inspec 0.26.0 → 0.27.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 24a4519c426bef0955b532d458a7436c172ee78e
-  data.tar.gz: 94fa93e202174527e9d40cbf1f174cc37a879492
+  metadata.gz: 46a196f44aef946778a2c1551727b83826eaaede
+  data.tar.gz: b351a6fddd347b9f951818ad3332270f3d399139
 SHA512:
-  metadata.gz: afa1eeb884e110fd29387f621aa29ff8a90f428257a96f657fba4001520bb893e23af8f94d583cb73579c9eb6a4f95986a4df842f81aea5513fd7eb7c450a944
-  data.tar.gz: 7cb77d205bdf7ebadae0b376aefb35d03ee1ab444b8d95a30f8042eb5ab139bc2f6112d2557ded9bdbfbff07cb68998bf86b7d8884d4b15554b64f6dd827a925
+  metadata.gz: 70da720dd36b4df18aca90293777b169ee25df1ebbb679500104e191ecdfa203d2136223e063e37c7ab0b5d5eed44029f65d2331bcd5d3eb825376c9e63f344f
+  data.tar.gz: d09acee41a988495d4bec78a6a02409a89c89e8b527b5b3475ba622d2e6ab0da9751236bf1af7c6059c8e51a9193940b24cab6ef1f86cb66db80a174d5f4b8be

data/CHANGELOG.md

@@ -1,7 +1,34 @@
 # Change Log
 
-## [0.26.0](https://github.com/chef/inspec/tree/0.26.0) (2016-06-16)
-[Full Changelog](https://github.com/chef/inspec/compare/v0.25.0...0.26.0)
+## [0.27.0](https://github.com/chef/inspec/tree/0.27.0) (2016-07-10)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.26.0...0.27.0)
+
+**Implemented enhancements:**
+
+- inspec report source\_location data type [\#807](https://github.com/chef/inspec/issues/807)
+- Additional fields in inspec reports [\#806](https://github.com/chef/inspec/issues/806)
+- api: report source location with field identifiers [\#808](https://github.com/chef/inspec/pull/808) ([arlimus](https://github.com/arlimus))
+- add boolean support for cmp matcher [\#801](https://github.com/chef/inspec/pull/801) ([chris-rock](https://github.com/chris-rock))
+- improve wmi resource [\#800](https://github.com/chef/inspec/pull/800) ([chris-rock](https://github.com/chris-rock))
+- Update documentation for bundles [\#716](https://github.com/chef/inspec/pull/716) ([chris-rock](https://github.com/chris-rock))
+
+**Fixed bugs:**
+
+- `os` resource not accessible within a `describe` [\#451](https://github.com/chef/inspec/issues/451)
+- add suid sgid and sticky support for file resource [\#819](https://github.com/chef/inspec/pull/819) ([arlimus](https://github.com/arlimus))
+- pin gem version for ffi due to appveyor failures [\#816](https://github.com/chef/inspec/pull/816) ([arlimus](https://github.com/arlimus))
+- check service running by ActiveState [\#814](https://github.com/chef/inspec/pull/814) ([arlimus](https://github.com/arlimus))
+
+**Merged pull requests:**
+
+- small fix for postgres\_session documentation \(Test for risky database entries example\) [\#815](https://github.com/chef/inspec/pull/815) ([atomic111](https://github.com/atomic111))
+- Add array documentation to yaml / json resource [\#803](https://github.com/chef/inspec/pull/803) ([bigbam505](https://github.com/bigbam505))
+- Updating ctl docs to include the init command [\#802](https://github.com/chef/inspec/pull/802) ([ChefRycar](https://github.com/ChefRycar))
+- add documentation for bash resource [\#799](https://github.com/chef/inspec/pull/799) ([chris-rock](https://github.com/chris-rock))
+- align inspec's check, detect, and exec cli formatters [\#797](https://github.com/chef/inspec/pull/797) ([arlimus](https://github.com/arlimus))
+
+## [v0.26.0](https://github.com/chef/inspec/tree/v0.26.0) (2016-06-16)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.25.0...v0.26.0)
 
 **Implemented enhancements:**
 

data/Gemfile

@@ -8,6 +8,9 @@ if Gem::Version.new(RUBY_VERSION) <= Gem::Version.new('1.9.3')
   gem 'net-ssh', '~> 2.9'
 end
 
+# TODO: ffi 1.9.11 is currently erroneous on windows tests
+gem 'ffi', '= 1.9.10'
+
 group :test do
   gem 'bundler', '~> 1.5'
   gem 'minitest', '~> 5.5'

data/docs/ctl_inspec.rst

@@ -171,6 +171,33 @@ Use ``inspec help`` to print help for the |ctl inspec| from the command shell.
 
 
 
+init
+=====================================================
+Use ``inspec init`` to initialize a new inspec profile
+
+Syntax
+-----------------------------------------------------
+This command has the following syntax:
+.. code-block:: bash
+
+   $ inspec init profile PROFILE (options)
+
+where:
+
+* ``PROFILE`` is the name of the profile you wish to create
+
+Options
+-----------------------------------------------------
+This subcommand has additional options:
+
+``--overwrite``
+   Overwite directory if it exists
+
+``--no-overwrite``
+   Converse of ``--overwrite``. (default)
+
+
+
 json
 =====================================================
 Use ``inspec json`` to read all tests at the specified path, and then generate a |json| profile to standard output (stdout).

data/docs/resources.rst

@@ -9,6 +9,7 @@ The following InSpec audit resources are available:
 * `audit_policy`_
 * `auditd_conf`_
 * `auditd_rules`_
+* `bash`_
 * `bond`_
 * `bridge`_
 * `csv`_
@@ -398,6 +399,130 @@ Note that filters can be chained, for example:
    end
 
