inspec 4.7.3 → 4.7.18
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/inspec.gemspec +1 -1
- data/lib/bundles/inspec-supermarket/api.rb +2 -1
- data/lib/bundles/inspec-supermarket/cli.rb +6 -6
- data/lib/bundles/inspec-supermarket/target.rb +1 -0
- data/lib/fetchers/git.rb +3 -1
- data/lib/fetchers/mock.rb +1 -0
- data/lib/fetchers/url.rb +6 -3
- data/lib/inspec/backend.rb +1 -0
- data/lib/inspec/base_cli.rb +4 -1
- data/lib/inspec/cli.rb +5 -4
- data/lib/inspec/config.rb +9 -1
- data/lib/inspec/control_eval_context.rb +1 -0
- data/lib/inspec/dependencies/cache.rb +1 -0
- data/lib/inspec/dependencies/dependency_set.rb +2 -0
- data/lib/inspec/dependencies/lockfile.rb +1 -0
- data/lib/inspec/dependencies/requirement.rb +8 -7
- data/lib/inspec/dependencies/resolver.rb +3 -3
- data/lib/inspec/describe.rb +1 -0
- data/lib/inspec/dsl.rb +1 -1
- data/lib/inspec/dsl_shared.rb +1 -1
- data/lib/inspec/env_printer.rb +4 -4
- data/lib/inspec/fetcher.rb +4 -2
- data/lib/inspec/file_provider.rb +18 -8
- data/lib/inspec/formatters/base.rb +5 -0
- data/lib/inspec/impact.rb +2 -0
- data/lib/inspec/input_registry.rb +14 -13
- data/lib/inspec/metadata.rb +6 -2
- data/lib/inspec/method_source.rb +1 -1
- data/lib/inspec/objects/control.rb +4 -1
- data/lib/inspec/objects/describe.rb +3 -1
- data/lib/inspec/objects/input.rb +6 -5
- data/lib/inspec/objects/list.rb +2 -0
- data/lib/inspec/objects/test.rb +3 -2
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +7 -0
- data/lib/inspec/plugin/v1/plugins.rb +4 -3
- data/lib/inspec/plugin/v1/registry.rb +3 -2
- data/lib/inspec/plugin/v2.rb +1 -0
- data/lib/inspec/plugin/v2/activator.rb +2 -0
- data/lib/inspec/plugin/v2/config_file.rb +4 -1
- data/lib/inspec/plugin/v2/filter.rb +1 -0
- data/lib/inspec/plugin/v2/installer.rb +9 -7
- data/lib/inspec/plugin/v2/loader.rb +2 -0
- data/lib/inspec/plugin/v2/plugin_base.rb +1 -0
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +2 -2
- data/lib/inspec/plugin/v2/registry.rb +3 -1
- data/lib/inspec/profile.rb +13 -6
- data/lib/inspec/profile_context.rb +4 -2
- data/lib/inspec/reporters/cli.rb +14 -10
- data/lib/inspec/reporters/json.rb +1 -0
- data/lib/inspec/reporters/json_automate.rb +3 -0
- data/lib/inspec/reporters/json_min.rb +2 -0
- data/lib/inspec/resource.rb +2 -0
- data/lib/inspec/resources/aide_conf.rb +4 -3
- data/lib/inspec/resources/apache_conf.rb +1 -1
- data/lib/inspec/resources/apt.rb +2 -0
- data/lib/inspec/resources/auditd.rb +19 -18
- data/lib/inspec/resources/bridge.rb +5 -2
- data/lib/inspec/resources/chocolatey_package.rb +2 -0
- data/lib/inspec/resources/command.rb +1 -1
- data/lib/inspec/resources/crontab.rb +9 -8
- data/lib/inspec/resources/csv.rb +1 -1
- data/lib/inspec/resources/dh_params.rb +6 -0
- data/lib/inspec/resources/docker.rb +37 -34
- data/lib/inspec/resources/docker_container.rb +1 -0
- data/lib/inspec/resources/docker_image.rb +1 -0
- data/lib/inspec/resources/docker_plugin.rb +1 -0
- data/lib/inspec/resources/docker_service.rb +1 -0
- data/lib/inspec/resources/elasticsearch.rb +24 -24
- data/lib/inspec/resources/etc_fstab.rb +8 -7
- data/lib/inspec/resources/etc_group.rb +4 -0
- data/lib/inspec/resources/etc_hosts.rb +4 -4
- data/lib/inspec/resources/etc_hosts_allow_deny.rb +5 -3
- data/lib/inspec/resources/file.rb +4 -1
- data/lib/inspec/resources/filesystem.rb +5 -3
- data/lib/inspec/resources/firewalld.rb +7 -4
- data/lib/inspec/resources/groups.rb +6 -4
- data/lib/inspec/resources/grub_conf.rb +3 -0
- data/lib/inspec/resources/host.rb +5 -3
- data/lib/inspec/resources/http.rb +6 -4
- data/lib/inspec/resources/iis_app.rb +1 -0
- data/lib/inspec/resources/iis_app_pool.rb +1 -1
- data/lib/inspec/resources/iis_site.rb +4 -3
