inspec 4.7.3 → 4.7.18
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/inspec.gemspec +1 -1
- data/lib/bundles/inspec-supermarket/api.rb +2 -1
- data/lib/bundles/inspec-supermarket/cli.rb +6 -6
- data/lib/bundles/inspec-supermarket/target.rb +1 -0
- data/lib/fetchers/git.rb +3 -1
- data/lib/fetchers/mock.rb +1 -0
- data/lib/fetchers/url.rb +6 -3
- data/lib/inspec/backend.rb +1 -0
- data/lib/inspec/base_cli.rb +4 -1
- data/lib/inspec/cli.rb +5 -4
- data/lib/inspec/config.rb +9 -1
- data/lib/inspec/control_eval_context.rb +1 -0
- data/lib/inspec/dependencies/cache.rb +1 -0
- data/lib/inspec/dependencies/dependency_set.rb +2 -0
- data/lib/inspec/dependencies/lockfile.rb +1 -0
- data/lib/inspec/dependencies/requirement.rb +8 -7
- data/lib/inspec/dependencies/resolver.rb +3 -3
- data/lib/inspec/describe.rb +1 -0
- data/lib/inspec/dsl.rb +1 -1
- data/lib/inspec/dsl_shared.rb +1 -1
- data/lib/inspec/env_printer.rb +4 -4
- data/lib/inspec/fetcher.rb +4 -2
- data/lib/inspec/file_provider.rb +18 -8
- data/lib/inspec/formatters/base.rb +5 -0
- data/lib/inspec/impact.rb +2 -0
- data/lib/inspec/input_registry.rb +14 -13
- data/lib/inspec/metadata.rb +6 -2
- data/lib/inspec/method_source.rb +1 -1
- data/lib/inspec/objects/control.rb +4 -1
- data/lib/inspec/objects/describe.rb +3 -1
- data/lib/inspec/objects/input.rb +6 -5
- data/lib/inspec/objects/list.rb +2 -0
- data/lib/inspec/objects/test.rb +3 -2
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +7 -0
- data/lib/inspec/plugin/v1/plugins.rb +4 -3
- data/lib/inspec/plugin/v1/registry.rb +3 -2
- data/lib/inspec/plugin/v2.rb +1 -0
- data/lib/inspec/plugin/v2/activator.rb +2 -0
- data/lib/inspec/plugin/v2/config_file.rb +4 -1
- data/lib/inspec/plugin/v2/filter.rb +1 -0
- data/lib/inspec/plugin/v2/installer.rb +9 -7
- data/lib/inspec/plugin/v2/loader.rb +2 -0
- data/lib/inspec/plugin/v2/plugin_base.rb +1 -0
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +2 -2
- data/lib/inspec/plugin/v2/registry.rb +3 -1
- data/lib/inspec/profile.rb +13 -6
- data/lib/inspec/profile_context.rb +4 -2
- data/lib/inspec/reporters/cli.rb +14 -10
- data/lib/inspec/reporters/json.rb +1 -0
- data/lib/inspec/reporters/json_automate.rb +3 -0
- data/lib/inspec/reporters/json_min.rb +2 -0
- data/lib/inspec/resource.rb +2 -0
- data/lib/inspec/resources/aide_conf.rb +4 -3
- data/lib/inspec/resources/apache_conf.rb +1 -1
- data/lib/inspec/resources/apt.rb +2 -0
- data/lib/inspec/resources/auditd.rb +19 -18
- data/lib/inspec/resources/bridge.rb +5 -2
- data/lib/inspec/resources/chocolatey_package.rb +2 -0
- data/lib/inspec/resources/command.rb +1 -1
- data/lib/inspec/resources/crontab.rb +9 -8
- data/lib/inspec/resources/csv.rb +1 -1
- data/lib/inspec/resources/dh_params.rb +6 -0
- data/lib/inspec/resources/docker.rb +37 -34
- data/lib/inspec/resources/docker_container.rb +1 -0
- data/lib/inspec/resources/docker_image.rb +1 -0
- data/lib/inspec/resources/docker_plugin.rb +1 -0
- data/lib/inspec/resources/docker_service.rb +1 -0
- data/lib/inspec/resources/elasticsearch.rb +24 -24
- data/lib/inspec/resources/etc_fstab.rb +8 -7
- data/lib/inspec/resources/etc_group.rb +4 -0
- data/lib/inspec/resources/etc_hosts.rb +4 -4
- data/lib/inspec/resources/etc_hosts_allow_deny.rb +5 -3
- data/lib/inspec/resources/file.rb +4 -1
- data/lib/inspec/resources/filesystem.rb +5 -3
- data/lib/inspec/resources/firewalld.rb +7 -4
- data/lib/inspec/resources/groups.rb +6 -4
- data/lib/inspec/resources/grub_conf.rb +3 -0
- data/lib/inspec/resources/host.rb +5 -3
