inspec 1.49.2 → 1.50.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: ff56bd489f8c7496d62120343dd41c16364bef74
4
- data.tar.gz: c2fc41784be9b7695628bea807ba737ea1f0deb4
3
+ metadata.gz: 3e1a10fa109bd6acf6791160ec84a2b00541332f
4
+ data.tar.gz: 0ca5fa62d228cc13b973f272fd9ac55635cafba7
5
5
  SHA512:
6
- metadata.gz: fc9b5edf8c20fa3b937a7215cb6aee10a3622de37d4bbfa9752666f92cbf355300b953840ee5a032be8ae3fd4a338cd0e6345be2156fab4b5d3dd008ef5193d0
7
- data.tar.gz: 250b01f2dc31fd57a9321758e8ef6b4ffc47ddd025c1b0db157a842ff3ebe04467fe7e9e8f90ccf16afc3b7fbff767bab3a89d799dc4d5959000bfd76f48115e
6
+ metadata.gz: 47dec2f9f7653e27b31489524ccb93ab364a8683f66ce00e7eec849a0fcc1cc0b5cbf773cb673e6ac4a532c0c3ccabffa5446c9feb50674f4cd130e46d5ccfb6
7
+ data.tar.gz: 385cbd5d676ef7f3bfb5905a23da6a2359abbdf5fc025e77ebb885bb20dde32172573df4b51176919edba5425bab9c95b6b8b02188b3941dc77f9f05940b2338
@@ -1,39 +1,58 @@
1
1
  # Change Log
2
2
  <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
3
- <!-- latest_release 1.49.2 -->
4
- ## [v1.49.2](https://github.com/chef/inspec/tree/v1.49.2) (2018-01-04)
3
+ <!-- latest_release unreleased -->
4
+ ## Unreleased
5
5
 
6
- #### Enhancements
7
- - load local dependencies in inspec shell [#2438](https://github.com/chef/inspec/pull/2438) ([arlimus](https://github.com/arlimus))
6
+ #### Merged Pull Requests
7
+ - Bump version manually to trigger Habitat build [#2466](https://github.com/chef/inspec/pull/2466) ([adamleff](https://github.com/adamleff))
8
8
  <!-- latest_release -->
9
9
 
10
- <!-- release_rollup since=1.48.0 -->
11
- ### Changes since 1.48.0 release
12
-
13
- #### Enhancements
14
- - load local dependencies in inspec shell [#2438](https://github.com/chef/inspec/pull/2438) ([arlimus](https://github.com/arlimus)) <!-- 1.49.2 -->
15
- - Deprecate and warn when comparing against OS name with capitals/spaces [#2397](https://github.com/chef/inspec/pull/2397) ([jquick](https://github.com/jquick)) <!-- 1.49.1 -->
16
- - Add platform resource and platform supports [#2393](https://github.com/chef/inspec/pull/2393) ([jquick](https://github.com/jquick)) <!-- 1.48.12 -->
17
- - file resource: adds `Synchronize` permission to windows ACL checks [#2399](https://github.com/chef/inspec/pull/2399) ([TheLonelyGhost](https://github.com/TheLonelyGhost)) <!-- 1.48.6 -->
18
- - bond resource: Add bonding mode matcher [#2414](https://github.com/chef/inspec/pull/2414) ([ehanlon](https://github.com/ehanlon)) <!-- 1.48.8 -->
10
+ <!-- release_rollup since=1.49.2 -->
11
+ ### Changes since 1.49.2 release
19
12
 