- data/lib/inspec/resources/interface.rb +10 -7
- data/lib/inspec/resources/json.rb +1 -1
- data/lib/inspec/resources/kernel_module.rb +1 -1
- data/lib/inspec/resources/kernel_parameter.rb +2 -1
- data/lib/inspec/resources/key_rsa.rb +5 -0
- data/lib/inspec/resources/mount.rb +3 -1
- data/lib/inspec/resources/mysql_conf.rb +3 -1
- data/lib/inspec/resources/mysql_session.rb +2 -0
- data/lib/inspec/resources/nginx.rb +1 -0
- data/lib/inspec/resources/nginx_conf.rb +10 -6
- data/lib/inspec/resources/ntp_conf.rb +1 -0
- data/lib/inspec/resources/oneget.rb +1 -1
- data/lib/inspec/resources/oracledb_session.rb +4 -2
- data/lib/inspec/resources/os_env.rb +1 -0
- data/lib/inspec/resources/package.rb +10 -6
- data/lib/inspec/resources/packages.rb +7 -5
- data/lib/inspec/resources/passwd.rb +7 -7
- data/lib/inspec/resources/pip.rb +2 -0
- data/lib/inspec/resources/port.rb +22 -8
- data/lib/inspec/resources/postgres.rb +2 -1
- data/lib/inspec/resources/postgres_conf.rb +2 -0
- data/lib/inspec/resources/postgres_hba_conf.rb +6 -6
- data/lib/inspec/resources/postgres_ident_conf.rb +3 -3
- data/lib/inspec/resources/processes.rb +16 -15
- data/lib/inspec/resources/rabbitmq_config.rb +2 -0
- data/lib/inspec/resources/registry_key.rb +8 -3
- data/lib/inspec/resources/security_identifier.rb +3 -1
- data/lib/inspec/resources/security_policy.rb +2 -1
- data/lib/inspec/resources/service.rb +13 -1
- data/lib/inspec/resources/shadow.rb +1 -0
- data/lib/inspec/resources/ssh_config.rb +2 -0
- data/lib/inspec/resources/ssl.rb +12 -11
- data/lib/inspec/resources/users.rb +29 -19
- data/lib/inspec/resources/virtualization.rb +10 -0
- data/lib/inspec/resources/windows_feature.rb +1 -1
- data/lib/inspec/resources/windows_hotfix.rb +2 -0
- data/lib/inspec/resources/windows_task.rb +4 -0
- data/lib/inspec/resources/wmi.rb +2 -1
- data/lib/inspec/resources/x509_certificate.rb +8 -0
- data/lib/inspec/resources/xinetd_conf.rb +10 -9
- data/lib/inspec/resources/yum.rb +15 -11
- data/lib/inspec/resources/zfs_dataset.rb +4 -2
- data/lib/inspec/resources/zfs_pool.rb +2 -1
- data/lib/inspec/rule.rb +11 -1
- data/lib/inspec/runner.rb +9 -6
- data/lib/inspec/runner_rspec.rb +10 -8
- data/lib/inspec/schema.rb +1 -0
- data/lib/inspec/secrets.rb +1 -0
- data/lib/inspec/secrets/yaml.rb +1 -0
- data/lib/inspec/shell.rb +20 -19
- data/lib/inspec/shell_detector.rb +1 -1
- data/lib/inspec/source_reader.rb +2 -0
- data/lib/inspec/ui.rb +1 -0
- data/lib/inspec/utils/deprecation/config_file.rb +8 -4
- data/lib/inspec/utils/erlang_parser.rb +2 -0
- data/lib/inspec/utils/file_reader.rb +1 -1
- data/lib/inspec/utils/filter.rb +16 -3
- data/lib/inspec/utils/find_files.rb +2 -2
- data/lib/inspec/utils/object_traversal.rb +1 -0
- data/lib/inspec/utils/parser.rb +2 -0
- data/lib/inspec/utils/simpleconfig.rb +4 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +4 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +12 -11
- data/lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb +3 -3
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +15 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +4 -2
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +13 -12
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +3 -0
- data/lib/plugins/inspec-compliance/test/unit/api_test.rb +28 -28
- data/lib/plugins/inspec-compliance/test/unit/target_test.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +1 -1
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +7 -6
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +2 -2
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +1 -0
- data/lib/plugins/inspec-init/test/functional/inspec_init_plugin_test.rb +12 -10
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +6 -5
