inspec 4.10.4 → 4.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2be41b8620f4c1d6121a602f39c068ad59168ad95f2d15d0cd470ebba2ce249f
4
- data.tar.gz: 883c88f79780d101b26925c1a67c14b8ba36f18b2514e5974bd947ce7192cf39
3
+ metadata.gz: 72aac2ba7eb1565ecbbd18436e96c770151f5be68b3bcc8897db7a0baee22621
4
+ data.tar.gz: 2466be933623846f985f9b66e3a572d617f516274ad2dc7b81d048b2ebe2d104
5
5
  SHA512:
6
- metadata.gz: 61e4f19e37a19cc4492d890798a323f3f8c9127dc64e4e0469a92f7182b07dd1134d84ce87ba80d60940f40656378f215ee8a332fc1abf965585183e48b9c680
7
- data.tar.gz: 298f688326827ee7871d3379ff016be74e2ce710bddebd7eccba4866292519443d0f95f8e36bcb8dc5ec65f336d70d8752c7e5f9bf5ddf7490946f8733542897
6
+ metadata.gz: 269ccd7e103663bec2dd23058dc0481775b840f22a93a3cd81e8f8e0e5c774def3cd6ecaae12604f2c13fe6bcfd33864040acfa9a2ff3bf49e50c1111f5d7be9
7
+ data.tar.gz: 9f6b41d84be75a69cb1c405302f7c076f6192f16f506d8d4b958bf76e707057961a6ba692dadb528b39997140c1682ee9d2d328efd8d06f2249f104497c79b62
data/README.md CHANGED
@@ -327,13 +327,13 @@ Remote Targets
327
327
 
328
328
  In addition, runtime support is provided for:
329
329
 
330
- | Platform | Versions |
331
- | -------- | -------- |
332
- | Debian | 8, 9 |
333
- | RHEL | 6, 7 |
334
- | Ubuntu | 12.04+ |
335
- | Windows | 7+ |
336
- | Windows | 2012+ |
330
+ | Platform | Versions | Arch |
331
+ | -------- | -------- | ------ |
332
+ | Debian | 8, 9 | x86_64 |
333
+ | RHEL | 6, 7 | x86_64 |
334
+ | Ubuntu | 12.04+ | x86_64 |
335
+ | Windows | 7+ | x86_64 |
336
+ | Windows | 2012+ | x86_64 |
337
337
 
338
338
  ## Documentation
339
339
 
@@ -23,10 +23,11 @@ Gem::Specification.new do |spec|
23
23
 
24
24
  spec.required_ruby_version = ">= 2.4"
25
25
 
26
- spec.add_dependency "train", "~> 2.0" # Inspec 4 must have train 2+
26
+ spec.add_dependency "train", "~> 3.0" # Inspec 4 must have train 2+; 3+ if we include train-winrm
27
27
  # Train plugins we ship with InSpec
28
28
  spec.add_dependency "train-habitat", "~> 0.1"
29
29
  spec.add_dependency "train-aws", "~> 0.1"
30
+ spec.add_dependency "train-winrm", "~> 0.2" # Requires train 3+
30
31
 
31
32
  # Implementation dependencies
32
33
  spec.add_dependency "license-acceptance", ">= 0.2.13", "< 2.0"
@@ -1,6 +1,8 @@
1
1
  # copyright: 2015, Vulcano Security GmbH
2
2
 
3
3
  require "inspec/resource"
4
+ require "inspec/resources/platform"
5
+ require "inspec/resources/os"
4
6
 
5
7
  module Inspec::Resources
6
8
  class Cmd < Inspec.resource(1)
@@ -1,81 +1,83 @@
1
1
  require "openssl"
2
2
  require "inspec/utils/file_reader"
3
3
 