- data/lib/inspec/resources/http.rb +6 -4
- data/lib/inspec/resources/iis_app.rb +1 -0
- data/lib/inspec/resources/iis_app_pool.rb +1 -1
- data/lib/inspec/resources/iis_site.rb +4 -3
- data/lib/inspec/resources/interface.rb +10 -7
- data/lib/inspec/resources/json.rb +1 -1
- data/lib/inspec/resources/kernel_module.rb +1 -1
- data/lib/inspec/resources/kernel_parameter.rb +2 -1
- data/lib/inspec/resources/key_rsa.rb +5 -0
- data/lib/inspec/resources/mount.rb +3 -1
- data/lib/inspec/resources/mysql_conf.rb +3 -1
- data/lib/inspec/resources/mysql_session.rb +2 -0
- data/lib/inspec/resources/nginx.rb +1 -0
- data/lib/inspec/resources/nginx_conf.rb +10 -6
- data/lib/inspec/resources/ntp_conf.rb +1 -0
- data/lib/inspec/resources/oneget.rb +1 -1
- data/lib/inspec/resources/oracledb_session.rb +4 -2
- data/lib/inspec/resources/os_env.rb +1 -0
- data/lib/inspec/resources/package.rb +10 -6
- data/lib/inspec/resources/packages.rb +7 -5
- data/lib/inspec/resources/passwd.rb +7 -7
- data/lib/inspec/resources/pip.rb +2 -0
- data/lib/inspec/resources/port.rb +22 -8
- data/lib/inspec/resources/postgres.rb +2 -1
- data/lib/inspec/resources/postgres_conf.rb +2 -0
- data/lib/inspec/resources/postgres_hba_conf.rb +6 -6
- data/lib/inspec/resources/postgres_ident_conf.rb +3 -3
- data/lib/inspec/resources/processes.rb +16 -15
- data/lib/inspec/resources/rabbitmq_config.rb +2 -0
- data/lib/inspec/resources/registry_key.rb +8 -3
- data/lib/inspec/resources/security_identifier.rb +3 -1
- data/lib/inspec/resources/security_policy.rb +2 -1
- data/lib/inspec/resources/service.rb +13 -1
- data/lib/inspec/resources/shadow.rb +1 -0
- data/lib/inspec/resources/ssh_config.rb +2 -0
- data/lib/inspec/resources/ssl.rb +12 -11
- data/lib/inspec/resources/users.rb +29 -19
- data/lib/inspec/resources/virtualization.rb +10 -0
- data/lib/inspec/resources/windows_feature.rb +1 -1
- data/lib/inspec/resources/windows_hotfix.rb +2 -0
- data/lib/inspec/resources/windows_task.rb +4 -0
- data/lib/inspec/resources/wmi.rb +2 -1
- data/lib/inspec/resources/x509_certificate.rb +8 -0
- data/lib/inspec/resources/xinetd_conf.rb +10 -9
- data/lib/inspec/resources/yum.rb +15 -11
- data/lib/inspec/resources/zfs_dataset.rb +4 -2
- data/lib/inspec/resources/zfs_pool.rb +2 -1
- data/lib/inspec/rule.rb +11 -1
- data/lib/inspec/runner.rb +9 -6
- data/lib/inspec/runner_rspec.rb +10 -8
- data/lib/inspec/schema.rb +1 -0
- data/lib/inspec/secrets.rb +1 -0
- data/lib/inspec/secrets/yaml.rb +1 -0
- data/lib/inspec/shell.rb +20 -19
- data/lib/inspec/shell_detector.rb +1 -1
- data/lib/inspec/source_reader.rb +2 -0
- data/lib/inspec/ui.rb +1 -0
- data/lib/inspec/utils/deprecation/config_file.rb +8 -4
- data/lib/inspec/utils/erlang_parser.rb +2 -0
- data/lib/inspec/utils/file_reader.rb +1 -1
- data/lib/inspec/utils/filter.rb +16 -3
- data/lib/inspec/utils/find_files.rb +2 -2
- data/lib/inspec/utils/object_traversal.rb +1 -0
- data/lib/inspec/utils/parser.rb +2 -0
- data/lib/inspec/utils/simpleconfig.rb +4 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +4 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +12 -11
- data/lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb +3 -3
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +15 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +4 -2
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +13 -12
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +3 -0
- data/lib/plugins/inspec-compliance/test/unit/api_test.rb +28 -28
