inspec 3.0.9 → 3.0.12

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +29 -18
  3. data/etc/plugin_filters.json +9 -1
  4. data/lib/inspec/resource.rb +2 -0
  5. data/lib/inspec/runner_rspec.rb +1 -1
  6. data/lib/inspec/version.rb +1 -1
  7. data/lib/resources/ksh.rb +35 -0
  8. data/lib/resources/security_identifier.rb +84 -0
  9. data/lib/utils/command_wrapper.rb +1 -1
  10. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6f49689c3694c4ec3a2c9128df201e1ac81ffdf4981948d343d5396ed6599f1b
4
- data.tar.gz: cc3f864f342fba8a7f404f69727e807cb12a397683ae2e2a217d4efd89a25586
3
+ metadata.gz: b84e3860f60f0346c8284b8eff2633018d13c3f48c43f214d883f472e96881e8
4
+ data.tar.gz: d336c4d15225faf7cd54644426bf06111848e2aaa8697519c485fc47bc322e6a
5
5
  SHA512:
6
- metadata.gz: 1dc4515fa59a0412e2c97d2a3b2ccc80fda17b93d823e9865eb14428da5c58d3dedadc59e999c97fc09d9c5290840176403fb8d5b5d03bc9508a34f1e9fc5f79
7
- data.tar.gz: 779e7a23b102ebe6cb28d4d6ba03e95c0975691d6835ee830f40e52ad326deeb450e1a3e90f8503d013eef10251706aab2d85fb4fb8b10ffab86d229cc505a41
6
+ metadata.gz: 54976889ef811f88ace3a5eda1cf57520092f8d9cf30b5cbfe6d245c77238fe686472bf81926e748a51ea717a0672d77c150f05fd6485eca52a015c9bddd9a78
7
+ data.tar.gz: ca315a5ad6e3bcd3c9f27d16fba27eaddf545fbdc94b41c4cddde6ee7a62ed253758cd60bcc31150393d973fdfa664ee49f57f26d65936cd7b608c530d569eaf
data/CHANGELOG.md CHANGED
@@ -1,32 +1,44 @@
1
1
  # Change Log
2
2
  <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
3
- <!-- latest_release 3.0.9 -->
4
- ## [v3.0.9](https://github.com/inspec/inspec/tree/v3.0.9) (2018-10-18)
3
+ <!-- latest_release 3.0.12 -->
4
+ ## [v3.0.12](https://github.com/inspec/inspec/tree/v3.0.12) (2018-10-24)
5
5
 
6
- #### Merged Pull Requests
7
- - Add missing tests for groups resource, document members property, and assorted fixes. [#3467](https://github.com/inspec/inspec/pull/3467) ([miah](https://github.com/miah))
6
+ #### Bug Fixes
7
+ - Update to safe navigation exit code search [#3541](https://github.com/inspec/inspec/pull/3541) ([jquick](https://github.com/jquick))
8
8
  <!-- latest_release -->
9
9
 
10
- <!-- release_rollup since=3.0.0 -->
11
- ### Changes since 3.0.0 release
12
-
13
- #### Enhancements
14
- - Minor cleanups of plugin documentation. &#39;Plugin&#39; instead of &#39;PluginDefinition&#39; [#3527](https://github.com/inspec/inspec/pull/3527) ([mattray](https://github.com/mattray)) <!-- 3.0.5 -->
10
+ <!-- release_rollup since=3.0.9 -->
11
+ ### Changes since 3.0.9 release
15
12
 
16
13
  #### Bug Fixes
17
- - Fixes corrupt plugins.json when testing a plugin outside of core [#3526](https://github.com/inspec/inspec/pull/3526) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 3.0.7 -->
18
- - FilterTable: allow Strings or Symbols as fields [#3481](https://github.com/inspec/inspec/pull/3481) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 3.0.2 -->
14
+ - Update to safe navigation exit code search [#3541](https://github.com/inspec/inspec/pull/3541) ([jquick](https://github.com/jquick)) <!-- 3.0.12 -->
19
15
 
