inspec 4.3.2 → 4.6.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +36 -38
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/inspec.gemspec +38 -39
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb +12 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-compliance/test/functional/inspec_compliance_test.rb +12 -14
- data/lib/plugins/inspec-compliance/test/integration/default/cli.rb +39 -41
- data/lib/plugins/inspec-compliance/test/unit/api/login_test.rb +64 -64
- data/lib/plugins/inspec-compliance/test/unit/api_test.rb +157 -156
- data/lib/plugins/inspec-compliance/test/unit/target_test.rb +85 -85
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/Berksfile +1 -1
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/metadata.rb +8 -8
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/recipes/default.rb +17 -17
- data/lib/plugins/inspec-habitat/test/functional/inspec_habitat_test.rb +9 -8
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/controls/inspec_habitat.rb +14 -14
- data/lib/plugins/inspec-habitat/test/support/example_profile/controls/example.rb +4 -4
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +42 -41
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/functional/inspec_plugin_template_test.rb +5 -5
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/helper.rb +1 -3
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/cli_args_test.rb +2 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/plugin_def_test.rb +2 -2
- data/lib/plugins/inspec-init/templates/profiles/aws/controls/example.rb +10 -11
- data/lib/plugins/inspec-init/templates/profiles/azure/controls/example.rb +4 -5
- data/lib/plugins/inspec-init/templates/profiles/gcp/controls/example.rb +10 -11
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-init/test/functional/inspec_init_plugin_test.rb +51 -50
- data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb +35 -33
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/plugins/wrong-name/lib/wrong-name.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +281 -271
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +41 -41
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/plugin_def_test.rb +25 -6
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/resource_support/aws.rb +67 -67
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +4 -1
- data/lib/resource_support/aws/aws_resource_mixin.rb +4 -3
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +4 -1
- data/lib/resources/aws/aws_billing_report.rb +15 -8
- data/lib/resources/aws/aws_billing_reports.rb +10 -7
- data/lib/resources/aws/aws_cloudtrail_trail.rb +9 -5
- data/lib/resources/aws/aws_cloudtrail_trails.rb +9 -5
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +9 -5
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +12 -8
- data/lib/resources/aws/aws_config_delivery_channel.rb +13 -9
- data/lib/resources/aws/aws_config_recorder.rb +10 -6
- data/lib/resources/aws/aws_ebs_volume.rb +12 -8
- data/lib/resources/aws/aws_ebs_volumes.rb +9 -5
- data/lib/resources/aws/aws_ec2_instance.rb +14 -11
- data/lib/resources/aws/aws_ec2_instances.rb +9 -5
- data/lib/resources/aws/aws_ecs_cluster.rb +11 -7
- data/lib/resources/aws/aws_eks_cluster.rb +13 -9
- data/lib/resources/aws/aws_elb.rb +9 -5
- data/lib/resources/aws/aws_elbs.rb +9 -5
- data/lib/resources/aws/aws_flow_log.rb +17 -13
- data/lib/resources/aws/aws_iam_access_key.rb +15 -11
- data/lib/resources/aws/aws_iam_access_keys.rb +19 -15
- data/lib/resources/aws/aws_iam_group.rb +9 -5
- data/lib/resources/aws/aws_iam_groups.rb +9 -5
- data/lib/resources/aws/aws_iam_password_policy.rb +13 -10
- data/lib/resources/aws/aws_iam_policies.rb +9 -5
- data/lib/resources/aws/aws_iam_policy.rb +16 -12
