inspec 1.24.0 → 1.25.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +14 -1
- data/docs/{plugin_kitchen_inspec.html.md → plugin_kitchen_inspec.md} +0 -0
- data/docs/profiles.md +0 -3
- data/lib/bundles/inspec-compliance/api.rb +75 -20
- data/lib/bundles/inspec-compliance/cli.rb +27 -27
- data/lib/bundles/inspec-compliance/configuration.rb +4 -0
- data/lib/bundles/inspec-compliance/target.rb +5 -4
- data/lib/inspec/cli.rb +11 -5
- data/lib/inspec/method_source.rb +24 -0
- data/lib/inspec/profile.rb +4 -2
- data/lib/inspec/rule.rb +0 -9
- data/lib/inspec/version.rb +1 -1
- data/lib/resources/postgres_conf.rb +1 -1
- metadata +4 -8
- data/examples/inheritance/inspec.lock +0 -11
- data/examples/meta-profile/inspec.lock +0 -18
- data/examples/meta-profile/vendor/4d5c9187409941b96f00fb25d0888c301ede999fd63149f35ad4594d698d6535.tar.gz +0 -0
- data/examples/meta-profile/vendor/79e6b9846ab539669bbfcf5adcd246f1be484d4b55acb7c1c3dbd852203e4fae.tar.gz +0 -0
- data/examples/meta-profile/vendor/dbb5602f09f58d86f8743dfb44327207e9a23a49ef34f65614f1c1d8cc145f6b.tar.gz +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5261cd0fb515b9d1f811b7f5f64240bb621a3a45
|
4
|
+
data.tar.gz: a5db8a92f9fa823f77f3e5606228e24401143d1e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6e3be0aa353c6a58aa1be91c5c327c2eba93ce2d634919ebc60ff4252775a308b07c7190a897d82f1c3027baff643e6d558f0f8eb6d880264b8679d67fcc775f
|
7
|
+
data.tar.gz: e13a9c5266af39ba0ab44b4d64337d798b94f08a1b3b0aafd39625322bf1eeebc3e6ee917e56c1c48e0003750cb019c82b7b76b78d45bbd67cedb5333bf91c34
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,18 @@
|
|
1
1
|
# Change Log
|
2
2
|
|
3
|
+
## [v1.25.0](https://github.com/chef/inspec/tree/v1.25.0) (2017-05-17)
|
4
|
+
[Full Changelog](https://github.com/chef/inspec/compare/v1.24.0...v1.25.0)
|
5
|
+
|
6
|
+
**Implemented enhancements:**
|
7
|
+
|
8
|
+
- return version as json [\#1822](https://github.com/chef/inspec/pull/1822) ([chris-rock](https://github.com/chris-rock))
|
9
|
+
- support new automate compliance backend [\#1819](https://github.com/chef/inspec/pull/1819) ([chris-rock](https://github.com/chris-rock))
|
10
|
+
|
11
|
+
**Fixed bugs:**
|
12
|
+
|
13
|
+
- read source code if profile is in tgz/zip [\#1816](https://github.com/chef/inspec/pull/1816) ([arlimus](https://github.com/arlimus))
|
14
|
+
- Update postgresql conf resource to accept include\_dir as a string as well as an array [\#1727](https://github.com/chef/inspec/pull/1727) ([elliott-davis](https://github.com/elliott-davis))
|
15
|
+
|
3
16
|
## [v1.24.0](https://github.com/chef/inspec/tree/v1.24.0) (2017-05-11)
|
4
17
|
[Full Changelog](https://github.com/chef/inspec/compare/v1.23.0...v1.24.0)
|
5
18
|
|
@@ -13,7 +26,7 @@
|
|
13
26
|
- Add support for Windows auth in mssql\_resourcet [\#1786](https://github.com/chef/inspec/pull/1786) ([arlimus](https://github.com/arlimus))
|
14
27
|
- Allow mysql\_session to test databases on different hosts [\#1779](https://github.com/chef/inspec/pull/1779) ([aaronlippold](https://github.com/aaronlippold))
|
15
28
|
