inspec 1.49.2 → 1.50.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +43 -25
- data/docs/resources/etc_hosts_allow.md.erb +1 -1
- data/docs/resources/etc_hosts_deny.md.erb +1 -1
- data/docs/resources/firewalld.md.erb +2 -0
- data/docs/resources/postgres_hba_conf.md.erb +1 -1
- data/docs/resources/postgres_ident_conf.md.erb +1 -1
- data/docs/resources/windows_hotfix.md.erb +2 -0
- data/docs/resources/xml.md.erb +21 -3
- data/lib/inspec/metadata.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/resources/firewalld.rb +3 -3
- data/lib/resources/http.rb +15 -1
- data/lib/resources/mssql_session.rb +7 -6
- data/lib/resources/package.rb +5 -1
- data/lib/resources/xml.rb +12 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3e1a10fa109bd6acf6791160ec84a2b00541332f
|
|
4
|
+
data.tar.gz: 0ca5fa62d228cc13b973f272fd9ac55635cafba7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 47dec2f9f7653e27b31489524ccb93ab364a8683f66ce00e7eec849a0fcc1cc0b5cbf773cb673e6ac4a532c0c3ccabffa5446c9feb50674f4cd130e46d5ccfb6
|
|
7
|
+
data.tar.gz: 385cbd5d676ef7f3bfb5905a23da6a2359abbdf5fc025e77ebb885bb20dde32172573df4b51176919edba5425bab9c95b6b8b02188b3941dc77f9f05940b2338
|
data/CHANGELOG.md
CHANGED
|
@@ -1,39 +1,58 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
|
|
3
|
-
<!-- latest_release
|
|
4
|
-
##
|
|
3
|
+
<!-- latest_release unreleased -->
|
|
4
|
+
## Unreleased
|
|
5
5
|
|
|
6
|
-
####
|
|
7
|
-
-
|
|
6
|
+
#### Merged Pull Requests
|
|
7
|
+
- Bump version manually to trigger Habitat build [#2466](https://github.com/chef/inspec/pull/2466) ([adamleff](https://github.com/adamleff))
|
|
8
8
|
<!-- latest_release -->
|
|
9
9
|
|
|
10
|
-
<!-- release_rollup since=1.
|
|
11
|
-
### Changes since 1.
|
|
12
|
-
|
|
13
|
-
#### Enhancements
|
|
14
|
-
- load local dependencies in inspec shell [#2438](https://github.com/chef/inspec/pull/2438) ([arlimus](https://github.com/arlimus)) <!-- 1.49.2 -->
|
|
15
|
-
- Deprecate and warn when comparing against OS name with capitals/spaces [#2397](https://github.com/chef/inspec/pull/2397) ([jquick](https://github.com/jquick)) <!-- 1.49.1 -->
|
|
16
|
-
- Add platform resource and platform supports [#2393](https://github.com/chef/inspec/pull/2393) ([jquick](https://github.com/jquick)) <!-- 1.48.12 -->
|
|
17
|
-
- file resource: adds `Synchronize` permission to windows ACL checks [#2399](https://github.com/chef/inspec/pull/2399) ([TheLonelyGhost](https://github.com/TheLonelyGhost)) <!-- 1.48.6 -->
|
|
18
|
-
- bond resource: Add bonding mode matcher [#2414](https://github.com/chef/inspec/pull/2414) ([ehanlon](https://github.com/ehanlon)) <!-- 1.48.8 -->
|
|
10
|
+
<!-- release_rollup since=1.49.2 -->
|
|
11
|
+
### Changes since 1.49.2 release
|
|
19
12
|
|
|
20
13
|
#### Bug Fixes
|
|
21
|
-
-
|
|
22
|
-
-
|
|
23
|
-
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
-
|
|
27
|
-
-
|
|
28
|
-
- default attributes for nil and false [#2410](https://github.com/chef/inspec/pull/2410) ([arlimus](https://github.com/arlimus)) <!-- 1.48.5 -->
|
|
29
|
-
- package resource: Enhance resource error handling [#2388](https://github.com/chef/inspec/pull/2388) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.48.3 -->
|
|
14
|
+
- http resource: make header keys case insensitive [#2457](https://github.com/chef/inspec/pull/2457) ([adamleff](https://github.com/adamleff)) <!-- 1.49.10 -->
|
|
15
|
+
- package resource: fix NilClass errors on arch linux [#2437](https://github.com/chef/inspec/pull/2437) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.49.8 -->
|
|
16
|
+
- firewalld resource: prepend rule string only when necessary [#2430](https://github.com/chef/inspec/pull/2430) ([tarcinil](https://github.com/tarcinil)) <!-- 1.49.6 -->
