inspec 4.3.2 → 4.6.3

data/lib/{resources → inspec/resources}/nginx.rb

@@ -1,13 +1,12 @@
-# encoding: utf-8
-
-require 'pathname'
-require 'hashie/mash'
+require "pathname"
+require "hashie/mash"
+require "inspec/resources/command"
 
 module Inspec::Resources
   class Nginx < Inspec.resource(1)
-    name 'nginx'
-    supports platform: 'unix'
-    desc 'Use the nginx InSpec audit resource to test information about your NGINX instance.'
+    name "nginx"
+    supports platform: "unix"
+    desc "Use the nginx InSpec audit resource to test information about your NGINX instance."
     example <<~EXAMPLE
       describe nginx do
         its('conf_path') { should cmp '/etc/nginx/nginx.conf' }
@@ -21,13 +20,13 @@ module Inspec::Resources
     EXAMPLE
     attr_reader :params, :bin_dir
 
-    def initialize(nginx_path = '/usr/sbin/nginx')
-      return skip_resource 'The `nginx` resource is not yet available on your OS.' if inspec.os.windows?
-      return skip_resource 'The `nginx` binary not found in the path provided.' unless inspec.command(nginx_path).exist?
+    def initialize(nginx_path = "/usr/sbin/nginx")
+      return skip_resource "The `nginx` resource is not yet available on your OS." if inspec.os.windows?
+      return skip_resource "The `nginx` binary not found in the path provided." unless inspec.command(nginx_path).exist?
 
       cmd = inspec.command("#{nginx_path} -V 2>&1")
-      if !cmd.exit_status.zero?
-        return skip_resource 'Error using the command nginx -V'
+      if cmd.exit_status != 0
+        return skip_resource "Error using the command nginx -V"
       end
       @data = cmd.stdout
       @params = {}
@@ -42,17 +41,17 @@ module Inspec::Resources
 
     def openssl_version
       result = @data.scan(/built with OpenSSL\s(\S+)\s(\d+\s\S+\s\d{4})/).flatten
-      Hashie::Mash.new({ 'version' => result[0], 'date' => result[1] })
+      Hashie::Mash.new({ "version" => result[0], "date" => result[1] })
     end
 
     def compiler_info
       result = @data.scan(/built by (\S+)\s(\S+)\s(\S+)/).flatten
-      Hashie::Mash.new({ 'compiler' => result[0], 'version' => result[1], 'date' => result[2] })
+      Hashie::Mash.new({ "compiler" => result[0], "version" => result[1], "date" => result[2] })
     end
 
     def support_info
       support_info = @data.scan(/(.*\S+) support enabled/).flatten
-      support_info.empty? ? nil : support_info.join(' ')
+      support_info.empty? ? nil : support_info.join(" ")
     end
 
     def modules
@@ -60,7 +59,7 @@ module Inspec::Resources
     end
 
     def to_s
-      'Nginx Environment'
+      "Nginx Environment"
     end
 
     private
@@ -73,7 +72,7 @@ module Inspec::Resources
 
     def parse_config
       @params[:prefix] = @data.scan(/--prefix=(\S+)\s/).flatten.first
-      @params[:service] = 'nginx'
+      @params[:service] = "nginx"
       @params[:version] = @data.scan(%r{nginx version: nginx\/(\S+)\s}).flatten.first
     end
 

data/lib/{resources → inspec/resources}/nginx_conf.rb

@@ -1,9 +1,7 @@
-# encoding: utf-8
-
-require 'utils/nginx_parser'
-require 'utils/find_files'
-require 'utils/file_reader'
-require 'forwardable'
+require "inspec/utils/nginx_parser"
+require "inspec/utils/find_files"
+require "inspec/utils/file_reader"
+require "forwardable"
 