- Handle parse errors for attrs/secrets [\#1775](https://github.com/chef/inspec/pull/1775) ([adamleff](https://github.com/adamleff))
|
16
|
-
- Add an
|
29
|
+
- Add an oracledb\_session resource [\#1751](https://github.com/chef/inspec/pull/1751) ([nsdavidson](https://github.com/nsdavidson))
|
17
30
|
|
18
31
|
## [v1.23.0](https://github.com/chef/inspec/tree/v1.23.0) (2017-05-04)
|
19
32
|
[Full Changelog](https://github.com/chef/inspec/compare/v1.22.0...v1.23.0)
|
File without changes
|
data/docs/profiles.md
CHANGED
@@ -101,12 +101,9 @@ and to target all of these examples in a single `inspec.yml` file:
|
|
101
101
|
name: ssh
|
102
102
|
supports:
|
103
103
|
- os-name: debian
|
104
|
-
supports:
|
105
104
|
- os-name: ubuntu
|
106
105
|
release: 14.04
|
107
|
-
supports:
|
108
106
|
- os-family: redhat
|
109
|
-
supports:
|
110
107
|
- platform: aws
|
111
108
|
|
112
109
|
|
@@ -6,12 +6,24 @@ require 'net/http'
|
|
6
6
|
require 'uri'
|
7
7
|
|
8
8
|
module Compliance
|
9
|
+
class ServerConfigurationMissing < StandardError
|
10
|
+
end
|
11
|
+
|
9
12
|
# API Implementation does not hold any state by itself,
|
10
13
|
# everything will be stored in local Configuration store
|
11
14
|
class API # rubocop:disable Metrics/ClassLength
|
12
15
|
# return all compliance profiles available for the user
|
13
16
|
def self.profiles(config)
|
14
|
-
|
17
|
+
# Chef Compliance
|
18
|
+
if is_compliance_server?(config)
|
19
|
+
url = "#{config['server']}/user/compliance"
|
20
|
+
# Chef Automate
|
21
|
+
elsif is_automate_server?(config)
|
22
|
+
url = "#{config['server']}/profiles/#{config['user']}"
|
23
|
+
else
|
24
|
+
raise ServerConfigurationMissing
|
25
|
+
end
|
26
|
+
|
15
27
|
headers = get_headers(config)
|
16
28
|
response = Compliance::HTTP.get(url, headers, config['insecure'])
|
17
29
|
data = response.body
|
@@ -21,15 +33,21 @@ module Compliance
|
|
21
33
|
msg = 'success'
|
22
34
|
profiles = JSON.parse(data)
|
23
35
|
# iterate over profiles
|
24
|
-
if config
|
25
|
-
mapped_profiles = profiles.values.to_a.flatten
|
26
|
-
else
|
36
|
+
if is_compliance_server?(config)
|
27
37
|
mapped_profiles = []
|
28
38
|
profiles.values.each { |org|
|
29
39
|
mapped_profiles += org.values
|
30
40
|
}
|
41
|
+
# Chef Automate pre 0.8.0
|
42
|
+
elsif is_automate_server_pre_080?(config)
|
43
|
+
mapped_profiles = profiles.values.flatten
|
44
|
+
else
|
45
|
+
owner_id = config['user']
|
46
|
+
mapped_profiles = profiles.map { |e|
|
47
|
+
e['owner_id'] = owner_id
|
48
|
+
e
|
49
|
+
}
|
31
50
|
end
|
32
|
-
|
33
51
|
return msg, mapped_profiles
|
34
52
|
when '401'
|
35
53
|
msg = '401 Unauthorized. Please check your token.'
|
@@ -43,16 +61,17 @@ module Compliance
|
|
43
61
|
# return the server api version
|
44
62
|
# NB this method does not use Compliance::Configuration to allow for using
|
45
63
|
# it before we know the version (e.g. oidc or not)
|
46
|
-
def self.version(
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
64
|
+
def self.version(config)
|
65
|
+
url = config['server']
|
66
|
+
insecure = config['insecure']
|
67
|
+
|
68
|
+
raise ServerConfigurationMissing if url.nil?
