inspec 4.7.3 → 4.7.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/inspec.gemspec +1 -1
- data/lib/bundles/inspec-supermarket/api.rb +2 -1
- data/lib/bundles/inspec-supermarket/cli.rb +6 -6
- data/lib/bundles/inspec-supermarket/target.rb +1 -0
- data/lib/fetchers/git.rb +3 -1
- data/lib/fetchers/mock.rb +1 -0
- data/lib/fetchers/url.rb +6 -3
- data/lib/inspec/backend.rb +1 -0
- data/lib/inspec/base_cli.rb +4 -1
- data/lib/inspec/cli.rb +5 -4
- data/lib/inspec/config.rb +9 -1
- data/lib/inspec/control_eval_context.rb +1 -0
- data/lib/inspec/dependencies/cache.rb +1 -0
- data/lib/inspec/dependencies/dependency_set.rb +2 -0
- data/lib/inspec/dependencies/lockfile.rb +1 -0
- data/lib/inspec/dependencies/requirement.rb +8 -7
- data/lib/inspec/dependencies/resolver.rb +3 -3
- data/lib/inspec/describe.rb +1 -0
- data/lib/inspec/dsl.rb +1 -1
- data/lib/inspec/dsl_shared.rb +1 -1
- data/lib/inspec/env_printer.rb +4 -4
- data/lib/inspec/fetcher.rb +4 -2
- data/lib/inspec/file_provider.rb +18 -8
- data/lib/inspec/formatters/base.rb +5 -0
- data/lib/inspec/impact.rb +2 -0
- data/lib/inspec/input_registry.rb +14 -13
- data/lib/inspec/metadata.rb +6 -2
- data/lib/inspec/method_source.rb +1 -1
- data/lib/inspec/objects/control.rb +4 -1
- data/lib/inspec/objects/describe.rb +3 -1
- data/lib/inspec/objects/input.rb +6 -5
- data/lib/inspec/objects/list.rb +2 -0
- data/lib/inspec/objects/test.rb +3 -2
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +7 -0
- data/lib/inspec/plugin/v1/plugins.rb +4 -3
- data/lib/inspec/plugin/v1/registry.rb +3 -2
- data/lib/inspec/plugin/v2.rb +1 -0
- data/lib/inspec/plugin/v2/activator.rb +2 -0
- data/lib/inspec/plugin/v2/config_file.rb +4 -1
- data/lib/inspec/plugin/v2/filter.rb +1 -0
- data/lib/inspec/plugin/v2/installer.rb +9 -7
- data/lib/inspec/plugin/v2/loader.rb +2 -0
- data/lib/inspec/plugin/v2/plugin_base.rb +1 -0
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +2 -2
- data/lib/inspec/plugin/v2/registry.rb +3 -1
- data/lib/inspec/profile.rb +13 -6
- data/lib/inspec/profile_context.rb +4 -2
- data/lib/inspec/reporters/cli.rb +14 -10
- data/lib/inspec/reporters/json.rb +1 -0
- data/lib/inspec/reporters/json_automate.rb +3 -0
- data/lib/inspec/reporters/json_min.rb +2 -0
- data/lib/inspec/resource.rb +2 -0
- data/lib/inspec/resources/aide_conf.rb +4 -3
- data/lib/inspec/resources/apache_conf.rb +1 -1
- data/lib/inspec/resources/apt.rb +2 -0
- data/lib/inspec/resources/auditd.rb +19 -18
- data/lib/inspec/resources/bridge.rb +5 -2
- data/lib/inspec/resources/chocolatey_package.rb +2 -0
- data/lib/inspec/resources/command.rb +1 -1
- data/lib/inspec/resources/crontab.rb +9 -8
- data/lib/inspec/resources/csv.rb +1 -1
- data/lib/inspec/resources/dh_params.rb +6 -0
- data/lib/inspec/resources/docker.rb +37 -34
- data/lib/inspec/resources/docker_container.rb +1 -0
- data/lib/inspec/resources/docker_image.rb +1 -0
- data/lib/inspec/resources/docker_plugin.rb +1 -0
- data/lib/inspec/resources/docker_service.rb +1 -0
- data/lib/inspec/resources/elasticsearch.rb +24 -24
- data/lib/inspec/resources/etc_fstab.rb +8 -7
- data/lib/inspec/resources/etc_group.rb +4 -0
- data/lib/inspec/resources/etc_hosts.rb +4 -4
- data/lib/inspec/resources/etc_hosts_allow_deny.rb +5 -3
- data/lib/inspec/resources/file.rb +4 -1
- data/lib/inspec/resources/filesystem.rb +5 -3
- data/lib/inspec/resources/firewalld.rb +7 -4
- data/lib/inspec/resources/groups.rb +6 -4
