inspec 4.3.2 → 4.6.3

data/lib/inspec/config.rb

@@ -1,8 +1,12 @@
 # Represents InSpec configuration.  Merges defaults, config file options,
 # and CLI arguments.
 
-require 'pp'
-require 'stringio'
+require "pp"
+require "stringio"
+require "forwardable"
+require "thor"
+require "base64"
+require "inspec/base_cli"
 
 module Inspec
   class Config
@@ -27,7 +31,7 @@ module Inspec
 
     # This makes it easy to make a config with a mock backend.
     def self.mock(opts = {})
-      Inspec::Config.new({ backend: :mock }.merge(opts), StringIO.new('{}'))
+      Inspec::Config.new({ backend: :mock }.merge(opts), StringIO.new("{}"))
     end
 
     # Use this to get a cached version of the config.  This prevents you from
@@ -58,15 +62,21 @@ module Inspec
       return unless self[:diagnose]
       puts "InSpec version: #{Inspec::VERSION}"
       puts "Train version: #{Train::VERSION}"
-      puts 'Command line configuration:'
+      puts "Command line configuration:"
       pp @cli_opts
-      puts 'JSON configuration file:'
+      puts "JSON configuration file:"
       pp @cfg_file_contents
-      puts 'Merged configuration:'
+      puts "Merged configuration:"
       pp @merged_options
       puts
     end
 
+    # return all telemetry options from config
+    # @return [Hash]
+    def telemetry_options
+      final_options.select { |key, _| key.include?("telemetry") }
+    end
+
     #-----------------------------------------------------------------------#
     #                      Train Credential Handling
     #-----------------------------------------------------------------------#
@@ -121,7 +131,7 @@ module Inspec
       credentials.merge!(unprefixed_transport_options)
 
       # If there are any prefixed options, merge them in, stripping the prefix.
-      transport_prefix = transport_name.downcase.tr('-', '_') + '_'
+      transport_prefix = transport_name.downcase.tr("-", "_") + "_"
       transport_options.each do |bare_option_name|
         prefixed_option_name = transport_prefix + bare_option_name.to_s
         if final_options.key?(prefixed_option_name)
@@ -140,7 +150,7 @@ module Inspec
 
       # Default to local
       unless @final_options.key?(:target)
-        credentials[:backend] = 'local'
+        credentials[:backend] = "local"
         return
       end
 
@@ -157,7 +167,7 @@ module Inspec
       credset_name = _utc_find_credset_name(credentials, transport_name)
 
       if credset_name
-        credset = @cfg_file_contents.dig('credentials', transport_name, credset_name)
+        credset = @cfg_file_contents.dig("credentials", transport_name, credset_name)
         if credset
           credentials.merge!(credset)
         else
@@ -185,7 +195,7 @@ module Inspec
 
     # Regardless of our situation, end up with a readable IO object
     def resolve_cfg_io(cli_opts, cfg_io)
-      raise(ArgumentError, 'Inspec::Config must use an IO to read from') if cfg_io && !cfg_io.respond_to?(:read)
+      raise(ArgumentError, "Inspec::Config must use an IO to read from") if cfg_io && !cfg_io.respond_to?(:read)
       cfg_io ||= check_for_piped_config(cli_opts)
       return cfg_io if cfg_io
 
@@ -200,10 +210,10 @@ module Inspec
       Inspec.deprecate(:cli_option_json_config) if cli_opts.key?(:json_config)
 
       return nil unless cli_opt
-      return nil unless cli_opt == '-'
+      return nil unless cli_opt == "-"
       # This warning is here so that if a user invokes inspec with --config=-,
       # they will have an explanation for why it appears to hang.
-      Inspec::Log.warn 'Reading JSON config from standard input' if STDIN.tty?
+      Inspec::Log.warn "Reading JSON config from standard input" if STDIN.tty?
       STDIN
     end
 
@@ -212,7 +222,7 @@ module Inspec
       Inspec.deprecate(:cli_option_json_config) if cli_opts.key?(:json_config)
 
       if path.nil?
-        default_path = File.join(Inspec.config_dir, 'config.json')
+        default_path = File.join(Inspec.config_dir, "config.json")
         path = default_path if File.exist?(default_path)
       elsif !File.exist?(path)
         raise ArgumentError, "Could not read configuration file at #{path}"
@@ -239,7 +249,7 @@ module Inspec
     end
 
     def file_version
-      @cfg_file_contents['version'] || :legacy
+      @cfg_file_contents["version"] || :legacy
     end
 
     def legacy_file?
@@ -251,26 +261,26 @@ module Inspec
         # Assume everything in the file is a CLI option
         @cfg_file_contents
       else
-        @cfg_file_contents['cli_options'] || {}
+        @cfg_file_contents["cli_options"] || {}
       end
     end
 
     def config_file_reporter_options
       # This is assumed to be top-level in both legacy and 1.1.
       # Technically, you could sneak it in the 1.1 cli opts area.
-      @cfg_file_contents.key?('reporter') ? { 'reporter' => @cfg_file_contents['reporter'] } : {}
+      @cfg_file_contents.key?("reporter") ? { "reporter" => @cfg_file_contents["reporter"] } : {}
     end
 