4
- class DhParams < Inspec.resource(1)
5
- name "dh_params"
6
- supports platform: "unix"
7
- desc '
8
- Use the `dh_params` InSpec audit resource to test Diffie-Hellman (DH)
9
- parameters.
10
- '
11
-
12
- example <<~EXAMPLE
13
- describe dh_params('/path/to/file.dh_pem') do
14
- it { should be_dh_params }
15
- it { should be_valid }
16
- its('generator') { should eq 2 }
17
- its('modulus') { should eq '00:91:a0:15:89:e5:bc:38:93:12:02:fc:...' }
18
- its('prime_length') { should eq 2048 }
19
- its('pem') { should eq '-----BEGIN DH PARAMETERS...' }
20
- its('text') { should eq 'PKCS#3 DH Parameters: (2048 bit)...' }
4
+ module Inspec::Resources
5
+ class DhParams < Inspec.resource(1)
6
+ name "dh_params"
7
+ supports platform: "unix"
8
+ desc '
9
+ Use the `dh_params` InSpec audit resource to test Diffie-Hellman (DH)
10
+ parameters.
11
+ '
12
+
13
+ example <<~EXAMPLE
14
+ describe dh_params('/path/to/file.dh_pem') do
15
+ it { should be_dh_params }
16
+ it { should be_valid }
17
+ its('generator') { should eq 2 }
18
+ its('modulus') { should eq '00:91:a0:15:89:e5:bc:38:93:12:02:fc:...' }
19
+ its('prime_length') { should eq 2048 }
20
+ its('pem') { should eq '-----BEGIN DH PARAMETERS...' }
21
+ its('text') { should eq 'PKCS#3 DH Parameters: (2048 bit)...' }
22
+ end
23
+ EXAMPLE
24
+
25
+ include FileReader
26
+
27
+ def initialize(filename)
28
+ @dh_params_path = filename
29
+ @dh_params = OpenSSL::PKey::DH.new read_file_content(@dh_params_path)
21
30
  end
22
- EXAMPLE
23
31
 
24
- include FileReader
25
-
26
- def initialize(filename)
27
- @dh_params_path = filename
28
- @dh_params = OpenSSL::PKey::DH.new read_file_content(@dh_params_path)
29
- end
30
-
31
- # it { should be_dh_params }
32
- def dh_params?
33
- !@dh_params.nil?
34
- end
32
+ # it { should be_dh_params }
33
+ def dh_params?
34
+ !@dh_params.nil?
35
+ end
35
36
 
36
- # its('generator') { should eq 2 }
37
- def generator
38
- return if @dh_params.nil?
37
+ # its('generator') { should eq 2 }
38
+ def generator
39
+ return if @dh_params.nil?
39
40
 
40
- @dh_params.g.to_i
41
- end
41
+ @dh_params.g.to_i
42
+ end
42
43
 
43
- # its('modulus') { should eq '00:91:a0:15:89:e5:bc:38:93:12:02:fc:...' }
44
- def modulus
45
- return if @dh_params.nil?
44
+ # its('modulus') { should eq '00:91:a0:15:89:e5:bc:38:93:12:02:fc:...' }
45
+ def modulus
46
+ return if @dh_params.nil?
46
47
 
47
- "00:" + @dh_params.p.to_s(16).downcase.scan(/.{2}/).join(":")
48
- end
48
+ "00:" + @dh_params.p.to_s(16).downcase.scan(/.{2}/).join(":")
49
+ end
49
50
 
50
- # its('pem') { should eq '-----BEGIN DH PARAMETERS...' }
51
- def pem
52
- return if @dh_params.nil?
51
+ # its('pem') { should eq '-----BEGIN DH PARAMETERS...' }
52
+ def pem
53
+ return if @dh_params.nil?
53
54
 
54
- @dh_params.to_pem
55
- end
55
+ @dh_params.to_pem
56
+ end
56
57
 
57
- # its('prime_length') { should be 2048 }
58
- def prime_length
59
- return if @dh_params.nil?
58
+ # its('prime_length') { should be 2048 }
59
+ def prime_length
60
+ return if @dh_params.nil?
60
61
 
61
- @dh_params.p.num_bits
62
- end
62
+ @dh_params.p.num_bits
63
+ end
63
64
 
64
- # its('text') { should eq 'human-readable-text' }
65
- def text
66
- return if @dh_params.nil?
65
+ # its('text') { should eq 'human-readable-text' }
66
+ def text
67
+ return if @dh_params.nil?
67
68
 