 
+
+
+bash
+=====================================================
+Use the ``bash`` |inspec resource| to test an arbitrary command in BASH on the system.
+
+**Stability: Stable**
+
+Syntax
+-----------------------------------------------------
+A ``bash`` |inspec resource| block declares a command to be run, one (or more) expected outputs, and the location to which that output is sent:
+
+.. code-block:: ruby
+
+  describe bash('command') do
+    it { should exist }
+    its('matcher') { should eq 'output' }
+  end
+
+where
+
+* ``'command'`` must specify a command to be run
+* ``'matcher'`` is one of ``exit_status``, ``stderr``, or ``stdout``
+* ``'output'`` tests the output of the command run on the system versus the output value stated in the test
+
+Matchers
+-----------------------------------------------------
+This InSpec audit resource has the following matchers.
+
+exist
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+The ``exist`` matcher tests if a command may be run on the system:
+
+.. code-block:: ruby
+
+  it { should exist }
+
+exit_status
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+The ``exit_status`` matcher tests the exit status for the command:
+
+.. code-block:: ruby
+
+  its('exit_status') { should eq 123 }
+
+stderr
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+The ``stderr`` matcher tests results of the command as returned in standard error (stderr):
+
+.. code-block:: ruby
+
+  its('stderr') { should eq 'error' }
+
+stdout
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+The ``stdout`` matcher tests results of the command as returned in standard output (stdout):
+
+.. code-block:: ruby
+
+  its('stdout') { should match /^1$/ }
+
+Examples
+-----------------------------------------------------
+The following examples show how to use this InSpec audit resource.
+
+**List content of a directorye**
+
+.. code-block:: ruby
+
+  describe bash('ls -al /') do
+    its('stdout') { should match /bin/ }
+    its('stderr') { should eq '' }
+    its('exit_status') { should eq 0 }
+  end
+
+**Test standard output (stdout)**
+
+.. code-block:: ruby
+
+  describe bash('echo hello') do
+    its('stdout') { should eq 'hello\n' }
+    its('stderr') { should eq '' }
+    its('exit_status') { should eq 0 }
+  end
+
+**Test standard error (stderr)**
+
+.. code-block:: ruby
+
+  describe bash('>&2 echo error') do
+    its('stdout') { should eq '' }
+    its('stderr') { should eq 'error\n' }
+    its('exit_status') { should eq 0 }
+  end
+
+**Test an exit status code**
+
+.. code-block:: ruby
+
+  describe bash('exit 123') do
+    its('stdout') { should eq '' }
+    its('stderr') { should eq '' }
+    its('exit_status') { should eq 123 }
+  end
+
+**Specify the path of the bash executable**
+
+.. code-block:: ruby
+
+  describe bash('echo hello', path: '/bin/bash') do
+    its('stdout') { should eq 'hello\n' }
+  end
+
+**Specify bash arguments (defaults to -c)**
+
+.. code-block:: ruby
+
+  describe bash('echo hello', args: '-x -c') do
+    its('stdout') { should eq 'hello\n' }
+  end
+
+
+
+
 bond
 =====================================================
 Use the ``bond`` |inspec resource| to test a logical, bonded network interface (i.e. "two or more network interfaces aggregated into a single, logical network interface"). On |linux| platforms, any value in the ``/proc/net/bonding`` directory may be tested.
@@ -1913,7 +2038,11 @@ A ``json`` |inspec resource| block declares the data to be tested. Assume the fo
      "name" : "hello",
      "meta" : {
        "creator" : "John Doe"
-     }
+     },
+     "array": [
+       "zero",
+       "one"
+     ]
    }
 
 
@@ -1924,6 +2053,7 @@ This file can be queried via:
    describe json('/paht/to/name.json') do
       its('name') { should eq 'hello' }
       its(['meta','creator']) { should eq 'John Doe' }
+      its(['array', 1]) { should eq 'one' }
    end
 
 where
@@ -3562,11 +3692,11 @@ The following examples show how to use this InSpec audit resource.
 .. code-block:: ruby
 
    describe postgres_session('my_user', 'password').query('SELECT count (*)
-                 FROM pg_language
-                 WHERE lanpltrusted = 'f'
-                 AND lanname!='internal'
-                 AND lanname!='c';') do
-     its('output') { should eq(/^0/) }
+                FROM pg_language
+                WHERE lanpltrusted = \'f\'
+                AND lanname!=\'internal\'
+                AND lanname!=\'c\';') do
+     its('output') { should eq '0' }
    end
 
 
@@ -4344,10 +4474,21 @@ Syntax
 -----------------------------------------------------
 A ``yaml`` |inspec resource| block declares the configuration data to be tested:
 
+.. code-block:: yaml
+
+   name: foo
+   array:
+     - zero
+     - one
+
+
+This file can be queried via:
+
 .. code-block:: ruby
 
    describe yaml do
      its('name') { should eq 'foo' }
+     its(['array', 1]) { should eq 'one' }
    end
 
 where

data/inspec.gemspec

@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'train', '~> 0.13'
+  spec.add_dependency 'train', '>=0.15.1', '<1.0'
   spec.add_dependency 'thor', '~> 0.19'
   spec.add_dependency 'json', '~> 1.8'
   spec.add_dependency 'rainbow', '~> 2'

data/lib/bundles/inspec-compliance/README.md

@@ -8,7 +8,6 @@ This extensions offers the following features:
 
 To use the CLI, this InSpec add-on adds the following commands:
 
- * `$ inspec compliance api_token server --token TOKEN --user USER` - save the Chef Compliance API token for user
  * `$ inspec compliance login` - authentication of the API token against Chef Compliance
  * `$ inspec compliance profiles` - list all available Chef Compliance profiles
  * `$ inspec compliance exec profile` - runs a Chef Compliance profile
@@ -20,6 +19,111 @@ Compliance profiles can be executed in two mays:
 - via compliance exec: `inspec compliance exec profile`
 - via compliance scheme: `inspec exec compliance://profile`
 