     #-----------------------------------------------------------------------#
     #                            Validation
     #-----------------------------------------------------------------------#
     def validate_config_file_contents!
-      version = @cfg_file_contents['version']
+      version = @cfg_file_contents["version"]
 
       # Assume legacy format, which is unconstrained
       return unless version
 
-      unless version == '1.1'
+      unless version == "1.1"
         raise Inspec::ConfigError::Invalid, "Unsupported config file version '#{version}' - currently supported versions: 1.1"
       end
 
@@ -286,23 +296,23 @@ module Inspec
       return if reporters.nil?
       # TODO: move this into a reporter plugin type system
       valid_types = [
-        'automate',
-        'cli',
-        'documentation',
-        'html',
-        'json',
-        'json-automate',
-        'json-min',
-        'json-rspec',
-        'junit',
-        'progress',
-        'yaml',
+        "automate",
+        "cli",
+        "documentation",
+        "html",
+        "json",
+        "json-automate",
+        "json-min",
+        "json-rspec",
+        "junit",
+        "progress",
+        "yaml",
       ]
 
       reporters.each do |reporter_name, reporter_config|
         raise NotImplementedError, "'#{reporter_name}' is not a valid reporter type." unless valid_types.include?(reporter_name)
 
-        next unless reporter_name == 'automate'
+        next unless reporter_name == "automate"
         %w{token url}.each do |option|
           raise Inspec::ReporterError, "You must specify a automate #{option} via the config file." if reporter_config[option].nil?
         end
@@ -311,10 +321,10 @@ module Inspec
       # check to make sure we are only reporting one type to stdout
       stdout_reporters = 0
       reporters.each_value do |reporter_config|
-        stdout_reporters += 1 if reporter_config['stdout'] == true
+        stdout_reporters += 1 if reporter_config["stdout"] == true
       end
 
-      raise ArgumentError, 'The option --reporter can only have a single report outputting to stdout.' if stdout_reporters > 1
+      raise ArgumentError, "The option --reporter can only have a single report outputting to stdout." if stdout_reporters > 1
     end
 
     #-----------------------------------------------------------------------#
@@ -358,36 +368,36 @@ module Inspec
 
     def finalize_parse_reporters(options) # rubocop:disable Metrics/AbcSize
       # default to cli report for ad-hoc runners
-      options['reporter'] = ['cli'] if options['reporter'].nil?
+      options["reporter"] = ["cli"] if options["reporter"].nil?
 
       # parse out cli to proper report format
-      if options['reporter'].is_a?(Array)
+      if options["reporter"].is_a?(Array)
         reports = {}
-        options['reporter'].each do |report|
-          reporter_name, destination = report.split(':', 2)
-          if destination.nil? || destination.strip == '-'
-            reports[reporter_name] = { 'stdout' => true }
+        options["reporter"].each do |report|
+          reporter_name, destination = report.split(":", 2)
+          if destination.nil? || destination.strip == "-"
+            reports[reporter_name] = { "stdout" => true }
           else
             reports[reporter_name] = {
-              'file' => destination,
-              'stdout' => false,
+              "file" => destination,
+              "stdout" => false,
             }
-            reports[reporter_name]['target_id'] = options['target_id'] if options['target_id']
+            reports[reporter_name]["target_id"] = options["target_id"] if options["target_id"]
           end
         end
-        options['reporter'] = reports
+        options["reporter"] = reports
       end
 
       # add in stdout if not specified
-      if options['reporter'].is_a?(Hash)
-        options['reporter'].each do |reporter_name, config|
-          options['reporter'][reporter_name] = {} if config.nil?
-          options['reporter'][reporter_name]['stdout'] = true if options['reporter'][reporter_name].empty?
-          options['reporter'][reporter_name]['target_id'] = options['target_id'] if options['target_id']
+      if options["reporter"].is_a?(Hash)
+        options["reporter"].each do |reporter_name, config|
+          options["reporter"][reporter_name] = {} if config.nil?
+          options["reporter"][reporter_name]["stdout"] = true if options["reporter"][reporter_name].empty?
+          options["reporter"][reporter_name]["target_id"] = options["target_id"] if options["target_id"]
         end
       end
 
