inspec 4.3.2 → 4.6.3

data/lib/{resources → inspec/resources}/postgres.rb

@@ -1,11 +1,10 @@
-# encoding: utf-8
 # copyright: 2015, Vulcano Security GmbH
 
 module Inspec::Resources
   class Postgres < Inspec.resource(1)
-    name 'postgres'
-    supports platform: 'unix'
-    desc 'The \'postgres\' resource is a helper for the \'postgres_conf\', \'postgres_hba_conf\', \'postgres_ident_conf\' & \'postgres_session\' resources.  Please use those instead.'
+    name "postgres"
+    supports platform: "unix"
+    desc "The 'postgres' resource is a helper for the 'postgres_conf', 'postgres_hba_conf', 'postgres_ident_conf' & 'postgres_session' resources.  Please use those instead."
 
     attr_reader :service, :data_dir, :conf_dir, :conf_path, :version, :cluster
     def initialize
@@ -16,16 +15,16 @@ module Inspec::Resources
       # print warnings if the dirs do not exist
       verify_dirs
 
-      if !@version.nil? && !@conf_dir.empty?
-        @conf_path = File.join @conf_dir, 'postgresql.conf'
+      if !@version.to_s.empty? && !@conf_dir.to_s.empty?
+        @conf_path = File.join @conf_dir, "postgresql.conf"
       else
         @conf_path = nil
-        return skip_resource 'Seems like PostgreSQL is not installed on your system'
+        return skip_resource "Seems like PostgreSQL is not installed on your system"
       end
     end
 
     def to_s
-      'PostgreSQL'
+      "PostgreSQL"
     end
 
     private
@@ -38,19 +37,20 @@ module Inspec::Resources
         # Debian allows multiple versions of postgresql to be
         # installed as well as multiple "clusters" to be configured.
         #
-        @version = version_from_psql || version_from_dir('/etc/postgresql')
-        @cluster = cluster_from_dir("/etc/postgresql/#{@version}")
-        @conf_dir = "/etc/postgresql/#{@version}/#{@cluster}"
-        @data_dir = "/var/lib/postgresql/#{@version}/#{@cluster}"
+        @version = version_from_psql || version_from_dir("/etc/postgresql")
+        if !@version.to_s.empty?
+          @cluster = cluster_from_dir("/etc/postgresql/#{@version}")
+          @conf_dir = "/etc/postgresql/#{@version}/#{@cluster}"
+          @data_dir = "/var/lib/postgresql/#{@version}/#{@cluster}"
+        end
       else
         @version = version_from_psql
-        if @version.nil?
-          if inspec.directory('/var/lib/pgsql/data').exist?
-            warn 'Unable to determine PostgreSQL version: psql did not return
-             a version number and unversioned data directories were found.'
-            nil
+        if @version.to_s.empty?
+          if inspec.directory("/var/lib/pgsql/data").exist?
+            warn "Unable to determine PostgreSQL version: psql did not return" \
+                 "a version number and unversioned data directories were found."
           else
-            @version = version_from_dir('/var/lib/pgsql')
+            @version = version_from_dir("/var/lib/pgsql")
           end
         end
         @data_dir = locate_data_dir_location_by_version(@version)
@@ -59,7 +59,7 @@ module Inspec::Resources
     end
 
     def determine_service
-      @service = 'postgresql'
+      @service = "postgresql"
       if @version.to_i >= 10
         @service += "-#{@version.to_i}"
       elsif @version.to_f >= 9.4
@@ -68,17 +68,21 @@ module Inspec::Resources
     end
 
     def verify_dirs
-      warn "Default postgresql configuration directory: #{@conf_dir} does not exist. " \
-        "Postgresql may not be installed or we've misidentified the configuration " \
-        'directory.' unless inspec.directory(@conf_dir).exist?
+      unless inspec.directory(@conf_dir).exist?
+        warn "Default postgresql configuration directory: #{@conf_dir} does not exist. " \
+          "Postgresql may not be installed or we've misidentified the configuration " \
+          "directory."
+      end
 
-      warn "Default postgresql data directory: #{@data_dir} does not exist. " \
-        "Postgresql may not be installed or we've misidentified the data " \
-        'directory.' unless inspec.directory(@data_dir).exist?
+      unless inspec.directory(@data_dir).exist?
+        warn "Default postgresql data directory: #{@data_dir} does not exist. " \
+          "Postgresql may not be installed or we've misidentified the data " \
+          "directory."
+      end
     end
 
     def version_from_psql
-      return unless inspec.command('psql').exist?
+      return unless inspec.command("psql").exist?
       inspec.command("psql --version | awk '{ print $NF }' | awk -F. '{ print $1\".\"$2 }'").stdout.strip
     end
 
