inspec 4.7.3 → 4.7.18

data/lib/inspec/resources/shadow.rb

@@ -69,6 +69,7 @@ module Inspec::Resources
 
     def filter(query = {})
       return self if query.nil? || query.empty?
+
       res = set_params
       filters = ""
       query.each do |attr, condition|

data/lib/inspec/resources/ssh_config.rb

@@ -48,6 +48,7 @@ module Inspec::Resources
       return nil if param.nil?
       # extract first value if we have only one value in array
       return param[0] if param.length == 1
+
       param
     end
 
@@ -66,6 +67,7 @@ module Inspec::Resources
     def read_params
       return @params if defined?(@params)
       return @params = {} if read_content.nil?
+
       conf = SimpleConfig.new(
         read_content,
         assignment_regex: /^\s*(\S+?)\s+(.*?)\s*$/,

data/lib/inspec/resources/ssl.rb

@@ -59,20 +59,21 @@ class SSL < Inspec.resource(1)
   filter = FilterTable.create
   filter.register_custom_matcher(:enabled?) do |x|
     raise "Cannot determine host for SSL test. Please specify it or use a different target." if x.resource.host.nil?
+
     x.handshake.values.any? { |i| i["success"] }
   end
   filter.register_column(:ciphers, field: "cipher")
-        .register_column(:protocols, field: "protocol")
-        .register_custom_property(:handshake) do |x|
-          groups = x.entries.group_by(&:protocol)
-          res = Parallel.map(groups, in_threads: 8) do |proto, e|
-            [proto, SSLShake.hello(x.resource.host, port: x.resource.port,
-              protocol: proto, ciphers: e.map(&:cipher),
-              timeout: x.resource.timeout, retries: x.resource.retries, servername: x.resource.host)]
-          end
-          Hash[res]
-        end
-        .install_filter_methods_on_resource(self, :scan_config)
+    .register_column(:protocols, field: "protocol")
+    .register_custom_property(:handshake) do |x|
+      groups = x.entries.group_by(&:protocol)
+      res = Parallel.map(groups, in_threads: 8) do |proto, e|
+        [proto, SSLShake.hello(x.resource.host, port: x.resource.port,
+          protocol: proto, ciphers: e.map(&:cipher),
+          timeout: x.resource.timeout, retries: x.resource.retries, servername: x.resource.host)]
+      end
+      Hash[res]
+    end
+    .install_filter_methods_on_resource(self, :scan_config)
 
   def to_s
     "SSL/TLS on #{@host}:#{@port}"

data/lib/inspec/resources/users.rb

@@ -72,18 +72,18 @@ module Inspec::Resources
     filter = FilterTable.create
     filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
     filter.register_column(:usernames, field: :username)
-          .register_column(:uids,      field: :uid)
-          .register_column(:gids,      field: :gid)
-          .register_column(:groupnames, field: :groupname)
-          .register_column(:groups,    field: :groups)
-          .register_column(:homes,     field: :home)
-          .register_column(:shells,    field: :shell)
-          .register_column(:mindays,   field: :mindays)
-          .register_column(:maxdays,   field: :maxdays)
-          .register_column(:warndays,  field: :warndays)
-          .register_column(:disabled,  field: :disabled)
-          .register_custom_matcher(:disabled?) { |x| x.where { disabled == false }.entries.empty? }
-          .register_custom_matcher(:enabled?) { |x| x.where { disabled == true }.entries.empty? }
+      .register_column(:uids,      field: :uid)
+      .register_column(:gids,      field: :gid)
+      .register_column(:groupnames, field: :groupname)
+      .register_column(:groups,    field: :groups)
+      .register_column(:homes,     field: :home)
+      .register_column(:shells,    field: :shell)
+      .register_column(:mindays,   field: :mindays)
+      .register_column(:maxdays,   field: :maxdays)
+      .register_column(:warndays,  field: :warndays)
+      .register_column(:disabled,  field: :disabled)
+      .register_custom_matcher(:disabled?) { |x| x.where { disabled == false }.entries.empty? }
+      .register_custom_matcher(:enabled?) { |x| x.where { disabled == true }.entries.empty? }
     filter.install_filter_methods_on_resource(self, :collect_user_details)
 
