inspec 4.7.3 → 4.7.18
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/inspec.gemspec +1 -1
- data/lib/bundles/inspec-supermarket/api.rb +2 -1
- data/lib/bundles/inspec-supermarket/cli.rb +6 -6
- data/lib/bundles/inspec-supermarket/target.rb +1 -0
- data/lib/fetchers/git.rb +3 -1
- data/lib/fetchers/mock.rb +1 -0
- data/lib/fetchers/url.rb +6 -3
- data/lib/inspec/backend.rb +1 -0
- data/lib/inspec/base_cli.rb +4 -1
- data/lib/inspec/cli.rb +5 -4
- data/lib/inspec/config.rb +9 -1
- data/lib/inspec/control_eval_context.rb +1 -0
- data/lib/inspec/dependencies/cache.rb +1 -0
- data/lib/inspec/dependencies/dependency_set.rb +2 -0
- data/lib/inspec/dependencies/lockfile.rb +1 -0
- data/lib/inspec/dependencies/requirement.rb +8 -7
- data/lib/inspec/dependencies/resolver.rb +3 -3
- data/lib/inspec/describe.rb +1 -0
- data/lib/inspec/dsl.rb +1 -1
- data/lib/inspec/dsl_shared.rb +1 -1
- data/lib/inspec/env_printer.rb +4 -4
- data/lib/inspec/fetcher.rb +4 -2
- data/lib/inspec/file_provider.rb +18 -8
- data/lib/inspec/formatters/base.rb +5 -0
- data/lib/inspec/impact.rb +2 -0
- data/lib/inspec/input_registry.rb +14 -13
- data/lib/inspec/metadata.rb +6 -2
- data/lib/inspec/method_source.rb +1 -1
- data/lib/inspec/objects/control.rb +4 -1
- data/lib/inspec/objects/describe.rb +3 -1
- data/lib/inspec/objects/input.rb +6 -5
- data/lib/inspec/objects/list.rb +2 -0
- data/lib/inspec/objects/test.rb +3 -2
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +7 -0
- data/lib/inspec/plugin/v1/plugins.rb +4 -3
- data/lib/inspec/plugin/v1/registry.rb +3 -2
- data/lib/inspec/plugin/v2.rb +1 -0
- data/lib/inspec/plugin/v2/activator.rb +2 -0
- data/lib/inspec/plugin/v2/config_file.rb +4 -1
- data/lib/inspec/plugin/v2/filter.rb +1 -0
- data/lib/inspec/plugin/v2/installer.rb +9 -7
- data/lib/inspec/plugin/v2/loader.rb +2 -0
- data/lib/inspec/plugin/v2/plugin_base.rb +1 -0
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +2 -2
- data/lib/inspec/plugin/v2/registry.rb +3 -1
- data/lib/inspec/profile.rb +13 -6
- data/lib/inspec/profile_context.rb +4 -2
- data/lib/inspec/reporters/cli.rb +14 -10
- data/lib/inspec/reporters/json.rb +1 -0
- data/lib/inspec/reporters/json_automate.rb +3 -0
- data/lib/inspec/reporters/json_min.rb +2 -0
- data/lib/inspec/resource.rb +2 -0
- data/lib/inspec/resources/aide_conf.rb +4 -3
- data/lib/inspec/resources/apache_conf.rb +1 -1
- data/lib/inspec/resources/apt.rb +2 -0
- data/lib/inspec/resources/auditd.rb +19 -18
- data/lib/inspec/resources/bridge.rb +5 -2
- data/lib/inspec/resources/chocolatey_package.rb +2 -0
- data/lib/inspec/resources/command.rb +1 -1
- data/lib/inspec/resources/crontab.rb +9 -8
- data/lib/inspec/resources/csv.rb +1 -1
- data/lib/inspec/resources/dh_params.rb +6 -0
- data/lib/inspec/resources/docker.rb +37 -34
- data/lib/inspec/resources/docker_container.rb +1 -0
- data/lib/inspec/resources/docker_image.rb +1 -0
- data/lib/inspec/resources/docker_plugin.rb +1 -0
- data/lib/inspec/resources/docker_service.rb +1 -0
- data/lib/inspec/resources/elasticsearch.rb +24 -24
- data/lib/inspec/resources/etc_fstab.rb +8 -7
- data/lib/inspec/resources/etc_group.rb +4 -0
- data/lib/inspec/resources/etc_hosts.rb +4 -4
- data/lib/inspec/resources/etc_hosts_allow_deny.rb +5 -3
- data/lib/inspec/resources/file.rb +4 -1
- data/lib/inspec/resources/filesystem.rb +5 -3
- data/lib/inspec/resources/firewalld.rb +7 -4
- data/lib/inspec/resources/groups.rb +6 -4