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +1 -0
- data/lib/plugins/shared/core_plugin_test_helper.rb +1 -0
- data/lib/resource_support/aws/aws_resource_mixin.rb +3 -2
- data/lib/resources/aws/aws_billing_report.rb +1 -1
- data/lib/resources/aws/aws_billing_reports.rb +8 -7
- data/lib/resources/aws/aws_cloudtrail_trail.rb +1 -1
- data/lib/resources/aws/aws_cloudtrail_trails.rb +1 -0
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +4 -3
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +2 -1
- data/lib/resources/aws/aws_config_delivery_channel.rb +1 -1
- data/lib/resources/aws/aws_config_recorder.rb +2 -0
- data/lib/resources/aws/aws_ebs_volume.rb +1 -0
- data/lib/resources/aws/aws_ebs_volumes.rb +2 -0
- data/lib/resources/aws/aws_ec2_instance.rb +2 -0
- data/lib/resources/aws/aws_ec2_instances.rb +2 -0
- data/lib/resources/aws/aws_ecs_cluster.rb +2 -2
- data/lib/resources/aws/aws_eks_cluster.rb +3 -3
- data/lib/resources/aws/aws_elb.rb +2 -2
- data/lib/resources/aws/aws_elbs.rb +14 -12
- data/lib/resources/aws/aws_flow_log.rb +2 -2
- data/lib/resources/aws/aws_iam_access_key.rb +3 -1
- data/lib/resources/aws/aws_iam_access_keys.rb +18 -16
- data/lib/resources/aws/aws_iam_groups.rb +1 -0
- data/lib/resources/aws/aws_iam_password_policy.rb +9 -7
- data/lib/resources/aws/aws_iam_policies.rb +2 -1
- data/lib/resources/aws/aws_iam_policy.rb +10 -1
- data/lib/resources/aws/aws_iam_role.rb +1 -0
- data/lib/resources/aws/aws_iam_user.rb +5 -2
- data/lib/resources/aws/aws_iam_users.rb +12 -11
- data/lib/resources/aws/aws_kms_key.rb +2 -2
- data/lib/resources/aws/aws_kms_keys.rb +3 -1
- data/lib/resources/aws/aws_route_table.rb +2 -2
- data/lib/resources/aws/aws_route_tables.rb +2 -1
- data/lib/resources/aws/aws_s3_bucket.rb +5 -3
- data/lib/resources/aws/aws_s3_bucket_object.rb +3 -1
- data/lib/resources/aws/aws_s3_buckets.rb +1 -0
- data/lib/resources/aws/aws_security_group.rb +20 -9
- data/lib/resources/aws/aws_security_groups.rb +1 -0
- data/lib/resources/aws/aws_sns_subscription.rb +1 -1
- data/lib/resources/aws/aws_sns_topics.rb +2 -0
- data/lib/resources/aws/aws_subnet.rb +2 -2
- data/lib/resources/aws/aws_subnets.rb +4 -3
- data/lib/resources/aws/aws_vpc.rb +1 -1
- data/lib/resources/aws/aws_vpcs.rb +3 -2
- data/lib/resources/azure/azure_generic_resource.rb +4 -4
- data/lib/resources/azure/azure_resource_group.rb +1 -0
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +13 -12
- data/lib/source_readers/flat.rb +1 -0
- data/lib/source_readers/inspec.rb +1 -0
- metadata +2 -2
@@ -32,9 +32,9 @@ module Inspec
|
|
32
32
|
# traverse out of inspec-vX.Y.Z/lib/inspec/plugins.rb
|
33
33
|
@home = home || File.join(Inspec.config_dir, "plugins")
|
34
34
|
@paths += Dir[File.join(@home, "**{,/*/**}", "*.gemspec")]
|
35
|
-
|
36
|
-
|
37
|
-
|
35
|
+
.map { |x| File.dirname(x) }
|
36
|
+
.map { |x| Dir[File.join(x, "lib", "inspec-*.rb")] }
|
37
|
+
.flatten
|
38
38
|
|
39
39
|
# load bundled plugins
|
40
40
|
bundled_dir = File.expand_path(File.dirname(__FILE__))
|
@@ -51,6 +51,7 @@ module Inspec
|
|
51
51
|
if path.nil?
|
52
52
|
raise "Couldn't find plugin #{name}. Searching in #{@home}"
|
53
53
|
end
|
54
|
+
|
54
55
|
# puts "Loading plugin #{name} from #{path}"
|
55
56
|
require path
|
56
57
|
end
|
@@ -24,8 +24,8 @@ class PluginRegistry
|
|
24
24
|
# @return [Array[Plugin]] sorted list of plugins
|
25
25
|
def modules
|
26
26
|
@registry.values
|
27
|
-
|
28
|
-
|
27
|
+
.sort_by { |x| x.respond_to?(:priority) ? x.priority : 0 }
|
28
|
+
.reverse
|
29
29
|
end
|
30
30
|
end
|
31
31
|
|
@@ -44,6 +44,7 @@ class PluginRegistry
|
|
44
44
|
# @return [nil] disregard
|
45
45
|
def self.name(name)
|
46
46
|
raise "Trying to register #{self} with name == nil" if name.nil?
