inspec 4.3.2 → 4.6.3

data/lib/inspec.rb

@@ -1,32 +1,31 @@
-# encoding: utf-8
 # copyright: 2015, Dominik Richter
-# author: Dominik Richter
-# author: Christoph Hartmann
 
 libdir = File.dirname(__FILE__)
 $LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
 
-require 'inspec/version'
-require 'inspec/exceptions'
-require 'utils/deprecation'
-require 'inspec/profile'
-require 'inspec/rule'
-require 'matchers/matchers'
-require 'inspec/runner'
-require 'inspec/shell'
-require 'inspec/formatters'
-require 'inspec/reporters'
-require 'inspec/input_registry'
-require 'inspec/rspec_extensions'
-require 'inspec/globals'
-require 'inspec/impact'
-require 'inspec/utils/telemetry'
+require "inspec/version"
+require "inspec/exceptions"
+require "inspec/utils/deprecation"
+require "inspec/profile"
+require "inspec/rule"
+require "matchers/matchers"
+require "inspec/runner"
+require "inspec/shell"
+require "inspec/formatters"
+require "inspec/reporters"
+require "inspec/input_registry"
+require "inspec/rspec_extensions"
+require "inspec/globals"
+require "inspec/impact"
+require "inspec/utils/telemetry"
+require "inspec/utils/telemetry/global_methods"
 
-require 'inspec/plugin/v2'
-require 'inspec/plugin/v1'
+require "inspec/plugin/v2"
+require "inspec/plugin/v1"
 
 # all utils that may be required by legacy plugins
-require 'inspec/base_cli'
-require 'inspec/fetcher'
-require 'inspec/source_reader'
-require 'inspec/resource'
+require "inspec/base_cli"
+require "inspec/fetcher"
+require "inspec/source_reader"
+require "inspec/resource"
+require "inspec/resources"

data/lib/inspec/archive/tar.rb

@@ -1,13 +1,9 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-require 'rubygems/package'
+require "rubygems/package"
 
 module Inspec::Archive
   class TarArchiveGenerator
     def archive(base_dir, files, archive)
-      File.open(archive, 'wb') do |file|
+      File.open(archive, "wb") do |file|
         Zlib::GzipWriter.wrap(file) do |gz|
           Gem::Package::TarWriter.new(gz) do |tar|
             files.each do |input_filename|

data/lib/inspec/archive/zip.rb

@@ -1,10 +1,6 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-require 'rubygems'
-require 'zip'
-require 'pathname'
+require "rubygems"
+require "zip"
+require "pathname"
 
 module Inspec::Archive
   class ZipArchiveGenerator

data/lib/inspec/backend.rb

@@ -1,10 +1,9 @@
-# encoding: utf-8
 # copyright: 2015, Dominik Richter
-# author: Dominik Richter
-# author: Christoph Hartmann
 
-require 'train'
-require 'inspec/config'
+require "train"
+require "inspec/config"
+require "inspec/version"
+require "inspec/resource"
 
 module Inspec
   module Backend
@@ -28,7 +27,7 @@ module Inspec
 
       # Ruby internal for printing a nice name for this class
       def to_s
-        'Inspec::Backend::Class'
+        "Inspec::Backend::Class"
       end
 
       # Ruby internal for pretty-printing a summary for this class
@@ -57,15 +56,15 @@ module Inspec
       # Set caching settings. We always want to enable caching for
       # the Mock transport for testing.
       if config[:backend_cache] || config[:backend] == :mock
-        Inspec::Log.debug 'Option backend_cache is enabled'
+        Inspec::Log.debug "Option backend_cache is enabled"
         connection.enable_cache(:file)
         connection.enable_cache(:command)
       elsif config[:debug_shell]
-        Inspec::Log.debug 'Option backend_cache is disabled'
+        Inspec::Log.debug "Option backend_cache is disabled"
         connection.disable_cache(:file)
         connection.disable_cache(:command)
       else
-        Inspec::Log.debug 'Option backend_cache is disabled'
+        Inspec::Log.debug "Option backend_cache is disabled"
         connection.disable_cache(:file)
         connection.disable_cache(:command)
       end

data/lib/inspec/base_cli.rb

@@ -1,11 +1,8 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-require 'thor'
-require 'inspec/log'
-require 'inspec/profile_vendor'
-require 'inspec/ui'
+require "thor"
+require "inspec/log"
+require "inspec/ui"
+require "inspec/config"
+require "inspec/utils/deprecation/global_method"
 