@@ -87,9 +91,9 @@ module Inspec::Resources
         "/var/lib/pgsql/#{ver}/data",
         # for 10, the versions are just stored in `10` although their version `10.7`
         "/var/lib/pgsql/#{ver.to_i}/data",
-        '/var/lib/pgsql/data',
-        '/var/lib/postgres/data',
-        '/var/lib/postgresql/data',
+        "/var/lib/pgsql/data",
+        "/var/lib/postgres/data",
+        "/var/lib/postgresql/data",
       ]
 
       data_dir_loc = dir_list.detect { |i| inspec.directory(i).exist? }
@@ -121,17 +125,21 @@ module Inspec::Resources
     end
 
     def dir_to_version(dir)
-      dir.chomp.split('/').last
+      dir.chomp.split("/").last
     end
 
     def cluster_from_dir(dir)
       # Main is the default cluster name on debian use it if it
       # exists.
       if inspec.directory("#{dir}/main").exist?
-        'main'
+        "main"
       else
         dirs = inspec.command("ls -d #{dir}/*/").stdout.lines
-        first = dirs.first.chomp.split('/').last
+        if dirs.empty?
+          warn "No postgresql clusters configured or incorrect base dir #{dir}"
+          return nil
+        end
+        first = dirs.first.chomp.split("/").last
         if dirs.count > 1
           warn "Multiple postgresql clusters configured or incorrect base dir #{dir}"
           warn "Using the first directory found: #{first}"

data/lib/{resources → inspec/resources}/postgres_conf.rb

@@ -1,17 +1,17 @@
-# encoding: utf-8
 # copyright: 2015, Vulcano Security GmbH
 
-require 'utils/simpleconfig'
-require 'utils/find_files'
-require 'utils/file_reader'
-require 'resources/postgres'
+require "inspec/utils/object_traversal"
+require "inspec/utils/simpleconfig"
+require "inspec/utils/find_files"
+require "inspec/utils/file_reader"
+require "inspec/resources/postgres"
 
 module Inspec::Resources
   class PostgresConf < Inspec.resource(1)
-    name 'postgres_conf'
-    supports platform: 'unix'
-    supports platform: 'windows'
-    desc 'Use the postgres_conf InSpec audit resource to test the contents of the configuration file for PostgreSQL, typically located at /etc/postgresql/<version>/main/postgresql.conf or /var/lib/postgres/data/postgresql.conf, depending on the platform.'
+    name "postgres_conf"
+    supports platform: "unix"
+    supports platform: "windows"
+    desc "Use the postgres_conf InSpec audit resource to test the contents of the configuration file for PostgreSQL, typically located at /etc/postgresql/<version>/main/postgresql.conf or /var/lib/postgres/data/postgresql.conf, depending on the platform."
     example <<~EXAMPLE
       describe postgres_conf do
         its('max_connections') { should eq '5' }
@@ -25,7 +25,7 @@ module Inspec::Resources
     def initialize(conf_path = nil)
       @conf_path = conf_path || inspec.postgres.conf_path
       if @conf_path.nil?
-        return skip_resource 'PostgreSQL conf path is not set'
+        return skip_resource "PostgreSQL conf path is not set"
       end
       @conf_dir = File.expand_path(File.dirname(@conf_path))
       @files_contents = {}
@@ -61,13 +61,13 @@ module Inspec::Resources
     end
 
     def to_s
-      'PostgreSQL Configuration'
+      "PostgreSQL Configuration"
     end
 
     private
 
     def read_content
-      @content = ''
+      @content = ""
       @params = {}
 
       to_read = [@conf_path]
@@ -93,16 +93,16 @@ module Inspec::Resources
     end
 
     def include_files(params, base_dir)
-      include_files = Array(params['include']) || []
-      include_files += Array(params['include_if_exists']) || []
+      include_files = Array(params["include"]) || []
+      include_files += Array(params["include_if_exists"]) || []
       include_files.map! do |f|
         Pathname.new(f).absolute? ? f : File.join(base_dir, f)
       end
 