+## Usage
+
+Before you start using the compliance plugin, you need a running [Chef Compliance](https://www.chef.io/compliance/) server. Please login and gather the access token:
+
+![Chef Compliance Token](images/cc-token.png)
+
+You can choose the access token (`--token`) or the refresh token (`--refresh_token`)
+
+```
+$ inspec compliance
+Commands:
+  inspec compliance exec PROFILE    # executes a Chef Compliance profile
+  inspec compliance help [COMMAND]  # Describe subcommands or one specific subcommand
+  inspec compliance login SERVER    # Log in to a Chef Compliance SERVER
+  inspec compliance logout          # user logout from Chef Compliance
+  inspec compliance profiles        # list all available profiles in Chef Compliance
+  inspec compliance upload PATH     # uploads a local profile to Chef Compliance
+  inspec compliance version         # displays the version of the Chef Compliance server
+
+# login to chef compliance server
+$ inspec compliance login https://compliance.test --user admin --insecure --token '...'
+
+# display the chef compliance server version
+$ inspec compliance version
+Chef Compliance version: 1.0.11
+
+# list available profiles via Chef Compliance
+$ inspec compliance profiles
+Available profiles:
+-------------------
+ * base/apache
+ * base/linux
+ * base/mysql
+ * base/postgres
+ * base/ssh
+ * base/windows
+ * cis/cis-centos6-level1
+ * cis/cis-centos6-level2
+ * cis/cis-centos7-level1
+ * cis/cis-centos7-level2
+ * cis/cis-rhel7-level1
+ * cis/cis-rhel7-level2
+ * cis/cis-ubuntu12.04lts-level1
+ * cis/cis-ubuntu12.04lts-level2
+ * cis/cis-ubuntu14.04lts-level1
+ * cis/cis-ubuntu14.04lts-level2
+
+# upload a profile to chef Compliance
+$ inspec compliance version
+Chef Compliance version: 1.0.11
+➜  inspec git:(chris-rock/cc-error-not-loggedin) ✗ b inspec compliance upload examples/profile
+I, [2016-05-06T14:27:20.907547 #37592]  INFO -- : Checking profile in examples/profile
+I, [2016-05-06T14:27:20.907668 #37592]  INFO -- : Metadata OK.
+I, [2016-05-06T14:27:20.968584 #37592]  INFO -- : Found 4 controls.
+I, [2016-05-06T14:27:20.968638 #37592]  INFO -- : Control definitions OK.
+Profile is valid
+Generate temporary profile archive at /var/folders/jy/2bnrfb4s36jbjtzllvhhyqhw0000gn/T/profile20160506-37592-1tf326f.tar.gz
+I, [2016-05-06T14:27:21.020017 #37592]  INFO -- : Generate archive /var/folders/jy/2bnrfb4s36jbjtzllvhhyqhw0000gn/T/profile20160506-37592-1tf326f.tar.gz.
+I, [2016-05-06T14:27:21.024837 #37592]  INFO -- : Finished archive generation.
+Start upload to admin/profile
+Uploading to Chef Compliance
+Successfully uploaded profile
+
+# display all profiles
+$ inspec compliance profiles
+Available profiles:
+-------------------
+ * admin/profile
+ * base/apache
+ * base/linux
+ * base/mysql
+ * base/postgres
+ * base/ssh
+ * base/windows
+ * cis/cis-centos6-level1
+ * cis/cis-centos6-level2
+ * cis/cis-centos7-level1
+ * cis/cis-centos7-level2
+ * cis/cis-rhel7-level1
+ * cis/cis-rhel7-level2
+ * cis/cis-ubuntu12.04lts-level1
+ * cis/cis-ubuntu12.04lts-level2
+ * cis/cis-ubuntu14.04lts-level1
+ * cis/cis-ubuntu14.04lts-level2
+
+# run a profile from Chef Compliance locally
+$ inspec exec compliance://admin/profile
+.*...
+
+Pending: (Failures listed here are expected and do not affect your suite's status)
+
+  1) gordon_config Can't find file "/tmp/gordon/config.yaml"
+     # Not yet implemented
+     # ./lib/inspec/runner.rb:157
+
+
+Finished in 0.02862 seconds (files took 0.62628 seconds to load)
+5 examples, 0 failures, 1 pending
+
+# logout from Chef Compliance
+```
+$ inspec compliance logout
+Successfully logged out
+```
+
 ## Integration Tests
 
 At this point of time, InSpec is not able to pick up the token directly, therefore the integration test is semi-automatic at this point of time:

data/lib/bundles/inspec-init/README.md

@@ -0,0 +1,31 @@
+# InSpec Extension to create new profiles
+
+This extensions helps you to easily create a new profile
+
+## Usage
+
+```
+$ inspec init profile examples/new-profile
+Create new profile at /Users/chartmann/Development/compliance/inspec/examples/new-profile
+  * Create directory controls
+  * Create file controls/example.rb
+  * Create file inspec.yml
+  * Create directory libraries
+  * Create file README.md
+  * Create file libraries/.gitkeep
+
+$ inspec check examples/new-profile
+Summary
+-------
+Location: examples/new-profile
+Profile: examples/new-profile
+Controls: 2
+Timestamp: 2016-05-06T14:39:47+02:00
+Valid: true
+
+Errors
+------
+
+Warnings
+--------
+```

data/lib/bundles/inspec-supermarket/README.md

@@ -10,3 +10,36 @@ To use the CLI, this InSpec add-on adds the following commands:
 
  - via supermarket exec: `inspec supermarket exec nathenharvey/tmp-compliance-profile`
  - via supermarket scheme: `inspec exec supermarket://nathenharvey/tmp-compliance-profile`
+
+## Usage
+
+```
+$ inspec supermarket
+Commands:
+  inspec supermarket exec PROFILE    # execute a Supermarket profile
+  inspec supermarket help [COMMAND]  # Describe subcommands or one specific subcommand
+  inspec supermarket info PROFILE    # display Supermarket profile details
+  inspec supermarket profiles        # list all available profiles in Chef Supermarket
+
+$ inspec supermarket profiles
+Available profiles:
+-------------------
+ * nathenharvey/tmp-compliance-profile
+ * hardening/os-hardening
+ * hardening/ssh-hardening
+
+$ inspec supermarket info hardening/os-hardening
+name:   os-hardening
+owner:  hardening
+url:    https://github.com/dev-sec/tests-os-hardening
+
+description:   Base Linux Compliance profile, used for Security + DevOps. More Information is available at http://dev-sec.io/
+
+$ inspec exec supermarket://hardening/os-hardening
+........F.F.................F......FFF.....FFFF.F........FF....FFFFFFF...FF.FFFFFF.FFFFFFFFFFF.F...
+
+...
+
+Finished in 3.81 seconds (files took 5.69 seconds to load)
+99 examples, 40 failures
+```

data/lib/inspec/cli.rb

@@ -57,19 +57,35 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
     if opts['format'] == 'json'
       puts JSON.generate(result)
     else
-      headline('Summary')
-      %w{location profile controls timestamp valid}.each { |item|
-        puts "#{mark_text(item.to_s.capitalize + ':')} #{result[:summary][item.to_sym]}"
-      }
+      %w{location profile controls timestamp valid}.each do |item|
+        puts format('%-12s %s', item.to_s.capitalize + ':',
+                    mark_text(result[:summary][item.to_sym]))
+      end
       puts
 