 # STABILITY: Experimental
 # This resouce needs a proper interace to the underlying data, which is currently missing.
@@ -14,11 +12,11 @@ require 'forwardable'
 # when running remotely.
 module Inspec::Resources
   class NginxConf < Inspec.resource(1)
-    name 'nginx_conf'
-    supports platform: 'unix'
-    desc 'Use the nginx_conf InSpec resource to test configuration data '\
-         'for the NginX web server located in /etc/nginx/nginx.conf on '\
-         'Linux and UNIX platforms.'
+    name "nginx_conf"
+    supports platform: "unix"
+    desc "Use the nginx_conf InSpec resource to test configuration data "\
+         "for the NginX web server located in /etc/nginx/nginx.conf on "\
+         "Linux and UNIX platforms."
     example <<~EXAMPLE
       describe nginx_conf.params ...
       describe nginx_conf('/path/to/my/nginx.conf').params ...
@@ -32,9 +30,9 @@ module Inspec::Resources
     attr_reader :contents
 
     def initialize(conf_path = nil)
-      @conf_path = conf_path || '/etc/nginx/nginx.conf'
+      @conf_path = conf_path || "/etc/nginx/nginx.conf"
       @contents = {}
-      return skip_resource 'The `nginx_conf` resource is currently not supported on Windows.' if inspec.os.windows?
+      return skip_resource "The `nginx_conf` resource is currently not supported on Windows." if inspec.os.windows?
       read_content(@conf_path)
     end
 
@@ -46,7 +44,7 @@ module Inspec::Resources
     end
 
     def http
-      NginxConfHttp.new(params['http'], self)
+      NginxConfHttp.new(params["http"], self)
     end
 
     def_delegators :http, :servers, :locations
@@ -91,8 +89,8 @@ module Inspec::Resources
 
       # Any call to `include` gets its data read, parsed, and merged back
       # into the current data structure
-      if data.key?('include')
-        data.delete('include').flatten
+      if data.key?("include")
+        data.delete("include").flatten
             .map { |x| File.expand_path(x, rel_path) }
             .map { |x| find_files(x) }.flatten
             .map { |path| parse_nginx(path) }
@@ -143,7 +141,7 @@ module Inspec::Resources
     end
 
     def to_s
-      @parent.to_s + ', http entries'
+      @parent.to_s + ", http entries"
     end
     alias inspect to_s
   end
@@ -156,7 +154,7 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.register_column(:servers, field: 'server')
+    filter.register_column(:servers, field: "server")
           .install_filter_methods_on_resource(self, :server_table)
 
     def locations
@@ -164,18 +162,18 @@ module Inspec::Resources
     end
 
     def to_s
-      @parent.to_s + ', http entry'
+      @parent.to_s + ", http entry"
     end
     alias inspect to_s
 
     private
 
     def server_table
-      @server_table ||= (params['server'] || []).map { |x| { 'server' => NginxConfServer.new(x, self) } }
+      @server_table ||= (params["server"] || []).map { |x| { "server" => NginxConfServer.new(x, self) } }
     end
   end
 
-  class NginxConfServer
+  class NginxConfServer # TODO: rename NginxServer
     attr_reader :params, :parent
     def initialize(params, parent)
       @parent = parent
@@ -183,15 +181,15 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.register_column(:locations, field: 'location')
+    filter.register_column(:locations, field: "location")
           .install_filter_methods_on_resource(self, :location_table)
 
     def to_s
-      server = ''
-      name = Array(params['server_name']).flatten.first
+      server = ""
+      name = Array(params["server_name"]).flatten.first
       unless name.nil?
         server += name
-        listen = Array(params['listen']).flatten.first
+        listen = Array(params["listen"]).flatten.first
         server += ":#{listen}" unless listen.nil?
       end
 
@@ -203,7 +201,7 @@ module Inspec::Resources
     private
 
     def location_table
-      @location_table ||= (params['location'] || []).map { |x| { 'location' => NginxConfLocation.new(x, self) } }
+      @location_table ||= (params["location"] || []).map { |x| { "location" => NginxConfLocation.new(x, self) } }
     end
   end
 