-      dirs = Array(params['include_dir']) || []
+      dirs = Array(params["include_dir"]) || []
       dirs.each do |dir|
-        dir = File.join(base_dir, dir) if dir[0] != '/'
-        include_files += find_files(dir, depth: 1, type: 'file')
+        dir = File.join(base_dir, dir) if dir[0] != "/"
+        include_files += find_files(dir, depth: 1, type: "file")
       end
       include_files
     end

data/lib/{resources → inspec/resources}/postgres_hba_conf.rb

@@ -1,12 +1,10 @@
-# encoding: utf-8
-
-require 'resources/postgres'
-require 'utils/file_reader'
+require "inspec/resources/postgres"
+require "inspec/utils/file_reader"
 
 module Inspec::Resources
   class PostgresHbaConf < Inspec.resource(1)
-    name 'postgres_hba_conf'
-    supports platform: 'unix'
+    name "postgres_hba_conf"
+    supports platform: "unix"
     desc 'Use the `postgres_hba_conf` InSpec audit resource to test the client
           authentication data defined in the pg_hba.conf file.'
     example <<~EXAMPLE
@@ -21,19 +19,19 @@ module Inspec::Resources
 
     # @todo add checks to ensure that we have data in our file
     def initialize(hba_conf_path = nil)
-      @conf_file = hba_conf_path || File.expand_path('pg_hba.conf', inspec.postgres.conf_dir)
-      @content = ''
+      @conf_file = hba_conf_path || File.expand_path("pg_hba.conf", inspec.postgres.conf_dir)
+      @content = ""
       @params = {}
       read_content
     end
 
     filter = FilterTable.create
-    filter.register_column(:type,     field: 'type')
-          .register_column(:database, field: 'database')
-          .register_column(:user,     field: 'user')
-          .register_column(:address,  field: 'address')
-          .register_column(:auth_method, field: 'auth_method')
-          .register_column(:auth_params, field: 'auth_params')
+    filter.register_column(:type,     field: "type")
+          .register_column(:database, field: "database")
+          .register_column(:user,     field: "user")
+          .register_column(:address,  field: "address")
+          .register_column(:auth_method, field: "auth_method")
+          .register_column(:auth_params, field: "auth_params")
 
     filter.install_filter_methods_on_resource(self, :params)
 
@@ -60,9 +58,9 @@ module Inspec::Resources
       @content = clean_conf_file(config_file)
       @params = parse_conf(@content)
       @params.each do |line|
-        if line['type'] == 'local'
-          line['auth_method'] = line['address']
-          line['address'] = ''
+        if line["type"] == "local"
+          line["auth_method"] = line["address"]
+          line["address"] = ""
         end
       end
     end
@@ -76,12 +74,12 @@ module Inspec::Resources
     def parse_line(line)
       x = line.split(/\s+/)
       {
-        'type' => x[0],
-        'database' => x[1],
-        'user' => x[2],
-        'address' => x[3],
-        'auth_method' => x[4],
-        'auth_params' =>  ('' if x.length == 4) || x[5..-1].join(' '),
+        "type" => x[0],
+        "database" => x[1],
+        "user" => x[2],
+        "address" => x[3],
+        "auth_method" => x[4],
+        "auth_params" => ("" if x.length == 4) || x[5..-1].join(" "),
       }
     end
   end

data/lib/{resources → inspec/resources}/postgres_ident_conf.rb

@@ -1,12 +1,10 @@
-# encoding: utf-8
-
-require 'utils/file_reader'
-require 'resources/postgres'
+require "inspec/utils/file_reader"
+require "inspec/resources/postgres"
 
 module Inspec::Resources
   class PostgresIdentConf < Inspec.resource(1)
-    name 'postgres_ident_conf'
-    supports platform: 'unix'
+    name "postgres_ident_conf"
+    supports platform: "unix"
     desc 'Use the postgres_ident_conf InSpec audit resource to test the client
           authentication data is controlled by a pg_ident.conf file.'
     example <<~EXAMPLE
@@ -20,16 +18,16 @@ module Inspec::Resources
     attr_reader :params, :conf_file
 
     def initialize(ident_conf_path = nil)
-      @conf_file = ident_conf_path || File.expand_path('pg_ident.conf', inspec.postgres.conf_dir)
+      @conf_file = ident_conf_path || File.expand_path("pg_ident.conf", inspec.postgres.conf_dir)
       @content = nil
       @params = nil
       read_content
     end
 
     filter = FilterTable.create
-    filter.register_column(:map_name,        field: 'map_name')
-          .register_column(:system_username, field: 'system_username')
-          .register_column(:pg_username,     field: 'pg_username')
+    filter.register_column(:map_name,        field: "map_name")
+          .register_column(:system_username, field: "system_username")
+          .register_column(:pg_username,     field: "pg_username")
 
     filter.install_filter_methods_on_resource(self, :params)
 