|
69
|
+
|
70
|
+
headers = get_headers(config)
|
71
|
+
response = Compliance::HTTP.get(url+'/version', headers, insecure)
|
72
|
+
return {} if response.code == '404'
|
73
|
+
data = response.body
|
74
|
+
|
56
75
|
if !data.nil?
|
57
76
|
JSON.parse(data)
|
58
77
|
else
|
@@ -72,8 +91,17 @@ Please login using `inspec compliance login https://compliance.test --user admin
|
|
72
91
|
end
|
73
92
|
|
74
93
|
def self.upload(config, owner, profile_name, archive_path)
|
75
|
-
#
|
76
|
-
|
94
|
+
# Chef Compliance
|
95
|
+
if is_compliance_server?(config)
|
96
|
+
url = "#{config['server']}/owners/#{owner}/compliance/#{profile_name}/tar"
|
97
|
+
# Chef Automate pre 0.8.0
|
98
|
+
elsif is_automate_server_pre_080?(config)
|
99
|
+
url = "#{config['server']}/#{config['user']}"
|
100
|
+
# Chef Automate
|
101
|
+
else
|
102
|
+
url = "#{config['server']}/profiles/#{config['user']}"
|
103
|
+
end
|
104
|
+
|
77
105
|
headers = get_headers(config)
|
78
106
|
res = Compliance::HTTP.post_file(url, headers, archive_path, config['insecure'])
|
79
107
|
[res.is_a?(Net::HTTPSuccess), res.body]
|
@@ -129,7 +157,7 @@ Please login using `inspec compliance login https://compliance.test --user admin
|
|
129
157
|
|
130
158
|
def self.get_headers(config)
|
131
159
|
token = get_token(config)
|
132
|
-
if config
|
160
|
+
if is_automate_server?(config)
|
133
161
|
headers = { 'chef-delivery-enterprise' => config['automate']['ent'] }
|
134
162
|
if config['automate']['token_type'] == 'dctoken'
|
135
163
|
headers['x-data-collector-token'] = token
|
@@ -150,13 +178,40 @@ Please login using `inspec compliance login https://compliance.test --user admin
|
|
150
178
|
end
|
151
179
|
|
152
180
|
def self.target_url(config, profile)
|
153
|
-
if config
|
154
|
-
|
181
|
+
if is_automate_server?(config)
|
182
|
+
owner, id = profile.split('/')
|
183
|
+
target = "#{config['server']}/profiles/#{owner}/#{id}/tar"
|
155
184
|
else
|
156
185
|
owner, id = profile.split('/')
|
157
186
|
target = "#{config['server']}/owners/#{owner}/compliance/#{id}/tar"
|
158
187
|
end
|
159
188
|
target
|
160
189
|
end
|
190
|
+
|
191
|
+
# returns a parsed url for `admin/profile` or `compliance://admin/profile`
|
192
|
+
def self.sanitize_profile_name(profile)
|
193
|
+
if URI(profile).scheme == 'compliance'
|
194
|
+
uri = URI(profile)
|
195
|
+
else
|
196
|
+
uri = URI("compliance://#{profile}")
|
197
|
+
end
|
198
|
+
uri.to_s.sub(%r{^compliance:\/\/}, '')
|
199
|
+
end
|
200
|
+
|
201
|
+
def self.is_compliance_server?(config)
|
202
|
+
config['server_type'] == 'compliance'
|
203
|
+
end
|
204
|
+
|
205
|
+
def self.is_automate_server_pre_080?(config)
|
206
|
+
config['server_type'] == 'automate' && config['version'].empty?
|
207
|
+
end
|
208
|
+
|
209
|
+
def self.is_automate_server_080_and_later?(config)
|
210
|
+
config['server_type'] == 'automate' && !config['version'].empty?
|
211
|
+
end
|
212
|
+
|
213
|
+
def self.is_automate_server?(config)
|
214
|
+
config['server_type'] == 'automate'
|
215
|
+
end
|
161
216
|
end
|
162
217
|
end
|
@@ -77,7 +77,7 @@ module Compliance
|
|
77
77
|
desc: 'Explicitly allows InSpec to perform "insecure" SSL connections and transfers'
|
78
78
|
def login_automate(server) # rubocop:disable Metrics/AbcSize
|
79
79
|
options['server'] = server
|
80
|
-
url = options['server'] + '/compliance
|
80
|
+
url = options['server'] + '/compliance'
|
81
81
|
|
82
82
|
if url && !options['user'].nil? && !options['ent'].nil? && (!options['dctoken'].nil? || !options['usertoken'].nil?)