- data/lib/plugins/inspec-compliance/test/unit/target_test.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +1 -1
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +7 -6
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +2 -2
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +1 -0
- data/lib/plugins/inspec-init/test/functional/inspec_init_plugin_test.rb +12 -10
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +6 -5
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +1 -0
- data/lib/plugins/shared/core_plugin_test_helper.rb +1 -0
- data/lib/resource_support/aws/aws_resource_mixin.rb +3 -2
- data/lib/resources/aws/aws_billing_report.rb +1 -1
- data/lib/resources/aws/aws_billing_reports.rb +8 -7
- data/lib/resources/aws/aws_cloudtrail_trail.rb +1 -1
- data/lib/resources/aws/aws_cloudtrail_trails.rb +1 -0
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +4 -3
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +2 -1
- data/lib/resources/aws/aws_config_delivery_channel.rb +1 -1
- data/lib/resources/aws/aws_config_recorder.rb +2 -0
- data/lib/resources/aws/aws_ebs_volume.rb +1 -0
- data/lib/resources/aws/aws_ebs_volumes.rb +2 -0
- data/lib/resources/aws/aws_ec2_instance.rb +2 -0
- data/lib/resources/aws/aws_ec2_instances.rb +2 -0
- data/lib/resources/aws/aws_ecs_cluster.rb +2 -2
- data/lib/resources/aws/aws_eks_cluster.rb +3 -3
- data/lib/resources/aws/aws_elb.rb +2 -2
- data/lib/resources/aws/aws_elbs.rb +14 -12
- data/lib/resources/aws/aws_flow_log.rb +2 -2
- data/lib/resources/aws/aws_iam_access_key.rb +3 -1
- data/lib/resources/aws/aws_iam_access_keys.rb +18 -16
- data/lib/resources/aws/aws_iam_groups.rb +1 -0
- data/lib/resources/aws/aws_iam_password_policy.rb +9 -7
- data/lib/resources/aws/aws_iam_policies.rb +2 -1
- data/lib/resources/aws/aws_iam_policy.rb +10 -1
- data/lib/resources/aws/aws_iam_role.rb +1 -0
- data/lib/resources/aws/aws_iam_user.rb +5 -2
- data/lib/resources/aws/aws_iam_users.rb +12 -11
- data/lib/resources/aws/aws_kms_key.rb +2 -2
- data/lib/resources/aws/aws_kms_keys.rb +3 -1
- data/lib/resources/aws/aws_route_table.rb +2 -2
- data/lib/resources/aws/aws_route_tables.rb +2 -1
- data/lib/resources/aws/aws_s3_bucket.rb +5 -3
- data/lib/resources/aws/aws_s3_bucket_object.rb +3 -1
- data/lib/resources/aws/aws_s3_buckets.rb +1 -0
- data/lib/resources/aws/aws_security_group.rb +20 -9
- data/lib/resources/aws/aws_security_groups.rb +1 -0
- data/lib/resources/aws/aws_sns_subscription.rb +1 -1
- data/lib/resources/aws/aws_sns_topics.rb +2 -0
- data/lib/resources/aws/aws_subnet.rb +2 -2
- data/lib/resources/aws/aws_subnets.rb +4 -3
- data/lib/resources/aws/aws_vpc.rb +1 -1
- data/lib/resources/aws/aws_vpcs.rb +3 -2
- data/lib/resources/azure/azure_generic_resource.rb +4 -4
- data/lib/resources/azure/azure_resource_group.rb +1 -0
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +13 -12
- data/lib/source_readers/flat.rb +1 -0
- data/lib/source_readers/inspec.rb +1 -0
- metadata +2 -2
@@ -36,6 +36,7 @@ module Inspec::Reporters
|
|
36
36
|
def merge_profiles
|
37
37
|
@profiles.each do |profile|
|
38
38
|
next unless profile.key?(:parent_profile)
|
39
|
+
|
39
40
|
parent_profile = find_master_parent(profile)
|
40
41
|
merge_controls(parent_profile, profile)
|
41
42
|
merge_depends(parent_profile, profile)
|
@@ -62,6 +63,7 @@ module Inspec::Reporters
|
|
62
63
|
control.each do |name, _value|
|
63
64
|
child_value = child_control[name]
|
64
65
|
next if child_value.nil? || (child_value.respond_to?(:empty?) && child_value.empty?)
