inspec 4.3.2 → 4.6.3

data/lib/{resources → inspec/resources}/parse_config.rb

@@ -1,4 +1,3 @@
-# encoding: utf-8
 # copyright: 2015, Vulcano Security GmbH
 
 # Usage example:
@@ -10,14 +9,15 @@
 #  }
 #  describe parse_config(audit, options ) do
 
-require 'utils/file_reader'
+require "inspec/utils/file_reader"
+require "inspec/utils/simpleconfig"
 
 module Inspec::Resources
   class PConfig < Inspec.resource(1)
-    name 'parse_config'
-    supports platform: 'unix'
-    supports platform: 'windows'
-    desc 'Use the parse_config InSpec audit resource to test arbitrary configuration files.'
+    name "parse_config"
+    supports platform: "unix"
+    supports platform: "windows"
+    desc "Use the parse_config InSpec audit resource to test arbitrary configuration files."
     example <<~EXAMPLE
       output = command('some-command').stdout
       describe parse_config(output, { data_config_option: value } ) do
@@ -92,8 +92,8 @@ module Inspec::Resources
   end
 
   class PConfigFile < PConfig
-    name 'parse_config_file'
-    desc 'Use the parse_config_file InSpec resource to test arbitrary configuration files. It works identically to parse_config. Instead of using a command output, this resource works with files.'
+    name "parse_config_file"
+    desc "Use the parse_config_file InSpec resource to test arbitrary configuration files. It works identically to parse_config. Instead of using a command output, this resource works with files."
     example <<~EXAMPLE
       describe parse_config_file('/path/to/file') do
         its('setting') { should eq 1 }

data/lib/{resources → inspec/resources}/passwd.rb

@@ -1,4 +1,3 @@
-# encoding: utf-8
 # copyright: 2015, Vulcano Security GmbH
 
 # The file format consists of
@@ -10,15 +9,15 @@
 # - home directory
 # - command
 
-require 'utils/parser'
-require 'utils/filter'
-require 'utils/file_reader'
+require "inspec/utils/parser"
+require "inspec/utils/filter"
+require "inspec/utils/file_reader"
 
 module Inspec::Resources
   class Passwd < Inspec.resource(1)
-    name 'passwd'
-    supports platform: 'unix'
-    desc 'Use the passwd InSpec audit resource to test the contents of /etc/passwd, which contains the following information for users that may log into the system and/or as users that own running processes.'
+    name "passwd"
+    supports platform: "unix"
+    desc "Use the passwd InSpec audit resource to test the contents of /etc/passwd, which contains the following information for users that may log into the system and/or as users that own running processes."
     example <<~EXAMPLE
       describe passwd do
         its('users') { should_not include 'forbidden_user' }
@@ -43,32 +42,32 @@ module Inspec::Resources
 
     def initialize(path = nil, opts = nil)
       opts ||= {}
-      @path = path || '/etc/passwd'
+      @path = path || "/etc/passwd"
       @content = opts[:content] || read_file_content(@path, allow_empty: true)
       @lines = @content.to_s.split("\n")
       @params = parse_passwd(@content)
     end
 
     filter = FilterTable.create
-    filter.register_column(:users,     field: 'user')
-          .register_column(:passwords, field: 'password')
-          .register_column(:uids,      field: 'uid')
-          .register_column(:gids,      field: 'gid')
-          .register_column(:descs,     field: 'desc')
-          .register_column(:homes,     field: 'home')
-          .register_column(:shells,    field: 'shell')
+    filter.register_column(:users,     field: "user")
+          .register_column(:passwords, field: "password")
+          .register_column(:uids,      field: "uid")
+          .register_column(:gids,      field: "gid")
+          .register_column(:descs,     field: "desc")
+          .register_column(:homes,     field: "home")
+          .register_column(:shells,    field: "shell")
 
     # rebuild the passwd line from raw content
-    filter.register_custom_property(:content) { |t, _|
+    filter.register_custom_property(:content) do |t, _|
       t.entries.map do |e|
-        [e.user, e.password, e.uid, e.gid, e.desc, e.home, e.shell].join(':')
+        [e.user, e.password, e.uid, e.gid, e.desc, e.home, e.shell].join(":")
       end.join("\n")
-    }
+    end
 
     filter.install_filter_methods_on_resource(self, :params)
 
     def to_s
-      '/etc/passwd'
+      "/etc/passwd"
     end
   end
 end

data/lib/{resources → inspec/resources}/pip.rb

@@ -1,17 +1,17 @@
-# encoding: utf-8
+require "inspec/resources/command"
+require "inspec/utils/simpleconfig"
 