- data/lib/inspec/resources/grub_conf.rb +3 -0
- data/lib/inspec/resources/host.rb +5 -3
- data/lib/inspec/resources/http.rb +6 -4
- data/lib/inspec/resources/iis_app.rb +1 -0
- data/lib/inspec/resources/iis_app_pool.rb +1 -1
- data/lib/inspec/resources/iis_site.rb +4 -3
- data/lib/inspec/resources/interface.rb +10 -7
- data/lib/inspec/resources/json.rb +1 -1
- data/lib/inspec/resources/kernel_module.rb +1 -1
- data/lib/inspec/resources/kernel_parameter.rb +2 -1
- data/lib/inspec/resources/key_rsa.rb +5 -0
- data/lib/inspec/resources/mount.rb +3 -1
- data/lib/inspec/resources/mysql_conf.rb +3 -1
- data/lib/inspec/resources/mysql_session.rb +2 -0
- data/lib/inspec/resources/nginx.rb +1 -0
- data/lib/inspec/resources/nginx_conf.rb +10 -6
- data/lib/inspec/resources/ntp_conf.rb +1 -0
- data/lib/inspec/resources/oneget.rb +1 -1
- data/lib/inspec/resources/oracledb_session.rb +4 -2
- data/lib/inspec/resources/os_env.rb +1 -0
- data/lib/inspec/resources/package.rb +10 -6
- data/lib/inspec/resources/packages.rb +7 -5
- data/lib/inspec/resources/passwd.rb +7 -7
- data/lib/inspec/resources/pip.rb +2 -0
- data/lib/inspec/resources/port.rb +22 -8
- data/lib/inspec/resources/postgres.rb +2 -1
- data/lib/inspec/resources/postgres_conf.rb +2 -0
- data/lib/inspec/resources/postgres_hba_conf.rb +6 -6
- data/lib/inspec/resources/postgres_ident_conf.rb +3 -3
- data/lib/inspec/resources/processes.rb +16 -15
- data/lib/inspec/resources/rabbitmq_config.rb +2 -0
- data/lib/inspec/resources/registry_key.rb +8 -3
- data/lib/inspec/resources/security_identifier.rb +3 -1
- data/lib/inspec/resources/security_policy.rb +2 -1
- data/lib/inspec/resources/service.rb +13 -1
- data/lib/inspec/resources/shadow.rb +1 -0
- data/lib/inspec/resources/ssh_config.rb +2 -0
- data/lib/inspec/resources/ssl.rb +12 -11
- data/lib/inspec/resources/users.rb +29 -19
- data/lib/inspec/resources/virtualization.rb +10 -0
- data/lib/inspec/resources/windows_feature.rb +1 -1
- data/lib/inspec/resources/windows_hotfix.rb +2 -0
- data/lib/inspec/resources/windows_task.rb +4 -0
- data/lib/inspec/resources/wmi.rb +2 -1
- data/lib/inspec/resources/x509_certificate.rb +8 -0
- data/lib/inspec/resources/xinetd_conf.rb +10 -9
- data/lib/inspec/resources/yum.rb +15 -11
- data/lib/inspec/resources/zfs_dataset.rb +4 -2
- data/lib/inspec/resources/zfs_pool.rb +2 -1
- data/lib/inspec/rule.rb +11 -1
- data/lib/inspec/runner.rb +9 -6
- data/lib/inspec/runner_rspec.rb +10 -8
- data/lib/inspec/schema.rb +1 -0
- data/lib/inspec/secrets.rb +1 -0
- data/lib/inspec/secrets/yaml.rb +1 -0
- data/lib/inspec/shell.rb +20 -19
- data/lib/inspec/shell_detector.rb +1 -1
- data/lib/inspec/source_reader.rb +2 -0
- data/lib/inspec/ui.rb +1 -0
- data/lib/inspec/utils/deprecation/config_file.rb +8 -4
- data/lib/inspec/utils/erlang_parser.rb +2 -0
- data/lib/inspec/utils/file_reader.rb +1 -1
- data/lib/inspec/utils/filter.rb +16 -3
- data/lib/inspec/utils/find_files.rb +2 -2
- data/lib/inspec/utils/object_traversal.rb +1 -0
- data/lib/inspec/utils/parser.rb +2 -0
- data/lib/inspec/utils/simpleconfig.rb +4 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +4 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +12 -11
- data/lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb +3 -3
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +15 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +4 -2
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +13 -12
