inspec 4.3.2 → 4.6.3

data/lib/{utils → inspec/utils}/simpleconfig.rb

@@ -1,9 +1,7 @@
-# encoding: utf-8
 # copyright: 2015, Dominik Richter
-# author: Dominik Richter
-# author: Christoph Hartmann
 
-require 'utils/parser'
+require "inspec/utils/parser"
+require "hashie"
 
 class SimpleConfig
   include CommentParser
@@ -86,18 +84,18 @@ class SimpleConfig
     if opts[:multiple_values]
       @vals[line.strip] ||= []
     else
-      @vals[line.strip] = ''
+      @vals[line.strip] = ""
     end
   end
 
   def parse_rest(rest, opts)
     line, idx_nl = parse_comment_line(rest, opts)
-    parse_params_line(line, opts) or
-      parse_group_line(line, opts) or
+    parse_params_line(line, opts) ||
+      parse_group_line(line, opts) ||
       parse_implicit_assignment_line(line, opts)
 
     # return whatever is left
-    rest[(idx_nl + 1)..-1] || ''
+    rest[(idx_nl + 1)..-1] || ""
   end
 
   def is_empty_line(l)
@@ -106,9 +104,9 @@ class SimpleConfig
 
   def default_options
     {
-      quotes: '',
+      quotes: "",
       multiline: false,
-      comment_char: '#',
+      comment_char: "#",
       line_separator: nil, # uses this char to seperate lines before parsing
       assignment_regex: /^\s*([^=]*?)\s*=\s*(.*?)\s*$/,
       group_re: /\[([^\]]+)\]\s*$/,

data/lib/{utils → inspec/utils}/spdx.rb

@@ -1,9 +1,6 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
 class Spdx
   def self.licenses
-    spdx_file = File.join(File.dirname(__FILE__), 'spdx.txt').freeze
+    spdx_file = File.join(File.dirname(__FILE__), "spdx.txt").freeze
     File.read(spdx_file).split("\n")
   end
 

data/lib/inspec/utils/telemetry.rb

@@ -1,3 +1,3 @@
-require 'inspec/utils/telemetry/collector'
-require 'inspec/utils/telemetry/data_series'
-require 'inspec/utils/telemetry/global_methods'
+require "inspec/utils/telemetry/collector"
+require "inspec/utils/telemetry/data_series"
+require "inspec/utils/telemetry/global_methods"

data/lib/inspec/utils/telemetry/collector.rb

@@ -1,14 +1,23 @@
-require 'inspec/utils/telemetry/data_series'
-require 'singleton'
+require "inspec/config"
+require "inspec/utils/telemetry/data_series"
+require "singleton"
 
 module Inspec::Telemetry
   # A Singleton collection of data series objects.
   class Collector
     include Singleton
 
+    attr_reader :config
+
     def initialize
       @data_series = []
-      @enabled = true
+      @telemetry_toggled_off = false
+      load_config
+    end
+
+    # Allow loading a configuration, useful when testing.
+    def load_config(config = Inspec::Config.cached)
+      @config = config
     end
 
     # Add a data series to the collection.
@@ -17,17 +26,20 @@ module Inspec::Telemetry
       @data_series << data_series
     end
 
-    # Is the Telemetry system enabled or disabled?
-    # Always true until we add configuration parsing.
+    # The loaded configuration should have a option to configure
+    # telemetry, if not default to false.
     # @return [True, False]
     def telemetry_enabled?
-      @enabled
+      if @telemetry_toggled_off
+        false
+      else
+        config_telemetry_options.fetch("enable_telemetry", false)
+      end
     end
 
     # A way to disable the telemetry system.
-    # @return [True]
     def disable_telemetry
-      @enabled = false
+      @telemetry_toggled_off = true
     end
 
