6d245c77238fe686472bf81926e748a51ea717a0672d77c150f05fd6485eca52a015c9bddd9a78
|
|
7
|
+
data.tar.gz: ca315a5ad6e3bcd3c9f27d16fba27eaddf545fbdc94b41c4cddde6ee7a62ed253758cd60bcc31150393d973fdfa664ee49f57f26d65936cd7b608c530d569eaf
|
data/CHANGELOG.md
CHANGED
|
@@ -1,32 +1,44 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
|
|
3
|
-
<!-- latest_release 3.0.
|
|
4
|
-
## [v3.0.
|
|
3
|
+
<!-- latest_release 3.0.12 -->
|
|
4
|
+
## [v3.0.12](https://github.com/inspec/inspec/tree/v3.0.12) (2018-10-24)
|
|
5
5
|
|
|
6
|
-
####
|
|
7
|
-
-
|
|
6
|
+
#### Bug Fixes
|
|
7
|
+
- Update to safe navigation exit code search [#3541](https://github.com/inspec/inspec/pull/3541) ([jquick](https://github.com/jquick))
|
|
8
8
|
<!-- latest_release -->
|
|
9
9
|
|
|
10
|
-
<!-- release_rollup since=3.0.
|
|
11
|
-
### Changes since 3.0.
|
|
12
|
-
|
|
13
|
-
#### Enhancements
|
|
14
|
-
- Minor cleanups of plugin documentation. 'Plugin' instead of 'PluginDefinition' [#3527](https://github.com/inspec/inspec/pull/3527) ([mattray](https://github.com/mattray)) <!-- 3.0.5 -->
|
|
10
|
+
<!-- release_rollup since=3.0.9 -->
|
|
11
|
+
### Changes since 3.0.9 release
|
|
15
12
|
|
|
16
13
|
#### Bug Fixes
|
|
17
|
-
-
|
|
18
|
-
- FilterTable: allow Strings or Symbols as fields [#3481](https://github.com/inspec/inspec/pull/3481) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 3.0.2 -->
|
|
14
|
+
- Update to safe navigation exit code search [#3541](https://github.com/inspec/inspec/pull/3541) ([jquick](https://github.com/jquick)) <!-- 3.0.12 -->
|
|
19
15
|
|
|
20
16
|
#### Merged Pull Requests
|
|
21
|
-
- Add
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
-
|
|
25
|
-
- Filter out inspec-k8s and inspec-release [#3525](https://github.com/inspec/inspec/pull/3525) ([miah](https://github.com/miah)) <!-- 3.0.3 -->
|
|
26
|
-
- style: Fix quotes/style on the `docker` resource [#3516](https://github.com/inspec/inspec/pull/3516) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 3.0.1 -->
|
|
17
|
+
- Add inspec/train vault to plugin exclusion [#3532](https://github.com/inspec/inspec/pull/3532) ([jquick](https://github.com/jquick)) <!-- 3.0.11 -->
|
|
18
|
+
|
|
19
|
+
#### New Resources
|
|
20
|
+
- New resource to work with Windows security identifiers (SIDs) [#3405](https://github.com/inspec/inspec/pull/3405) ([james-stocks](https://github.com/james-stocks)) <!-- 3.0.10 -->
|
|
27
21
|
<!-- release_rollup -->
|
|
28
22
|
|
|
29
23
|
<!-- latest_stable_release -->
|
|
24
|
+
## [v3.0.9](https://github.com/inspec/inspec/tree/v3.0.9) (2018-10-18)
|
|
25
|
+
|
|
26
|
+
#### Enhancements
|
|
27
|
+
- Minor cleanups of plugin documentation. 'Plugin' instead of 'PluginDefinition' [#3527](https://github.com/inspec/inspec/pull/3527) ([mattray](https://github.com/mattray))
|
|
28
|
+
|
|
29
|
+
#### Bug Fixes
|
|
30
|
+
- FilterTable: allow Strings or Symbols as fields [#3481](https://github.com/inspec/inspec/pull/3481) ([clintoncwolfe](https://github.com/clintoncwolfe))
|
|
31
|
+
- Fixes corrupt plugins.json when testing a plugin outside of core [#3526](https://github.com/inspec/inspec/pull/3526) ([clintoncwolfe](https://github.com/clintoncwolfe))
|
|
32
|
+
|
|
33
|
+
#### Merged Pull Requests
|
