inspec 4.7.3 → 4.7.18
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/inspec.gemspec +1 -1
- data/lib/bundles/inspec-supermarket/api.rb +2 -1
- data/lib/bundles/inspec-supermarket/cli.rb +6 -6
- data/lib/bundles/inspec-supermarket/target.rb +1 -0
- data/lib/fetchers/git.rb +3 -1
- data/lib/fetchers/mock.rb +1 -0
- data/lib/fetchers/url.rb +6 -3
- data/lib/inspec/backend.rb +1 -0
- data/lib/inspec/base_cli.rb +4 -1
- data/lib/inspec/cli.rb +5 -4
- data/lib/inspec/config.rb +9 -1
- data/lib/inspec/control_eval_context.rb +1 -0
- data/lib/inspec/dependencies/cache.rb +1 -0
- data/lib/inspec/dependencies/dependency_set.rb +2 -0
- data/lib/inspec/dependencies/lockfile.rb +1 -0
- data/lib/inspec/dependencies/requirement.rb +8 -7
- data/lib/inspec/dependencies/resolver.rb +3 -3
- data/lib/inspec/describe.rb +1 -0
- data/lib/inspec/dsl.rb +1 -1
- data/lib/inspec/dsl_shared.rb +1 -1
- data/lib/inspec/env_printer.rb +4 -4
- data/lib/inspec/fetcher.rb +4 -2
- data/lib/inspec/file_provider.rb +18 -8
- data/lib/inspec/formatters/base.rb +5 -0
- data/lib/inspec/impact.rb +2 -0
- data/lib/inspec/input_registry.rb +14 -13
- data/lib/inspec/metadata.rb +6 -2
- data/lib/inspec/method_source.rb +1 -1
- data/lib/inspec/objects/control.rb +4 -1
- data/lib/inspec/objects/describe.rb +3 -1
- data/lib/inspec/objects/input.rb +6 -5
- data/lib/inspec/objects/list.rb +2 -0
- data/lib/inspec/objects/test.rb +3 -2
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +7 -0
- data/lib/inspec/plugin/v1/plugins.rb +4 -3
- data/lib/inspec/plugin/v1/registry.rb +3 -2
- data/lib/inspec/plugin/v2.rb +1 -0
- data/lib/inspec/plugin/v2/activator.rb +2 -0
- data/lib/inspec/plugin/v2/config_file.rb +4 -1
- data/lib/inspec/plugin/v2/filter.rb +1 -0
- data/lib/inspec/plugin/v2/installer.rb +9 -7
- data/lib/inspec/plugin/v2/loader.rb +2 -0
- data/lib/inspec/plugin/v2/plugin_base.rb +1 -0
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +2 -2
- data/lib/inspec/plugin/v2/registry.rb +3 -1
- data/lib/inspec/profile.rb +13 -6
- data/lib/inspec/profile_context.rb +4 -2
- data/lib/inspec/reporters/cli.rb +14 -10
- data/lib/inspec/reporters/json.rb +1 -0
- data/lib/inspec/reporters/json_automate.rb +3 -0
- data/lib/inspec/reporters/json_min.rb +2 -0
- data/lib/inspec/resource.rb +2 -0
- data/lib/inspec/resources/aide_conf.rb +4 -3
- data/lib/inspec/resources/apache_conf.rb +1 -1
- data/lib/inspec/resources/apt.rb +2 -0
- data/lib/inspec/resources/auditd.rb +19 -18
- data/lib/inspec/resources/bridge.rb +5 -2
- data/lib/inspec/resources/chocolatey_package.rb +2 -0
- data/lib/inspec/resources/command.rb +1 -1
- data/lib/inspec/resources/crontab.rb +9 -8
- data/lib/inspec/resources/csv.rb +1 -1
- data/lib/inspec/resources/dh_params.rb +6 -0
- data/lib/inspec/resources/docker.rb +37 -34
- data/lib/inspec/resources/docker_container.rb +1 -0
- data/lib/inspec/resources/docker_image.rb +1 -0
- data/lib/inspec/resources/docker_plugin.rb +1 -0
- data/lib/inspec/resources/docker_service.rb +1 -0
- data/lib/inspec/resources/elasticsearch.rb +24 -24
- data/lib/inspec/resources/etc_fstab.rb +8 -7
- data/lib/inspec/resources/etc_group.rb +4 -0
- data/lib/inspec/resources/etc_hosts.rb +4 -4
- data/lib/inspec/resources/etc_hosts_allow_deny.rb +5 -3
- data/lib/inspec/resources/file.rb +4 -1
- data/lib/inspec/resources/filesystem.rb +5 -3
- data/lib/inspec/resources/firewalld.rb +7 -4