- data/lib/inspec/resources/grub_conf.rb +3 -0
- data/lib/inspec/resources/host.rb +5 -3
- data/lib/inspec/resources/http.rb +6 -4
- data/lib/inspec/resources/iis_app.rb +1 -0
- data/lib/inspec/resources/iis_app_pool.rb +1 -1
- data/lib/inspec/resources/iis_site.rb +4 -3
- data/lib/inspec/resources/interface.rb +10 -7
- data/lib/inspec/resources/json.rb +1 -1
- data/lib/inspec/resources/kernel_module.rb +1 -1
- data/lib/inspec/resources/kernel_parameter.rb +2 -1
- data/lib/inspec/resources/key_rsa.rb +5 -0
- data/lib/inspec/resources/mount.rb +3 -1
- data/lib/inspec/resources/mysql_conf.rb +3 -1
- data/lib/inspec/resources/mysql_session.rb +2 -0
- data/lib/inspec/resources/nginx.rb +1 -0
- data/lib/inspec/resources/nginx_conf.rb +10 -6
- data/lib/inspec/resources/ntp_conf.rb +1 -0
- data/lib/inspec/resources/oneget.rb +1 -1
- data/lib/inspec/resources/oracledb_session.rb +4 -2
- data/lib/inspec/resources/os_env.rb +1 -0
- data/lib/inspec/resources/package.rb +10 -6
- data/lib/inspec/resources/packages.rb +7 -5
- data/lib/inspec/resources/passwd.rb +7 -7
- data/lib/inspec/resources/pip.rb +2 -0
- data/lib/inspec/resources/port.rb +22 -8
- data/lib/inspec/resources/postgres.rb +2 -1
- data/lib/inspec/resources/postgres_conf.rb +2 -0
- data/lib/inspec/resources/postgres_hba_conf.rb +6 -6
- data/lib/inspec/resources/postgres_ident_conf.rb +3 -3
- data/lib/inspec/resources/processes.rb +16 -15
- data/lib/inspec/resources/rabbitmq_config.rb +2 -0
- data/lib/inspec/resources/registry_key.rb +8 -3
- data/lib/inspec/resources/security_identifier.rb +3 -1
- data/lib/inspec/resources/security_policy.rb +2 -1
- data/lib/inspec/resources/service.rb +13 -1
- data/lib/inspec/resources/shadow.rb +1 -0
- data/lib/inspec/resources/ssh_config.rb +2 -0
- data/lib/inspec/resources/ssl.rb +12 -11
- data/lib/inspec/resources/users.rb +29 -19
- data/lib/inspec/resources/virtualization.rb +10 -0
- data/lib/inspec/resources/windows_feature.rb +1 -1
- data/lib/inspec/resources/windows_hotfix.rb +2 -0
- data/lib/inspec/resources/windows_task.rb +4 -0
- data/lib/inspec/resources/wmi.rb +2 -1
- data/lib/inspec/resources/x509_certificate.rb +8 -0
- data/lib/inspec/resources/xinetd_conf.rb +10 -9
- data/lib/inspec/resources/yum.rb +15 -11
- data/lib/inspec/resources/zfs_dataset.rb +4 -2
- data/lib/inspec/resources/zfs_pool.rb +2 -1
- data/lib/inspec/rule.rb +11 -1
- data/lib/inspec/runner.rb +9 -6
- data/lib/inspec/runner_rspec.rb +10 -8
- data/lib/inspec/schema.rb +1 -0
- data/lib/inspec/secrets.rb +1 -0
- data/lib/inspec/secrets/yaml.rb +1 -0
- data/lib/inspec/shell.rb +20 -19
- data/lib/inspec/shell_detector.rb +1 -1
- data/lib/inspec/source_reader.rb +2 -0
- data/lib/inspec/ui.rb +1 -0
- data/lib/inspec/utils/deprecation/config_file.rb +8 -4
- data/lib/inspec/utils/erlang_parser.rb +2 -0
- data/lib/inspec/utils/file_reader.rb +1 -1
- data/lib/inspec/utils/filter.rb +16 -3
- data/lib/inspec/utils/find_files.rb +2 -2
- data/lib/inspec/utils/object_traversal.rb +1 -0
- data/lib/inspec/utils/parser.rb +2 -0
- data/lib/inspec/utils/simpleconfig.rb +4 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +4 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +12 -11
- data/lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb +3 -3
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +15 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +4 -2
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +13 -12