|
|
17
|
+
|
|
18
|
+
#### Enhancements
|
|
19
|
+
- xml resource: support fetching attributes [#2423](https://github.com/chef/inspec/pull/2423) ([tarcinil](https://github.com/tarcinil)) <!-- 1.49.7 -->
|
|
20
|
+
- mssql_session resource: add port parameter [#2429](https://github.com/chef/inspec/pull/2429) ([tarcinil](https://github.com/tarcinil)) <!-- 1.49.5 -->
|
|
30
21
|
|
|
31
22
|
#### Merged Pull Requests
|
|
32
|
-
- Bump
|
|
33
|
-
-
|
|
23
|
+
- Bump version manually to trigger Habitat build [#2466](https://github.com/chef/inspec/pull/2466) ([adamleff](https://github.com/adamleff)) <!-- 1.50.1 -->
|
|
24
|
+
- Bump minor version [#2465](https://github.com/chef/inspec/pull/2465) ([adamleff](https://github.com/adamleff)) <!-- 1.50.0 -->
|
|
25
|
+
- Bump Omnibus Ruby (and Travis Rubies) to 2.4.3 [#2452](https://github.com/chef/inspec/pull/2452) ([adamleff](https://github.com/adamleff)) <!-- 1.49.9 -->
|
|
26
|
+
- Update the inspec support check to warn to stderr. [#2446](https://github.com/chef/inspec/pull/2446) ([jquick](https://github.com/jquick)) <!-- 1.49.4 -->
|
|
27
|
+
- Fix package manager detection on Arch Linux [#2436](https://github.com/chef/inspec/pull/2436) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.49.3 -->
|
|
34
28
|
<!-- release_rollup -->
|
|
35
29
|
|
|
36
30
|
<!-- latest_stable_release -->
|
|
31
|
+
## [v1.49.2](https://github.com/chef/inspec/tree/v1.49.2) (2018-01-04)
|
|
32
|
+
|
|
33
|
+
#### Enhancements
|
|
34
|
+
- bond resource: Add bonding mode matcher [#2414](https://github.com/chef/inspec/pull/2414) ([ehanlon](https://github.com/ehanlon))
|
|
35
|
+
- file resource: adds `Synchronize` permission to windows ACL checks [#2399](https://github.com/chef/inspec/pull/2399) ([TheLonelyGhost](https://github.com/TheLonelyGhost))
|
|
36
|
+
- Add platform resource and platform supports [#2393](https://github.com/chef/inspec/pull/2393) ([jquick](https://github.com/jquick))
|
|
37
|
+
- Deprecate and warn when comparing against OS name with capitals/spaces [#2397](https://github.com/chef/inspec/pull/2397) ([jquick](https://github.com/jquick))
|
|
38
|
+
- load local dependencies in inspec shell [#2438](https://github.com/chef/inspec/pull/2438) ([arlimus](https://github.com/arlimus))
|
|
39
|
+
|
|
40
|
+
#### Bug Fixes
|
|
41
|
+
- package resource: Enhance resource error handling [#2388](https://github.com/chef/inspec/pull/2388) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
42
|
+
- default attributes for nil and false [#2410](https://github.com/chef/inspec/pull/2410) ([arlimus](https://github.com/arlimus))
|
|
43
|
+
- Fix OWCA detection for `compliance login` [#2401](https://github.com/chef/inspec/pull/2401) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
44
|
+
- Fix `x509_certificate` integration tests [#2431](https://github.com/chef/inspec/pull/2431) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
45
|
+
- Fix Docker build in the Expeditor pipeline [#2432](https://github.com/chef/inspec/pull/2432) ([adamleff](https://github.com/adamleff))
|
|
46
|
+
- Add support for Darwin Directory Service groups [#2403](https://github.com/chef/inspec/pull/2403) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
47
|
+
- Update apache_conf regular expression to exclude whitespace. [#2416](https://github.com/chef/inspec/pull/2416) ([miah](https://github.com/miah))
|
|
48
|
+
- dependency chaining in libraries [#2428](https://github.com/chef/inspec/pull/2428) ([arlimus](https://github.com/arlimus))
|
|
49
|
+