20
16
  #### Merged Pull Requests
21
- - Add missing tests for groups resource, document members property, and assorted fixes. [#3467](https://github.com/inspec/inspec/pull/3467) ([miah](https://github.com/miah)) <!-- 3.0.9 -->
22
- - Pin inspec to the new train [#3531](https://github.com/inspec/inspec/pull/3531) ([jquick](https://github.com/jquick)) <!-- 3.0.8 -->
23
- - Add debug and sort options for plugins [#3530](https://github.com/inspec/inspec/pull/3530) ([jquick](https://github.com/jquick)) <!-- 3.0.6 -->
24
- - docs: Fix small issues with the `file` resource [#3515](https://github.com/inspec/inspec/pull/3515) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 3.0.4 -->
25
- - Filter out inspec-k8s and inspec-release [#3525](https://github.com/inspec/inspec/pull/3525) ([miah](https://github.com/miah)) <!-- 3.0.3 -->
26
- - style: Fix quotes/style on the `docker` resource [#3516](https://github.com/inspec/inspec/pull/3516) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 3.0.1 -->
17
+ - Add inspec/train vault to plugin exclusion [#3532](https://github.com/inspec/inspec/pull/3532) ([jquick](https://github.com/jquick)) <!-- 3.0.11 -->
18
+
19
+ #### New Resources
20
+ - New resource to work with Windows security identifiers (SIDs) [#3405](https://github.com/inspec/inspec/pull/3405) ([james-stocks](https://github.com/james-stocks)) <!-- 3.0.10 -->
27
21
  <!-- release_rollup -->
28
22
 
29
23
  <!-- latest_stable_release -->
24
+ ## [v3.0.9](https://github.com/inspec/inspec/tree/v3.0.9) (2018-10-18)
25
+
26
+ #### Enhancements
27
+ - Minor cleanups of plugin documentation. &#39;Plugin&#39; instead of &#39;PluginDefinition&#39; [#3527](https://github.com/inspec/inspec/pull/3527) ([mattray](https://github.com/mattray))
28
+
29
+ #### Bug Fixes
30
+ - FilterTable: allow Strings or Symbols as fields [#3481](https://github.com/inspec/inspec/pull/3481) ([clintoncwolfe](https://github.com/clintoncwolfe))
31
+ - Fixes corrupt plugins.json when testing a plugin outside of core [#3526](https://github.com/inspec/inspec/pull/3526) ([clintoncwolfe](https://github.com/clintoncwolfe))
32
+
33
+ #### Merged Pull Requests
34
+ - style: Fix quotes/style on the `docker` resource [#3516](https://github.com/inspec/inspec/pull/3516) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
35
+ - Filter out inspec-k8s and inspec-release [#3525](https://github.com/inspec/inspec/pull/3525) ([miah](https://github.com/miah))
36
+ - docs: Fix small issues with the `file` resource [#3515](https://github.com/inspec/inspec/pull/3515) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
37
+ - Add debug and sort options for plugins [#3530](https://github.com/inspec/inspec/pull/3530) ([jquick](https://github.com/jquick))
38
+ - Pin inspec to the new train [#3531](https://github.com/inspec/inspec/pull/3531) ([jquick](https://github.com/jquick))
39
+ - Add missing tests for groups resource, document members property, and assorted fixes. [#3467](https://github.com/inspec/inspec/pull/3467) ([miah](https://github.com/miah))
40
+ <!-- latest_stable_release -->
41
+
30
42
  ## [v3.0.0](https://github.com/inspec/inspec/tree/v3.0.0) (2018-10-15)
31
43
 
32
44
  #### Enhancements
@@ -35,7 +47,6 @@
35
47
  #### Merged Pull Requests
36
48
  - Change `Inspec ` to `InSpec ` where appropriate [#3494](https://github.com/inspec/inspec/pull/3494) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
37
49
  - Update the text on the generic default attribute [#3508](https://github.com/inspec/inspec/pull/3508) ([jquick](https://github.com/jquick))
38
- <!-- latest_stable_release -->
39
50
 