-      %w{errors warnings}.each { |list|
-        headline(list.to_s.capitalize)
-        result[list.to_sym].each { |item|
-          puts "#{item[:file]}:#{item[:line]}:#{item[:column]}: #{item[:msg]} "
+      if result[:errors].empty? and result[:warnings].empty?
+        puts 'No errors or warnings'
+      else
+        red    = "\033[31m"
+        yellow = "\033[33m"
+        rst    = "\033[0m"
+
+        item_msg = lambda { |item|
+          pos = [item[:file], item[:line], item[:column]].compact.join(':')
+          pos.empty? ? item[:msg] : pos + ': ' + item[:msg]
         }
+        result[:errors].each do |item|
+          puts "#{red}  ✖  #{item_msg.call(item)}#{rst}"
+        end
+        result[:warnings].each do |item|
+          puts "#{yellow}  !  #{item_msg.call(item)}#{rst}"
+        end
+
         puts
-      }
+        puts format('Summary:     %s%d errors%s, %s%d warnings%s',
+                    red, result[:errors].length, rst,
+                    yellow, result[:warnings].length, rst)
+      end
     end
     exit 1 unless result[:summary][:valid]
   end
@@ -127,7 +143,8 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
     else
       headline('Operating System Details')
       %w{name family release arch}.each { |item|
-        puts "#{mark_text(item.to_s.capitalize + ':')} #{res[item.to_sym]}"
+        puts format('%-10s %s', item.to_s.capitalize + ':',
+                    mark_text(res[item.to_sym]))
       }
     end
   end

data/lib/inspec/profile.rb

@@ -145,7 +145,8 @@ module Inspec
 
       # iterate over hash of groups
       params[:controls].each { |id, control|
-        sfile, sline = control[:source_location]
+        sfile = control[:source_location][:ref]
+        sline = control[:source_location][:line]
         error.call(sfile, sline, nil, id, 'Avoid controls with empty IDs') if id.nil? or id.empty?
         next if id.start_with? '(generated '
         warn.call(sfile, sline, nil, id, "Control #{id} has no title") if control[:title].to_s.empty?

data/lib/inspec/rspec_json_formatter.rb

@@ -202,8 +202,10 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
 
     res = @output_hash[:summary]
     passed = res[:example_count] - res[:failure_count] - res[:skip_count]
-    s = format('Summary: %3d successful  %3d failures  %3d skipped',
-               passed, res[:failure_count], res[:skip_count])
+    s = format('Summary: %s%d successful%s, %s%d failures%s, %s%d skipped%s',
+               COLORS['passed'], passed, COLORS['reset'],
+               COLORS['failed'], res[:failure_count], COLORS['reset'],
+               COLORS['skipped'], res[:skip_count], COLORS['reset'])
     output.puts(s)
   end
 

data/lib/inspec/rule.rb

@@ -199,10 +199,11 @@ module Inspec
 
     # get the source location of the block
     def __get_block_source_location(&block)
-      return [nil, nil] unless block_given?
-      block.source_location
+      return {} unless block_given?
+      r, l = block.source_location
+      { ref: r, line: l }
     rescue MethodSource::SourceNotFoundError
-      [nil, nil]
+      {}
     end
   end
 end

data/lib/inspec/version.rb

@@ -3,5 +3,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '0.26.0'.freeze
+  VERSION = '0.27.0'.freeze
 end

data/lib/matchers/matchers.rb

@@ -247,6 +247,15 @@ RSpec::Matchers.define :cmp do |first_expected|
     !(value =~ /\A0+\d+\Z/).nil?
   end
 
+  def boolean?(value)
+    %w{true false}.include?(value.downcase)
+  end
+
+  # expects that the values have been checked with boolean?
+  def to_boolean(value)
+    value.casecmp('true') == 0
+  end
+
   def try_match(actual, op, expected) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize
     # if actual and expected are strings
     if expected.is_a?(String) && actual.is_a?(String)
@@ -255,6 +264,8 @@ RSpec::Matchers.define :cmp do |first_expected|
       return !actual.to_s.match(expected).nil?
     elsif expected.is_a?(String) && integer?(expected) && actual.is_a?(Integer)
       return actual.method(op).call(expected.to_i)
+    elsif expected.is_a?(String) && boolean?(expected) && [true, false].include?(actual)
+      return actual.method(op).call(to_boolean(expected))
     elsif expected.is_a?(Integer) && integer?(actual)
       return actual.to_i.method(op).call(expected)
     elsif expected.is_a?(Float) && float?(actual)

data/lib/resources/file.rb

@@ -91,6 +91,18 @@ module Inspec::Resources
       end
     end
 
+    def suid
+      (mode & 04000) > 0
+    end
+
+    def sgid
+      (mode & 02000) > 0
+    end
+
+    def sticky
+      (mode & 01000) > 0
+    end
+
     def to_s
       "File #{source_path}"
     end

data/lib/resources/service.rb

@@ -248,7 +248,8 @@ module Inspec::Resources
       installed = params['LoadState'] == 'loaded'
       # test via 'systemctl is-active service'
       # SubState values running
-      running = params['SubState'] == 'running'
+      running = (params['ActiveState'] == 'active') ||
+                (params['SubState'] == 'running')
       # test via systemctl --quiet is-enabled
       # ActiveState values eg.g inactive, active
       enabled = %w{enabled static}.include? params['UnitFileState']

data/lib/resources/wmi.rb

@@ -13,7 +13,8 @@ module Inspec::Resources
     name 'wmi'
     desc 'request wmi information'
     example "
-      describe wmi('RSOP_SecuritySettingNumeric', {
+      describe wmi({
+        class: 'RSOP_SecuritySettingNumeric',
         namespace: 'root\\rsop\\computer',
         filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'
       }) do
@@ -24,13 +25,18 @@ module Inspec::Resources
     include ObjectTraverser
     attr_accessor :content
 
-    def initialize(wmiclass, opts = {})
+    def initialize(wmiclass = nil, opts = nil)
       # verify that this resource is only supported on Windows
       return skip_resource 'The `windows_feature` resource is not supported on your OS.' unless inspec.os.windows?
 