- data/lib/inspec/resources/groups.rb +6 -4
- data/lib/inspec/resources/grub_conf.rb +3 -0
- data/lib/inspec/resources/host.rb +5 -3
- data/lib/inspec/resources/http.rb +6 -4
- data/lib/inspec/resources/iis_app.rb +1 -0
- data/lib/inspec/resources/iis_app_pool.rb +1 -1
- data/lib/inspec/resources/iis_site.rb +4 -3
- data/lib/inspec/resources/interface.rb +10 -7
- data/lib/inspec/resources/json.rb +1 -1
- data/lib/inspec/resources/kernel_module.rb +1 -1
- data/lib/inspec/resources/kernel_parameter.rb +2 -1
- data/lib/inspec/resources/key_rsa.rb +5 -0
- data/lib/inspec/resources/mount.rb +3 -1
- data/lib/inspec/resources/mysql_conf.rb +3 -1
- data/lib/inspec/resources/mysql_session.rb +2 -0
- data/lib/inspec/resources/nginx.rb +1 -0
- data/lib/inspec/resources/nginx_conf.rb +10 -6
- data/lib/inspec/resources/ntp_conf.rb +1 -0
- data/lib/inspec/resources/oneget.rb +1 -1
- data/lib/inspec/resources/oracledb_session.rb +4 -2
- data/lib/inspec/resources/os_env.rb +1 -0
- data/lib/inspec/resources/package.rb +10 -6
- data/lib/inspec/resources/packages.rb +7 -5
- data/lib/inspec/resources/passwd.rb +7 -7
- data/lib/inspec/resources/pip.rb +2 -0
- data/lib/inspec/resources/port.rb +22 -8
- data/lib/inspec/resources/postgres.rb +2 -1
- data/lib/inspec/resources/postgres_conf.rb +2 -0
- data/lib/inspec/resources/postgres_hba_conf.rb +6 -6
- data/lib/inspec/resources/postgres_ident_conf.rb +3 -3
- data/lib/inspec/resources/processes.rb +16 -15
- data/lib/inspec/resources/rabbitmq_config.rb +2 -0
- data/lib/inspec/resources/registry_key.rb +8 -3
- data/lib/inspec/resources/security_identifier.rb +3 -1
- data/lib/inspec/resources/security_policy.rb +2 -1
- data/lib/inspec/resources/service.rb +13 -1
- data/lib/inspec/resources/shadow.rb +1 -0
- data/lib/inspec/resources/ssh_config.rb +2 -0
- data/lib/inspec/resources/ssl.rb +12 -11
- data/lib/inspec/resources/users.rb +29 -19
- data/lib/inspec/resources/virtualization.rb +10 -0
- data/lib/inspec/resources/windows_feature.rb +1 -1
- data/lib/inspec/resources/windows_hotfix.rb +2 -0
- data/lib/inspec/resources/windows_task.rb +4 -0
- data/lib/inspec/resources/wmi.rb +2 -1
- data/lib/inspec/resources/x509_certificate.rb +8 -0
- data/lib/inspec/resources/xinetd_conf.rb +10 -9
- data/lib/inspec/resources/yum.rb +15 -11
- data/lib/inspec/resources/zfs_dataset.rb +4 -2
- data/lib/inspec/resources/zfs_pool.rb +2 -1
- data/lib/inspec/rule.rb +11 -1
- data/lib/inspec/runner.rb +9 -6
- data/lib/inspec/runner_rspec.rb +10 -8
- data/lib/inspec/schema.rb +1 -0
- data/lib/inspec/secrets.rb +1 -0
- data/lib/inspec/secrets/yaml.rb +1 -0
- data/lib/inspec/shell.rb +20 -19
- data/lib/inspec/shell_detector.rb +1 -1
- data/lib/inspec/source_reader.rb +2 -0
- data/lib/inspec/ui.rb +1 -0
- data/lib/inspec/utils/deprecation/config_file.rb +8 -4
- data/lib/inspec/utils/erlang_parser.rb +2 -0
- data/lib/inspec/utils/file_reader.rb +1 -1
- data/lib/inspec/utils/filter.rb +16 -3
- data/lib/inspec/utils/find_files.rb +2 -2
- data/lib/inspec/utils/object_traversal.rb +1 -0
- data/lib/inspec/utils/parser.rb +2 -0
- data/lib/inspec/utils/simpleconfig.rb +4 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +4 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +12 -11
- data/lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb +3 -3
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +15 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +4 -2