68
- @dh_params.to_text
69
- end
69
+ @dh_params.to_text
70
+ end
70
71
 
71
- # it { should be_valid }
72
- def valid?
73
- return if @dh_params.nil?
72
+ # it { should be_valid }
73
+ def valid?
74
+ return if @dh_params.nil?
74
75
 
75
- @dh_params.params_ok?
76
- end
76
+ @dh_params.params_ok?
77
+ end
77
78
 
78
- def to_s
79
- "dh_params #{@dh_params_path}"
79
+ def to_s
80
+ "dh_params #{@dh_params_path}"
81
+ end
80
82
  end
81
83
  end
@@ -1,62 +1,64 @@
1
1
  require "inspec/utils/parser"
2
2
  require "inspec/utils/file_reader"
3
3
 
4
- class EtcHosts < Inspec.resource(1)
5
- name "etc_hosts"
6
- supports platform: "linux"
7
- supports platform: "bsd"
8
- supports platform: "windows"
9
- desc 'Use the etc_hosts InSpec audit resource to find an
10
- ip_address and its associated hosts'
11
- example <<~EXAMPLE
12
- describe etc_hosts.where { ip_address == '127.0.0.1' } do
13
- its('ip_address') { should cmp '127.0.0.1' }
14
- its('primary_name') { should cmp 'localhost' }
15
- its('all_host_names') { should eq [['localhost', 'localhost.localdomain', 'localhost4', 'localhost4.localdomain4']] }
16
- end
17
- EXAMPLE
4
+ module Inspec::Resources
5
+ class EtcHosts < Inspec.resource(1)
6
+ name "etc_hosts"
7
+ supports platform: "linux"
8
+ supports platform: "bsd"
9
+ supports platform: "windows"
10
+ desc 'Use the etc_hosts InSpec audit resource to find an
11
+ ip_address and its associated hosts'
12
+ example <<~EXAMPLE
13
+ describe etc_hosts.where { ip_address == '127.0.0.1' } do
14
+ its('ip_address') { should cmp '127.0.0.1' }
15
+ its('primary_name') { should cmp 'localhost' }
16
+ its('all_host_names') { should eq [['localhost', 'localhost.localdomain', 'localhost4', 'localhost4.localdomain4']] }
17
+ end
18
+ EXAMPLE
18
19
 
19
- attr_reader :params
20
+ attr_reader :params
20
21
 
21
- include CommentParser
22
- include FileReader
22
+ include CommentParser
23
+ include FileReader
23
24
 
24
- DEFAULT_UNIX_PATH = "/etc/hosts".freeze
25
- DEFAULT_WINDOWS_PATH = 'C:\windows\system32\drivers\etc\hosts'.freeze
25
+ DEFAULT_UNIX_PATH = "/etc/hosts".freeze
26
+ DEFAULT_WINDOWS_PATH = 'C:\windows\system32\drivers\etc\hosts'.freeze
26
27
 
27
- def initialize(hosts_path = nil)
28
- content = read_file_content(hosts_path || default_hosts_file_path)
28
+ def initialize(hosts_path = nil)
29
+ content = read_file_content(hosts_path || default_hosts_file_path)
29
30
 
30
- @params = parse_conf(content.lines)
31
- end
31
+ @params = parse_conf(content.lines)
32
+ end
32
33
 
33
- FilterTable.create
34
- .register_column(:ip_address, field: "ip_address")
35
- .register_column(:primary_name, field: "primary_name")
36
- .register_column(:all_host_names, field: "all_host_names")
37
- .install_filter_methods_on_resource(self, :params)
34
+ FilterTable.create
35
+ .register_column(:ip_address, field: "ip_address")
36
+ .register_column(:primary_name, field: "primary_name")
37
+ .register_column(:all_host_names, field: "all_host_names")
38
+ .install_filter_methods_on_resource(self, :params)
38
39
 