-      @wmiclass = wmiclass
-      @wminamespace = opts[:namespace]
-      @wmifilter = opts[:filter]
+      @options = opts || {}
+      # if wmiclass is not a hash, we have to handle deprecation behavior
+      if wmiclass.is_a?(Hash)
+        @options.merge!(wmiclass)
+      else
+        warn '[DEPRECATION] `wmi(\'wmiclass\')` is deprecated.  Please use `wmi({class: \'wmiclass\'})` instead.'
+        @options[:class] = wmiclass
+      end
     end
 
     # returns nil, if not existant or value
@@ -40,36 +46,69 @@ module Inspec::Resources
       keys.shift if keys.is_a?(Array) && keys[0] == :[]
 
       # map all symbols to strings
-      keys = keys.map(&:to_s) if keys.is_a?(Array)
+      keys = keys.map { |x| x.to_s.downcase } if keys.is_a?(Array)
 
       value(keys)
     end
 
     def value(key)
-      extract_value(key, info)
+      extract_value(key, params)
     end
 
-    def info
+    def params
       return @content if defined?(@content)
       @content = {}
 
-      # we should abort execution, if wmi class is not given or wmi resource is
-      # executed on a non-windows system
-      return @content if @wmiclass.nil?
+      # abort if no options are available
+      return @content unless defined?(@options)
+
+      # filter for supported options
+      args = @options.select { |key, _value| [:class, :namespace, :query, :filter].include?(key) }
 
-      # optional params
-      cmd_namespace = "-namespace #{@wminamespace}" unless @wminamespace.nil?
-      cmd_filter = "-filter \"#{@wmifilter}\"" unless @wmifilter.nil?
+      # convert to Get-WmiObject arguments
+      params = ''
+      args.each { |key, value| params += " -#{key} \"#{value}\"" }
+
+      # run wmi command and filter empty wmi
+      script = <<-EOH
+      Filter Aggregate
+      {
+          $arr = @{}
+          $_.properties | % {
+              $arr.Add($_.name, $_.value)
+          }
+          $arr
+      }
+      Get-WmiObject #{params} | Aggregate | ConvertTo-Json
+      EOH
 
       # run wmi command
-      cmd = inspec.command("Get-WmiObject -class #{@wmiclass} #{cmd_namespace} #{cmd_filter} | ConvertTo-Json")
+      cmd = inspec.powershell(script)
       @content = JSON.parse(cmd.stdout)
+
+      # make all keys case-insensitive
+      @content = lowercase_keys(@content)
     rescue JSON::ParserError => _e
       @content
     end
 
     def to_s
-      "WMI #{@wmiclass} where #{@wmifilter}"
+      "WMI with #{@options}"
+    end
+
+    private
+
+    def lowercase_keys(content)
+      if content.is_a?(Hash)
+        content.keys.each do |key|
+          new_key = key.to_s.downcase
+          content[new_key] = content.delete(key)
+          lowercase_keys(content[new_key])
+        end
+      elsif content.respond_to?(:each)
+        content.each { |item| lowercase_keys(item) }
+      end
+      content
     end
   end
 end

data/lib/utils/base_cli.rb

@@ -136,13 +136,11 @@ module Inspec
     end
 
     def mark_text(text)
-      "\e[0;32m#{text}\e[0m"
+      "\e[0;36m#{text}\e[0m"
     end
 
     def headline(title)
-      puts title
-      title.each_char { print '-' }
-      puts
+      puts "\n== #{title}\n\n"
     end
 
     def li(entry)

data/test/cookbooks/os_prepare/recipes/file.rb

@@ -25,6 +25,13 @@ if node['platform_family'] != 'windows'
     content 'hello world'
   end
 
+  file '/tmp/sfile' do
+    mode '7765'
+    owner 'root'
+    group gid
+    content 'hello suid/sgid/sticky'
+  end
+
   directory '/tmp/folder' do
     mode '0567'
     owner 'root'

data/test/functional/inspec_exec_json_test.rb

@@ -80,8 +80,8 @@ describe 'inspec exec with json formatter' do
       actual = ex1.dup
 
       src = actual.delete('source_location')
-      src[0].must_match %r{examples/profile/controls/example.rb$}
-      src[1].must_equal 8
+      src['ref'].must_match %r{examples/profile/controls/example.rb$}
+      src['line'].must_equal 8
 
       result = actual.delete('results')[0]
       result.wont_be :nil?

data/test/functional/inspec_exec_test.rb

@@ -18,7 +18,7 @@ describe 'inspec exec' do
 \e[37m  ○  gordon-1.0: Verify the version number of Gordon (1 skipped)\e[0m
 \e[37m     Can't find file \"/tmp/gordon/config.yaml\"\e[0m
 "
-    stdout.must_include "\nSummary:   4 successful    0 failures    1 skipped\n"
+    stdout.must_include "\nSummary: \e[32m4 successful\e[0m, \e[31m0 failures\e[0m, \e[37m1 skipped\e[0m\n"
   end
 
   it 'executes a minimum metadata-only profile' do
@@ -32,7 +32,7 @@ Target:  local://
 
      No tests executed.\e[0m
 
-Summary:   0 successful    0 failures    0 skipped
+Summary: \e[32m0 successful\e[0m, \e[31m0 failures\e[0m, \e[37m0 skipped\e[0m
 "
   end
 