|
34
|
+
- style: Fix quotes/style on the `docker` resource [#3516](https://github.com/inspec/inspec/pull/3516) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
35
|
+
- Filter out inspec-k8s and inspec-release [#3525](https://github.com/inspec/inspec/pull/3525) ([miah](https://github.com/miah))
|
|
36
|
+
- docs: Fix small issues with the `file` resource [#3515](https://github.com/inspec/inspec/pull/3515) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
37
|
+
- Add debug and sort options for plugins [#3530](https://github.com/inspec/inspec/pull/3530) ([jquick](https://github.com/jquick))
|
|
38
|
+
- Pin inspec to the new train [#3531](https://github.com/inspec/inspec/pull/3531) ([jquick](https://github.com/jquick))
|
|
39
|
+
- Add missing tests for groups resource, document members property, and assorted fixes. [#3467](https://github.com/inspec/inspec/pull/3467) ([miah](https://github.com/miah))
|
|
40
|
+
<!-- latest_stable_release -->
|
|
41
|
+
|
|
30
42
|
## [v3.0.0](https://github.com/inspec/inspec/tree/v3.0.0) (2018-10-15)
|
|
31
43
|
|
|
32
44
|
#### Enhancements
|
|
@@ -35,7 +47,6 @@
|
|
|
35
47
|
#### Merged Pull Requests
|
|
36
48
|
- Change `Inspec ` to `InSpec ` where appropriate [#3494](https://github.com/inspec/inspec/pull/3494) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
37
49
|
- Update the text on the generic default attribute [#3508](https://github.com/inspec/inspec/pull/3508) ([jquick](https://github.com/jquick))
|
|
38
|
-
<!-- latest_stable_release -->
|
|
39
50
|
|
|
40
51
|
## [v2.3.24](https://github.com/inspec/inspec/tree/v2.3.24) (2018-10-12)
|
|
41
52
|
|
data/etc/plugin_filters.json
CHANGED
|
@@ -15,7 +15,15 @@
|
|
|
15
15
|
},
|
|
16
16
|
{
|
|
17
17
|
"plugin_name": "inspec-release",
|
|
18
|
-
"rationale": "
|
|
18
|
+
"rationale": "This gem is currently only a placeholder, waiting to be built."
|
|
19
|
+
},
|
|
20
|
+
{
|
|
21
|
+
"plugin_name": "inspec-vault",
|
|
22
|
+
"rationale": "This gem is currently only a placeholder, waiting to be built."
|
|
23
|
+
},
|
|
24
|
+
{
|
|
25
|
+
"plugin_name": "train-vault",
|
|
26
|
+
"rationale": "This gem is currently only a placeholder, waiting to be built."
|
|
19
27
|
},
|
|
20
28
|
{
|
|
21
29
|
"plugin_name": "train-tax-calculator",
|
data/lib/inspec/resource.rb
CHANGED
|
@@ -144,6 +144,7 @@ require 'resources/json'
|
|
|
144
144
|
require 'resources/kernel_module'
|
|
145
145
|
require 'resources/kernel_parameter'
|
|
146
146
|
require 'resources/key_rsa'
|
|
147
|
+
require 'resources/ksh'
|
|
147
148
|
require 'resources/limits_conf'
|
|
148
149
|
require 'resources/login_def'
|
|
149
150
|
require 'resources/mount'
|
|
@@ -175,6 +176,7 @@ require 'resources/powershell'
|
|
|
175
176
|
require 'resources/processes'
|
|
176
177
|
require 'resources/rabbitmq_conf'
|
|
177
178
|
require 'resources/registry_key'
|
|
179
|
+
require 'resources/security_identifier'
|
|
178
180
|
require 'resources/security_policy'
|
|
179
181
|
require 'resources/service'
|
|
180
182
|
require 'resources/shadow'
|
data/lib/inspec/runner_rspec.rb
CHANGED
|
@@ -84,7 +84,7 @@ module Inspec
|
|
|
84
84
|
def exit_code
|
|
85
85
|
return @rspec_exit_code if @formatter.results.empty?