39
- private
40
+ private
40
41
 
41
- def default_hosts_file_path
42
- inspec.os.windows? ? DEFAULT_WINDOWS_PATH : DEFAULT_UNIX_PATH
43
- end
42
+ def default_hosts_file_path
43
+ inspec.os.windows? ? DEFAULT_WINDOWS_PATH : DEFAULT_UNIX_PATH
44
+ end
44
45
 
45
- def parse_conf(lines)
46
- lines.reject(&:empty?).reject(&comment?).map(&parse_data).map(&format_data)
47
- end
46
+ def parse_conf(lines)
47
+ lines.reject(&:empty?).reject(&comment?).map(&parse_data).map(&format_data)
48
+ end
48
49
 
49
- def comment?
50
- parse_options = { comment_char: "#", standalone_comments: false }
50
+ def comment?
51
+ parse_options = { comment_char: "#", standalone_comments: false }
51
52
 
52
- ->(data) { parse_comment_line(data, parse_options).first.empty? }
53
- end
53
+ ->(data) { parse_comment_line(data, parse_options).first.empty? }
54
+ end
54
55
 
55
- def parse_data
56
- ->(data) { [data.split[0], data.split[1], data.split[1..-1]] }
57
- end
56
+ def parse_data
57
+ ->(data) { [data.split[0], data.split[1], data.split[1..-1]] }
58
+ end
58
59
 
59
- def format_data
60
- ->(data) { %w{ip_address primary_name all_host_names}.zip(data).to_h }
60
+ def format_data
61
+ ->(data) { %w{ip_address primary_name all_host_names}.zip(data).to_h }
62
+ end
61
63
  end
62
64
  end
@@ -164,22 +164,40 @@ module Inspec::Resources
164
164
  # OSX uses opendirectory for groups, so `/etc/group` may not be fully accurate
165
165
  # This uses `dscacheutil` to get the group info instead of `etc_group`
166
166
  class DarwinGroup < GroupInfo
167
+ def runmap(cmd, &blk)
168
+ hashmap(inspec.command(cmd).stdout.lines, &blk)
169
+ end
170
+
171
+ def hashmap(enum, &blk)
172
+ enum.map(&blk).to_h
173
+ end
174
+
167
175
  def groups
168
- group_info = inspec.command("dscacheutil -q group").stdout.split("\n\n")
176
+ group_by_id = runmap("dscl . -list /Groups PrimaryGroupID") { |l| name, id = l.split; [id.to_i, name] }
177
+ userss = runmap("dscl . -list /Users PrimaryGroupID") { |l| name, id = l.split; [name, id.to_i] }
178
+ membership = runmap("dscl . -list /Groups GroupMembership") { |l| key, *vs = l.split; [key, vs] }
179
+ membership.default_proc = ->(h, k) { h[k] = [] }
180
+
181
+ users_by_group = hashmap(userss.keys.group_by { |k| userss[k] }) { |k, vs| [group_by_id[k], vs] }
182
+ users_by_group.each do |name, users|
183
+ membership[name].concat users
184
+ end
185
+
186
+ group_info = inspec.command("dscacheutil -q group").stdout.split("\n\n").uniq
169
187
 
170
- groups = []
171
188
  regex = /^([^:]*?)\s*:\s(.*?)\s*$/
172
- group_info.each do |data|
173
- groups << inspec.parse_config(data, assignment_regex: regex).params
189
+ groups = group_info.map do |data|
190
+ inspec.parse_config(data, assignment_regex: regex).params
174
191
  end
175
192
 
176
193
  # Convert the `dscacheutil` groups to match `inspec.etc_group.entries`
177
194
  groups.each { |g| g["gid"] = g["gid"].to_i }
178
195
  groups.each do |g|
179
- next if g["users"].nil?
180
-
181
- g["members"] = g.delete("users")
182
- g["members"].tr!(" ", ",")
196
+ users = g.delete("users") || ""
197
+ users = users.split
198
+ users += Array(users_by_group[g["name"]])
199
+ g["members"] = users
200
+ g["members"].sort.join ","
183
201
  end
184
202
  end
185
203
  end
@@ -1,228 +1,230 @@
1
1
  require "inspec/utils/simpleconfig"
2
2
  require "inspec/utils/file_reader"
3
3
 