- Modify `inspec json` to use `check_mode` [#2435](https://github.com/chef/inspec/pull/2435) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
50
|
+
|
|
51
|
+
#### Merged Pull Requests
|
|
52
|
+
- Split unit tests from functional [#2391](https://github.com/chef/inspec/pull/2391) ([adamleff](https://github.com/adamleff))
|
|
53
|
+
- Bump minor version and cleanup changelog for release [#2440](https://github.com/chef/inspec/pull/2440) ([adamleff](https://github.com/adamleff))
|
|
54
|
+
<!-- latest_stable_release -->
|
|
55
|
+
|
|
37
56
|
## [v1.48.0](https://github.com/chef/inspec/tree/v1.48.0) (2017-12-07)
|
|
38
57
|
|
|
39
58
|
#### Enhancements
|
|
@@ -50,7 +69,6 @@
|
|
|
50
69
|
- Update command resource to check for mock backend [#2353](https://github.com/chef/inspec/pull/2353) ([jquick](https://github.com/jquick))
|
|
51
70
|
- Fix inspec appveyor test with the new local train transport [#2376](https://github.com/chef/inspec/pull/2376) ([jquick](https://github.com/jquick))
|
|
52
71
|
- Fix changelog categories, bump minor version for release [#2381](https://github.com/chef/inspec/pull/2381) ([adamleff](https://github.com/adamleff))
|
|
53
|
-
<!-- latest_stable_release -->
|
|
54
72
|
|
|
55
73
|
## [v1.47.0](https://github.com/chef/inspec/tree/v1.47.0) (2017-12-04)
|
|
56
74
|
|
|
@@ -102,3 +102,5 @@ The `be_running` matcher tests if the firewalld service is running:
|
|
|
102
102
|
`have_rule_enabled` returns true or false if the rich-rule has been specified in the zone.
|
|
103
103
|
|
|
104
104
|
it { should have_rule_enabled('family=ipv4 source address=192.168.0.14 accept', 'public') }
|
|
105
|
+
|
|
106
|
+
It is not necessary to add the "rule" string, and you can start with the optional flags that are used in firewalld and end with the action
|
data/docs/resources/xml.md.erb
CHANGED
|
@@ -21,9 +21,13 @@ An `xml` resource block declares the data to be tested. Assume the following XML
|
|
|
21
21
|
<element>one</element>
|
|
22
22
|
<element>two</element>
|
|
23
23
|
</array>
|
|
24
|
+
<array>
|
|
25
|
+
<element value="one"></element>
|
|
26
|
+
<element value="two"></element>
|
|
27
|
+
</array>
|
|
24
28
|
</root>
|
|
25
29
|
|
|
26
|
-
This file can be queried using:
|
|
30
|
+
This file can be queried for elements using:
|
|
27
31
|
|
|
28
32
|
describe xml('/path/to/name.xml') do
|
|
29
33
|
its('root/name') { should eq ['hello'] }
|
|
@@ -31,11 +35,21 @@ This file can be queried using:
|
|
|
31
35
|
its('root/array[2]/element') { should eq ['two'] }
|
|
32
36
|
end
|
|
33
37
|
|
|
38
|
+
This file can be queried for attributes using:
|
|
39
|
+
|
|
40
|
+
describe xml('/path/to/name.xml') do
|
|
41
|
+
its('root/array[2]/element/@value') { should eq ['one', 'two'] }
|
|
42
|
+
its('root/array[2]/element/attribute::value') { should eq ['one', 'two'] }
|
|
43
|
+
its('root/array[2]/element[2]/attribute::value') { should eq ['two'] }
|
|
44
|
+
end
|
|
45
|
+
|
|
34
46
|
where
|
|
35
47
|
|
|
36
|
-
* `root/name` is an XPath expression
|
|
48
|
+
* `root/name` and `root/array[2]/element/@value` is an XPath expression
|
|
37
49
|
* `should eq ['foo']` tests a value of `root/name` as read from an XML file versus the value declared in the test
|
|
38
50
|
|
|
51
|
+
In the above example, you see the use of `@` and `attribute::` which are both methods of fetching attributes.
|
|
52
|
+
|
|
39
53
|
<br>
|
|
40
54
|
|
|
41
55
|
In the event the path contains an element which contains periods, the alternate syntax can be used:
|
|
@@ -46,13 +60,17 @@ In the event the path contains an element which contains periods, the alternate
|
|
|
46
60
|
|
|
47
61
|
The following examples show how to use this InSpec audit resource.