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +13 -12
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +3 -0
- data/lib/plugins/inspec-compliance/test/unit/api_test.rb +28 -28
- data/lib/plugins/inspec-compliance/test/unit/target_test.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +1 -1
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +7 -6
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +2 -2
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +1 -0
- data/lib/plugins/inspec-init/test/functional/inspec_init_plugin_test.rb +12 -10
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +6 -5
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +1 -0
- data/lib/plugins/shared/core_plugin_test_helper.rb +1 -0
- data/lib/resource_support/aws/aws_resource_mixin.rb +3 -2
- data/lib/resources/aws/aws_billing_report.rb +1 -1
- data/lib/resources/aws/aws_billing_reports.rb +8 -7
- data/lib/resources/aws/aws_cloudtrail_trail.rb +1 -1
- data/lib/resources/aws/aws_cloudtrail_trails.rb +1 -0
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +4 -3
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +2 -1
- data/lib/resources/aws/aws_config_delivery_channel.rb +1 -1
- data/lib/resources/aws/aws_config_recorder.rb +2 -0
- data/lib/resources/aws/aws_ebs_volume.rb +1 -0
- data/lib/resources/aws/aws_ebs_volumes.rb +2 -0
- data/lib/resources/aws/aws_ec2_instance.rb +2 -0
- data/lib/resources/aws/aws_ec2_instances.rb +2 -0
- data/lib/resources/aws/aws_ecs_cluster.rb +2 -2
- data/lib/resources/aws/aws_eks_cluster.rb +3 -3
- data/lib/resources/aws/aws_elb.rb +2 -2
- data/lib/resources/aws/aws_elbs.rb +14 -12
- data/lib/resources/aws/aws_flow_log.rb +2 -2
- data/lib/resources/aws/aws_iam_access_key.rb +3 -1
- data/lib/resources/aws/aws_iam_access_keys.rb +18 -16
- data/lib/resources/aws/aws_iam_groups.rb +1 -0
- data/lib/resources/aws/aws_iam_password_policy.rb +9 -7
- data/lib/resources/aws/aws_iam_policies.rb +2 -1
- data/lib/resources/aws/aws_iam_policy.rb +10 -1
- data/lib/resources/aws/aws_iam_role.rb +1 -0
- data/lib/resources/aws/aws_iam_user.rb +5 -2
- data/lib/resources/aws/aws_iam_users.rb +12 -11
- data/lib/resources/aws/aws_kms_key.rb +2 -2
- data/lib/resources/aws/aws_kms_keys.rb +3 -1
- data/lib/resources/aws/aws_route_table.rb +2 -2
- data/lib/resources/aws/aws_route_tables.rb +2 -1
- data/lib/resources/aws/aws_s3_bucket.rb +5 -3
- data/lib/resources/aws/aws_s3_bucket_object.rb +3 -1
- data/lib/resources/aws/aws_s3_buckets.rb +1 -0
- data/lib/resources/aws/aws_security_group.rb +20 -9
- data/lib/resources/aws/aws_security_groups.rb +1 -0
- data/lib/resources/aws/aws_sns_subscription.rb +1 -1
- data/lib/resources/aws/aws_sns_topics.rb +2 -0
- data/lib/resources/aws/aws_subnet.rb +2 -2
- data/lib/resources/aws/aws_subnets.rb +4 -3
- data/lib/resources/aws/aws_vpc.rb +1 -1
- data/lib/resources/aws/aws_vpcs.rb +3 -2
- data/lib/resources/azure/azure_generic_resource.rb +4 -4
- data/lib/resources/azure/azure_resource_group.rb +1 -0
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +13 -12
- data/lib/source_readers/flat.rb +1 -0
- data/lib/source_readers/inspec.rb +1 -0
- metadata +2 -2
@@ -74,6 +74,7 @@ module Inspec::Resources
|
|
74
74
|
|
75
75
|
def object_info
|
76
76
|
return @info if defined?(@info)
|
77
|
+
|
77
78
|
opts = @opts
|
78
79
|
@info = inspec.docker.images.where do