|
66
|
+
|
65
67
|
control[name] = child_value
|
66
68
|
end
|
67
69
|
end
|
@@ -69,6 +71,7 @@ module Inspec::Reporters
|
|
69
71
|
|
70
72
|
def merge_depends(parent, child)
|
71
73
|
return unless child.key?(:depends)
|
74
|
+
|
72
75
|
child[:depends].each do |d|
|
73
76
|
parent[:depends] << d
|
74
77
|
end
|
@@ -17,9 +17,11 @@ module Inspec::Reporters
|
|
17
17
|
run_data[:profiles].each do |profile|
|
18
18
|
profile_id = profile[:name]
|
19
19
|
next unless profile[:controls]
|
20
|
+
|
20
21
|
profile[:controls].each do |control|
|
21
22
|
control_id = control[:id]
|
22
23
|
next unless control[:results]
|
24
|
+
|
23
25
|
control[:results].each do |result|
|
24
26
|
result_for_report = {
|
25
27
|
id: control_id,
|
data/lib/inspec/resource.rb
CHANGED
@@ -41,6 +41,7 @@ module Inspec
|
|
41
41
|
end
|
42
42
|
|
43
43
|
raise ProfileNotFound, "Cannot find profile named: #{profile_name}" if inner_context.nil?
|
44
|
+
|
44
45
|
inner_context.resource_registry[resource_name]
|
45
46
|
end
|
46
47
|
|
@@ -51,6 +52,7 @@ module Inspec
|
|
51
52
|
|
52
53
|
# confirm backend custom resources have access to other custom resources
|
53
54
|
next if backend.respond_to?(id)
|
55
|
+
|
54
56
|
backend.class.send(:define_method, id.to_sym) do |*args|
|
55
57
|
r.new(backend, id.to_s, *args)
|
56
58
|
end
|
@@ -44,7 +44,7 @@ module Inspec::Resources
|
|
44
44
|
|
45
45
|
filter = FilterTable.create
|
46
46
|
filter.register_column(:selection_lines, field: "selection_line")
|
47
|
-
|
47
|
+
.register_column(:rules, field: "rules")
|
48
48
|
|
49
49
|
filter.install_filter_methods_on_resource(self, :params)
|
50
50
|
|
@@ -52,6 +52,7 @@ module Inspec::Resources
|
|
52
52
|
|
53
53
|
def read_content
|
54
54
|
return @content unless @content.nil?
|
55
|
+
|
55
56
|
@rules = {}
|
56
57
|
|
57
58
|
raw_conf = read_file_content(@conf_path)
|
@@ -74,7 +75,7 @@ module Inspec::Resources
|
|
74
75
|
params = []
|
75
76
|
content.each do |line|
|
76
77
|
param = parse_line(line)
|
77
|
-
|
78
|
+
unless param["selection_line"].nil?
|
78
79
|
params.push(param)
|
79
80
|
end
|
80
81
|
end
|
@@ -116,7 +117,7 @@ module Inspec::Resources
|
|
116
117
|
rule_list.each_index do |i|
|
117
118
|
hash_list = @rules[rule_list[i]]
|
118
119
|
# Cases where rule respresents one or more other rules
|
119
|
-
|
120
|
+
unless hash_list.nil?
