inspec 0.9.6 → 0.9.7

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 2a0409ea39853cce8b89f828d6c639c48c0adfe4
4
- data.tar.gz: a424f575ac78ec70775f6d84d577330f278be8fc
3
+ metadata.gz: 521db4877e62abdfe0b3314d45f1a1510ca6afc0
4
+ data.tar.gz: 53255bfa015cb24273b887670a09eda05e10f12e
5
5
  SHA512:
6
- metadata.gz: 4be07873774b1a7b9bb11160c9078d004808aaad09be4c91841cc5af5e4a896d0d3c5f6c83d184fadd88048e26c4611ff26e688bc499149e32b91c66fca27071
7
- data.tar.gz: a11ee4ab19c53b5c7f8e3a8d30a1047655ffe62d562a8874818bb29050005e7cb917c7e7d93fd8e396535147530aae450ce24f4f31c36f5c7415c029362c9d83
6
+ metadata.gz: 7a291a8c658ef86fce86c3aedcea6518edf90a0c0314fd3503449349d3ee590b857b6248281d29d9a8ab77baea7dd84d58f1bffe17eccbc3b61fbc62ef906a62
7
+ data.tar.gz: 977dafda6c3a71f952ec1a2b043bb6a8cc84482db9a9a501509957444b00de4a676b652e329e7cdc8ff8af5914354e5758ac5ee6fbd30d66105b914bf7ff5e11
@@ -1,7 +1,32 @@
1
1
  # Change Log
2
2
 
3
- ## [0.9.6](https://github.com/chef/inspec/tree/0.9.6) (2015-12-11)
4
- [Full Changelog](https://github.com/chef/inspec/compare/v0.9.5...0.9.6)
3
+ ## [0.9.7](https://github.com/chef/inspec/tree/0.9.7) (2015-12-21)
4
+ [Full Changelog](https://github.com/chef/inspec/compare/v0.9.6...0.9.7)
5
+
6
+ **Implemented enhancements:**
7
+
8
+ - Configuration number comparisons [\#308](https://github.com/chef/inspec/issues/308)
9
+ - Allow for reading options from a file [\#284](https://github.com/chef/inspec/issues/284)
10
+ - file resource mode matcher does not display file permissions correctly on failure [\#230](https://github.com/chef/inspec/issues/230)
11
+
12
+ **Fixed bugs:**
13
+
14
+ - remove commandline defaults, they break json config [\#327](https://github.com/chef/inspec/pull/327) ([srenatus](https://github.com/srenatus))
15
+ - Fixing issue with security policy always returning nil [\#321](https://github.com/chef/inspec/pull/321) ([jeremymv2](https://github.com/jeremymv2))
16
+ - reset rspec configuration when initializing Inspec::Runner [\#320](https://github.com/chef/inspec/pull/320) ([srenatus](https://github.com/srenatus))
17
+ - EL package resource improvements: catch missing newlines & add release info [\#248](https://github.com/chef/inspec/pull/248) ([troyready](https://github.com/troyready))
18
+
19
+ **Closed issues:**
20
+
21
+ - convert logindef values to integer if possible [\#121](https://github.com/chef/inspec/issues/121)
22
+
23
+ **Merged pull requests:**
24
+
25
+ - remove format default for `inspec exec` [\#326](https://github.com/chef/inspec/pull/326) ([srenatus](https://github.com/srenatus))
26
+ - teach `cmp` matcher octal tricks [\#324](https://github.com/chef/inspec/pull/324) ([srenatus](https://github.com/srenatus))
27
+
28
+ ## [v0.9.6](https://github.com/chef/inspec/tree/v0.9.6) (2015-12-11)
29
+ [Full Changelog](https://github.com/chef/inspec/compare/v0.9.5...v0.9.6)
5
30
 