@@ -47,7 +47,7 @@ Target:  local://
 
      No tests executed.\e[0m
 
-Summary:   0 successful    0 failures    0 skipped
+Summary: \e[32m0 successful\e[0m, \e[31m0 failures\e[0m, \e[37m0 skipped\e[0m
 "
   end
 
@@ -66,7 +66,7 @@ Target:  local://
      \n     (compared using ==)
      \e[0m
 
-Summary:   1 successful    1 failures    1 skipped
+Summary: \e[32m1 successful\e[0m, \e[31m1 failures\e[0m, \e[37m1 skipped\e[0m
 "
   end
 
@@ -74,14 +74,14 @@ Summary:   1 successful    1 failures    1 skipped
     out = inspec('exec ' + example_profile + ' --controls tmp-1.0')
     out.stderr.must_equal ''
     out.exit_status.must_equal 0
-    out.stdout.must_include "\nSummary:   1 successful    0 failures    0 skipped\n"
+    out.stdout.must_include "\nSummary: \e[32m1 successful\e[0m, \e[31m0 failures\e[0m, \e[37m0 skipped\e[0m\n"
   end
 
   it 'can execute a simple file with the default formatter' do
     out = inspec('exec ' + example_control)
     out.stderr.must_equal ''
     out.exit_status.must_equal 0
-    out.stdout.must_include 'Summary:   2 successful    0 failures    0 skipped'
+    out.stdout.must_include "\nSummary: \e[32m2 successful\e[0m, \e[31m0 failures\e[0m, \e[37m0 skipped\e[0m\n"
   end
 
   describe 'with a profile that is not supported on this OS/platform' do

data/test/functional/inspec_json_profile_test.rb

@@ -67,7 +67,8 @@ describe 'inspec json' do
 
       it 'has a source location' do
         loc = File.join(example_profile, '/controls/example.rb')
-        control['source_location'].must_equal [loc, 8]
+        control['source_location']['ref'].must_equal loc
+        control['source_location']['line'].must_equal 8
       end
 
       it 'has a the source code' do

data/test/functional/inspec_test.rb

@@ -26,10 +26,11 @@ describe 'command tests' do
       out.stderr.must_equal ''
       out.exit_status.must_equal 0
       std = out.stdout
-      std.must_include 'Name:'
-      std.must_include 'Family:'
-      std.must_include 'Arch:'
-      std.must_include 'Release:'
+      std.must_include "\n== Operating System Details\n\n"
+      std.must_include "\nName:      \e[0;36m"
+      std.must_include "\nFamily:    \e[0;36m"
+      std.must_include "\nArch:      \e[0;36m"
+      std.must_include "\nRelease:   \e[0;36m"
     end
   end
 

data/test/helper.rb

@@ -243,7 +243,7 @@ class MockLoader
       # xinetd configuration
       'find /etc/xinetd.d -type f' => cmd.call('find-xinetd.d'),
       # wmi test
-      "Get-WmiObject -class win32_service  -filter \"name like '%winrm%'\" | ConvertTo-Json" => cmd.call('get-wmiobject'),
+      "4762fab9e8180997634ae70aae6d5f59e641084111fb9f5e5bf2848a583aa5f5" => cmd.call('get-wmiobject'),
       #user info on hpux
       "logins -x -l root" => cmd.call('logins-x'),
       #packages on hpux

data/test/integration/default/{compare_matcher_spec.rb → cmp_matcher_spec.rb}

@@ -100,4 +100,16 @@ if os.linux?
     it { should_not cmp < 3 }
     it { should_not cmp /something/ }
   end
+
+  describe true do
+    it { should cmp 'true' }
+    it { should cmp 'True' }
+    it { should cmp true }
+  end
+
+  describe false do
+    it { should cmp 'false' }
+    it { should cmp 'False' }
+    it { should cmp false }
+  end
 end

data/test/integration/default/file_spec.rb

@@ -61,6 +61,9 @@ if os.unix?
     it { should be_mode 00765 }
     its('mode') { should cmp 0765 }
     its('mode') { should_not cmp 0777 }
+    its('suid') { should eq false }
+    its('sgid') { should eq false }
+    its('sticky') { should eq false }
 
     it { should be_readable }
     it { should be_readable.by('owner') }
@@ -107,6 +110,12 @@ if os.unix?
     its('type') { should eq :file }
   end
 
+  describe file('/tmp/file') do
+    its('suid') { should eq true }
+    its('sgid') { should eq true }
+    its('sticky') { should eq true }
+  end
+
   describe file('/tmp/folder') do
     it { should exist }
     it { should be_directory }

data/test/integration/default/wmi_spec.rb

@@ -2,27 +2,62 @@
 
 return unless os.windows?
 
-# Get-WmiObject win32_service
-# Get-WmiObject -class win32_service
+# Get-WmiObject win32_service or Get-WmiObject -class win32_service
 # returns an array of service objects
-describe wmi('win32_service') do
-  its(['Path','ClassName']) { should include 'Win32_Service' }
+describe wmi({class: 'win32_service'}) do
   its('DisplayName') { should include 'Windows Remote Management (WS-Management)'}
 end
 
-# Use win32_service with filter
-# this returns a single service object
-describe wmi('win32_service', {
+# Use win32_service with filter, it returns a single service object
+describe wmi({
+  class: 'win32_service',
   filter: "name like '%winrm%'"
 }) do
-  its(['Path','ClassName']) { should eq 'Win32_Service' }
+  its('Status') { should cmp 'ok' }
+  its('State') { should cmp 'Running' }
+  its('ExitCode') { should cmp 0 }
   its('DisplayName') { should eq 'Windows Remote Management (WS-Management)'}
 end
 