|
120
121
|
rule_list[i] = hash_list
|
121
122
|
end
|
122
123
|
rule_list[i] = handle_multi_rule(rule_list, i)
|
data/lib/inspec/resources/apt.rb
CHANGED
@@ -55,6 +55,7 @@ module Inspec::Resources
|
|
55
55
|
|
56
56
|
def enabled?
|
57
57
|
return false if find_repo.count == 0
|
58
|
+
|
58
59
|
actives = find_repo.map { |repo| repo[:active] }
|
59
60
|
actives = actives.uniq
|
60
61
|
actives.size == 1 && actives[0] = true
|
@@ -113,6 +114,7 @@ module Inspec::Resources
|
|
113
114
|
def determine_ppa_url(ppa_url)
|
114
115
|
# verify if we have the url already, then just return
|
115
116
|
return ppa_url if ppa_url =~ HTTP_URL_RE
|
117
|
+
|
116
118
|
# otherwise start generating the ppa url
|
117
119
|
|
118
120
|
# special care if the name stats with :
|
@@ -30,7 +30,7 @@ module Inspec::Resources
|
|
30
30
|
def initialize
|
31
31
|
unless inspec.command("/sbin/auditctl").exist?
|
32
32
|
raise Inspec::Exceptions::ResourceFailed,
|
33
|
-
|
33
|
+
"Command `/sbin/auditctl` does not exist"
|
34
34
|
end
|
35
35
|
|
36
36
|
auditctl_cmd = "/sbin/auditctl -l"
|
@@ -38,32 +38,32 @@ module Inspec::Resources
|
|
38
38
|
|
39
39
|
if result.exit_status != 0
|
40
40
|
raise Inspec::Exceptions::ResourceFailed,
|
41
|
-
|
41
|
+
"Command `#{auditctl_cmd}` failed with error: #{result.stderr}"
|
42
42
|
end
|
43
43
|
|
44
44
|
@content = result.stdout
|
45
45
|
@params = []
|
46
46
|
|
47
47
|
if @content =~ /^LIST_RULES:/
|
48
|
-
raise Inspec::Exceptions::
|
49
|
-
|
50
|
-
|
48
|
+
raise Inspec::Exceptions::ResourceFailed,
|
49
|
+
"The version of audit is outdated." \
|
50
|
+
"The `auditd` resource supports versions of audit >= 2.3."
|
51
51
|
end
|
52
52
|
parse_content
|
53
53
|
end
|
54
54
|
|
55
55
|
filter = FilterTable.create
|
56
|
-
filter.register_column(:file,
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
56
|
+
filter.register_column(:file, field: "file")
|
57
|
+
.register_column(:list, field: "list")
|
58
|
+
.register_column(:action, field: "action")
|
59
|
+
.register_column(:fields, field: "fields")
|
60
|
+
.register_column(:fields_nokey, field: "fields_nokey")
|
61
|
+
.register_column(:syscall, field: "syscall")
|
62
|
+
.register_column(:key, field: "key")
|
63
|
+
.register_column(:arch, field: "arch")
|
64
|
+
.register_column(:path, field: "path")
|
65
|
+
.register_column(:permissions, field: "permissions")
|
66
|
+
.register_column(:exit, field: "exit")
|
67
67
|
|
68
68
|
filter.install_filter_methods_on_resource(self, :params)
|
69
69
|
|
@@ -73,13 +73,14 @@ module Inspec::Resources
|
|
73
73
|
# See: https://github.com/inspec/inspec/issues/3113
|
74
74
|
if @status_content =~ /^AUDIT_STATUS/
|
75
75
|
@status_content = @status_content.gsub("AUDIT_STATUS: ", "")
|
76
|
-
|
77
|
-
|
76
|
+
.tr(" ", "\n")
|
77
|
+
.tr("=", " ")
|
78
78
|
end
|
79
79
|
|
80
80
|
@status_params ||= Hash[@status_content.scan(/^([^ ]+) (.*)$/)]
|
81
81
|
|
82
82
|
return @status_params[name] if name
|
83
|
+
|
83
84
|
@status_params
|
84
85
|
end
|
85
86
|
|
@@ -37,6 +37,7 @@ module Inspec::Resources
|
|
37
37
|
|
38
38
|
def has_interface?(interface)
|
39
39
|
return skip_resource "The `bridge` resource does not provide interface detection for Windows yet" if inspec.os.windows?