20
13
  #### Bug Fixes
21
- - Modify `inspec json` to use `check_mode` [#2435](https://github.com/chef/inspec/pull/2435) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.48.14 -->
22
- - dependency chaining in libraries [#2428](https://github.com/chef/inspec/pull/2428) ([arlimus](https://github.com/arlimus)) <!-- 1.48.13 -->
23
- - Update apache_conf regular expression to exclude whitespace. [#2416](https://github.com/chef/inspec/pull/2416) ([miah](https://github.com/miah)) <!-- 1.48.9 -->
24
- - Add support for Darwin Directory Service groups [#2403](https://github.com/chef/inspec/pull/2403) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.48.4 -->
25
- - Fix Docker build in the Expeditor pipeline [#2432](https://github.com/chef/inspec/pull/2432) ([adamleff](https://github.com/adamleff)) <!-- 1.48.11 -->
26
- - Fix `x509_certificate` integration tests [#2431](https://github.com/chef/inspec/pull/2431) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.48.10 -->
27
- - Fix OWCA detection for `compliance login` [#2401](https://github.com/chef/inspec/pull/2401) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.48.7 -->
28
- - default attributes for nil and false [#2410](https://github.com/chef/inspec/pull/2410) ([arlimus](https://github.com/arlimus)) <!-- 1.48.5 -->
29
- - package resource: Enhance resource error handling [#2388](https://github.com/chef/inspec/pull/2388) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.48.3 -->
14
+ - http resource: make header keys case insensitive [#2457](https://github.com/chef/inspec/pull/2457) ([adamleff](https://github.com/adamleff)) <!-- 1.49.10 -->
15
+ - package resource: fix NilClass errors on arch linux [#2437](https://github.com/chef/inspec/pull/2437) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.49.8 -->
16
+ - firewalld resource: prepend rule string only when necessary [#2430](https://github.com/chef/inspec/pull/2430) ([tarcinil](https://github.com/tarcinil)) <!-- 1.49.6 -->
17
+
18
+ #### Enhancements
19
+ - xml resource: support fetching attributes [#2423](https://github.com/chef/inspec/pull/2423) ([tarcinil](https://github.com/tarcinil)) <!-- 1.49.7 -->
20
+ - mssql_session resource: add port parameter [#2429](https://github.com/chef/inspec/pull/2429) ([tarcinil](https://github.com/tarcinil)) <!-- 1.49.5 -->
30
21
 
31
22
  #### Merged Pull Requests
32
- - Bump minor version and cleanup changelog for release [#2440](https://github.com/chef/inspec/pull/2440) ([adamleff](https://github.com/adamleff)) <!-- 1.49.0 -->
33
- - Split unit tests from functional [#2391](https://github.com/chef/inspec/pull/2391) ([adamleff](https://github.com/adamleff)) <!-- 1.48.2 -->
23
+ - Bump version manually to trigger Habitat build [#2466](https://github.com/chef/inspec/pull/2466) ([adamleff](https://github.com/adamleff)) <!-- 1.50.1 -->
24
+ - Bump minor version [#2465](https://github.com/chef/inspec/pull/2465) ([adamleff](https://github.com/adamleff)) <!-- 1.50.0 -->
25
+ - Bump Omnibus Ruby (and Travis Rubies) to 2.4.3 [#2452](https://github.com/chef/inspec/pull/2452) ([adamleff](https://github.com/adamleff)) <!-- 1.49.9 -->
26
+ - Update the inspec support check to warn to stderr. [#2446](https://github.com/chef/inspec/pull/2446) ([jquick](https://github.com/jquick)) <!-- 1.49.4 -->
27
+ - Fix package manager detection on Arch Linux [#2436](https://github.com/chef/inspec/pull/2436) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.49.3 -->
34
28
  <!-- release_rollup -->
35
29
 
36
30
  <!-- latest_stable_release -->
31
+ ## [v1.49.2](https://github.com/chef/inspec/tree/v1.49.2) (2018-01-04)
32
+
33
+ #### Enhancements
34
+ - bond resource: Add bonding mode matcher [#2414](https://github.com/chef/inspec/pull/2414) ([ehanlon](https://github.com/ehanlon))
35
+ - file resource: adds `Synchronize` permission to windows ACL checks [#2399](https://github.com/chef/inspec/pull/2399) ([TheLonelyGhost](https://github.com/TheLonelyGhost))
36
+ - Add platform resource and platform supports [#2393](https://github.com/chef/inspec/pull/2393) ([jquick](https://github.com/jquick))
37
+ - Deprecate and warn when comparing against OS name with capitals/spaces [#2397](https://github.com/chef/inspec/pull/2397) ([jquick](https://github.com/jquick))
38
+ - load local dependencies in inspec shell [#2438](https://github.com/chef/inspec/pull/2438) ([arlimus](https://github.com/arlimus))
39
+
40
+ #### Bug Fixes
41
+ - package resource: Enhance resource error handling [#2388](https://github.com/chef/inspec/pull/2388) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
42
+ - default attributes for nil and false [#2410](https://github.com/chef/inspec/pull/2410) ([arlimus](https://github.com/arlimus))
43
+ - Fix OWCA detection for `compliance login` [#2401](https://github.com/chef/inspec/pull/2401) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
44
+ - Fix `x509_certificate` integration tests [#2431](https://github.com/chef/inspec/pull/2431) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
45
+ - Fix Docker build in the Expeditor pipeline [#2432](https://github.com/chef/inspec/pull/2432) ([adamleff](https://github.com/adamleff))
46
+ - Add support for Darwin Directory Service groups [#2403](https://github.com/chef/inspec/pull/2403) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
47
+ - Update apache_conf regular expression to exclude whitespace. [#2416](https://github.com/chef/inspec/pull/2416) ([miah](https://github.com/miah))
48
+ - dependency chaining in libraries [#2428](https://github.com/chef/inspec/pull/2428) ([arlimus](https://github.com/arlimus))
49
+ - Modify `inspec json` to use `check_mode` [#2435](https://github.com/chef/inspec/pull/2435) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
50
+
51
+ #### Merged Pull Requests
52
+ - Split unit tests from functional [#2391](https://github.com/chef/inspec/pull/2391) ([adamleff](https://github.com/adamleff))
53
+ - Bump minor version and cleanup changelog for release [#2440](https://github.com/chef/inspec/pull/2440) ([adamleff](https://github.com/adamleff))
54
+ <!-- latest_stable_release -->
55
+
37
56
  ## [v1.48.0](https://github.com/chef/inspec/tree/v1.48.0) (2017-12-07)
38
57
 