- data/lib/resources/aws/aws_iam_role.rb +9 -5
- data/lib/resources/aws/aws_iam_root_user.rb +12 -8
- data/lib/resources/aws/aws_iam_user.rb +12 -12
- data/lib/resources/aws/aws_iam_users.rb +10 -10
- data/lib/resources/aws/aws_kms_key.rb +12 -8
- data/lib/resources/aws/aws_kms_keys.rb +9 -5
- data/lib/resources/aws/aws_rds_instance.rb +11 -8
- data/lib/resources/aws/aws_route_table.rb +11 -7
- data/lib/resources/aws/aws_route_tables.rb +10 -6
- data/lib/resources/aws/aws_s3_bucket.rb +14 -11
- data/lib/resources/aws/aws_s3_bucket_object.rb +12 -9
- data/lib/resources/aws/aws_s3_buckets.rb +9 -7
- data/lib/resources/aws/aws_security_group.rb +16 -12
- data/lib/resources/aws/aws_security_groups.rb +12 -8
- data/lib/resources/aws/aws_sns_subscription.rb +15 -11
- data/lib/resources/aws/aws_sns_topic.rb +10 -6
- data/lib/resources/aws/aws_sns_topics.rb +9 -5
- data/lib/resources/aws/aws_sqs_queue.rb +18 -14
- data/lib/resources/aws/aws_subnet.rb +11 -7
- data/lib/resources/aws/aws_subnets.rb +9 -5
- data/lib/resources/aws/aws_vpc.rb +10 -6
- data/lib/resources/aws/aws_vpcs.rb +9 -5
- data/lib/resources/azure/azure_backend.rb +20 -18
- data/lib/resources/azure/azure_generic_resource.rb +13 -15
- data/lib/resources/azure/azure_resource_group.rb +17 -19
- data/lib/resources/azure/azure_virtual_machine.rb +6 -8
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +6 -8
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +141 -142
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
|
@@ -1,6 +1,5 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
require 'securerandom'
|
|
1
|
+
require "inspec/resources/powershell"
|
|
2
|
+
require "securerandom"
|
|
4
3
|
|
|
5
4
|
module Inspec::Resources
|
|
6
5
|
# This resource allows users to run vbscript on windows machines. We decided
|
|
@@ -19,10 +18,10 @@ module Inspec::Resources
|
|
|
19
18
|
# Since Windows does not delete tmp files automatically, we remove the VBScript
|
|
20
19
|
# after we executed it
|
|
21
20
|
# @see https://msdn.microsoft.com/en-us/library/aa364991.aspx
|
|
22
|
-
class VBScript <
|
|
23
|
-
name
|
|
24
|
-
supports platform:
|
|
25
|
-
desc
|
|
21
|
+
class VBScript < Powershell
|
|
22
|
+
name "vbscript"
|
|
23
|
+
supports platform: "windows"
|
|
24
|
+
desc ""
|
|
26
25
|
example <<~EXAMPLE
|
|
27
26
|
script = <<-EOH
|
|
28
27
|
# you vbscript
|
|
@@ -53,14 +52,14 @@ module Inspec::Resources
|
|
|
53
52
|
end
|
|
54
53
|
|
|
55
54
|
def to_s
|
|
56
|
-
|
|
55
|
+
"Windows VBScript"
|
|
57
56
|
end
|
|
58
57
|
|
|
59
58
|
private
|
|
60
59
|
|
|
61
60
|
def parse_stdout
|
|
62
61
|
res = inspec.backend.run_command(@command)
|
|
63
|
-
parsed_result = res.stdout.gsub(/#{@seperator}\r\n$/,
|
|
62
|
+
parsed_result = res.stdout.gsub(/#{@seperator}\r\n$/, "")
|
|
64
63
|
res.stdout = parsed_result
|
|
65
64
|
res
|
|
66
65
|
end
|
|
@@ -1,12 +1,10 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
require 'hashie/mash'
|
|
1
|
+
require "hashie/mash"
|
|
4
2
|
|
|
5
3
|
module Inspec::Resources
|
|
6
4
|
class Virtualization < Inspec.resource(1)
|
|
7
|
-
name
|
|
8
|
-
supports platform:
|
|
9
|
-
desc
|
|
5
|
+
name "virtualization"
|
|
6
|
+
supports platform: "linux"
|
|
7
|
+
desc "Use the virtualization InSpec audit resource to test the virtualization platform on which the system is running"
|
|
10
8
|
example <<~EXAMPLE
|
|
11
9
|
describe virtualization do
|
|
12
10
|
its('system') { should eq 'docker' }
|
|
@@ -42,21 +40,21 @@ module Inspec::Resources
|
|
|
42
40
|
end
|
|
43
41
|
|
|
44
42
|
def to_s
|
|
45
|
-
|
|
43
|
+
"Virtualization Detection"
|
|
46
44
|
end
|
|
47
45
|
|
|
48
46
|
private
|
|
49
47
|
|
|
50
48
|
def lxc_version_exists?