|
79
80
|
(repository == opts[:repo] && tag == opts[:tag]) || (!id.nil? && !opts[:id].nil? && (id == opts[:id] || id.start_with?(opts[:id])))
|
@@ -81,6 +81,7 @@ module Inspec::Resources
|
|
81
81
|
|
82
82
|
def object_info
|
83
83
|
return @info if defined?(@info)
|
84
|
+
|
84
85
|
opts = @opts
|
85
86
|
@info = inspec.docker.services.where do
|
86
87
|
name == opts[:name] || image == opts[:image] || (!id.nil? && !opts[:id].nil? && (id == opts[:id] || id.start_with?(opts[:id])))
|
@@ -24,29 +24,29 @@ module Inspec::Resources
|
|
24
24
|
filter = FilterTable.create
|
25
25
|
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
|
26
26
|
filter.register_column(:cluster_name, field: "cluster_name")
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
27
|
+
.register_column(:node_name, field: "name")
|
28
|
+
.register_column(:transport_address, field: "transport_address")
|
29
|
+
.register_column(:host, field: "host")
|
30
|
+
.register_column(:ip, field: "ip")
|
31
|
+
.register_column(:version, field: "version")
|
32
|
+
.register_column(:build_hash, field: "build_hash")
|
33
|
+
.register_column(:total_indexing_buffer, field: "total_indexing_buffer")
|
34
|
+
.register_column(:roles, field: "roles")
|
35
|
+
.register_column(:settings, field: "settings")
|
36
|
+
.register_column(:os, field: "os")
|
37
|
+
.register_column(:process, field: "process")
|
38
|
+
.register_column(:jvm, field: "jvm")
|
39
|
+
.register_column(:transport, field: "transport")
|
40
|
+
.register_column(:http, field: "http")
|
41
|
+
.register_column(:plugins, field: "plugins")
|
42
|
+
.register_column(:plugin_list, field: "plugin_list")
|
43
|
+
.register_column(:modules, field: "modules")
|
44
|
+
.register_column(:module_list, field: "module_list")
|
45
|
+
.register_column(:node_id, field: "node_id")
|
46
|
+
.register_column(:ingest, field: "ingest")
|
47
|
+
.register_custom_property(:node_count) do |t, _|
|
48
|
+
t.entries.length
|
49
|
+
end
|
50
50
|
|
51
51
|
filter.install_filter_methods_on_resource(self, :nodes)
|
52
52
|
|
@@ -156,7 +156,7 @@ module Inspec::Resources
|
|
156
156
|
|
157
157
|
def verify_json_payload!(content)
|
158
158
|
unless content["error"].nil?
|
159
|
-
raise "#{content[
|
159
|
+
raise "#{content["error"]["type"]}: #{content["error"]["reason"]}"
|
160
160
|
end
|
161
161
|
|
162
162
|
raise "No successful nodes available in cluster" if content["_nodes"]["successful"] == 0
|
@@ -37,13 +37,13 @@ module Inspec::Resources
|
|
37
37
|
end
|
38
38
|
|
39
39
|
filter = FilterTable.create
|
40
|
-
filter.register_column(:device_name,
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
40
|
+
filter.register_column(:device_name, field: "device_name")
|
41
|
+
.register_column(:mount_point, field: "mount_point")
|
42
|
+
.register_column(:file_system_type, field: "file_system_type")
|
43
|
+
.register_column(:mount_options, field: "mount_options")
|
44
|
+
.register_column(:dump_options, field: "dump_options")
|
45
|
+
.register_column(:file_system_options, field: "file_system_options")
|
46
|
+
.register_custom_matcher(:configured?) { |x| x.entries.any? }
|
47
47
|
|
48
48
|
filter.install_filter_methods_on_resource(self, :params)
|
49
49
|
|
@@ -53,6 +53,7 @@ module Inspec::Resources
|
|
53
53
|
|
54
54
|
def home_mount_options
|
55
55
|
return nil unless where { mount_point == "/home" }.configured?