39
58
  #### Enhancements
@@ -50,7 +69,6 @@
50
69
  - Update command resource to check for mock backend [#2353](https://github.com/chef/inspec/pull/2353) ([jquick](https://github.com/jquick))
51
70
  - Fix inspec appveyor test with the new local train transport [#2376](https://github.com/chef/inspec/pull/2376) ([jquick](https://github.com/jquick))
52
71
  - Fix changelog categories, bump minor version for release [#2381](https://github.com/chef/inspec/pull/2381) ([adamleff](https://github.com/adamleff))
53
- <!-- latest_stable_release -->
54
72
 
55
73
  ## [v1.47.0](https://github.com/chef/inspec/tree/v1.47.0) (2017-12-04)
56
74
 
@@ -2,7 +2,7 @@
2
2
  title: About the etc_hosts_allow Resource
3
3
  ---
4
4
 
5
- # etc_hosts_allow
5
+ # etc\_hosts\_allow
6
6
 
7
7
  Use the `etc_hosts_allow` InSpec audit resource to test rules set to accept daemon and client traffic set in /etc/hosts.allow file.
8
8
 
@@ -2,7 +2,7 @@
2
2
  title: About the etc_hosts_deny Resource
3
3
  ---
4
4
 
5
- # etc_hosts_deny
5
+ # etc\_hosts\_deny
6
6
 
7
7
  Use the `etc_hosts_deny` InSpec audit resource to test rules set to reject daemon and client traffic set in /etc/hosts.deny.
8
8
 
@@ -102,3 +102,5 @@ The `be_running` matcher tests if the firewalld service is running:
102
102
  `have_rule_enabled` returns true or false if the rich-rule has been specified in the zone.
103
103
 
104
104
  it { should have_rule_enabled('family=ipv4 source address=192.168.0.14 accept', 'public') }
105
+
106
+ It is not necessary to add the "rule" string, and you can start with the optional flags that are used in firewalld and end with the action
@@ -2,7 +2,7 @@
2
2
  title: About the postgres_hba_conf Resource
3
3
  ---
4
4
 
5
- # postgres_hba_conf
5
+ # postgres\_hba\_conf
6
6
 
7
7
  Use the `postgres_hba_conf` InSpec audit resource to test the client authentication data defined in the pg_hba.conf file.
8
8
 
@@ -2,7 +2,7 @@
2
2
  title: About the postgres_ident_conf Resource
3
3
  ---
4
4
 
5
- # postgres_ident_conf
5
+ # postgres\_ident\_conf
6
6
 
7
7
  Use the `postgres_ident_conf` InSpec audit resource to test the client authentication data defined in the pg_hba.conf file.
8
8
 
@@ -2,6 +2,8 @@
2
2
  title: About the windows_hotfix Resource
3
3
  ---
4
4
 
5
+ # windows_hotfix
6
+
5
7
  Use the `windows_hotfix` InSpec audit resource to test if the hotfix has been installed on a Windows system.
6
8
 
7
9
  <br>
@@ -21,9 +21,13 @@ An `xml` resource block declares the data to be tested. Assume the following XML
21
21
  <element>one</element>
22
22
  <element>two</element>
23
23
  </array>
24
+ <array>
25
+ <element value="one"></element>
26
+ <element value="two"></element>
27
+ </array>
24
28
  </root>
25
29
 
26
- This file can be queried using:
30
+ This file can be queried for elements using:
27
31
 
28
32
  describe xml('/path/to/name.xml') do
29
33
  its('root/name') { should eq ['hello'] }
@@ -31,11 +35,21 @@ This file can be queried using:
31
35
  its('root/array[2]/element') { should eq ['two'] }
32
36
  end
33
37
 
