inspec 4.3.2 → 4.6.3

data/lib/inspec/plugin/v2/plugin_types/cli.rb

@@ -1,4 +1,4 @@
-require 'inspec/base_cli'
+require "inspec/base_cli"
 
 # The InSpec load order has this file being loaded before `inspec/base_cli` can
 # finish being loaded. So, we must define Inspec::BaseCLI here first to avoid
@@ -12,8 +12,8 @@ module Inspec::Plugin::V2::PluginType
       super(args, options, config)
       class_options = config.fetch(:class_options, nil)
       if class_options
-        Inspec::Log.init(class_options['log_location']) if class_options.key?('log_location')
-        Inspec::Log.level = get_log_level(class_options['log_level']) if class_options.key?('log_level')
+        Inspec::Log.init(class_options["log_location"]) if class_options.key?("log_location")
+        Inspec::Log.level = get_log_level(class_options["log_level"]) if class_options.key?("log_level")
       end
     end
 
@@ -41,9 +41,9 @@ module Inspec::Plugin::V2::PluginType
 
     # Allow plugins to use inspec log settings
     class_option :log_level, type: :string,
-                 desc: 'Set the log level: info (default), debug, warn, error'
+                 desc: "Set the log level: info (default), debug, warn, error"
 
     class_option :log_location, type: :string,
-                desc: 'Location to send diagnostic log messages to. (default: STDOUT or Inspec::Log.error)'
+                desc: "Location to send diagnostic log messages to. (default: $stdout or Inspec::Log.error)"
   end
 end

data/lib/inspec/plugin/v2/plugin_types/input.rb

@@ -0,0 +1,34 @@
+module Inspec::Plugin::V2::PluginType
+  class Input < Inspec::Plugin::V2::PluginBase
+    register_plugin_type(:input)
+
+    #====================================================================#
+    #                         Input plugin type API
+    #====================================================================#
+    # Implementation classes must implement these methods.
+
+    # When an input is obtained from the plugin, this number determines what
+    # precedence to assign to the input.
+    # @return Integer range 0-100. Higher priority means higher precedence
+    def default_priority
+      60
+    end
+
+    # Indicates an attempt is being made to read the value for an input.
+    # Return nil if the input is not supplied by the plugin, otherwise
+    # return the value.
+    # @return Object or nil
+    def fetch(_profile_name, _input_name)
+      raise NotImplementedError, "Plugin #{plugin_name} must implement the #fetch method"
+    end
+
+    # Given a profile name, list all input names for which the plugin
+    # would offer a response.
+    # @param String profile_name Name of the profile
+    # @return Array[String] List of input names for which the plugin
+    # would offer a response.
+    def list_inputs(_profile)
+      raise NotImplementedError, "Plugin #{plugin_name} must implement the #list_inputs method"
+    end
+  end
+end

data/lib/inspec/plugin/v2/plugin_types/mock.rb

@@ -6,7 +6,7 @@ module Inspec::Plugin::V2::PluginType
     # This is the API for the mock plugin type: when a mock plugin is
     # activated, it is expected to be able to respond to this, and "do something"
     def mock_hook
-      raise NotImplementedError, 'Mock plugins must implement mock_hook'
+      raise NotImplementedError, "Mock plugins must implement mock_hook"
     end
   end
 end

data/lib/inspec/plugin/v2/registry.rb

@@ -1,9 +1,9 @@
-require 'forwardable'
-require 'singleton'
-require 'train'
+require "forwardable"
+require "singleton"
+require "train"
 
-require_relative 'status'
-require_relative 'activator'
+require_relative "status"
+require_relative "activator"
 
 module Inspec::Plugin::V2
   class Registry
@@ -29,8 +29,8 @@ module Inspec::Plugin::V2
     def loaded_plugin?(name)
       # HACK: Status is normally the source of truth for loadedness, unless it is a train plugin; then the Train::Registry is the source of truth.
       # Also, InSpec registry is keyed on Symbols; Train is keyed on Strings.
-      return registry.dig(name.to_sym, :loaded) unless name.to_s.start_with?('train-')
-      Train::Plugins.registry.key?(name.to_s.sub(/^train-/, ''))
+      return registry.dig(name.to_sym, :loaded) unless name.to_s.start_with?("train-")
+      Train::Plugins.registry.key?(name.to_s.sub(/^train-/, ""))
     end
 
     def loaded_count

data/lib/inspec/polyfill.rb

@@ -1,7 +1,4 @@
-# encoding: utf-8
 # copyright: 2016, Chef Software Inc.
-# author: Dominik Richter
-# author: Christoph Hartmann
 
