inspec 4.16.0 → 4.17.7

data/lib/inspec/plugin/v1/plugin_types/resource.rb

@@ -31,8 +31,10 @@ module Inspec
     def supports(criteria = nil)
       return if criteria.nil?
 
-      Inspec::Resource.supports[@name] ||= []
-      Inspec::Resource.supports[@name].push(criteria)
+      key = @name.to_sym
+
+      Inspec::Resource.supports[key] ||= []
+      Inspec::Resource.supports[key].push(criteria)
     end
 
     def example(example = nil)
@@ -80,14 +82,22 @@ module Inspec
         def initialize(backend, name, *args)
           @resource_skipped = false
           @resource_failed = false
-          @supports = Inspec::Resource.supports[name]
+          @supports = Inspec::Resource.supports[name.to_sym]
           @resource_exception_message = nil
 
           # attach the backend to this instance
           @__backend_runner__ = backend
           @__resource_name__ = name
 
-          check_supports unless @supports.nil? # this has side effects
+          # check resource supports
+          supported = @supports ? check_supports : true # check_supports has side effects!
+          test_backend = defined?(Train::Transports::Mock::Connection) && backend.backend.class == Train::Transports::Mock::Connection
+          # raise unless we are supported or in test
+          unless supported || test_backend
+            msg = "Unsupported resource/backend combination: %s / %s. Exiting." %
+              [name, backend.platform.name]
+            raise ArgumentError, msg
+          end
 
           # call the resource initializer
           begin
@@ -116,6 +126,7 @@ module Inspec
         end
 
         def check_supports
+          require "inspec/resources/platform"
           status = inspec.platform.supported?(@supports)
           fail_msg = "Resource `#{@__resource_name__}` is not supported on platform #{inspec.platform.name}/#{inspec.platform.release}."
           fail_resource(fail_msg) unless status
@@ -157,7 +168,7 @@ module Inspec
   end
 
   module Plugins
-    class Resource
+    class Resource # TODO: possibly push up to inspec/resource.rb
       extend Inspec::ResourceDSL
       include Inspec::ResourceBehaviors
     end

data/lib/inspec/plugin/v2/activator.rb

@@ -3,21 +3,17 @@ module Inspec::Plugin::V2
     :plugin_name,
     :plugin_type,
     :activator_name,
-    :activated?,
+    :activated,
     :exception,
     :activation_proc,
     :implementation_class
   ) do
     def initialize(*)
       super
-      self[:'activated?'] = false
+      self[:activated] = false
     end
 
-    def activated?(new_value = nil)
-      return self[:activated?] if new_value.nil?
-
-      self[:activated?] = new_value
-    end
+    alias activated? activated
 
     # Load a plugin, but if an error is encountered, store it and continue
     def activate
@@ -26,7 +22,7 @@ module Inspec::Plugin::V2
       # rubocop: disable Lint/RescueException
       begin
         impl_class = self[:activation_proc].call
-        self[:activated?] = true
+        self.activated = true
         self[:implementation_class] = impl_class
       rescue Exception => ex
         self[:exception] = ex

data/lib/inspec/plugin/v2/loader.rb

@@ -1,4 +1,5 @@
 require "inspec/log"
+require "inspec/version"
 require "inspec/plugin/v2/config_file"
 require "inspec/plugin/v2/filter"
 
@@ -123,7 +124,9 @@ module Inspec::Plugin::V2
       require "rbconfig"
       ruby_abi_version = RbConfig::CONFIG["ruby_version"]
       # TODO: why are we installing under the api directory for plugins?
-      File.join(Inspec.config_dir, "gems", ruby_abi_version)
+      base_dir = Inspec.config_dir
+      base_dir = File.realpath base_dir if File.exist? base_dir
+      File.join(base_dir, "gems", ruby_abi_version)
     end
 