|
|
48
62
|
|
|
49
|
-
### Test an AppPool's presence in an applicationHost.config file
|
|
63
|
+
### Test an AppPool's presence in an applicationHost.config file or the default site under applicationHost.sites
|
|
50
64
|
|
|
51
65
|
describe xml('applicationHost.config') do
|
|
52
66
|
# using the alternate syntax as described above because of the . in the key name
|
|
53
67
|
its(['configuration/system.applicationHost/applicationPools/add@name']) { should contain('my_pool') }
|
|
54
68
|
end
|
|
55
69
|
|
|
70
|
+
describe xml('applicationHost.sites') do
|
|
71
|
+
its('site[@name="Default Web Site"]/application/virtualDirectory/@path') { should eq ['/'] }
|
|
72
|
+
end
|
|
73
|
+
|
|
56
74
|
<br>
|
|
57
75
|
|
|
58
76
|
## Matchers
|
data/lib/inspec/metadata.rb
CHANGED
|
@@ -56,7 +56,7 @@ module Inspec
|
|
|
56
56
|
def inspec_requirement
|
|
57
57
|
inspec_in_supports = params[:supports].find { |x| !x[:inspec].nil? }
|
|
58
58
|
if inspec_in_supports
|
|
59
|
-
|
|
59
|
+
warn '[DEPRECATED] The use of inspec.yml `supports:inspec` is deprecated and will be removed in InSpec 2.0. Please use `inspec_version` instead.'
|
|
60
60
|
Gem::Requirement.create(inspec_in_supports[:inspec])
|
|
61
61
|
else
|
|
62
62
|
# using Gem::Requirement here to allow nil values which
|
data/lib/inspec/version.rb
CHANGED
data/lib/resources/firewalld.rb
CHANGED
|
@@ -38,7 +38,7 @@ module Inspec::Resources
|
|
|
38
38
|
filter.connect(self, :params)
|
|
39
39
|
|
|
40
40
|
def initialize
|
|
41
|
-
return skip_resource 'The `
|
|
41
|
+
return skip_resource 'The `firewalld` resource is not supported on your OS.' unless inspec.os.linux?
|
|
42
42
|
@params = parse_active_zones(active_zones)
|
|
43
43
|
end
|
|
44
44
|
|
|
@@ -85,8 +85,8 @@ module Inspec::Resources
|
|
|
85
85
|
end
|
|
86
86
|
|
|
87
87
|
def has_rule_enabled?(rule, query_zone = default_zone)
|
|
88
|
-
rule =
|
|
89
|
-
firewalld_command("--zone=#{query_zone} --query-rich-rule
|
|
88
|
+
rule = "rule #{rule}" unless rule.start_with?('rule')
|
|
89
|
+
firewalld_command("--zone=#{query_zone} --query-rich-rule='#{rule}'") == 'yes'
|
|
90
90
|
end
|
|
91
91
|
|
|
92
92
|
private
|
data/lib/resources/http.rb
CHANGED
|
@@ -47,7 +47,7 @@ module Inspec::Resources
|
|
|
47
47
|
end
|
|
48
48
|
|
|
49
49
|
def headers
|
|
50
|
-
|
|
50
|
+
@headers ||= Inspec::Resources::Http::Headers.create(@worker.response_headers)
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
def body
|
|
@@ -234,5 +234,19 @@ module Inspec::Resources
|
|
|
234
234
|
end
|
|
235
235
|
end
|
|
236
236
|
end
|
|
237
|
+
|
|
238
|
+
class Headers < Hash
|
|
239
|
+
def self.create(header_data)
|
|
240
|
+
header_data.each_with_object(new) { |(k, v), memo| memo[k.to_s.downcase] = v }
|
|
241
|
+
end
|
|
242
|
+
|
|
243
|
+
def [](requested_key)
|
|
244
|
+
fetch(requested_key.downcase, nil)
|
|
245
|
+
end
|
|
246
|
+
|
|
247
|
+
def method_missing(requested_key)
|
|
248
|
+
fetch(requested_key.to_s.downcase, nil)
|
|
249
|
+
end
|
|
250
|
+
end
|
|
237
251
|
end
|
|
238
252
|
end
|
|
@@ -25,13 +25,13 @@ module Inspec::Resources
|
|
|
25
25
|
|
|
26
26
|
# Passing no credentials to mssql_session forces it to use Windows authentication
|
|
27
27
|
sql_windows_auth = mssql_session
|
|
28
|
-
describe
|
|
28
|
+
describe sql_windows_auth.query(\"SELECT SERVERPROPERTY('IsIntegratedSecurityOnly') as \\\"login_mode\\\";\").row(0).column('login_mode') do
|
|
29
29
|
its('value') { should_not be_empty }
|
|
30
30
|
its('value') { should cmp == 1 }
|
|
31
31
|
end
|
|
32
32
|
"
|
|
33
33
|
|
|
34
|
-
attr_reader :user, :password, :host
|
|
34
|
+
attr_reader :user, :password, :host, :port, :instance
|
|
35
35
|
def initialize(opts = {})
|
|
36
36
|
@user = opts[:user]
|
|
37
37
|
@password = opts[:password] || opts[:pass]
|
|
@@ -39,12 +39,13 @@ module Inspec::Resources
|
|
|
39
39
|
warn '[DEPRECATED] use `password` option to supply password instead of `pass`'
|
|
40
40
|
end
|
|
41
41
|
@host = opts[:host] || 'localhost'
|
|
42
|
+
@port = opts[:port] || '1433'
|
|
42
43
|
@instance = opts[:instance]
|
|
43
44
|
|
|
44
45
|
# check if sqlcmd is available
|
|
45
|
-
|
|
46
|
+
raise Inspec::Exceptions::ResourceSkipped, 'sqlcmd is missing' unless inspec.command('sqlcmd').exist?