6
31
  **Implemented enhancements:**
7
32
 
@@ -33,6 +58,7 @@
33
58
 
34
59
  **Merged pull requests:**
35
60
 
61
+ - 0.9.6 [\#319](https://github.com/chef/inspec/pull/319) ([arlimus](https://github.com/arlimus))
36
62
  - Bugfix: Properly initialize script resource [\#316](https://github.com/chef/inspec/pull/316) ([chris-rock](https://github.com/chris-rock))
37
63
  - improve shell prompt and help [\#315](https://github.com/chef/inspec/pull/315) ([chris-rock](https://github.com/chris-rock))
38
64
  - port resource: array attributes, resource alternative [\#303](https://github.com/chef/inspec/pull/303) ([srenatus](https://github.com/srenatus))
data/bin/inspec CHANGED
@@ -14,31 +14,31 @@ class InspecCLI < Thor # rubocop:disable Metrics/ClassLength
14
14
  desc: 'Show diagnostics (versions, configurations)'
15
15
 
16
16
  def self.target_options
17
- option :target, aliases: :t, type: :string, default: nil,
17
+ option :target, aliases: :t, type: :string,
18
18
  desc: 'Simple targeting option using URIs, e.g. ssh://user:pass@host:port'
19
- option :backend, aliases: :b, type: :string, default: nil,
19
+ option :backend, aliases: :b, type: :string,
20
20
  desc: 'Choose a backend: local, ssh, winrm, docker.'
21
21
  option :host, type: :string,
22
22
  desc: 'Specify a remote host which is tested.'
23
23
  option :port, aliases: :p, type: :numeric,
24
24
  desc: 'Specify the login port for a remote scan.'
25
- option :user, type: :string, default: nil,
25
+ option :user, type: :string,
26
26
  desc: 'The login user for a remote scan.'
27
- option :password, type: :string, default: nil,
27
+ option :password, type: :string,
28
28
  desc: 'Login password for a remote scan, if required.'
29
- option :key_files, aliases: :i, type: :array, default: nil,
29
+ option :key_files, aliases: :i, type: :array,
30
30
  desc: 'Login key or certificate file for a remote scan.'
31
- option :path, type: :string, default: nil,
31
+ option :path, type: :string,
32
32
  desc: 'Login path to use when connecting to the target (WinRM).'
33
- option :sudo, type: :boolean, default: false,
33
+ option :sudo, type: :boolean,
34
34
  desc: 'Run scans with sudo. Only activates on Unix and non-root user.'
35
- option :sudo_password, type: :string, default: nil,
35
+ option :sudo_password, type: :string,
36
36
  desc: 'Specify a sudo password, if it is required.'
37
- option :sudo_options, type: :string, default: '',
37
+ option :sudo_options, type: :string,
38
38
  desc: 'Additional sudo options for a remote scan.'
39
- option :ssl, type: :boolean, default: false,
39
+ option :ssl, type: :boolean,
40
40
  desc: 'Use SSL for transport layer encryption (WinRM).'
41
- option :self_signed, type: :boolean, default: false,
41
+ option :self_signed, type: :boolean,
42
42
  desc: 'Allow remote scans with self-signed certificates (WinRM).'
43
43
  option :json_config, type: :string,
44
44
  desc: 'Read configuration from JSON file (`-` reads from stdin).'
@@ -81,7 +81,7 @@ class InspecCLI < Thor # rubocop:disable Metrics/ClassLength
81
81
  option :id, type: :string,
82
82
  desc: 'Attach a profile ID to all test results'
83
83
  target_options
84
- option :format, type: :string, default: 'progress'
84
+ option :format, type: :string
85
85
  def exec(*tests)
86
86
  diagnose
87
87
 
@@ -2,7 +2,7 @@
2
2
  InSpec DSL
3
3
  =====================================================
4
4
 
5
- |inspec| is a run-time framework and rule language used to specify compliance, securuty, and policy requirements. It includes a collection of resources that help you write auditing controls quickly and easily. The syntax used by both open source and |chef compliance| auditing is the same. The open source |inspec resource| framework is compatible with |chef compliance|.
5
+ |inspec| is a run-time framework and rule language used to specify compliance, security, and policy requirements. It includes a collection of resources that help you write auditing controls quickly and easily. The syntax used by both open source and |chef compliance| auditing is the same. The open source |inspec resource| framework is compatible with |chef compliance|.
6
6
 
7
7
  The InSpec DSL is a Ruby DSL for writing audit controls, which includes audit resources that you can invoke.
8
8
 