|
40
|
+
|
40
41
|
bridge_info.nil? ? false : bridge_info[:interfaces].include?(interface)
|
41
42
|
end
|
42
43
|
|
@@ -52,7 +53,8 @@ module Inspec::Resources
|
|
52
53
|
|
53
54
|
def bridge_info
|
54
55
|
return @cache if defined?(@cache)
|
55
|
-
|
56
|
+
|
57
|
+
@cache = @bridge_provider.bridge_info(@bridge_name) unless @bridge_provider.nil?
|
56
58
|
end
|
57
59
|
end
|
58
60
|
|
@@ -102,7 +104,7 @@ module Inspec::Resources
|
|
102
104
|
end
|
103
105
|
|
104
106
|
# ensure we have an array of groups
|
105
|
-
bridges = [bridges]
|
107
|
+
bridges = [bridges] unless bridges.is_a?(Array)
|
106
108
|
|
107
109
|
# select the requested interface
|
108
110
|
bridges = bridges.each_with_object([]) do |adapter, adapter_collection|
|
@@ -115,6 +117,7 @@ module Inspec::Resources
|
|
115
117
|
end
|
116
118
|
|
117
119
|
return nil if bridges.empty?
|
120
|
+
|
118
121
|
warn "[Possible Error] detected multiple bridges interfaces with the name #{bridge_name}" if bridges.size > 1
|
119
122
|
bridges[0]
|
120
123
|
end
|
@@ -20,6 +20,7 @@ module Inspec::Resources
|
|
20
20
|
|
21
21
|
def initialize(package_name, _opts = {})
|
22
22
|
raise "Chocolatey is not installed" unless inspec.command("choco").exist?
|
23
|
+
|
23
24
|
@package_name = package_name
|
24
25
|
@cache = base_data.update(generate_cache)
|
25
26
|
end
|
@@ -67,6 +68,7 @@ module Inspec::Resources
|
|
67
68
|
cmd = inspec.powershell(command.strip)
|
68
69
|
|
69
70
|
return {} if cmd.exit_status != 0 || cmd.stdout.strip.empty?
|
71
|
+
|
70
72
|
out = JSON.parse(cmd.stdout)
|
71
73
|
|
72
74
|
{
|
@@ -35,7 +35,7 @@ module Inspec::Resources
|
|
35
35
|
# Make sure command is replaced so sensitive output isn't shown
|
36
36
|
@command = "ERROR"
|
37
37
|
raise Inspec::Exceptions::ResourceFailed,
|
38
|
-
|
38
|
+
"The `redact_regex` option must be a regular expression"
|
39
39
|
end
|
40
40
|
@redact_regex = options[:redact_regex]
|
41
41
|
end
|
@@ -50,7 +50,8 @@ module Inspec::Resources
|
|
50
50
|
|
51
51
|
def read_crontab
|
52
52
|
if is_system_crontab?
|
53
|
-
raise Inspec::Exceptions::ResourceFailed, "Supplied crontab path '#{@path}' must exist!"
|
53
|
+
raise Inspec::Exceptions::ResourceFailed, "Supplied crontab path '#{@path}' must exist!" unless inspec.file(@path).exist?