|
83
83
|
msg = login_automate_config(url, options['user'], options['dctoken'], options['usertoken'], options['ent'], options['insecure'])
|
@@ -110,6 +110,9 @@ module Compliance
|
|
110
110
|
puts msg, 'Could not find any profiles'
|
111
111
|
exit 1
|
112
112
|
end
|
113
|
+
rescue Compliance::ServerConfigurationMissing
|
114
|
+
puts "\nServer configuration information is missing. Please login using `inspec compliance login`"
|
115
|
+
exit 1
|
113
116
|
end
|
114
117
|
|
115
118
|
desc 'exec PROFILE', 'executes a Chef Compliance profile'
|
@@ -118,7 +121,7 @@ module Compliance
|
|
118
121
|
config = Compliance::Configuration.new
|
119
122
|
return if !loggedin(config)
|
120
123
|
# iterate over tests and add compliance scheme
|
121
|
-
tests = tests.map { |t| 'compliance://' + sanitize_profile_name(t) }
|
124
|
+
tests = tests.map { |t| 'compliance://' + Compliance::API.sanitize_profile_name(t) }
|
122
125
|
# execute profile from inspec exec implementation
|
123
126
|
diagnose
|
124
127
|
run_tests(tests, opts)
|
@@ -134,7 +137,7 @@ module Compliance
|
|
134
137
|
config = Compliance::Configuration.new
|
135
138
|
return if !loggedin(config)
|
136
139
|
|
137
|
-
profile_name = sanitize_profile_name(profile_name)
|
140
|
+
profile_name = Compliance::API.sanitize_profile_name(profile_name)
|
138
141
|
if Compliance::API.exist?(config, profile_name)
|
139
142
|
puts "Downloading `#{profile_name}`"
|
140
143
|
|
@@ -221,7 +224,7 @@ module Compliance
|
|
221
224
|
puts "Start upload to #{owner}/#{profile_name}"
|
222
225
|
pname = ERB::Util.url_encode(profile_name)
|
223
226
|
|
224
|
-
config
|
227
|
+
Compliance::API.is_automate_server?(config) ? upload_msg = 'Uploading to Chef Automate' : upload_msg = 'Uploading to Chef Compliance'
|
225
228
|
puts upload_msg
|
226
229
|
success, msg = Compliance::API.upload(config, owner, pname, archive_path)
|
227
230
|
|
@@ -237,17 +240,17 @@ module Compliance
|
|
237
240
|
desc 'version', 'displays the version of the Chef Compliance server'
|
238
241
|
def version
|
239
242
|
config = Compliance::Configuration.new
|
240
|
-
|
241
|
-
|
243
|
+
info = Compliance::API.version(config)
|
244
|
+
if !info.nil? && info['version']
|
245
|
+
puts "Name: #{info['api']}"
|
246
|
+
puts "Version: #{info['version']}"
|
242
247
|
else
|
243
|
-
|
244
|
-
|
245
|
-
puts "Chef Compliance version: #{info['version']}"
|
246
|
-
else
|
247
|
-
puts 'Could not determine server version.'
|
248
|
-
exit 1
|
249
|
-
end
|
248
|
+
puts 'Could not determine server version.'