|
|
51
|
-
inspec.command(
|
|
49
|
+
inspec.command("lxc-version").exist?
|
|
52
50
|
end
|
|
53
51
|
|
|
54
52
|
def docker_exists?
|
|
55
|
-
inspec.command(
|
|
53
|
+
inspec.command("docker").exist?
|
|
56
54
|
end
|
|
57
55
|
|
|
58
56
|
def nova_exists?
|
|
59
|
-
inspec.command(
|
|
57
|
+
inspec.command("nova").exist?
|
|
60
58
|
end
|
|
61
59
|
|
|
62
60
|
# Detect Xen
|
|
@@ -68,12 +66,12 @@ module Inspec::Resources
|
|
|
68
66
|
# but rather be additive - btm
|
|
69
67
|
def detect_xen
|
|
70
68
|
# This file should exist on most Xen systems, normally empty for guests
|
|
71
|
-
return false unless inspec.file(
|
|
72
|
-
@virtualization_data[:system] =
|
|
73
|
-
if inspec.file(
|
|
74
|
-
@virtualization_data[:role] =
|
|
69
|
+
return false unless inspec.file("/proc/xen/capabilities").exist?
|
|
70
|
+
@virtualization_data[:system] = "xen"
|
|
71
|
+
if inspec.file("/proc/xen/capabilities").content =~ /control_d/i
|
|
72
|
+
@virtualization_data[:role] = "host"
|
|
75
73
|
else
|
|
76
|
-
@virtualization_data[:role] =
|
|
74
|
+
@virtualization_data[:role] = "guest"
|
|
77
75
|
end
|
|
78
76
|
|
|
79
77
|
true
|
|
@@ -81,16 +79,16 @@ module Inspec::Resources
|
|
|
81
79
|
|
|
82
80
|
# Detect Virtualbox from kernel module
|
|
83
81
|
def detect_virtualbox
|
|
84
|
-
return false unless inspec.file(
|
|
85
|
-
modules = inspec.file(
|
|
82
|
+
return false unless inspec.file("/proc/modules").exist?
|
|
83
|
+
modules = inspec.file("/proc/modules").content
|
|
86
84
|
if modules =~ /^vboxdrv/
|
|
87
|
-
Inspec::Log.debug(
|
|
88
|
-
@virtualization_data[:system] =
|
|
89
|
-
@virtualization_data[:role] =
|
|
85
|
+
Inspec::Log.debug("Plugin Virtualization: /proc/modules contains vboxdrv. Detecting as vbox host")
|
|
86
|
+
@virtualization_data[:system] = "vbox"
|
|
87
|
+
@virtualization_data[:role] = "host"
|
|
90
88
|
elsif modules =~ /^vboxguest/
|
|
91
|
-
Inspec::Log.debug(
|
|
92
|
-
@virtualization_data[:system] =
|
|
93
|
-
@virtualization_data[:role] =
|
|
89
|
+
Inspec::Log.debug("Plugin Virtualization: /proc/modules contains vboxguest. Detecting as vbox guest")
|
|
90
|
+
@virtualization_data[:system] = "vbox"
|
|
91
|
+
@virtualization_data[:role] = "guest"
|
|
94
92
|
else
|
|
95
93
|
return false
|
|
96
94
|
end
|
|
@@ -100,28 +98,28 @@ module Inspec::Resources
|
|
|
100
98
|
# if nova binary is present we're on an openstack host
|
|
101
99
|
def detect_openstack
|
|
102
100
|
return false unless nova_exists?