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +3 -0
- data/lib/plugins/inspec-compliance/test/unit/api_test.rb +28 -28
- data/lib/plugins/inspec-compliance/test/unit/target_test.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +1 -1
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +7 -6
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +2 -2
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +1 -0
- data/lib/plugins/inspec-init/test/functional/inspec_init_plugin_test.rb +12 -10
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +6 -5
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +1 -0
- data/lib/plugins/shared/core_plugin_test_helper.rb +1 -0
- data/lib/resource_support/aws/aws_resource_mixin.rb +3 -2
- data/lib/resources/aws/aws_billing_report.rb +1 -1
- data/lib/resources/aws/aws_billing_reports.rb +8 -7
- data/lib/resources/aws/aws_cloudtrail_trail.rb +1 -1
- data/lib/resources/aws/aws_cloudtrail_trails.rb +1 -0
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +4 -3
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +2 -1
- data/lib/resources/aws/aws_config_delivery_channel.rb +1 -1
- data/lib/resources/aws/aws_config_recorder.rb +2 -0
- data/lib/resources/aws/aws_ebs_volume.rb +1 -0
- data/lib/resources/aws/aws_ebs_volumes.rb +2 -0
- data/lib/resources/aws/aws_ec2_instance.rb +2 -0
- data/lib/resources/aws/aws_ec2_instances.rb +2 -0
- data/lib/resources/aws/aws_ecs_cluster.rb +2 -2
- data/lib/resources/aws/aws_eks_cluster.rb +3 -3
- data/lib/resources/aws/aws_elb.rb +2 -2
- data/lib/resources/aws/aws_elbs.rb +14 -12
- data/lib/resources/aws/aws_flow_log.rb +2 -2
- data/lib/resources/aws/aws_iam_access_key.rb +3 -1
- data/lib/resources/aws/aws_iam_access_keys.rb +18 -16
- data/lib/resources/aws/aws_iam_groups.rb +1 -0
- data/lib/resources/aws/aws_iam_password_policy.rb +9 -7
- data/lib/resources/aws/aws_iam_policies.rb +2 -1
- data/lib/resources/aws/aws_iam_policy.rb +10 -1
- data/lib/resources/aws/aws_iam_role.rb +1 -0
- data/lib/resources/aws/aws_iam_user.rb +5 -2
- data/lib/resources/aws/aws_iam_users.rb +12 -11
- data/lib/resources/aws/aws_kms_key.rb +2 -2
- data/lib/resources/aws/aws_kms_keys.rb +3 -1
- data/lib/resources/aws/aws_route_table.rb +2 -2
- data/lib/resources/aws/aws_route_tables.rb +2 -1
- data/lib/resources/aws/aws_s3_bucket.rb +5 -3
- data/lib/resources/aws/aws_s3_bucket_object.rb +3 -1
- data/lib/resources/aws/aws_s3_buckets.rb +1 -0
- data/lib/resources/aws/aws_security_group.rb +20 -9
- data/lib/resources/aws/aws_security_groups.rb +1 -0
- data/lib/resources/aws/aws_sns_subscription.rb +1 -1
- data/lib/resources/aws/aws_sns_topics.rb +2 -0
- data/lib/resources/aws/aws_subnet.rb +2 -2
- data/lib/resources/aws/aws_subnets.rb +4 -3
- data/lib/resources/aws/aws_vpc.rb +1 -1
- data/lib/resources/aws/aws_vpcs.rb +3 -2
- data/lib/resources/azure/azure_generic_resource.rb +4 -4
- data/lib/resources/azure/azure_resource_group.rb +1 -0
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +13 -12
- data/lib/source_readers/flat.rb +1 -0
- data/lib/source_readers/inspec.rb +1 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d453fd4901acccda0f5a0e8de3fc2bc430ed23e4577d239bc33b49823df00c3e
|
4
|
+
data.tar.gz: 8dd4196875d5f02b501517df0b8316e05b9e7e2b1ee59ffb30aa59a68edd7c4e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4492befd82753e4fd2134c01c67a4e867703634ff41d708cf13d23cc8b11c6740f88129af56aa7a1b0c926fe890bf8cc00ef07e2bc8fe0b94eeee82a9dff9cf9