|
54
|
+
|
54
55
|
ct = inspec.file(@path).content
|
55
56
|
else
|
56
57
|
ct = inspec.command(crontab_cmd).stdout
|
@@ -70,13 +71,13 @@ module Inspec::Resources
|
|
70
71
|
end
|
71
72
|
|
72
73
|
filter = FilterTable.create
|
73
|
-
filter.register_column(:minutes,
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
74
|
+
filter.register_column(:minutes, field: "minute")
|
75
|
+
.register_column(:hours, field: "hour")
|
76
|
+
.register_column(:days, field: "day")
|
77
|
+
.register_column(:months, field: "month")
|
78
|
+
.register_column(:weekdays, field: "weekday")
|
79
|
+
.register_column(:user, field: "user")
|
80
|
+
.register_column(:commands, field: "command")
|
80
81
|
|
81
82
|
# rebuild the crontab line from raw content
|
82
83
|
filter.register_custom_property(:content) do |t, _|
|
data/lib/inspec/resources/csv.rb
CHANGED
@@ -28,7 +28,7 @@ module Inspec::Resources
|
|
28
28
|
end
|
29
29
|
|
30
30
|
# implicit conversion of values
|
31
|
-
csv = CSV.new(content, headers: true, converters:
|
31
|
+
csv = CSV.new(content, headers: true, converters: %i{all blank_to_nil})
|
32
32
|
|
33
33
|
# convert to hash
|
34
34
|
csv.to_a.map(&:to_hash)
|
@@ -36,36 +36,42 @@ class DhParams < Inspec.resource(1)
|
|
36
36
|
# its('generator') { should eq 2 }
|
37
37
|
def generator
|
38
38
|
return if @dh_params.nil?
|
39
|
+
|
39
40
|
@dh_params.g.to_i
|
40
41
|
end
|
41
42
|
|
42
43
|
# its('modulus') { should eq '00:91:a0:15:89:e5:bc:38:93:12:02:fc:...' }
|
43
44
|
def modulus
|
44
45
|
return if @dh_params.nil?
|
46
|
+
|
45
47
|
"00:" + @dh_params.p.to_s(16).downcase.scan(/.{2}/).join(":")
|
46
48
|
end
|
47
49
|
|
48
50
|
# its('pem') { should eq '-----BEGIN DH PARAMETERS...' }
|
49
51
|
def pem
|
50
52
|
return if @dh_params.nil?
|
53
|
+
|
51
54
|
@dh_params.to_pem
|
52
55
|
end
|
53
56
|
|
54
57
|
# its('prime_length') { should be 2048 }
|
55
58
|
def prime_length
|
56
59
|
return if @dh_params.nil?
|
60
|
+
|
57
61
|
@dh_params.p.num_bits
|
58
62
|
end
|
59
63
|
|
60
64
|
# its('text') { should eq 'human-readable-text' }
|
61
65
|
def text
|
62
66
|
return if @dh_params.nil?
|
67
|
+
|
63
68
|
@dh_params.to_text
|
64
69
|
end
|
65
70
|
|
66
71
|
# it { should be_valid }
|
67
72
|
def valid?
|
68
73
|
return if @dh_params.nil?
|
74
|
+
|
69
75
|
@dh_params.params_ok?
|
70
76
|
end
|
71
77
|
|
@@ -11,21 +11,21 @@ module Inspec::Resources
|
|
11
11
|
# use filtertable for containers
|
12
12
|
filter = FilterTable.create
|
13
13
|
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
|
14
|
-
filter.register_column(:commands,
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
14
|
+
filter.register_column(:commands, field: "command")
|
15
|
+
.register_column(:ids, field: "id")
|
16
|
+
.register_column(:images, field: "image")
|
17
|
+
.register_column(:labels, field: "labels", style: :simple)
|
18
|
+
.register_column(:local_volumes, field: "localvolumes")
|
19
|
+
.register_column(:mounts, field: "mounts")
|
20
|
+
.register_column(:names, field: "names")
|
21
|
+
.register_column(:networks, field: "networks")
|
22
|
+
.register_column(:ports, field: "ports")
|
23
|
+
.register_column(:running_for, field: "runningfor")
|
24
|
+
.register_column(:sizes, field: "size")
|
25
|
+
.register_column(:status, field: "status")
|
26
|
+
.register_custom_matcher(:running?) do |x|
|
27
|
+
x.where { status.downcase.start_with?("up") }
|
28
|
+
end
|
29
29
|
filter.install_filter_methods_on_resource(self, :containers)
|
30
30
|
|
31
31
|
attr_reader :containers
|
@@ -37,13 +37,13 @@ module Inspec::Resources
|
|
37
37
|
class DockerImageFilter