4
- class GrubConfig < Inspec.resource(1)
5
- name "grub_conf"
6
- supports platform: "unix"
7
- desc "Use the grub_conf InSpec audit resource to test the boot config of Linux systems that use Grub."
8
- example <<~EXAMPLE
9
- describe grub_conf('/etc/grub.conf', 'default') do
10
- its('kernel') { should include '/vmlinuz-2.6.32-573.7.1.el6.x86_64' }
11
- its('initrd') { should include '/initramfs-2.6.32-573.el6.x86_64.img=1' }
12
- its('default') { should_not eq '1' }
13
- its('timeout') { should eq '5' }
14
- end
4
+ module Inspec::Resources
5
+ class GrubConfig < Inspec.resource(1)
6
+ name "grub_conf"
7
+ supports platform: "unix"
8
+ desc "Use the grub_conf InSpec audit resource to test the boot config of Linux systems that use Grub."
9
+ example <<~EXAMPLE
10
+ describe grub_conf('/etc/grub.conf', 'default') do
11
+ its('kernel') { should include '/vmlinuz-2.6.32-573.7.1.el6.x86_64' }
12
+ its('initrd') { should include '/initramfs-2.6.32-573.el6.x86_64.img=1' }
13
+ its('default') { should_not eq '1' }
14
+ its('timeout') { should eq '5' }
15
+ end
15
16
 
16
- also check specific kernels
17
- describe grub_conf('/etc/grub.conf', 'CentOS (2.6.32-573.12.1.el6.x86_64)') do
18
- its('kernel') { should include 'audit=1' }
19
- end
20
- EXAMPLE
17
+ also check specific kernels
18
+ describe grub_conf('/etc/grub.conf', 'CentOS (2.6.32-573.12.1.el6.x86_64)') do
19
+ its('kernel') { should include 'audit=1' }
20
+ end
21
+ EXAMPLE
21
22
 
22
- include FileReader
23
+ include FileReader
23
24
 
24
- class UnknownGrubConfig < StandardError; end
25
+ class UnknownGrubConfig < StandardError; end
25
26
 
26
- def initialize(path = nil, kernel = nil)
27
- config_for_platform(path)
28
- @content = read_file(@conf_path)
29
- @kernel = kernel || "default"
30
- rescue UnknownGrubConfig
31
- skip_resource "The `grub_config` resource is not supported on your OS yet."
32
- end
27
+ def initialize(path = nil, kernel = nil)
28
+ config_for_platform(path)
29
+ @content = read_file(@conf_path)
30
+ @kernel = kernel || "default"
31
+ rescue UnknownGrubConfig
32
+ skip_resource "The `grub_config` resource is not supported on your OS yet."
33
+ end
33
34
 
34
- def config_for_platform(path)
35
- os = inspec.os
36
- if os.redhat? || os[:name] == "fedora"
37
- config_for_redhatish(path)
38
- elsif os.debian?
39
- @conf_path = path || "/boot/grub/grub.cfg"
40
- @defaults_path = "/etc/default/grub"
41
- @grubenv_path = "/boot/grub2/grubenv"
42
- @version = "grub2"
43
- elsif os[:name] == "amazon"
44
- @conf_path = path || "/etc/grub.conf"
45
- @version = "legacy"
46
- else
47
- raise UnknownGrubConfig
35
+ def config_for_platform(path)
36
+ os = inspec.os
37
+ if os.redhat? || os[:name] == "fedora"
38
+ config_for_redhatish(path)
39
+ elsif os.debian?
40
+ @conf_path = path || "/boot/grub/grub.cfg"
41
+ @defaults_path = "/etc/default/grub"
42
+ @grubenv_path = "/boot/grub2/grubenv"
43
+ @version = "grub2"
44
+ elsif os[:name] == "amazon"
45
+ @conf_path = path || "/etc/grub.conf"
46
+ @version = "legacy"
47
+ else
48
+ raise UnknownGrubConfig
49
+ end
48
50
  end
49
- end
50
51
 