|
47
|
+
|
47
48
|
@name = name
|
48
49
|
plugin_registry.registry[name] = self
|
49
50
|
end
|
data/lib/inspec/plugin/v2.rb
CHANGED
@@ -15,12 +15,14 @@ module Inspec::Plugin::V2
|
|
15
15
|
|
16
16
|
def activated?(new_value = nil)
|
17
17
|
return self[:activated?] if new_value.nil?
|
18
|
+
|
18
19
|
self[:activated?] = new_value
|
19
20
|
end
|
20
21
|
|
21
22
|
# Load a plugin, but if an error is encountered, store it and continue
|
22
23
|
def activate
|
23
24
|
return if activated?
|
25
|
+
|
24
26
|
# rubocop: disable Lint/RescueException
|
25
27
|
begin
|
26
28
|
impl_class = self[:activation_proc].call
|
@@ -57,6 +57,7 @@ module Inspec::Plugin::V2
|
|
57
57
|
unless existing_entry?(name)
|
58
58
|
raise Inspec::Plugin::V2::ConfigError, "No such entry with plugin name '#{name}'"
|
59
59
|
end
|
60
|
+
|
60
61
|
@data[:plugins].delete_if { |entry| entry[:name] == name.to_sym }
|
61
62
|
end
|
62
63
|
|
@@ -114,6 +115,7 @@ module Inspec::Plugin::V2
|
|
114
115
|
next if idx == other_idx
|
115
116
|
next unless other_entry.is_a? Hash # We'll catch that invalid entry later
|
116
117
|
next if plugin_entry[:name] != other_entry[:name]
|
118
|
+
|
117
119
|
indices = [idx, other_idx].sort
|
118
120
|
raise Inspec::Plugin::V2::ConfigError, "Malformed plugins.json file - duplicate plugin entry '#{plugin_entry[:name]}' detected at index #{indices[0]} and #{indices[1]}"
|
119
121
|
end
|
@@ -134,9 +136,10 @@ module Inspec::Plugin::V2
|
|
134
136
|
|
135
137
|
if plugin_entry.key? :installation_type
|
136
138
|
seen_type = plugin_entry[:installation_type]
|
137
|
-
unless
|
139
|
+
unless %i{gem path}.include? seen_type.to_sym
|
138
140
|
raise Inspec::Plugin::V2::ConfigError, "'plugins' entry with unrecognized installation_type (must be one of 'gem' or 'path')"
|
139
141
|
end
|
142
|
+
|
140
143
|
plugin_entry[:installation_type] = seen_type.to_sym
|
141
144
|
|
142
145
|
if plugin_entry[:installation_type] == :path && !plugin_entry.key?(:installation_path)
|
@@ -46,6 +46,7 @@ module Inspec::Plugin::V2
|
|
46
46
|
unless @filter_data.key?("exclude") && @filter_data["exclude"].is_a?(Array)
|
47
47
|
raise Inspec::Plugin::V2::ConfigError, 'Unknown plugin fillter file format: expected "exclude" to be an array'
|
48
48
|
end
|
49
|
+
|
49
50
|
@filter_data["exclude"].each_with_index do |entry, idx|
|
50
51
|
unless entry.is_a? Hash
|
51
52
|
raise Inspec::Plugin::V2::ConfigError, "Unknown plugin fillter file format: expected entry #{idx} to be a Hash / JS Object"
|
@@ -249,7 +249,7 @@ module Inspec::Plugin::V2
|
|
249
249
|
end
|
250
250
|
|
251
251
|
opts[:scope] ||= :released
|
252
|
-
unless
|
252
|
+
unless %i{prerelease released latest}.include?(opts[:scope])
|
253
253
|
raise SearchError, "Search scope for listing versons must be :prerelease, :released, or :latest."