|
7
|
+
data.tar.gz: b8c87a88dd89f526d001de7eb0d71224e0166192d2854793b30de72bf23187ac3118840c76211fb74027f607a28a7d7e98b4da9927977b21bc8efec6b92d7150
|
data/inspec.gemspec
CHANGED
@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
|
|
18
18
|
).reject { |f| File.directory?(f) }
|
19
19
|
|
20
20
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
21
|
-
|
21
|
+
.reject { |f| File.directory?(f) || f =~ %r{lib/plugins/.*/test/} }
|
22
22
|
spec.require_paths = ["lib"]
|
23
23
|
|
24
24
|
spec.required_ruby_version = ">= 2.4"
|
@@ -35,10 +35,11 @@ module Supermarket
|
|
35
35
|
def self.info(profile, supermarket_url = SUPERMARKET_URL)
|
36
36
|
_tool_owner, tool_name = profile_name("supermarket://#{profile}")
|
37
37
|
return if tool_name.nil? || tool_name.empty?
|
38
|
+
|
38
39
|
# Tool name in Supermarket URL is downcased so we need to downcase
|
39
40
|
url = "#{supermarket_url}/api/v1/tools/#{tool_name.downcase}"
|
40
41
|
_success, data = get(url, {})
|
41
|
-
JSON.parse(data)
|
42
|
+
JSON.parse(data) unless data.nil?
|
42
43
|
rescue JSON::ParserError
|
43
44
|
nil
|
44
45
|
end
|
@@ -20,7 +20,7 @@ module Supermarket
|
|
20
20
|
|
21
21
|
headline("Available profiles:")
|
22
22
|
supermarket_profiles.each do |p|
|
23
|
-
li("#{p[
|
23
|
+
li("#{p["tool_name"]} #{mark_text(p["tool_owner"] + "/" + p["slug"])}")
|
24
24
|
end
|
25
25
|
end
|
26
26
|
|
@@ -48,7 +48,7 @@ module Supermarket
|
|
48
48
|
# check that the profile is available
|
49
49
|
supermarket_profiles = Supermarket::API.profiles
|
50
50
|
found = supermarket_profiles.select do |p|
|
51
|
-
profile == "#{p[
|
51
|
+
profile == "#{p["tool_owner"]}/#{p["slug"]}"
|
52
52
|
end
|
53
53
|
|
54
54
|
if found.empty?
|
@@ -58,11 +58,11 @@ module Supermarket
|
|
58
58
|
|
59
59
|
# load details for the specific profile
|
60
60
|
info = Supermarket::API.info(profile)
|
61
|
-
puts "#{mark_text(
|
62
|
-
puts "#{mark_text(
|
63
|
-
puts "#{mark_text(
|
61
|
+
puts "#{mark_text("name: ")} #{info["slug"]}"
|
62
|
+
puts "#{mark_text("owner:")} #{info["owner"]}"
|
63
|
+
puts "#{mark_text("url: ")} #{info["source_url"]}"
|
64
64
|
puts
|
65
|
-
puts "#{mark_text(
|
65
|
+
puts "#{mark_text("description: ")} #{info["description"]}"
|
66
66
|
end
|
67
67
|
end
|
68
68
|
|
@@ -17,6 +17,7 @@ module Supermarket
|
|
17
17
|
end
|
18
18
|
return nil unless supermarket_uri
|
19
19
|
return nil unless Supermarket::API.exist?(supermarket_uri, supermarket_server)
|
20
|
+
|
20
21
|
tool_info = Supermarket::API.find(supermarket_uri, supermarket_server)
|
21
22
|
resolve_next(tool_info["tool_source_url"], opts)
|
22
23
|
rescue URI::Error
|
data/lib/fetchers/git.rb
CHANGED
@@ -89,10 +89,12 @@ module Fetchers
|
|
89
89
|
command_string = "git ls-remote \"#{@remote_url}\" \"#{ref_name}*\""
|
90
90
|
cmd = shellout(command_string)
|
91
91
|
raise "Error running '#{command_string}': #{cmd.stderr}" unless cmd.exitstatus == 0
|
92
|
+
|
92
93
|
ref = parse_ls_remote(cmd.stdout, ref_name)
|
93
|
-
|
94
|
+
unless ref
|
94
95
|
raise "Unable to resolve #{ref_name} to a specific git commit for #{@remote_url}"
|
95
96
|
end
|
97
|
+
|
96
98
|
ref
|
97
99
|
end
|
98
100
|
|
data/lib/fetchers/mock.rb
CHANGED
data/lib/fetchers/url.rb
CHANGED
@@ -29,6 +29,7 @@ module Fetchers
|
|
29
29
|
uri = URI.parse(target)
|
30
30
|
return nil if uri.nil? || uri.scheme.nil?
