inspec 4.18.51 → 4.18.85

data/lib/inspec/resources/csv.rb

@@ -1,56 +0,0 @@
-require "inspec/resources/json"
-
-# Parses a csv document
-# This implementation was inspired by a blog post
-# @see http://technicalpickles.com/posts/parsing-csv-with-ruby
-module Inspec::Resources
-  class CsvConfig < JsonConfig
-    name "csv"
-    desc "Use the csv InSpec audit resource to test configuration data in a CSV file."
-    example <<~EXAMPLE
-      describe csv('example.csv') do
-        its('name') { should eq(['John', 'Alice']) }
-      end
-    EXAMPLE
-
-    # override the parse method from JsonConfig
-    # Assuming a header row of name,col1,col2, it will output an array of hashes like so:
-    #    [
-    #      { 'name' => 'row1', 'col1' => 'value1', 'col2' => 'value2' },
-    #      { 'name' => 'row2', 'col1' => 'value3', 'col2' => 'value4' }
-    #    ]
-    def parse(content)
-      require "csv"
-
-      # convert empty field to nil
-      CSV::Converters[:blank_to_nil] = lambda do |field|
-        field && field.empty? ? nil : field
-      end
-
-      # implicit conversion of values
-      csv = CSV.new(content, headers: true, converters: %i{all blank_to_nil})
-
-      # convert to hash
-      csv.to_a.map(&:to_hash)
-    rescue => e
-      raise Inspec::Exceptions::ResourceFailed, "Unable to parse CSV: #{e.message}"
-    end
-
-    # override the value method from JsonConfig
-    # The format of the CSV hash as created by #parse is very different
-    # than what the YAML, JSON, and INI resources create, so using the
-    # #value method from JsonConfig (which uses ObjectTraverser.extract_value)
-    # doesn't make sense here.
-    def value(key)
-      @params.map { |x| x[key.first.to_s] }.compact
-    end
-
-    private
-
-    # used by JsonConfig to build up a full to_s method
-    # based on whether a file path, content, or command was supplied.
-    def resource_base_name
-      "CSV"
-    end
-  end
-end

data/lib/inspec/resources/dh_params.rb

@@ -1,83 +0,0 @@
-require "openssl"
-require "inspec/utils/file_reader"
-
-module Inspec::Resources
-  class DhParams < Inspec.resource(1)
-    name "dh_params"
-    supports platform: "unix"
-    desc '
-      Use the `dh_params` InSpec audit resource to test Diffie-Hellman (DH)
-      parameters.
-    '
-
-    example <<~EXAMPLE
-      describe dh_params('/path/to/file.dh_pem') do
-        it { should be_dh_params }
-        it { should be_valid }
-        its('generator') { should eq 2 }
-        its('modulus') { should eq '00:91:a0:15:89:e5:bc:38:93:12:02:fc:...' }
-        its('prime_length') { should eq 2048 }
-        its('pem') { should eq '-----BEGIN DH PARAMETERS...' }
-        its('text') { should eq 'PKCS#3 DH Parameters: (2048 bit)...' }
-      end
-    EXAMPLE
-
-    include FileReader
-
-    def initialize(filename)
-      @dh_params_path = filename
-      @dh_params = OpenSSL::PKey::DH.new read_file_content(@dh_params_path)
-    end
-
-    # it { should be_dh_params }
-    def dh_params?
-      !@dh_params.nil?
-    end
-
-    # its('generator') { should eq 2 }
-    def generator
-      return if @dh_params.nil?
-
-      @dh_params.g.to_i
-    end
-
-    # its('modulus') { should eq '00:91:a0:15:89:e5:bc:38:93:12:02:fc:...' }
-    def modulus
-      return if @dh_params.nil?
-
-      "00:" + @dh_params.p.to_s(16).downcase.scan(/.{2}/).join(":")
-    end
-
-    # its('pem') { should eq '-----BEGIN DH PARAMETERS...' }
-    def pem
-      return if @dh_params.nil?
-
-      @dh_params.to_pem
-    end
-
-    # its('prime_length') { should be 2048 }
-    def prime_length
-      return if @dh_params.nil?
-
-      @dh_params.p.num_bits
-    end
-
-    # its('text') { should eq 'human-readable-text' }
-    def text
-      return if @dh_params.nil?
-
-      @dh_params.to_text
-    end
-
-    # it { should be_valid }
-    def valid?
-      return if @dh_params.nil?
-
-      @dh_params.params_ok?
-    end
-
-    def to_s
-      "dh_params #{@dh_params_path}"
-    end
-  end
-end