 # Allow end of options during array type parsing
 # https://github.com/erikhuda/thor/issues/631
@@ -34,107 +31,107 @@ module Inspec
 
     def self.target_options # rubocop:disable MethodLength
       option :target, aliases: :t, type: :string,
-        desc: 'Simple targeting option using URIs, e.g. ssh://user:pass@host:port'
+        desc: "Simple targeting option using URIs, e.g. ssh://user:pass@host:port"
       option :backend, aliases: :b, type: :string,
-        desc: 'Choose a backend: local, ssh, winrm, docker.'
+        desc: "Choose a backend: local, ssh, winrm, docker."
       option :host, type: :string,
-        desc: 'Specify a remote host which is tested.'
+        desc: "Specify a remote host which is tested."
       option :port, aliases: :p, type: :numeric,
-        desc: 'Specify the login port for a remote scan.'
+        desc: "Specify the login port for a remote scan."
       option :user, type: :string,
-        desc: 'The login user for a remote scan.'
+        desc: "The login user for a remote scan."
       option :password, type: :string, lazy_default: -1,
-        desc: 'Login password for a remote scan, if required.'
+        desc: "Login password for a remote scan, if required."
       option :enable_password, type: :string, lazy_default: -1,
-        desc: 'Password for enable mode on Cisco IOS devices.'
+        desc: "Password for enable mode on Cisco IOS devices."
       option :key_files, aliases: :i, type: :array,
-        desc: 'Login key or certificate file for a remote scan.'
+        desc: "Login key or certificate file for a remote scan."
       option :path, type: :string,
-        desc: 'Login path to use when connecting to the target (WinRM).'
+        desc: "Login path to use when connecting to the target (WinRM)."
       option :sudo, type: :boolean,
-        desc: 'Run scans with sudo. Only activates on Unix and non-root user.'
+        desc: "Run scans with sudo. Only activates on Unix and non-root user."
       option :sudo_password, type: :string, lazy_default: -1,
-        desc: 'Specify a sudo password, if it is required.'
+        desc: "Specify a sudo password, if it is required."
       option :sudo_options, type: :string,
-        desc: 'Additional sudo options for a remote scan.'
+        desc: "Additional sudo options for a remote scan."
       option :sudo_command, type: :string,
-        desc: 'Alternate command for sudo.'
+        desc: "Alternate command for sudo."
       option :shell, type: :boolean,
-        desc: 'Run scans in a subshell. Only activates on Unix.'
+        desc: "Run scans in a subshell. Only activates on Unix."
       option :shell_options, type: :string,
-        desc: 'Additional shell options.'
+        desc: "Additional shell options."
       option :shell_command, type: :string,
-        desc: 'Specify a particular shell to use.'
+        desc: "Specify a particular shell to use."
       option :ssl, type: :boolean,
-        desc: 'Use SSL for transport layer encryption (WinRM).'
+        desc: "Use SSL for transport layer encryption (WinRM)."
       option :self_signed, type: :boolean,
-        desc: 'Allow remote scans with self-signed certificates (WinRM).'
-      option :winrm_transport, type: :string, default: 'negotiate',
-        desc: 'Specify which transport to use, defaults to negotiate (WinRM).'
+        desc: "Allow remote scans with self-signed certificates (WinRM)."
+      option :winrm_transport, type: :string, default: "negotiate",
+        desc: "Specify which transport to use, defaults to negotiate (WinRM)."
       option :winrm_disable_sspi, type: :boolean,
-        desc: 'Whether to use disable sspi authentication, defaults to false (WinRM).'
+        desc: "Whether to use disable sspi authentication, defaults to false (WinRM)."
       option :winrm_basic_auth, type: :boolean,
-        desc: 'Whether to use basic authentication, defaults to false (WinRM).'
+        desc: "Whether to use basic authentication, defaults to false (WinRM)."
       option :config, type: :string,
-        desc: 'Read configuration from JSON file (`-` reads from stdin).'
+        desc: "Read configuration from JSON file (`-` reads from stdin)."
       option :json_config, type: :string, hide: true
       option :proxy_command, type: :string,
-        desc: 'Specifies the command to use to connect to the server'
+        desc: "Specifies the command to use to connect to the server"
       option :bastion_host, type: :string,
-        desc: 'Specifies the bastion host if applicable'
+        desc: "Specifies the bastion host if applicable"
       option :bastion_user, type: :string,
-        desc: 'Specifies the bastion user if applicable'
+        desc: "Specifies the bastion user if applicable"
       option :bastion_port, type: :string,
-        desc: 'Specifies the bastion port if applicable'
+        desc: "Specifies the bastion port if applicable"
       option :insecure, type: :boolean, default: false,
-        desc: 'Disable SSL verification on select targets'
+        desc: "Disable SSL verification on select targets"
       option :target_id, type: :string,
-        desc: 'Provide a ID which will be included on reports'
+        desc: "Provide a ID which will be included on reports"
     end
 