|
31
31
|
return nil unless %{ http https }.include? uri.scheme
|
32
|
+
|
32
33
|
target = transform(target)
|
33
34
|
opts[:username] = username if username
|
34
35
|
opts[:password] = password if password
|
@@ -121,6 +122,7 @@ module Fetchers
|
|
121
122
|
|
122
123
|
def parse_uri(target)
|
123
124
|
return URI.parse(target) if target.is_a?(String)
|
125
|
+
|
124
126
|
URI.parse(target[:url])
|
125
127
|
end
|
126
128
|
|
@@ -150,7 +152,7 @@ module Fetchers
|
|
150
152
|
end
|
151
153
|
|
152
154
|
def download_automate2_archive_to_temp
|
153
|
-
return @temp_archive_path
|
155
|
+
return @temp_archive_path unless @temp_archive_path.nil?
|
154
156
|
|
155
157
|
Inspec::Log.debug("Fetching URL: #{@target}")
|
156
158
|
json = {
|
@@ -189,7 +191,8 @@ module Fetchers
|
|
189
191
|
|
190
192
|
# Downloads archive to temporary file with side effect :( of setting @archive_type
|
191
193
|
def download_archive_to_temp
|
192
|
-
return @temp_archive_path
|
194
|
+
return @temp_archive_path unless @temp_archive_path.nil?
|
195
|
+
|
193
196
|
Inspec::Log.debug("Fetching URL: #{@target}")
|
194
197
|
remote = open_via_uri(@target)
|
195
198
|
@archive_type = file_type_from_remote(remote) # side effect :(
|
@@ -262,7 +265,7 @@ module Fetchers
|
|
262
265
|
end
|
263
266
|
unless keys_missing_values.empty?
|
264
267
|
raise "Unable to fetch profile - the following HTTP headers have no value: " \
|
265
|
-
"#{keys_missing_values.join(
|
268
|
+
"#{keys_missing_values.join(", ")}"
|
266
269
|
end
|
267
270
|
end
|
268
271
|
end
|
data/lib/inspec/backend.rb
CHANGED
data/lib/inspec/base_cli.rb
CHANGED
@@ -10,9 +10,11 @@ require "inspec/utils/deprecation/global_method"
|
|
10
10
|
class Thor::Arguments
|
11
11
|
def parse_array(_name)
|
12
12
|
return shift if peek.is_a?(Array)
|
13
|
+
|
13
14
|
array = []
|
14
15
|
while current_is_value?
|
15
16
|
break unless @parsing_options
|
17
|
+
|
16
18
|
array << shift
|
17
19
|
end
|
18
20
|
array
|
@@ -157,7 +159,7 @@ module Inspec
|
|
157
159
|
next if data.nil?
|
158
160
|
|
159
161
|
data = "\e[1m\e[#{color}m#{data}\e[0m"
|
160
|
-
str << format("#{
|
162
|
+
str << format("#{" " * indent}%-10s %s\n", item.to_s.capitalize + ":", data)
|
161
163
|
end
|
162
164
|
str
|
163
165
|
end
|
@@ -218,6 +220,7 @@ module Inspec
|
|
218
220
|
|
219
221
|
def suppress_log_output?(opts)
|
220
222
|
return false if opts["reporter"].nil?
|
223
|
+
|
221
224
|
match = %w{json json-min json-rspec json-automate junit html yaml documentation progress} & opts["reporter"].keys
|
222
225
|
unless match.empty?