     # Lists all gems found in the plugin_gem_path.
@@ -201,7 +204,7 @@ module Inspec::Plugin::V2
       status = registry[plugin_name]
       status.api_generation = 0
       act = Activator.new
-      act.activated?(true)
+      act.activated = true
       act.plugin_type = :cli_command
       act.plugin_name = plugin_name
       act.activator_name = :default
@@ -272,9 +275,22 @@ module Inspec::Plugin::V2
       end
     end
 
+    def find_inspec_gemspec(name, ver)
+      Gem::Specification.find_by_name(name, ver)
+    rescue Gem::MissingSpecError
+      nil
+    end
+
     def detect_system_plugins
       # Find the gemspec for inspec
-      inspec_gemspec = Gem::Specification.find_by_name("inspec", "=#{Inspec::VERSION}")
+      inspec_gemspec =
+        find_inspec_gemspec("inspec",      "=#{Inspec::VERSION}") ||
+        find_inspec_gemspec("inspec-core", "=#{Inspec::VERSION}")
+
+      unless inspec_gemspec
+        Inspec::Log.warn "inspec gem not found, skipping detecting of system plugins"
+        return
+      end
 
       # Make a RequestSet that represents the dependencies of inspec
       inspec_deps_request_set = Gem::RequestSet.new(*inspec_gemspec.dependencies)

data/lib/inspec/profile.rb

@@ -68,7 +68,7 @@ module Inspec
     end
 
     def self.for_target(target, opts = {})
-      opts[:vendor_cache] = opts[:vendor_cache] || Cache.new
+      opts[:vendor_cache] ||= Cache.new
       fetcher = resolve_target(target, opts[:vendor_cache])
       for_fetcher(fetcher, opts)
     end

data/lib/inspec/profile_context.rb

@@ -5,7 +5,7 @@ require "inspec/library_eval_context"
 require "inspec/control_eval_context"
 require "inspec/require_loader"
 require "securerandom"
-require "inspec/objects/input"
+require "inspec/input_registry"
 
 module Inspec
   class ProfileContext

data/lib/inspec/reporters/json.rb

@@ -1,6 +1,7 @@
 require "json"
 
 module Inspec::Reporters
+  # rubocop:disable Layout/AlignHash, Style/BlockDelimiters
   class Json < Base
     def render
       output(report.to_json, false)
@@ -20,112 +21,93 @@ module Inspec::Reporters
     private
 
     def platform
-      platform = {
-        name: run_data[:platform][:name],
-        release: run_data[:platform][:release],
-      }
-      platform[:target_id] = @config["target_id"] if @config["target_id"]
-      platform
+      {
+        name:      run_data[:platform][:name],
+        release:   run_data[:platform][:release],
+        target_id: @config["target_id"],
+      }.reject { |_k, v| v.nil? }
     end
 
     def profile_results(control)
-      results = []
-      return results if control[:results].nil?
+      (control[:results] || []).map { |r|
+        {
+          status:       r[:status],
+          code_desc:    r[:code_desc],
+          run_time:     r[:run_time],
+          start_time:   r[:start_time],
+          resource:     r[:resource],
+          skip_message: r[:skip_message],
+          message:      r[:message],
+          exception:    r[:exception],
+          backtrace:    r[:backtrace],
+          waiver_data:  r[:waiver_data],
+        }.reject { |_k, v| v.nil? }
+      }
+    end
 