 # Usage:
 # describe pip('Jinja2') do
 #   it { should be_installed }
 # end
-#
 
 module Inspec::Resources
   class PipPackage < Inspec.resource(1)
-    name 'pip'
-    supports platform: 'unix'
-    supports platform: 'windows'
-    desc 'Use the pip InSpec audit resource to test packages that are installed using the pip installer.'
+    name "pip"
+    supports platform: "unix"
+    supports platform: "windows"
+    desc "Use the pip InSpec audit resource to test packages that are installed using the pip installer."
     example <<~EXAMPLE
       describe pip('Jinja2') do
         it { should be_installed }
@@ -27,23 +27,23 @@ module Inspec::Resources
       @package_name = package_name
       @pip_cmd = pip_path || default_pip_path
 
-      return skip_resource 'pip not found' if @pip_cmd.nil?
+      return skip_resource "pip not found" if @pip_cmd.nil?
     end
 
     def info
       return @info if defined?(@info)
 
       @info = {}
-      @info[:type] = 'pip'
+      @info[:type] = "pip"
       return @info unless cmd_successful?
 
       params = SimpleConfig.new(
         cmd.stdout,
         assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
-        multiple_values: false,
+        multiple_values: false
       ).params
-      @info[:name] = params['Name']
-      @info[:version] = params['Version']
+      @info[:name] = params["Name"]
+      @info[:version] = params["Version"]
       @info[:installed] = true
       @info
     end
@@ -92,7 +92,7 @@ module Inspec::Resources
         'New-Object -Type PSObject |
          Add-Member -MemberType NoteProperty -Name Pip -Value (Invoke-Command -ScriptBlock {where.exe pip}) -PassThru |
          Add-Member -MemberType NoteProperty -Name Python -Value (Invoke-Command -ScriptBlock {where.exe python}) -PassThru |
-         ConvertTo-Json',
+         ConvertTo-Json'
       )
 
       @__windows_paths = JSON.parse(cmd.stdout)
@@ -102,23 +102,23 @@ module Inspec::Resources
     #
     # @return [String] of python pip path
     def default_pip_path
-      return 'pip' unless inspec.os.windows?
+      return "pip" unless inspec.os.windows?
 
       # If python is not found, return with skip_resource
-      return skip_resource 'python not found' if windows_paths['Python'].nil?
+      return skip_resource "python not found" if windows_paths["Python"].nil?
 
       # Pip is not on the default path for Windows, therefore we do some logic
       # to find the binary on Windows
       begin
         # use pip if it on system path
-        pipcmd = windows_paths['Pip']
+        pipcmd = windows_paths["Pip"]
         # calculate path on windows
-        if defined?(windows_paths['Python']) && pipcmd.nil?
-          return nil if windows_paths['Pip'].nil?
-          pipdir = windows_paths['Python'].split('\\')
+        if defined?(windows_paths["Python"]) && pipcmd.nil?
+          return nil if windows_paths["Pip"].nil?
+          pipdir = windows_paths["Python"].split('\\')
           # remove python.exe
           pipdir.pop
-          pipcmd = pipdir.push('Scripts').push('pip.exe').join('/')
+          pipcmd = pipdir.push("Scripts").push("pip.exe").join("/")
         end
       rescue JSON::ParserError => _e
         return nil

data/lib/{resources → inspec/resources}/platform.rb

@@ -1,9 +1,7 @@
-# encoding: utf-8
-
 module Inspec::Resources
   class PlatformResource < Inspec.resource(1)
-    name 'platform'
-    desc 'Use the platform InSpec resource to test the platform on which the system is running.'
+    name "platform"
+    desc "Use the platform InSpec resource to test the platform on which the system is running."
     example <<~EXAMPLE
       describe platform do
         its('name') { should eq 'redhat' }
@@ -58,7 +56,7 @@ module Inspec::Resources
       }
 
       # Avoid adding Arch for APIs (not applicable)
-      unless in_family?('api')
+      unless in_family?("api")
         h[:arch] = arch
       end
 