|
|
103
|
-
@virtualization_data[:system] =
|
|
104
|
-
@virtualization_data[:role] =
|
|
101
|
+
@virtualization_data[:system] = "openstack"
|
|
102
|
+
@virtualization_data[:role] = "host"
|
|
105
103
|
true
|
|
106
104
|
end
|
|
107
105
|
|
|
108
106
|
# Detect paravirt KVM/QEMU from cpuinfo, report as KVM
|
|
109
107
|
def detect_kvm_from_cpuinfo
|
|
110
|
-
return false unless inspec.file(
|
|
111
|
-
@virtualization_data[:system] =
|
|
112
|
-
@virtualization_data[:role] =
|
|
108
|
+
return false unless inspec.file("/proc/cpuinfo").content =~ /QEMU Virtual CPU|Common KVM processor|Common 32-bit KVM processor/
|
|
109
|
+
@virtualization_data[:system] = "kvm"
|
|
110
|
+
@virtualization_data[:role] = "guest"
|
|
113
111
|
true
|
|
114
112
|
end
|
|
115
113
|
|
|
116
114
|
# Detect KVM systems via /sys
|
|
117
115
|
# guests will have the hypervisor cpu feature that hosts don't have
|
|
118
116
|
def detect_kvm_from_sys
|
|
119
|
-
return false unless inspec.file(
|
|
120
|
-
@virtualization_data[:system] =
|
|
121
|
-
if inspec.file(
|
|
122
|
-
@virtualization_data[:role] =
|
|
117
|
+
return false unless inspec.file("/sys/devices/virtual/misc/kvm").exist?
|
|
118
|
+
@virtualization_data[:system] = "kvm"
|
|
119
|
+
if inspec.file("/proc/cpuinfo").content =~ /hypervisor/
|
|
120
|
+
@virtualization_data[:role] = "guest"
|
|
123
121
|
else
|
|
124
|
-
@virtualization_data[:role] =
|
|
122
|
+
@virtualization_data[:role] = "host"
|
|
125
123
|
end
|
|
126
124
|
true
|
|
127
125
|
end
|
|
@@ -129,12 +127,12 @@ module Inspec::Resources
|
|
|
129
127
|
# Detect OpenVZ / Virtuozzo.
|
|
130
128
|
# http://wiki.openvz.org/BC_proc_entries
|
|
131
129
|
def detect_openvz
|
|
132
|
-
if inspec.file(
|
|
133
|
-
@virtualization_data[:system] =
|
|
134
|
-
@virtualization_data[:role] =
|
|
135
|
-
elsif inspec.file(
|
|
136
|
-
@virtualization_data[:system] =
|
|
137
|
-
@virtualization_data[:role] =
|
|
130
|
+
if inspec.file("/proc/bc/0").exist?
|
|
131
|
+
@virtualization_data[:system] = "openvz"
|
|
132
|
+
@virtualization_data[:role] = "host"
|
|
133
|
+
elsif inspec.file("/proc/vz").exist?
|
|
134
|
+
@virtualization_data[:system] = "openvz"
|
|
135
|
+
@virtualization_data[:role] = "guest"
|
|
138
136
|
else
|
|
139
137
|
return false
|
|
140
138
|
end
|
|
@@ -143,23 +141,23 @@ module Inspec::Resources
|
|
|
143
141
|
|
|
144
142
|
# Detect Parallels virtual machine from pci devices
|
|
145
143
|
def detect_parallels
|
|
146
|
-
return false unless inspec.file(
|
|
147
|
-
@virtualization_data[:system] =
|
|
148
|
-
@virtualization_data[:role] =
|
|
144
|
+
return false unless inspec.file("/proc/bus/pci/devices").content =~ /1ab84000/
|
|
145
|
+
@virtualization_data[:system] = "parallels"
|
|
146
|
+
@virtualization_data[:role] = "guest"
|
|
149
147
|
true
|
|
150
148
|
end
|
|
151
149
|
|
|
152
150
|
# Detect Linux-VServer
|
|
153
151
|
def detect_linux_vserver
|
|
154
|
-
return false unless inspec.file(
|
|
155
|
-
proc_self_status = inspec.file(
|
|
152
|
+
return false unless inspec.file("/proc/self/status").exist?