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +3 -0
- data/lib/plugins/inspec-compliance/test/unit/api_test.rb +28 -28
- data/lib/plugins/inspec-compliance/test/unit/target_test.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +1 -1
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +7 -6
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +2 -2
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +1 -0
- data/lib/plugins/inspec-init/test/functional/inspec_init_plugin_test.rb +12 -10
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +6 -5
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +1 -0
- data/lib/plugins/shared/core_plugin_test_helper.rb +1 -0
- data/lib/resource_support/aws/aws_resource_mixin.rb +3 -2
- data/lib/resources/aws/aws_billing_report.rb +1 -1
- data/lib/resources/aws/aws_billing_reports.rb +8 -7
- data/lib/resources/aws/aws_cloudtrail_trail.rb +1 -1
- data/lib/resources/aws/aws_cloudtrail_trails.rb +1 -0
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +4 -3
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +2 -1
- data/lib/resources/aws/aws_config_delivery_channel.rb +1 -1
- data/lib/resources/aws/aws_config_recorder.rb +2 -0
- data/lib/resources/aws/aws_ebs_volume.rb +1 -0
- data/lib/resources/aws/aws_ebs_volumes.rb +2 -0
- data/lib/resources/aws/aws_ec2_instance.rb +2 -0
- data/lib/resources/aws/aws_ec2_instances.rb +2 -0
- data/lib/resources/aws/aws_ecs_cluster.rb +2 -2
- data/lib/resources/aws/aws_eks_cluster.rb +3 -3
- data/lib/resources/aws/aws_elb.rb +2 -2
- data/lib/resources/aws/aws_elbs.rb +14 -12
- data/lib/resources/aws/aws_flow_log.rb +2 -2
- data/lib/resources/aws/aws_iam_access_key.rb +3 -1
- data/lib/resources/aws/aws_iam_access_keys.rb +18 -16
- data/lib/resources/aws/aws_iam_groups.rb +1 -0
- data/lib/resources/aws/aws_iam_password_policy.rb +9 -7
- data/lib/resources/aws/aws_iam_policies.rb +2 -1
- data/lib/resources/aws/aws_iam_policy.rb +10 -1
- data/lib/resources/aws/aws_iam_role.rb +1 -0
- data/lib/resources/aws/aws_iam_user.rb +5 -2
- data/lib/resources/aws/aws_iam_users.rb +12 -11
- data/lib/resources/aws/aws_kms_key.rb +2 -2
- data/lib/resources/aws/aws_kms_keys.rb +3 -1
- data/lib/resources/aws/aws_route_table.rb +2 -2
- data/lib/resources/aws/aws_route_tables.rb +2 -1
- data/lib/resources/aws/aws_s3_bucket.rb +5 -3
- data/lib/resources/aws/aws_s3_bucket_object.rb +3 -1
- data/lib/resources/aws/aws_s3_buckets.rb +1 -0
- data/lib/resources/aws/aws_security_group.rb +20 -9
- data/lib/resources/aws/aws_security_groups.rb +1 -0
- data/lib/resources/aws/aws_sns_subscription.rb +1 -1
- data/lib/resources/aws/aws_sns_topics.rb +2 -0
- data/lib/resources/aws/aws_subnet.rb +2 -2
- data/lib/resources/aws/aws_subnets.rb +4 -3
- data/lib/resources/aws/aws_vpc.rb +1 -1
- data/lib/resources/aws/aws_vpcs.rb +3 -2
- data/lib/resources/azure/azure_generic_resource.rb +4 -4
- data/lib/resources/azure/azure_resource_group.rb +1 -0
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +13 -12
- data/lib/source_readers/flat.rb +1 -0
- data/lib/source_readers/inspec.rb +1 -0
- metadata +2 -2
|
@@ -74,6 +74,7 @@ module Inspec::Resources
|
|
|
74
74
|
|
|
75
75
|
def object_info
|
|
76
76
|
return @info if defined?(@info)
|
|
77
|
+
|
|
77
78
|
opts = @opts
|
|
78
79
|
@info = inspec.docker.images.where do
|
|
79
80
|
(repository == opts[:repo] && tag == opts[:tag]) || (!id.nil? && !opts[:id].nil? && (id == opts[:id] || id.start_with?(opts[:id])))