 # TODO: this works on domain controllers only
+describe wmi({
+  class: 'RSOP_SecuritySettingNumeric',
+  namespace: 'root\\rsop\\computer',
+  filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'
+}) do
+   its('Setting') { should eq 1 }
+end
+
+# new syntax
+describe wmi({
+  namespace: 'root\rsop\computer',
+  query: "SELECT Setting FROM RSOP_SecuritySettingBoolean WHERE KeyName='LSAAnonymousNameLookup' AND Precedence=1"
+}) do
+  its('Setting') { should eq false }
+end
+
+describe wmi({
+  namespace: 'root\cimv2',
+  query: 'SELECT filesystem FROM win32_logicaldisk WHERE drivetype=3'
+}).params.values.join do
+  it { should eq 'NTFS' }
+end
+
+# deprecated syntax
+describe wmi('win32_service') do
+  its('DisplayName') { should include 'Windows Remote Management (WS-Management)'}
+end
+
 describe wmi('RSOP_SecuritySettingNumeric', {
   namespace: 'root\\rsop\\computer',
   filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'
 }) do
    its('Setting') { should eq 1 }
+   its('setting') { should eq 1 }
+end
+
+describe wmi('win32_service', {
+  filter: "name like '%winrm%'"
+}) do
+  its('DisplayName') { should eq 'Windows Remote Management (WS-Management)'}
 end

data/test/unit/mock/cmd/get-wmiobject

@@ -1,10 +1,9 @@
 {
-    "Path":  {
-                 "ClassName":  "Win32_Service"
-             },
-    "Caption":  "Windows Remote Management (WS-Management)",
-    "CreationClassName":  "Win32_Service",
     "DisplayName":  "Windows Remote Management (WS-Management)",
+    "Caption":  "Windows Remote Management (WS-Management)",
+    "DesktopInteract":  false,
     "Name":  "WinRM",
-    "PathName":  "C:\\Windows\\System32\\svchost.exe -k NetworkService"
+    "StartMode":  "Auto",
+    "ExitCode":  0,
+    "Status":  "OK"
 }

data/test/unit/mock/cmd/systemctl-show-all-sshd

@@ -4,3 +4,4 @@ Description=OpenSSH server daemon
 LoadState=loaded
 UnitFileState=enabled
 SubState=running
+ActiveState=active

data/test/unit/resources/service_test.rb

@@ -51,7 +51,7 @@ describe 'Inspec::Resources::Service' do
   # ubuntu 15.04 with systemd
   it 'verify ubuntu package parsing' do
     resource = MockLoader.new(:ubuntu1504).load_resource('service', 'sshd')
-    params = Hashie::Mash.new({ 'Description' => 'OpenSSH server daemon', 'Id' => 'sshd.service', 'LoadState' => 'loaded', 'Names' => 'sshd.service', 'SubState' => 'running', 'UnitFileState' => 'enabled' })
+    params = Hashie::Mash.new({ 'ActiveState' => 'active', 'Description' => 'OpenSSH server daemon', 'Id' => 'sshd.service', 'LoadState' => 'loaded', 'Names' => 'sshd.service', 'SubState' => 'running', 'UnitFileState' => 'enabled' })
     _(resource.type).must_equal 'systemd'
     _(resource.name).must_equal 'sshd.service'
     _(resource.description).must_equal 'OpenSSH server daemon'
@@ -64,7 +64,7 @@ describe 'Inspec::Resources::Service' do
 
   it 'verify ubuntu package parsing with default systemd_service' do
     resource = MockLoader.new(:ubuntu1504).load_resource('systemd_service', 'sshd')
-    params = Hashie::Mash.new({ 'Description' => 'OpenSSH server daemon', 'Id' => 'sshd.service', 'LoadState' => 'loaded', 'Names' => 'sshd.service', 'SubState' => 'running', 'UnitFileState' => 'enabled' })
+    params = Hashie::Mash.new({ 'ActiveState' => 'active', 'Description' => 'OpenSSH server daemon', 'Id' => 'sshd.service', 'LoadState' => 'loaded', 'Names' => 'sshd.service', 'SubState' => 'running', 'UnitFileState' => 'enabled' })
     _(resource.type).must_equal 'systemd'
     _(resource.name).must_equal 'sshd.service'
     _(resource.description).must_equal 'OpenSSH server daemon'
@@ -103,7 +103,7 @@ describe 'Inspec::Resources::Service' do
   # centos 7 with systemd
   it 'verify centos 7 package parsing' do
     resource = MockLoader.new(:centos7).load_resource('service', 'sshd')
-    params = Hashie::Mash.new({ 'Description' => 'OpenSSH server daemon', 'Id' => 'sshd.service', 'LoadState' => 'loaded', 'Names' => 'sshd.service', 'SubState' => 'running', 'UnitFileState' => 'enabled' })
+    params = Hashie::Mash.new({ 'ActiveState' => 'active', 'Description' => 'OpenSSH server daemon', 'Id' => 'sshd.service', 'LoadState' => 'loaded', 'Names' => 'sshd.service', 'SubState' => 'running', 'UnitFileState' => 'enabled' })
     _(resource.type).must_equal 'systemd'
     _(resource.name).must_equal 'sshd.service'
     _(resource.description).must_equal 'OpenSSH server daemon'
@@ -115,7 +115,7 @@ describe 'Inspec::Resources::Service' do
 