     # The entire data series collection.
@@ -52,9 +64,18 @@ module Inspec::Telemetry
     end
 
     # Blanks the contents of the data series collection.
+    # Reset telemetry toggle
     # @return [True]
-    def reset
+    def reset!
       @data_series = []
+      @telemetry_toggled_off = false
+    end
+
+    private
+
+    # Minimize exposure of Inspec::Config interface
+    def config_telemetry_options
+      config.telemetry_options
     end
   end
 end

data/lib/inspec/utils/telemetry/data_series.rb

@@ -1,4 +1,6 @@
-require 'json'
+require "json"
+
+module Inspec; end
 
 # A minimal Dataseries Object
 # Stores the name of the data series and an array of data.

data/lib/inspec/utils/telemetry/global_methods.rb

@@ -1,4 +1,4 @@
-require 'inspec/utils/telemetry'
+require "inspec/utils/telemetry/collector"
 
 module Inspec
   # A Global method to add a data series object to the Telemetry Collection.

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = '4.3.2'.freeze
+  VERSION = "4.6.3".freeze
 end

data/lib/matchers/matchers.rb

@@ -1,7 +1,4 @@
-# encoding: utf-8
 # copyright: 2015, Vulcano Security GmbH
-# author: Dominik Richter
-# author: Christoph Hartmann
 
 RSpec::Matchers.define :be_readable do
   match do |file|
@@ -17,7 +14,7 @@ RSpec::Matchers.define :be_readable do
   end
 
   description do
-    res = 'be readable'
+    res = "be readable"
     res += " by #{@by}" unless @by.nil?
     res += " by user #{@by_user}" unless @by_user.nil?
     res
@@ -38,7 +35,7 @@ RSpec::Matchers.define :be_writable do
   end
 
   description do
-    res = 'be writable'
+    res = "be writable"
     res += " by #{@by}" unless @by.nil?
     res += " by user #{@by_user}" unless @by_user.nil?
     res
@@ -59,7 +56,7 @@ RSpec::Matchers.define :be_executable do
   end
 
   description do
-    res = 'be executable'
+    res = "be executable"
     res += " by #{@by}" unless @by.nil?
     res += " by user #{@by_user}" unless @by_user.nil?
     res
@@ -95,7 +92,7 @@ RSpec::Matchers.define :be_enabled do
   end
 
   chain :with_level do |_level|
-    raise '[UNSUPPORTED] with level is not supported'
+    raise "[UNSUPPORTED] with level is not supported"
   end
 
   failure_message do |service|
@@ -107,12 +104,12 @@ end
 # Deprecated: You should not use this matcher anymore
 RSpec::Matchers.define :be_running do
   match do |service|
-    Inspec.deprecate(:serverspec_compatibility, 'The service `be_running?` matcher is deprecated.')
+    Inspec.deprecate(:serverspec_compatibility, "The service `be_running?` matcher is deprecated.")
     service.running? == true
   end
 
   chain :under do |_under|
-    raise '[UNSUPPORTED] under is not supported'
+    raise "[UNSUPPORTED] under is not supported"
   end
 
   failure_message do |service|
@@ -127,7 +124,7 @@ RSpec::Matchers.define :be_reachable do
   end
 
   chain :with do |_attr|
-    raise '[UNSUPPORTED] `with` is not supported in combination with `be_reachable`'
+    raise "[UNSUPPORTED] `with` is not supported in combination with `be_reachable`"
   end
 
   failure_message do |host|
@@ -218,13 +215,13 @@ RSpec::Matchers.define :cmp do |first_expected| # rubocop:disable Metrics/BlockL
   def float?(value)
     Float(value)
     true
-  rescue ArgumentError => _ex
+  rescue ArgumentError, TypeError
     false
   end
 
   def octal?(value)
     return false unless value.is_a?(String)
-    !(value =~ /\A0+\d+\Z/).nil?
+    !(value =~ /\A0+[0-7]+\Z/).nil?
   end
 
   def boolean?(value)
@@ -240,33 +237,33 @@ RSpec::Matchers.define :cmp do |first_expected| # rubocop:disable Metrics/BlockL
 