@@ -71,11 +69,11 @@ module Inspec::Resources
       status = true
       supports.each do |s|
         s.each do |k, v|
-          if %i(os_family os-family platform_family platform-family).include?(k)
+          if %i{os_family os-family platform_family platform-family}.include?(k)
             status = in_family?(v)
-          elsif %i(os platform).include?(k)
+          elsif %i{os platform}.include?(k)
             status = platform?(v)
-          elsif %i(os_name os-name platform_name platform-name).include?(k)
+          elsif %i{os_name os-name platform_name platform-name}.include?(k)
             status = name == v
           elsif k == :release
             status = check_release(v)
@@ -91,15 +89,15 @@ module Inspec::Resources
     end
 
     def to_s
-      'Platform Detection'
+      "Platform Detection"
     end
 
     private
 
     def check_release(value)
       # allow wild card matching
-      if value.include?('*')
-        cleaned = Regexp.escape(value).gsub('\*', '.*?')
+      if value.include?("*")
+        cleaned = Regexp.escape(value).gsub('\*', ".*?")
         !(release =~ /#{cleaned}/).nil?
       else
         release == value

data/lib/{resources → inspec/resources}/port.rb

@@ -1,16 +1,14 @@
-# encoding: utf-8
-
-require 'utils/parser'
-require 'utils/filter'
-require 'ipaddr'
+require "inspec/utils/parser"
+require "inspec/utils/filter"
+require "ipaddr"
 
 # TODO: currently we return local ip only
 # TODO: improve handling of same port on multiple interfaces
 module Inspec::Resources
   class Port < Inspec.resource(1)
-    name 'port'
-    supports platform: 'unix'
-    supports platform: 'windows'
+    name "port"
+    supports platform: "unix"
+    supports platform: "windows"
     desc "Use the port InSpec audit resource to test basic port properties, such as port, process, if it's listening."
     example <<~EXAMPLE
       describe port(80) do
@@ -35,15 +33,15 @@ module Inspec::Resources
 
       @cache = nil
       @port_manager = port_manager_for_os
-      return skip_resource 'The `port` resource is not supported on your OS yet.' if @port_manager.nil?
+      return skip_resource "The `port` resource is not supported on your OS yet." if @port_manager.nil?
     end
 
     filter = FilterTable.create
-    filter.register_column(:ports,     field: 'port', style: :simple)
-          .register_column(:addresses, field: 'address', style: :simple)
-          .register_column(:protocols, field: 'protocol', style: :simple)
-          .register_column(:processes, field: 'process', style: :simple)
-          .register_column(:pids,      field: 'pid', style: :simple)
+    filter.register_column(:ports,     field: "port", style: :simple)
+          .register_column(:addresses, field: "address", style: :simple)
+          .register_column(:protocols, field: "protocol", style: :simple)
+          .register_column(:processes, field: "process", style: :simple)
+          .register_column(:pids,      field: "pid", style: :simple)
           .register_custom_matcher(:listening?) { |x| !x.entries.empty? }
     filter.install_filter_methods_on_resource(self, :info)
 
@@ -83,8 +81,8 @@ module Inspec::Resources
       return @cache = [] if @port_manager.nil?
       # query ports
       cache = @port_manager.info || []
-      cache.select! { |x| x['port'] == @port } unless @port.nil?
-      cache.select! { |x| x['address'] == @ip } unless @ip.nil?
+      cache.select! { |x| x["port"] == @port } unless @port.nil?
+      cache.select! { |x| x["address"] == @ip } unless @ip.nil?
       @cache = cache
     end
   end
@@ -121,21 +119,21 @@ module Inspec::Resources
     private
 
     def powershell_info
-      cmd = inspec.command('Get-NetTCPConnection -state Listen | Select-Object -Property State, Caption, Description, LocalAddress, LocalPort, RemoteAddress, RemotePort, DisplayName, Status | ConvertTo-Json')
+      cmd = inspec.command("Get-NetTCPConnection -state Listen | Select-Object -Property State, Caption, Description, LocalAddress, LocalPort, RemoteAddress, RemotePort, DisplayName, Status | ConvertTo-Json")
       return nil if cmd.exit_status != 0
 
       entries = JSON.parse(cmd.stdout)
       return nil if entries.nil?
 