|
249
|
+
exit 1
|
250
250
|
end
|
251
|
+
rescue Compliance::ServerConfigurationMissing
|
252
|
+
puts "\nServer configuration information is missing. Please login using `inspec compliance login`"
|
253
|
+
exit 1
|
251
254
|
end
|
252
255
|
|
253
256
|
desc 'logout', 'user logout from Chef Compliance'
|
@@ -269,18 +272,9 @@ module Compliance
|
|
269
272
|
|
270
273
|
private
|
271
274
|
|
272
|
-
# returns a parsed url for `admin/profile` or `compliance://admin/profile`
|
273
|
-
def sanitize_profile_name(profile)
|
274
|
-
if URI(profile).scheme == 'compliance'
|
275
|
-
uri = URI(profile)
|
276
|
-
else
|
277
|
-
uri = URI("compliance://#{profile}")
|
278
|
-
end
|
279
|
-
uri.host + uri.path
|
280
|
-
end
|
281
|
-
|
282
275
|
def login_automate_config(url, user, dctoken, usertoken, ent, insecure) # rubocop:disable Metrics/ParameterLists
|
283
276
|
config = Compliance::Configuration.new
|
277
|
+
config.clean
|
284
278
|
config['user'] = user
|
285
279
|
config['server'] = url
|
286
280
|
config['automate'] = {}
|
@@ -298,8 +292,8 @@ module Compliance
|
|
298
292
|
token_type = 'usertoken'
|
299
293
|
token_msg = 'automate user token'
|
300
294
|
end
|
301
|
-
|
302
295
|
config['automate']['token_type'] = token_type
|
296
|
+
config['version'] = Compliance::API.version(config)
|
303
297
|
config.store
|
304
298
|
msg = "Stored configuration for Chef Automate: '#{url}' with user: '#{user}', ent: '#{ent}' and your #{token_msg}"
|
305
299
|
msg
|
@@ -309,10 +303,11 @@ module Compliance
|
|
309
303
|
success, msg, _access_token = Compliance::API.get_token_via_refresh_token(url, options['refresh_token'], options['insecure'])
|
310
304
|
if success
|
311
305
|
config = Compliance::Configuration.new
|
306
|
+
config.clean
|
312
307
|
config['server'] = url
|
313
308
|
config['insecure'] = options['insecure']
|
314
|
-
config['version'] = Compliance::API.version(url, options['insecure'])
|
315
309
|
config['server_type'] = 'compliance'
|
310
|
+
config['version'] = Compliance::API.version(config)
|
316
311
|
config.store
|
317
312
|
end
|
318
313
|
|
@@ -321,14 +316,15 @@ module Compliance
|
|
321
316
|
|
322
317
|
def login_username_password(url, username, password, insecure)
|
323
318
|
config = Compliance::Configuration.new
|
319
|
+
config.clean
|
324
320
|
success, msg, api_token = Compliance::API.get_token_via_password(url, username, password, insecure)
|
325
321
|
if success
|
326
322
|
config['server'] = url
|
327
323
|
config['user'] = username
|
328
324
|
config['token'] = api_token
|
329
325
|
config['insecure'] = insecure
|
330
|
-
config['version'] = Compliance::API.version(url, insecure)
|
331
326
|
config['server_type'] = 'compliance'
|
327
|
+
config['version'] = Compliance::API.version(config)
|
332
328
|
config.store
|
333
329
|
success = true
|
334
330
|
end
|
@@ -338,11 +334,13 @@ module Compliance
|
|
338
334
|
# saves a user access token (limited time)
|
339
335
|
def store_access_token(url, user, token, insecure)
|
340
336
|
config = Compliance::Configuration.new
|
337
|
+
config.clean
|
341
338
|
config['server'] = url
|
342
339
|
config['insecure'] = insecure
|
343
340
|
config['user'] = user
|
344
341
|
config['token'] = token
|
345
|
-
config['
|
342
|
+
config['server_type'] = 'compliance'
|
343
|
+
config['version'] = Compliance::API.version(config)
|
346
344
|
config.store
|
347
345
|
|
348
346
|
[true, 'API access token stored']
|
@@ -351,10 +349,12 @@ module Compliance
|
|
351
349
|
# saves a refresh token supplied by the user
|
352
350
|
def store_refresh_token(url, refresh_token, verify, user, insecure)