51
- def config_for_redhatish(path)
52
- if inspec.os[:release].to_f < 7
53
- @conf_path = path || "/etc/grub.conf"
54
- @version = "legacy"
55
- else
56
- @conf_path = path || "/boot/grub2/grub.cfg"
57
- @defaults_path = "/etc/default/grub"
58
- @grubenv_path = "/boot/grub2/grubenv"
59
- @version = "grub2"
52
+ def config_for_redhatish(path)
53
+ if inspec.os[:release].to_f < 7
54
+ @conf_path = path || "/etc/grub.conf"
55
+ @version = "legacy"
56
+ else
57
+ @conf_path = path || "/boot/grub2/grub.cfg"
58
+ @defaults_path = "/etc/default/grub"
59
+ @grubenv_path = "/boot/grub2/grubenv"
60
+ @version = "grub2"
61
+ end
60
62
  end
61
- end
62
63
 
63
- def method_missing(name)
64
- read_params[name.to_s]
65
- end
64
+ def method_missing(name)
65
+ read_params[name.to_s]
66
+ end
66
67
 
67
- def to_s
68
- "Grub Config"
69
- end
68
+ def to_s
69
+ "Grub Config"
70
+ end
70
71
 
71
- private
72
+ private
72
73
 
73
- ######################################################################
74
- # Grub2 This is used by all supported versions of Ubuntu and Rhel 7+ #
75
- ######################################################################
74
+ ######################################################################
75
+ # Grub2 This is used by all supported versions of Ubuntu and Rhel 7+ #
76
+ ######################################################################
76
77
 
77
- def grub2_parse_kernel_lines(content, conf)
78
- menu_entries = extract_menu_entries(content)
78
+ def grub2_parse_kernel_lines(content, conf)
79
+ menu_entries = extract_menu_entries(content)
79
80
 
80
- if @kernel == "default"
81
- default_menu_entry(menu_entries, conf["GRUB_DEFAULT"])
82
- else
83
- menu_entries.find { |entry| entry["name"] == @kernel }
81
+ if @kernel == "default"
82
+ default_menu_entry(menu_entries, conf["GRUB_DEFAULT"])
83
+ else
84
+ menu_entries.find { |entry| entry["name"] == @kernel }
85
+ end
84
86
  end
85
- end
86
87
 
87
- def extract_menu_entries(content)
88
- menu_entries = []
88
+ def extract_menu_entries(content)
89
+ menu_entries = []
89
90
 
90
- lines = content.split("\n")
91
- lines.each_with_index do |line, index|
92
- next unless line =~ /^menuentry\s+.*/
91
+ lines = content.split("\n")
92
+ lines.each_with_index do |line, index|
93
+ next unless line =~ /^menuentry\s+.*/
93
94
 
94
- entry = {}
95
- entry["insmod"] = []
95
+ entry = {}
96
+ entry["insmod"] = []
96
97
 
97
- # Extract name from menuentry line
98
- capture_data = line.match(/(?:^|\s+).*menuentry\s*['|"](.*)['|"]\s*--/)
99
- if capture_data.nil? || capture_data.captures[0].nil?
100
- raise Inspec::Exceptions::ResourceFailed "Failed to extract menuentry name from #{line}"
101
- end
98
+ # Extract name from menuentry line
99
+ capture_data = line.match(/(?:^|\s+).*menuentry\s*['|"](.*)['|"]\s*--/)
100
+ if capture_data.nil? || capture_data.captures[0].nil?
101
+ raise Inspec::Exceptions::ResourceFailed "Failed to extract menuentry name from #{line}"
102
+ end
102
103
 