|
|
@@ -81,6 +81,7 @@ module Inspec::Resources
|
|
|
81
81
|
|
|
82
82
|
def object_info
|
|
83
83
|
return @info if defined?(@info)
|
|
84
|
+
|
|
84
85
|
opts = @opts
|
|
85
86
|
@info = inspec.docker.services.where do
|
|
86
87
|
name == opts[:name] || image == opts[:image] || (!id.nil? && !opts[:id].nil? && (id == opts[:id] || id.start_with?(opts[:id])))
|
|
@@ -24,29 +24,29 @@ module Inspec::Resources
|
|
|
24
24
|
filter = FilterTable.create
|
|
25
25
|
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
|
|
26
26
|
filter.register_column(:cluster_name, field: "cluster_name")
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
27
|
+
.register_column(:node_name, field: "name")
|
|
28
|
+
.register_column(:transport_address, field: "transport_address")
|
|
29
|
+
.register_column(:host, field: "host")
|
|
30
|
+
.register_column(:ip, field: "ip")
|
|
31
|
+
.register_column(:version, field: "version")
|
|
32
|
+
.register_column(:build_hash, field: "build_hash")
|
|
33
|
+
.register_column(:total_indexing_buffer, field: "total_indexing_buffer")
|
|
34
|
+
.register_column(:roles, field: "roles")
|
|
35
|
+
.register_column(:settings, field: "settings")
|
|
36
|
+
.register_column(:os, field: "os")
|
|
37
|
+
.register_column(:process, field: "process")
|
|
38
|
+
.register_column(:jvm, field: "jvm")
|
|
39
|
+
.register_column(:transport, field: "transport")
|
|
40
|
+
.register_column(:http, field: "http")
|
|
41
|
+
.register_column(:plugins, field: "plugins")
|
|
42
|
+
.register_column(:plugin_list, field: "plugin_list")
|
|
43
|
+
.register_column(:modules, field: "modules")
|
|
44
|
+
.register_column(:module_list, field: "module_list")
|
|
45
|
+
.register_column(:node_id, field: "node_id")
|
|
46
|
+
.register_column(:ingest, field: "ingest")
|
|
47
|
+
.register_custom_property(:node_count) do |t, _|
|
|
48
|
+
t.entries.length
|
|
49
|
+
end
|
|
50
50
|
|
|
51
51
|
filter.install_filter_methods_on_resource(self, :nodes)
|
|
52
52
|
|
|
@@ -156,7 +156,7 @@ module Inspec::Resources
|
|
|
156
156
|
|
|
157
157
|
def verify_json_payload!(content)
|
|
158
158
|
unless content["error"].nil?
|
|
159
|
-
raise "#{content[
|
|
159
|
+
raise "#{content["error"]["type"]}: #{content["error"]["reason"]}"
|
|
160
160
|
end
|
|
161
161
|
|
|
162
162
|
raise "No successful nodes available in cluster" if content["_nodes"]["successful"] == 0
|
|
@@ -37,13 +37,13 @@ module Inspec::Resources
|
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
filter = FilterTable.create
|
|
40
|
-
filter.register_column(:device_name,
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
40
|
+
filter.register_column(:device_name, field: "device_name")
|
|
41
|
+
.register_column(:mount_point, field: "mount_point")
|
|
42
|
+
.register_column(:file_system_type, field: "file_system_type")
|
|
43
|
+
.register_column(:mount_options, field: "mount_options")
|
|
44
|
+
.register_column(:dump_options, field: "dump_options")
|
|
45
|
+
.register_column(:file_system_options, field: "file_system_options")
|
|
46
|
+
.register_custom_matcher(:configured?) { |x| x.entries.any? }
|
|
47
47
|
|
|
48
48
|
filter.install_filter_methods_on_resource(self, :params)
|
|
49
49
|
|
|
@@ -53,6 +53,7 @@ module Inspec::Resources
|
|
|
53
53
|
|
|
54
54
|
def home_mount_options
|
|
55
55
|
return nil unless where { mount_point == "/home" }.configured?