data/lib/inspec/resources/directory.rb

@@ -1,23 +0,0 @@
-require "inspec/resources/file"
-
-module Inspec::Resources
-  class Directory < FileResource
-    name "directory"
-    supports platform: "unix"
-    supports platform: "windows"
-    desc "Use the directory InSpec audit resource to test if the file type is a directory. This is equivalent to using the file InSpec audit resource and the be_directory matcher, but provides a simpler and more direct way to test directories. All of the matchers available to file may be used with directory."
-    example <<~EXAMPLE
-      describe directory('path') do
-        it { should be_directory }
-      end
-    EXAMPLE
-
-    def exist?
-      file.exist? && file.directory?
-    end
-
-    def to_s
-      "Directory #{source_path}"
-    end
-  end
-end

data/lib/inspec/resources/docker.rb

@@ -1,274 +0,0 @@
-#
-# Copyright 2017, Christoph Hartmann
-#
-
-require "inspec/resources/command"
-require "inspec/utils/filter"
-require "hashie/mash"
-
-module Inspec::Resources
-  class DockerContainerFilter
-    # use filtertable for containers
-    filter = FilterTable.create
-    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
-    filter.register_column(:commands, field: "command")
-      .register_column(:ids,            field: "id")
-      .register_column(:images,         field: "image")
-      .register_column(:labels,         field: "labels", style: :simple)
-      .register_column(:local_volumes,  field: "localvolumes")
-      .register_column(:mounts,         field: "mounts")
-      .register_column(:names,          field: "names")
-      .register_column(:networks,       field: "networks")
-      .register_column(:ports,          field: "ports")
-      .register_column(:running_for,    field: "runningfor")
-      .register_column(:sizes,          field: "size")
-      .register_column(:status,         field: "status")
-      .register_custom_matcher(:running?) do |x|
-        x.where { status.downcase.start_with?("up") }
-      end
-    filter.install_filter_methods_on_resource(self, :containers)
-
-    attr_reader :containers
-    def initialize(containers)
-      @containers = containers
-    end
-  end
-
-  class DockerImageFilter
-    filter = FilterTable.create
-    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
-    filter.register_column(:ids, field: "id")
-      .register_column(:repositories,  field: "repository")
-      .register_column(:tags,          field: "tag")
-      .register_column(:sizes,         field: "size")
-      .register_column(:digests,       field: "digest")
-      .register_column(:created,       field: "createdat")
-      .register_column(:created_since, field: "createdsize")
-    filter.install_filter_methods_on_resource(self, :images)
-
-    attr_reader :images
-    def initialize(images)
-      @images = images
-    end
-  end
-
-  class DockerPluginFilter
-    filter = FilterTable.create
-    filter.add(:ids, field: "id")
-      .add(:names,    field: "name")
-      .add(:versions, field: "version")
-      .add(:enabled,  field: "enabled")
-    filter.connect(self, :plugins)
-
-    attr_reader :plugins
-    def initialize(plugins)
-      @plugins = plugins
-    end
-  end
-
-  class DockerServiceFilter
-    filter = FilterTable.create
-    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
-    filter.register_column(:ids, field: "id")
-      .register_column(:names,    field: "name")
-      .register_column(:modes,    field: "mode")
-      .register_column(:replicas, field: "replicas")
-      .register_column(:images,   field: "image")
-      .register_column(:ports,    field: "ports")
-    filter.install_filter_methods_on_resource(self, :services)
-
-    attr_reader :services
-    def initialize(services)
-      @services = services
-    end
-  end
-
-  # This resource helps to parse information from the docker host
-  # For compatability with Serverspec we also offer the following resouses:
-  # - docker_container
-  # - docker_image
-  class Docker < Inspec.resource(1)
-    name "docker"
-    supports platform: "unix"
-    desc "
-      A resource to retrieve information about docker
-    "
-
-    example <<~EXAMPLE
-      describe docker.containers do
-        its('images') { should_not include 'u12:latest' }
-      end
-
-      describe docker.images do
-        its('repositories') { should_not include 'inssecure_image' }
-      end
-
-      describe docker.plugins.where { name == 'rexray/ebs' } do
-        it { should exist }
-      end
-
-      describe docker.services do
-        its('images') { should_not include 'inssecure_image' }
-      end
-
-      describe docker.version do
-        its('Server.Version') { should cmp >= '1.12'}
-        its('Client.Version') { should cmp >= '1.12'}
-      end
-
-      describe docker.object(id) do
-        its('Configuration.Path') { should eq 'value' }
-      end
-
-      docker.containers.ids.each do |id|
-        # call docker inspect for a specific container id
-        describe docker.object(id) do
-          its(%w(HostConfig Privileged)) { should cmp false }