   it 'verify centos 7 package parsing with systemd_service and service_ctl override' do
     resource = MockLoader.new(:centos7).load_resource('systemd_service', 'sshd', '/path/to/systemctl')
-    params = Hashie::Mash.new({ 'Description' => 'OpenSSH server daemon', 'Id' => 'sshd.service', 'LoadState' => 'loaded', 'Names' => 'sshd.service', 'SubState' => 'running', 'UnitFileState' => 'enabled' })
+    params = Hashie::Mash.new({ 'ActiveState' => 'active', 'Description' => 'OpenSSH server daemon', 'Id' => 'sshd.service', 'LoadState' => 'loaded', 'Names' => 'sshd.service', 'UnitFileState' => 'enabled', 'SubState' => 'running' })
     _(resource.type).must_equal 'systemd'
     _(resource.name).must_equal 'sshd.service'
     _(resource.description).must_equal 'OpenSSH server daemon'
@@ -166,7 +166,7 @@ describe 'Inspec::Resources::Service' do
   # arch linux with systemd
   it 'verify arch linux package parsing' do
     resource = MockLoader.new(:arch).load_resource('service', 'sshd')
-    params = Hashie::Mash.new({ 'Description' => 'OpenSSH server daemon', 'Id' => 'sshd.service', 'LoadState' => 'loaded', 'Names' => 'sshd.service', 'SubState' => 'running', 'UnitFileState' => 'enabled' })
+    params = Hashie::Mash.new({ 'ActiveState' => 'active', 'Description' => 'OpenSSH server daemon', 'Id' => 'sshd.service', 'LoadState' => 'loaded', 'Names' => 'sshd.service', 'SubState' => 'running', 'UnitFileState' => 'enabled' })
     _(resource.type).must_equal 'systemd'
     _(resource.name).must_equal 'sshd.service'
     _(resource.description).must_equal 'OpenSSH server daemon'
@@ -192,7 +192,7 @@ describe 'Inspec::Resources::Service' do
   # debian 8 with systemd
   it 'verify debian 8 package parsing' do
     resource = MockLoader.new(:debian8).load_resource('service', 'sshd')
-    params = Hashie::Mash.new({ 'Description' => 'OpenSSH server daemon', 'Id' => 'sshd.service', 'LoadState' => 'loaded', 'Names' => 'sshd.service', 'SubState' => 'running', 'UnitFileState' => 'enabled' })
+    params = Hashie::Mash.new({ 'ActiveState' => 'active', 'Description' => 'OpenSSH server daemon', 'Id' => 'sshd.service', 'LoadState' => 'loaded', 'Names' => 'sshd.service', 'SubState' => 'running', 'UnitFileState' => 'enabled' })
     _(resource.type).must_equal 'systemd'
     _(resource.name).must_equal 'sshd.service'
     _(resource.description).must_equal 'OpenSSH server daemon'

data/test/unit/resources/wmi_test.rb

@@ -8,7 +8,8 @@ require 'inspec/resource'
 describe 'Inspec::Resources::WMI' do
 
   # Check the following as unit test
-  # describe wmi('win32_service', {
+  # describe wmi({
+  #   class: 'win32_service',
   #   filter: "name like '%winrm%'"
   # }) do
   #   its(['Path','ClassName']) { should eq 'Win32_Service' }
@@ -17,29 +18,25 @@ describe 'Inspec::Resources::WMI' do
 
   # windows
   it 'verify wmi parsing on windows' do
-    resource = MockLoader.new(:windows).load_resource('wmi', 'win32_service', { filter: "name like '%winrm%'" })
+    resource = MockLoader.new(:windows).load_resource('wmi', {class: 'win32_service', filter: "name like '%winrm%'" })
     _(resource.send('DisplayName')).must_equal 'Windows Remote Management (WS-Management)'
-    _(resource.send('method_missing', 'Path', 'ClassName')).must_equal 'Win32_Service'
   end
 
   # ubuntu 14.04 with upstart
   it 'fail wmi on ubuntu' do
-    resource = MockLoader.new(:ubuntu1404).load_resource('wmi', 'win32_service', { filter: "name like '%winrm%'" })
+    resource = MockLoader.new(:ubuntu1404).load_resource('wmi', {class: 'win32_service', filter: "name like '%winrm%'" })
     _(resource.send('DisplayName')).must_equal nil
-    _(resource.send('method_missing', 'Path', 'ClassName')).must_equal nil
   end
 
   # centos 7 with systemd
   it 'fail wmi on centos' do
-    resource = MockLoader.new(:centos7).load_resource('wmi', 'win32_service', { filter: "name like '%winrm%'" })
+    resource = MockLoader.new(:centos7).load_resource('wmi', {class: 'win32_service', filter: "name like '%winrm%'" })
     _(resource.send('DisplayName')).must_equal nil
-    _(resource.send('method_missing', 'Path', 'ClassName')).must_equal nil
   end
 
   # unknown OS
   it 'fail wmi on unknown os' do
-    resource = MockLoader.new(:undefined).load_resource('wmi', 'win32_service', { filter: "name like '%winrm%'" })
+    resource = MockLoader.new(:undefined).load_resource('wmi', {class: 'win32_service', filter: "name like '%winrm%'" })
     _(resource.send('DisplayName')).must_equal nil
-    _(resource.send('method_missing', 'Path', 'ClassName')).must_equal nil
   end
 end

metadata

@@ -1,29 +1,35 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 0.26.0
+  version: 0.27.0
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-06-16 00:00:00.000000000 Z
+date: 2016-07-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.15.1
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0.13'
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.15.1
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0.13'
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -240,10 +246,12 @@ files:
 - lib/bundles/inspec-compliance/cli.rb
 - lib/bundles/inspec-compliance/configuration.rb
 - lib/bundles/inspec-compliance/http.rb
+- lib/bundles/inspec-compliance/images/cc-token.png
 - lib/bundles/inspec-compliance/support.rb
 - lib/bundles/inspec-compliance/target.rb
 - lib/bundles/inspec-compliance/test/integration/default/cli.rb
 - lib/bundles/inspec-init.rb
+- lib/bundles/inspec-init/README.md
 - lib/bundles/inspec-init/cli.rb
 - lib/bundles/inspec-init/templates/profile/README.md
 - lib/bundles/inspec-init/templates/profile/controls/example.rb
@@ -413,7 +421,7 @@ files:
 - test/integration/default/apache_conf_spec.rb
 - test/integration/default/apt_spec.rb
 - test/integration/default/auditd_rules_spec.rb
-- test/integration/default/compare_matcher_spec.rb
+- test/integration/default/cmp_matcher_spec.rb
 - test/integration/default/csv_spec.rb
 - test/integration/default/etc_group_spec.rb
 - test/integration/default/file_spec.rb
@@ -697,7 +705,7 @@ test_files:
 - test/integration/default/apache_conf_spec.rb
 - test/integration/default/apt_spec.rb
 - test/integration/default/auditd_rules_spec.rb
-- test/integration/default/compare_matcher_spec.rb
+- test/integration/default/cmp_matcher_spec.rb
 - test/integration/default/csv_spec.rb
 - test/integration/default/etc_group_spec.rb
 - test/integration/default/file_spec.rb