-      control[:results].each do |r|
-        result = {
-          status: r[:status],
-          code_desc: r[:code_desc],
-          run_time: r[:run_time],
-          start_time: r[:start_time],
-        }
-        result[:resource] = r[:resource] if r[:resource]
-        result[:skip_message] = r[:skip_message] if r[:skip_message]
-        result[:message] = r[:message] if r[:message]
-        result[:exception] = r[:exception] if r[:exception]
-        result[:backtrace] = r[:backtrace] if r[:backtrace]
+    def profiles
+      run_data[:profiles].map { |p|
+        {
+          name:            p[:name],
+          version:         p[:version],
+          sha256:          p[:sha256],
+          title:           p[:title],
+          maintainer:      p[:maintainer],
+          summary:         p[:summary],
+          license:         p[:license],
+          copyright:       p[:copyright],
+          copyright_email: p[:copyright_email],
+          supports:        p[:supports],
+          # TODO: rename exposed field to inputs, see #3802:
+          attributes:      (p[:inputs] || p[:attributes]),
+          parent_profile:  p[:parent_profile],
+          depends:         p[:depends],
+          groups:          profile_groups(p),
+          controls:        profile_controls(p),
+          status:          p[:status],
+          skip_message:    p[:skip_message],
+          waiver_data:     p[:waiver_data],
+        }.reject { |_k, v| v.nil? }
+      }
+    end
 
-        results << result
-      end
-      results
+    def profile_groups(profile)
+      (profile[:groups] || []).map { |g|
+        {
+          id: g[:id],
+          controls: g[:controls],
+          title: g[:title],
+        }.reject { |_k, v| v.nil? }
+      }
     end
 
     def profile_controls(profile)
-      controls = []
-      return controls if profile[:controls].nil?
-
-      profile[:controls].each do |c|
-        control = {
-          id: c[:id],
-          title: c[:title],
-          desc: c.dig(:descriptions, :default),
+      (profile[:controls] || []).map { |c|
+        {
+          id:     c[:id],
+          title:  c[:title],
+          desc:   c.dig(:descriptions, :default),
           descriptions: convert_descriptions(c[:descriptions]),
           impact: c[:impact],
-          refs: c[:refs],
-          tags: c[:tags],
-          code: c[:code],
+          refs:   c[:refs],
+          tags:   c[:tags],
+          code:   c[:code],
           source_location: {
             line: c[:source_location][:line],
-            ref: c[:source_location][:ref],
+            ref:  c[:source_location][:ref],
           },
           results: profile_results(c),
         }
-        controls << control
-      end
-      controls
-    end
-
-    def profile_groups(profile)
-      groups = []
-      return groups if profile[:groups].nil?
-
-      profile[:groups].each do |g|
-        group = {
-          id: g[:id],
-          controls: g[:controls],
-        }
-        group[:title] = g[:title] if g[:title]
-
-        groups << group
-      end
-      groups
-    end
-
-    def profiles
-      profiles = []
-      run_data[:profiles].each do |p|
-        profile = {
-          name: p[:name],
-          version: p[:version],
-          sha256: p[:sha256],
-          title: p[:title],
-          maintainer: p[:maintainer],
-          summary: p[:summary],
-          license: p[:license],
-          copyright: p[:copyright],
-          copyright_email: p[:copyright_email],
-          supports: p[:supports],
-          attributes: (p[:inputs] ? p[:inputs] : p[:attributes]), # TODO: rename exposed field to inputs, see #3802
-          parent_profile: p[:parent_profile],
-          depends: p[:depends],
-          groups: profile_groups(p),
-          controls: profile_controls(p),
-          status: p[:status],
-          skip_message: p[:skip_message],
-        }
-        profiles << profile.reject { |_k, v| v.nil? }
-      end
-      profiles
+      }
     end
 
     def convert_descriptions(data)
-      return [] if data.nil?
-
-      results = []
-      data.each do |label, text|
-        results.push({ label: label.to_s, data: text })
-      end
-      results
+      (data || []).map { |label, text|
+        {
+          label: label.to_s,
+          data:  text,
+        }
+      }
     end
   end
 end

data/lib/inspec/resource.rb

@@ -74,6 +74,7 @@ module Inspec
   # @return [Resource] base class for creating a new resource
   def self.resource(version)
     validate_resource_dsl_version!(version)
+    require "inspec/plugin/v1/plugin_types/resource"
     Inspec::Plugins::Resource
   end
 

data/lib/inspec/resources.rb

@@ -1,11 +1,18 @@
+##
+# Now that resources are lazily loaded, this file is ONLY here for one
+# reason at this point, to load all the resources in order to populate
+# the registry for `inspec shell`'s `help commands`. There has to be a
+# cheaper way to do this, but this will do for now.
+#
+# NOTE: I intentionally didn't convert this to a loop over a simple
+# glob so this remains a sort of manifest for our resources.
+
 require "inspec/resource"
 
