inspec 4.7.3 → 4.7.18

data/lib/inspec/resources/pip.rb

@@ -88,6 +88,7 @@ module Inspec::Resources
     # @return [Hash] of windows_paths
     def windows_paths
       return @__windows_paths if @__windows_paths
+
       cmd = inspec.command(
         'New-Object -Type PSObject |
          Add-Member -MemberType NoteProperty -Name Pip -Value (Invoke-Command -ScriptBlock {where.exe pip}) -PassThru |
@@ -115,6 +116,7 @@ module Inspec::Resources
         # calculate path on windows
         if defined?(windows_paths["Python"]) && pipcmd.nil?
           return nil if windows_paths["Pip"].nil?
+
           pipdir = windows_paths["Python"].split('\\')
           # remove python.exe
           pipdir.pop

data/lib/inspec/resources/port.rb

@@ -37,12 +37,12 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.register_column(:ports,     field: "port", style: :simple)
-          .register_column(:addresses, field: "address", style: :simple)
-          .register_column(:protocols, field: "protocol", style: :simple)
-          .register_column(:processes, field: "process", style: :simple)
-          .register_column(:pids,      field: "pid", style: :simple)
-          .register_custom_matcher(:listening?) { |x| !x.entries.empty? }
+    filter.register_column(:ports, field: "port", style: :simple)
+      .register_column(:addresses, field: "address", style: :simple)
+      .register_column(:protocols, field: "protocol", style: :simple)
+      .register_column(:processes, field: "process", style: :simple)
+      .register_column(:pids,      field: "pid", style: :simple)
+      .register_custom_matcher(:listening?) { |x| !x.entries.empty? }
     filter.install_filter_methods_on_resource(self, :info)
 
     def to_s
@@ -76,9 +76,10 @@ module Inspec::Resources
     end
 
     def info
-      return @cache if !@cache.nil?
+      return @cache unless @cache.nil?
       # abort if os detection has not worked
       return @cache = [] if @port_manager.nil?
+
       # query ports
       cache = @port_manager.info || []
       cache.select! { |x| x["port"] == @port } unless @port.nil?
@@ -141,6 +142,7 @@ module Inspec::Resources
       # also UDP ports have nothing in the State column
       cmd = inspec.command('netstat -anbo | Select-String  -CaseSensitive -pattern "^\s+UDP|\s+LISTENING\s+\d+$" -context 0,1')
       return nil if cmd.exit_status != 0
+
       lines = cmd.stdout.scan(/^>\s*(tcp\S*|udp\S*)\s+(\S+):(\d+)\s+(\S+)\s+(\S*)\s+(\d+)\s+(.+)/i)
       lines.map do |line|
         pid = line[5].to_i
@@ -170,7 +172,7 @@ module Inspec::Resources
       ports = []
 
       # check that lsof is available, otherwise fail
-      raise "Please ensure `lsof` is available on the machine." if !inspec.command(@lsof.to_s).exist?
+      raise "Please ensure `lsof` is available on the machine." unless inspec.command(@lsof.to_s).exist?
 
       # -F p=pid, c=command, P=protocol name, t=type, n=internet addresses
       # see 'OUTPUT FOR OTHER PROGRAMS' in LSOF(8)
@@ -270,6 +272,7 @@ module Inspec::Resources
 
     def ports_via_lsof
       return nil unless inspec.command("lsof").exist?
+
       LsofPorts.new(inspec).info
     end
 
@@ -286,6 +289,7 @@ module Inspec::Resources
 
         # only push protocols we are interested in
         next unless %w{tcp tcp6 udp udp6}.include?(port_info["protocol"])
+
         ports.push(port_info)
       end
 
@@ -313,6 +317,7 @@ module Inspec::Resources
       cmd = inspec.command("rmsock #{parsed[1]} tcpcb")
       parsed_pid = /^The socket (\S+) is being held by proccess (\d+) \((\S+)\)/.match(cmd.stdout)
       return {} if parsed_pid.nil?
+
       process = parsed_pid[3]
       pid = parsed_pid[2]
       pid = pid.to_i if pid =~ /^\d+$/
@@ -415,6 +420,7 @@ module Inspec::Resources
 
         # only push protocols we are interested in
         next unless %w{tcp tcp6 udp udp6}.include?(port_info["protocol"])
+
         ports.push(port_info)
       end
       ports
@@ -554,6 +560,7 @@ module Inspec::Resources
       #   fe80::a00:27ff:fe32:ed09%enp0s3:9200
       parsed_net_address = parsed[:local_addr].match(/(\S+):(\*|\d+)$/)
       return nil if parsed_net_address.nil?
+
       host = parsed_net_address[1]
       port = parsed_net_address[2]
       return nil if host.nil? && port.nil?
@@ -631,6 +638,7 @@ module Inspec::Resources
 