|
|
56
|
+
|
|
56
57
|
where { mount_point == "/home" }.entries[0].mount_options
|
|
57
58
|
end
|
|
58
59
|
|
|
@@ -56,6 +56,7 @@ module Inspec::Resources
|
|
|
56
56
|
def users(filter = nil)
|
|
57
57
|
entries = filter || @entries
|
|
58
58
|
return nil if entries.nil?
|
|
59
|
+
|
|
59
60
|
# filter the user entry
|
|
60
61
|
res = entries.map do |x|
|
|
61
62
|
x["members"].split(",") if !x.nil? && !x["members"].nil?
|
|
@@ -66,6 +67,7 @@ module Inspec::Resources
|
|
|
66
67
|
|
|
67
68
|
def where(conditions = {})
|
|
68
69
|
return if conditions.empty?
|
|
70
|
+
|
|
69
71
|
fields = {
|
|
70
72
|
name: "name",
|
|
71
73
|
group_name: "name",
|
|
@@ -81,6 +83,7 @@ module Inspec::Resources
|
|
|
81
83
|
conditions.each do |k, v|
|
|
82
84
|
idx = fields[k.to_sym]
|
|
83
85
|
next if idx.nil?
|
|
86
|
+
|
|
84
87
|
res = res.select { |x| x[idx].to_s == v.to_s }
|
|
85
88
|
end
|
|
86
89
|
end
|
|
@@ -113,6 +116,7 @@ module Inspec::Resources
|
|
|
113
116
|
x = line.split(":")
|
|
114
117
|
# abort if we have an empty or comment line
|
|
115
118
|
return nil if x.empty?
|
|
119
|
+
|
|
116
120
|
# map data
|
|
117
121
|
{
|
|
118
122
|
"name" => x.at(0), # Name of the group.
|
|
@@ -31,10 +31,10 @@ class EtcHosts < Inspec.resource(1)
|
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
FilterTable.create
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
34
|
+
.register_column(:ip_address, field: "ip_address")
|
|
35
|
+
.register_column(:primary_name, field: "primary_name")
|
|
36
|
+
.register_column(:all_host_names, field: "all_host_names")
|
|
37
|
+
.install_filter_methods_on_resource(self, :params)
|
|
38
38
|
|
|
39
39
|
private
|
|
40
40
|
|
|
@@ -27,9 +27,9 @@ module Inspec::Resources
|
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
filter = FilterTable.create
|
|
30
|
-
filter.register_column(:daemon,
|
|
31
|
-
|
|
32
|
-
|
|
30
|
+
filter.register_column(:daemon, field: "daemon")
|
|
31
|
+
.register_column(:client_list, field: "client_list")
|
|
32
|
+
.register_column(:options, field: "options")
|
|
33
33
|
|
|
34
34
|
filter.install_filter_methods_on_resource(self, :params)
|
|
35
35
|
|
|
@@ -47,6 +47,7 @@ module Inspec::Resources
|
|
|
47
47
|
content.each do |line|
|
|
48
48
|
data, = parse_comment_line(line, comment_char: "#", standalone_comments: false)
|
|
49
49
|
next unless data != ""
|
|
50
|
+
|
|
50
51
|
data.split(":")[0].split(",").each do |daemon|
|
|
51
52
|
split_daemons_list.push("#{daemon} : " + line.split(":", 2)[1])
|
|
52
53
|
end
|
|
@@ -98,6 +99,7 @@ module Inspec::Resources
|
|
|
98
99
|
|
|
99
100
|
def initialize(path = nil)
|
|
100
101
|
return skip_resource "`etc_hosts_deny` is not supported on your OS" unless inspec.os.linux?
|
|
102
|
+
|
|
101
103
|
super(path || "/etc/hosts.deny")
|
|
102
104
|
end
|
|
103
105
|
|
|
@@ -57,6 +57,7 @@ module Inspec::Resources
|
|
|
57
57
|
def content
|
|
58
58
|
res = file.content
|
|
59
59
|
return nil if res.nil?