@@ -23,6 +23,9 @@ module Inspec
23
23
  @conf[:logger] ||= Logger.new(nil)
24
24
  @tests = RSpec::Core::World.new
25
25
 
26
+ # resets "pending examples" in reporter
27
+ RSpec.configuration.reset
28
+
26
29
  configure_output
27
30
  configure_transport
28
31
  end
@@ -3,5 +3,5 @@
3
3
  # author: Christoph Hartmann
4
4
 
5
5
  module Inspec
6
- VERSION = '0.9.6'
6
+ VERSION = '0.9.7'
7
7
  end
@@ -240,14 +240,21 @@ RSpec::Matchers.define :cmp do |expected|
240
240
  false
241
241
  end
242
242
 
243
+ def octal?(value)
244
+ return true if value =~ /\A0+\d+\Z/
245
+ false
246
+ end
247
+
243
248
  match do |actual|
244
249
  # if actual and expected are strings
245
- if actual.is_a?(String) && expected.is_a?(String)
250
+ if expected.is_a?(String) && actual.is_a?(String)
246
251
  actual.casecmp(expected) == 0
247
252
  elsif expected.is_a?(Integer) && integer?(actual)
248
253
  expected == actual.to_i
249
254
  elsif expected.is_a?(Float) && float?(actual)
250
255
  expected == actual.to_f
256
+ elsif octal?(expected) && actual.is_a?(Integer)
257
+ expected.to_i(8) == actual
251
258
  # fallback to equal
252
259
  else
253
260
  actual == expected
@@ -255,10 +262,12 @@ RSpec::Matchers.define :cmp do |expected|
255
262
  end
256
263
 
257
264
  failure_message do |actual|
265
+ actual = '0' + actual.to_s(8) if octal?(expected)
258
266
  "\nexpected: #{expected}\n got: #{actual}\n\n(compared using `cmp` matcher)\n"
259
267
  end
260
268
 
261
269
  failure_message_when_negated do |actual|
270
+ actual = '0' + actual.to_s(8) if octal?(expected)
262
271
  "\nexpected: value != #{expected}\n got: #{actual}\n\n(compared using `cmp` matcher)\n"
263
272
  end
264
273
  end
@@ -105,10 +105,22 @@ class Rpm < PkgManagement
105
105
  assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
106
106
  multiple_values: false,
107
107
  ).params
108
+ # On some (all?) systems, the linebreak before the vendor line is missing
109
+ if params['Version'] =~ /\s*Vendor:/
110
+ v = params['Version'].split(' ')[0]
111
+ else
112
+ v = params['Version']
113
+ end
114
+ # On some (all?) systems, the linebreak before the build line is missing
115
+ if params['Release'] =~ /\s*Build Date:/
116
+ r = params['Release'].split(' ')[0]
117
+ else
118
+ r = params['Release']
119
+ end
108
120
  {
109
121
  name: params['Name'],
110
122
  installed: true,
111
- version: params['Version'],
123
+ version: "#{v}-#{r}",
112
124
  type: 'rpm',
113
125
  }
114
126
  end
@@ -30,18 +30,22 @@ class SecurityPolicy < Inspec.resource(1)
30
30
  # load security content
31
31
  def load
32
32
  # export the security policy
33
- inspec.command('secedit /export /cfg win_secpol.cfg')
34
- # store file content
35
- command_result ||= inspec.command('type win_secpol.cfg')
36
- # delete temp file
37
- inspec.command('del win_secpol.cfg')
33
+ cmd = inspec.command('secedit /export /cfg win_secpol.cfg')
34
+ return nil if cmd.exit_status.to_i != 0
38
35
 
39
- @exit_status = command_result.exit_status.to_i
40
- @policy = command_result.stdout
36
+ # store file content
37
+ cmd = inspec.command('Get-Content win_secpol.cfg')
38
+ @exit_status = cmd.exit_status.to_i
39
+ return nil if @exit_status != 0
40
+ @policy = cmd.stdout
41
41
  @loaded = true
42
42
 
