inspec 4.1.4.preview → 4.2.0.preview
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +2 -0
- data/etc/deprecations.json +30 -30
- data/inspec.gemspec +1 -1
- data/lib/inspec/cli.rb +5 -1
- data/lib/inspec/control_eval_context.rb +32 -6
- data/lib/inspec/dependencies/requirement.rb +1 -0
- data/lib/inspec/dependencies/resolver.rb +2 -0
- data/lib/inspec/dsl.rb +1 -1
- data/lib/inspec/impact.rb +1 -1
- data/lib/inspec/input_registry.rb +187 -46
- data/lib/inspec/objects/input.rb +276 -65
- data/lib/inspec/profile.rb +23 -16
- data/lib/inspec/profile_context.rb +9 -13
- data/lib/inspec/rspec_extensions.rb +5 -1
- data/lib/inspec/runner.rb +12 -52
- data/lib/inspec/version.rb +1 -1
- data/lib/resources/mssql_session.rb +1 -1
- data/lib/resources/port.rb +4 -0
- metadata +12 -6
@@ -12,13 +12,11 @@ require 'inspec/objects/input'
|
|
12
12
|
|
13
13
|
module Inspec
|
14
14
|
class ProfileContext
|
15
|
-
def self.for_profile(profile, backend
|
16
|
-
new(profile.name, backend, { 'profile' => profile,
|
17
|
-
'inputs' => inputs,
|
18
|
-
'check_mode' => profile.check_mode })
|
15
|
+
def self.for_profile(profile, backend)
|
16
|
+
new(profile.name, backend, { 'profile' => profile, 'check_mode' => profile.check_mode })
|
19
17
|
end
|
20
18
|
|
21
|
-
attr_reader :
|
19
|
+
attr_reader :backend, :profile_name, :profile_id, :resource_registry
|
22
20
|
attr_accessor :rules
|
23
21
|
def initialize(profile_id, backend, conf)
|
24
22
|
if backend.nil?
|
@@ -35,7 +33,8 @@ module Inspec
|
|
35
33
|
@lib_subcontexts = []
|
36
34
|
@require_loader = ::Inspec::RequireLoader.new
|
37
35
|
Inspec::InputRegistry.register_profile_alias(@profile_id, @profile_name) if @profile_id != @profile_name
|
38
|
-
|
36
|
+
# TODO: consider polling input source plugins; this is a bulk fetch opportunity
|
37
|
+
|
39
38
|
# A local resource registry that only contains resources defined
|
40
39
|
# in the transitive dependency tree of the loaded profile.
|
41
40
|
@resource_registry = Inspec::Resource.new_registry
|
@@ -43,6 +42,10 @@ module Inspec
|
|
43
42
|
@current_load = nil
|
44
43
|
end
|
45
44
|
|
45
|
+
def attributes
|
46
|
+
Inspec::AttributeRegistry.list_attributes_for_profile(@profile_id)
|
47
|
+
end
|
48
|
+
|
46
49
|
def dependencies
|
47
50
|
if @conf['profile'].nil?
|
48
51
|
{}
|
@@ -187,13 +190,6 @@ module Inspec
|
|
187
190
|
end
|
188
191
|
end
|
189
192
|
|
190
|
-
def register_input(name, options = {})
|
191
|
-
# we need to return an input object, to allow dermination of values
|
192
|
-
input = Inspec::InputRegistry.register_input(name, @profile_id, options)
|
193
|
-
input.value = @conf['inputs'][name] unless @conf['inputs'].nil? || @conf['inputs'][name].nil?
|
194
|
-
input.value
|
195
|
-
end
|
196
|
-
|
197
193
|
def set_header(field, val)
|
198
194
|
@current_load[field] = val
|
199
195
|
end
|
@@ -66,9 +66,13 @@ end
|
|
66
66
|
class RSpec::Core::ExampleGroup
|
67
67
|
# This DSL method allows us to access the values of inputs within InSpec tests
|
68
68
|
def attribute(name)
|
69
|
-
Inspec::InputRegistry.