-      validate_reporters!(options['reporter'])
+      validate_reporters!(options["reporter"])
       options
     end
 
@@ -398,38 +408,38 @@ module Inspec
       # whenever it is used, it requires a value. Handle options that were
       # defined in such a way and require a value here:
       %w{password sudo-password}.each do |option_name|
-        snake_case_option_name = option_name.tr('-', '_').to_s
+        snake_case_option_name = option_name.tr("-", "_").to_s
         next unless options[snake_case_option_name] == -1 # Thor sets -1 for missing value - see #1918
         raise ArgumentError, "Please provide a value for --#{option_name}. For example: --#{option_name}=hello."
       end
 
       # Infer `--sudo` if using `--sudo-password` without `--sudo`
-      if options['sudo_password'] && !options['sudo']
-        options['sudo'] = true
-        Inspec::Log.warn '`--sudo-password` used without `--sudo`. Adding `--sudo`.'
+      if options["sudo_password"] && !options["sudo"]
+        options["sudo"] = true
+        Inspec::Log.warn "`--sudo-password` used without `--sudo`. Adding `--sudo`."
       end
     end
 
     def finalize_compliance_login(options)
       # check for compliance settings
       # This is always a hash, comes from config file, not CLI opts
-      if options.key?('compliance')
-        require 'plugins/inspec-compliance/lib/inspec-compliance/api'
-        InspecPlugins::Compliance::API.login(options['compliance'])
+      if options.key?("compliance")
+        require "plugins/inspec-compliance/lib/inspec-compliance/api"
+        InspecPlugins::Compliance::API.login(options["compliance"])
       end
     end
 
     class Defaults
       DEFAULTS = {
         exec: {
-          'reporter' => ['cli'],
-          'show_progress' => false,
-          'color' => true,
-          'create_lockfile' => true,
-          'backend_cache' => true,
+          "reporter" => ["cli"],
+          "show_progress" => false,
+          "color" => true,
+          "create_lockfile" => true,
+          "backend_cache" => true,
         },
         shell: {
-          'reporter' => ['cli'],
+          "reporter" => ["cli"],
         },
       }.freeze
 

data/lib/inspec/control_eval_context.rb

@@ -1,8 +1,6 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-require 'inspec/dsl'
-require 'inspec/dsl_shared'
+require "inspec/dsl"
+require "inspec/dsl_shared"
+require "rspec/core/dsl"
 
 module Inspec
   #
@@ -20,22 +18,20 @@ module Inspec
     # @param [ResourcesDSL] resources_dsl which has all resources to attach
     # @return [RuleContext] the inner context of rules
     def self.rule_context(resources_dsl, profile_id)
-      require 'rspec/core/dsl'
       Class.new(Inspec::Rule) do
         include RSpec::Core::DSL
         with_resource_dsl resources_dsl
 
         # allow attributes to be accessed within control blocks
-        # TODO: deprecate name, use input()
-        define_method :attribute do |input_name, options = {}|
+        define_method :input do |input_name, options = {}|
           if options.empty?
             # Simply an access, no event here
             Inspec::InputRegistry.find_or_register_input(input_name, profile_id).value
           else
-            options[:priority] = 20
+            options[:priority] ||= 20
             options[:provider] = :inline_control_code
             evt = Inspec::Input.infer_event(options)
-            Inspec::InputRegistry.find_or_register_input(input_name, profile_name, event: evt).value
+            Inspec::InputRegistry.find_or_register_input(input_name, profile_id, event: evt).value
           end
         end
 
@@ -45,6 +41,11 @@ module Inspec
           Inspec::InputRegistry.find_or_register_input(input_name, profile_id)
         end
 
+        define_method :attribute do |name, options = {}|
+          Inspec.deprecate(:attrs_dsl, "Input name: #{name}, Profile: #{profile_id}")
+          input(name, options)
+        end
+
         # Support for Control DSL plugins.
         # This is called when an unknown method is encountered
         # within a control block.
@@ -170,29 +171,27 @@ module Inspec
 
           unless profile_context_owner.profile_supports_platform?
             platform = inspec.platform
-            msg = "Profile #{profile_context_owner.profile_id} is not supported on platform #{platform.name}/#{platform.release}."
+            msg = "Profile `#{profile_context_owner.profile_id}` is not supported on platform #{platform.name}/#{platform.release}."
             ::Inspec::Rule.set_skip_rule(control, true, msg)
           end
 
           unless profile_context_owner.profile_supports_inspec_version?
-            msg = "Profile #{profile_context_owner.profile_id} is not supported on InSpec version (#{Inspec::VERSION})."
+            msg = "Profile `#{profile_context_owner.profile_id}` is not supported on InSpec version (#{Inspec::VERSION})."
             ::Inspec::Rule.set_skip_rule(control, true, msg)
           end
 
           profile_context_owner.register_rule(control, &block) unless control.nil?
         end
 
