inspec 4.3.2 → 4.6.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +36 -38
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/inspec.gemspec +38 -39
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb +12 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-compliance/test/functional/inspec_compliance_test.rb +12 -14
- data/lib/plugins/inspec-compliance/test/integration/default/cli.rb +39 -41
- data/lib/plugins/inspec-compliance/test/unit/api/login_test.rb +64 -64
- data/lib/plugins/inspec-compliance/test/unit/api_test.rb +157 -156
- data/lib/plugins/inspec-compliance/test/unit/target_test.rb +85 -85
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/Berksfile +1 -1
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/metadata.rb +8 -8
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/recipes/default.rb +17 -17
- data/lib/plugins/inspec-habitat/test/functional/inspec_habitat_test.rb +9 -8
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/controls/inspec_habitat.rb +14 -14
- data/lib/plugins/inspec-habitat/test/support/example_profile/controls/example.rb +4 -4
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +42 -41
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/functional/inspec_plugin_template_test.rb +5 -5
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/helper.rb +1 -3
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/cli_args_test.rb +2 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/plugin_def_test.rb +2 -2
- data/lib/plugins/inspec-init/templates/profiles/aws/controls/example.rb +10 -11
- data/lib/plugins/inspec-init/templates/profiles/azure/controls/example.rb +4 -5
- data/lib/plugins/inspec-init/templates/profiles/gcp/controls/example.rb +10 -11
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-init/test/functional/inspec_init_plugin_test.rb +51 -50
- data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb +35 -33
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/plugins/wrong-name/lib/wrong-name.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +281 -271
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +41 -41
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/plugin_def_test.rb +25 -6
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/resource_support/aws.rb +67 -67
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +4 -1
- data/lib/resource_support/aws/aws_resource_mixin.rb +4 -3
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +4 -1
- data/lib/resources/aws/aws_billing_report.rb +15 -8
- data/lib/resources/aws/aws_billing_reports.rb +10 -7
- data/lib/resources/aws/aws_cloudtrail_trail.rb +9 -5
- data/lib/resources/aws/aws_cloudtrail_trails.rb +9 -5
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +9 -5
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +12 -8
- data/lib/resources/aws/aws_config_delivery_channel.rb +13 -9
- data/lib/resources/aws/aws_config_recorder.rb +10 -6
- data/lib/resources/aws/aws_ebs_volume.rb +12 -8
- data/lib/resources/aws/aws_ebs_volumes.rb +9 -5
- data/lib/resources/aws/aws_ec2_instance.rb +14 -11
- data/lib/resources/aws/aws_ec2_instances.rb +9 -5
- data/lib/resources/aws/aws_ecs_cluster.rb +11 -7
- data/lib/resources/aws/aws_eks_cluster.rb +13 -9
- data/lib/resources/aws/aws_elb.rb +9 -5
- data/lib/resources/aws/aws_elbs.rb +9 -5
- data/lib/resources/aws/aws_flow_log.rb +17 -13
- data/lib/resources/aws/aws_iam_access_key.rb +15 -11
- data/lib/resources/aws/aws_iam_access_keys.rb +19 -15
