inspec 4.3.2 → 4.6.3

data/lib/inspec/globals.rb

@@ -1,9 +1,9 @@
 module Inspec
   def self.config_dir
-    ENV['INSPEC_CONFIG_DIR'] ? ENV['INSPEC_CONFIG_DIR'] : File.join(Dir.home, '.inspec')
+    ENV["INSPEC_CONFIG_DIR"] ? ENV["INSPEC_CONFIG_DIR"] : File.join(Dir.home, ".inspec")
   end
 
   def self.src_root
-    File.expand_path(File.join(__FILE__, '..', '..', '..'))
+    File.expand_path(File.join(__FILE__, "..", "..", ".."))
   end
 end

data/lib/inspec/impact.rb

@@ -1,13 +1,11 @@
-# encoding: utf-8
-
 # Impact scores based off CVSS 3.0
 module Inspec::Impact
   IMPACT_SCORES = {
-    'none'     => 0.0,
-    'low'      => 0.1,
-    'medium'   => 0.4,
-    'high'     => 0.7,
-    'critical' => 0.9,
+    "none" => 0.0,
+    "low" => 0.1,
+    "medium" => 0.4,
+    "high" => 0.7,
+    "critical" => 0.9,
   }.freeze
 
   def self.impact_from_string(value)

data/lib/inspec/input_registry.rb

@@ -1,8 +1,9 @@
-require 'forwardable'
-require 'singleton'
-require 'inspec/objects/input'
-require 'inspec/secrets'
-require 'inspec/exceptions'
+require "forwardable"
+require "singleton"
+require "inspec/objects/input"
+require "inspec/secrets"
+require "inspec/exceptions"
+require "inspec/plugin/v2"
 
 module Inspec
   # The InputRegistry's responsibilities include:
@@ -12,7 +13,7 @@ module Inspec
     include Singleton
     extend Forwardable
 
-    attr_reader :inputs_by_profile, :profile_aliases
+    attr_reader :inputs_by_profile, :profile_aliases, :plugins
     def_delegator :inputs_by_profile, :each
     def_delegator :inputs_by_profile, :[]
     def_delegator :inputs_by_profile, :key?, :profile_known?
@@ -25,6 +26,14 @@ module Inspec
 
       # this is a list of optional profile name overrides set in the inspec.yml
       @profile_aliases = {}
+
+      # Upon creation, activate all input plugins
+      activators = Inspec::Plugin::V2::Registry.instance.find_activators(plugin_type: :input)
+
+      @plugins = activators.map do |activator|
+        activator.activate!
+        activator.implementation_class.new
+      end
     end
 
     #-------------------------------------------------------------#
@@ -35,32 +44,58 @@ module Inspec
       @profile_aliases[name] = alias_name
     end
 
+    # Returns an Hash, name => Input that have actually been mentioned
     def list_inputs_for_profile(profile)
       inputs_by_profile[profile] = {} unless profile_known?(profile)
       inputs_by_profile[profile]
     end
 
+    # Returns an Array of input names. This includes input names
+    # that plugins may be able to fetch, but have not actually been
+    # mentioned in the control code.
+    def list_potential_input_names_for_profile(profile_name)
+      input_names_from_dsl = inputs_by_profile[profile_name].keys
+      input_names_from_plugins = plugins.map { |plugin| plugin.list_inputs(profile_name) }
+      (input_names_from_dsl + input_names_from_plugins).flatten.uniq
+    end
+
     #-------------------------------------------------------------#
     #              Support for Individual Inputs
     #-------------------------------------------------------------#
 
     def find_or_register_input(input_name, profile_name, options = {})
-      if profile_alias?(profile_name)
+      if profile_alias?(profile_name) && !profile_aliases[profile_name].nil?
         alias_name = profile_name
         profile_name = profile_aliases[profile_name]
         handle_late_arriving_alias(alias_name, profile_name) if profile_known?(alias_name)
       end
 
+      # Find or create the input
       inputs_by_profile[profile_name] ||= {}
       if inputs_by_profile[profile_name].key?(input_name)
         inputs_by_profile[profile_name][input_name].update(options)
       else
         inputs_by_profile[profile_name][input_name] = Inspec::Input.new(input_name, options)
+        poll_plugins_for_update(profile_name, input_name)
       end
 