|
56
|
+
|
56
57
|
where { mount_point == "/home" }.entries[0].mount_options
|
57
58
|
end
|
58
59
|
|
@@ -56,6 +56,7 @@ module Inspec::Resources
|
|
56
56
|
def users(filter = nil)
|
57
57
|
entries = filter || @entries
|
58
58
|
return nil if entries.nil?
|
59
|
+
|
59
60
|
# filter the user entry
|
60
61
|
res = entries.map do |x|
|
61
62
|
x["members"].split(",") if !x.nil? && !x["members"].nil?
|
@@ -66,6 +67,7 @@ module Inspec::Resources
|
|
66
67
|
|
67
68
|
def where(conditions = {})
|
68
69
|
return if conditions.empty?
|
70
|
+
|
69
71
|
fields = {
|
70
72
|
name: "name",
|
71
73
|
group_name: "name",
|
@@ -81,6 +83,7 @@ module Inspec::Resources
|
|
81
83
|
conditions.each do |k, v|
|
82
84
|
idx = fields[k.to_sym]
|
83
85
|
next if idx.nil?
|
86
|
+
|
84
87
|
res = res.select { |x| x[idx].to_s == v.to_s }
|
85
88
|
end
|
86
89
|
end
|
@@ -113,6 +116,7 @@ module Inspec::Resources
|
|
113
116
|
x = line.split(":")
|
114
117
|
# abort if we have an empty or comment line
|
115
118
|
return nil if x.empty?
|
119
|
+
|
116
120
|
# map data
|
117
121
|
{
|
118
122
|
"name" => x.at(0), # Name of the group.
|
@@ -31,10 +31,10 @@ class EtcHosts < Inspec.resource(1)
|
|
31
31
|
end
|
32
32
|
|
33
33
|
FilterTable.create
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
34
|
+
.register_column(:ip_address, field: "ip_address")
|
35
|
+
.register_column(:primary_name, field: "primary_name")
|
36
|
+
.register_column(:all_host_names, field: "all_host_names")
|
37
|
+
.install_filter_methods_on_resource(self, :params)
|
38
38
|
|
39
39
|
private
|
40
40
|
|
@@ -27,9 +27,9 @@ module Inspec::Resources
|
|
27
27
|
end
|
28
28
|
|
29
29
|
filter = FilterTable.create
|
30
|
-
filter.register_column(:daemon,
|
31
|
-
|
32
|
-
|
30
|
+
filter.register_column(:daemon, field: "daemon")
|
31
|
+
.register_column(:client_list, field: "client_list")
|
32
|
+
.register_column(:options, field: "options")
|
33
33
|
|
34
34
|
filter.install_filter_methods_on_resource(self, :params)
|
35
35
|
|
@@ -47,6 +47,7 @@ module Inspec::Resources
|
|
47
47
|
content.each do |line|
|
48
48
|
data, = parse_comment_line(line, comment_char: "#", standalone_comments: false)
|
49
49
|
next unless data != ""
|
50
|
+
|
50
51
|
data.split(":")[0].split(",").each do |daemon|
|
51
52
|
split_daemons_list.push("#{daemon} : " + line.split(":", 2)[1])
|
52
53
|
end
|
@@ -98,6 +99,7 @@ module Inspec::Resources
|
|
98
99
|
|
99
100
|
def initialize(path = nil)
|
100
101
|
return skip_resource "`etc_hosts_deny` is not supported on your OS" unless inspec.os.linux?
|
102
|
+
|
101
103
|
super(path || "/etc/hosts.deny")
|
102
104
|
end
|
103
105
|
|
@@ -57,6 +57,7 @@ module Inspec::Resources
|
|
57
57
|
def content
|
58
58
|
res = file.content
|
59
59
|
return nil if res.nil?