|
|
86
86
|
stats = @formatter.results[:statistics][:controls]
|
|
87
|
-
skipped = @formatter.results
|
|
87
|
+
skipped = @formatter.results&.fetch(:profiles, nil)&.first&.fetch(:status, nil) == 'skipped'
|
|
88
88
|
if stats[:failed][:total] == 0 && stats[:skipped][:total] == 0 && !skipped
|
|
89
89
|
0
|
|
90
90
|
elsif stats[:failed][:total] > 0
|
data/lib/inspec/version.rb
CHANGED
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
|
|
3
|
+
require 'utils/command_wrapper'
|
|
4
|
+
require 'resources/command'
|
|
5
|
+
|
|
6
|
+
module Inspec::Resources
|
|
7
|
+
class Ksh < Cmd
|
|
8
|
+
name 'ksh'
|
|
9
|
+
supports platform: 'unix'
|
|
10
|
+
desc 'Run a command or script in KornShell.'
|
|
11
|
+
example "
|
|
12
|
+
describe ksh('ls -al /') do
|
|
13
|
+
its('stdout') { should match /bin/ }
|
|
14
|
+
its('stderr') { should eq '' }
|
|
15
|
+
its('exit_status') { should eq 0 }
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
# Specify the path of the executable:
|
|
19
|
+
ksh('...', path: '/usr/bin/ksh93')
|
|
20
|
+
|
|
21
|
+
# Specify arguments (defaults to -c)
|
|
22
|
+
ksh('...', args: '-x -c')
|
|
23
|
+
"
|
|
24
|
+
|
|
25
|
+
def initialize(command, options = {})
|
|
26
|
+
@raw_command = command
|
|
27
|
+
options[:shell] = 'ksh' if options.is_a?(Hash)
|
|
28
|
+
super(CommandWrapper.wrap(command, options))
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def to_s
|
|
32
|
+
"KornShell command #{@raw_command}"
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
module Inspec::Resources
|
|
5
|
+
class SecurityIdentifier < Inspec.resource(1)
|
|
6
|
+
name 'security_identifier'
|
|
7
|
+
supports platform: 'windows'
|
|
8
|
+
desc 'Resource that returns a Security Identifier for a given entity name in Windows.'
|
|
9
|
+
example <<-EOD
|
|
10
|
+
describe security_identifier(group: 'Everyone') do
|
|
11
|
+
it { should exist }
|
|
12
|
+
its('sid') { should eq 'S-1-1-0' }
|
|
13
|
+
end
|
|
14
|
+
EOD
|
|
15
|
+
|
|
16
|
+
def initialize(opts = {})
|
|
17
|
+
supported_opt_keys = [:user, :group, :unspecified]
|
|
18
|
+
raise ArgumentError, "Invalid security_identifier param '#{opts}'. Please pass a hash with these supported keys: #{supported_opt_keys}" unless opts.respond_to?(:keys)
|
|
19
|
+
raise ArgumentError, "Unsupported security_identifier options '#{opts.keys - supported_opt_keys}'. Supported keys: #[supported_opt_keys]" unless (opts.keys - supported_opt_keys).empty?