     def self.profile_options
       option :profiles_path, type: :string,
-        desc: 'Folder which contains referenced profiles.'
+        desc: "Folder which contains referenced profiles."
       option :vendor_cache, type: :string,
-        desc: 'Use the given path for caching dependencies. (default: ~/.inspec/cache)'
+        desc: "Use the given path for caching dependencies. (default: ~/.inspec/cache)"
     end
 
     def self.exec_options
       target_options
       profile_options
       option :controls, type: :array,
-        desc: 'A list of control names to run, or a list of /regexes/ to match against control names. Ignore all other tests.'
+        desc: "A list of control names to run, or a list of /regexes/ to match against control names. Ignore all other tests."
       option :reporter, type: :array,
-        banner: 'one two:/output/file/path',
-        desc: 'Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit, yaml'
+        banner: "one two:/output/file/path",
+        desc: "Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit, yaml"
       option :input_file, type: :array,
-        desc: 'Load one or more input files, a YAML file with values for the profile to use'
+        desc: "Load one or more input files, a YAML file with values for the profile to use"
       option :attrs, type: :array,
-        desc: 'Legacy name for --input-file - deprecated.'
+        desc: "Legacy name for --input-file - deprecated."
       option :create_lockfile, type: :boolean,
-        desc: 'Write out a lockfile based on this execution (unless one already exists)'
+        desc: "Write out a lockfile based on this execution (unless one already exists)"
       option :backend_cache, type: :boolean,
-        desc: 'Allow caching for backend command output. (default: true)'
+        desc: "Allow caching for backend command output. (default: true)"
       option :show_progress, type: :boolean,
-        desc: 'Show progress while executing tests.'
+        desc: "Show progress while executing tests."
       option :distinct_exit, type: :boolean, default: true,
-        desc: 'Exit with code 101 if any tests fail, and 100 if any are skipped (default).  If disabled, exit 0 on skips and 1 for failures.'
+        desc: "Exit with code 101 if any tests fail, and 100 if any are skipped (default).  If disabled, exit 0 on skips and 1 for failures."
     end
 
     def self.format_platform_info(params: {}, indent: 0, color: 39)
-      str = ''
-      params.each { |item, info|
+      str = ""
+      params.each do |item, info|
         data = info
 
         # Format Array for better output if applicable
-        data = data.join(', ') if data.is_a?(Array)
+        data = data.join(", ") if data.is_a?(Array)
 
         # Do not output fields of data is missing ('unknown' is fine)
         next if data.nil?
 
         data = "\e[1m\e[#{color}m#{data}\e[0m"
-        str << format("#{' ' * indent}%-10s %s\n", item.to_s.capitalize + ':', data)
-      }
+        str << format("#{' ' * indent}%-10s %s\n", item.to_s.capitalize + ":", data)
+      end
       str
     end
 
@@ -193,12 +190,12 @@ module Inspec
     private
 
     def suppress_log_output?(opts)
-      return false if opts['reporter'].nil?
-      match = %w{json json-min json-rspec json-automate junit html yaml documentation progress} & opts['reporter'].keys
+      return false if opts["reporter"].nil?
+      match = %w{json json-min json-rspec json-automate junit html yaml documentation progress} & opts["reporter"].keys
       unless match.empty?
         match.each do |m|
           # check to see if we are outputting to stdout
-          return true if opts['reporter'][m]['stdout'] == true
+          return true if opts["reporter"][m]["stdout"] == true
         end
       end
       false
@@ -220,7 +217,7 @@ module Inspec
       if valid.include?(level)
         l = level
       else
-        l = 'info'
+        l = "info"
       end
 