|
|
60
|
+
|
|
60
61
|
res.force_encoding("utf-8")
|
|
61
62
|
end
|
|
62
63
|
|
|
@@ -102,7 +103,7 @@ module Inspec::Resources
|
|
|
102
103
|
Inspec.deprecate(:file_resource_be_mounted_matchers, "The file resource `be_mounted.with` and `be_mounted.only_with` matchers are deprecated. Please use the `mount` resource instead")
|
|
103
104
|
|
|
104
105
|
# we cannot read mount data on non-Linux systems
|
|
105
|
-
return nil
|
|
106
|
+
return nil unless inspec.os.linux?
|
|
106
107
|
|
|
107
108
|
# parse content if we are on linux
|
|
108
109
|
@mount_options ||= parse_mount_options(mounted.stdout, true)
|
|
@@ -171,6 +172,7 @@ module Inspec::Resources
|
|
|
171
172
|
|
|
172
173
|
def file_permission_granted?(access_type, by_usergroup, by_specific_user)
|
|
173
174
|
raise "`file_permission_granted?` is not supported on your OS" if @perms_provider.nil?
|
|
175
|
+
|
|
174
176
|
if by_specific_user.nil? || by_specific_user.empty?
|
|
175
177
|
@perms_provider.check_file_permission_by_mask(file, access_type, by_usergroup, by_specific_user)
|
|
176
178
|
else
|
|
@@ -215,6 +217,7 @@ module Inspec::Resources
|
|
|
215
217
|
flag = permission_flag(access_type)
|
|
216
218
|
mask = file.unix_mode_mask(usergroup, flag)
|
|
217
219
|
raise "Invalid usergroup/owner provided" if mask.nil?
|
|
220
|
+
|
|
218
221
|
(file.mode & mask) != 0
|
|
219
222
|
end
|
|
220
223
|
|
|
@@ -39,8 +39,9 @@ module Inspec::Resources
|
|
|
39
39
|
end
|
|
40
40
|
|
|
41
41
|
def info
|
|
42
|
-
return @cache
|
|
42
|
+
return @cache unless @cache.nil?
|
|
43
43
|
return {} if @fsman.nil?
|
|
44
|
+
|
|
44
45
|
@cache = @fsman.info(@partition)
|
|
45
46
|
end
|
|
46
47
|
|
|
@@ -119,12 +120,13 @@ module Inspec::Resources
|
|
|
119
120
|
EOF
|
|
120
121
|
|
|
121
122
|
raise Inspec::Exceptions::ResourceSkipped, "Unable to get available space for partition #{partition}" if cmd.stdout == "" || cmd.exit_status.to_i != 0
|
|
123
|
+
|
|
122
124
|
begin
|
|
123
125
|
fs = JSON.parse(cmd.stdout)
|
|
124
126
|
rescue JSON::ParserError => e
|
|
125
127
|
raise Inspec::Exceptions::ResourceFailed,
|
|
126
|
-
|
|
127
|
-
|
|
128
|
+
"Failed to parse JSON from Powershell. " \
|
|
129
|
+
"Error: #{e}"
|
|
128
130
|
end
|
|
129
131
|
{
|
|
130
132
|
name: fs["DeviceID"],
|
|
@@ -28,10 +28,10 @@ module Inspec::Resources
|
|
|
28
28
|
attr_reader :params
|
|
29
29
|
|
|
30
30
|
filter = FilterTable.create
|
|
31
|
-
filter.register_column(:zone,
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
31
|
+
filter.register_column(:zone, field: "zone")
|
|
32
|
+
.register_column(:interfaces, field: "interfaces")
|
|
33
|
+
.register_column(:sources, field: "sources")
|
|
34
|
+
.register_column(:services, field: "services")
|
|
35
35
|
|
|
36
36
|
filter.install_filter_methods_on_resource(self, :params)
|
|
37
37
|
|
|
@@ -45,12 +45,14 @@ module Inspec::Resources
|
|
|
45
45
|
|
|
46
46
|
def has_zone?(query_zone)
|
|
47
47
|
return false unless installed?
|
|
48
|
+
|
|
48
49
|
result = firewalld_command("--get-zones").split(" ")
|
|
49
50
|
result.include?(query_zone)
|
|
50
51
|
end
|
|
51
52
|
|
|
52
53
|
def running?
|
|
53
54
|
return false unless installed?