40
51
  ## [v2.3.24](https://github.com/inspec/inspec/tree/v2.3.24) (2018-10-12)
41
52
 
data/etc/plugin_filters.json CHANGED
@@ -15,7 +15,15 @@
15
15
  },
16
16
  {
17
17
  "plugin_name": "inspec-release",
18
- "rationale": "It is not plugin."
18
+ "rationale": "This gem is currently only a placeholder, waiting to be built."
19
+ },
20
+ {
21
+ "plugin_name": "inspec-vault",
22
+ "rationale": "This gem is currently only a placeholder, waiting to be built."
23
+ },
24
+ {
25
+ "plugin_name": "train-vault",
26
+ "rationale": "This gem is currently only a placeholder, waiting to be built."
19
27
  },
20
28
  {
21
29
  "plugin_name": "train-tax-calculator",
data/lib/inspec/resource.rb CHANGED
@@ -144,6 +144,7 @@ require 'resources/json'
144
144
  require 'resources/kernel_module'
145
145
  require 'resources/kernel_parameter'
146
146
  require 'resources/key_rsa'
147
+ require 'resources/ksh'
147
148
  require 'resources/limits_conf'
148
149
  require 'resources/login_def'
149
150
  require 'resources/mount'
@@ -175,6 +176,7 @@ require 'resources/powershell'
175
176
  require 'resources/processes'
176
177
  require 'resources/rabbitmq_conf'
177
178
  require 'resources/registry_key'
179
+ require 'resources/security_identifier'
178
180
  require 'resources/security_policy'
179
181
  require 'resources/service'
180
182
  require 'resources/shadow'
data/lib/inspec/runner_rspec.rb CHANGED
@@ -84,7 +84,7 @@ module Inspec
84
84
  def exit_code
85
85
  return @rspec_exit_code if @formatter.results.empty?
86
86
  stats = @formatter.results[:statistics][:controls]
87
- skipped = @formatter.results[:profiles].first[:status] == 'skipped'
87
+ skipped = @formatter.results&.fetch(:profiles, nil)&.first&.fetch(:status, nil) == 'skipped'
88
88
  if stats[:failed][:total] == 0 && stats[:skipped][:total] == 0 && !skipped
89
89
  0
90
90
  elsif stats[:failed][:total] > 0
data/lib/inspec/version.rb CHANGED
@@ -4,5 +4,5 @@
4
4
  # author: Christoph Hartmann
5
5
 