- data/lib/resources/aws/aws_iam_group.rb +9 -5
- data/lib/resources/aws/aws_iam_groups.rb +9 -5
- data/lib/resources/aws/aws_iam_password_policy.rb +13 -10
- data/lib/resources/aws/aws_iam_policies.rb +9 -5
- data/lib/resources/aws/aws_iam_policy.rb +16 -12
- data/lib/resources/aws/aws_iam_role.rb +9 -5
- data/lib/resources/aws/aws_iam_root_user.rb +12 -8
- data/lib/resources/aws/aws_iam_user.rb +12 -12
- data/lib/resources/aws/aws_iam_users.rb +10 -10
- data/lib/resources/aws/aws_kms_key.rb +12 -8
- data/lib/resources/aws/aws_kms_keys.rb +9 -5
- data/lib/resources/aws/aws_rds_instance.rb +11 -8
- data/lib/resources/aws/aws_route_table.rb +11 -7
- data/lib/resources/aws/aws_route_tables.rb +10 -6
- data/lib/resources/aws/aws_s3_bucket.rb +14 -11
- data/lib/resources/aws/aws_s3_bucket_object.rb +12 -9
- data/lib/resources/aws/aws_s3_buckets.rb +9 -7
- data/lib/resources/aws/aws_security_group.rb +16 -12
- data/lib/resources/aws/aws_security_groups.rb +12 -8
- data/lib/resources/aws/aws_sns_subscription.rb +15 -11
- data/lib/resources/aws/aws_sns_topic.rb +10 -6
- data/lib/resources/aws/aws_sns_topics.rb +9 -5
- data/lib/resources/aws/aws_sqs_queue.rb +18 -14
- data/lib/resources/aws/aws_subnet.rb +11 -7
- data/lib/resources/aws/aws_subnets.rb +9 -5
- data/lib/resources/aws/aws_vpc.rb +10 -6
- data/lib/resources/aws/aws_vpcs.rb +9 -5
- data/lib/resources/azure/azure_backend.rb +20 -18
- data/lib/resources/azure/azure_generic_resource.rb +13 -15
- data/lib/resources/azure/azure_resource_group.rb +17 -19
- data/lib/resources/azure/azure_virtual_machine.rb +6 -8
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +6 -8
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +141 -142
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
|
@@ -1,13 +1,11 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
require 'utils/command_wrapper'
|
|
4
|
-
require 'resources/command'
|
|
1
|
+
require "inspec/utils/command_wrapper"
|
|
2
|
+
require "inspec/resources/command"
|
|
5
3
|
|
|
6
4
|
module Inspec::Resources
|
|
7
5
|
class Ksh < Cmd
|
|
8
|
-
name
|
|
9
|
-
supports platform:
|
|
10
|
-
desc
|
|
6
|
+
name "ksh"
|
|
7
|
+
supports platform: "unix"
|
|
8
|
+
desc "Run a command or script in KornShell."
|
|
11
9
|
example <<~EXAMPLE
|
|
12
10
|
describe ksh('ls -al /') do
|
|
13
11
|
its('stdout') { should match /bin/ }
|
|
@@ -24,7 +22,7 @@ module Inspec::Resources
|
|
|
24
22
|
|
|
25
23
|
def initialize(command, options = {})
|
|
26
24
|
@raw_command = command
|
|
27
|
-
options[:shell] =
|
|
25
|
+
options[:shell] = "ksh" if options.is_a?(Hash)
|
|
28
26
|
super(CommandWrapper.wrap(command, options))
|
|
29
27
|
end
|
|
30
28
|
|
|
@@ -1,14 +1,13 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
1
|
# copyright: 2015, Vulcano Security GmbH
|
|
3
2
|
|
|
4
|
-
require
|
|
5
|
-
require
|
|
3
|
+
require "inspec/utils/simpleconfig"
|
|
4
|
+
require "inspec/utils/file_reader"
|
|
6
5
|
|
|
7
6
|
module Inspec::Resources
|
|
8
7
|
class LimitsConf < Inspec.resource(1)
|
|
9
|
-
name
|
|
10
|
-
supports platform:
|
|
11
|
-
desc
|
|
8
|
+
name "limits_conf"
|
|
9
|
+
supports platform: "unix"
|
|
10
|
+
desc "Use the limits_conf InSpec audit resource to test configuration settings in the /etc/security/limits.conf file. The limits.conf defines limits for processes (by user and/or group names) and helps ensure that the system on which those processes are running remains stable. Each process may be assigned a hard or soft limit."