103
- entry["name"] = capture_data.captures[0]
104
-
105
- # Begin processing from index forward until a `}` line is met
106
- lines.drop(index + 1).each do |mline|
107
- break if mline =~ /^\s*}\s*$/
108
-
109
- case mline
110
- when /(?:^|\s*)initrd.*/
111
- entry["initrd"] = mline.split(" ")[1]
112
- when /(?:^|\s*)linux.*/
113
- entry["kernel"] = mline.split
114
- when /(?:^|\s*)set root=.*/
115
- entry["root"] = mline.split("=")[1].tr("'", "")
116
- when /(?:^|\s*)insmod.*/
117
- entry["insmod"] << mline.split(" ")[1]
104
+ entry["name"] = capture_data.captures[0]
105
+
106
+ # Begin processing from index forward until a `}` line is met
107
+ lines.drop(index + 1).each do |mline|
108
+ break if mline =~ /^\s*}\s*$/
109
+
110
+ case mline
111
+ when /(?:^|\s*)initrd.*/
112
+ entry["initrd"] = mline.split(" ")[1]
113
+ when /(?:^|\s*)linux.*/
114
+ entry["kernel"] = mline.split
115
+ when /(?:^|\s*)set root=.*/
116
+ entry["root"] = mline.split("=")[1].tr("'", "")
117
+ when /(?:^|\s*)insmod.*/
118
+ entry["insmod"] << mline.split(" ")[1]
119
+ end
118
120
  end
121
+
122
+ menu_entries << entry
119
123
  end
120
124
 
121
- menu_entries << entry
125
+ menu_entries
122
126
  end
123
127
 
124
- menu_entries
125
- end
126
-
127
- def default_menu_entry(menu_entries, default)
128
- # If the default entry isn't `saved` then a number is used as an index.
129
- # By default this is `0`, which would be the first item in the list.
130
- return menu_entries[default.to_i] unless default == "saved"
128
+ def default_menu_entry(menu_entries, default)
129
+ # If the default entry isn't `saved` then a number is used as an index.
130
+ # By default this is `0`, which would be the first item in the list.
131
+ return menu_entries[default.to_i] unless default == "saved"
131
132
 
132
- grubenv_contents = inspec.file(@grubenv_path).content
133
+ grubenv_contents = inspec.file(@grubenv_path).content
133
134
 
134
- # The location of the grubenv file is not guaranteed. In the case that
135
- # the file does not exist this will return the 0th entry. This will also
136
- # return the 0th entry if InSpec lacks permission to read the file. Both
137
- # of these reflect the default Grub2 behavior.
138
- return menu_entries[0] if grubenv_contents.nil?
135
+ # The location of the grubenv file is not guaranteed. In the case that
136
+ # the file does not exist this will return the 0th entry. This will also
137
+ # return the 0th entry if InSpec lacks permission to read the file. Both
138
+ # of these reflect the default Grub2 behavior.
139
+ return menu_entries[0] if grubenv_contents.nil?
139
140
 
140
- default_name = SimpleConfig.new(grubenv_contents).params["saved_entry"]
141
- default_entry = menu_entries.select { |k| k["name"] == default_name }[0]
142
- return default_entry unless default_entry.nil?
141
+ default_name = SimpleConfig.new(grubenv_contents).params["saved_entry"]
142
+ default_entry = menu_entries.select { |k| k["name"] == default_name }[0]
143
+ return default_entry unless default_entry.nil?
143
144
 
144
- # It is possible for the saved entry to not be valid . For example, grubenv
145
- # not being up to date. If so, the 0th entry is the default.
146
- menu_entries[0]
147
- end
145
+ # It is possible for the saved entry to not be valid . For example, grubenv
146
+ # not being up to date. If so, the 0th entry is the default.
147
+ menu_entries[0]
148
+ end
148
149
 