|
254
254
|
end
|
255
255
|
end
|
@@ -267,11 +267,11 @@ module Inspec::Plugin::V2
|
|
267
267
|
plugin_local_source = Gem::Source::SpecificFile.new(opts[:gem_file])
|
268
268
|
|
269
269
|
plugin_dependency = Gem::Dependency.new(requested_plugin_name,
|
270
|
-
|
270
|
+
plugin_local_source.spec.version)
|
271
271
|
|
272
272
|
requested_local_gem_set = Gem::Resolver::InstallerSet.new(:both)
|
273
273
|
requested_local_gem_set.add_local(plugin_dependency.name,
|
274
|
-
|
274
|
+
plugin_local_source.spec, plugin_local_source)
|
275
275
|
|
276
276
|
install_gem_to_plugins_dir(plugin_dependency, [requested_local_gem_set])
|
277
277
|
end
|
@@ -283,8 +283,8 @@ module Inspec::Plugin::V2
|
|
283
283
|
end
|
284
284
|
|
285
285
|
def install_gem_to_plugins_dir(new_plugin_dependency, # rubocop: disable Metrics/AbcSize
|
286
|
-
|
287
|
-
|
286
|
+
extra_request_sets = [],
|
287
|
+
update_mode = false)
|
288
288
|
|
289
289
|
# Get a list of all the gems available to us.
|
290
290
|
gem_to_force_update = update_mode ? new_plugin_dependency.name : nil
|
@@ -305,6 +305,7 @@ module Inspec::Plugin::V2
|
|
305
305
|
# Activate all current plugins before trying to activate the new one
|
306
306
|
loader.list_managed_gems.each do |spec|
|
307
307
|
next if spec.name == new_plugin_dependency.name && update_mode
|
308
|
+
|
308
309
|
spec.activate
|
309
310
|
end
|
310
311
|
|
@@ -378,7 +379,7 @@ module Inspec::Plugin::V2
|
|
378
379
|
# Find out which gems we still actually need...
|
379
380
|
names_of_gems_we_actually_need = \
|
380
381
|
request_set_we_still_must_satisfy.resolve(build_gem_request_universe)
|
381
|
-
|
382
|
+
.map(&:full_spec).map(&:full_name)
|
382
383
|
|
383
384
|
# ... vs what we currently have, which should have some cruft
|
384
385
|
cruft_gem_specs = loader.list_managed_gems.reject do |spec|
|
@@ -423,7 +424,7 @@ module Inspec::Plugin::V2
|
|
423
424
|
|
424
425
|
# find all gem specification directories
|
425
426
|
directories = [Gem::Specification.default_specifications_dir]
|
426
|
-
|
427
|
+
unless defined?(::Bundler)
|
427
428
|
# add in any others that do not start with the user directory
|
428
429
|
directories += Gem::Specification.dirs.find_all do |path|
|
429
430
|
!path.start_with?(Gem.user_dir)
|
@@ -456,6 +457,7 @@ module Inspec::Plugin::V2
|
|
456
457
|
installed_plugins_gem_set = Gem::Resolver::VendorSet.new
|
457
458
|
loader.list_managed_gems.each do |spec|
|
458
459
|
next if spec.name == gem_to_force_update
|
460
|
+
|
459
461
|
installed_plugins_gem_set.add_vendor_gem(spec.name, spec.gem_dir)
|
460
462
|
end
|
461
463
|
|
@@ -168,6 +168,7 @@ module Inspec::Plugin::V2
|
|
168
168
|
end
|
169
169
|
solution.each do |activation_request|
|
170
170
|
next if activation_request.full_spec.activated?
|
171
|
+
|
171
172
|
activation_request.full_spec.activate
|
172
173
|
# TODO: If we are under Bundler, inform it that we loaded a gem
|
173
174
|
end
|
@@ -177,6 +178,7 @@ module Inspec::Plugin::V2
|
|
177
178
|
status = registry[plugin_name]
|
178
179
|
return if status.api_generation == 2 # Gen2 have self-annotating superclasses
|
179
180
|
return if status.api_generation == :'train-1' # Train plugins are here as a courtesy, don't poke them
|
181
|
+
|
180
182
|
case status.installation_type
|
181
183
|
when :bundle
|
182
184
|
annotate_bundle_plugin_status_after_load(plugin_name)
|
@@ -32,8 +32,8 @@ module Inspec::Plugin::V2::PluginType
|
|
32
32
|
def self.register_with_thor
|
33
33
|
# Figure out my activator name (= subcommand group name)
|
34
34
|
subcommand_name = Inspec::Plugin::V2::Registry.instance \
|
35
|
-
|
36
|
-
|
35
|
+
.find_activators(plugin_type: :cli_command, implementation_class: self) \
|
36
|
+
.first.activator_name.to_s
|
37
37
|
|
38
38
|
# Register with Thor
|
39
39
|
Inspec::InspecCLI.register(self, subcommand_name, @usage_msg, @desc_msg, {})
|
@@ -30,6 +30,7 @@ module Inspec::Plugin::V2
|
|
30
30
|
# HACK: Status is normally the source of truth for loadedness, unless it is a train plugin; then the Train::Registry is the source of truth.