-      entries.map { |x|
+      entries.map do |x|
         {
-          'port'     => x['LocalPort'],
-          'address'  => x['LocalAddress'],
-          'protocol' => 'tcp',
+          "port" => x["LocalPort"],
+          "address" => x["LocalAddress"],
+          "protocol" => "tcp",
         }
-      }
+      end
     rescue JSON::ParserError => _e
-      return nil
+      nil
     end
 
     def netstat_info
@@ -146,14 +144,14 @@ module Inspec::Resources
       lines = cmd.stdout.scan(/^>\s*(tcp\S*|udp\S*)\s+(\S+):(\d+)\s+(\S+)\s+(\S*)\s+(\d+)\s+(.+)/i)
       lines.map do |line|
         pid = line[5].to_i
-        process = line[6].delete('[').delete(']').strip
-        process = 'System' if process == 'Can not obtain ownership information' && pid == 4
+        process = line[6].delete("[").delete("]").strip
+        process = "System" if process == "Can not obtain ownership information" && pid == 4
         {
-          'port'     => line[2].to_i,
-          'address'  => line[1].delete('[').delete(']'),
-          'protocol' => line[0].downcase,
-          'pid'      => pid,
-          'process'  => process,
+          "port" => line[2].to_i,
+          "address" => line[1].delete("[").delete("]"),
+          "protocol" => line[0].downcase,
+          "pid" => pid,
+          "process" => process,
         }
       end
     end
@@ -164,7 +162,7 @@ module Inspec::Resources
     attr_reader :lsof
 
     def initialize(inspec, lsofpath = nil)
-      @lsof = lsofpath || 'lsof'
+      @lsof = lsofpath || "lsof"
       super(inspec)
     end
 
@@ -172,7 +170,7 @@ module Inspec::Resources
       ports = []
 
       # check that lsof is available, otherwise fail
-      raise 'Please ensure `lsof` is available on the machine.' if !inspec.command(@lsof.to_s).exist?
+      raise "Please ensure `lsof` is available on the machine." if !inspec.command(@lsof.to_s).exist?
 
       # -F p=pid, c=command, P=protocol name, t=type, n=internet addresses
       # see 'OUTPUT FOR OTHER PROGRAMS' in LSOF(8)
@@ -181,15 +179,15 @@ module Inspec::Resources
 
       # map to desired return struct
       lsof_parser(lsof_cmd).each do |process, port_ids|
-        pid, cmd = process.split(':')
+        pid, cmd = process.split(":")
         port_ids.each do |port_str|
           # should not break on ipv6 addresses
-          ipv, proto, port, host = port_str.split(':', 4)
-          ports.push({ 'port'     => port.to_i,
-                       'address'  => host,
-                       'protocol' => ipv == 'ipv6' ? proto + '6' : proto,
-                       'process'  => cmd,
-                       'pid'      => pid.to_i })
+          ipv, proto, port, host = port_str.split(":", 4)
+          ports.push({ "port" => port.to_i,
+                       "address" => host,
+                       "protocol" => ipv == "ipv6" ? proto + "6" : proto,
+                       "process" => cmd,
+                       "pid" => pid.to_i })
         end
       end
 
@@ -218,17 +216,17 @@ module Inspec::Resources
         line.chomp!
         key = line.slice!(0)
         case key
-        when 'p'
+        when "p"
           proc_id = line
           port_id = nil
-        when 'c'
-          proc_id += ':' + line
-        when 't'
+        when "c"
+          proc_id += ":" + line
+        when "t"
           port_id = line.downcase
-        when 'P'
-          port_id += ':' + line.downcase
-        when 'n'
-          src, dst = line.split('->')
+        when "P"
+          port_id += ":" + line.downcase
+        when "n"
+          src, dst = line.split("->")
 
           # skip active comm streams
           next if dst
@@ -236,13 +234,13 @@ module Inspec::Resources
           host, port = /^(\S+):(\d+|\*)$/.match(src)[1, 2]
 
           # skip channels from port 0 - what does this mean?
-          next if port == '*'
+          next if port == "*"
 
           # create new array stub if !exist?
           procs[proc_id] = [] unless procs.key?(proc_id)
 
           # change address '*' to zero
-          host = port_id =~ /^ipv6:/ ? '[::]' : '0.0.0.0' if host == '*'
+          host = port_id =~ /^ipv6:/ ? "[::]" : "0.0.0.0" if host == "*"
           # entrust URI to scrub the host and port
           begin
             uri = URI("addr://#{host}:#{port}")
@@ -254,7 +252,7 @@ module Inspec::Resources
 