 class Struct
   unless instance_methods.include? :to_h

data/lib/inspec/profile.rb

@@ -1,25 +1,17 @@
-# encoding: utf-8
 # Copyright 2015 Dominik Richter
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-require 'forwardable'
-require 'openssl'
-require 'inspec/input_registry'
-require 'inspec/polyfill'
-require 'inspec/cached_fetcher'
-require 'inspec/file_provider'
-require 'inspec/source_reader'
-require 'inspec/metadata'
-require 'inspec/backend'
-require 'inspec/rule'
-require 'inspec/log'
-require 'inspec/profile_context'
-require 'inspec/runtime_profile'
-require 'inspec/method_source'
-require 'inspec/dependencies/cache'
-require 'inspec/dependencies/lockfile'
-require 'inspec/dependencies/dependency_set'
+
+require "forwardable"
+require "openssl"
+require "pathname"
+require "inspec/input_registry"
+require "inspec/cached_fetcher" # TODO: split or rename
+require "inspec/source_reader"
+require "inspec/profile_context"
+require "inspec/runtime_profile"
+require "inspec/method_source"
+require "inspec/dependencies/cache"
+require "inspec/dependencies/lockfile"
+require "inspec/dependencies/dependency_set"
 
 module Inspec
   class Profile
@@ -36,14 +28,14 @@ module Inspec
     def self.copy_deps_into_cache(file_provider, opts)
       # filter content
       cache = file_provider.files.find_all do |entry|
-        entry.start_with?('vendor')
+        entry.start_with?("vendor")
       end
       content = Hash[cache.map { |x| [x, file_provider.binread(x)] }]
       keys = content.keys
       keys.each do |key|
         next if content[key].nil?
         # remove prefix
-        rel = Pathname.new(key).relative_path_from(Pathname.new('vendor')).to_s
+        rel = Pathname.new(key).relative_path_from(Pathname.new("vendor")).to_s
         tar = Pathname.new(opts[:vendor_cache].path).join(rel)
 
         FileUtils.mkdir_p tar.dirname.to_s
@@ -113,7 +105,7 @@ module Inspec
       # we share the backend between profiles.
       #
       # This will cause issues if a profile attempts to load a file via `inspec.profile.file`
-      train_options = options.reject { |k, _| k == 'target' } # See https://github.com/chef/inspec/pull/1646
+      train_options = options.reject { |k, _| k == "target" } # See https://github.com/chef/inspec/pull/1646
       @backend = options[:backend].nil? ? Inspec::Backend.create(Inspec::Config.new(train_options)) : options[:backend].dup
       @runtime_profile = RuntimeProfile.new(self)
       @backend.profile = @runtime_profile
@@ -124,7 +116,7 @@ module Inspec
       options[:runner_conf] ||= Inspec::Config.cached
 
       if options[:runner_conf].key?(:attrs)
-        Inspec.deprecate(:rename_attributes_to_inputs, 'Use --input-file on the command line instead of --attrs.')
+        Inspec.deprecate(:rename_attributes_to_inputs, "Use --input-file on the command line instead of --attrs.")
         options[:runner_conf][:input_file] = options[:runner_conf].delete(:attrs)
       end
 
@@ -174,7 +166,7 @@ module Inspec
       if @supports_platform.nil?
         @supports_platform = metadata.supports_platform?(@backend)
       end
-      if @backend.backend.class.to_s == 'Train::Transports::Mock::Connection'
+      if @backend.backend.class.to_s == "Train::Transports::Mock::Connection"
         @supports_platform = true
       end
 
@@ -214,7 +206,7 @@ module Inspec
       include_list.each_with_index do |inclusion, index|
         next if inclusion.is_a?(Regexp)
         # Insist the user wrap the regex in slashes to demarcate it as a regex
-        next unless inclusion.start_with?('/') && inclusion.end_with?('/')
+        next unless inclusion.start_with?("/") && inclusion.end_with?("/")
         inclusion = inclusion[1..-2] # Trim slashes
         begin
           re = Regexp.new(inclusion)
@@ -244,14 +236,14 @@ module Inspec
         # this metadata if the parent profile is supported.
         if supports_platform? && !d.supports_platform?
           # since ruby 1.9 hashes are ordered so we can just use index values here
-          metadata.dependencies[i][:status] = 'skipped'
+          metadata.dependencies[i][:status] = "skipped"
           msg = "Skipping profile: '#{d.name}' on unsupported platform: '#{d.backend.platform.name}/#{d.backend.platform.release}'."
           metadata.dependencies[i][:skip_message] = msg
           next
         elsif metadata.dependencies[i]
           # Currently wrapper profiles will load all dependencies, and then we
           # load them again when we dive down. This needs to be re-done.
-          metadata.dependencies[i][:status] = 'loaded'
+          metadata.dependencies[i][:status] = "loaded"
         end
         c = d.load_libraries
         @runner_context.add_resources(c)
@@ -315,11 +307,11 @@ module Inspec
       res[:parent_profile] = parent_profile unless parent_profile.nil?
 