|
223
226
|
match.each do |m|
|
data/lib/inspec/cli.rb
CHANGED
@@ -124,7 +124,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
124
124
|
else
|
125
125
|
%w{location profile controls timestamp valid}.each do |item|
|
126
126
|
puts format("%-12s %s", item.to_s.capitalize + ":",
|
127
|
-
|
127
|
+
mark_text(result[:summary][item.to_sym]))
|
128
128
|
end
|
129
129
|
puts
|
130
130
|
|
@@ -148,8 +148,8 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
148
148
|
|
149
149
|
puts
|
150
150
|
puts format("Summary: %s%d errors%s, %s%d warnings%s",
|
151
|
-
|
152
|
-
|
151
|
+
red, result[:errors].length, rst,
|
152
|
+
yellow, result[:warnings].length, rst)
|
153
153
|
end
|
154
154
|
end
|
155
155
|
exit 1 unless result[:summary][:valid]
|
@@ -375,7 +375,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
375
375
|
puts Inspec::Schema.json(name)
|
376
376
|
rescue StandardError => e
|
377
377
|
puts e
|
378
|
-
puts "Valid schemas are #{Inspec::Schema.names.join(
|
378
|
+
puts "Valid schemas are #{Inspec::Schema.names.join(", ")}"
|
379
379
|
end
|
380
380
|
|
381
381
|
desc "version", "prints the version of this tool"
|
@@ -410,6 +410,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
410
410
|
runner.load
|
411
411
|
|
412
412
|
return :ruby_eval, res if runner.all_rules.empty?
|
413
|
+
|
413
414
|
return :rspec_run, runner.run_tests # rubocop:disable Style/RedundantReturn
|
414
415
|
end
|
415
416
|
end
|
data/lib/inspec/config.rb
CHANGED
@@ -60,6 +60,7 @@ module Inspec
|
|
60
60
|
|
61
61
|
def diagnose
|
62
62
|
return unless self[:diagnose]
|
63
|
+
|
63
64
|
puts "InSpec version: #{Inspec::VERSION}"
|
64
65
|
puts "Train version: #{Train::VERSION}"
|
65
66
|
puts "Command line configuration:"
|
@@ -159,6 +160,7 @@ module Inspec
|
|
159
160
|
unless transport_name
|
160
161
|
raise ArgumentError, "Could not recognize a backend from the target #{final_options[:target]} - use a URI format with the backend name as the URI schema. Example: 'ssh://somehost.com' or 'transport://credset' or 'transport://' if credentials are provided outside of InSpec."
|
161
162
|
end
|
163
|
+
|
162
164
|
credentials[:backend] = transport_name.to_s # these are indeed stored in Train as Strings.
|
163
165
|
end
|
164
166
|
|
@@ -185,6 +187,7 @@ module Inspec
|
|
185
187
|
|
186
188
|
def _utc_find_credset_name(_credentials, transport_name)
|
187
189
|
return nil unless final_options[:target]
|
190
|
+
|
188
191
|
match = final_options[:target].match(%r{^#{transport_name}://(?<credset_name>[\w\d\-]+)$})
|
189
192
|
match ? match[:credset_name] : nil
|
190
193
|
end
|
@@ -196,6 +199,7 @@ module Inspec
|
|
196
199
|
# Regardless of our situation, end up with a readable IO object
|
197
200
|
def resolve_cfg_io(cli_opts, cfg_io)
|
198
201
|
raise(ArgumentError, "Inspec::Config must use an IO to read from") if cfg_io && !cfg_io.respond_to?(:read)
|
202
|
+
|
199
203
|
cfg_io ||= check_for_piped_config(cli_opts)
|
200
204
|
return cfg_io if cfg_io
|
201
205
|
|
@@ -211,6 +215,7 @@ module Inspec
|
|
211
215
|
|
212
216
|
return nil unless cli_opt
|
213
217
|
return nil unless cli_opt == "-"
|
218
|
+
|
214
219
|
# This warning is here so that if a user invokes inspec with --config=-,
|
215
220
|
# they will have an explanation for why it appears to hang.
|
216
221
|
Inspec::Log.warn "Reading JSON config from standard input" if STDIN.tty?