           # e.g. 'ipv4:tcp:22:127.0.0.1'
           #                             strip ipv6 squares for inspec
-          port_id += ':' + port + ':' + host.gsub(/^\[|\]$/, '')
+          port_id += ":" + port + ":" + host.gsub(/^\[|\]$/, "")
 
           # lsof will give us another port unless it's done
           procs[proc_id] << port_id
@@ -271,15 +269,15 @@ module Inspec::Resources
     end
 
     def ports_via_lsof
-      return nil unless inspec.command('lsof').exist?
+      return nil unless inspec.command("lsof").exist?
       LsofPorts.new(inspec).info
     end
 
     def ports_via_netstat
-      return nil unless inspec.command('netstat').exist?
+      return nil unless inspec.command("netstat").exist?
 
-      cmd = inspec.command('netstat -Aan | grep LISTEN')
-      return nil unless cmd.exit_status.to_i.zero?
+      cmd = inspec.command("netstat -Aan | grep LISTEN")
+      return nil unless cmd.exit_status.to_i == 0
 
       ports = []
       # parse all lines
@@ -287,7 +285,7 @@ module Inspec::Resources
         port_info = parse_netstat_line(line)
 
         # only push protocols we are interested in
-        next unless %w{tcp tcp6 udp udp6}.include?(port_info['protocol'])
+        next unless %w{tcp tcp6 udp udp6}.include?(port_info["protocol"])
         ports.push(port_info)
       end
 
@@ -304,7 +302,7 @@ module Inspec::Resources
       protocol = parsed[2].downcase
 
       # detect protocol if not provided
-      protocol += '6' if parsed[5].count(':') > 1 && %w{tcp udp}.include?(protocol)
+      protocol += "6" if parsed[5].count(":") > 1 && %w{tcp udp}.include?(protocol)
       protocol.chop! if %w{tcp4 upd4}.include?(protocol)
 
       # extract host and port information
@@ -320,29 +318,29 @@ module Inspec::Resources
       pid = pid.to_i if pid =~ /^\d+$/
 
       {
-        'port'     => port,
-        'address'  => host,
-        'protocol' => protocol,
-        'process'  => process,
-        'pid'      => pid,
+        "port" => port,
+        "address" => host,
+        "protocol" => protocol,
+        "process" => process,
+        "pid" => pid,
       }
     end
 
     def parse_net_address(net_addr, protocol)
       # local/foreign addresses on AIX use a '.' to separate the addresss
       # from the port
-      address, _sep, port = net_addr.rpartition('.')
-      if protocol.eql?('tcp6') || protocol.eql?('udp6')
+      address, _sep, port = net_addr.rpartition(".")
+      if protocol.eql?("tcp6") || protocol.eql?("udp6")
         ip6addr = address
         # AIX uses the wildcard character for ipv6 addresses listening on
         # all interfaces.
-        ip6addr = '::' if ip6addr =~ /^\*$/
+        ip6addr = "::" if ip6addr =~ /^\*$/
 
         # v6 addresses need to end in a double-colon when using
         # shorthand notation. netstat ends with a single colon.
         # IPAddr will fail to properly parse an address unless it
         # uses a double-colon for short-hand notation.
-        ip6addr += ':' if ip6addr =~ /\w:$/
+        ip6addr += ":" if ip6addr =~ /\w:$/
 
         begin
           ip_parser = IPAddr.new(ip6addr)
@@ -366,12 +364,12 @@ module Inspec::Resources
           host = ip_addr.host
         else
           ip_addr = URI("addr://[#{ip6addr}]:#{port}")
-          host = ip_addr.host[1..ip_addr.host.size-2]
+          host = ip_addr.host[1..ip_addr.host.size - 2]
         end
       else
         ip4addr = address
         # In AIX the wildcard character is used to match all interfaces
-        ip4addr = '0.0.0.0' if ip4addr =~ /^\*$/
+        ip4addr = "0.0.0.0" if ip4addr =~ /^\*$/
         ip_addr = URI("addr://#{ip4addr}:#{port}")
         host = ip_addr.host
       end
@@ -389,10 +387,10 @@ module Inspec::Resources
     end
 
     def ports_via_ss
-      return nil unless inspec.command('ss').exist?
+      return nil unless inspec.command("ss").exist?
 