         # push data, if not headerfile
         next unless %w{tcp tcp6 udp udp6}.include?(port_info["protocol"])
+
         ports.push(port_info)
       end
       ports
@@ -646,6 +654,7 @@ module Inspec::Resources
         port = ip_addr.port
       when "tcp6", "udp6"
         return [] if net_addr == "*:*" # abort for now
+
         # replace * with 0:0:0:0:0:0:0:0
         net_addr = net_addr.gsub(/^\*:/, "0:0:0:0:0:0:0:0:") if net_addr =~ /^*:(\d+)$/
         # extract port
@@ -738,14 +747,17 @@ module Inspec::Resources
       ## Can't use 'netstat -an -f inet -f inet6' as the latter -f option overrides the former one and return only inet ports
       cmd1 = inspec.command("netstat -an -f inet")
       return nil if cmd1.exit_status.to_i != 0
+
       cmd2 = inspec.command("netstat -an -f inet6")
       return nil if cmd2.exit_status.to_i != 0
+
       cmd = cmd1.stdout + cmd2.stdout
       ports = []
       # parse all lines
       cmd.each_line do |line|
         port_info = parse_netstat_line(line)
         next unless %w{tcp tcp6 udp udp6}.include?(port_info["protocol"])
+
         ports.push(port_info)
       end
       # select all ports, where we `listen`
@@ -758,6 +770,7 @@ module Inspec::Resources
       parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)?/.match(line)
 
       return {} if parsed.nil? || line.match(/^proto/i) || line.match(/^active/i)
+
       protocol = parsed[1].downcase
       state = parsed[6].nil? ? " " : parsed[6].downcase
       local_addr = parsed[4]
@@ -765,6 +778,7 @@ module Inspec::Resources
       # extract host and port information
       host, port = parse_net_address(local_addr, protocol)
       return {} if host.nil?
+
       # map data
       {
         "port" => port,

data/lib/inspec/resources/postgres.rb

@@ -38,7 +38,7 @@ module Inspec::Resources
         # installed as well as multiple "clusters" to be configured.
         #
         @version = version_from_psql || version_from_dir("/etc/postgresql")
-        if !@version.to_s.empty?
+        unless @version.to_s.empty?
           @cluster = cluster_from_dir("/etc/postgresql/#{@version}")
           @conf_dir = "/etc/postgresql/#{@version}/#{@cluster}"
           @data_dir = "/var/lib/postgresql/#{@version}/#{@cluster}"
@@ -83,6 +83,7 @@ module Inspec::Resources
 
     def version_from_psql
       return unless inspec.command("psql").exist?
+
       inspec.command("psql --version | awk '{ print $NF }' | awk -F. '{ print $1\".\"$2 }'").stdout.strip
     end
 

data/lib/inspec/resources/postgres_conf.rb

@@ -27,6 +27,7 @@ module Inspec::Resources
       if @conf_path.nil?
         return skip_resource "PostgreSQL conf path is not set"
       end
+
       @conf_dir = File.expand_path(File.dirname(@conf_path))
       @files_contents = {}
       @content = nil
@@ -57,6 +58,7 @@ module Inspec::Resources
       return nil if param.nil?
       # extract first value if we have only one value in array
       return param[0] if param.length == 1
+
       param
     end
 

data/lib/inspec/resources/postgres_hba_conf.rb

@@ -26,12 +26,12 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.register_column(:type,     field: "type")
-          .register_column(:database, field: "database")
-          .register_column(:user,     field: "user")
-          .register_column(:address,  field: "address")
-          .register_column(:auth_method, field: "auth_method")
-          .register_column(:auth_params, field: "auth_params")
+    filter.register_column(:type, field: "type")
+      .register_column(:database, field: "database")
+      .register_column(:user,     field: "user")
+      .register_column(:address,  field: "address")
+      .register_column(:auth_method, field: "auth_method")
+      .register_column(:auth_params, field: "auth_params")
 
     filter.install_filter_methods_on_resource(self, :params)
 

data/lib/inspec/resources/postgres_ident_conf.rb

@@ -25,9 +25,9 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.register_column(:map_name,        field: "map_name")
-          .register_column(:system_username, field: "system_username")
-          .register_column(:pg_username,     field: "pg_username")
+    filter.register_column(:map_name, field: "map_name")
+      .register_column(:system_username, field: "system_username")
+      .register_column(:pg_username,     field: "pg_username")
 