|
31
31
|
# Also, InSpec registry is keyed on Symbols; Train is keyed on Strings.
|
32
32
|
return registry.dig(name.to_sym, :loaded) unless name.to_s.start_with?("train-")
|
33
|
+
|
33
34
|
Train::Plugins.registry.key?(name.to_s.sub(/^train-/, ""))
|
34
35
|
end
|
35
36
|
|
@@ -61,7 +62,7 @@ module Inspec::Plugin::V2
|
|
61
62
|
# @returns [Array] Possibly empty array of Activators
|
62
63
|
def find_activators(filters = {})
|
63
64
|
plugin_statuses.map(&:activators).flatten.select do |act|
|
64
|
-
|
65
|
+
%i{plugin_name plugin_type activator_name implementation_class}.all? do |criteria|
|
65
66
|
!filters.key?(criteria) || act[criteria] == filters[criteria]
|
66
67
|
end
|
67
68
|
end
|
@@ -75,6 +76,7 @@ module Inspec::Plugin::V2
|
|
75
76
|
elsif matched_plugins.empty?
|
76
77
|
raise Inspec::Plugin::V2::LoadError, "Plugin hooks search returned zero results for filter #{filters.inspect}"
|
77
78
|
end
|
79
|
+
|
78
80
|
matched_plugins.first
|
79
81
|
end
|
80
82
|
|
data/lib/inspec/profile.rb
CHANGED
@@ -34,6 +34,7 @@ module Inspec
|
|
34
34
|
keys = content.keys
|
35
35
|
keys.each do |key|
|
36
36
|
next if content[key].nil?
|
37
|
+
|
37
38
|
# remove prefix
|
38
39
|
rel = Pathname.new(key).relative_path_from(Pathname.new("vendor")).to_s
|
39
40
|
tar = Pathname.new(opts[:vendor_cache].path).join(rel)
|
@@ -187,10 +188,12 @@ module Inspec
|
|
187
188
|
def collect_tests(include_list = @controls)
|
188
189
|
unless @tests_collected
|
189
190
|
return unless supports_platform?
|
191
|
+
|
190
192
|
locked_dependencies.each(&:collect_tests)
|
191
193
|
|
192
194
|
tests.each do |path, content|
|
193
195
|
next if content.nil? || content.empty?
|
196
|
+
|
194
197
|
abs_path = source_reader.target.abs_path(path)
|
195
198
|
@runner_context.load_control_file(content, abs_path, nil)
|
196
199
|
end
|
@@ -207,6 +210,7 @@ module Inspec
|
|
207
210
|
next if inclusion.is_a?(Regexp)
|
208
211
|
# Insist the user wrap the regex in slashes to demarcate it as a regex
|
209
212
|
next unless inclusion.start_with?("/") && inclusion.end_with?("/")
|
213
|
+
|
210
214
|
inclusion = inclusion[1..-2] # Trim slashes
|
211
215
|
begin
|
212
216
|
re = Regexp.new(inclusion)
|
@@ -271,6 +275,7 @@ module Inspec
|
|
271
275
|
# add information about the controls
|
272
276
|
res[:controls] = res[:controls].map do |id, rule|
|
273
277
|
next if id.to_s.empty?
|
278
|
+
|
274
279
|
data = rule.dup
|
275
280
|
data.delete(:checks)
|
276
281
|
data[:impact] ||= 0.5
|
@@ -284,7 +289,7 @@ module Inspec
|
|
284
289
|
profile = dep.profile
|
285
290
|
code = Inspec::MethodSource.code_at(data[:source_location], profile.source_reader)
|
286
291
|
data[:code] = code unless code.nil? || code.empty?
|
287
|
-
break
|
292
|
+
break unless data[:code].empty?
|
288
293
|
end
|
289
294
|
end
|
290
295
|
data
|
@@ -377,8 +382,8 @@ module Inspec
|
|
377
382
|
# only run the vendor check if the legacy profile-path is not used as argument
|
378
383
|
if @legacy_profile_path == false
|
379
384
|
# verify that a lockfile is present if we have dependencies
|
380
|
-
|
381
|
-
error.call(meta_path, 0, 0, nil, "Your profile needs to be vendored with `inspec vendor`.")
|
385
|
+
unless metadata.dependencies.empty?
|
386
|
+
error.call(meta_path, 0, 0, nil, "Your profile needs to be vendored with `inspec vendor`.") unless lockfile_exists?
|
382
387
|
end
|
383
388
|
|
384
389
|
if lockfile_exists?
|
@@ -393,7 +398,7 @@ module Inspec
|
|
393
398
|
next if dep[:name].nil?
|
394
399
|
|
395
400
|
# TODO: should we also verify that the soure is the same?
|
396
|
-
|
401
|
+
unless lockfile.deps.map { |x| x[:name] }.include? dep[:name]
|
397
402
|
error.call(meta_path, 0, 0, nil, "Cannot find #{dep[:name]} in lockfile. Please re-vendor with `inspec vendor`.")