     def to_s
@@ -254,17 +254,20 @@ module Inspec::Resources
     # returns the iden
     def identity
       return @id_cache if defined?(@id_cache)
-      @id_cache = @user_provider.identity(@username) if !@user_provider.nil?
+
+      @id_cache = @user_provider.identity(@username) unless @user_provider.nil?
     end
 
     def meta_info
       return @meta_cache if defined?(@meta_cache)
-      @meta_cache = @user_provider.meta_info(@username) if !@user_provider.nil?
+
+      @meta_cache = @user_provider.meta_info(@username) unless @user_provider.nil?
     end
 
     def credentials
       return @cred_cache if defined?(@cred_cache)
-      @cred_cache = @user_provider.credentials(@username) if !@user_provider.nil?
+
+      @cred_cache = @user_provider.credentials(@username) unless @user_provider.nil?
     end
   end
 
@@ -346,6 +349,7 @@ module Inspec::Resources
     def list_users
       cmd = inspec.command(list_users_cmd)
       return [] if cmd.exit_status != 0
+
       cmd.stdout.chomp.lines
     end
 
@@ -389,7 +393,7 @@ module Inspec::Resources
         data.push(raw[0, index + 1]) # inclue closing )
         raw = raw[index + 2, raw.length - index - 2]
       end
-      data.push(raw) if !raw.nil?
+      data.push(raw) unless raw.nil?
       data.join("\n")
     end
   end
@@ -401,6 +405,7 @@ module Inspec::Resources
     def meta_info(username)
       cmd = inspec.command("getent passwd #{username}")
       return nil if cmd.exit_status != 0
+
       # returns: root:x:0:0:root:/root:/bin/bash
       passwd = parse_passwd_line(cmd.stdout.chomp)
       {
@@ -440,6 +445,7 @@ module Inspec::Resources
     def identity(username)
       id = super(username)
       return nil if id.nil?
+
       # AIX 'id' command doesn't include the primary group in the supplementary
       # yet it can be somewhere in the supplementary list if someone added root
       # to a groups list in /etc/group
@@ -483,6 +489,7 @@ module Inspec::Resources
     def meta_info(username)
       hpuxuser = inspec.command("logins -x -l #{username}")
       return nil if hpuxuser.exit_status != 0
+
       user = hpuxuser.stdout.chomp.split(" ")
       {
         home: user[4],
@@ -534,6 +541,7 @@ module Inspec::Resources
     def meta_info(username)
       cmd = inspec.command("pw usershow #{username} -7")
       return nil if cmd.exit_status != 0
+
       # returns: root:*:0:0:Charlie &:/root:/bin/csh
       passwd = parse_passwd_line(cmd.stdout.chomp)
       {
@@ -552,7 +560,7 @@ module Inspec::Resources
     def parse_windows_account(username)
       account = username.split('\\')
       name = account.pop
-      domain = account.pop if !account.empty?
+      domain = account.pop unless account.empty?
       [name, domain]
     end
 
@@ -560,8 +568,9 @@ module Inspec::Resources
       # TODO: we look for local users only at this point
       name, _domain = parse_windows_account(username)
       return if collect_user_details.nil?
+
       res = collect_user_details.select { |user| user[:username] == name }
-      res[0] if !res.empty?
+      res[0] unless res.empty?
     end
 
     def list_users
@@ -571,6 +580,7 @@ module Inspec::Resources
     # https://msdn.microsoft.com/en-us/library/aa746340(v=vs.85).aspx
     def collect_user_details # rubocop:disable Metrics/MethodLength
       return @users_cache if defined?(@users_cache)
+
       script = <<~EOH
         Function ConvertTo-SID { Param([byte[]]$BinarySID)
           (New-Object System.Security.Principal.SecurityIdentifier($BinarySID,0)).Value
@@ -640,7 +650,7 @@ module Inspec::Resources
       end
 