|
|
55
|
+
|
|
54
56
|
result = firewalld_command("--state")
|
|
55
57
|
result =~ /^running/ ? true : false
|
|
56
58
|
end
|
|
@@ -135,6 +137,7 @@ module Inspec::Resources
|
|
|
135
137
|
if result.stderr != ""
|
|
136
138
|
return "Error on command #{command}: #{result.stderr}"
|
|
137
139
|
end
|
|
140
|
+
|
|
138
141
|
result.stdout.strip
|
|
139
142
|
end
|
|
140
143
|
end
|
|
@@ -49,10 +49,10 @@ module Inspec::Resources
|
|
|
49
49
|
|
|
50
50
|
filter = FilterTable.create
|
|
51
51
|
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
|
|
52
|
-
filter.register_column(:names,
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
52
|
+
filter.register_column(:names, field: "name")
|
|
53
|
+
.register_column(:gids, field: "gid")
|
|
54
|
+
.register_column(:domains, field: "domain")
|
|
55
|
+
.register_column(:members, field: "members", style: :simple)
|
|
56
56
|
filter.install_filter_methods_on_resource(self, :collect_group_details)
|
|
57
57
|
|
|
58
58
|
def to_s
|
|
@@ -64,6 +64,7 @@ module Inspec::Resources
|
|
|
64
64
|
# collects information about every group
|
|
65
65
|
def collect_group_details
|
|
66
66
|
return @groups_cache ||= @group_provider.groups unless @group_provider.nil?
|
|
67
|
+
|
|
67
68
|
[]
|
|
68
69
|
end
|
|
69
70
|
end
|
|
@@ -176,6 +177,7 @@ module Inspec::Resources
|
|
|
176
177
|
groups.each { |g| g["gid"] = g["gid"].to_i }
|
|
177
178
|
groups.each do |g|
|
|
178
179
|
next if g["users"].nil?
|
|
180
|
+
|
|
179
181
|
g["members"] = g.delete("users")
|
|
180
182
|
g["members"].tr!(" ", ",")
|
|
181
183
|
end
|
|
@@ -90,6 +90,7 @@ class GrubConfig < Inspec.resource(1)
|
|
|
90
90
|
lines = content.split("\n")
|
|
91
91
|
lines.each_with_index do |line, index|
|
|
92
92
|
next unless line =~ /^menuentry\s+.*/
|
|
93
|
+
|
|
93
94
|
entry = {}
|
|
94
95
|
entry["insmod"] = []
|
|
95
96
|
|
|
@@ -104,6 +105,7 @@ class GrubConfig < Inspec.resource(1)
|
|
|
104
105
|
# Begin processing from index forward until a `}` line is met
|
|
105
106
|
lines.drop(index + 1).each do |mline|
|
|
106
107
|
break if mline =~ /^\s*}\s*$/
|
|
108
|
+
|
|
107
109
|
case mline
|
|
108
110
|
when /(?:^|\s*)initrd.*/
|
|
109
111
|
entry["initrd"] = mline.split(" ")[1]
|
|
@@ -155,6 +157,7 @@ class GrubConfig < Inspec.resource(1)
|
|
|
155
157
|
kernel_opts = {}
|
|
156
158
|
lines.each_with_index do |file_line, index|
|
|
157
159
|
next unless file_line =~ /^title.*/
|
|
160
|
+
|
|
158
161
|
current_kernel = file_line.split(" ", 2)[1]
|
|
159
162
|
lines.drop(index + 1).each do |kernel_line|
|
|
160
163
|
if kernel_line =~ /^\s.*/
|
|
@@ -72,7 +72,7 @@ module Inspec::Resources
|
|
|
72
72
|
missing_requirements = @host_provider.missing_requirements(protocol)
|
|
73
73
|
unless missing_requirements.empty?
|
|
74
74
|
return skip_resource "The following requirements are not met for this resource: " \
|
|
75
|
-
"#{missing_requirements.join(
|
|
75
|
+
"#{missing_requirements.join(", ")}"
|
|
76
76
|
end
|
|
77
77
|
end
|
|
78
78
|
|
|
@@ -83,7 +83,7 @@ module Inspec::Resources
|
|
|
83
83
|
|
|
84
84
|
# if we get the IP address, the host is resolvable
|
|
85
85
|
def resolvable?(type = nil)
|
|
86
|
-
warn "The `host` resource ignores #{type} parameters. Continue to resolve host."
|
|
86
|
+
warn "The `host` resource ignores #{type} parameters. Continue to resolve host." unless type.nil?