       if !supports_platform?
-        res[:status] = 'skipped'
+        res[:status] = "skipped"
         msg = "Skipping profile: '#{name}' on unsupported platform: '#{backend.platform.name}/#{backend.platform.release}'."
         res[:skip_message] = msg
       else
-        res[:status] = 'loaded'
+        res[:status] = "loaded"
       end
 
       # convert legacy os-* supports to their platform counterpart
@@ -380,23 +372,23 @@ module Inspec
       m_warnings.each { |msg| warn.call(meta_path, 0, 0, nil, msg) }
       m_unsupported = metadata.unsupported
       m_unsupported.each { |u| warn.call(meta_path, 0, 0, nil, "doesn't support: #{u}") }
-      @logger.info 'Metadata OK.' if m_errors.empty? && m_unsupported.empty?
+      @logger.info "Metadata OK." if m_errors.empty? && m_unsupported.empty?
 
       # only run the vendor check if the legacy profile-path is not used as argument
       if @legacy_profile_path == false
         # verify that a lockfile is present if we have dependencies
         if !metadata.dependencies.empty?
-          error.call(meta_path, 0, 0, nil, 'Your profile needs to be vendored with `inspec vendor`.') if !lockfile_exists?
+          error.call(meta_path, 0, 0, nil, "Your profile needs to be vendored with `inspec vendor`.") if !lockfile_exists?
         end
 
         if lockfile_exists?
           # verify if metadata and lockfile are out of sync
           if lockfile.deps.size != metadata.dependencies.size
-            error.call(meta_path, 0, 0, nil, 'inspec.yml and inspec.lock are out-of-sync. Please re-vendor with `inspec vendor`.')
+            error.call(meta_path, 0, 0, nil, "inspec.yml and inspec.lock are out-of-sync. Please re-vendor with `inspec vendor`.")
           end
 
           # verify if metadata and lockfile have the same dependency names
-          metadata.dependencies.each { |dep|
+          metadata.dependencies.each do |dep|
             # Skip if the dependency does not specify a name
             next if dep[:name].nil?
 
@@ -404,7 +396,7 @@ module Inspec
             if !lockfile.deps.map { |x| x[:name] }.include? dep[:name]
               error.call(meta_path, 0, 0, nil, "Cannot find #{dep[:name]} in lockfile. Please re-vendor with `inspec vendor`.")
             end
-          }
+          end
         end
       end
 
@@ -414,28 +406,28 @@ module Inspec
       count = controls_count
       result[:summary][:controls] = count
       if count == 0
-        warn.call(nil, nil, nil, nil, 'No controls or tests were defined.')
+        warn.call(nil, nil, nil, nil, "No controls or tests were defined.")
       else
         @logger.info("Found #{count} controls.")
       end
 
       # iterate over hash of groups
-      params[:controls].each { |id, control|
+      params[:controls].each do |id, control|
         sfile = control[:source_location][:ref]
         sline = control[:source_location][:line]
-        error.call(sfile, sline, nil, id, 'Avoid controls with empty IDs') if id.nil? or id.empty?
-        next if id.start_with? '(generated '
+        error.call(sfile, sline, nil, id, "Avoid controls with empty IDs") if id.nil? || id.empty?
+        next if id.start_with? "(generated "
         warn.call(sfile, sline, nil, id, "Control #{id} has no title") if control[:title].to_s.empty?
         warn.call(sfile, sline, nil, id, "Control #{id} has no descriptions") if control[:descriptions][:default].to_s.empty?
         warn.call(sfile, sline, nil, id, "Control #{id} has impact > 1.0") if control[:impact].to_f > 1.0
         warn.call(sfile, sline, nil, id, "Control #{id} has impact < 0.0") if control[:impact].to_f < 0.0
-        warn.call(sfile, sline, nil, id, "Control #{id} has no tests defined") if control[:checks].nil? or control[:checks].empty?
-      }
+        warn.call(sfile, sline, nil, id, "Control #{id} has no tests defined") if control[:checks].nil? || control[:checks].empty?
+      end
 