|
69
|
+
Inspec::InputRegistry.find_or_register_input(name, self.class.metadata[:profile_id]).value
|
70
70
|
end
|
71
71
|
define_example_method :attribute
|
72
|
+
def input_obj(name)
|
73
|
+
Inspec::InputRegistry.find_or_register_input(name, self.class.metadata[:profile_id])
|
74
|
+
end
|
75
|
+
define_example_method :input_obj
|
72
76
|
|
73
77
|
# Here, we have to ensure our method_missing gets called prior
|
74
78
|
# to RSpec::Core::ExampleGroup.method_missing (the class method).
|
data/lib/inspec/runner.rb
CHANGED
@@ -9,7 +9,6 @@ require 'inspec/backend'
|
|
9
9
|
require 'inspec/profile_context'
|
10
10
|
require 'inspec/profile'
|
11
11
|
require 'inspec/metadata'
|
12
|
-
require 'inspec/secrets'
|
13
12
|
require 'inspec/config'
|
14
13
|
require 'inspec/dependencies/cache'
|
15
14
|
# spec requirements
|
@@ -32,7 +31,7 @@ module Inspec
|
|
32
31
|
class Runner
|
33
32
|
extend Forwardable
|
34
33
|
|
35
|
-
attr_reader :backend, :rules
|
34
|
+
attr_reader :backend, :rules
|
36
35
|
|
37
36
|
def attributes
|
38
37
|
Inspec.deprecate(:rename_attributes_to_inputs, "Don't call runner.attributes, call runner.inputs")
|
@@ -57,10 +56,17 @@ module Inspec
|
|
57
56
|
RunnerRspec.new(@conf)
|
58
57
|
end
|
59
58
|
|
60
|
-
#
|
61
|
-
@
|
59
|
+
# About reading inputs:
|
60
|
+
# @conf gets passed around a lot, eventually to
|
61
|
+
# Inspec::InputRegistry.register_external_inputs.
|
62
|
+
#
|
63
|
+
# @conf may contain the key :attributes or :inputs, which is to be a Hash
|
64
|
+
# of values passed in from the Runner API.
|
65
|
+
# This is how kitchen-inspec and the audit_cookbook pass in inputs.
|
66
|
+
#
|
67
|
+
# @conf may contain the key :attrs or :input_file, which is to be an Array
|
68
|
+
# of file paths, each a YAML file. This how --input-file works.
|
62
69
|
|
63
|
-
load_inputs(@conf)
|
64
70
|
configure_transport
|
65
71
|
end
|
66
72
|
|
@@ -101,7 +107,6 @@ module Inspec
|
|
101
107
|
@test_collector.add_profile(requirement.profile)
|
102
108
|
end
|
103
109
|
|
104
|
-
@inputs = profile.runner_context.inputs if @inputs.empty?
|
105
110
|
tests = profile.collect_tests
|
106
111
|
all_controls += tests unless tests.nil?
|
107
112
|
end
|
@@ -149,35 +154,6 @@ module Inspec
|
|
149
154
|
@test_collector.exit_code
|
150
155
|
end
|
151
156
|
|
152
|
-
# determine all inputs before the execution, fetch data from secrets backend
|
153
|
-
def load_inputs(options)
|
154
|
-
# TODO: - rename :attributes - it is user-visible
|
155
|
-
options[:attributes] ||= {}
|
156
|
-
|
157
|
-
if options.key?(:attrs)
|
158
|
-
Inspec.deprecate(:rename_attributes_to_inputs, 'Use --input-file on the command line instead of --attrs.')
|
159
|
-
options[:input_file] = options.delete(:attrs)
|
160
|
-
end
|
161
|
-
secrets_targets = options[:input_file]
|
162
|
-
return options[:attributes] if secrets_targets.nil?
|
163
|
-
|
164
|
-
secrets_targets.each do |target|
|
165
|
-
validate_inputs_file_readability!(target)
|
166
|
-
|
167
|
-
secrets = Inspec::SecretsBackend.resolve(target)
|
168
|
-
if secrets.nil?