|
|
87
87
|
resolve.nil? || resolve.empty? ? false : true
|
|
88
88
|
end
|
|
89
89
|
|
|
@@ -131,7 +131,8 @@ module Inspec::Resources
|
|
|
131
131
|
|
|
132
132
|
def resolve
|
|
133
133
|
return @ip_cache if defined?(@ip_cache)
|
|
134
|
-
|
|
134
|
+
|
|
135
|
+
@ip_cache = @host_provider.resolve(hostname) unless @host_provider.nil?
|
|
135
136
|
end
|
|
136
137
|
end
|
|
137
138
|
|
|
@@ -248,6 +249,7 @@ module Inspec::Resources
|
|
|
248
249
|
cmd.stdout.lines.each do |line|
|
|
249
250
|
ip, = line.split(/\s+/, 2)
|
|
250
251
|
next unless ip.match(Resolv::IPv4::Regex) || ip.match(Resolv::IPv6::Regex)
|
|
252
|
+
|
|
251
253
|
addresses << ip unless addresses.include?(ip)
|
|
252
254
|
end
|
|
253
255
|
|
|
@@ -35,8 +35,8 @@ module Inspec::Resources
|
|
|
35
35
|
# profiles.
|
|
36
36
|
if opts.key?(:enable_remote_worker) && !inspec.local_transport?
|
|
37
37
|
warn "Ignoring `enable_remote_worker` option, the `http` resource ",
|
|
38
|
-
|
|
39
|
-
|
|
38
|
+
"remote worker is enabled by default for remote targets and ",
|
|
39
|
+
"cannot be disabled"
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
# Run locally if InSpec is ran locally and remotely if ran remotely
|
|
@@ -138,6 +138,7 @@ module Inspec::Resources
|
|
|
138
138
|
|
|
139
139
|
def response
|
|
140
140
|
return @response if @response
|
|
141
|
+
|
|
141
142
|
conn = Faraday.new(url: url, headers: request_headers, params: params, ssl: { verify: ssl_verify? }) do |builder|
|
|
142
143
|
builder.request :url_encoded
|
|
143
144
|
builder.use FaradayMiddleware::FollowRedirects, limit: max_redirects if max_redirects > 0
|
|
@@ -163,7 +164,7 @@ module Inspec::Resources
|
|
|
163
164
|
def initialize(inspec, http_method, url, opts)
|
|
164
165
|
unless inspec.command("curl").exist?
|
|
165
166
|
raise Inspec::Exceptions::ResourceSkipped,
|
|
166
|
-
|
|
167
|
+
"curl is not available on the target machine"
|
|
167
168
|
end
|
|
168
169
|
|
|
169
170
|
@ran_curl = false
|
|
@@ -203,6 +204,7 @@ module Inspec::Resources
|
|
|
203
204
|
prelude, remainder = response.split("\n\n", 2)
|
|
204
205
|
loop do
|
|
205
206
|
break unless remainder =~ %r{^HTTP/}
|
|
207
|
+
|
|
206
208
|
prelude, remainder = remainder.split("\n\n", 2)
|
|
207
209
|
end
|
|
208
210
|
@body = remainder
|
|
@@ -248,7 +250,7 @@ module Inspec::Resources
|
|
|
248
250
|
if params.nil?
|
|
249
251
|
cmd << "'#{url}'"
|
|
250
252
|
else
|
|
251
|
-
cmd << "'#{url}?#{params.map { |e| e.join(
|
|
253
|
+
cmd << "'#{url}?#{params.map { |e| e.join("=") }.join("&")}'"
|
|
252
254
|
end
|
|
253
255
|
|
|
254
256
|
cmd.join(" ")
|
|
@@ -117,7 +117,7 @@ class IisAppPool < Inspec.resource(1)
|
|
|
117
117
|
e32b: pool["enable32BitAppOnWin64"],
|
|
118
118
|
mode: pool["managedPipelineMode"],
|
|
119
119
|
processes: process_model["maxProcesses"],
|
|
120
|
-
timeout: "#{idle_timeout[
|
|
120
|
+
timeout: "#{idle_timeout["Hours"]}:#{idle_timeout["Minutes"]}:#{idle_timeout["Seconds"]}",
|
|
121
121
|
timeout_days: idle_timeout["Days"],
|
|
122
122
|
timeout_hours: idle_timeout["Hours"],
|
|
123
123
|
timeout_minutes: idle_timeout["Minutes"],
|