|
60
|
+
|
60
61
|
res.force_encoding("utf-8")
|
61
62
|
end
|
62
63
|
|
@@ -102,7 +103,7 @@ module Inspec::Resources
|
|
102
103
|
Inspec.deprecate(:file_resource_be_mounted_matchers, "The file resource `be_mounted.with` and `be_mounted.only_with` matchers are deprecated. Please use the `mount` resource instead")
|
103
104
|
|
104
105
|
# we cannot read mount data on non-Linux systems
|
105
|
-
return nil
|
106
|
+
return nil unless inspec.os.linux?
|
106
107
|
|
107
108
|
# parse content if we are on linux
|
108
109
|
@mount_options ||= parse_mount_options(mounted.stdout, true)
|
@@ -171,6 +172,7 @@ module Inspec::Resources
|
|
171
172
|
|
172
173
|
def file_permission_granted?(access_type, by_usergroup, by_specific_user)
|
173
174
|
raise "`file_permission_granted?` is not supported on your OS" if @perms_provider.nil?
|
175
|
+
|
174
176
|
if by_specific_user.nil? || by_specific_user.empty?
|
175
177
|
@perms_provider.check_file_permission_by_mask(file, access_type, by_usergroup, by_specific_user)
|
176
178
|
else
|
@@ -215,6 +217,7 @@ module Inspec::Resources
|
|
215
217
|
flag = permission_flag(access_type)
|
216
218
|
mask = file.unix_mode_mask(usergroup, flag)
|
217
219
|
raise "Invalid usergroup/owner provided" if mask.nil?
|
220
|
+
|
218
221
|
(file.mode & mask) != 0
|
219
222
|
end
|
220
223
|
|
@@ -39,8 +39,9 @@ module Inspec::Resources
|
|
39
39
|
end
|
40
40
|
|
41
41
|
def info
|
42
|
-
return @cache
|
42
|
+
return @cache unless @cache.nil?
|
43
43
|
return {} if @fsman.nil?
|
44
|
+
|
44
45
|
@cache = @fsman.info(@partition)
|
45
46
|
end
|
46
47
|
|
@@ -119,12 +120,13 @@ module Inspec::Resources
|
|
119
120
|
EOF
|
120
121
|
|
121
122
|
raise Inspec::Exceptions::ResourceSkipped, "Unable to get available space for partition #{partition}" if cmd.stdout == "" || cmd.exit_status.to_i != 0
|
123
|
+
|
122
124
|
begin
|
123
125
|
fs = JSON.parse(cmd.stdout)
|
124
126
|
rescue JSON::ParserError => e
|
125
127
|
raise Inspec::Exceptions::ResourceFailed,
|
126
|
-
|
127
|
-
|
128
|
+
"Failed to parse JSON from Powershell. " \
|
129
|
+
"Error: #{e}"
|
128
130
|
end
|
129
131
|
{
|
130
132
|
name: fs["DeviceID"],
|
@@ -28,10 +28,10 @@ module Inspec::Resources
|
|
28
28
|
attr_reader :params
|
29
29
|
|
30
30
|
filter = FilterTable.create
|
31
|
-
filter.register_column(:zone,
|
32
|
-
|
33
|
-
|
34
|
-
|
31
|
+
filter.register_column(:zone, field: "zone")
|
32
|
+
.register_column(:interfaces, field: "interfaces")
|
33
|
+
.register_column(:sources, field: "sources")
|
34
|
+
.register_column(:services, field: "services")
|
35
35
|
|
36
36
|
filter.install_filter_methods_on_resource(self, :params)
|
37
37
|
|
@@ -45,12 +45,14 @@ module Inspec::Resources
|
|
45
45
|
|
46
46
|
def has_zone?(query_zone)
|
47
47
|
return false unless installed?
|
48
|
+
|
48
49
|
result = firewalld_command("--get-zones").split(" ")
|
49
50
|
result.include?(query_zone)
|
50
51
|
end
|
51
52
|
|
52
53
|
def running?
|
53
54
|
return false unless installed?