   # expects that the values have been checked with boolean?
   def to_boolean(value)
-    value.casecmp('true') == 0
+    value.casecmp("true") == 0
   end
 
   def try_match(actual, op, expected) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize
     # if actual and expected are strings
     if expected.is_a?(String) && actual.is_a?(String)
       return actual.casecmp(expected) == 0 if op == :==
-      return Gem::Version.new(actual).method(op).call(Gem::Version.new(expected)) if
+      return Gem::Version.new(actual).send(op, Gem::Version.new(expected)) if
         version?(expected) && version?(actual)
     elsif expected.is_a?(Regexp) && (actual.is_a?(String) || actual.is_a?(Integer))
       return !actual.to_s.match(expected).nil?
     elsif expected.is_a?(String) && integer?(expected) && actual.is_a?(Integer)
-      return actual.method(op).call(expected.to_i)
+      return actual.send(op, expected.to_i)
     elsif expected.is_a?(String) && boolean?(expected) && [true, false].include?(actual)
-      return actual.method(op).call(to_boolean(expected))
+      return actual.send(op, to_boolean(expected))
     elsif expected.is_a?(Integer) && integer?(actual)
-      return actual.to_i.method(op).call(expected)
+      return actual.to_i.send(op, expected)
     elsif expected.is_a?(Float) && float?(actual)
-      return actual.to_f.method(op).call(expected)
+      return actual.to_f.send(op, expected)
     elsif actual.is_a?(Symbol) && expected.is_a?(String)
-      return actual.to_s.method(op).call(expected)
+      return try_match(actual.to_s, op, expected)
     elsif octal?(expected) && actual.is_a?(Integer)
-      return actual.method(op).call(expected.to_i(8))
+      return actual.send(op, expected.to_i(8))
     end
 
     # fallback to simple operation
-    actual.method(op).call(expected)
+    actual.send(op, expected)
   rescue NameError => _
     false
   rescue ArgumentError
@@ -289,18 +286,18 @@ RSpec::Matchers.define :cmp do |first_expected| # rubocop:disable Metrics/BlockL
   end
 
   def format_expectation(negate)
-    return 'expected: '+@expected.inspect if @operation == :== && !negate
-    negate_str = negate ? 'not ' : ''
+    return "expected: " + @expected.inspect if @operation == :== && !negate
+    negate_str = negate ? "not " : ""
     "expected it #{negate_str}to be #{@operation} #{@expected.inspect}"
   end
 
   failure_message do |actual|
-    actual = ('0' + actual.to_s(8)) if octal?(@expected)
+    actual = ("0" + actual.to_s(8)) if octal?(@expected)
     "\n" + format_expectation(false) + "\n     got: #{actual.inspect}\n\n(compared using `cmp` matcher)\n"
   end
 
   failure_message_when_negated do |actual|
-    actual = ('0' + actual.to_s(8)).inspect if octal?(@expected)
+    actual = ("0" + actual.to_s(8)).inspect if octal?(@expected)
     "\n" + format_expectation(true) + "\n     got: #{actual.inspect}\n\n(compared using `cmp` matcher)\n"
   end
 

data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb

@@ -4,7 +4,7 @@ module InspecPlugins
       plugin_name :'inspec-artifact'
 
       cli_command :artifact do
-        require_relative 'inspec-artifact/cli'
+        require_relative "inspec-artifact/cli"
         InspecPlugins::Artifact::CLI
       end
     end

data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb

@@ -1,41 +1,48 @@
-require 'base64'
-require 'openssl'
-require 'pathname'
-require 'set'
-require 'tempfile'
-require 'yaml'
+require "base64"
+require "openssl"
+require "pathname"
+require "set"
+require "tempfile"
+require "yaml"
+require "inspec/dist"
 
 module InspecPlugins
   module Artifact
     class Base
-      KEY_BITS=2048
-      KEY_ALG=OpenSSL::PKey::RSA
+      include Inspec::Dist
 