|
|
153
|
+
proc_self_status = inspec.file("/proc/self/status").content
|
|
156
154
|
vxid = proc_self_status.match(/^(s_context|VxID):\s*(\d+)$/)
|
|
157
155
|
return false unless vxid && vxid[2]
|
|
158
|
-
@virtualization_data[:system] =
|
|
159
|
-
if vxid[2] ==
|
|
160
|
-
@virtualization_data[:role] =
|
|
156
|
+
@virtualization_data[:system] = "linux-vserver"
|
|
157
|
+
if vxid[2] == "0"
|
|
158
|
+
@virtualization_data[:role] = "host"
|
|
161
159
|
else
|
|
162
|
-
@virtualization_data[:role] =
|
|
160
|
+
@virtualization_data[:role] = "guest"
|
|
163
161
|
end
|
|
164
162
|
true
|
|
165
163
|
end
|
|
@@ -183,19 +181,19 @@ module Inspec::Resources
|
|
|
183
181
|
# Full notes, https://tickets.opscode.com/browse/OHAI-551
|
|
184
182
|
# Kernel docs, https://www.kernel.org/doc/Documentation/cgroups
|
|
185
183
|
def detect_lxc_docker
|
|
186
|
-
return false unless inspec.file(
|
|
187
|
-
cgroup_content = inspec.file(
|
|
184
|
+
return false unless inspec.file("/proc/self/cgroup").exist?
|
|
185
|
+
cgroup_content = inspec.file("/proc/self/cgroup").content
|
|
188
186
|
if cgroup_content =~ %r{^\d+:[^:]+:/(lxc|docker)/.+$} ||
|
|
189
187
|
cgroup_content =~ %r{^\d+:[^:]+:/[^/]+/(lxc|docker)-.+$} # rubocop:disable Layout/MultilineOperationIndentation
|
|
190
188
|
@virtualization_data[:system] = $1 # rubocop:disable Style/PerlBackrefs
|
|
191
|
-
@virtualization_data[:role] =
|
|
189
|
+
@virtualization_data[:role] = "guest"
|
|
192
190
|
elsif lxc_version_exists? && cgroup_content =~ %r{\d:[^:]+:/$}
|
|
193
191
|
# lxc-version shouldn't be installed by default
|
|
194
192
|
# Even so, it is likely we are on an LXC capable host that is not being used as such
|
|
195
193
|
# So we're cautious here to not overwrite other existing values (OHAI-573)
|
|
196
194
|
unless @virtualization_data[:system] && @virtualization_data[:role]
|
|
197
|
-
@virtualization_data[:system] =
|
|
198
|
-
@virtualization_data[:role] =
|
|
195
|
+
@virtualization_data[:system] = "lxc"
|
|
196
|
+
@virtualization_data[:role] = "host"
|
|
199
197
|
end
|
|
200
198
|
else
|
|
201
199
|
return false
|
|
@@ -204,21 +202,21 @@ module Inspec::Resources
|
|
|
204
202
|
end
|
|
205
203
|
|
|
206
204
|
def detect_docker
|
|
207
|
-
return false unless inspec.file(
|
|
208
|
-
@virtualization_data[:system] =
|
|
209
|
-
@virtualization_data[:role] =
|
|
205
|
+
return false unless inspec.file("/.dockerenv").exist? || inspec.file("/.dockerinit").exist?