|
398
403
|
end
|
399
404
|
end
|
@@ -417,6 +422,7 @@ module Inspec
|
|
417
422
|
sline = control[:source_location][:line]
|
418
423
|
error.call(sfile, sline, nil, id, "Avoid controls with empty IDs") if id.nil? || id.empty?
|
419
424
|
next if id.start_with? "(generated "
|
425
|
+
|
420
426
|
warn.call(sfile, sline, nil, id, "Control #{id} has no title") if control[:title].to_s.empty?
|
421
427
|
warn.call(sfile, sline, nil, id, "Control #{id} has no descriptions") if control[:descriptions][:default].to_s.empty?
|
422
428
|
warn.call(sfile, sline, nil, id, "Control #{id} has impact > 1.0") if control[:impact].to_f > 1.0
|
@@ -547,7 +553,7 @@ module Inspec
|
|
547
553
|
[["inspec.lock.deps", YAML.dump(deps)]]
|
548
554
|
|
549
555
|
files.sort_by { |a| a[0] }
|
550
|
-
|
556
|
+
.map { |f| res << f[0] << "\0" << f[1] << "\0" }
|
551
557
|
|
552
558
|
res.digest.unpack("H*")[0]
|
553
559
|
end
|
@@ -591,6 +597,7 @@ module Inspec
|
|
591
597
|
prefix = @source_reader.target.prefix || ""
|
592
598
|
tests&.each do |rule|
|
593
599
|
next if rule.nil?
|
600
|
+
|
594
601
|
f = load_rule_filepath(prefix, rule)
|
595
602
|
load_rule(rule, f, controls, groups)
|
596
603
|
end
|
@@ -623,7 +630,7 @@ module Inspec
|
|
623
630
|
if controls[id][:code].empty? && Inspec::Rule.merge_count(rule) > 0
|
624
631
|
Inspec::Rule.merge_changes(rule).each do |merge_location|
|
625
632
|
code = Inspec::MethodSource.code_at(merge_location, source_reader)
|
626
|
-
|
633
|
+
unless code.empty?
|
627
634
|
controls[id][:code] = code
|
628
635
|
break
|
629
636
|
end
|
@@ -94,7 +94,7 @@ module Inspec
|
|
94
94
|
|
95
95
|
def subcontext_by_name(name)
|
96
96
|
found = @lib_subcontexts.find { |c| c.profile_id == name }
|
97
|
-
|
97
|
+
unless found
|
98
98
|
@lib_subcontexts.each do |c|
|
99
99
|
found = c.subcontext_by_name(name)
|
100
100
|
break if found
|
@@ -133,6 +133,7 @@ module Inspec
|
|
133
133
|
# load all files directly that are flat inside the libraries folder
|
134
134
|
autoloads.each do |path|
|
135
135
|
next unless path.end_with?(".rb")
|
136
|
+
|
136
137
|
load_library_file(*@require_loader.load(path)) unless @require_loader.loaded?(path)
|
137
138
|
end
|
138
139
|
reload_dsl
|
@@ -150,7 +151,7 @@ module Inspec
|
|
150
151
|
end
|
151
152
|
|
152
153
|
def load_with_context(context, content, source = nil, line = nil)
|
153
|
-
Inspec::Log.debug("Loading #{source ||
|
154
|
+
Inspec::Log.debug("Loading #{source || "<anonymous content>"} into #{self}")
|
154
155
|
@current_load = { file: source }
|
155
156
|
if content.is_a? Proc
|
156
157
|
context.instance_eval(&content)
|
@@ -195,6 +196,7 @@ module Inspec
|
|
195
196
|
|
196
197
|
def full_id(pid, rid)
|
197
198
|
return rid.to_s if pid.to_s.empty?
|
199
|
+
|
198
200
|
pid.to_s + "/" + rid.to_s
|
199
201
|
end
|
200
202
|
end
|
data/lib/inspec/reporters/cli.rb
CHANGED
@@ -54,8 +54,8 @@ module Inspec::Reporters
|
|
54
54
|
print_anonymous_control_results(profile)
|
55
55
|
if @control_count == 0
|
56
56
|
output(format_message(
|
57
|
-
|
58
|
-
|
57
|
+
indentation: 5,
|
58
|
+
message: "No tests executed."
|
59
59
|
))
|
60
60
|
end
|
61
61
|
end
|
@@ -86,6 +86,7 @@ module Inspec::Reporters
|
|
86
86
|
standard_controls_from_profile(profile).each do |control_from_profile|
|
87
87
|
control = Control.new(control_from_profile)
|
88
88
|
next if control.results.nil?