-      INSPEC_PROFILE_VERSION_1='INSPEC-PROFILE-1'.freeze
-      INSPEC_REPORT_VERSION_1='INSPEC-REPORT-1'.freeze
+      KEY_BITS = 2048
+      KEY_ALG = OpenSSL::PKey::RSA
 
-      ARTIFACT_DIGEST=OpenSSL::Digest::SHA512
-      ARTIFACT_DIGEST_NAME='SHA512'.freeze
+      INSPEC_PROFILE_VERSION_1 = "INSPEC-PROFILE-1".freeze
+      INSPEC_REPORT_VERSION_1 = "INSPEC-REPORT-1".freeze
 
-      VALID_PROFILE_VERSIONS=Set.new [INSPEC_PROFILE_VERSION_1]
-      VALID_PROFILE_DIGESTS=Set.new [ARTIFACT_DIGEST_NAME]
+      ARTIFACT_DIGEST = OpenSSL::Digest::SHA512
+      ARTIFACT_DIGEST_NAME = "SHA512".freeze
 
-      SIGNED_PROFILE_SUFFIX='iaf'.freeze
-      SIGNED_REPORT_SUFFIX='iar'.freeze
+      VALID_PROFILE_VERSIONS = Set.new [INSPEC_PROFILE_VERSION_1]
+      VALID_PROFILE_DIGESTS = Set.new [ARTIFACT_DIGEST_NAME]
+
+      SIGNED_PROFILE_SUFFIX = "iaf".freeze
+      SIGNED_REPORT_SUFFIX = "iar".freeze
 
       def self.keygen(options)
         key = KEY_ALG.new KEY_BITS
-        puts 'Generating private key'
-        open "#{options['keyname']}.pem.key", 'w' do |io| io.write key.to_pem end
-        puts 'Generating public key'
-        open "#{options['keyname']}.pem.pub", 'w' do |io| io.write key.public_key.to_pem end
+        puts "Generating private key"
+        open "#{options['keyname']}.pem.key", "w" do |io|
+          io.write key.to_pem
+        end
+        puts "Generating public key"
+        open "#{options['keyname']}.pem.pub", "w" do |io|
+          io.write key.public_key.to_pem
+        end
       end
 
       def self.profile_sign(options)
         artifact = new
         Dir.mktmpdir do |workdir|
           puts "Signing #{options['profile']} with key #{options['keyname']}"
-          path_to_profile = options['profile']
+          path_to_profile = options["profile"]
           profile_md = artifact.read_profile_metadata(path_to_profile)
           artifact_filename = "#{profile_md['name']}-#{profile_md['version']}.#{SIGNED_PROFILE_SUFFIX}"
           tarfile = artifact.profile_compress(path_to_profile, profile_md, workdir)
@@ -46,12 +53,12 @@ module InspecPlugins
           # convert the signature to Base64
           signature_base64 = Base64.encode64(signature)
           tar_content = IO.binread(tarfile)
-          File.open(artifact_filename, 'wb') do |f|
+          File.open(artifact_filename, "wb") do |f|
             f.puts(INSPEC_PROFILE_VERSION_1)
-            f.puts(options['keyname'])
+            f.puts(options["keyname"])
             f.puts(ARTIFACT_DIGEST_NAME)
             f.puts(signature_base64)
-            f.puts('') # newline separates artifact header with body
+            f.puts("") # newline separates artifact header with body
             f.write(tar_content)
           end
           puts "Successfully generated #{artifact_filename}"
@@ -60,21 +67,21 @@ module InspecPlugins
 
       def self.profile_verify(options)
         artifact = new
-        file_to_verifiy = options['infile']
+        file_to_verifiy = options["infile"]
         puts "Verifying #{file_to_verifiy}"
         artifact.verify(file_to_verifiy) do ||
-          puts 'Artifact is valid'
+          puts "Artifact is valid"
         end
       end
 