     filter.install_filter_methods_on_resource(self, :params)
 

data/lib/inspec/resources/processes.rb

@@ -61,19 +61,19 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.register_column(:labels,   field: "label")
-          .register_column(:pids,     field: "pid")
-          .register_column(:cpus,     field: "cpu")
-          .register_column(:mem,      field: "mem")
-          .register_column(:vsz,      field: "vsz")
-          .register_column(:rss,      field: "rss")
-          .register_column(:tty,      field: "tty")
-          .register_column(:states,   field: "stat")
-          .register_column(:start,    field: "start")
-          .register_column(:time,     field: "time")
-          .register_column(:users,    field: "user")
-          .register_column(:commands, field: "command")
-          .install_filter_methods_on_resource(self, :filtered_processes)
+    filter.register_column(:labels, field: "label")
+      .register_column(:pids,     field: "pid")
+      .register_column(:cpus,     field: "cpu")
+      .register_column(:mem,      field: "mem")
+      .register_column(:vsz,      field: "vsz")
+      .register_column(:rss,      field: "rss")
+      .register_column(:tty,      field: "tty")
+      .register_column(:states,   field: "stat")
+      .register_column(:start,    field: "start")
+      .register_column(:time,     field: "time")
+      .register_column(:users,    field: "user")
+      .register_column(:commands, field: "command")
+      .install_filter_methods_on_resource(self, :filtered_processes)
 
     private
 
@@ -193,7 +193,7 @@ module Inspec::Resources
 
         # build a hash of process data that we'll turn into a struct for FilterTable
         process_data = {}
-        [:label, :pid, :cpu, :mem, :vsz, :rss, :tty, :stat, :start, :time, :user, :command].each do |param|
+        %i{label pid cpu mem vsz rss tty stat start time user command}.each do |param|
           # not all operating systems support all fields, so skip the field if we don't have it
           process_data[param] = line[field_map[param]] if field_map.key?(param)
         end
@@ -202,8 +202,9 @@ module Inspec::Resources
         process_data[:pid] = process_data[:pid].to_i if process_data.key?(:pid)
 
         # some ps variants (*cough* busybox) display vsz and rss as human readable MB or GB
-        [:vsz, :rss].each do |param|
+        %i{vsz rss}.each do |param|
           next unless process_data.key?(param)
+
           process_data[param] = convert_to_kilobytes(process_data[param])
         end
 

data/lib/inspec/resources/rabbitmq_config.rb

@@ -36,12 +36,14 @@ module Inspec::Resources
 
     def read_content
       return @content if defined?(@content)
+
       @content = read_file_content(@conf_path, allow_empty: true)
     end
 
     def read_params
       return @params if defined?(@params)
       return @params = {} if read_content.nil?
+
       @params = ErlangConfigFile.parse(read_content)
     rescue Parslet::ParseFailed
       raise "Cannot parse RabbitMQ config: \"#{read_content}\""

data/lib/inspec/resources/registry_key.rb

@@ -71,7 +71,7 @@ module Inspec::Resources
         @options[:path] = reg_key
       end
 
-      return skip_resource "The `registry_key` resource is not supported on your OS yet." if !inspec.os.windows?
+      return skip_resource "The `registry_key` resource is not supported on your OS yet." unless inspec.os.windows?
     end
 
     def exists?
@@ -133,24 +133,28 @@ module Inspec::Resources
 
     def registry_property_exists(regkey, property)
       return false if regkey.nil? || property.nil?
+
       # always ensure the key is lower case
       !regkey[prep_prop(property)].nil?
     end
 
     def registry_property_value(regkey, property)
-      return nil if !registry_property_exists(regkey, property)
+      return nil unless registry_property_exists(regkey, property)
+
       # always ensure the key is lower case
       regkey[prep_prop(property)]["value"]
     end
 
     def registry_property_type(regkey, property)
-      return nil if !registry_property_exists(regkey, property)
+      return nil unless registry_property_exists(regkey, property)
+
       # always ensure the key is lower case
       regkey[prep_prop(property)]["type"]
     end
 
     def registry_key(path)
       return @registry_cache if defined?(@registry_cache)
+
       # load registry key and all properties
       script = <<-EOH
       Function InSpec-GetRegistryKey($path) {
@@ -199,6 +203,7 @@ module Inspec::Resources
 