|
353
351
|
config = Compliance::Configuration.new
|
352
|
+
config.clean
|
354
353
|
config['server'] = url
|
355
354
|
config['refresh_token'] = refresh_token
|
356
355
|
config['user'] = user
|
357
356
|
config['insecure'] = insecure
|
357
|
+
config['server_type'] = 'compliance'
|
358
358
|
config['version'] = Compliance::API.version(url, insecure)
|
359
359
|
|
360
360
|
if !verify
|
@@ -13,7 +13,7 @@ module Compliance
|
|
13
13
|
class Fetcher < Fetchers::Url
|
14
14
|
name 'compliance'
|
15
15
|
priority 500
|
16
|
-
def self.resolve(target) # rubocop:disable PerceivedComplexity, Metrics/CyclomaticComplexity
|
16
|
+
def self.resolve(target) # rubocop:disable PerceivedComplexity, Metrics/CyclomaticComplexity
|
17
17
|
uri = if target.is_a?(String) && URI(target).scheme == 'compliance'
|
18
18
|
URI(target)
|
19
19
|
elsif target.respond_to?(:key?) && target.key?(:compliance)
|
@@ -49,7 +49,7 @@ EOF
|
|
49
49
|
end
|
50
50
|
|
51
51
|
# verifies that the target e.g base/ssh exists
|
52
|
-
profile =
|
52
|
+
profile = Compliance::API.sanitize_profile_name(uri)
|
53
53
|
if !Compliance::API.exist?(config, profile)
|
54
54
|
raise Inspec::FetcherFailure, "The compliance profile #{profile} was not found on the configured compliance server"
|
55
55
|
end
|
@@ -57,7 +57,6 @@ EOF
|
|
57
57
|
end
|
58
58
|
# We need to pass the token to the fetcher
|
59
59
|
config['token'] = Compliance::API.get_token(config)
|
60
|
-
|
61
60
|
new(profile_fetch_url, config)
|
62
61
|
rescue URI::Error => _e
|
63
62
|
nil
|
@@ -81,8 +80,10 @@ EOF
|
|
81
80
|
|
82
81
|
# determine the owner_id and the profile name from the url
|
83
82
|
def compliance_profile_name
|
84
|
-
m = if @config
|
83
|
+
m = if Compliance::API.is_automate_server_pre_080(@config)
|
85
84
|
%r{^#{@config['server']}/(?<owner>[^/]+)/(?<id>[^/]+)/tar$}
|
85
|
+
elsif Compliance::API.is_automate_server_080_and_later
|
86
|
+
%r{^#{@config['server']}/profiles/(?<owner>[^/]+)/(?<id>[^/]+)/tar$}
|
86
87
|
else
|
87
88
|
%r{^#{@config['server']}/owners/(?<owner>[^/]+)/compliance/(?<id>[^/]+)/tar$}
|
88
89
|
end.match(@target)
|
data/lib/inspec/cli.rb
CHANGED
@@ -238,12 +238,18 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
|
|
238
238
|
end
|
239
239
|
|
240
240
|
desc 'version', 'prints the version of this tool'
|
241
|
+
option :format, type: :string
|
241
242
|
def version
|
242
|
-
|
243
|
-
|
244
|
-
|
245
|
-
|
246
|
-
puts
|
243
|
+
if opts['format'] == 'json'
|
244
|
+
v = { version: Inspec::VERSION }
|
245
|
+
puts v.to_json
|
246
|
+
else
|
247
|
+
puts Inspec::VERSION
|
248
|
+
# display outdated version
|
249
|
+
latest = LatestInSpecVersion.new.latest
|
250
|
+
if Gem::Version.new(Inspec::VERSION) < Gem::Version.new(latest)
|
251
|
+
puts "\nYour version of InSpec is out of date! The latest version is #{latest}."
|
252
|
+
end
|
247
253
|
end
|
248
254
|
end
|
249
255
|
map %w{-v --version} => :version
|
@@ -0,0 +1,24 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
# author: Dominik Richter
|
3
|
+
# author: Christoph Hartmann
|
4
|
+
|
5
|
+
module Inspec
|
6
|
+
module MethodSource
|
7
|
+
def self.code_at(location, source_reader)
|
8
|
+
# TODO: logger for these cases
|
9
|
+
return '' if location.nil? || location[:ref].nil? || location[:line].nil?
|
10
|
+
return '' unless source_reader && source_reader.target
|
11
|
+
|
12
|
+
# TODO: Non-controls still need more detection
|
13
|
+
ref = location[:ref]
|
14
|
+
ref = ref.sub(source_reader.target.prefix, '')
|
15
|
+
src = source_reader.tests[ref]
|
16
|
+
return '' if src.nil?