       Logger.const_get(l.upcase)
@@ -237,11 +234,13 @@ module Inspec
     end
 
     def vendor_deps(path, opts)
+      require "inspec/profile_vendor"
+
       profile_path = path || Dir.pwd
       profile_vendor = Inspec::ProfileVendor.new(profile_path)
 
       if (profile_vendor.cache_path.exist? || profile_vendor.lockfile.exist?) && !opts[:overwrite]
-        puts 'Profile is already vendored. Use --overwrite.'
+        puts "Profile is already vendored. Use --overwrite."
         return false
       end
 
@@ -257,23 +256,23 @@ module Inspec
       # logging singleton Inspec::Log. Eventually it would be nice to
       # move internal debug logging to use this logging singleton.
       #
-      loc = if o['log_location']
-              o['log_location']
+      loc = if o["log_location"]
+              o["log_location"]
             elsif suppress_log_output?(o)
-              STDERR
+              $stderr
             else
-              STDOUT
+              $stdout
             end
 
       Inspec::Log.init(loc)
-      Inspec::Log.level = get_log_level(o['log_level'])
+      Inspec::Log.level = get_log_level(o["log_level"])
 
       o[:logger] = Logger.new(loc)
       # output json if we have activated the json formatter
-      if o['log-format'] == 'json'
+      if o["log-format"] == "json"
         o[:logger].formatter = Logger::JSONFormatter.new
       end
-      o[:logger].level = get_log_level(o['log_level'])
+      o[:logger].level = get_log_level(o["log_level"])
     end
   end
 end

data/lib/inspec/cached_fetcher.rb

@@ -1,6 +1,5 @@
-# encoding: utf-8
-require 'inspec/fetcher'
-require 'forwardable'
+require "inspec/fetcher"
+require "forwardable"
 
 module Inspec
   class CachedFetcher

data/lib/inspec/cli.rb

@@ -1,57 +1,75 @@
-# encoding: utf-8
 # Copyright 2015 Dominik Richter
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-require 'logger'
-require 'thor'
-require 'json'
-require 'pp'
-require 'utils/json_log'
-require 'utils/latest_version'
-require 'inspec/base_cli'
-require 'inspec/plugin/v1'
-require 'inspec/plugin/v2'
-require 'inspec/runner_mock'
-require 'inspec/env_printer'
-require 'inspec/schema'
-require 'inspec/config'
+
+require "inspec/utils/deprecation/deprecator"
+require "inspec/dist"
+require "inspec/backend"
+require "inspec/dependencies/cache"
+
+module Inspec # TODO: move this somewhere "better"?
+  autoload :BaseCLI,       "inspec/base_cli"
+  autoload :Deprecation,   "inspec/utils/deprecation"
+  autoload :Exceptions,    "inspec/exceptions"
+  autoload :Fetcher,       "inspec/fetcher"
+  autoload :Formatters,    "inspec/formatters"
+  autoload :Globals,       "inspec/globals"
+  autoload :Impact,        "inspec/impact"
+  autoload :Impact,        "inspec/impact"
+  autoload :InputRegistry, "inspec/input_registry"
+  autoload :Profile,       "inspec/profile"
+  autoload :Reporters,     "inspec/reporters"
+  autoload :Resource,      "inspec/resource"
+  autoload :Rule,          "inspec/rule"
+  autoload :Runner,        "inspec/runner"
+  autoload :Runner,        "inspec/runner"
+  autoload :Shell,         "inspec/shell"
+  autoload :SourceReader,  "inspec/source_reader"
+  autoload :Telemetry,     "inspec/utils/telemetry"
+  autoload :V1,            "inspec/plugin/v1"
+  autoload :V2,            "inspec/plugin/v2"
+  autoload :VERSION,       "inspec/version"
+end
 
 class Inspec::InspecCLI < Inspec::BaseCLI
   class_option :log_level, aliases: :l, type: :string,
-               desc: 'Set the log level: info (default), debug, warn, error'
+               desc: "Set the log level: info (default), debug, warn, error"
 
   class_option :log_location, type: :string,
-               desc: 'Location to send diagnostic log messages to. (default: STDOUT or Inspec::Log.error)'
+               desc: "Location to send diagnostic log messages to. (default: $stdout or Inspec::Log.error)"
 
   class_option :diagnose, type: :boolean,
-    desc: 'Show diagnostics (versions, configurations)'
+    desc: "Show diagnostics (versions, configurations)"
 
   class_option :color, type: :boolean,
-    desc: 'Use colors in output.'
+    desc: "Use colors in output."
 
   class_option :interactive, type: :boolean,
-    desc: 'Allow or disable user interaction'
+    desc: "Allow or disable user interaction"
 
-  class_option :disable_core_plugins, type: :string, banner: '', # Actually a boolean, but this suppresses the creation of a --no-disable...
-    desc: 'Disable loading all plugins that are shipped in the lib/plugins directory of InSpec. Useful in development.'
+  class_option :disable_core_plugins, type: :string, banner: "", # Actually a boolean, but this suppresses the creation of a --no-disable...
+    desc: "Disable loading all plugins that are shipped in the lib/plugins directory of InSpec. Useful in development."
 
