inspec 1.5.0 → 1.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b497b451c9ceeebee2eaddce3fe68b30beacb61b
-  data.tar.gz: 788aab0d94d912e9ec52e05eaf781ce7ccf575eb
+  metadata.gz: cd0cb42f326fa8d1e5c78e7cb2d190912f29dbe8
+  data.tar.gz: 1a6b9b13d1c21616d2ab9af800fac73fd573ff8f
 SHA512:
-  metadata.gz: 70bf74fd78213f63be4607ba96fb7abd1282903c606e28ca469c080719c1a0886ae77a4a0b074361a7d5ec7f73a9dbb5852c9e25eb230117319a7c110e340077
-  data.tar.gz: 89eb02e30a5a1ebd6b1af5f6fa60ae2bca85411caee9c59f9fef97d9363bb2ef7f7da3a2cf67238b243b394b8819f1b90152ad53143ee2b8a3f08e15613834fb
+  metadata.gz: 189769e535f062fb5bc6d8f1ea1f16f3fa24a0904f816216ea5cbf810ec38cc87eeb19171d80ce41fed1d52ebeb1a57e07d5aef3098132ee1ad39e0e0726a131
+  data.tar.gz: 9b456f2b72df9b323c1cb9a96a917bfafe2229aa5fabf8507694ba61d75b48477589a6047750c5cbf592f28e0d691a5c589149c44d554761b7008663abc58b49

data/CHANGELOG.md

@@ -1,7 +1,33 @@
 # Change Log
 
-## [1.5.0](https://github.com/chef/inspec/tree/1.5.0) (2016-11-20)
-[Full Changelog](https://github.com/chef/inspec/compare/v1.4.1...1.5.0)
+## [1.6.0](https://github.com/chef/inspec/tree/1.6.0) (2016-11-28)
+[Full Changelog](https://github.com/chef/inspec/compare/v1.5.0...1.6.0)
+
+**Fixed bugs:**
+
+- InSpec loads whichever \*.rb file it finds along the way causing itself to fail [\#1326](https://github.com/chef/inspec/issues/1326)
+
+**Closed issues:**
+
+- command resource check doesn't fail when it should [\#1318](https://github.com/chef/inspec/issues/1318)
+- is this a typo....  inpsec? [\#1309](https://github.com/chef/inspec/issues/1309)
+- support JUnit format [\#1301](https://github.com/chef/inspec/issues/1301)
+- apt resource fails corner cases with optional second column [\#1261](https://github.com/chef/inspec/issues/1261)
+
+**Merged pull requests:**
+
+- do not load controls from test directory [\#1327](https://github.com/chef/inspec/pull/1327) ([chris-rock](https://github.com/chris-rock))
+- Replaced Colors for output [\#1320](https://github.com/chef/inspec/pull/1320) ([hannah-radish](https://github.com/hannah-radish))
+- Hannah vj/fix tests formatting [\#1319](https://github.com/chef/inspec/pull/1319) ([hannah-radish](https://github.com/hannah-radish))
+- revert style changes temporarily [\#1317](https://github.com/chef/inspec/pull/1317) ([vjeffrey](https://github.com/vjeffrey))
+- Updated color palettes, label colors and icons [\#1313](https://github.com/chef/inspec/pull/1313) ([hannah-radish](https://github.com/hannah-radish))
+- Remove extra `'` in registry key examples [\#1308](https://github.com/chef/inspec/pull/1308) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
+- also push docker latest tag with each release [\#1307](https://github.com/chef/inspec/pull/1307) ([chris-rock](https://github.com/chris-rock))
+- Adding windows\_task resource [\#1306](https://github.com/chef/inspec/pull/1306) ([username-is-already-taken2](https://github.com/username-is-already-taken2))
+- Adding JUnit formatter support [\#1304](https://github.com/chef/inspec/pull/1304) ([jkerry](https://github.com/jkerry))
+
+## [v1.5.0](https://github.com/chef/inspec/tree/v1.5.0) (2016-11-21)
+[Full Changelog](https://github.com/chef/inspec/compare/v1.4.1...v1.5.0)
 