@@ -215,8 +213,9 @@ module Inspec::Resources
     end
 
     def to_s
-      location = Array(params['_']).join(' ')
+      location = Array(params["_"]).join(" ")
       # go three levels up: 1. to the server entry, 2. http entry and 3. to the root nginx conf
+      # TODO: fix parent.parent.parent
       @parent.parent.parent.to_s + ", location #{location.inspect}"
     end
     alias inspect to_s

data/lib/{resources → inspec/resources}/npm.rb

@@ -1,13 +1,12 @@
-# encoding: utf-8
-
-require 'shellwords'
+require "inspec/resources/command"
+require "shellwords"
 
 module Inspec::Resources
   class NpmPackage < Inspec.resource(1)
-    name 'npm'
-    supports platform: 'unix'
-    supports platform: 'windows'
-    desc 'Use the npm InSpec audit resource to test if a global npm package is installed. npm is the the package manager for Nodejs packages, such as bower and StatsD.'
+    name "npm"
+    supports platform: "unix"
+    supports platform: "windows"
+    desc "Use the npm InSpec audit resource to test if a global npm package is installed. npm is the the package manager for Nodejs packages, such as bower and StatsD."
     example <<~EXAMPLE
       describe npm('bower') do
         it { should be_installed }
@@ -30,19 +29,19 @@ module Inspec::Resources
       if @location
         npm = "cd #{Shellwords.escape @location} && npm"
       else
-        npm = 'npm -g'
+        npm = "npm -g"
       end
 
       cmd = inspec.command("#{npm} ls --json #{@package_name}")
       @info = {
         name: @package_name,
-        type: 'npm',
+        type: "npm",
         installed: cmd.exit_status == 0,
       }
       return @info unless @info[:installed]
 
       pkgs = JSON.parse(cmd.stdout)
-      @info[:version] = pkgs['dependencies'][@package_name]['version']
+      @info[:version] = pkgs["dependencies"][@package_name]["version"]
       @info
     end
 

data/lib/{resources → inspec/resources}/ntp_conf.rb

@@ -1,14 +1,13 @@
-# encoding: utf-8
 # copyright: 2015, Vulcano Security GmbH
 
-require 'utils/simpleconfig'
-require 'utils/file_reader'
+require "inspec/utils/simpleconfig"
+require "inspec/utils/file_reader"
 
 module Inspec::Resources
   class NtpConf < Inspec.resource(1)
-    name 'ntp_conf'
-    supports platform: 'unix'
-    desc 'Use the ntp_conf InSpec audit resource to test the synchronization settings defined in the ntp.conf file. This file is typically located at /etc/ntp.conf.'
+    name "ntp_conf"
+    supports platform: "unix"
+    desc "Use the ntp_conf InSpec audit resource to test the synchronization settings defined in the ntp.conf file. This file is typically located at /etc/ntp.conf."
     example <<~EXAMPLE
       describe ntp_conf do
         its('server') { should_not eq nil }
@@ -19,19 +18,19 @@ module Inspec::Resources
     include FileReader
 
     def initialize(path = nil)
-      @conf_path = path || '/etc/ntp.conf'
+      @conf_path = path || "/etc/ntp.conf"
       @content = read_file_content(@conf_path)
     end
 
     def method_missing(name)
       param = read_params[name.to_s]
       # extract first value if we have only one value in array
-      return param[0] if param.is_a?(Array) and param.length == 1
+      return param[0] if param.is_a?(Array) && (param.length == 1)
       param
     end
 
     def to_s
-      'ntp.conf'
+      "ntp.conf"
     end
 
     private
@@ -43,7 +42,7 @@ module Inspec::Resources
       conf = SimpleConfig.new(
         @content,
         assignment_regex: /^\s*(\S+)\s+(.*)\s*$/,
-        multiple_values: true,
+        multiple_values: true
       )
       @params = conf.params
     end

data/lib/{resources → inspec/resources}/oneget.rb

@@ -1,4 +1,4 @@
-# encoding: utf-8
+require "inspec/resources/command"
 