|
|
206
|
+
@virtualization_data[:system] = "docker"
|
|
207
|
+
@virtualization_data[:role] = "guest"
|
|
210
208
|
true
|
|
211
209
|
end
|
|
212
210
|
|
|
213
211
|
# Detect LXD
|
|
214
212
|
# See https://github.com/lxc/lxd/blob/master/doc/dev-lxd.md
|
|
215
213
|
def detect_lxd
|
|
216
|
-
if inspec.file(
|
|
217
|
-
@virtualization_data[:system] =
|
|
218
|
-
@virtualization_data[:role] =
|
|
219
|
-
elsif inspec.file(
|
|
220
|
-
@virtualization_data[:system] =
|
|
221
|
-
@virtualization_data[:role] =
|
|
214
|
+
if inspec.file("/dev/lxd/sock").exist?
|
|
215
|
+
@virtualization_data[:system] = "lxd"
|
|
216
|
+
@virtualization_data[:role] = "guest"
|
|
217
|
+
elsif inspec.file("/var/lib/lxd/devlxd").exist?
|
|
218
|
+
@virtualization_data[:system] = "lxd"
|
|
219
|
+
@virtualization_data[:role] = "host"
|
|
222
220
|
else
|
|
223
221
|
return false
|
|
224
222
|
end
|
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
|
|
1
|
+
require "inspec/resources/command"
|
|
2
2
|
|
|
3
3
|
module Inspec::Resources
|
|
4
4
|
class WindowsFeature < Inspec.resource(1)
|
|
5
|
-
name
|
|
6
|
-
supports platform:
|
|
7
|
-
desc
|
|
5
|
+
name "windows_feature"
|
|
6
|
+
supports platform: "windows"
|
|
7
|
+
desc "Use the windows_feature InSpec audit resource to test features on Microsoft Windows."
|
|
8
8
|
example <<~EXAMPLE
|
|
9
9
|
# By default this resource will use Get-WindowsFeature.
|
|
10
10
|
# Failing that, it will use DISM.
|
|
@@ -72,7 +72,7 @@ module Inspec::Resources
|
|
|
72
72
|
if cmd.exit_status != 0
|
|
73
73
|
feature_info = {
|
|
74
74
|
name: feature,
|
|
75
|
-
description:
|
|
75
|
+
description: "N/A",
|
|
76
76
|
installed: false,
|
|
77
77
|
}
|
|
78
78
|
else
|
|
@@ -100,7 +100,7 @@ module Inspec::Resources
|
|
|
100
100
|
# non-server OS. This attempts to use the `dism` command to get the info.
|
|
101
101
|
if cmd.stderr =~ /The term 'Get-WindowsFeature' is not recognized/
|
|
102
102
|
feature_info[:name] = feature
|
|
103
|
-
feature_info[:error] =
|
|
103
|
+
feature_info[:error] = "Could not find `Get-WindowsFeature`"
|
|
104
104
|
else
|
|
105
105
|
# We cannot rely on `cmd.exit_status != 0` because by default the
|
|
106
106
|
# command will exit 1 even on success. So, if we cannot parse the JSON
|
|
@@ -109,9 +109,9 @@ module Inspec::Resources
|
|
|
109
109
|
result = JSON.parse(cmd.stdout)
|
|
110
110
|
|
|
111
111
|
feature_info = {
|
|
112
|
-
name: result[
|
|
113
|
-
description: result[
|
|
114
|
-
installed: result[
|
|
112
|
+
name: result["Name"],
|
|
113
|
+
description: result["Description"],
|
|
114
|
+
installed: result["Installed"],
|
|
115
115
|
}
|
|
116
116
|
rescue JSON::ParserError => _e
|
|
117
117
|
feature_info[:name] = feature
|
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
|
|
1
|
+
require "inspec/resources/powershell"
|
|
2
2
|
|
|
3
3
|
module Inspec::Resources
|
|
4
4
|
class WindowsHotfix < Inspec.resource(1)
|
|
5
|
-
name
|
|
6
|
-
supports platform:
|
|
7
|
-
desc
|
|
5
|
+
name "windows_hotfix"
|
|
6
|
+
supports platform: "windows"
|
|
7
|
+
desc "Use the windows_hotfix InSpec audit resource to test if the hotfix has been installed on the Windows system."