|
|
12
11
|
example <<~EXAMPLE
|
|
13
12
|
describe limits_conf do
|
|
14
13
|
its('*') { should include ['hard','core','0'] }
|
|
@@ -18,7 +17,7 @@ module Inspec::Resources
|
|
|
18
17
|
include FileReader
|
|
19
18
|
|
|
20
19
|
def initialize(path = nil)
|
|
21
|
-
@conf_path = path ||
|
|
20
|
+
@conf_path = path || "/etc/security/limits.conf"
|
|
22
21
|
@content = read_file_content(@conf_path)
|
|
23
22
|
end
|
|
24
23
|
|
|
@@ -34,13 +33,13 @@ module Inspec::Resources
|
|
|
34
33
|
@content,
|
|
35
34
|
assignment_regex: /^\s*(\S+?)\s+(.*?)\s+(.*?)\s+(.*?)\s*$/,
|
|
36
35
|
key_values: 3,
|
|
37
|
-
multiple_values: true
|
|
36
|
+
multiple_values: true
|
|
38
37
|
)
|
|
39
38
|
@params = conf.params
|
|
40
39
|
end
|
|
41
40
|
|
|
42
41
|
def to_s
|
|
43
|
-
|
|
42
|
+
"limits.conf"
|
|
44
43
|
end
|
|
45
44
|
end
|
|
46
45
|
end
|
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
1
|
# copyright: 2015, Vulcano Security GmbH
|
|
3
2
|
|
|
4
|
-
require
|
|
5
|
-
require
|
|
3
|
+
require "inspec/utils/simpleconfig"
|
|
4
|
+
require "inspec/utils/file_reader"
|
|
6
5
|
|
|
7
6
|
# Usage:
|
|
8
7
|
#
|
|
@@ -17,10 +16,10 @@ require 'utils/file_reader'
|
|
|
17
16
|
# end
|
|
18
17
|
|
|
19
18
|
module Inspec::Resources
|
|
20
|
-
class
|
|
21
|
-
name
|
|
22
|
-
supports platform:
|
|
23
|
-
desc
|
|
19
|
+
class LoginDefs < Inspec.resource(1)
|
|
20
|
+
name "login_defs"
|
|
21
|
+
supports platform: "unix"
|
|
22
|
+
desc "Use the login_defs InSpec audit resource to test configuration settings in the /etc/login.defs file. The logins.defs file defines site-specific configuration for the shadow password suite on Linux and UNIX platforms, such as password expiration ranges, minimum/maximum values for automatic selection of user and group identifiers, or the method with which passwords are encrypted."
|
|
24
23
|
example <<~EXAMPLE
|
|
25
24
|
describe login_defs do
|
|
26
25
|
its('ENCRYPT_METHOD') { should eq 'SHA512' }
|
|
@@ -30,7 +29,7 @@ module Inspec::Resources
|
|
|
30
29
|
include FileReader
|
|
31
30
|
|
|
32
31
|
def initialize(path = nil)
|
|
33
|
-
@conf_path = path ||
|
|
32
|
+
@conf_path = path || "/etc/login.defs"
|
|
34
33
|
@content = read_file_content(@conf_path)
|
|
35
34
|
end
|
|
36
35
|
|
|
@@ -45,13 +44,13 @@ module Inspec::Resources
|
|
|
45
44
|
conf = SimpleConfig.new(
|
|
46
45
|
@content,
|
|
47
46
|
assignment_regex: /^\s*(\S+)\s+(\S*)\s*$/,
|
|
48
|
-
multiple_values: false
|
|
47
|
+
multiple_values: false
|
|
49
48
|
)
|
|
50
49
|
@params = conf.params
|
|
51
50
|
end
|
|
52
51
|
|
|
53
52
|
def to_s
|
|
54
|
-
|
|
53
|
+
"login.defs"
|
|
55
54
|
end
|
|
56
55
|
end
|
|
57
56
|
end
|
|
@@ -1,12 +1,10 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
require 'utils/simpleconfig'
|
|
1
|
+
require "inspec/utils/simpleconfig"
|
|
4
2
|
|
|
5
3
|
module Inspec::Resources
|
|
6
4
|
class Mount < Inspec.resource(1)
|
|
7
|
-
name
|
|
8
|
-
supports platform:
|
|
9
|
-
desc
|
|
5
|
+
name "mount"
|
|
6
|
+
supports platform: "unix"
|
|
7
|
+
desc "Use the mount InSpec audit resource to test if mount points."
|
|
10
8
|
example <<~EXAMPLE
|
|
11
9
|
describe mount('/') do
|
|
12
10
|
it { should be_mounted }
|
|
@@ -22,7 +20,7 @@ module Inspec::Resources
|
|
|
22
20
|
def initialize(path)
|
|
23
21
|
@path = path
|
|
24
22
|
@mount_manager = mount_manager_for_os
|
|
25
|
-
return skip_resource
|
|
23
|
+
return skip_resource "The `mount` resource is not supported on your OS yet." if @mount_manager.nil?