|
@@ -287,13 +292,14 @@ module Inspec
|
|
287
292
|
valid_fields = %w{version cli_options credentials compliance reporter}.sort
|
288
293
|
@cfg_file_contents.keys.each do |seen_field|
|
289
294
|
unless valid_fields.include?(seen_field)
|
290
|
-
raise Inspec::ConfigError::Invalid, "Unrecognized top-level configuration field #{seen_field}. Recognized fields: #{valid_fields.join(
|
295
|
+
raise Inspec::ConfigError::Invalid, "Unrecognized top-level configuration field #{seen_field}. Recognized fields: #{valid_fields.join(", ")}"
|
291
296
|
end
|
292
297
|
end
|
293
298
|
end
|
294
299
|
|
295
300
|
def validate_reporters!(reporters)
|
296
301
|
return if reporters.nil?
|
302
|
+
|
297
303
|
# TODO: move this into a reporter plugin type system
|
298
304
|
valid_types = %w{
|
299
305
|
automate
|
@@ -313,6 +319,7 @@ module Inspec
|
|
313
319
|
raise NotImplementedError, "'#{reporter_name}' is not a valid reporter type." unless valid_types.include?(reporter_name)
|
314
320
|
|
315
321
|
next unless reporter_name == "automate"
|
322
|
+
|
316
323
|
%w{token url}.each do |option|
|
317
324
|
raise Inspec::ReporterError, "You must specify a automate #{option} via the config file." if reporter_config[option].nil?
|
318
325
|
end
|
@@ -410,6 +417,7 @@ module Inspec
|
|
410
417
|
%w{password sudo-password}.each do |option_name|
|
411
418
|
snake_case_option_name = option_name.tr("-", "_").to_s
|
412
419
|
next unless options[snake_case_option_name] == -1 # Thor sets -1 for missing value - see #1918
|
420
|
+
|
413
421
|
raise ArgumentError, "Please provide a value for --#{option_name}. For example: --#{option_name}=hello."
|
414
422
|
end
|
415
423
|
|
@@ -216,6 +216,7 @@ module Inspec
|
|
216
216
|
return if @skip_only_if_eval == true
|
217
217
|
|
218
218
|
return if block.yield == true
|
219
|
+
|
219
220
|
# Apply `set_skip_rule` for other rules in the same file
|
220
221
|
profile_context_owner.rules.values.each do |r|
|
221
222
|
sources_match = r.source_file == block.source_location[0]
|
@@ -71,6 +71,7 @@ module Inspec
|
|
71
71
|
|
72
72
|
def to_array
|
73
73
|
return [] if @dep_list.nil?
|
74
|
+
|
74
75
|
@dep_list.map do |_k, v|
|
75
76
|
v.to_hash
|
76
77
|
end.compact
|
@@ -85,6 +86,7 @@ module Inspec
|
|
85
86
|
#
|
86
87
|
def vendor(dependencies)
|
87
88
|
return nil if dependencies.nil? || dependencies.empty?
|
89
|
+
|
88
90
|
@dep_list = Resolver.resolve(dependencies, @cache, @cwd, @backend)
|
89
91
|
end
|
90
92
|
end
|
@@ -21,16 +21,16 @@ module Inspec
|
|
21
21
|
}
|
22
22
|
|
23
23
|
new(dep[:name],
|
24
|
-
|
25
|
-
|
26
|
-
|
24
|
+
dep[:version],
|
25
|
+
config,
|
26
|
+
opts.merge(dep))
|
27
27
|
end
|
28
28
|
|
29
29
|
def self.from_lock_entry(entry, config, opts = {})
|
30
30
|
req = new(entry[:name],
|
31
|
-
|
32
|
-
|
33
|
-
|
31
|
+
entry[:version_constraints],
|
32
|
+
config,
|
33
|
+
entry[:resolved_source].merge(backend: config[:backend]).merge(opts))
|
34
34
|
|
35
35
|
locked_deps = []
|
36
36
|
Array(entry[:dependencies]).each do |dep_entry|
|
@@ -86,7 +86,7 @@ module Inspec
|
|
86
86
|
"version_constraints" => version_constraints,
|
87
87
|
}
|
88
88
|
|
89
|
-
|
89
|
+
unless dependencies.empty?
|
90
90
|
h["dependencies"] = dependencies.map(&:to_hash)
|
91
91
|
end
|
92
92
|
|
@@ -115,6 +115,7 @@ module Inspec
|
|
115
115
|
# load the profile for the requirement
|
116
116
|
def profile
|
117
117
|
return @profile unless @profile.nil?