-      cmd = inspec.command('ss -tulpen')
-      return nil unless cmd.exit_status.to_i.zero?
+      cmd = inspec.command("ss -tulpen")
+      return nil unless cmd.exit_status.to_i == 0
 
       ports = []
 
@@ -405,10 +403,10 @@ module Inspec::Resources
     end
 
     def ports_via_netstat
-      return nil unless inspec.command('netstat').exist?
+      return nil unless inspec.command("netstat").exist?
 
-      cmd = inspec.command('netstat -tulpen')
-      return nil unless cmd.exit_status.to_i.zero?
+      cmd = inspec.command("netstat -tulpen")
+      return nil unless cmd.exit_status.to_i == 0
 
       ports = []
       # parse all lines
@@ -416,24 +414,24 @@ module Inspec::Resources
         port_info = parse_netstat_line(line)
 
         # only push protocols we are interested in
-        next unless %w{tcp tcp6 udp udp6}.include?(port_info['protocol'])
+        next unless %w{tcp tcp6 udp udp6}.include?(port_info["protocol"])
         ports.push(port_info)
       end
       ports
     end
 
     def parse_net_address(net_addr, protocol)
-      if protocol.eql?('tcp6') || protocol.eql?('udp6')
+      if protocol.eql?("tcp6") || protocol.eql?("udp6")
         # prep for URI parsing, parse ip6 port
         ip6 = /^(\S+):(\d+)$/.match(net_addr)
         ip6addr = ip6[1]
-        ip6addr = '::' if ip6addr =~ /^:::$/
+        ip6addr = "::" if ip6addr =~ /^:::$/
 
         # v6 addresses need to end in a double-colon when using
         # shorthand notation. netstat ends with a single colon.
         # IPAddr will fail to properly parse an address unless it
         # uses a double-colon for short-hand notation.
-        ip6addr += ':' if ip6addr =~ /\w:$/
+        ip6addr += ":" if ip6addr =~ /\w:$/
 
         begin
           ip_parser = IPAddr.new(ip6addr)
@@ -458,10 +456,10 @@ module Inspec::Resources
         else
           ip_addr = URI("addr://[#{ip6addr}]:#{ip6[2]}")
           # strip []
-          host = ip_addr.host[1..ip_addr.host.size-2]
+          host = ip_addr.host[1..ip_addr.host.size - 2]
         end
       else
-        ip_addr = URI('addr://'+net_addr)
+        ip_addr = URI("addr://" + net_addr)
         host = ip_addr.host
       end
 
@@ -487,24 +485,24 @@ module Inspec::Resources
       protocol = parsed[:proto].downcase
 
       # detect protocol if not provided
-      protocol += '6' if parsed[:local_addr].count(':') > 1 && %w{tcp udp}.include?(protocol)
+      protocol += "6" if parsed[:local_addr].count(":") > 1 && %w{tcp udp}.include?(protocol)
 
       # extract host and port information
       host, port = parse_net_address(parsed[:local_addr], protocol)
       return {} if host.nil?
 
       # extract PID
-      process = parsed[:pid_prog].split('/')
+      process = parsed[:pid_prog].split("/")
       pid = process[0]
       pid = pid.to_i if pid =~ /^\d+$/
       process = process[1]
 
       {
-        'port'     => port,
-        'address'  => host,
-        'protocol' => protocol,
-        'process'  => process,
-        'pid'      => pid,
+        "port" => port,
+        "address" => host,
+        "protocol" => protocol,
+        "process" => process,
+        "pid" => pid,
       }
     end
 
@@ -544,7 +542,7 @@ module Inspec::Resources
       # entry.
       process_info = parsed[:process_info]
       protocol = parsed[:netid]
-      protocol += '6' if process_info.include?('v6only:1')
+      protocol += "6" if process_info.include?("v6only:1")
       return nil unless ALLOWED_PROTOCOLS.include?(protocol)
 
       # parse the Local Address:Port
@@ -567,20 +565,20 @@ module Inspec::Resources
       # for those "v4-but-listed-in-v6" entries, strip off the
       # leading IPv6 value at the beginning
       # example: ::ffff:10.0.2.15:9200
-      host.delete!('::ffff:') if host.start_with?('::ffff:')
+      host.delete!("::ffff:") if host.start_with?("::ffff:")
 
       # To remove brackets that might surround the IPv6 address
       # example: [::] and [fe80::dc11:b9b6:514b:134]%eth0:123
-      host = host.tr('[]', '')
+      host = host.tr("[]", "")
 