|
|
46
47
|
# check that database is reachable
|
|
47
|
-
|
|
48
|
+
raise Inspec::Exceptions::ResourceSkipped, "Can't connect to the MS SQL Server." unless test_connection
|
|
48
49
|
end
|
|
49
50
|
|
|
50
51
|
def query(q)
|
|
@@ -53,9 +54,9 @@ module Inspec::Resources
|
|
|
53
54
|
cmd_string = "sqlcmd -Q \"set nocount on; #{escaped_query}\" -W -w 1024 -s ','"
|
|
54
55
|
cmd_string += " -U '#{@user}' -P '#{@password}'" unless @user.nil? || @password.nil?
|
|
55
56
|
if @instance.nil?
|
|
56
|
-
cmd_string += " -S '#{@host}'"
|
|
57
|
+
cmd_string += " -S '#{@host},#{@port}'"
|
|
57
58
|
else
|
|
58
|
-
cmd_string += " -S '#{@host}\\#{@instance}'"
|
|
59
|
+
cmd_string += " -S '#{@host},#{@port}\\#{@instance}'"
|
|
59
60
|
end
|
|
60
61
|
cmd = inspec.command(cmd_string)
|
|
61
62
|
out = cmd.stdout + "\n" + cmd.stderr
|
data/lib/resources/package.rb
CHANGED
|
@@ -32,7 +32,7 @@ module Inspec::Resources
|
|
|
32
32
|
@pkgman = Deb.new(inspec)
|
|
33
33
|
elsif os.redhat? || %w{suse amazon fedora}.include?(os[:family])
|
|
34
34
|
@pkgman = Rpm.new(inspec, opts)
|
|
35
|
-
elsif ['arch'].include?(os[:
|
|
35
|
+
elsif ['arch'].include?(os[:name])
|
|
36
36
|
@pkgman = Pacman.new(inspec)
|
|
37
37
|
elsif ['darwin'].include?(os[:family])
|
|
38
38
|
@pkgman = Brew.new(inspec)
|
|
@@ -64,6 +64,10 @@ module Inspec::Resources
|
|
|
64
64
|
# returns the package description
|
|
65
65
|
def info
|
|
66
66
|
return @cache if !@cache.nil?
|
|
67
|
+
# All `@pkgman.info` methods return `{}`. This matches that
|
|
68
|
+
# behavior if `@pkgman` can't be determined, thus avoiding the
|
|
69
|
+
# `undefined method 'info' for nil:NilClass` error
|
|
70
|
+
return {} if @pkgman.nil?
|
|
67
71
|
@pkgman.info(@package_name)
|
|
68
72
|
end
|
|
69
73
|
|
data/lib/resources/xml.rb
CHANGED
|
@@ -20,7 +20,18 @@ module Inspec::Resources
|
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
def value(key)
|
|
23
|
-
|
|
23
|
+
output = []
|
|
24
|
+
REXML::XPath.each(@params, key.first.to_s) do |element|
|
|
25
|
+
if element.is_a?(REXML::Attribute)
|
|
26
|
+
output.push(element.to_s)
|
|
27
|
+
elsif element.is_a?(REXML::Element)
|
|
28
|
+
output.push(element.text)
|
|
29
|
+
else
|
|
30
|
+
raise Inspec::Exceptions::ResourceFailed, "Unknown XML object received (#{element.class}): #{element}"
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
output
|
|
24
35
|
end
|
|
25
36
|
|
|
26
37
|
private
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.50.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dominik Richter
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-01-
|
|
11
|
+
date: 2018-01-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: train
|