-  class_option :disable_user_plugins, type: :string, banner: '',
-    desc: 'Disable loading all plugins that the user installed.'
+  class_option :disable_user_plugins, type: :string, banner: "",
+    desc: "Disable loading all plugins that the user installed."
 
-  require 'license_acceptance/cli_flags/thor'
+  class_option :enable_telemetry, type: :boolean,
+    desc: "Allow or disable telemetry", default: false
+
+  require "license_acceptance/cli_flags/thor"
   include LicenseAcceptance::CLIFlags::Thor
 
-  desc 'json PATH', 'read all tests in PATH and generate a JSON summary'
+  desc "json PATH", "read all tests in PATH and generate a JSON summary"
   option :output, aliases: :o, type: :string,
-    desc: 'Save the created profile to a path'
+    desc: "Save the created profile to a path"
   option :controls, type: :array,
-    desc: 'A list of controls to include. Ignore all other tests.'
+    desc: "A list of controls to include. Ignore all other tests."
   profile_options
   def json(target)
+    require "inspec/resources"
+    require "json"
+
     o = config
     diagnose(o)
-    o['log_location'] = STDERR
+    o["log_location"] = $stderr
     configure_logger(o)
 
     o[:backend] = Inspec::Backend.create(Inspec::Config.mock)
@@ -62,7 +80,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     info = profile.info
     # add in inspec version
     info[:generator] = {
-      name: 'inspec',
+      name: "inspec",
       version: Inspec::VERSION,
     }
     dst = o[:output].to_s
@@ -81,12 +99,18 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     pretty_handle_exception(e)
   end
 
-  desc 'check PATH', 'verify all tests at the specified PATH'
+  desc "check PATH", "verify all tests at the specified PATH"
   option :format, type: :string
   profile_options
-  def check(path) # rubocop:disable Metrics/AbcSize
+  def check(path) # rubocop:disable Metrics/AbcSize,Metrics/MethodLength
+    require "inspec/resources"
+
     o = config
     diagnose(o)
+    o["log_location"] ||= STDERR if o["format"] == "json"
+    o["log_level"] ||= "warn"
+    configure_logger(o)
+
     o[:backend] = Inspec::Backend.create(Inspec::Config.mock)
     o[:check_mode] = true
     o[:vendor_cache] = Inspec::Cache.new(o[:vendor_cache])
@@ -95,25 +119,25 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     profile = Inspec::Profile.for_target(path, o)
     result = profile.check
 
-    if o['format'] == 'json'
+    if o["format"] == "json"
       puts JSON.generate(result)
     else
       %w{location profile controls timestamp valid}.each do |item|
-        puts format('%-12s %s', item.to_s.capitalize + ':',
+        puts format("%-12s %s", item.to_s.capitalize + ":",
                     mark_text(result[:summary][item.to_sym]))
       end
       puts
 
-      if result[:errors].empty? and result[:warnings].empty?
-        puts 'No errors or warnings'
+      if result[:errors].empty? && result[:warnings].empty?
+        puts "No errors or warnings"
       else
         red    = "\033[31m"
         yellow = "\033[33m"
         rst    = "\033[0m"
 
         item_msg = lambda { |item|
-          pos = [item[:file], item[:line], item[:column]].compact.join(':')
-          pos.empty? ? item[:msg] : pos + ': ' + item[:msg]
+          pos = [item[:file], item[:line], item[:column]].compact.join(":")
+          pos.empty? ? item[:msg] : pos + ": " + item[:msg]
         }
         result[:errors].each do |item|
           puts "#{red}  ✖  #{item_msg.call(item)}#{rst}"
@@ -123,7 +147,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
         end
 
         puts
-        puts format('Summary:     %s%d errors%s, %s%d warnings%s',
+        puts format("Summary:     %s%d errors%s, %s%d warnings%s",
                     red, result[:errors].length, rst,
                     yellow, result[:warnings].length, rst)
       end
@@ -133,35 +157,39 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     pretty_handle_exception(e)
   end
 