       # if there's an interface name in the local address, which is common for
       # IPv6 listeners, strip that out too.
       # example: fe80::a00:27ff:fe32:ed09%enp0s3
-      host = host.split('%').first
+      host = host.split("%").first
 
       # if host is "*", replace with "0.0.0.0" to maintain backward compatibility with
       # the netstat-provided data
-      host = '0.0.0.0' if host == '*'
+      host = "0.0.0.0" if host == "*"
 
       # in case process list parsing is not successfull
       process = nil
@@ -596,7 +594,7 @@ module Inspec::Resources
         # list entires are seperated by "," the braces can also be removed
         # input: \"nginx\",pid=583,fd=8),(\"nginx\",pid=582,fd=8),(\"nginx\",pid=580,fd=8),(\"nginx\",pid=579,fd=8
         # res: ["\"nginx\",pid=583,fd=8", "\"nginx\",pid=582,fd=8", "\"nginx\",pid=580,fd=8", "\"nginx\",pid=579,fd=8"]
-        process_list = process_list_match[1].split('),(')
+        process_list = process_list_match[1].split("),(")
         # To stay backwards compatible with netstat we need to select
         # the last element in the resulting array.
         # res: "\"nginx\",pid=579,fd=8"
@@ -611,11 +609,11 @@ module Inspec::Resources
       end
 
       {
-        'port'     => port,
-        'address'  => host,
-        'protocol' => protocol,
-        'process'  => process,
-        'pid'      => pid,
+        "port" => port,
+        "address" => host,
+        "protocol" => protocol,
+        "process" => process,
+        "pid" => pid,
       }
     end
   end
@@ -623,7 +621,7 @@ module Inspec::Resources
   # extracts information from sockstat
   class FreeBsdPorts < PortsInfo
     def info
-      cmd = inspec.command('sockstat -46l')
+      cmd = inspec.command("sockstat -46l")
       return nil if cmd.exit_status.to_i != 0
 
       ports = []
@@ -632,7 +630,7 @@ module Inspec::Resources
         port_info = parse_sockstat_line(line)
 
         # push data, if not headerfile
-        next unless %w{tcp tcp6 udp udp6}.include?(port_info['protocol'])
+        next unless %w{tcp tcp6 udp udp6}.include?(port_info["protocol"])
         ports.push(port_info)
       end
       ports
@@ -640,22 +638,22 @@ module Inspec::Resources
 
     def parse_net_address(net_addr, protocol)
       case protocol
-      when 'tcp4', 'udp4', 'tcp', 'udp'
+      when "tcp4", "udp4", "tcp", "udp"
         # replace * with 0.0.0.0
-        net_addr = net_addr.gsub(/^\*:/, '0.0.0.0:') if net_addr =~ /^*:(\d+)$/
-        ip_addr = URI('addr://'+net_addr)
+        net_addr = net_addr.gsub(/^\*:/, "0.0.0.0:") if net_addr =~ /^*:(\d+)$/
+        ip_addr = URI("addr://" + net_addr)
         host = ip_addr.host
         port = ip_addr.port
-      when 'tcp6', 'udp6'
-        return [] if net_addr == '*:*' # abort for now
+      when "tcp6", "udp6"
+        return [] if net_addr == "*:*" # abort for now
         # replace * with 0:0:0:0:0:0:0:0
-        net_addr = net_addr.gsub(/^\*:/, '0:0:0:0:0:0:0:0:') if net_addr =~ /^*:(\d+)$/
+        net_addr = net_addr.gsub(/^\*:/, "0:0:0:0:0:0:0:0:") if net_addr =~ /^*:(\d+)$/
         # extract port
         ip6 = /^(\S+):(\d+)$/.match(net_addr)
         ip6addr = ip6[1]
         ip_addr = URI("addr://[#{ip6addr}]:#{ip6[2]}")
         # replace []
-        host = ip_addr.host[1..ip_addr.host.size-2]
+        host = ip_addr.host[1..ip_addr.host.size - 2]
         port = ip_addr.port
       end
       [host, port]
@@ -672,7 +670,7 @@ module Inspec::Resources
       # extract ip information
       protocol = parsed[5].downcase
       host, port = parse_net_address(parsed[6], protocol)
-      return {} if host.nil? or port.nil?
+      return {} if host.nil? || port.nil?
 