 **Implemented enhancements:**
 

data/Gemfile

@@ -15,6 +15,7 @@ if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.2.2')
 end
 
 gem 'ffi', '>= 1.9.14'
+gem 'rspec_junit_formatter', '~> 0.2.3'
 
 group :test do
   gem 'bundler', '~> 1.5'

data/Rakefile

@@ -164,6 +164,8 @@ task :release_docker do
         "mv *.gem inspec.gem && "\
         "docker build -t chef/inspec:#{version} . && "\
         "docker push chef/inspec:#{version}"
+        "docker tag chef/inspec:#{version} chef/inspec:latest"
+        "docker push chef/inspec:latest"
   puts "--> #{cmd}"
   sh('sh', '-c', cmd)
 end

data/docs/resources/registry_key.md.erb

@@ -27,7 +27,7 @@ Or use a Ruby Hash:
     describe registry_key({
       name: 'Task Scheduler',
       hive: 'HKEY_LOCAL_MACHINE',
-      key: ''\SYSTEM\CurrentControlSet\services\Schedule'
+      key: '\SYSTEM\CurrentControlSet\services\Schedule'
     }) do
       its('Start') { should eq 2 }
     end

data/docs/resources/windows_task.md.erb

@@ -0,0 +1,103 @@
+---
+title: About the windows_task Resource
+---
+
+# windows_task
+
+Use the `windows_task` Inspec audit resource to test a scheduled tasks configuration on a Windows platform. 
+Microsoft and application vendors use scheduled tasks to perform a varity of system maintaince tasks but system administrators can schedule their own.
+
+## Syntax
+
+A `windows_task` resource block declares the name of the task (as its full path) and tests its configuration:
+
+    describe windows_task('task name uri' do
+      its('parameter') { should eq 'value' }
+      it { should be_enabled }
+    end
+
+where
+
+* `'parameter'` must be a valid parameter defined within this resource  ie `logon_mode`, `last_result`, `task_to_run`, `run_as_user` 
+* `'value'` will be used to compare the value gather from your chosen parameter
+* `'be_enabled'` is an example of a valid matcher that checks the state of a task, other examples are `exist` or `be_disabled` 
+
+## Matchers
+
+This InSpec audit resource has the following matchers:
+
+### be
+
+<%= partial "/shared/matcher_be" %>
+
+### cmp
+
+<%= partial "/shared/matcher_cmp" %>
+
+### eq
+
+<%= partial "/shared/matcher_eq" %>
+
+### include
+
+<%= partial "/shared/matcher_include" %>
+
+### match
+
+<%= partial "/shared/matcher_match" %>
+
+## Examples
+
+The following examples show how to use this InSpec resource.
+
+### Test's that a task is enabled
+```
+describe windows_task('\Microsoft\Windows\Time Synchronization\SynchronizeTime') do
+  it { should be_enabled }
+end
+```
+
+### Test's that a task is disabled
+```
+describe windows_task('\Microsoft\Windows\AppID\PolicyConverter') do
+  it { should be_disabled }
+end
+```
+
+### Test's the configuration parameters of a task
+```
+describe windows_task('\Microsoft\Windows\AppID\PolicyConverter') do
+  its('logon_mode') { should eq 'Interactive/Background' }
+  its('last_result') { should eq '1' }
+  its('task_to_run') { should cmp '%Windir%\system32\appidpolicyconverter.exe' }
+  its('run_as_user') { should eq 'LOCAL SERVICE' }
+end
+```
+
+### Test's that a task is defined
+```
+describe windows_task('\Microsoft\Windows\Defrag\ScheduledDefrag') do
+  it { should exist }
+end
+```
+
+## Gathering Tasknames
+Rather then use the GUI you can use the `schtasks.exe` to output a full list of tasks available on the system
+
+`schtasks /query /FO list`
+
+rather than use the `list` output you can use `CSV` if it is easier.
+
+Please make sure you use the full TaskName (include the prefix `\`) within your control
+
+```
+C:\>schtasks /query /FO list
+...
+Folder: \Microsoft\Windows\Diagnosis
+HostName:      XPS15
+TaskName:      \Microsoft\Windows\Diagnosis\Scheduled
+Next Run Time: N/A
+Status:        Ready
+Logon Mode:    Interactive/Background
+...
+```

data/inspec.gemspec

@@ -37,4 +37,5 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'mixlib-log'
   spec.add_dependency 'sslshake', '~> 1'
   spec.add_dependency 'parallel', '~> 1.9'
+  spec.add_dependency 'rspec_junit_formatter', '~> 0.2.3'
 end