-        # method for inputs; import input handling
-        # TODO: deprecate name, use input()
-        define_method :attribute do |input_name, options = {}|
+        define_method :input do |input_name, options = {}|
           if options.empty?
             # Simply an access, no event here
             Inspec::InputRegistry.find_or_register_input(input_name, profile_id).value
           else
-            options[:priority] = 20
+            options[:priority] ||= 20
             options[:provider] = :inline_control_code
             evt = Inspec::Input.infer_event(options)
-            Inspec::InputRegistry.find_or_register_input(input_name, profile_name, event: evt).value
+            Inspec::InputRegistry.find_or_register_input(input_name, profile_id, event: evt).value
           end
         end
 
@@ -202,6 +201,11 @@ module Inspec
           Inspec::InputRegistry.find_or_register_input(input_name, profile_id)
         end
 
+        define_method :attribute do |name, options = {}|
+          Inspec.deprecate(:attrs_dsl, "Input name: #{name}, Profile: #{profile_id}")
+          input(name, options)
+        end
+
         define_method :skip_control do |id|
           profile_context_owner.unregister_rule(id)
         end
@@ -229,7 +233,7 @@ module Inspec
 
         def block_location(block, alternate_caller)
           if block.nil?
-            alternate_caller[/^(.+:\d+):in .+$/, 1] || 'unknown'
+            alternate_caller[/^(.+:\d+):in .+$/, 1] || "unknown"
           else
             path, line = block.source_location
             "#{File.basename(path)}:#{line}"

data/lib/inspec/dependencies/cache.rb

@@ -1,5 +1,4 @@
-# encoding: utf-8
-require 'fileutils'
+require "fileutils"
 
 module Inspec
   #
@@ -18,7 +17,7 @@ module Inspec
   class Cache
     attr_reader :path
     def initialize(path = nil)
-      @path = path || File.join(Inspec.config_dir, 'cache')
+      @path = path || File.join(Inspec.config_dir, "cache")
       FileUtils.mkdir_p(@path) unless File.directory?(@path)
     end
 

data/lib/inspec/dependencies/dependency_set.rb

@@ -1,6 +1,5 @@
-# encoding: utf-8
-require 'inspec/dependencies/requirement'
-require 'inspec/dependencies/resolver'
+require "inspec/dependencies/requirement"
+require "inspec/dependencies/resolver"
 
 module Inspec
   #

data/lib/inspec/dependencies/lockfile.rb

@@ -1,5 +1,4 @@
-# encoding: utf-8
-require 'yaml'
+require "yaml"
 
 module Inspec
   class Lockfile
@@ -9,15 +8,15 @@ module Inspec
 
     def self.from_dependency_set(dep_set)
       lockfile_content = {
-        'lockfile_version' => CURRENT_LOCKFILE_VERSION,
-        'depends' => dep_set.to_array,
+        "lockfile_version" => CURRENT_LOCKFILE_VERSION,
+        "depends" => dep_set.to_array,
       }
       new(lockfile_content)
     end
 
     def self.from_content(content)
       parsed_content = YAML.load(content)
-      version = parsed_content['lockfile_version']
+      version = parsed_content["lockfile_version"]
       raise "No lockfile_version set in #{path}!" if version.nil?
       validate_lockfile_version!(version.to_i)
       new(parsed_content)
@@ -51,15 +50,15 @@ module Inspec
 
     attr_reader :version, :deps
     def initialize(lockfile_content_hash)
-      version = lockfile_content_hash['lockfile_version']
+      version = lockfile_content_hash["lockfile_version"]
       @version = version.to_i
       parse_content_hash(lockfile_content_hash)
     end
 
     def to_yaml
       {
-        'lockfile_version' => CURRENT_LOCKFILE_VERSION,
-        'depends' => @deps.map { |i| stringify_keys(i) },
+        "lockfile_version" => CURRENT_LOCKFILE_VERSION,
+        "depends" => @deps.map { |i| stringify_keys(i) },
       }.to_yaml
     end
 
@@ -85,7 +84,7 @@ module Inspec
     end
 
     def parse_content_hash_1(lockfile_content_hash)
-      @deps = lockfile_content_hash['depends']&.map { |i| symbolize_keys(i) }
+      @deps = lockfile_content_hash["depends"]&.map { |i| symbolize_keys(i) }
     end
 
     def mutate_hash_keys_with(hash, fun)