|
38
38
|
filter = FilterTable.create
|
39
39
|
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
|
40
|
-
filter.register_column(:ids,
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
40
|
+
filter.register_column(:ids, field: "id")
|
41
|
+
.register_column(:repositories, field: "repository")
|
42
|
+
.register_column(:tags, field: "tag")
|
43
|
+
.register_column(:sizes, field: "size")
|
44
|
+
.register_column(:digests, field: "digest")
|
45
|
+
.register_column(:created, field: "createdat")
|
46
|
+
.register_column(:created_since, field: "createdsize")
|
47
47
|
filter.install_filter_methods_on_resource(self, :images)
|
48
48
|
|
49
49
|
attr_reader :images
|
@@ -54,10 +54,10 @@ module Inspec::Resources
|
|
54
54
|
|
55
55
|
class DockerPluginFilter
|
56
56
|
filter = FilterTable.create
|
57
|
-
filter.add(:ids,
|
58
|
-
|
59
|
-
|
60
|
-
|
57
|
+
filter.add(:ids, field: "id")
|
58
|
+
.add(:names, field: "name")
|
59
|
+
.add(:versions, field: "version")
|
60
|
+
.add(:enabled, field: "enabled")
|
61
61
|
filter.connect(self, :plugins)
|
62
62
|
|
63
63
|
attr_reader :plugins
|
@@ -69,12 +69,12 @@ module Inspec::Resources
|
|
69
69
|
class DockerServiceFilter
|
70
70
|
filter = FilterTable.create
|
71
71
|
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
|
72
|
-
filter.register_column(:ids,
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
72
|
+
filter.register_column(:ids, field: "id")
|
73
|
+
.register_column(:names, field: "name")
|
74
|
+
.register_column(:modes, field: "mode")
|
75
|
+
.register_column(:replicas, field: "replicas")
|
76
|
+
.register_column(:images, field: "image")
|
77
|
+
.register_column(:ports, field: "ports")
|
78
78
|
filter.install_filter_methods_on_resource(self, :services)
|
79
79
|
|
80
80
|
attr_reader :services
|
@@ -147,6 +147,7 @@ module Inspec::Resources
|
|
147
147
|
|
148
148
|
def version
|
149
149
|
return @version if defined?(@version)
|
150
|
+
|
150
151
|
data = {}
|
151
152
|
cmd = inspec.command("docker version --format '{{ json . }}'")
|
152
153
|
data = JSON.parse(cmd.stdout) if cmd.exit_status == 0
|
@@ -157,6 +158,7 @@ module Inspec::Resources
|
|
157
158
|
|
158
159
|
def info
|
159
160
|
return @info if defined?(@info)
|
161
|
+
|
160
162
|
data = {}
|
161
163
|
# docke info format is only supported for Docker 17.03+
|
162
164
|
cmd = inspec.command("docker info --format '{{ json . }}'")
|
@@ -169,6 +171,7 @@ module Inspec::Resources
|
|
169
171
|
# returns information about docker objects
|
170
172
|
def object(id)
|
171
173
|
return @inspect if defined?(@inspect)
|
174
|
+
|
172
175
|
data = JSON.parse(inspec.command("docker inspect #{id}").stdout)
|
173
176
|
data = data[0] if data.is_a?(Array)
|
174
177
|
@inspect = Hashie::Mash.new(data)
|
@@ -185,7 +188,7 @@ module Inspec::Resources
|
|
185
188
|
def parse_json_command(labels, subcommand)
|
186
189
|
# build command
|
187
190
|
format = labels.map { |label| "\"#{label}\": {{json .#{label}}}" }
|
188
|
-
raw = inspec.command("docker #{subcommand} --format '{#{format.join(
|
191
|
+
raw = inspec.command("docker #{subcommand} --format '{#{format.join(", ")}}'").stdout
|
189
192
|
output = []
|
190
193
|
# since docker is not outputting valid json, we need to parse each row
|
191
194
|
raw.each_line do |entry|
|
@@ -238,7 +241,7 @@ module Inspec::Resources
|
|
238
241
|
|
239
242
|
def ensure_keys(entry, labels)
|
240
243
|
labels.each do |key|
|
241
|
-
entry[key.downcase] = nil
|
244
|
+
entry[key.downcase] = nil unless entry.key?(key.downcase)
|
242
245
|
end
|
243
246
|
entry
|
244
247
|
end
|