43
43
  # returns self
44
44
  self
45
+
46
+ ensure
47
+ # delete temp file
48
+ inspec.command('Remove-Item win_secpol.cfg').exit_status.to_i
45
49
  end
46
50
 
47
51
  def method_missing(method)
@@ -111,9 +111,9 @@ class MockLoader
111
111
 
112
112
  mock.commands = {
113
113
  'ps aux' => cmd.call('ps-aux'),
114
- 'type win_secpol.cfg' => cmd.call('secedit-export'),
114
+ 'Get-Content win_secpol.cfg' => cmd.call('secedit-export'),
115
115
  'secedit /export /cfg win_secpol.cfg' => cmd.call('success'),
116
- 'del win_secpol.cfg' => cmd.call('success'),
116
+ 'Remove-Item win_secpol.cfg' => cmd.call('success'),
117
117
  'env' => cmd.call('env'),
118
118
  '$Env:PATH' => cmd.call('$env-PATH'),
119
119
  # registry key test
@@ -40,6 +40,8 @@ if os.unix?
40
40
  # it { should have_mode }
41
41
  its('mode') { should eq 00765 }
42
42
  it { should be_mode 00765 }
43
+ its('mode') { should cmp '0765' }
44
+ its('mode') { should_not cmp '0777' }
43
45
 
44
46
  it { should be_readable }
45
47
  it { should be_readable.by('owner') }
@@ -0,0 +1,8 @@
1
+ # encoding: utf-8
2
+
3
+ if os.windows?
4
+ describe security_policy do
5
+ its('EnableAdminAccount') { should eq 1 }
6
+ its('EnableGuestAccount') { should eq 0 }
7
+ end
8
+ end
@@ -27,18 +27,18 @@ describe 'Inspec::Resources::Package' do
27
27
  # centos
28
28
  it 'verify centos package parsing' do
29
29
  resource = MockLoader.new(:centos7).load_resource('package', 'curl')
30
- pkg = { name: 'curl', installed: true, version: '7.29.0', type: 'rpm' }
30
+ pkg = { name: 'curl', installed: true, version: '7.29.0-19.el7', type: 'rpm' }
31
31
  _(resource.installed?).must_equal true
32
- _(resource.version).must_equal '7.29.0'
32
+ _(resource.version).must_equal '7.29.0-19.el7'
33
33
  _(resource.info).must_equal pkg
34
34
  end
35
35
 
36
36
  # wrlinux
37
37
  it 'verify wrlinux package parsing' do
38
38
  resource = MockLoader.new(:wrlinux).load_resource('package', 'curl')
39
- pkg = { name: 'curl', installed: true, version: '7.29.0', type: 'rpm' }
39
+ pkg = { name: 'curl', installed: true, version: '7.29.0-19.el7', type: 'rpm' }
40
40
  _(resource.installed?).must_equal true
41
- _(resource.version).must_equal '7.29.0'
41
+ _(resource.version).must_equal '7.29.0-19.el7'
42
42
  _(resource.info).must_equal pkg
43
43
  end
44
44
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.6
4
+ version: 0.9.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dominik Richter
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-12-11 00:00:00.000000000 Z
11
+ date: 2015-12-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: r-train
@@ -312,6 +312,7 @@ files:
312
312
  - test/integration/test/integration/default/package_spec.rb
313
313
  - test/integration/test/integration/default/port_spec.rb
314
314
  - test/integration/test/integration/default/registry_key_spec.rb
315
+ - test/integration/test/integration/default/secpol_spec.rb
315
316
  - test/integration/test/integration/default/service_spec.rb
316
317
  - test/integration/test/integration/default/user_spec.rb
317
318
  - test/integration/test/integration/default/yaml_spec.rb
@@ -504,6 +505,7 @@ test_files:
504
505
  - test/integration/test/integration/default/package_spec.rb
505
506
  - test/integration/test/integration/default/port_spec.rb
506
507
  - test/integration/test/integration/default/registry_key_spec.rb
508
+ - test/integration/test/integration/default/secpol_spec.rb
507
509
  - test/integration/test/integration/default/service_spec.rb
508
510
  - test/integration/test/integration/default/user_spec.rb
509
511
  - test/integration/test/integration/default/yaml_spec.rb