38
+ This file can be queried for attributes using:
39
+
40
+ describe xml('/path/to/name.xml') do
41
+ its('root/array[2]/element/@value') { should eq ['one', 'two'] }
42
+ its('root/array[2]/element/attribute::value') { should eq ['one', 'two'] }
43
+ its('root/array[2]/element[2]/attribute::value') { should eq ['two'] }
44
+ end
45
+
34
46
  where
35
47
 
36
- * `root/name` is an XPath expression
48
+ * `root/name` and `root/array[2]/element/@value` is an XPath expression
37
49
  * `should eq ['foo']` tests a value of `root/name` as read from an XML file versus the value declared in the test
38
50
 
51
+ In the above example, you see the use of `@` and `attribute::` which are both methods of fetching attributes.
52
+
39
53
  <br>
40
54
 
41
55
  In the event the path contains an element which contains periods, the alternate syntax can be used:
@@ -46,13 +60,17 @@ In the event the path contains an element which contains periods, the alternate
46
60
 
47
61
  The following examples show how to use this InSpec audit resource.
48
62
 
49
- ### Test an AppPool's presence in an applicationHost.config file
63
+ ### Test an AppPool's presence in an applicationHost.config file or the default site under applicationHost.sites
50
64
 
51
65
  describe xml('applicationHost.config') do
52
66
  # using the alternate syntax as described above because of the . in the key name
53
67
  its(['configuration/system.applicationHost/applicationPools/add@name']) { should contain('my_pool') }
54
68
  end
55
69
 
70
+ describe xml('applicationHost.sites') do
71
+ its('site[@name="Default Web Site"]/application/virtualDirectory/@path') { should eq ['/'] }
72
+ end
73
+
56
74
  <br>
57
75
 
58
76
  ## Matchers
@@ -56,7 +56,7 @@ module Inspec
56
56
  def inspec_requirement
57
57
  inspec_in_supports = params[:supports].find { |x| !x[:inspec].nil? }
58
58
  if inspec_in_supports
59
- Inspec::Log.warn '[DEPRECATED] The use of inspec.yml `supports:inspec` is deprecated and will be removed in InSpec 2.0. Please use `inspec_version` instead.'
59
+ warn '[DEPRECATED] The use of inspec.yml `supports:inspec` is deprecated and will be removed in InSpec 2.0. Please use `inspec_version` instead.'
60
60
  Gem::Requirement.create(inspec_in_supports[:inspec])
61
61
  else
62
62
  # using Gem::Requirement here to allow nil values which
@@ -4,5 +4,5 @@
4
4
  # author: Christoph Hartmann
5
5
 
6
6
  module Inspec
7
- VERSION = '1.49.2'
7
+ VERSION = '1.50.1'
8
8
  end
@@ -38,7 +38,7 @@ module Inspec::Resources
38
38
  filter.connect(self, :params)
39
39
 
40
40
  def initialize
41
- return skip_resource 'The `etc_hosts_deny` resource is not supported on your OS.' unless inspec.os.linux?
41
+ return skip_resource 'The `firewalld` resource is not supported on your OS.' unless inspec.os.linux?
42
42
  @params = parse_active_zones(active_zones)
43
43
  end
44
44
 
@@ -85,8 +85,8 @@ module Inspec::Resources
85
85
  end
86
86
 
87
87
  def has_rule_enabled?(rule, query_zone = default_zone)
88
- rule = 'rule ' + rule
89
- firewalld_command("--zone=#{query_zone} --query-rich-rule=#{rule}") == 'yes'
88
+ rule = "rule #{rule}" unless rule.start_with?('rule')
89
+ firewalld_command("--zone=#{query_zone} --query-rich-rule='#{rule}'") == 'yes'
90
90
  end
91
91
 
92
92
  private
@@ -47,7 +47,7 @@ module Inspec::Resources
47
47
  end
48
48
 
49
49
  def headers
50
- Hashie::Mash.new(@worker.response_headers)
50
+ @headers ||= Inspec::Resources::Http::Headers.create(@worker.response_headers)
51
51
  end
52
52
 
53
53
  def body
@@ -234,5 +234,19 @@ module Inspec::Resources
234
234
  end
235
235
  end
236
236
  end
237
+
238
+ class Headers < Hash
239
+ def self.create(header_data)
240
+ header_data.each_with_object(new) { |(k, v), memo| memo[k.to_s.downcase] = v }
241
+ end
242
+
243
+ def [](requested_key)
244
+ fetch(requested_key.downcase, nil)
245
+ end
246
+
247
+ def method_missing(requested_key)
248
+ fetch(requested_key.to_s.downcase, nil)
249
+ end
250
+ end
237
251
  end
238
252
  end
@@ -25,13 +25,13 @@ module Inspec::Resources
25
25
 