149
- ###################################################################
150
- # Grub1 aka legacy-grub config. Primarily used by Centos/Rhel 6.x #
151
- ###################################################################
152
-
153
- def parse_kernel_lines(content, conf)
154
- # Find all "title" lines and then parse them into arrays
155
- menu_entry = 0
156
- lines = content.split("\n")
157
- kernel_opts = {}
158
- lines.each_with_index do |file_line, index|
159
- next unless file_line =~ /^title.*/
160
-
161
- current_kernel = file_line.split(" ", 2)[1]
162
- lines.drop(index + 1).each do |kernel_line|
163
- if kernel_line =~ /^\s.*/
164
- option_type = kernel_line.split(" ")[0]
165
- line_options = kernel_line.split(" ").drop(1)
166
- if (menu_entry == conf["default"].to_i && @kernel == "default") || current_kernel == @kernel
167
- if option_type == "kernel"
168
- kernel_opts["kernel"] = line_options
169
- else
170
- kernel_opts[option_type] = line_options[0]
150
+ ###################################################################
151
+ # Grub1 aka legacy-grub config. Primarily used by Centos/Rhel 6.x #
152
+ ###################################################################
153
+
154
+ def parse_kernel_lines(content, conf)
155
+ # Find all "title" lines and then parse them into arrays
156
+ menu_entry = 0
157
+ lines = content.split("\n")
158
+ kernel_opts = {}
159
+ lines.each_with_index do |file_line, index|
160
+ next unless file_line =~ /^title.*/
161
+
162
+ current_kernel = file_line.split(" ", 2)[1]
163
+ lines.drop(index + 1).each do |kernel_line|
164
+ if kernel_line =~ /^\s.*/
165
+ option_type = kernel_line.split(" ")[0]
166
+ line_options = kernel_line.split(" ").drop(1)
167
+ if (menu_entry == conf["default"].to_i && @kernel == "default") || current_kernel == @kernel
168
+ if option_type == "kernel"
169
+ kernel_opts["kernel"] = line_options
170
+ else
171
+ kernel_opts[option_type] = line_options[0]
172
+ end
171
173
  end
174
+ else
175
+ menu_entry += 1
176
+ break
172
177
  end
173
- else
174
- menu_entry += 1
175
- break
176
178
  end
177
179
  end
180
+ kernel_opts
178
181
  end
179
- kernel_opts
180
- end
181
182
 
182
- def read_file(config_file)
183
- read_file_content(config_file)
184
- end
183
+ def read_file(config_file)
184
+ read_file_content(config_file)
185
+ end
185
186
 
186
- def read_params
187
- return @params if defined?(@params)
188
-
189
- content = read_file(@conf_path)
190
-
191
- if @version == "legacy"
192
- # parse the file
193
- conf = SimpleConfig.new(
194
- content,
195
- multiple_values: true
196
- ).params
197
- # convert single entry arrays into strings
198
- conf.each do |key, value|
199
- if value.size == 1
200
- conf[key] = conf[key][0].to_s
187
+ def read_params
188
+ return @params if defined?(@params)
189
+
190
+ content = read_file(@conf_path)
191
+
192
+ if @version == "legacy"
193
+ # parse the file
194
+ conf = SimpleConfig.new(
195
+ content,
196
+ multiple_values: true
197
+ ).params
198
+ # convert single entry arrays into strings
199
+ conf.each do |key, value|
200
+ if value.size == 1
201
+ conf[key] = conf[key][0].to_s
202
+ end
201
203
  end
204
+ kernel_opts = parse_kernel_lines(content, conf)
205
+ @params = conf.merge(kernel_opts)
202
206
  end
203
- kernel_opts = parse_kernel_lines(content, conf)
204
- @params = conf.merge(kernel_opts)
205
- end
206
207
 
207
- if @version == "grub2"
208
- # read defaults
209
- defaults = read_file(@defaults_path)
208
+ if @version == "grub2"
209
+ # read defaults
210
+ defaults = read_file(@defaults_path)
210
211
 
211
- conf = SimpleConfig.new(
212
- defaults,
213
- multiple_values: true
214
- ).params
212
+ conf = SimpleConfig.new(
213
+ defaults,
214
+ multiple_values: true
215
+ ).params
215
216
 
216
- # convert single entry arrays into strings
217
- conf.each do |key, value|
218
- if value.size == 1
219
- conf[key] = conf[key][0].to_s
217
+ # convert single entry arrays into strings
218
+ conf.each do |key, value|
219
+ if value.size == 1
220
+ conf[key] = conf[key][0].to_s
221
+ end
220
222
  end
221
- end
222
223
 
223
- kernel_opts = grub2_parse_kernel_lines(content, conf)
224
- @params = conf.merge(kernel_opts)
224
+ kernel_opts = grub2_parse_kernel_lines(content, conf)
225
+ @params = conf.merge(kernel_opts)
226
+ end
227
+ @params
225
228
  end
226
- @params
227
229
  end
228
230
  end