|
55
|
+
|
54
56
|
result = firewalld_command("--state")
|
55
57
|
result =~ /^running/ ? true : false
|
56
58
|
end
|
@@ -135,6 +137,7 @@ module Inspec::Resources
|
|
135
137
|
if result.stderr != ""
|
136
138
|
return "Error on command #{command}: #{result.stderr}"
|
137
139
|
end
|
140
|
+
|
138
141
|
result.stdout.strip
|
139
142
|
end
|
140
143
|
end
|
@@ -49,10 +49,10 @@ module Inspec::Resources
|
|
49
49
|
|
50
50
|
filter = FilterTable.create
|
51
51
|
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
|
52
|
-
filter.register_column(:names,
|
53
|
-
|
54
|
-
|
55
|
-
|
52
|
+
filter.register_column(:names, field: "name")
|
53
|
+
.register_column(:gids, field: "gid")
|
54
|
+
.register_column(:domains, field: "domain")
|
55
|
+
.register_column(:members, field: "members", style: :simple)
|
56
56
|
filter.install_filter_methods_on_resource(self, :collect_group_details)
|
57
57
|
|
58
58
|
def to_s
|
@@ -64,6 +64,7 @@ module Inspec::Resources
|
|
64
64
|
# collects information about every group
|
65
65
|
def collect_group_details
|
66
66
|
return @groups_cache ||= @group_provider.groups unless @group_provider.nil?
|
67
|
+
|
67
68
|
[]
|
68
69
|
end
|
69
70
|
end
|
@@ -176,6 +177,7 @@ module Inspec::Resources
|
|
176
177
|
groups.each { |g| g["gid"] = g["gid"].to_i }
|
177
178
|
groups.each do |g|
|
178
179
|
next if g["users"].nil?
|
180
|
+
|
179
181
|
g["members"] = g.delete("users")
|
180
182
|
g["members"].tr!(" ", ",")
|
181
183
|
end
|
@@ -90,6 +90,7 @@ class GrubConfig < Inspec.resource(1)
|
|
90
90
|
lines = content.split("\n")
|
91
91
|
lines.each_with_index do |line, index|
|
92
92
|
next unless line =~ /^menuentry\s+.*/
|
93
|
+
|
93
94
|
entry = {}
|
94
95
|
entry["insmod"] = []
|
95
96
|
|
@@ -104,6 +105,7 @@ class GrubConfig < Inspec.resource(1)
|
|
104
105
|
# Begin processing from index forward until a `}` line is met
|
105
106
|
lines.drop(index + 1).each do |mline|
|
106
107
|
break if mline =~ /^\s*}\s*$/
|
108
|
+
|
107
109
|
case mline
|
108
110
|
when /(?:^|\s*)initrd.*/
|
109
111
|
entry["initrd"] = mline.split(" ")[1]
|
@@ -155,6 +157,7 @@ class GrubConfig < Inspec.resource(1)
|
|
155
157
|
kernel_opts = {}
|
156
158
|
lines.each_with_index do |file_line, index|
|
157
159
|
next unless file_line =~ /^title.*/
|
160
|
+
|
158
161
|
current_kernel = file_line.split(" ", 2)[1]
|
159
162
|
lines.drop(index + 1).each do |kernel_line|
|
160
163
|
if kernel_line =~ /^\s.*/
|
@@ -72,7 +72,7 @@ module Inspec::Resources
|
|
72
72
|
missing_requirements = @host_provider.missing_requirements(protocol)
|
73
73
|
unless missing_requirements.empty?
|
74
74
|
return skip_resource "The following requirements are not met for this resource: " \
|
75
|
-
"#{missing_requirements.join(
|
75
|
+
"#{missing_requirements.join(", ")}"
|
76
76
|
end
|
77
77
|
end
|
78
78
|
|
@@ -83,7 +83,7 @@ module Inspec::Resources
|
|
83
83
|
|
84
84
|
# if we get the IP address, the host is resolvable
|
85
85
|
def resolvable?(type = nil)
|
86
|
-
warn "The `host` resource ignores #{type} parameters. Continue to resolve host."
|
86
|
+
warn "The `host` resource ignores #{type} parameters. Continue to resolve host." unless type.nil?