|
17
|
+
|
18
|
+
::MethodSource.expression_at(src.lines, location[:line]).force_encoding('utf-8')
|
19
|
+
rescue SyntaxError => e
|
20
|
+
raise ::MethodSource::SourceNotFoundError,
|
21
|
+
"Could not parse source at #{location[:ref]}:#{location[:line]}: #{e.message}"
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
data/lib/inspec/profile.rb
CHANGED
@@ -15,6 +15,7 @@ require 'inspec/rule'
|
|
15
15
|
require 'inspec/log'
|
16
16
|
require 'inspec/profile_context'
|
17
17
|
require 'inspec/runtime_profile'
|
18
|
+
require 'inspec/method_source'
|
18
19
|
require 'inspec/dependencies/cache'
|
19
20
|
require 'inspec/dependencies/lockfile'
|
20
21
|
require 'inspec/dependencies/dependency_set'
|
@@ -471,6 +472,7 @@ module Inspec
|
|
471
472
|
|
472
473
|
def load_rule(rule, file, controls, groups)
|
473
474
|
id = Inspec::Rule.rule_id(rule)
|
475
|
+
location = rule.instance_variable_get(:@__source_location)
|
474
476
|
controls[id] = {
|
475
477
|
title: rule.title,
|
476
478
|
desc: rule.desc,
|
@@ -478,8 +480,8 @@ module Inspec
|
|
478
480
|
refs: rule.ref,
|
479
481
|
tags: rule.tag,
|
480
482
|
checks: Inspec::Rule.checks(rule),
|
481
|
-
code:
|
482
|
-
source_location:
|
483
|
+
code: Inspec::MethodSource.code_at(location, source_reader),
|
484
|
+
source_location: location,
|
483
485
|
}
|
484
486
|
|
485
487
|
groups[file] ||= {
|
data/lib/inspec/rule.rb
CHANGED
@@ -39,7 +39,6 @@ module Inspec
|
|
39
39
|
|
40
40
|
# not changeable by the user:
|
41
41
|
@__block = block
|
42
|
-
@__code = __get_block_source(&block)
|
43
42
|
@__source_location = __get_block_source_location(&block)
|
44
43
|
@__rule_id = id
|
45
44
|
@__profile_id = profile_id
|
@@ -249,14 +248,6 @@ module Inspec
|
|
249
248
|
text.gsub(/^[[:blank:]]{#{len}}/, '').strip
|
250
249
|
end
|
251
250
|
|
252
|
-
# get the rule's source code
|
253
|
-
def __get_block_source(&block)
|
254
|
-
return '' unless block_given?
|
255
|
-
block.source.to_s
|
256
|
-
rescue MethodSource::SourceNotFoundError
|
257
|
-
''
|
258
|
-
end
|
259
|
-
|
260
251
|
# get the source location of the block
|
261
252
|
def __get_block_source_location(&block)
|
262
253
|
return {} unless block_given?
|
data/lib/inspec/version.rb
CHANGED
@@ -93,7 +93,7 @@ module Inspec::Resources
|
|
93
93
|
def include_files(params)
|
94
94
|
include_files = params['include'] || []
|
95
95
|
include_files += params['include_if_exists'] || []
|
96
|
-
dirs = params['include_dir'] || []
|
96
|
+
dirs = Array(params['include_dir']) || []
|
97
97
|
dirs.each do |dir|
|
98
98
|
dir = File.join(@conf_dir, dir) if dir[0] != '/'
|
99
99
|
include_files += find_files(dir, depth: 1, type: 'file')
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.25.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dominik Richter
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-05-
|
11
|
+
date: 2017-05-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: train
|
@@ -289,7 +289,7 @@ files:
|
|
289
289
|
- docs/inspec_and_friends.md
|
290
290
|
- docs/matchers.md
|
291
291
|
- docs/migration.md
|
292
|
-
- docs/plugin_kitchen_inspec.