-  desc 'vendor PATH', 'Download all dependencies and generate a lockfile in a `vendor` directory'
+  desc "vendor PATH", "Download all dependencies and generate a lockfile in a `vendor` directory"
   option :overwrite, type: :boolean, default: false,
-    desc: 'Overwrite existing vendored dependencies and lockfile.'
+    desc: "Overwrite existing vendored dependencies and lockfile."
   def vendor(path = nil)
+    require "inspec/resources"
+
     o = config
     configure_logger(o)
-    o[:logger] = Logger.new(STDOUT)
+    o[:logger] = Logger.new($stdout)
     o[:logger].level = get_log_level(o[:log_level])
 
     vendor_deps(path, o)
   end
 
-  desc 'archive PATH', 'archive a profile to tar.gz (default) or zip'
+  desc "archive PATH", "archive a profile to tar.gz (default) or zip"
   profile_options
   option :output, aliases: :o, type: :string,
-    desc: 'Save the archive to a path'
+    desc: "Save the archive to a path"
   option :zip, type: :boolean, default: false,
-    desc: 'Generates a zip archive.'
+    desc: "Generates a zip archive."
   option :tar, type: :boolean, default: false,
-    desc: 'Generates a tar.gz archive.'
+    desc: "Generates a tar.gz archive."
   option :overwrite, type: :boolean, default: false,
-    desc: 'Overwrite existing archive.'
+    desc: "Overwrite existing archive."
   option :ignore_errors, type: :boolean, default: false,
-    desc: 'Ignore profile warnings.'
+    desc: "Ignore profile warnings."
   def archive(path)
+    require "inspec/resources"
+
     o = config
     diagnose(o)
 
-    o[:logger] = Logger.new(STDOUT)
+    o[:logger] = Logger.new($stdout)
     o[:logger].level = get_log_level(o[:log_level])
     o[:backend] = Inspec::Backend.create(Inspec::Config.mock)
 
@@ -174,7 +202,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     result = profile.check
 
     if result && !o[:ignore_errors] == false
-      o[:logger].info 'Profile check failed. Please fix the profile before generating an archive.'
+      o[:logger].info "Profile check failed. Please fix the profile before generating an archive."
       return exit 1
     end
 
@@ -184,7 +212,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     pretty_handle_exception(e)
   end
 
-  desc 'exec LOCATIONS', 'run all test files at the specified LOCATIONS.'
+  desc "exec LOCATIONS", "run all test files at the specified LOCATIONS."
   # TODO: find a way for Thor not to butcher the formatting of this
   long_desc <<~EOT
     Loads the given profile(s) and fetches their dependencies if needed. Then
@@ -206,55 +234,55 @@ class Inspec::InspecCLI < Inspec::BaseCLI
 
     Automate:
       ```
-      inspec compliance login
-      inspec exec compliance://username/linux-baseline
+      #{Inspec::Dist::EXEC_NAME} compliance login
+      #{Inspec::Dist::EXEC_NAME} exec compliance://username/linux-baseline
       ```
 
     Supermarket:
       ```
-      inspec exec supermarket://username/linux-baseline
+      #{Inspec::Dist::EXEC_NAME} exec supermarket://username/linux-baseline
       ```
 
     Local profile (executes all tests in `controls/`):
       ```
-      inspec exec /path/to/profile
+      #{Inspec::Dist::EXEC_NAME} exec /path/to/profile
       ```
 
     Local single test (doesn't allow inputs or custom resources)
       ```
-      inspec exec /path/to/a_test.rb
+      #{Inspec::Dist::EXEC_NAME} exec /path/to/a_test.rb
       ```
 
     Git via SSH
       ```
-      inspec exec git@github.com:dev-sec/linux-baseline.git
+      #{Inspec::Dist::EXEC_NAME} exec git@github.com:dev-sec/linux-baseline.git
       ```
 
     Git via HTTPS (.git suffix is required):
       ```
-      inspec exec https://github.com/dev-sec/linux-baseline.git
+      #{Inspec::Dist::EXEC_NAME} exec https://github.com/dev-sec/linux-baseline.git
       ```
 