|
|
26
24
|
@file = inspec.backend.file(@path)
|
|
27
25
|
end
|
|
28
26
|
|
|
@@ -61,7 +59,7 @@ module Inspec::Resources
|
|
|
61
59
|
os = inspec.os
|
|
62
60
|
if os.linux?
|
|
63
61
|
LinuxMounts.new(inspec)
|
|
64
|
-
elsif [
|
|
62
|
+
elsif ["freebsd"].include?(os[:family])
|
|
65
63
|
BsdMounts.new(inspec)
|
|
66
64
|
end
|
|
67
65
|
end
|
|
@@ -1,7 +1,6 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
require
|
|
4
|
-
require 'utils/database_helpers'
|
|
1
|
+
require "inspec/resources/command"
|
|
2
|
+
require "hashie/mash"
|
|
3
|
+
require "inspec/utils/database_helpers"
|
|
5
4
|
|
|
6
5
|
module Inspec::Resources
|
|
7
6
|
# STABILITY: Experimental
|
|
@@ -11,9 +10,8 @@ module Inspec::Resources
|
|
|
11
10
|
# @see https://docs.microsoft.com/en-us/sql/relational-databases/scripting/sqlcmd-use-the-utility
|
|
12
11
|
# @see https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-connect-and-query-sqlcmd
|
|
13
12
|
class MssqlSession < Inspec.resource(1)
|
|
14
|
-
name
|
|
15
|
-
|
|
16
|
-
desc 'Use the mssql_session InSpec audit resource to test SQL commands run against a MS Sql Server database.'
|
|
13
|
+
name "mssql_session"
|
|
14
|
+
desc "Use the mssql_session InSpec audit resource to test SQL commands run against a MS Sql Server database."
|
|
17
15
|
example <<~EXAMPLE
|
|
18
16
|
# Using SQL authentication
|
|
19
17
|
sql = mssql_session(user: 'myuser', pass: 'mypassword')
|
|
@@ -34,22 +32,22 @@ module Inspec::Resources
|
|
|
34
32
|
@user = opts[:user]
|
|
35
33
|
@password = opts[:password] || opts[:pass]
|
|
36
34
|
if opts[:pass]
|
|
37
|
-
Inspec.deprecate(:mssql_session_pass_option,
|
|
35
|
+
Inspec.deprecate(:mssql_session_pass_option, "The mssql_session `pass` option is deprecated. Please use `password`.")
|
|
38
36
|
end
|
|
39
37
|
@local_mode = opts[:local_mode]
|
|
40
38
|
unless local_mode?
|
|
41
|
-
@host = opts[:host] ||
|
|
39
|
+
@host = opts[:host] || "localhost"
|
|
42
40
|
if opts.key?(:port)
|
|
43
41
|
@port = opts[:port]
|
|
44
42
|
else
|
|
45
|
-
@port =
|
|
43
|
+
@port = "1433"
|
|
46
44
|
end
|
|
47
45
|
end
|
|
48
46
|
@instance = opts[:instance]
|
|
49
47
|
@db_name = opts[:db_name]
|
|
50
48
|
|
|
51
49
|
# check if sqlcmd is available
|
|
52
|
-
raise Inspec::Exceptions::ResourceSkipped,
|
|
50
|
+
raise Inspec::Exceptions::ResourceSkipped, "sqlcmd is missing" unless inspec.command("sqlcmd").exist?
|
|
53
51
|
# check that database is reachable
|
|
54
52
|
raise Inspec::Exceptions::ResourceSkipped, "Can't connect to the MS SQL Server." unless test_connection
|
|
55
53
|
end
|
|
@@ -82,7 +80,7 @@ module Inspec::Resources
|
|
|
82
80
|
end
|
|
83
81
|
|
|
84
82
|
def to_s
|
|
85
|
-
|
|
83
|
+
"MSSQL session"
|
|
86
84
|
end
|
|
87
85
|
|
|
88
86
|
private
|
|
@@ -92,11 +90,11 @@ module Inspec::Resources
|
|
|
92
90
|
end
|
|
93
91
|
|
|
94
92
|
def test_connection
|
|
95
|
-
!query(
|
|
93
|
+
!query("select getdate()").empty?