 # This resource talks with OneGet (https://github.com/OneGet/oneget)
 # Its part of Windows Management Framework 5.0 and part of Windows 10
@@ -9,9 +9,9 @@
 # end
 module Inspec::Resources
   class OneGetPackage < Inspec.resource(1)
-    name 'oneget'
-    supports platform: 'windows'
-    desc 'Use the oneget InSpec audit resource to test if the named package and/or package version is installed on the system. This resource uses OneGet, which is part of the Windows Management Framework 5.0 and Windows 10. This resource uses the Get-Package cmdlet to return all of the package names in the OneGet repository.'
+    name "oneget"
+    supports platform: "windows"
+    desc "Use the oneget InSpec audit resource to test if the named package and/or package version is installed on the system. This resource uses OneGet, which is part of the Windows Management Framework 5.0 and Windows 10. This resource uses the Get-Package cmdlet to return all of the package names in the OneGet repository."
     example <<~EXAMPLE
       describe oneget('zoomit') do
         it { should be_installed }
@@ -23,14 +23,14 @@ module Inspec::Resources
       @package_name = package_name
 
       # verify that this resource is only supported on Windows
-      return skip_resource 'The `oneget` resource is not supported on your OS.' if !inspec.os.windows?
+      return skip_resource "The `oneget` resource is not supported on your OS." if !inspec.os.windows?
     end
 
     def info
       return @info if defined?(@info)
 
       @info = {}
-      @info[:type] = 'oneget'
+      @info[:type] = "oneget"
       @info[:installed] = false
 
       cmd = inspec.command("Get-Package -Name '#{@package_name}' | ConvertTo-Json")
@@ -51,8 +51,8 @@ module Inspec::Resources
         return @info
       end
 
-      @info[:name] = pkgs['Name'] if pkgs.key?('Name')
-      @info[:version] = pkgs['Version'] if pkgs.key?('Version')
+      @info[:name] = pkgs["Name"] if pkgs.key?("Name")
+      @info[:version] = pkgs["Version"] if pkgs.key?("Version")
       @info
     end
 

data/lib/{resources → inspec/resources}/oracledb_session.rb

@@ -1,20 +1,19 @@
-# encoding: utf-8
-
-require 'hashie/mash'
-require 'utils/database_helpers'
-require 'htmlentities'
-require 'rexml/document'
-require 'csv'
+require "inspec/resources/command"
+require "hashie/mash"
+require "inspec/utils/database_helpers"
+require "htmlentities"
+require "rexml/document"
+require "csv"
 
 module Inspec::Resources
   # STABILITY: Experimental
   # This resource needs further testing and refinement
   #
   class OracledbSession < Inspec.resource(1)
-    name 'oracledb_session'
-    supports platform: 'unix'
-    supports platform: 'windows'
-    desc 'Use the oracledb_session InSpec resource to test commands against an Oracle database'
+    name "oracledb_session"
+    supports platform: "unix"
+    supports platform: "windows"
+    desc "Use the oracledb_session InSpec resource to test commands against an Oracle database"
     example <<~EXAMPLE
       sql = oracledb_session(user: 'my_user', pass: 'password')
       describe sql.query(\"SELECT UPPER(VALUE) AS VALUE FROM V$PARAMETER WHERE UPPER(NAME)='AUDIT_SYS_OPERATIONS'\").row(0).column('value') do
@@ -28,11 +27,11 @@ module Inspec::Resources
       @user = opts[:user]
       @password = opts[:password] || opts[:pass]
       if opts[:pass]
-        Inspec.deprecate(:oracledb_session_pass_option, 'The oracledb_session `pass` option is deprecated. Please use `password`.')
+        Inspec.deprecate(:oracledb_session_pass_option, "The oracledb_session `pass` option is deprecated. Please use `password`.")
       end
 
-      @host = opts[:host] || 'localhost'
-      @port = opts[:port] || '1521'
+      @host = opts[:host] || "localhost"
+      @port = opts[:port] || "1521"
       @service = opts[:service]
 