|
|
8
8
|
example <<~EXAMPLE
|
|
9
9
|
describe windows_hotfix('KB4012212') do
|
|
10
10
|
it { should be_installed }
|
|
@@ -17,7 +17,7 @@ module Inspec::Resources
|
|
|
17
17
|
@id = hotfix_id.upcase
|
|
18
18
|
@content = nil
|
|
19
19
|
os = inspec.os
|
|
20
|
-
return skip_resource
|
|
20
|
+
return skip_resource "The `windows_hotfix` resource is not a feature of your OS." unless os.windows?
|
|
21
21
|
query = "get-hotfix -id #{@id}"
|
|
22
22
|
cmd = inspec.powershell(query)
|
|
23
23
|
@content = cmd.stdout
|
|
@@ -1,9 +1,10 @@
|
|
|
1
|
-
|
|
1
|
+
require "inspec/resources/powershell"
|
|
2
|
+
|
|
2
3
|
module Inspec::Resources
|
|
3
|
-
class WindowsTasks < Inspec.resource(1)
|
|
4
|
-
name
|
|
5
|
-
supports platform:
|
|
6
|
-
desc
|
|
4
|
+
class WindowsTasks < Inspec.resource(1) # TODO: rename singular
|
|
5
|
+
name "windows_task"
|
|
6
|
+
supports platform: "windows"
|
|
7
|
+
desc "Use the windows_task InSpec audit resource to test task schedules on Microsoft Windows."
|
|
7
8
|
example <<~EXAMPLE
|
|
8
9
|
describe windows_task('\\Microsoft\\Windows\\Time Synchronization\\SynchronizeTime') do
|
|
9
10
|
it { should be_enabled }
|
|
@@ -38,12 +39,12 @@ module Inspec::Resources
|
|
|
38
39
|
# rubocop:disable Style/WordArray
|
|
39
40
|
def enabled?
|
|
40
41
|
return false if info.nil? || info[:state].nil?
|
|
41
|
-
[
|
|
42
|
+
["Ready", "Running"].include?(info[:state])
|
|
42
43
|
end
|
|
43
44
|
|
|
44
45
|
def disabled?
|
|
45
46
|
return false if info.nil? || info[:state].nil?
|
|
46
|
-
info[:scheduled_task_state] ==
|
|
47
|
+
info[:scheduled_task_state] == "Disabled" || info[:state] == "Disabled"
|
|
47
48
|
end
|
|
48
49
|
|
|
49
50
|
def logon_mode
|
|
@@ -84,14 +85,14 @@ module Inspec::Resources
|
|
|
84
85
|
end
|
|
85
86
|
|
|
86
87
|
@cache = {
|
|
87
|
-
uri: params[
|
|
88
|
-
state: params[
|
|
89
|
-
logon_mode: params[
|
|
90
|
-
last_result: params[
|
|
91
|
-
task_to_run: params[
|
|
92
|
-
run_as_user: params[
|
|
93
|
-
scheduled_task_state: params[
|
|
94
|
-
type:
|
|
88
|
+
uri: params["URI"],
|
|
89
|
+
state: params["State"],
|
|
90
|
+
logon_mode: params["Logon Mode"],
|
|
91
|
+
last_result: params["Last Result"],
|
|
92
|
+
task_to_run: params["Task To Run"],
|
|
93
|
+
run_as_user: params["Run As User"],
|
|
94
|
+
scheduled_task_state: params["Scheduled Task State"],
|
|
95
|
+
type: "windows-task",
|
|
95
96
|
}
|
|
96
97
|
end
|
|
97
98
|
|
|
@@ -1,6 +1,5 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
require 'utils/object_traversal'
|
|
1
|
+
require "inspec/resources/powershell"
|
|
2
|
+
require "inspec/utils/object_traversal"
|
|
4
3
|
|
|
5
4
|
module Inspec::Resources
|
|
6
5
|
# This resource simplifies the access to wmi
|
|
@@ -8,9 +7,9 @@ module Inspec::Resources
|
|
|
8
7
|
# WMIC /NAMESPACE:\\root\rsop\computer PATH RSOP_SecuritySettingNumeric WHERE "KeyName = 'MinimumPasswordAge' And precedence=1" GET Setting