|
118
|
+
|
118
119
|
opts = @opts.dup
|
119
120
|
opts[:backend] = @backend
|
120
121
|
opts[:runner_conf] = Inspec::Config.cached
|
@@ -37,7 +37,7 @@ module Inspec
|
|
37
37
|
problem_cookbook = if top_level
|
38
38
|
"the inspec.yml for this profile."
|
39
39
|
else
|
40
|
-
"the dependency information for #{path_string.split(
|
40
|
+
"the dependency information for #{path_string.split(" ").last}"
|
41
41
|
end
|
42
42
|
raise Inspec::DuplicateDep, "The dependency #{dep.name} is listed twice in #{problem_cookbook}"
|
43
43
|
else
|
@@ -68,13 +68,13 @@ module Inspec
|
|
68
68
|
|
69
69
|
new_seen_items[dep.resolved_source] = true
|
70
70
|
|
71
|
-
|
71
|
+
unless dep.source_satisfies_spec?
|
72
72
|
raise Inspec::UnsatisfiedVersionSpecification, "The profile #{dep.name} from #{dep.resolved_source} has a version #{dep.source_version} which doesn't match #{dep.version_constraints}"
|
73
73
|
end
|
74
74
|
|
75
75
|
Inspec::Log.debug("Adding dependency #{dep.name} (#{dep.resolved_source})")
|
76
76
|
graph[dep.name] = dep
|
77
|
-
|
77
|
+
unless dep.dependencies.empty?
|
78
78
|
resolve(dep.dependencies, false, new_seen_items.dup, new_path_string)
|
79
79
|
end
|
80
80
|
end
|
data/lib/inspec/describe.rb
CHANGED
data/lib/inspec/dsl.rb
CHANGED
@@ -68,7 +68,7 @@ module Inspec::DSL
|
|
68
68
|
context = dep_entry.profile.runner_context
|
69
69
|
# if we don't want all the rules, then just make 1 pass to get all rule_IDs
|
70
70
|
# that we want to keep from the original
|
71
|
-
filter_included_controls(context, dep_entry.profile, &block)
|
71
|
+
filter_included_controls(context, dep_entry.profile, &block) unless opts[:include_all]
|
72
72
|
# interpret the block and skip/modify as required
|
73
73
|
context.load(block) if block_given?
|
74
74
|
bind_context.add_subcontext(context)
|
data/lib/inspec/dsl_shared.rb
CHANGED
@@ -10,7 +10,7 @@ module Inspec
|
|
10
10
|
|
11
11
|
def require(path)
|
12
12
|
rbpath = path + ".rb"
|
13
|
-
return __ruby_require(path)
|
13
|
+
return __ruby_require(path) unless @require_loader.exists?(rbpath)
|
14
14
|
return false if @require_loader.loaded?(rbpath)
|
15
15
|
|
16
16
|
# This is equivalent to calling `require 'lib'` with lib on disk.
|
data/lib/inspec/env_printer.rb
CHANGED
@@ -23,8 +23,8 @@ module Inspec
|
|
23
23
|
end
|
24
24
|
|
25
25
|
def print_and_exit!
|
26
|
-
exit_no_shell
|
27
|
-
exit_no_completion
|
26
|
+
exit_no_shell unless have_shell?
|
27
|
+
exit_no_completion unless have_shell_completion?
|
28
28
|
|
29
29
|
print_completion_for_shell
|
30
30
|
print_detection_warning($stdout) if @detected
|
@@ -77,7 +77,7 @@ module Inspec
|
|
77
77
|
#
|
78
78
|
# inspec env SHELLNAME
|
79
79
|
#
|
80
|
-
# Currently supported shells are: #{shells_with_completions.join(
|
80
|
+
# Currently supported shells are: #{shells_with_completions.join(", ")}
|
81
81
|
#
|
82
82
|
EOF
|
83
83
|
end
|
@@ -98,7 +98,7 @@ module Inspec
|
|
98
98
|
#
|
99
99
|
# inspec env SHELLNAME
|
100
100
|
#
|
101
|
-
# Currently supported shells are: #{shells_with_completions.join(
|
101
|
+
# Currently supported shells are: #{shells_with_completions.join(", ")}
|
102
102
|
EOF
|
103
103
|
exit 1
|
104
104
|
end
|