       # ensure we have an array of groups
-      users = [users] if !users.is_a?(Array)
+      users = [users] unless users.is_a?(Array)
       # convert keys to symbols
       @users_cache = users.map { |user| user.each_with_object({}) { |(k, v), h| h[k.to_sym] = v } }
     end

data/lib/inspec/resources/virtualization.rb

@@ -67,6 +67,7 @@ module Inspec::Resources
     def detect_xen
       # This file should exist on most Xen systems, normally empty for guests
       return false unless inspec.file("/proc/xen/capabilities").exist?
+
       @virtualization_data[:system] = "xen"
       if inspec.file("/proc/xen/capabilities").content =~ /control_d/i
         @virtualization_data[:role] = "host"
@@ -80,6 +81,7 @@ module Inspec::Resources
     # Detect Virtualbox from kernel module
     def detect_virtualbox
       return false unless inspec.file("/proc/modules").exist?
+
       modules = inspec.file("/proc/modules").content
       if modules =~ /^vboxdrv/
         Inspec::Log.debug("Plugin Virtualization: /proc/modules contains vboxdrv. Detecting as vbox host")
@@ -98,6 +100,7 @@ module Inspec::Resources
     # if nova binary is present we're on an openstack host
     def detect_openstack
       return false unless nova_exists?
+
       @virtualization_data[:system] = "openstack"
       @virtualization_data[:role] = "host"
       true
@@ -106,6 +109,7 @@ module Inspec::Resources
     # Detect paravirt KVM/QEMU from cpuinfo, report as KVM
     def detect_kvm_from_cpuinfo
       return false unless inspec.file("/proc/cpuinfo").content =~ /QEMU Virtual CPU|Common KVM processor|Common 32-bit KVM processor/
+
       @virtualization_data[:system] = "kvm"
       @virtualization_data[:role] = "guest"
       true
@@ -115,6 +119,7 @@ module Inspec::Resources
     # guests will have the hypervisor cpu feature that hosts don't have
     def detect_kvm_from_sys
       return false unless inspec.file("/sys/devices/virtual/misc/kvm").exist?
+
       @virtualization_data[:system] = "kvm"
       if inspec.file("/proc/cpuinfo").content =~ /hypervisor/
         @virtualization_data[:role] = "guest"
@@ -142,6 +147,7 @@ module Inspec::Resources
     # Detect Parallels virtual machine from pci devices
     def detect_parallels
       return false unless inspec.file("/proc/bus/pci/devices").content =~ /1ab84000/
+
       @virtualization_data[:system] = "parallels"
       @virtualization_data[:role] = "guest"
       true
@@ -150,9 +156,11 @@ module Inspec::Resources
     # Detect Linux-VServer
     def detect_linux_vserver
       return false unless inspec.file("/proc/self/status").exist?
+
       proc_self_status = inspec.file("/proc/self/status").content
       vxid = proc_self_status.match(/^(s_context|VxID):\s*(\d+)$/)
       return false unless vxid && vxid[2]
+
       @virtualization_data[:system] = "linux-vserver"
       if vxid[2] == "0"
         @virtualization_data[:role] = "host"
@@ -182,6 +190,7 @@ module Inspec::Resources
     # Kernel docs, https://www.kernel.org/doc/Documentation/cgroups
     def detect_lxc_docker
       return false unless inspec.file("/proc/self/cgroup").exist?
+
       cgroup_content = inspec.file("/proc/self/cgroup").content
       if cgroup_content =~ %r{^\d+:[^:]+:/(lxc|docker)/.+$} ||
           cgroup_content =~ %r{^\d+:[^:]+:/[^/]+/(lxc|docker)-.+$} # rubocop:disable Layout/MultilineOperationIndentation
@@ -203,6 +212,7 @@ module Inspec::Resources
 
     def detect_docker
       return false unless inspec.file("/.dockerenv").exist? || inspec.file("/.dockerinit").exist?
+
       @virtualization_data[:system] = "docker"
       @virtualization_data[:role] = "guest"
       true

data/lib/inspec/resources/windows_feature.rb

@@ -38,7 +38,7 @@ module Inspec::Resources
 
     # returns the package description
     def info
-      return @cache if !@cache.nil?
+      return @cache unless @cache.nil?
 