       # profile is valid if we could not find any error
       result[:summary][:valid] = result[:errors].empty?
 
-      @logger.info 'Control definitions OK.' if result[:warnings].empty?
+      @logger.info "Control definitions OK." if result[:warnings].empty?
       result
     end
 
@@ -461,22 +453,22 @@ module Inspec
       # TODO ignore all .files, but add the files to debug output
 
       # display all files that will be part of the archive
-      @logger.debug 'Add the following files to archive:'
-      files.each { |f| @logger.debug '    ' + f }
+      @logger.debug "Add the following files to archive:"
+      files.each { |f| @logger.debug "    " + f }
 
       if opts[:zip]
         # generate zip archive
-        require 'inspec/archive/zip'
+        require "inspec/archive/zip"
         zag = Inspec::Archive::ZipArchiveGenerator.new
         zag.archive(root_path, files, dst)
       else
         # generate tar archive
-        require 'inspec/archive/tar'
+        require "inspec/archive/tar"
         tag = Inspec::Archive::TarArchiveGenerator.new
         tag.archive(root_path, files, dst)
       end
 
-      @logger.info 'Finished archive generation.'
+      @logger.info "Finished archive generation."
       true
     end
 
@@ -485,11 +477,11 @@ module Inspec
     end
 
     def lockfile_exists?
-      @source_reader.target.files.include?('inspec.lock')
+      @source_reader.target.files.include?("inspec.lock")
     end
 
     def lockfile_path
-      File.join(cwd, 'inspec.lock')
+      File.join(cwd, "inspec.lock")
     end
 
     def root_path
@@ -506,12 +498,12 @@ module Inspec
     # tarballs.
     #
     def cwd
-      @target.is_a?(String) && File.directory?(@target) ? @target : './'
+      @target.is_a?(String) && File.directory?(@target) ? @target : "./"
     end
 
     def lockfile
       @lockfile ||= if lockfile_exists?
-                      Inspec::Lockfile.from_content(@source_reader.target.read('inspec.lock'))
+                      Inspec::Lockfile.from_content(@source_reader.target.read("inspec.lock"))
                     else
                       generate_lockfile
                     end
@@ -550,14 +542,14 @@ module Inspec
 
       res = OpenSSL::Digest::SHA256.new
       files = source_reader.tests.to_a + source_reader.libraries.to_a +
-              source_reader.data_files.to_a +
-              [['inspec.yml', source_reader.metadata.content]] +
-              [['inspec.lock.deps', YAML.dump(deps)]]
+        source_reader.data_files.to_a +
+        [["inspec.yml", source_reader.metadata.content]] +
+        [["inspec.lock.deps", YAML.dump(deps)]]
 
       files.sort_by { |a| a[0] }
            .map { |f| res << f[0] << "\0" << f[1] << "\0" }
 
-      res.digest.unpack('H*')[0]
+      res.digest.unpack("H*")[0]
     end
 
     private
@@ -573,13 +565,13 @@ module Inspec
       end
 
       name = params[:name] ||
-             raise('Cannot create an archive without a profile name! Please '\
-                  'specify the name in metadata or use --output to create the archive.')
+        raise("Cannot create an archive without a profile name! Please "\
+             "specify the name in metadata or use --output to create the archive.")
       version = params[:version] ||
-                raise('Cannot create an archive without a profile version! Please '\
-                     'specify the version in metadata or use --output to create the archive.')
-      ext = opts[:zip] ? 'zip' : 'tar.gz'
-      slug = name.downcase.strip.tr(' ', '-').gsub(/[^\w-]/, '_')
+        raise("Cannot create an archive without a profile version! Please "\
+             "specify the version in metadata or use --output to create the archive.")
+      ext = opts[:zip] ? "zip" : "tar.gz"
+      slug = name.downcase.strip.tr(" ", "-").gsub(/[^\w-]/, "_")
       Pathname.new(Dir.pwd).join("#{slug}-#{version}.#{ext}")
     end
 