 # Detect if we are running the stripped-down inspec-core
 # This relies on AWS being stripped from the inspec-core gem
 inspec_core_only = ENV["NO_AWS"] || !File.exist?(File.join(File.dirname(__FILE__), "..", "resource_support", "aws.rb"))
 
-require "rspec/matchers"
-
 # Do not attempt to load cloud resources if we are in inspec-core mode
 unless inspec_core_only
   require "resource_support/aws"

data/lib/inspec/resources/aide_conf.rb

@@ -48,6 +48,10 @@ module Inspec::Resources
 
     filter.install_filter_methods_on_resource(self, :params)
 
+    def to_s
+      "AIDE Config"
+    end
+
     private
 
     def read_content

data/lib/inspec/resources/apt.rb

@@ -71,9 +71,9 @@ module Inspec::Resources
       read_debs.select { |repo| repo[:url] == @deb_url && repo[:type] == "deb" }
     end
 
+    # TODO: remove this. just see if it is valid w/ URI.parse
     HTTP_URL_RE = /\A#{URI::DEFAULT_PARSER.make_regexp(%w{http https})}\z/.freeze
 
-    # read
     def read_debs
       return @repo_cache if defined?(@repo_cache)
 
@@ -81,32 +81,32 @@ module Inspec::Resources
       cmd = inspec.command("find /etc/apt/ -name \*.list -exec sh -c 'cat {} || echo -n' \\;")
 
       # @see https://help.ubuntu.com/community/Repositories/CommandLine#Explanation_of_the_Repository_Format
-      @repo_cache = cmd.stdout.chomp.split("\n").each_with_object([]) do |raw_line, lines|
-        active = true
-
+      @repo_cache = cmd.stdout.lines.map do |raw_line|
         # detect if the repo is commented out
         line = raw_line.gsub(/^(#\s*)*/, "")
-        active = false if raw_line != line
+        active = raw_line == line
+
+        # formats:
+        # deb               http://archive.ubuntu.com/ubuntu/ wily main restricted ...
+        # deb [trusted=yes] http://archive.ubuntu.com/ubuntu/ wily main restricted ...
 
-        # eg.: deb http://archive.ubuntu.com/ubuntu/ wily main restricted
-        # or : deb [trusted=yes] http://archive.ubuntu.com/ubuntu/ wily main restricted
-        parse_repo = /^\s*(\S+)\s+(?:\[\S+\])?\s*"?([^ "\t\r\n\f]+)"?\s+(\S+)\s+(.*)$/.match(line)
+        words = line.split
+        words.delete 1 if words[1] && words[1].start_with?("[")
+        type, url, distro, *components = words
 
-        # check if we got any result and the second param is an url
-        next if parse_repo.nil? || !parse_repo[2] =~ HTTP_URL_RE
+        next if components.empty?
+        next unless URI::HTTP === URI.parse(url)
+        next unless %w{deb deb-src}.include? type
 
         # map data
-        repo = {
-          type: parse_repo[1],
-          url: parse_repo[2],
-          distro: parse_repo[3],
-          components: parse_repo[4].chomp.split(" "),
+        {
+          type: type,
+          url: url,
+          distro: distro,
+          components: components,
           active: active,
         }
-        next unless %w{deb deb-src}.include? repo[:type]
-
-        lines.push(repo)
-      end
+      end.compact
     end
 
     # resolves ppa urls