data/lib/inspec/resource.rb

@@ -125,6 +125,7 @@ require 'resources/sys_info'
 require 'resources/users'
 require 'resources/vbscript'
 require 'resources/windows_feature'
+require 'resources/windows_task'
 require 'resources/xinetd'
 require 'resources/wmi'
 require 'resources/yum'

data/lib/inspec/rspec_json_formatter.rb

@@ -1,9 +1,11 @@
 # encoding: utf-8
 # author: Dominik Richter
 # author: Christoph Hartmann
+# author: John Kerry
 
 require 'rspec/core'
 require 'rspec/core/formatters/json_formatter'
+require 'rspec_junit_formatter'
 
 # Vanilla RSpec JSON formatter with a slight extension to show example IDs.
 # TODO: Remove these lines when RSpec includes the ID natively
@@ -254,21 +256,21 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
   }.freeze
 
   COLORS = {
-    'critical' => "\033[31;1m",
-    'major'    => "\033[31m",
-    'minor'    => "\033[33m",
-    'failed'   => "\033[31m",
-    'passed'   => "\033[32m",
-    'skipped'  => "\033[37m",
+    'critical' => "\033[38;5;9m",
+    'major'    => "\033[38;5;208m",
+    'minor'    => "\033[0;36m",
+    'failed'   => "\033[38;5;9m",
+    'passed'   => "\033[38;5;41m",
+    'skipped'  => "\033[38;5;247m",
     'reset'    => "\033[0m",
   }.freeze
 
   INDICATORS = {
-    'critical' => '  ✖  ',
-    'major'    => '  ✖  ',
-    'minor'    => '  ✖  ',
-    'failed'   => '  ✖  ',
-    'skipped'  => '  ○  ',
+    'critical' => '  ×  ',
+    'major'    => '  ∅  ',
+    'minor'    => '  ⊚  ',
+    'failed'   => '  ×  ',
+    'skipped'  => '  ↺  ',
     'passed'   => '  ✔  ',
     'unknown'  => '  ?  ',
     'empty'    => '     ',
@@ -547,3 +549,14 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     data
   end
 end
+
+class InspecRspecJUnit < RSpecJUnitFormatter
+  RSpec::Core::Formatters.register self, :close
+
+  def initialize(*args)
+    super(*args)
+  end
+
+  def close(_notification)
+  end
+end

data/lib/inspec/runner_rspec.rb

@@ -103,6 +103,7 @@ module Inspec
       'json' => 'InspecRspecJson',
       'json-rspec' => 'InspecRspecVanilla',
       'cli' => 'InspecRspecCli',
+      'junit' => 'InspecRspecJUnit',
     }.freeze
 
     # Configure the output formatter and stream to be used with RSpec.

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '1.5.0'.freeze
+  VERSION = '1.6.0'.freeze
 end

data/lib/resources/registry_key.rb

@@ -20,7 +20,7 @@ require 'json'
 # describe registry_key({
 #            name: 'Task Scheduler',
 #            hive: 'HKEY_LOCAL_MACHINE',
-#            key: ''\SYSTEM\CurrentControlSet\services\Schedule'
+#            key: '\SYSTEM\CurrentControlSet\services\Schedule'
 # }) do
 #   its('Start') { should eq 2 }
 # end