       def self.profile_install(options)
         artifact = new
-        puts 'Installing profile'
-        file_to_verifiy = options['infile']
-        dest_dir = options['destdir']
+        puts "Installing profile"
+        file_to_verifiy = options["infile"]
+        dest_dir = options["destdir"]
         artifact.verify(file_to_verifiy) do |content|
           Dir.mktmpdir do |workdir|
-            tmpfile = Pathname.new(workdir).join('artifact_to_install.tar.gz')
+            tmpfile = Pathname.new(workdir).join("artifact_to_install.tar.gz")
             File.write(tmpfile, content)
             puts "Installing to #{dest_dir}"
             `tar xzf #{tmpfile} -C #{dest_dir}`
@@ -85,31 +92,31 @@ module InspecPlugins
       def read_profile_metadata(path_to_profile)
         begin
           p = Pathname.new(path_to_profile)
-          p = p.join('inspec.yml')
+          p = p.join("inspec.yml")
           if not p.exist?
-            raise "#{path_to_profile} doesn't appear to be a valid InSpec profile"
+            raise "#{path_to_profile} doesn't appear to be a valid #{PRODUCT_NAME} profile"
           end
           yaml = YAML.load_file(p.to_s)
           yaml = yaml.to_hash
 
-          if not yaml.key? 'name'
-            raise 'Profile is invalid, name is not defined'
+          if not yaml.key? "name"
+            raise "Profile is invalid, name is not defined"
           end
 
-          if not yaml.key? 'version'
-            raise 'Profile is invalid, version is not defined'
+          if not yaml.key? "version"
+            raise "Profile is invalid, version is not defined"
           end
         rescue => e
           # rewrap it and pass it up to the CLI
-          raise "Error reading InSpec profile metadata: #{e}"
+          raise "Error reading #{PRODUCT_NAME} profile metadata: #{e}"
         end
 
         yaml
       end
 
       def profile_compress(path_to_profile, profile_md, workdir)
-        profile_name = profile_md['name']
-        profile_version = profile_md['version']
+        profile_name = profile_md["name"]
+        profile_version = profile_md["version"]
         outfile_name = "#{workdir}/#{profile_name}-#{profile_version}.tar.gz"
         `tar czf #{outfile_name} -C #{path_to_profile} .`
         outfile_name
@@ -122,17 +129,17 @@ module InspecPlugins
           raise "Can't find #{public_keyfile}"
         end
 
-        raise 'Invalid artifact digest algorithm detected' if !VALID_PROFILE_DIGESTS.member?(file_alg)
-        raise 'Invalid artifact version detected' if !VALID_PROFILE_VERSIONS.member?(file_version)
+        raise "Invalid artifact digest algorithm detected" if !VALID_PROFILE_DIGESTS.member?(file_alg)
+        raise "Invalid artifact version detected" if !VALID_PROFILE_VERSIONS.member?(file_version)
       end
 
       def verify(file_to_verifiy, &content_block)
-        f = File.open(file_to_verifiy, 'r')
+        f = File.open(file_to_verifiy, "r")
         file_version = f.readline.strip!
         file_keyname = f.readline.strip!
         file_alg = f.readline.strip!
 
-        file_sig = ''
+        file_sig = ""
         # the signature is multi-line
         while (line = f.readline) != "\n"
           file_sig += line
@@ -145,7 +152,7 @@ module InspecPlugins
         public_keyfile = "#{file_keyname}.pem.pub"
         verification_key = KEY_ALG.new File.read public_keyfile
 
-        f = File.open(file_to_verifiy, 'r')
+        f = File.open(file_to_verifiy, "r")
         while f.readline != "\n" do end
         content = f.read
 
@@ -154,7 +161,7 @@ module InspecPlugins
         if verification_key.verify digest, signature, content
           content_block.yield(content)
         else
-          puts 'Artifact is invalid'
+          puts "Artifact is invalid"
         end
       end
     end