|
89
|
+
|
89
90
|
output(format_control_header(control))
|
90
91
|
control.results.each do |result|
|
91
92
|
output(format_result(control, result, :standard))
|
@@ -99,6 +100,7 @@ module Inspec::Reporters
|
|
99
100
|
anonymous_controls_from_profile(profile).each do |control_from_profile|
|
100
101
|
control = Control.new(control_from_profile)
|
101
102
|
next if control.results.nil?
|
103
|
+
|
102
104
|
output(format_control_header(control))
|
103
105
|
control.results.each do |result|
|
104
106
|
output(format_result(control, result, :anonymous))
|
@@ -111,7 +113,7 @@ module Inspec::Reporters
|
|
111
113
|
if profile[:title].nil?
|
112
114
|
(profile[:name] || "unknown").to_s
|
113
115
|
else
|
114
|
-
"#{profile[:title]} (#{profile[:name] ||
|
116
|
+
"#{profile[:title]} (#{profile[:name] || "unknown"})"
|
115
117
|
end
|
116
118
|
end
|
117
119
|
|
@@ -163,7 +165,7 @@ module Inspec::Reporters
|
|
163
165
|
return text if defined?(RSpec.configuration) && !RSpec.configuration.color
|
164
166
|
return text unless COLORS.key?(color_name)
|
165
167
|
|
166
|
-
"#{COLORS[color_name]}#{text}#{COLORS[
|
168
|
+
"#{COLORS[color_name]}#{text}#{COLORS["reset"]}"
|
167
169
|
end
|
168
170
|
|
169
171
|
def all_unique_controls
|
@@ -182,6 +184,7 @@ module Inspec::Reporters
|
|
182
184
|
all_unique_controls.each do |control|
|
183
185
|
next if control[:id].start_with? "(generated from "
|
184
186
|
next unless control[:results]
|
187
|
+
|
185
188
|
if control[:results].any? { |r| r[:status] == "failed" }
|
186
189
|
failed += 1
|
187
190
|
elsif control[:results].any? { |r| r[:status] == "skipped" }
|
@@ -209,6 +212,7 @@ module Inspec::Reporters
|
|
209
212
|
|
210
213
|
all_unique_controls.each do |control|
|
211
214
|
next unless control[:results]
|
215
|
+
|
212
216
|
control[:results].each do |result|
|
213
217
|
if result[:status] == "failed"
|
214
218
|
failed += 1
|
@@ -232,9 +236,9 @@ module Inspec::Reporters
|
|
232
236
|
summary = profile_summary
|
233
237
|
return unless summary["total"] > 0
|
234
238
|
|
235
|
-
success_str = summary["passed"] == 1 ? "1 successful control" : "#{summary[
|
236
|
-
failed_str = summary["failed"] == 1 ? "1 control failure" : "#{summary[
|
237
|
-
skipped_str = summary["skipped"] == 1 ? "1 control skipped" : "#{summary[
|
239
|
+
success_str = summary["passed"] == 1 ? "1 successful control" : "#{summary["passed"]} successful controls"
|
240
|
+
failed_str = summary["failed"] == 1 ? "1 control failure" : "#{summary["failed"]} control failures"
|
241
|
+
skipped_str = summary["skipped"] == 1 ? "1 control skipped" : "#{summary["skipped"]} controls skipped"
|
238
242
|
|
239
243
|
success_color = summary["passed"] > 0 ? "passed" : "no_color"
|
240
244
|
failed_color = summary["failed"] > 0 ? "failed" : "no_color"
|
@@ -252,7 +256,7 @@ module Inspec::Reporters
|
|
252
256
|
def print_tests_summary
|
253
257
|
summary = tests_summary
|
254
258
|
|
255
|
-
failed_str = summary["failed"] == 1 ? "1 failure" : "#{summary[
|
259
|
+
failed_str = summary["failed"] == 1 ? "1 failure" : "#{summary["failed"]} failures"
|
256
260
|
|
257
261
|
success_color = summary["passed"] > 0 ? "passed" : "no_color"
|
258
262
|
failed_color = summary["failed"] > 0 ? "failed" : "no_color"
|
@@ -260,9 +264,9 @@ module Inspec::Reporters
|
|
260
264
|
|
261
265
|
s = format(
|
262
266
|
"Test Summary: %s, %s, %s",
|
263
|
-
format_with_color(success_color, "#{summary[
|
267
|
+
format_with_color(success_color, "#{summary["passed"]} successful"),
|
264
268
|
format_with_color(failed_color, failed_str),
|
265
|
-
format_with_color(skipped_color, "#{summary[
|
269
|
+
format_with_color(skipped_color, "#{summary["skipped"]} skipped")
|
266
270
|
)
|
267
271
|
|
268
272
|
output(s)
|