-          its(%w(HostConfig Privileged)) { should_not cmp true }
-        end
-      end
-    EXAMPLE
-
-    def containers
-      DockerContainerFilter.new(parse_containers)
-    end
-
-    def images
-      DockerImageFilter.new(parse_images)
-    end
-
-    def plugins
-      DockerPluginFilter.new(parse_plugins)
-    end
-
-    def services
-      DockerServiceFilter.new(parse_services)
-    end
-
-    def version
-      return @version if defined?(@version)
-
-      data = {}
-      cmd = inspec.command("docker version --format '{{ json . }}'")
-      data = JSON.parse(cmd.stdout) if cmd.exit_status == 0
-      @version = Hashie::Mash.new(data)
-    rescue JSON::ParserError => _e
-      Hashie::Mash.new({})
-    end
-
-    def info
-      return @info if defined?(@info)
-
-      data = {}
-      # docke info format is only supported for Docker 17.03+
-      cmd = inspec.command("docker info --format '{{ json . }}'")
-      data = JSON.parse(cmd.stdout) if cmd.exit_status == 0
-      @info = Hashie::Mash.new(data)
-    rescue JSON::ParserError => _e
-      Hashie::Mash.new({})
-    end
-
-    # returns information about docker objects
-    def object(id)
-      return @inspect if defined?(@inspect)
-
-      data = JSON.parse(inspec.command("docker inspect #{id}").stdout)
-      data = data[0] if data.is_a?(Array)
-      @inspect = Hashie::Mash.new(data)
-    rescue JSON::ParserError => _e
-      Hashie::Mash.new({})
-    end
-
-    def to_s
-      "Docker Host"
-    end
-
-    private
-
-    def parse_json_command(labels, subcommand)
-      # build command
-      format = labels.map { |label| "\"#{label}\": {{json .#{label}}}" }
-      raw = inspec.command("docker #{subcommand} --format '{#{format.join(", ")}}'").stdout
-      output = []
-      # since docker is not outputting valid json, we need to parse each row
-      raw.each_line do |entry|
-        # convert all keys to lower_case to work well with ruby and filter table
-        row = JSON.parse(entry).map do |key, value|
-          [key.downcase, value]
-        end.to_h
-
-        # ensure all keys are there
-        row = ensure_keys(row, labels)
-
-        # strip off any linked container names
-        # Depending on how it was linked, the actual container name may come before
-        # or after the link information, so we'll just look for the first name that
-        # does not include a slash since that is not a valid character in a container name
-        if row["names"]
-          row["names"] = row["names"].split(",").find { |c| !c.include?("/") }
-        end
-
-        # Split labels on ',' or set to empty array
-        # Allows for `docker.containers.where { labels.include?('app=redis') }`
-        row["labels"] = row.key?("labels") ? row["labels"].split(",") : []
-
-        output.push(row)
-      end
-
-      output
-    rescue JSON::ParserError => _e
-      warn "Could not parse `docker #{subcommand}` output"
-      []
-    end
-
-    def parse_containers
-      # @see https://github.com/moby/moby/issues/20625, works for docker 1.13+
-      # raw_containers = inspec.command('docker ps -a --no-trunc --format \'{{ json . }}\'').stdout
-      # therefore we stick with older approach
-      labels = %w{Command CreatedAt ID Image Labels Mounts Names Ports RunningFor Size Status}
-
-      # Networks LocalVolumes work with 1.13+ only
-      if !version.empty? && Gem::Version.new(version["Client"]["Version"]) >= Gem::Version.new("1.13")
-        labels.push("Networks")
-        labels.push("LocalVolumes")
-      end
-      parse_json_command(labels, "ps -a --no-trunc")
-    end
-
-    def parse_services
-      parse_json_command(%w{ID Name Mode Replicas Image Ports}, "service ls")
-    end
-
-    def ensure_keys(entry, labels)
-      labels.each do |key|
-        entry[key.downcase] = nil unless entry.key?(key.downcase)
-      end
-      entry
-    end
-
-    def parse_images
-      # docker does not support the `json .` function here, therefore we need to emulate that behavior.
-      raw_images = inspec.command('docker images -a --no-trunc --format \'{ "id": {{json .ID}}, "repository": {{json .Repository}}, "tag": {{json .Tag}}, "size": {{json .Size}}, "digest": {{json .Digest}}, "createdat": {{json .CreatedAt}}, "createdsize": {{json .CreatedSince}} }\'').stdout
-      c_images = []
-      raw_images.each_line do |entry|
-        c_images.push(JSON.parse(entry))
-      end
-      c_images
-    rescue JSON::ParserError => _e
-      warn "Could not parse `docker images` output"
-      []
-    end
-
-    def parse_plugins
-      plugins = inspec.command('docker plugin ls --format \'{"id": {{json .ID}}, "name": "{{ with split .Name ":"}}{{index . 0}}{{end}}", "version": "{{ with split .Name ":"}}{{index . 1}}{{end}}", "enabled": {{json .Enabled}} }\'').stdout
-      c_plugins = []
-      plugins.each_line do |entry|
-        c_plugins.push(JSON.parse(entry))
-      end
-      c_plugins
-    rescue JSON::ParserError => _e
-      warn "Could not parse `docker plugin ls` output"
-      []
-    end
-  end
-end