26
26
  # Passing no credentials to mssql_session forces it to use Windows authentication
27
27
  sql_windows_auth = mssql_session
28
- describe sql.query(\"SELECT SERVERPROPERTY('IsIntegratedSecurityOnly') as \\\"login_mode\\\";\").row(0).column('login_mode') do
28
+ describe sql_windows_auth.query(\"SELECT SERVERPROPERTY('IsIntegratedSecurityOnly') as \\\"login_mode\\\";\").row(0).column('login_mode') do
29
29
  its('value') { should_not be_empty }
30
30
  its('value') { should cmp == 1 }
31
31
  end
32
32
  "
33
33
 
34
- attr_reader :user, :password, :host
34
+ attr_reader :user, :password, :host, :port, :instance
35
35
  def initialize(opts = {})
36
36
  @user = opts[:user]
37
37
  @password = opts[:password] || opts[:pass]
@@ -39,12 +39,13 @@ module Inspec::Resources
39
39
  warn '[DEPRECATED] use `password` option to supply password instead of `pass`'
40
40
  end
41
41
  @host = opts[:host] || 'localhost'
42
+ @port = opts[:port] || '1433'
42
43
  @instance = opts[:instance]
43
44
 
44
45
  # check if sqlcmd is available
45
- return skip_resource('sqlcmd is missing') if !inspec.command('sqlcmd').exist?
46
+ raise Inspec::Exceptions::ResourceSkipped, 'sqlcmd is missing' unless inspec.command('sqlcmd').exist?
46
47
  # check that database is reachable
47
- return skip_resource("Can't connect to the MS SQL Server.") if !test_connection
48
+ raise Inspec::Exceptions::ResourceSkipped, "Can't connect to the MS SQL Server." unless test_connection
48
49
  end
49
50
 
50
51
  def query(q)
@@ -53,9 +54,9 @@ module Inspec::Resources
53
54
  cmd_string = "sqlcmd -Q \"set nocount on; #{escaped_query}\" -W -w 1024 -s ','"
54
55
  cmd_string += " -U '#{@user}' -P '#{@password}'" unless @user.nil? || @password.nil?
55
56
  if @instance.nil?
56
- cmd_string += " -S '#{@host}'"
57
+ cmd_string += " -S '#{@host},#{@port}'"
57
58
  else
58
- cmd_string += " -S '#{@host}\\#{@instance}'"
59
+ cmd_string += " -S '#{@host},#{@port}\\#{@instance}'"
59
60
  end
60
61
  cmd = inspec.command(cmd_string)
61
62
  out = cmd.stdout + "\n" + cmd.stderr
@@ -32,7 +32,7 @@ module Inspec::Resources
32
32
  @pkgman = Deb.new(inspec)
33
33
  elsif os.redhat? || %w{suse amazon fedora}.include?(os[:family])
34
34
  @pkgman = Rpm.new(inspec, opts)
35
- elsif ['arch'].include?(os[:family])
35
+ elsif ['arch'].include?(os[:name])
36
36
  @pkgman = Pacman.new(inspec)
37
37
  elsif ['darwin'].include?(os[:family])
38
38
  @pkgman = Brew.new(inspec)
@@ -64,6 +64,10 @@ module Inspec::Resources
64
64
  # returns the package description
65
65
  def info
66
66
  return @cache if !@cache.nil?
67
+ # All `@pkgman.info` methods return `{}`. This matches that
68
+ # behavior if `@pkgman` can't be determined, thus avoiding the
69
+ # `undefined method 'info' for nil:NilClass` error
70
+ return {} if @pkgman.nil?
67
71
  @pkgman.info(@package_name)
68
72
  end
69
73
 
@@ -20,7 +20,18 @@ module Inspec::Resources
20
20
  end
21
21
 
22
22
  def value(key)
23
- REXML::XPath.each(@params, key.first.to_s).map(&:text)
23
+ output = []
24
+ REXML::XPath.each(@params, key.first.to_s) do |element|
25
+ if element.is_a?(REXML::Attribute)
26
+ output.push(element.to_s)
27
+ elsif element.is_a?(REXML::Element)
28
+ output.push(element.text)
29
+ else
30
+ raise Inspec::Exceptions::ResourceFailed, "Unknown XML object received (#{element.class}): #{element}"
31
+ end
32
+ end
33
+
34
+ output
24
35
  end
25
36
 
26
37
  private
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.49.2
4
+ version: 1.50.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dominik Richter
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-01-04 00:00:00.000000000 Z
11
+ date: 2018-01-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: train