       inputs_by_profile[profile_name][input_name]
     end
 
+    def poll_plugins_for_update(profile_name, input_name)
+      plugins.each do |plugin|
+        response = plugin.fetch(profile_name, input_name)
+        evt = Inspec::Input::Event.new(
+          action: :fetch,
+          provider: plugin.class.plugin_name,
+          priority: plugin.default_priority,
+          hit: !response.nil?
+        )
+        evt.value = response unless response.nil?
+        inputs_by_profile[profile_name][input_name].events << evt
+      end
+    end
+
     # It is possible for a wrapper profile to create an input in metadata,
     # referring to the child profile by an alias that has not yet been registered.
     # The registry will then store the inputs under the alias, as if the alias
@@ -115,7 +150,7 @@ module Inspec
           provider: :runner_api, # TODO: suss out if audit cookbook or kitchen-inspec or something unknown
           priority: 40,
           file: loc.path,
-          line: loc.lineno,
+          line: loc.lineno
         )
         find_or_register_input(input_name, profile_name, event: evt)
       end
@@ -135,7 +170,7 @@ module Inspec
         if data.nil?
           raise Inspec::Exceptions::SecretsBackendNotFound,
                 "Cannot find parser for inputs file '#{path}'. " \
-                'Check to make sure file has the appropriate extension.'
+                "Check to make sure file has the appropriate extension."
         end
 
         next if data.inputs.nil?
@@ -144,7 +179,7 @@ module Inspec
             value: input_value,
             provider: :cli_files,
             priority: 40,
-            file: path,
+            file: path
             # TODO: any way we could get a line number?
           )
           find_or_register_input(input_name, profile_name, event: evt)
@@ -156,13 +191,13 @@ module Inspec
       unless File.exist?(path)
         raise Inspec::Exceptions::InputsFileDoesNotExist,
               "Cannot find input file '#{path}'. " \
-              'Check to make sure file exists.'
+              "Check to make sure file exists."
       end
 
       unless File.readable?(path)
         raise Inspec::Exceptions::InputsFileNotReadable,
               "Cannot read input file '#{path}'. " \
-              'Check to make sure file is readable.'
+              "Check to make sure file is readable."
       end
 
       true
@@ -170,31 +205,46 @@ module Inspec
 
     def bind_inputs_from_metadata(profile_name, profile_metadata_obj)
       # TODO: move this into a core plugin
-      # TODO: add deprecation stuff
       return if profile_metadata_obj.nil? # Metadata files are technically optional
 
-      if profile_metadata_obj.params.key?(:attributes) && profile_metadata_obj.params[:attributes].is_a?(Array)
-        profile_metadata_obj.params[:attributes].each do |input_orig|
-          input_options = input_orig.dup
-          input_name = input_options.delete(:name)
-          input_options.merge!({ priority: 30, provider: :profile_metadata, file: File.join(profile_name, 'inspec.yml') })
-          evt = Inspec::Input.infer_event(input_options)
-
-          # Profile metadata may set inputs in other profiles by naming them.
-          if input_options[:profile]
-            profile_name = input_options[:profile] || profile_name
-            # Override priority to force this to win.  Allow user to set their own priority.
-            evt.priority = input_orig[:priority] || 35
-          end
-          find_or_register_input(input_name,
-                                 profile_name,
-                                 type: input_options[:type],
-                                 required: input_options[:required],
-                                 event: evt)
-        end
+      if profile_metadata_obj.params.key?(:inputs)
+        raw_inputs = profile_metadata_obj.params[:inputs]
       elsif profile_metadata_obj.params.key?(:attributes)
-        Inspec::Log.warn 'Inputs must be defined as an Array. Skipping current definition.'
+        Inspec.deprecate(:attrs_rename_in_metadata, "Profile: '#{profile_name}'.")
+        raw_inputs = profile_metadata_obj.params[:attributes]
+      else
+        return
+      end
+
+      unless raw_inputs.is_a?(Array)
+        Inspec::Log.warn "Inputs must be defined as an Array in metadata files. Skipping definition from #{profile_name}."
+        return
+      end
+
+      raw_inputs.each { |i| handle_raw_input_from_metadata(i, profile_name) }
+    end
+
+    def handle_raw_input_from_metadata(input_orig, profile_name)
+      input_options = input_orig.dup
+      input_name = input_options.delete(:name)
+      input_options[:provider] = :profile_metadata
+      input_options[:file] = File.join(profile_name, "inspec.yml")
+      input_options[:priority] ||= 30
+      evt = Inspec::Input.infer_event(input_options)
+
+      # Profile metadata may set inputs in other profiles by naming them.
+      if input_options[:profile]
+        profile_name = input_options[:profile] || profile_name
+        # Override priority to force this to win.  Allow user to set their own priority.
+        evt.priority = input_orig[:priority] || 35
       end
+      find_or_register_input(
+        input_name,
+        profile_name,
+        type: input_options[:type],
+        required: input_options[:required],
+        event: evt
+      )
     end
 