@@ -49,7 +47,7 @@ module Inspec::Resources
     end
 
     def read_content
-      @content = ''
+      @content = ""
       @params = {}
       @content = filter_comments(read_file(@conf_file))
       @params = parse_conf(@content)
@@ -64,9 +62,9 @@ module Inspec::Resources
     def parse_line(line)
       x = line.split(/\s+/)
       {
-        'map_name' => x[0],
-        'system_username' => x[1],
-        'pg_username' => x[2],
+        "map_name" => x[0],
+        "system_username" => x[1],
+        "pg_username" => x[2],
       }
     end
 

data/lib/{resources → inspec/resources}/postgres_session.rb

@@ -1,7 +1,6 @@
-# encoding: utf-8
 # copyright: 2015, Vulcano Security GmbH
 
-require 'shellwords'
+require "shellwords"
 
 module Inspec::Resources
   class Lines
@@ -22,10 +21,10 @@ module Inspec::Resources
   end
 
   class PostgresSession < Inspec.resource(1)
-    name 'postgres_session'
-    supports platform: 'unix'
-    supports platform: 'windows'
-    desc 'Use the postgres_session InSpec audit resource to test SQL commands run against a PostgreSQL database.'
+    name "postgres_session"
+    supports platform: "unix"
+    supports platform: "windows"
+    desc "Use the postgres_session InSpec audit resource to test SQL commands run against a PostgreSQL database."
     example <<~EXAMPLE
       sql = postgres_session('username', 'password', 'host')
       query('sql_query', ['database_name'])` contains the query and (optional) database to execute
@@ -41,9 +40,9 @@ module Inspec::Resources
     EXAMPLE
 
     def initialize(user, pass, host = nil)
-      @user = user || 'postgres'
+      @user = user || "postgres"
       @pass = pass
-      @host = host || 'localhost'
+      @host = host || "localhost"
     end
 
     def query(query, db = [])
@@ -64,7 +63,7 @@ module Inspec::Resources
     end
 
     def create_psql_cmd(query, db = [])
-      dbs = db.map { |x| "-d #{x}" }.join(' ')
+      dbs = db.map { |x| "-d #{x}" }.join(" ")
       "PGPASSWORD='#{@pass}' psql -U #{@user} #{dbs} -h #{@host} -A -t -c #{escaped_query(query)}"
     end
   end

data/lib/{resources → inspec/resources}/powershell.rb

@@ -1,12 +1,12 @@
-# encoding: utf-8
 # copyright: 2015, Vulcano Security GmbH
+require "inspec/resources/command"
 
 module Inspec::Resources
-  class PowershellScript < Cmd
-    name 'powershell'
-    supports platform: 'windows'
-    supports platform: 'unix'
-    desc 'Use the powershell InSpec audit resource to test a Windows PowerShell script on the Microsoft Windows platform.'
+  class Powershell < Cmd
+    name "powershell"
+    supports platform: "windows"
+    supports platform: "unix"
+    desc "Use the powershell InSpec audit resource to test a Windows PowerShell script on the Microsoft Windows platform."
     example <<~EXAMPLE
       script = <<-EOH
         # your powershell script
@@ -21,15 +21,15 @@ module Inspec::Resources
       # PowerShell is the default shell on Windows, use the `command` resource
       return super(script) if inspec.os.windows?
 
-      unless inspec.command('pwsh').exist?
-        raise Inspec::Exceptions::ResourceSkipped, 'Can not find `pwsh` command'
+      unless inspec.command("pwsh").exist?
+        raise Inspec::Exceptions::ResourceSkipped, "Can not find `pwsh` command"
       end
 
       # Prevent progress stream from leaking into stderr
       command = "$ProgressPreference='SilentlyContinue';" + script
 
       # Encode as Base64 to remove any quotes/escapes/etc issues
-      command = command.encode('UTF-16LE', 'UTF-8')
+      command = command.encode("UTF-16LE", "UTF-8")
       command = Base64.strict_encode64(command)
 
       # Use the `command` resource to execute the command via `pwsh`
@@ -47,17 +47,21 @@ module Inspec::Resources
     end
 
     def to_s
-      'Powershell'
+      "Powershell"
     end
   end
 
+  PowershellScript = Powershell
+
   # this is deprecated syntax and will be removed in future versions
-  class LegacyPowershellScript < PowershellScript
-    name 'script'
+  class LegacyPowershell < Powershell
+    name "script"
 
     def initialize(script)
-      Inspec.deprecate(:resource_script, 'The `script` resource is deprecated. Please use `powershell` instead.')
+      Inspec.deprecate(:resource_script, "The `script` resource is deprecated. Please use `powershell` instead.")
       super(script)
     end
   end
+
+  LegacyPowershellScript = LegacyPowershell
 end