|
|
9
8
|
# We use Get-WmiObject via Powershell to retrieve all values.
|
|
10
9
|
class WMI < Inspec.resource(1)
|
|
11
|
-
name
|
|
12
|
-
supports platform:
|
|
13
|
-
desc
|
|
10
|
+
name "wmi"
|
|
11
|
+
supports platform: "windows"
|
|
12
|
+
desc "request wmi information"
|
|
14
13
|
example <<~EXAMPLE
|
|
15
14
|
describe wmi({
|
|
16
15
|
class: 'RSOP_SecuritySettingNumeric',
|
|
@@ -29,7 +28,7 @@ module Inspec::Resources
|
|
|
29
28
|
if wmiclass.is_a?(Hash)
|
|
30
29
|
@options.merge!(wmiclass)
|
|
31
30
|
else
|
|
32
|
-
Inspec.deprecate(:wmi_non_hash_usage,
|
|
31
|
+
Inspec.deprecate(:wmi_non_hash_usage, "Using `wmi('wmisclass')` is deprecated. Please use`wmi({class: 'wmisclass'})`")
|
|
33
32
|
@options[:class] = wmiclass
|
|
34
33
|
end
|
|
35
34
|
end
|
|
@@ -61,7 +60,7 @@ module Inspec::Resources
|
|
|
61
60
|
args = @options.select { |key, _value| [:class, :namespace, :query, :filter].include?(key) }
|
|
62
61
|
|
|
63
62
|
# convert to Get-WmiObject arguments
|
|
64
|
-
params =
|
|
63
|
+
params = ""
|
|
65
64
|
args.each { |key, value| params += " -#{key} \"#{value.gsub('"', '`"')}\"" }
|
|
66
65
|
|
|
67
66
|
# run wmi command and filter empty wmi
|
|
@@ -1,15 +1,13 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
require
|
|
4
|
-
require 'hashie/mash'
|
|
5
|
-
require 'utils/file_reader'
|
|
1
|
+
require "openssl"
|
|
2
|
+
require "hashie/mash"
|
|
3
|
+
require "inspec/utils/file_reader"
|
|
6
4
|
|
|
7
5
|
module Inspec::Resources
|
|
8
6
|
class X509CertificateResource < Inspec.resource(1)
|
|
9
|
-
name
|
|
10
|
-
supports platform:
|
|
11
|
-
supports platform:
|
|
12
|
-
desc
|
|
7
|
+
name "x509_certificate"
|
|
8
|
+
supports platform: "unix"
|
|
9
|
+
supports platform: "windows"
|
|
10
|
+
desc "Used to test x.509 certificates"
|
|
13
11
|
example <<~EXAMPLE
|
|
14
12
|
describe x509_certificate('/etc/pki/www.mywebsite.com.pem') do
|
|
15
13
|
its('subject') { should match /CN=My Website/ }
|
|
@@ -47,8 +45,8 @@ module Inspec::Resources
|
|
|
47
45
|
|
|
48
46
|
# Forward these methods directly to OpenSSL::X509::Certificate instance
|
|
49
47
|
%w{version not_before not_after signature_algorithm public_key}.each do |m|
|
|
50
|
-
define_method m
|
|
51
|
-
@cert.
|
|
48
|
+
define_method m do |*args|
|
|
49
|
+
@cert.send(m, *args)
|
|
52
50
|
end
|
|
53
51
|
end
|
|
54
52
|
|