     def children_keys(path, filter = "")
       return @children_cache if defined?(@children_cache)
+
       filter = filter.source if filter.is_a? ::Regexp
       script = <<-EOH
       Function InSpec-FindChildsRegistryKeys($path, $filter) {

data/lib/inspec/resources/security_identifier.rb

@@ -15,10 +15,11 @@ module Inspec::Resources
     EXAMPLE
 
     def initialize(opts = {})
-      supported_opt_keys = [:user, :group, :unspecified]
+      supported_opt_keys = %i{user group unspecified}
       raise ArgumentError, "Invalid security_identifier param '#{opts}'. Please pass a hash with these supported keys: #{supported_opt_keys}" unless opts.respond_to?(:keys)
       raise ArgumentError, "Unsupported security_identifier options '#{opts.keys - supported_opt_keys}'. Supported keys: #[supported_opt_keys]" unless (opts.keys - supported_opt_keys).empty?
       raise ArgumentError, "Specifying more than one of :user :group or :unspecified for security_identifier is not supported" unless opts.keys && (opts.keys & supported_opt_keys).length == 1
+
       if opts[:user]
         @type = :user
         @name = opts[:user]
@@ -32,6 +33,7 @@ module Inspec::Resources
         @name = opts[:unspecified]
       end
       raise ArgumentError, "Specify one of :user :group or :unspecified for security_identifier" unless @name
+
       @sids = nil
     end
 

data/lib/inspec/resources/security_policy.rb

@@ -104,6 +104,7 @@ module Inspec::Resources
 
       # return an empty array if configuration does not include rights configuration
       return [] if res.nil? && MS_PRIVILEGES_RIGHTS.include?(name.to_s)
+
       res
     end
 
@@ -153,7 +154,7 @@ module Inspec::Resources
       elsif val =~ /[,]{0,1}\*\S/
         if @translate_sid
           val.split(",").map do |v|
-            object_name = inspec.command("(New-Object System.Security.Principal.SecurityIdentifier(\"#{v.sub('*S', 'S')}\")).Translate( [System.Security.Principal.NTAccount]).Value").stdout.to_s.strip
+            object_name = inspec.command("(New-Object System.Security.Principal.SecurityIdentifier(\"#{v.sub("*S", "S")}\")).Translate( [System.Security.Principal.NTAccount]).Value").stdout.to_s.strip
             object_name.empty? || object_name.nil? ? v.sub("*S", "S") : object_name
           end
         else

data/lib/inspec/resources/service.rb

@@ -52,7 +52,7 @@ module Inspec::Resources
     end
 
     def to_s
-      "#{owner} runlevels #{keys.join(', ')}"
+      "#{owner} runlevels #{keys.join(", ")}"
     end
   end
 
@@ -177,59 +177,69 @@ module Inspec::Resources
 
     def info
       return nil if @service_mgmt.nil?
+
       @cache ||= @service_mgmt.info(@service_name)
     end
 
     # verifies if the service is enabled
     def enabled?(_level = nil)
       return false if info.nil?
+
       info[:enabled]
     end
 
     def params
       return {} if info.nil?
+
       Hashie::Mash.new(info[:params] || {})
     end
 
     # verifies the service is registered
     def installed?(_name = nil, _version = nil)
       return false if info.nil?
+
       info[:installed]
     end
 
     # verifies the service is currently running
     def running?(_under = nil)
       return false if info.nil?
+
       info[:running]
     end
 
     # get all runlevels that are available and their configuration
     def runlevels(*args)
       return Runlevels.new(self) if info.nil? || info[:runlevels].nil?
+
       Runlevels.from_hash(self, info[:runlevels], args)
     end
 
     # returns the service type from info
     def type
       return nil if info.nil?
+
       info[:type]
     end
 
     # returns the service name from info
     def name
       return @service_name if info.nil?
+
       info[:name]
     end
 
     # returns the service description from info
     def description
       return nil if info.nil?
+
       info[:description]
     end
 
     # returns the service start up mode from info
     def startmode
       return nil if info.nil?
+
       info[:startmode]
     end
 
@@ -324,6 +334,7 @@ module Inspec::Resources
     def status?
       status_cmd = inspec.command("lssrc -s #{@name}")
       return nil if status_cmd.exit_status.to_i != 0
+
       status_cmd.stdout.split(/\n/).last.chomp =~ /active$/ ? true : false
     end
 
@@ -463,6 +474,7 @@ module Inspec::Resources
       # search for the service
       srv = /(^.*#{service_name}$)/.match(cmd.stdout)
       return nil if srv.nil? || srv[0].nil?
+
       enabled = true
 
       # check if the service is running