|
|
96
94
|
end
|
|
97
95
|
|
|
98
96
|
def parse_csv_result(cmd)
|
|
99
|
-
require
|
|
97
|
+
require "csv"
|
|
100
98
|
table = CSV.parse(cmd.stdout, { headers: true })
|
|
101
99
|
|
|
102
100
|
# remove first row, since it will be a seperator line
|
|
@@ -105,13 +103,13 @@ module Inspec::Resources
|
|
|
105
103
|
# convert to hash
|
|
106
104
|
headers = table.headers
|
|
107
105
|
|
|
108
|
-
results = table.map
|
|
106
|
+
results = table.map do |row|
|
|
109
107
|
res = {}
|
|
110
|
-
headers.each
|
|
108
|
+
headers.each do |header|
|
|
111
109
|
res[header.downcase] = row[header] if header
|
|
112
|
-
|
|
110
|
+
end
|
|
113
111
|
Hashie::Mash.new(res)
|
|
114
|
-
|
|
112
|
+
end
|
|
115
113
|
results
|
|
116
114
|
end
|
|
117
115
|
end
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
# copyright: 2015, Vulcano Security GmbH
|
|
2
|
+
|
|
3
|
+
module Inspec::Resources
|
|
4
|
+
class Mysql < Inspec.resource(1)
|
|
5
|
+
name "mysql"
|
|
6
|
+
supports platform: "unix"
|
|
7
|
+
desc "The 'mysql' resource is a helper for the 'mysql_conf' & 'mysql_session' resources. Please use those instead."
|
|
8
|
+
|
|
9
|
+
attr_reader :package, :service, :conf_dir, :conf_path, :data_dir, :log_dir, :log_path, :log_group, :log_dir_group
|
|
10
|
+
def initialize
|
|
11
|
+
# set OS-dependent filenames and paths
|
|
12
|
+
case inspec.os[:family]
|
|
13
|
+
when "debian"
|
|
14
|
+
init_ubuntu
|
|
15
|
+
when "redhat", "fedora"
|
|
16
|
+
init_redhat
|
|
17
|
+
when "arch"
|
|
18
|
+
init_arch
|
|
19
|
+
else
|
|
20
|
+
# TODO: could not detect
|
|
21
|
+
init_default
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def init_ubuntu
|
|
26
|
+
@package = "mysql-server"
|
|
27
|
+
@service = "mysql"
|
|
28
|
+
@conf_path = "/etc/mysql/my.cnf"
|
|
29
|
+
@conf_dir = "/etc/mysql/"
|
|
30
|
+
@data_dir = "/var/lib/mysql/"
|
|
31
|
+
@log_dir = "/var/log/"
|
|
32
|
+
@log_path = "/var/log/mysql.log"
|
|
33
|
+
@log_group = "adm"
|
|
34
|
+
case inspec.os[:release]
|
|
35
|
+
when "14.04"
|
|
36
|
+
@log_dir_group = "syslog"
|
|
37
|
+
else
|
|
38
|
+
@log_dir_group = "root"
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def init_redhat
|
|
43
|
+
@package = "mysql-server"
|
|
44
|
+
@service = "mysqld"
|
|
45
|
+
@conf_path = "/etc/my.cnf"
|
|
46
|
+
@conf_dir = "/etc/"
|
|
47
|
+
@data_dir = "/var/lib/mysql/"
|
|
48
|
+
@log_dir = "/var/log/"
|
|
49
|
+
@log_path = "/var/log/mysqld.log"
|
|
50
|
+
@log_group = "mysql"
|
|
51
|
+
@log_dir_group = "root"
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def init_arch
|
|
55
|
+
@package = "mariadb"
|
|
56
|
+
@service = "mysql"
|
|
57
|
+
@conf_path = "/etc/mysql/my.cnf"
|
|
58
|
+
@conf_dir = "/etc/mysql/"
|
|
59
|
+
@data_dir = "/var/lib/mysql/"
|
|
60
|
+
@log_dir = "/var/log/"
|
|
61
|
+
@log_path = "/var/log/mysql.log"
|
|
62
|
+
@log_group = "mysql"
|
|
63
|
+
@log_dir_group = "root"
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
def init_default
|
|
67
|
+
@service = "mysqld"
|
|
68
|
+
@conf_path = "/etc/my.cnf"
|
|
69
|
+
@conf_dir = "/etc/"
|
|
70
|
+