     Private Git via HTTPS (.git suffix is required):
       ```
-      inspec exec https://API_TOKEN@github.com/dev-sec/linux-baseline.git
+      #{Inspec::Dist::EXEC_NAME} exec https://API_TOKEN@github.com/dev-sec/linux-baseline.git
       ```
 
     Private Git via HTTPS and cached credentials (.git suffix is required):
       ```
       git config credential.helper cache
       git ls-remote https://github.com/dev-sec/linux-baseline.git
-      inspec exec https://github.com/dev-sec/linux-baseline.git
+      #{Inspec::Dist::EXEC_NAME} exec https://github.com/dev-sec/linux-baseline.git
       ```
 
     Web hosted fileshare (also supports .zip):
       ```
-      inspec exec https://webserver/linux-baseline.tar.gz
+      #{Inspec::Dist::EXEC_NAME} exec https://webserver/linux-baseline.tar.gz
       ```
 
     Web hosted fileshare with basic authentication (supports .zip):
       ```
-      inspec exec https://username:password@webserver/linux-baseline.tar.gz
+      #{Inspec::Dist::EXEC_NAME} exec https://username:password@webserver/linux-baseline.tar.gz
       ```
   EOT
   exec_options
@@ -274,17 +302,17 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     pretty_handle_exception(e)
   end
 
-  desc 'detect', 'detect the target OS'
+  desc "detect", "detect the target OS"
   target_options
   option :format, type: :string
   def detect
     o = config
-    o[:command] = 'platform.params'
+    o[:command] = "platform.params"
     (_, res) = run_command(o)
-    if o['format'] == 'json'
+    if o["format"] == "json"
       puts res.to_json
     else
-      headline('Platform Details')
+      headline("Platform Details")
       puts Inspec::BaseCLI.format_platform_info(params: res, indent: 0, color: 36)
     end
   rescue ArgumentError, RuntimeError, Train::UserError => e
@@ -294,23 +322,23 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     pretty_handle_exception(e)
   end
 
-  desc 'shell', 'open an interactive debugging shell'
+  desc "shell", "open an interactive debugging shell"
   target_options
   option :command, aliases: :c,
-    desc: 'A single command string to run instead of launching the shell'
+    desc: "A single command string to run instead of launching the shell"
   option :reporter, type: :array,
-    banner: 'one two:/output/file/path',
-    desc: 'Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit'
+    banner: "one two:/output/file/path",
+    desc: "Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit"
   option :depends, type: :array, default: [],
-    desc: 'A space-delimited list of local folders containing profiles whose libraries and resources will be loaded into the new shell'
+    desc: "A space-delimited list of local folders containing profiles whose libraries and resources will be loaded into the new shell"
   option :distinct_exit, type: :boolean, default: true,
-    desc: 'Exit with code 100 if any tests fail, and 101 if any are skipped but none failed (default).  If disabled, exit 0 on skips and 1 for failures.'
+    desc: "Exit with code 100 if any tests fail, and 101 if any are skipped but none failed (default).  If disabled, exit 0 on skips and 1 for failures."
   def shell_func
     o = config
     diagnose(o)
     o[:debug_shell] = true
 
-    log_device = suppress_log_output?(o) ? nil : STDOUT
+    log_device = suppress_log_output?(o) ? nil : $stdout
     o[:logger] = Logger.new(log_device)
     o[:logger].level = get_log_level(o[:log_level])
 
@@ -323,7 +351,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     exit res unless run_type == :ruby_eval
 
     # No InSpec tests - just print evaluation output.
-    res = (res.respond_to?(:to_json) ? res.to_json : JSON.dump(res)) if o['reporter']&.keys&.include?('json')
+    res = (res.respond_to?(:to_json) ? res.to_json : JSON.dump(res)) if o["reporter"]&.keys&.include?("json")
     puts res
     exit 0
   rescue RuntimeError, Train::UserError => e
@@ -332,7 +360,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     pretty_handle_exception(e)
   end
 
-  desc 'env', 'Output shell-appropriate completion configuration'
+  desc "env", "Output shell-appropriate completion configuration"
   def env(shell = nil)
     p = Inspec::EnvPrinter.new(self.class, shell)
     p.print_and_exit!
@@ -340,31 +368,40 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     pretty_handle_exception(e)
   end
 
-  desc 'schema NAME', 'print the JSON schema', hide: true
+  desc "schema NAME", "print the JSON schema", hide: true
   def schema(name)
+    require "inspec/schema"
+
     puts Inspec::Schema.json(name)
   rescue StandardError => e
     puts e
     puts "Valid schemas are #{Inspec::Schema.names.join(', ')}"
   end
 