data/lib/resources/windows_task.rb

@@ -0,0 +1,106 @@
+# encoding: utf-8
+# author: Gary Bright @username-is-already-taken2
+# author: Chris Beard @cdbeard2016
+module Inspec::Resources
+  class WindowsTasks < Inspec.resource(1)
+    name 'windows_task'
+    desc 'Use the windows_task InSpec audit resource to test task schedules on Microsoft Windows.'
+    example "
+      describe windows_task('\\Microsoft\\Windows\\Time Synchronization\\SynchronizeTime') do
+        it { should be_enabled }
+      end
+
+      describe windows_task('\\Microsoft\\Windows\\AppID\\PolicyConverter') do
+        it { should be_disabled }
+      end
+
+      describe windows_task('\\Microsoft\\Windows\\Defrag\\ScheduledDefrag') do
+        it { should exist }
+      end
+
+      describe windows_task('\\Microsoft\\Windows\\AppID\\PolicyConverter') do
+        its('logon_mode') { should eq 'Interactive/Background' }
+        its('last_result') { should eq '1' }
+        its('task_to_run') { should cmp '%Windir%\\system32\\appidpolicyconverter.exe' }
+        its('run_as_user') { should eq 'LOCAL SERVICE' }
+      end
+    "
+
+    def initialize(taskuri)
+      @taskuri = taskuri
+      @cache = nil
+
+      # verify that this resource is only supported on Windows
+      return skip_resource 'The `windows_task` resource is not supported on your OS.' unless inspec.os.windows?
+    end
+
+    def exists?
+      return true unless info.nil? || info[:uri].nil?
+      false
+    end
+
+    # rubocop:disable Style/WordArray
+    def enabled?
+      return false if info.nil? || info[:state].nil?
+      ['Ready', 'Running'].include?(info[:state])
+    end
+
+    def disabled?
+      return false if info.nil? || info[:state].nil?
+      info[:scheduled_task_state] == 'Disabled' || info[:state] == 'Disabled'
+    end
+
+    def logon_mode
+      info[:logon_mode]
+    end
+
+    def last_result
+      info[:last_result]
+    end
+
+    def task_to_run
+      info[:task_to_run].to_s.strip
+    end
+
+    def run_as_user
+      info[:run_as_user]
+    end
+
+    def type
+      info[:type] unless info.nil?
+    end
+
+    def info
+      return @cache unless @cache.nil?
+      # PowerShell v5 has Get-ScheduledTask cmdlet,
+      # _using something with backward support to v3_
+      # script = "Get-ScheduledTask | ? { $_.URI -eq '#{@taskuri}' } | Select-Object URI,@{N='State';E={$_.State.ToString()}} | ConvertTo-Json"
+
+      # Using schtasks as suggested by @modille but aligning property names to match cmdlet to future proof.
+      script = "schtasks /query /v /fo csv /tn '#{@taskuri}' | ConvertFrom-Csv | Select @{N='URI';E={$_.TaskName}},@{N='State';E={$_.Status.ToString()}},'Logon Mode','Last Result','Task To Run','Run As User','Scheduled Task State' | ConvertTo-Json -Compress"
+
+      cmd = inspec.powershell(script)
+
+      begin
+        params = JSON.parse(cmd.stdout)
+      rescue JSON::ParserError => _e
+        return nil
+      end
+
+      @cache = {
+        uri: params['URI'],
+        state: params['State'],
+        logon_mode: params['Logon Mode'],
+        last_result: params['Last Result'],
+        task_to_run: params['Task To Run'],
+        run_as_user: params['Run As User'],
+        scheduled_task_state: params['Scheduled Task State'],
+        type: 'windows-task',
+      }
+    end
+
+    def to_s
+      "Windows Task '#{@taskuri}'"
+    end
+  end
+end

data/lib/source_readers/inspec.rb

@@ -44,7 +44,7 @@ module SourceReaders
 
     def load_tests
       tests = @target.files.find_all do |path|
-        path.start_with?('controls', 'test') && path.end_with?('.rb')
+        path.start_with?('controls') && path.end_with?('.rb')
       end
       Hash[tests.map { |x| [x, @target.read(x)] }]
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 1.5.0
+  version: 1.6.0
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-11-21 00:00:00.000000000 Z
+date: 2016-11-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
@@ -204,6 +204,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: rspec_junit_formatter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.3
 description: InSpec provides a framework for creating end-to-end infrastructure tests.
   You can use it for integration or even compliance testing. Create fully portable
   test profiles and use them in your workflow to ensure stability and security. Integrate
@@ -296,6 +310,7 @@ files:
 - docs/resources/users.md.erb
 - docs/resources/vbscript.md.erb
 - docs/resources/windows_feature.md.erb
+- docs/resources/windows_task.md.erb
 - docs/resources/wmi.md.erb
 - docs/resources/xinetd_conf.md.erb
 - docs/resources/yaml.md.erb
@@ -495,6 +510,7 @@ files:
 - lib/resources/users.rb
 - lib/resources/vbscript.rb
 - lib/resources/windows_feature.rb
+- lib/resources/windows_task.rb
 - lib/resources/wmi.rb
 - lib/resources/xinetd.rb
 - lib/resources/yaml.rb