@data_dir = "/var/lib/mysql/"
|
|
71
|
+
@log_dir = "/var/log/"
|
|
72
|
+
@log_path = "/var/log/mysqld.log"
|
|
73
|
+
@log_group = "mysql"
|
|
74
|
+
@log_dir_group = "root"
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
def to_s
|
|
78
|
+
"MySQL"
|
|
79
|
+
end
|
|
80
|
+
end
|
|
81
|
+
end
|
|
@@ -1,11 +1,10 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
1
|
# copyright: 2015, Vulcano Security GmbH
|
|
3
2
|
|
|
4
|
-
require
|
|
5
|
-
require
|
|
6
|
-
require
|
|
7
|
-
require
|
|
8
|
-
require
|
|
3
|
+
require "inspec/utils/simpleconfig"
|
|
4
|
+
require "inspec/utils/find_files"
|
|
5
|
+
require "inspec/utils/file_reader"
|
|
6
|
+
require "inspec/utils/hash"
|
|
7
|
+
require "inspec/resources/mysql"
|
|
9
8
|
|
|
10
9
|
module Inspec::Resources
|
|
11
10
|
class MysqlConfEntry
|
|
@@ -27,10 +26,10 @@ module Inspec::Resources
|
|
|
27
26
|
end
|
|
28
27
|
|
|
29
28
|
class MysqlConf < Inspec.resource(1)
|
|
30
|
-
name
|
|
31
|
-
supports platform:
|
|
32
|
-
supports platform:
|
|
33
|
-
desc
|
|
29
|
+
name "mysql_conf"
|
|
30
|
+
supports platform: "unix"
|
|
31
|
+
supports platform: "windows"
|
|
32
|
+
desc "Use the mysql_conf InSpec audit resource to test the contents of the configuration file for MySQL, typically located at /etc/mysql/my.cnf or /etc/my.cnf."
|
|
34
33
|
example <<~EXAMPLE
|
|
35
34
|
describe mysql_conf('path') do
|
|
36
35
|
its('setting') { should eq 'value' }
|
|
@@ -77,7 +76,7 @@ module Inspec::Resources
|
|
|
77
76
|
end
|
|
78
77
|
|
|
79
78
|
def read_content
|
|
80
|
-
@content =
|
|
79
|
+
@content = ""
|
|
81
80
|
@params = {}
|
|
82
81
|
|
|
83
82
|
to_read = [@conf_path]
|
|
@@ -106,13 +105,13 @@ module Inspec::Resources
|
|
|
106
105
|
dirs = conf.scan(/^!includedir\s+(.*)\s*/).flatten.compact.map { |x| abs_path(reldir, x) }
|
|
107
106
|
dirs.map do |dir|
|
|
108
107
|
# @TODO: non local glob
|
|
109
|
-
files += find_files(dir, depth: 1, type:
|
|
108
|
+
files += find_files(dir, depth: 1, type: "file")
|
|
110
109
|
end
|
|
111
110
|
files
|
|
112
111
|
end
|
|
113
112
|
|
|
114
113
|
def abs_path(dir, f)
|
|
115
|
-
return f if f.start_with?
|
|
114
|
+
return f if f.start_with? "/"
|
|
116
115
|
File.join(dir, f)
|
|
117
116
|
end
|
|
118
117
|
|
|
@@ -121,7 +120,7 @@ module Inspec::Resources
|
|
|
121
120
|
end
|
|
122
121
|
|
|
123
122
|
def to_s
|
|
124
|
-
|
|
123
|
+
"MySQL Configuration"
|
|
125
124
|
end
|
|
126
125
|
end
|
|
127
126
|
end
|
|
@@ -1,14 +1,14 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
1
|
# copyright: 2015, Vulcano Security GmbH
|
|
3
2
|
|
|
4
|
-
require
|
|
3
|
+
require "inspec/resources/command"
|
|
4
|
+
require "shellwords"
|
|
5
5
|
|
|
6
6
|
module Inspec::Resources
|
|
7
7
|
class MysqlSession < Inspec.resource(1)
|
|
8
|
-
name
|
|
9
|
-
supports platform:
|
|
10
|
-
supports platform:
|
|
11
|
-
desc
|
|
8
|
+
name "mysql_session"
|
|
9
|
+
supports platform: "unix"
|
|
10
|
+
supports platform: "windows"
|
|
11
|
+
desc "Use the mysql_session InSpec audit resource to test SQL commands run against a MySQL database."