|
87
87
|
resolve.nil? || resolve.empty? ? false : true
|
88
88
|
end
|
89
89
|
|
@@ -131,7 +131,8 @@ module Inspec::Resources
|
|
131
131
|
|
132
132
|
def resolve
|
133
133
|
return @ip_cache if defined?(@ip_cache)
|
134
|
-
|
134
|
+
|
135
|
+
@ip_cache = @host_provider.resolve(hostname) unless @host_provider.nil?
|
135
136
|
end
|
136
137
|
end
|
137
138
|
|
@@ -248,6 +249,7 @@ module Inspec::Resources
|
|
248
249
|
cmd.stdout.lines.each do |line|
|
249
250
|
ip, = line.split(/\s+/, 2)
|
250
251
|
next unless ip.match(Resolv::IPv4::Regex) || ip.match(Resolv::IPv6::Regex)
|
252
|
+
|
251
253
|
addresses << ip unless addresses.include?(ip)
|
252
254
|
end
|
253
255
|
|
@@ -35,8 +35,8 @@ module Inspec::Resources
|
|
35
35
|
# profiles.
|
36
36
|
if opts.key?(:enable_remote_worker) && !inspec.local_transport?
|
37
37
|
warn "Ignoring `enable_remote_worker` option, the `http` resource ",
|
38
|
-
|
39
|
-
|
38
|
+
"remote worker is enabled by default for remote targets and ",
|
39
|
+
"cannot be disabled"
|
40
40
|
end
|
41
41
|
|
42
42
|
# Run locally if InSpec is ran locally and remotely if ran remotely
|
@@ -138,6 +138,7 @@ module Inspec::Resources
|
|
138
138
|
|
139
139
|
def response
|
140
140
|
return @response if @response
|
141
|
+
|
141
142
|
conn = Faraday.new(url: url, headers: request_headers, params: params, ssl: { verify: ssl_verify? }) do |builder|
|
142
143
|
builder.request :url_encoded
|
143
144
|
builder.use FaradayMiddleware::FollowRedirects, limit: max_redirects if max_redirects > 0
|
@@ -163,7 +164,7 @@ module Inspec::Resources
|
|
163
164
|
def initialize(inspec, http_method, url, opts)
|
164
165
|
unless inspec.command("curl").exist?
|
165
166
|
raise Inspec::Exceptions::ResourceSkipped,
|
166
|
-
|
167
|
+
"curl is not available on the target machine"
|
167
168
|
end
|
168
169
|
|
169
170
|
@ran_curl = false
|
@@ -203,6 +204,7 @@ module Inspec::Resources
|
|
203
204
|
prelude, remainder = response.split("\n\n", 2)
|
204
205
|
loop do
|
205
206
|
break unless remainder =~ %r{^HTTP/}
|
207
|
+
|
206
208
|
prelude, remainder = remainder.split("\n\n", 2)
|
207
209
|
end
|
208
210
|
@body = remainder
|
@@ -248,7 +250,7 @@ module Inspec::Resources
|
|
248
250
|
if params.nil?
|
249
251
|
cmd << "'#{url}'"
|
250
252
|
else
|
251
|
-
cmd << "'#{url}?#{params.map { |e| e.join(
|
253
|
+
cmd << "'#{url}?#{params.map { |e| e.join("=") }.join("&")}'"
|
252
254
|
end
|
253
255
|
|
254
256
|
cmd.join(" ")
|
@@ -117,7 +117,7 @@ class IisAppPool < Inspec.resource(1)
|
|
117
117
|
e32b: pool["enable32BitAppOnWin64"],
|
118
118
|
mode: pool["managedPipelineMode"],
|
119
119
|
processes: process_model["maxProcesses"],
|
120
|
-
timeout: "#{idle_timeout[
|
120
|
+
timeout: "#{idle_timeout["Hours"]}:#{idle_timeout["Minutes"]}:#{idle_timeout["Seconds"]}",
|
121
121
|
timeout_days: idle_timeout["Days"],
|
122
122
|
timeout_hours: idle_timeout["Hours"],
|
123
123
|
timeout_minutes: idle_timeout["Minutes"],
|