@@ -596,7 +588,7 @@ module Inspec
       tests = collect_tests
       params[:controls] = controls = {}
       params[:groups] = groups = {}
-      prefix = @source_reader.target.prefix || ''
+      prefix = @source_reader.target.prefix || ""
       tests&.each do |rule|
         next if rule.nil?
         f = load_rule_filepath(prefix, rule)

data/lib/inspec/profile_context.rb

@@ -1,33 +1,30 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-require 'inspec/log'
-require 'inspec/rule'
-require 'inspec/resource'
-require 'inspec/library_eval_context'
-require 'inspec/control_eval_context'
-require 'inspec/require_loader'
-require 'securerandom'
-require 'inspec/objects/input'
+require "inspec/log"
+require "inspec/rule"
+require "inspec/resource"
+require "inspec/library_eval_context"
+require "inspec/control_eval_context"
+require "inspec/require_loader"
+require "securerandom"
+require "inspec/objects/input"
 
 module Inspec
   class ProfileContext
     def self.for_profile(profile, backend)
-      new(profile.name, backend, { 'profile' => profile, 'check_mode' => profile.check_mode })
+      new(profile.name, backend, { "profile" => profile, "check_mode" => profile.check_mode })
     end
 
     attr_reader :backend, :profile_name, :profile_id, :resource_registry
     attr_accessor :rules
     def initialize(profile_id, backend, conf)
       if backend.nil?
-        raise 'ProfileContext is initiated with a backend == nil. ' \
-             'This is a backend error which must be fixed upstream.'
+        raise "ProfileContext is initiated with a backend == nil. " \
+             "This is a backend error which must be fixed upstream."
       end
       @profile_id = profile_id
       @backend = backend
       @conf = conf.dup
-      @profile_name = @conf['profile'].profile_name || @profile_id if @conf['profile']
-      @skip_only_if_eval = @conf['check_mode']
+      @profile_name = @conf.key?("profile") ? @conf["profile"].profile_name : @profile_id
+      @skip_only_if_eval = @conf["check_mode"]
       @rules = {}
       @control_subcontexts = []
       @lib_subcontexts = []
@@ -47,10 +44,10 @@ module Inspec
     end
 
     def dependencies
-      if @conf['profile'].nil?
+      if @conf["profile"].nil?
         {}
       else
-        @conf['profile'].locked_dependencies
+        @conf["profile"].locked_dependencies
       end
     end
 
@@ -70,15 +67,15 @@ module Inspec
     end
 
     def profile_supports_platform?
-      return true if @conf['profile'].nil?
+      return true if @conf["profile"].nil?
 
-      @conf['profile'].supports_platform?
+      @conf["profile"].supports_platform?
     end
 
     def profile_supports_inspec_version?
-      return true if @conf['profile'].nil?
+      return true if @conf["profile"].nil?
 
-      @conf['profile'].supports_runtime?
+      @conf["profile"].supports_runtime?
     end
 
     def remove_rule(id)
@@ -119,15 +116,15 @@ module Inspec
     end
 
     def load_libraries(libs)
-      lib_prefix = 'libraries' + File::SEPARATOR
+      lib_prefix = "libraries" + File::SEPARATOR
       autoloads = []
 
       libs.sort_by! { |l| l[1] } # Sort on source path so load order is deterministic
       libs.each do |content, source, line|
         path = source
         if source.start_with?(lib_prefix)
-          path = source.sub(lib_prefix, '')
-          autoloads.push(path) if File.dirname(path) == '.'
+          path = source.sub(lib_prefix, "")
+          autoloads.push(path) if File.dirname(path) == "."
         end
 
         @require_loader.add(path, content, source, line)
@@ -135,7 +132,7 @@ module Inspec
 
       # load all files directly that are flat inside the libraries folder
       autoloads.each do |path|
-        next unless path.end_with?('.rb')
+        next unless path.end_with?(".rb")
         load_library_file(*@require_loader.load(path)) unless @require_loader.loaded?(path)
       end
       reload_dsl
@@ -160,7 +157,7 @@ module Inspec
       elsif source.nil? && line.nil?
         context.instance_eval(content)
       else
-        context.instance_eval(content, source || 'unknown', line || 1)
+        context.instance_eval(content, source || "unknown", line || 1)
       end
     end
 
@@ -173,9 +170,9 @@ module Inspec
     def register_rule(r)
       # get the full ID
       file = if @current_load.nil?
-               'unknown'
+               "unknown"
              else
-               @current_load[:file] || 'unknown'
+               @current_load[:file] || "unknown"
              end
       r.instance_variable_set(:@__file, file)
       r.instance_variable_set(:@__group_title, current_load[:title])
@@ -198,7 +195,7 @@ module Inspec
 
     def full_id(pid, rid)
       return rid.to_s if pid.to_s.empty?
-      pid.to_s + '/' + rid.to_s
+      pid.to_s + "/" + rid.to_s
     end
   end
 end