       # connection as sysdba stuff
@@ -41,21 +40,21 @@ module Inspec::Resources
       @db_role = opts[:as_db_role]
 
       # we prefer sqlci although it is way slower than sqlplus, but it understands csv properly
-      @sqlcl_bin = 'sql' unless opts.key?(:sqlplus_bin) # don't use it if user specified sqlplus_bin option
-      @sqlplus_bin = opts[:sqlplus_bin] || 'sqlplus'
+      @sqlcl_bin = "sql" unless opts.key?(:sqlplus_bin) # don't use it if user specified sqlplus_bin option
+      @sqlplus_bin = opts[:sqlplus_bin] || "sqlplus"
 
       return fail_resource "Can't run Oracle checks without authentication" if @su_user.nil? && (@user.nil? || @password.nil?)
-      return fail_resource 'You must provide a service name for the session' if @service.nil?
+      return fail_resource "You must provide a service name for the session" if @service.nil?
     end
 
     def query(q)
       escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"')
       # escape tables with $
-      escaped_query = escaped_query.gsub('$', '\\$')
+      escaped_query = escaped_query.gsub("$", '\\$')
 
       p = nil
       # use sqlplus if sqlcl is not available
-      if @sqlcl_bin and inspec.command(@sqlcl_bin).exist?
+      if @sqlcl_bin && inspec.command(@sqlcl_bin).exist?
         bin = @sqlcl_bin
         opts = "set sqlformat csv\nSET FEEDBACK OFF"
         p = :parse_csv_result
@@ -66,7 +65,7 @@ module Inspec::Resources
       end
 
       query = verify_query(escaped_query)
-      query += ';' unless query.end_with?(';')
+      query += ";" unless query.end_with?(";")
       if @db_role.nil?
         command = %{#{bin} "#{@user}"/"#{@password}"@#{@host}:#{@port}/#{@service} <<EOC\n#{opts}\n#{query}\nEXIT\nEOC}
       elsif @su_user.nil?
@@ -87,14 +86,14 @@ module Inspec::Resources
     end
 
     def to_s
-      'Oracle Session'
+      "Oracle Session"
     end
 
     private
 
     def verify_query(query)
       # ensure we have a ; at the end
-      query + ';' if !query.strip.end_with?(';')
+      query + ";" if !query.strip.end_with?(";")
       query
     end
 
@@ -105,44 +104,44 @@ module Inspec::Resources
       # convert to hash
       headers = table.headers
 
-      results = table.map { |row|
+      results = table.map do |row|
         res = {}
-        headers.each { |header|
+        headers.each do |header|
           res[header.downcase] = row[header]
-        }
+        end
         Hashie::Mash.new(res)
-      }
+      end
       results
     end
 
     def parse_html_result(stdout) # rubocop:disable Metrics/AbcSize
       result = stdout
       # make oracle html valid html by removing the p tag, it does not include a closing tag
-      result = result.gsub('<p>', '').gsub('</p>', '').gsub('<br>', '')
+      result = result.gsub("<p>", "").gsub("</p>", "").gsub("<br>", "")
       doc = REXML::Document.new result
-      table = doc.elements['table']
+      table = doc.elements["table"]
       hash = []
       if !table.nil?
         rows = table.elements.to_a
-        headers = rows[0].elements.to_a('th').map { |entry| entry.text.strip }
+        headers = rows[0].elements.to_a("th").map { |entry| entry.text.strip }
         rows.delete_at(0)
 
         # iterate over each row, first row is header
         hash = []
         if !rows.nil? && !rows.empty?
-          hash = rows.map { |row|
+          hash = rows.map do |row|
             res = {}
-            entries = row.elements.to_a('td')
+            entries = row.elements.to_a("td")
             # ignore if we have empty entries, oracle is adding th rows in between
             return nil if entries.empty?
-            headers.each_with_index { |header, index|
+            headers.each_with_index do |header, index|
               # we need htmlentities since we do not have nokogiri
               coder = HTMLEntities.new
               val = coder.decode(entries[index].text).strip
               res[header.downcase] = val
-            }
+            end
             Hashie::Mash.new(res)
-          }.compact
+          end.compact
         end
       end
       hash