     #-------------------------------------------------------------#
@@ -214,6 +264,7 @@ module Inspec
       :find_or_register_input,
       :register_profile_alias,
       :list_inputs_for_profile,
+      :list_potential_input_names_for_profile,
       :bind_profile_inputs,
     ].each do |meth|
       define_singleton_method(meth) do |*args|

data/lib/inspec/library_eval_context.rb

@@ -1,8 +1,5 @@
-# encoding: utf-8
-# author: Steven Danna
-# author: Victoria Jeffrey
-require 'inspec/plugin/v1/plugin_types/resource'
-require 'inspec/dsl_shared'
+require "inspec/plugin/v1/plugin_types/resource"
+require "inspec/dsl_shared"
 
 module Inspec
   #
@@ -51,7 +48,7 @@ module Inspec
       # Provide the local binding for this context which is necessary for
       # calls to `require` to create all dependent objects in the correct
       # context.
-      res.instance_variable_set('@inspec_binding', res.instance_eval('binding'))
+      res.instance_variable_set("@inspec_binding", res.instance_eval("binding"))
       res
     end
   end

data/lib/inspec/log.rb

@@ -1,8 +1,4 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-require 'mixlib/log'
+require "mixlib/log"
 
 module Inspec
   class Log

data/lib/inspec/metadata.rb

@@ -1,11 +1,12 @@
-# encoding: utf-8
 # Copyright 2015 Dominik Richter
 
-require 'logger'
-require 'rubygems/version'
-require 'rubygems/requirement'
-require 'semverse'
-require 'utils/spdx'
+require "logger"
+require "rubygems/version"
+require "rubygems/requirement"
+require "semverse"
+
+require "inspec/version"
+require "inspec/utils/spdx"
 
 module Inspec
   # Extract metadata.rb information
@@ -18,7 +19,7 @@ module Inspec
     def initialize(ref, logger = nil)
       @ref = ref
       @logger = logger || Logger.new(nil)
-      @content = ''
+      @content = ""
       @params = {}
       @missing_methods = []
     end
@@ -78,12 +79,12 @@ module Inspec
 
       if %r{[\/\\]} =~ params[:name]
         errors.push("The profile name (#{params[:name]}) contains a slash" \
-                      ' which is not permitted. Please remove all slashes from `inspec.yml`.')
+                      " which is not permitted. Please remove all slashes from `inspec.yml`.")
       end
 
       # if version is set, ensure it is correct
       if !params[:version].nil? && !valid_version?(params[:version])
-        errors.push('Version needs to be in SemVer format')
+        errors.push("Version needs to be in SemVer format")
       end
 
       %w{title summary maintainer copyright license}.each do |field|
@@ -143,8 +144,8 @@ module Inspec
         x
       when Array
         logger.warn(
-          'Failed to read supports entry that is an array. Please use '\
-          'the `supports: {os-family: xyz}` syntax.',
+          "Failed to read supports entry that is an array. Please use "\
+          "the `supports: {os-family: xyz}` syntax."
         )
         nil
       when nil then nil
@@ -182,14 +183,14 @@ module Inspec
       # unit tests that look for warning sequences
       return if original_target.to_s.empty?
       metadata.params[:title] = "tests from #{original_target}"
-      metadata.params[:name] = metadata.params[:title].gsub(%r{[\/\\]}, '.')
+      metadata.params[:name] = metadata.params[:title].gsub(%r{[\/\\]}, ".")
     end
 
     def self.finalize(metadata, profile_id, options, logger = nil)
       return nil if metadata.nil?
       param = metadata.params || {}
       options ||= {}
-      param['version'] = param['version'].to_s unless param['version'].nil?
+      param["version"] = param["version"].to_s unless param["version"].nil?
       metadata.params = symbolize_keys(param)
       metadata.params[:supports] = finalize_supports(metadata.params[:supports], logger)
       finalize_name(metadata, profile_id, options[:target])
@@ -198,8 +199,8 @@ module Inspec
     end
 
     def self.from_yaml(ref, content, profile_id, logger = nil)
+      require "erb"
       res = Metadata.new(ref, logger)
-      require 'erb'
       res.params = YAML.load(ERB.new(content).result)
       res.content = content
       finalize(res, profile_id, {}, logger)
@@ -216,9 +217,9 @@ module Inspec
       # NOTE there doesn't have to exist an actual file, it may come from an
       # archive (i.e., content)
       case File.basename(ref)
-      when 'inspec.yml'
+      when "inspec.yml"
         from_yaml(ref, content, profile_id, logger)
-      when 'metadata.rb'
+      when "metadata.rb"
         from_ruby(ref, content, profile_id, logger)
       else
         logger ||= Logger.new(nil)

data/lib/inspec/method_source.rb

@@ -1,21 +1,17 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
 module Inspec
   module MethodSource
     def self.code_at(location, source_reader)
       # TODO: logger for these cases
-      return '' if location.nil? || location[:ref].nil? || location[:line].nil?
-      return '' unless source_reader && source_reader.target
+      return "" if location.nil? || location[:ref].nil? || location[:line].nil?
+      return "" unless source_reader && source_reader.target
 