data/lib/inspec/resources/docker_container.rb

@@ -1,91 +0,0 @@
-#
-# Copyright 2017, Christoph Hartmann
-
-require "inspec/resources/docker"
-require_relative "docker_object"
-
-module Inspec::Resources
-  class DockerContainer < Inspec.resource(1)
-    include Inspec::Resources::DockerObject
-
-    name "docker_container"
-    supports platform: "unix"
-    desc ""
-    example <<~EXAMPLE
-      describe docker_container('an-echo-server') do
-        it { should exist }
-        it { should be_running }
-        its('id') { should_not eq '' }
-        its('image') { should eq 'busybox:latest' }
-        its('repo') { should eq 'busybox' }
-        its('tag') { should eq 'latest' }
-        its('ports') { should eq [] }
-        its('command') { should eq 'nc -ll -p 1234 -e /bin/cat' }
-        its('labels') { should include 'app=example' }
-      end
-
-      describe docker_container(id: 'e2c52a183358') do
-        it { should exist }
-        it { should be_running }
-      end
-    EXAMPLE
-
-    def initialize(opts = {})
-      # if a string is provided, we expect it is the name
-      if opts.is_a?(String)
-        @opts = { name: opts }
-      else
-        @opts = opts
-      end
-    end
-
-    def running?
-      status.downcase.start_with?("up") if object_info.entries.length == 1
-    end
-
-    def status
-      object_info.status[0] if object_info.entries.length == 1
-    end
-
-    def labels
-      object_info.labels
-    end
-
-    def ports
-      object_info.ports[0] if object_info.entries.length == 1
-    end
-
-    def command
-      return unless object_info.entries.length == 1
-
-      cmd = object_info.commands[0]
-      cmd.slice(1, cmd.length - 2)
-    end
-
-    def image
-      object_info.images[0] if object_info.entries.length == 1
-    end
-
-    def repo
-      parse_components_from_image(image)[:repo] if object_info.entries.size == 1
-    end
-
-    def tag
-      parse_components_from_image(image)[:tag] if object_info.entries.size == 1
-    end
-
-    def to_s
-      name = @opts[:name] || @opts[:id]
-      "Docker Container #{name}"
-    end
-
-    private
-
-    def object_info
-      return @info if defined?(@info)
-
-      opts = @opts
-      @info = inspec.docker.containers.where { names == opts[:name] || (!id.nil? && !opts[:id].nil? && (id == opts[:id] || id.start_with?(opts[:id]))) }
-    end
-  end
-end