6
6
  module Inspec
7
- VERSION = '3.0.9'
7
+ VERSION = '3.0.12'
8
8
  end
data/lib/resources/ksh.rb ADDED
@@ -0,0 +1,35 @@
1
+ # encoding: utf-8
2
+
3
+ require 'utils/command_wrapper'
4
+ require 'resources/command'
5
+
6
+ module Inspec::Resources
7
+ class Ksh < Cmd
8
+ name 'ksh'
9
+ supports platform: 'unix'
10
+ desc 'Run a command or script in KornShell.'
11
+ example "
12
+ describe ksh('ls -al /') do
13
+ its('stdout') { should match /bin/ }
14
+ its('stderr') { should eq '' }
15
+ its('exit_status') { should eq 0 }
16
+ end
17
+
18
+ # Specify the path of the executable:
19
+ ksh('...', path: '/usr/bin/ksh93')
20
+
21
+ # Specify arguments (defaults to -c)
22
+ ksh('...', args: '-x -c')
23
+ "
24
+
25
+ def initialize(command, options = {})
26
+ @raw_command = command
27
+ options[:shell] = 'ksh' if options.is_a?(Hash)
28
+ super(CommandWrapper.wrap(command, options))
29
+ end
30
+
31
+ def to_s
32
+ "KornShell command #{@raw_command}"
33
+ end
34
+ end
35
+ end
data/lib/resources/security_identifier.rb ADDED
@@ -0,0 +1,84 @@
1
+ # encoding: utf-8
2
+ # frozen_string_literal: true
3
+
4
+ module Inspec::Resources
5
+ class SecurityIdentifier < Inspec.resource(1)
6
+ name 'security_identifier'
7
+ supports platform: 'windows'
8
+ desc 'Resource that returns a Security Identifier for a given entity name in Windows.'
9
+ example <<-EOD
10
+ describe security_identifier(group: 'Everyone') do
11
+ it { should exist }
12
+ its('sid') { should eq 'S-1-1-0' }
13
+ end
14
+ EOD
15
+
16
+ def initialize(opts = {})
17
+ supported_opt_keys = [:user, :group, :unspecified]
18
+ raise ArgumentError, "Invalid security_identifier param '#{opts}'. Please pass a hash with these supported keys: #{supported_opt_keys}" unless opts.respond_to?(:keys)
19
+ raise ArgumentError, "Unsupported security_identifier options '#{opts.keys - supported_opt_keys}'. Supported keys: #[supported_opt_keys]" unless (opts.keys - supported_opt_keys).empty?
20
+ raise ArgumentError, 'Specifying more than one of :user :group or :unspecified for security_identifier is not supported' unless opts.keys && (opts.keys & supported_opt_keys).length == 1
21
+ if opts[:user]
22
+ @type = :user
23
+ @name = opts[:user]
24
+ end
25
+ if opts[:group]
26
+ @type = :group
27
+ @name = opts[:group]
28
+ end
29
+ if opts[:unspecified]
30
+ @type = :unspecified
31
+ @name = opts[:unspecified]
32
+ end
33
+ raise ArgumentError, 'Specify one of :user :group or :unspecified for security_identifier' unless @name
34
+ @sids = nil
35
+ end
36
+
37
+ def sid
38
+ fetch_sids unless @sids
39
+ @sids[@name] # nil if not found
40
+ end
41
+
42
+ def exist?
43
+ fetch_sids unless @sids
44
+ @sids.key?(@name)
45
+ end
46
+
47
+ private
48
+
49
+ def fetch_sids
50
+ @sids = {}
51
+ case @type
52
+ when :group
53
+ sid_data = wmi_results(:group)
54
+ when :user
55
+ sid_data = wmi_results(:user)
56
+ when :unspecified
57
+ # try group first, then user
58
+ sid_data = wmi_results(:group)
59
+ if sid_data.empty?
60
+ sid_data = wmi_results(:user)
61
+ end
62
+ else
63
+ raise "Unhandled entity type '#{@type}'"
64
+ end
65
+ sid_data.each { |sid| @sids[sid[1]] = sid[2] }
66
+ end
67
+
68
+ def wmi_results(type)
69
+ query = 'wmic '
70
+ case type
71
+ when :group
72
+ query += 'group'
73
+ when :user
74
+ query += 'useraccount'
75
+ end
76
+ query += " where 'Name=\"#{@name}\"' get Name\",\"SID /format:csv"
77
+ # Example output:
78
+ # inspec> command("wmic useraccount where 'Name=\"Administrator\"' get Name\",\"SID /format:csv").stdout
79
+ # => "\r\n\r\nNode,Name,SID\r\n\r\nComputer1,Administrator,S-1-5-21-650485088-1194226989-968533923-500\r\n\r\n"
80
+ # Remove the \r characters, split on \n\n, ignore the CSV header row
81
+ inspec.command(query).stdout.strip.tr("\r", '').split("\n\n")[1..-1].map { |entry| entry.split(',') }
82
+ end
83
+ end
84
+ end
data/lib/utils/command_wrapper.rb CHANGED
@@ -5,7 +5,7 @@
5
5
  require 'shellwords'
6
6
 
7
7
  class CommandWrapper
8
- UNIX_SHELLS = %w{sh bash zsh}.freeze
8
+ UNIX_SHELLS = %w{sh bash zsh ksh}.freeze
9
9
 
10
10
  def self.wrap(cmd, options)
11
11
  unless options.is_a?(Hash)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.9
4
+ version: 3.0.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dominik Richter
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-10-18 00:00:00.000000000 Z
11
+ date: 2018-10-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: train
@@ -601,6 +601,7 @@ files:
601
601
  - lib/resources/kernel_module.rb
602
602
  - lib/resources/kernel_parameter.rb
603
603
  - lib/resources/key_rsa.rb
604
+ - lib/resources/ksh.rb
604
605
  - lib/resources/limits_conf.rb
605
606
  - lib/resources/login_def.rb
606
607
  - lib/resources/mount.rb
@@ -632,6 +633,7 @@ files:
632
633
  - lib/resources/processes.rb
633
634
  - lib/resources/rabbitmq_conf.rb
634
635
  - lib/resources/registry_key.rb
636
+ - lib/resources/security_identifier.rb
635
637
  - lib/resources/security_policy.rb
636
638
  - lib/resources/service.rb
637
639
  - lib/resources/shadow.rb