       # TODO: Non-controls still need more detection
       ref = location[:ref]
-      ref = ref.sub(source_reader.target.prefix, '')
+      ref = ref.sub(source_reader.target.prefix, "")
       src = source_reader.tests[ref]
-      return '' if src.nil?
+      return "" if src.nil?
 
-      ::MethodSource.expression_at(src.lines, location[:line]).force_encoding('utf-8')
+      ::MethodSource.expression_at(src.lines, location[:line]).force_encoding("utf-8")
     rescue SyntaxError => e
       raise ::MethodSource::SourceNotFoundError,
             "Could not parse source at #{location[:ref]}:#{location[:line]}: #{e.message}"

data/lib/inspec/objects.rb

@@ -1,14 +1,12 @@
-# encoding: utf-8
-
 module Inspec
-  autoload :Input, 'inspec/objects/input'
-  autoload :Tag, 'inspec/objects/tag'
-  autoload :Control, 'inspec/objects/control'
-  autoload :Describe, 'inspec/objects/describe'
-  autoload :EachLoop, 'inspec/objects/each_loop'
-  autoload :List, 'inspec/objects/list'
-  autoload :OrTest, 'inspec/objects/or_test'
-  autoload :RubyHelper, 'inspec/objects/ruby_helper'
-  autoload :Test, 'inspec/objects/test'
-  autoload :Value, 'inspec/objects/value'
+  autoload :Input, "inspec/objects/input"
+  autoload :Tag, "inspec/objects/tag"
+  autoload :Control, "inspec/objects/control"
+  autoload :Describe, "inspec/objects/describe"
+  autoload :EachLoop, "inspec/objects/each_loop"
+  autoload :List, "inspec/objects/list"
+  autoload :OrTest, "inspec/objects/or_test"
+  autoload :RubyHelper, "inspec/objects/ruby_helper"
+  autoload :Test, "inspec/objects/test"
+  autoload :Value, "inspec/objects/value"
 end

data/lib/inspec/objects/control.rb

@@ -1,5 +1,3 @@
-# encoding:utf-8
-
 module Inspec
   class Control
     attr_accessor :id, :title, :descriptions, :impact, :tests, :tags, :refs, :only_if
@@ -34,7 +32,7 @@ module Inspec
       res.push "  title #{title.inspect}" unless title.to_s.empty?
       descriptions.each do |label, text|
         if label == :default
-          next if text.nil? or text == '' # don't render empty/nil desc
+          next if text.nil? || (text == "") # don't render empty/nil desc
           res.push "  desc  #{prettyprint_text(text, 2)}"
         else
           res.push "  desc  #{label.to_s.inspect}, #{prettyprint_text(text, 2)}"
@@ -45,7 +43,7 @@ module Inspec
       refs.each { |t| res.push("  ref   #{print_ref(t)}") }
       res.push "  only_if { #{only_if} }" if only_if
       tests.each { |t| res.push(indent(t.to_ruby, 2)) }
-      res.push 'end'
+      res.push "end"
       res.join("\n")
     end
 
@@ -54,7 +52,7 @@ module Inspec
     def print_ref(x)
       return x.inspect if x.is_a?(String)
       raise "Cannot process the ref: #{x}" unless x.is_a?(Hash)
-      '('+x.inspect+')'
+      "(" + x.inspect + ")"
     end
 
     # Pretty-print a text block of InSpec code
@@ -65,13 +63,13 @@ module Inspec
     def prettyprint_text(s, depth)
       txt = s.to_s.inspect.gsub('\n', "\n")
       return txt if !txt.include?("\n")
-      middle = indent(txt[1..-2], depth+2)
-      txt[0] + "\n" + middle + "\n" + ' '*depth + txt[-1]
+      middle = indent(txt[1..-2], depth + 2)
+      txt[0] + "\n" + middle + "\n" + " " * depth + txt[-1]
     end
 
     def indent(txt, d)
-      dt = ' '*d
-      dt + txt.gsub("\n", "\n"+dt)
+      dt = " " * d
+      dt + txt.gsub("\n", "\n" + dt)
     end
   end
 end