-  desc 'version', 'prints the version of this tool'
+  desc "version", "prints the version of this tool"
   option :format, type: :string
   def version
-    if config['format'] == 'json'
+    if config["format"] == "json"
       v = { version: Inspec::VERSION }
       puts v.to_json
     else
+      require "inspec/utils/latest_version"
       puts Inspec::VERSION
       # display outdated version
-      latest = LatestInSpecVersion.new.latest
+      # TODO: remove this. Don't notify of update to a gem when they install omnibus
+      latest = LatestInSpecVersion.new.latest || Inspec::VERSION
       if Gem::Version.new(Inspec::VERSION) < Gem::Version.new(latest)
-        puts "\nYour version of InSpec is out of date! The latest version is #{latest}."
+        puts "\nYour version of #{Inspec::Dist::PRODUCT_NAME} is out of date! The latest version is #{latest}."
       end
     end
   end
   map %w{-v --version} => :version
 
+  desc "nothing", "does nothing"
+  def nothing
+    puts "you did nothing"
+  end
+
   private
 
   def run_command(opts)
@@ -381,25 +418,25 @@ end
 #                        Pre-Flight Code
 #=====================================================================#
 
-help_commands = ['-h', '--help', 'help']
-version_commands = ['-v', '--version', 'version']
+help_commands = ["-h", "--help", "help"]
+version_commands = ["-v", "--version", "version"]
 commands_exempt_from_license_check = help_commands + version_commands
 
 #---------------------------------------------------------------------#
 # EULA acceptance
 #---------------------------------------------------------------------#
-require 'license_acceptance/acceptor'
+require "license_acceptance/acceptor"
 begin
-  if (commands_exempt_from_license_check & ARGV.map(&:downcase)).empty? &&  # Did they use a non-exempt command?
-     !ARGV.empty?                                                           # Did they supply at least one command?
+  if (commands_exempt_from_license_check & ARGV.map(&:downcase)).empty? && # Did they use a non-exempt command?
+      !ARGV.empty? # Did they supply at least one command?
     LicenseAcceptance::Acceptor.check_and_persist(
-      'inspec',
+      "inspec",
       Inspec::VERSION,
-      logger: Inspec::Log,
+      logger: Inspec::Log
     )
   end
 rescue LicenseAcceptance::LicenseNotAcceptedError
-  Inspec::Log.error 'InSpec cannot execute without accepting the license'
+  Inspec::Log.error "InSpec cannot execute without accepting the license"
   Inspec::UI.new.exit(:license_not_accepted)
 end
 
@@ -418,10 +455,12 @@ end
 #---------------------------------------------------------------------#
 # Plugin Loading
 #---------------------------------------------------------------------#
+require "inspec/plugin/v2"
+
 begin
   # Load v2 plugins.  Manually check for plugin disablement.
-  omit_core = ARGV.delete('--disable-core-plugins')
-  omit_user = ARGV.delete('--disable-user-plugins')
+  omit_core = ARGV.delete("--disable-core-plugins")
+  omit_user = ARGV.delete("--disable-user-plugins")
   v2_loader = Inspec::Plugin::V2::Loader.new(omit_core_plugins: omit_core, omit_user_plugins: omit_user)
   v2_loader.load_all
   v2_loader.exit_on_load_error
@@ -432,23 +471,23 @@ begin
   ctl.list.each { |x| ctl.load(x) }
 
   # load v1 CLI plugins before the InSpec CLI has been started
-  Inspec::Plugins::CLI.subcommands.each { |_subcommand, params|
+  Inspec::Plugins::CLI.subcommands.each do |_subcommand, params|
     Inspec::InspecCLI.register(
       params[:klass],
       params[:subcommand_name],
       params[:usage],
       params[:description],
-      params[:options],
+      params[:options]
     )
-  }
+  end
 rescue Inspec::Plugin::V2::Exception => v2ex
   Inspec::Log.error v2ex.message
 
-  if ARGV.include?('--debug')
+  if ARGV.include?("--debug")
     Inspec::Log.error v2ex.class.name
     Inspec::Log.error v2ex.backtrace.join("\n")
   else
-    Inspec::Log.error 'Run again with --debug for a stacktrace.'
+    Inspec::Log.error "Run again with --debug for a stacktrace."
   end
   exit 2
 end