       case @method
       when :powershell

data/lib/inspec/resources/windows_hotfix.rb

@@ -18,6 +18,7 @@ module Inspec::Resources
       @content = nil
       os = inspec.os
       return skip_resource "The `windows_hotfix` resource is not a feature of your OS." unless os.windows?
+
       query = "get-hotfix -id #{@id}"
       cmd = inspec.powershell(query)
       @content = cmd.stdout
@@ -29,6 +30,7 @@ module Inspec::Resources
 
     def installed?
       return false if @content.nil?
+
       @content.include?(@id)
     end
   end

data/lib/inspec/resources/windows_task.rb

@@ -33,17 +33,20 @@ module Inspec::Resources
 
     def exists?
       return true unless info.nil? || info[:uri].nil?
+
       false
     end
 
     # rubocop:disable Style/WordArray
     def enabled?
       return false if info.nil? || info[:state].nil?
+
       ["Ready", "Running"].include?(info[:state])
     end
 
     def disabled?
       return false if info.nil? || info[:state].nil?
+
       info[:scheduled_task_state] == "Disabled" || info[:state] == "Disabled"
     end
 
@@ -69,6 +72,7 @@ module Inspec::Resources
 
     def info
       return @cache unless @cache.nil?
+
       # PowerShell v5 has Get-ScheduledTask cmdlet,
       # _using something with backward support to v3_
       # script = "Get-ScheduledTask | ? { $_.URI -eq '#{@taskuri}' } | Select-Object URI,@{N='State';E={$_.State.ToString()}} | ConvertTo-Json"

data/lib/inspec/resources/wmi.rb

@@ -51,13 +51,14 @@ module Inspec::Resources
 
     def params
       return @content if defined?(@content)
+
       @content = {}
 
       # abort if no options are available
       return @content unless defined?(@options)
 
       # filter for supported options
-      args = @options.select { |key, _value| [:class, :namespace, :query, :filter].include?(key) }
+      args = @options.select { |key, _value| %i{class namespace query filter}.include?(key) }
 
       # convert to Get-WmiObject arguments
       params = ""

data/lib/inspec/resources/x509_certificate.rb

@@ -56,16 +56,19 @@ module Inspec::Resources
 
     def fingerprint
       return if @cert.nil?
+
       OpenSSL::Digest::SHA1.new(@cert.to_der).to_s
     end
 
     def serial
       return if @cert.nil?
+
       @cert.serial.to_i
     end
 
     def subject_dn
       return if @cert.nil?
+
       @cert.subject.to_s
     end
 
@@ -73,12 +76,14 @@ module Inspec::Resources
       return if @cert.nil?
       # Return cached subject if we have already parsed it
       return @parsed_subject if @parsed_subject
+
       # Use a Mash to make it easier to access hash elements in "its('subject') {should ...}"
       @parsed_subject = Hashie::Mash.new(Hash[@cert.subject.to_a.map { |k, v, _| [k, v] }])
     end
 
     def issuer_dn
       return if @cert.nil?
+
       @cert.issuer.to_s
     end
 
@@ -86,12 +91,14 @@ module Inspec::Resources
       return if @cert.nil?
       # Return cached subject if we have already parsed it
       return @parsed_issuer if @parsed_issuer
+
       # Use a Mash to make it easier to access hash elements in "its('issuer') {should ...}"
       @parsed_issuer = Hashie::Mash.new(Hash[@cert.issuer.to_a.map { |k, v, _| [k, v] }])
     end
 
     def key_length
       return if @cert.nil?
+
       @cert.public_key.n.num_bytes * 8
     end
 