|
169
|
-
raise Inspec::Exceptions::SecretsBackendNotFound,
|
170
|
-
"Cannot find parser for inputs file '#{target}'. " \
|
171
|
-
'Check to make sure file has the appropriate extension.'
|
172
|
-
end
|
173
|
-
|
174
|
-
next if secrets.inputs.nil?
|
175
|
-
options[:attributes].merge!(secrets.inputs)
|
176
|
-
end
|
177
|
-
|
178
|
-
options[:attributes]
|
179
|
-
end
|
180
|
-
|
181
157
|
#
|
182
158
|
# add_target allows the user to add a target whose tests will be
|
183
159
|
# run when the user calls the run method.
|
@@ -209,7 +185,7 @@ module Inspec
|
|
209
185
|
vendor_cache: @cache,
|
210
186
|
backend: @backend,
|
211
187
|
controls: @controls,
|
212
|
-
|
188
|
+
runner_conf: @conf)
|
213
189
|
raise "Could not resolve #{target} to valid input." if profile.nil?
|
214
190
|
@target_profiles << profile if supports_profile?(profile)
|
215
191
|
end
|
@@ -300,22 +276,6 @@ module Inspec
|
|
300
276
|
examples.each { |e| @test_collector.add_test(e, rule) }
|
301
277
|
end
|
302
278
|
|
303
|
-
def validate_inputs_file_readability!(target)
|
304
|
-
unless File.exist?(target)
|
305
|
-
raise Inspec::Exceptions::InputsFileDoesNotExist,
|
306
|
-
"Cannot find input file '#{target}'. " \
|
307
|
-
'Check to make sure file exists.'
|
308
|
-
end
|
309
|
-
|
310
|
-
unless File.readable?(target)
|
311
|
-
raise Inspec::Exceptions::InputsFileNotReadable,
|
312
|
-
"Cannot read input file '#{target}'. " \
|
313
|
-
'Check to make sure file is readable.'
|
314
|
-
end
|
315
|
-
|
316
|
-
true
|
317
|
-
end
|
318
|
-
|
319
279
|
def rspec_skipped_block(arg, opts, message)
|
320
280
|
@test_collector.example_group(*arg, opts) do
|
321
281
|
# Send custom `it` block to RSpec
|
data/lib/inspec/version.rb
CHANGED
data/lib/resources/port.rb
CHANGED
@@ -569,6 +569,10 @@ module Inspec::Resources
|
|
569
569
|
# example: ::ffff:10.0.2.15:9200
|
570
570
|
host.delete!('::ffff:') if host.start_with?('::ffff:')
|
571
571
|
|
572
|
+
# To remove brackets that might surround the IPv6 address
|
573
|
+
# example: [::] and [fe80::dc11:b9b6:514b:134]%eth0:123
|
574
|
+
host = host.tr('[]', '')
|
575
|
+
|
572
576
|
# if there's an interface name in the local address, which is common for
|
573
577
|
# IPv6 listeners, strip that out too.
|
574
578
|
# example: fe80::a00:27ff:fe32:ed09%enp0s3
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.2.0.preview
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dominik Richter
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-04-
|
11
|
+
date: 2019-04-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: train
|
@@ -56,16 +56,22 @@ dependencies:
|
|
56
56
|
name: license-acceptance
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
|
-
- - "
|
59
|
+
- - ">="
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version:
|
61
|
+
version: 0.2.13
|
62
|
+
- - "<"
|
63
|
+
- !ruby/object:Gem::Version
|
64
|
+
version: '2.0'
|
62
65
|
type: :runtime
|
63
66
|
prerelease: false
|
64
67
|
version_requirements: !ruby/object:Gem::Requirement
|
65
68
|
requirements:
|
66
|
-
- - "
|
69
|
+
- - ">="
|
67
70
|
- !ruby/object:Gem::Version
|
68
|
-
version:
|
71
|
+
version: 0.2.13
|
72
|
+
- - "<"
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: '2.0'
|
69
75
|
- !ruby/object:Gem::Dependency
|
70
76
|
name: thor
|
71
77
|
requirement: !ruby/object:Gem::Requirement
|