|
292
|
+
- docs/plugin_kitchen_inspec.md
|
293
293
|
- docs/profiles.md
|
294
294
|
- docs/resources.md
|
295
295
|
- docs/resources/apache_conf.md.erb
|
@@ -383,7 +383,6 @@ files:
|
|
383
383
|
- examples/README.md
|
384
384
|
- examples/inheritance/README.md
|
385
385
|
- examples/inheritance/controls/example.rb
|
386
|
-
- examples/inheritance/inspec.lock
|
387
386
|
- examples/inheritance/inspec.yml
|
388
387
|
- examples/kitchen-ansible/.kitchen.yml
|
389
388
|
- examples/kitchen-ansible/Gemfile
|
@@ -409,11 +408,7 @@ files:
|
|
409
408
|
- examples/kitchen-puppet/test/integration/default/web_spec.rb
|
410
409
|
- examples/meta-profile/README.md
|
411
410
|
- examples/meta-profile/controls/example.rb
|
412
|
-
- examples/meta-profile/inspec.lock
|
413
411
|
- examples/meta-profile/inspec.yml
|
414
|
-
- examples/meta-profile/vendor/4d5c9187409941b96f00fb25d0888c301ede999fd63149f35ad4594d698d6535.tar.gz
|
415
|
-
- examples/meta-profile/vendor/79e6b9846ab539669bbfcf5adcd246f1be484d4b55acb7c1c3dbd852203e4fae.tar.gz
|
416
|
-
- examples/meta-profile/vendor/dbb5602f09f58d86f8743dfb44327207e9a23a49ef34f65614f1c1d8cc145f6b.tar.gz
|
417
412
|
- examples/profile-attribute.yml
|
418
413
|
- examples/profile-attribute/README.md
|
419
414
|
- examples/profile-attribute/controls/example.rb
|
@@ -489,6 +484,7 @@ files:
|
|
489
484
|
- lib/inspec/library_eval_context.rb
|
490
485
|
- lib/inspec/log.rb
|
491
486
|
- lib/inspec/metadata.rb
|
487
|
+
- lib/inspec/method_source.rb
|
492
488
|
- lib/inspec/objects.rb
|
493
489
|
- lib/inspec/objects/attribute.rb
|
494
490
|
- lib/inspec/objects/control.rb
|
@@ -1,11 +0,0 @@
|
|
1
|
-
---
|
2
|
-
lockfile_version: 1
|
3
|
-
depends:
|
4
|
-
- name: profile
|
5
|
-
resolved_source:
|
6
|
-
path: "/Users/aleff/projects/inspec/examples/profile"
|
7
|
-
version_constraints: ">= 0"
|
8
|
-
- name: profile-attribute
|
9
|
-
resolved_source:
|
10
|
-
path: "/Users/aleff/projects/inspec/examples/profile-attribute"
|
11
|
-
version_constraints: ">= 0"
|
@@ -1,18 +0,0 @@
|
|
1
|
-
---
|
2
|
-
lockfile_version: 1
|
3
|
-
depends:
|
4
|
-
- name: dev-sec/ssh-baseline
|
5
|
-
resolved_source:
|
6
|
-
url: https://github.com/dev-sec/ssh-baseline/archive/master.tar.gz
|
7
|
-
sha256: 79e6b9846ab539669bbfcf5adcd246f1be484d4b55acb7c1c3dbd852203e4fae
|
8
|
-
version_constraints: ">= 0"
|
9
|
-
- name: ssl-benchmark
|
10
|
-
resolved_source:
|
11
|
-
url: https://github.com/dev-sec/ssl-benchmark/archive/master.tar.gz
|
12
|
-
sha256: 4d5c9187409941b96f00fb25d0888c301ede999fd63149f35ad4594d698d6535
|
13
|
-
version_constraints: ">= 0"
|
14
|
-
- name: windows-patch-benchmark
|
15
|
-
resolved_source:
|
16
|
-
url: https://github.com/chris-rock/windows-patch-benchmark/archive/master.tar.gz
|
17
|
-
sha256: dbb5602f09f58d86f8743dfb44327207e9a23a49ef34f65614f1c1d8cc145f6b
|
18
|
-
version_constraints: ">= 0"
|
Binary file
|
Binary file
|