@@ -109,6 +116,7 @@ module Inspec::Resources
       return @extensions if @extensions
       # Return the exception class if we failed to instantiate a Cert from file
       return @cert unless @cert.respond_to? :extensions
+
       # Use a Mash to make it easier to access hash elements in "its('entensions') {should ...}"
       @extensions = Hashie::Mash.new({})
       # Make sure standard extensions exist so we don't get nil for nil:NilClass

data/lib/inspec/resources/xinetd_conf.rb

@@ -35,15 +35,15 @@ module Inspec::Resources
     end
 
     filter = FilterTable.create
-    filter.register_column(:services,     field: "service")
-          .register_column(:ids,          field: "id")
-          .register_column(:socket_types, field: "socket_type")
-          .register_column(:types,        field: "type")
-          .register_column(:protocols,    field: "protocol")
-          .register_column(:wait,         field: "wait")
-          .register_custom_matcher(:disabled?) { |x| x.where("disable" => "no").services.empty? }
-          .register_custom_matcher(:enabled?) { |x| x.where("disable" => "yes").services.empty? }
-          .install_filter_methods_on_resource(self, :service_lines)
+    filter.register_column(:services, field: "service")
+      .register_column(:ids,          field: "id")
+      .register_column(:socket_types, field: "socket_type")
+      .register_column(:types,        field: "type")
+      .register_column(:protocols,    field: "protocol")
+      .register_column(:wait,         field: "wait")
+      .register_custom_matcher(:disabled?) { |x| x.where("disable" => "no").services.empty? }
+      .register_custom_matcher(:enabled?) { |x| x.where("disable" => "yes").services.empty? }
+      .install_filter_methods_on_resource(self, :service_lines)
 
     private
 
@@ -55,6 +55,7 @@ module Inspec::Resources
 
     def read_params
       return {} if read_content.nil?
+
       flat_params = parse_xinetd(read_content)
       # we need to map service data in order to use it with filtertable
       params = { "services" => {} }

data/lib/inspec/resources/yum.rb

@@ -47,6 +47,7 @@ module Inspec::Resources
     # until \n
     def repositories
       return @cache if defined?(@cache)
+
       # parse the repository data from yum
       # we cannot use -C, because this is not reliable and may lead to errors
       @command_result = inspec.command("yum -v repolist all")
@@ -82,7 +83,7 @@ module Inspec::Resources
 
     # alias for yum.repo('reponame')
     def method_missing(name)
-      repo(name.to_s) if !name.nil?
+      repo(name.to_s) unless name.nil?
     end
 
     def to_s
@@ -99,6 +100,7 @@ module Inspec::Resources
     # Optimize the key value
     def repo_key(key)
       return key if key.nil?
+
       key.gsub("Repo-", "").downcase
     end
   end
@@ -118,6 +120,7 @@ module Inspec::Resources
 
     def info
       return @cache if defined?(@cache)
+
       selection = @yum.repositories.select { |e| e["id"] == @reponame || shortname(e["id"]) == @reponame }
       @cache = selection.empty? ? {} : selection.first
       @cache
@@ -129,20 +132,21 @@ module Inspec::Resources
 
     def enabled?
       return false unless exist?
+
       info["status"] == "enabled"
     end
 
     # provide a method for each of the repo metadata items we know about
-    [
-      :baseurl,
-      :expire,
-      :filename,
-      :mirrors,
-      :pkgs,
-      :size,
-      :status,
-      :updated,
-    ].each do |key|
+    %i{
+      baseurl
+      expire
+      filename
+      mirrors
+      pkgs
+      size
+      status
+      updated
+    }.each do |key|
       define_method key do
         info[key.to_s]
       end