|
|
12
12
|
example <<~EXAMPLE
|
|
13
13
|
sql = mysql_session('my_user','password','host')
|
|
14
14
|
describe sql.query('show databases like \'test\';') do
|
|
@@ -16,17 +16,17 @@ module Inspec::Resources
|
|
|
16
16
|
end
|
|
17
17
|
EXAMPLE
|
|
18
18
|
|
|
19
|
-
def initialize(user = nil, pass = nil, host =
|
|
19
|
+
def initialize(user = nil, pass = nil, host = "localhost", port = nil, socket = nil)
|
|
20
20
|
@user = user
|
|
21
21
|
@pass = pass
|
|
22
22
|
@host = host
|
|
23
23
|
@port = port
|
|
24
24
|
@socket = socket
|
|
25
|
-
init_fallback if user.nil?
|
|
26
|
-
skip_resource("Can't run MySQL SQL checks without authentication") if @user.nil?
|
|
25
|
+
init_fallback if user.nil? || pass.nil?
|
|
26
|
+
skip_resource("Can't run MySQL SQL checks without authentication") if @user.nil? || @pass.nil?
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
-
def query(q, db =
|
|
29
|
+
def query(q, db = "")
|
|
30
30
|
mysql_cmd = create_mysql_cmd(q, db)
|
|
31
31
|
cmd = inspec.command(mysql_cmd)
|
|
32
32
|
out = cmd.stdout + "\n" + cmd.stderr
|
|
@@ -40,7 +40,7 @@ module Inspec::Resources
|
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
def to_s
|
|
43
|
-
|
|
43
|
+
"MySQL Session"
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
private
|
|
@@ -49,13 +49,13 @@ module Inspec::Resources
|
|
|
49
49
|
Shellwords.escape(query)
|
|
50
50
|
end
|
|
51
51
|
|
|
52
|
-
def create_mysql_cmd(q, db =
|
|
52
|
+
def create_mysql_cmd(q, db = "")
|
|
53
53
|
# TODO: simple escape, must be handled by a library
|
|
54
54
|
# that does this securely
|
|
55
55
|
escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
|
|
56
56
|
|
|
57
57
|
# construct the query
|
|
58
|
-
command =
|
|
58
|
+
command = "mysql"
|
|
59
59
|
command += " -u#{escape_string(@user)}" unless @user.nil?
|
|
60
60
|
command += " -p#{escape_string(@pass)}" unless @pass.nil?
|
|
61
61
|
|
|
@@ -72,13 +72,13 @@ module Inspec::Resources
|
|
|
72
72
|
|
|
73
73
|
def init_fallback
|
|
74
74
|
# support debian mysql administration login
|
|
75
|
-
return if inspec.platform.in_family?(
|
|
76
|
-
debian = inspec.command(
|
|
75
|
+
return if inspec.platform.in_family?("windows")
|
|
76
|
+
debian = inspec.command("test -f /etc/mysql/debian.cnf && cat /etc/mysql/debian.cnf").stdout
|
|
77
77
|
return if debian.empty?
|
|
78
78
|
|
|
79
79
|
user = debian.match(/^\s*user\s*=\s*([^ ]*)\s*$/)
|
|
80
80
|
pass = debian.match(/^\s*password\s*=\s*([^ ]*)\s*$/)
|
|
81
|
-
return if user.nil?
|
|
81
|
+
return if user.nil? || pass.nil?
|
|
82
82
|
@user = user[1]
|
|
83
83
|
@pass = pass[1]
|
|
84
84
|
end
|