|
|
20
|
+
raise ArgumentError, 'Specifying more than one of :user :group or :unspecified for security_identifier is not supported' unless opts.keys && (opts.keys & supported_opt_keys).length == 1
|
|
21
|
+
if opts[:user]
|
|
22
|
+
@type = :user
|
|
23
|
+
@name = opts[:user]
|
|
24
|
+
end
|
|
25
|
+
if opts[:group]
|
|
26
|
+
@type = :group
|
|
27
|
+
@name = opts[:group]
|
|
28
|
+
end
|
|
29
|
+
if opts[:unspecified]
|
|
30
|
+
@type = :unspecified
|
|
31
|
+
@name = opts[:unspecified]
|
|
32
|
+
end
|
|
33
|
+
raise ArgumentError, 'Specify one of :user :group or :unspecified for security_identifier' unless @name
|
|
34
|
+
@sids = nil
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def sid
|
|
38
|
+
fetch_sids unless @sids
|
|
39
|
+
@sids[@name] # nil if not found
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def exist?
|
|
43
|
+
fetch_sids unless @sids
|
|
44
|
+
@sids.key?(@name)
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
private
|
|
48
|
+
|
|
49
|
+
def fetch_sids
|
|
50
|
+
@sids = {}
|
|
51
|
+
case @type
|
|
52
|
+
when :group
|
|
53
|
+
sid_data = wmi_results(:group)
|
|
54
|
+
when :user
|
|
55
|
+
sid_data = wmi_results(:user)
|
|
56
|
+
when :unspecified
|
|
57
|
+
# try group first, then user
|
|
58
|
+
sid_data = wmi_results(:group)
|
|
59
|
+
if sid_data.empty?
|
|
60
|
+
sid_data = wmi_results(:user)
|
|
61
|
+
end
|
|
62
|
+
else
|
|
63
|
+
raise "Unhandled entity type '#{@type}'"
|
|
64
|
+
end
|
|
65
|
+
sid_data.each { |sid| @sids[sid[1]] = sid[2] }
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def wmi_results(type)
|
|
69
|
+
query = 'wmic '
|
|
70
|
+
case type
|
|
71
|
+
when :group
|
|
72
|
+
query += 'group'
|
|
73
|
+
when :user
|
|
74
|
+
query += 'useraccount'
|
|
75
|
+
end
|
|
76
|
+
query += " where 'Name=\"#{@name}\"' get Name\",\"SID /format:csv"
|
|
77
|
+
# Example output:
|
|
78
|
+
# inspec> command("wmic useraccount where 'Name=\"Administrator\"' get Name\",\"SID /format:csv").stdout
|
|
79
|
+
# => "\r\n\r\nNode,Name,SID\r\n\r\nComputer1,Administrator,S-1-5-21-650485088-1194226989-968533923-500\r\n\r\n"
|
|
80
|
+
# Remove the \r characters, split on \n\n, ignore the CSV header row
|
|
81
|
+
inspec.command(query).stdout.strip.tr("\r", '').split("\n\n")[1..-1].map { |entry| entry.split(',') }
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.12
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dominik Richter
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-10-
|
|
11
|
+
date: 2018-10-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: train
|
|
@@ -601,6 +601,7 @@ files:
|
|
|
601
601
|
- lib/resources/kernel_module.rb
|
|
602
602
|
- lib/resources/kernel_parameter.rb
|
|
603
603
|
- lib/resources/key_rsa.rb
|
|
604
|
+
- lib/resources/ksh.rb
|
|
604
605
|
- lib/resources/limits_conf.rb
|
|
605
606
|
- lib/resources/login_def.rb
|
|
606
607
|
- lib/resources/mount.rb
|
|
@@ -632,6 +633,7 @@ files:
|
|
|
632
633
|
- lib/resources/processes.rb
|
|
633
634
|
- lib/resources/rabbitmq_conf.rb
|
|
634
635
|
- lib/resources/registry_key.rb
|
|
636
|
+
- lib/resources/security_identifier.rb
|
|
635
637
|
- lib/resources/security_policy.rb
|
|
636
638
|
- lib/resources/service.rb
|
|
637
639
|
- lib/resources/shadow.rb
|