       # extract process
       process = parsed[2]
@@ -682,15 +680,15 @@ module Inspec::Resources
       pid = pid.to_i if pid =~ /^\d+$/
 
       # map tcp4 and udp4
-      protocol = 'tcp' if protocol.eql?('tcp4')
-      protocol = 'udp' if protocol.eql?('udp4')
+      protocol = "tcp" if protocol.eql?("tcp4")
+      protocol = "udp" if protocol.eql?("udp4")
 
       {
-        'port'     => port,
-        'address'  => host,
-        'protocol' => protocol,
-        'process'  => process,
-        'pid'      => pid,
+        "port" => port,
+        "address" => host,
+        "protocol" => protocol,
+        "process" => process,
+        "pid" => pid,
       }
     end
   end
@@ -700,36 +698,36 @@ module Inspec::Resources
 
     def info
       # extract all port info
-      cmd = inspec.command('netstat -an -f inet -f inet6')
+      cmd = inspec.command("netstat -an -f inet -f inet6")
       return nil if cmd.exit_status.to_i != 0
 
       # parse the content
       netstat_ports = parse_netstat(cmd.stdout)
 
       # filter all ports, where we `listen`
-      listen = netstat_ports.select { |val|
-        !val['state'].nil? && 'listen'.casecmp(val['state']) == 0
-      }
+      listen = netstat_ports.select do |val|
+        !val["state"].nil? && "listen".casecmp(val["state"]) == 0
+      end
 
       # map the data
-      ports = listen.map { |val|
-        protocol = val['protocol']
-        local_addr = val['local-address']
+      ports = listen.map do |val|
+        protocol = val["protocol"]
+        local_addr = val["local-address"]
 
         # solaris uses 127.0.0.1.57455 instead 127.0.0.1:57455, lets convert the
         # the last . to :
-        local_addr[local_addr.rindex('.')] = ':'
+        local_addr[local_addr.rindex(".")] = ":"
         host, port = parse_net_address(local_addr, protocol)
         if host.nil?
           nil
         else
           {
-            'port'     => port,
-            'address'  => host,
-            'protocol' => protocol,
+            "port" => port,
+            "address" => host,
+            "protocol" => protocol,
           }
         end
-      }
+      end
       ports.compact
     end
   end
@@ -738,20 +736,20 @@ module Inspec::Resources
   class HpuxPorts < FreeBsdPorts
     def info
       ## Can't use 'netstat -an -f inet -f inet6' as the latter -f option overrides the former one and return only inet ports
-      cmd1 = inspec.command('netstat -an -f inet')
+      cmd1 = inspec.command("netstat -an -f inet")
       return nil if cmd1.exit_status.to_i != 0
-      cmd2 = inspec.command('netstat -an -f inet6')
+      cmd2 = inspec.command("netstat -an -f inet6")
       return nil if cmd2.exit_status.to_i != 0
       cmd = cmd1.stdout + cmd2.stdout
       ports = []
       # parse all lines
       cmd.each_line do |line|
         port_info = parse_netstat_line(line)
-        next unless %w{tcp tcp6 udp udp6}.include?(port_info['protocol'])
+        next unless %w{tcp tcp6 udp udp6}.include?(port_info["protocol"])
         ports.push(port_info)
       end
       # select all ports, where we `listen`
-      ports.select { |val| val if 'listen'.casecmp(val['state']) == 0 }
+      ports.select { |val| val if "listen".casecmp(val["state"]) == 0 }
     end
 
     def parse_netstat_line(line)
@@ -761,18 +759,18 @@ module Inspec::Resources
 
       return {} if parsed.nil? || line.match(/^proto/i) || line.match(/^active/i)
       protocol = parsed[1].downcase
-      state = parsed[6].nil?? ' ' : parsed[6].downcase
+      state = parsed[6].nil? ? " " : parsed[6].downcase
       local_addr = parsed[4]
-      local_addr[local_addr.rindex('.')] = ':'
+      local_addr[local_addr.rindex(".")] = ":"
       # extract host and port information
       host, port = parse_net_address(local_addr, protocol)
       return {} if host.nil?
       # map data
       {
-        'port'     => port,
-        'address'  => host,
-        'protocol' => protocol,
-        'state'    => state,
+        "port" => port,
+        "address" => host,
+        "protocol" => protocol,
+        "state" => state,
       }
     end
   end