inspec 2.1.59 → 2.1.67
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +30 -12
- data/Gemfile +1 -1
- data/README.md +6 -0
- data/Rakefile +59 -34
- data/docs/resources/aws_s3_bucket.md.erb +6 -0
- data/docs/resources/filesystem.md.erb +2 -2
- data/lib/bundles/inspec-compliance/target.rb +2 -1
- data/lib/fetchers/url.rb +6 -0
- data/lib/inspec/resource.rb +9 -6
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +1 -1
- data/lib/resources/aws/aws_s3_bucket.rb +24 -2
- data/lib/utils/find_files.rb +7 -4
- data/lib/utils/nginx_parser.rb +22 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3b433c23e0f104009667cb51b6b8ab4a81e01b63
|
|
4
|
+
data.tar.gz: 58c72645fab1bbf25e56338f522ba55f6ca51bbf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ed147a0607f35c18186214bada157514130cd1000b31967b8c7f6ab861b7459e01ebfa9b57cb139d77d2aed80ba5d9e33d06eb5dad0c9f39f75dd6e01708f688
|
|
7
|
+
data.tar.gz: 3c2b47a3378ce52eaceac205a34d387ab9b301a752a7906decc8e29720876be0d13bbe17cc7fd414ae0ed0f88b6c533eebe22bacd089cbbd6624344c7d770a9c
|
data/CHANGELOG.md
CHANGED
|
@@ -1,28 +1,47 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
|
|
3
|
-
<!-- latest_release 2.1.
|
|
4
|
-
## [v2.1.
|
|
3
|
+
<!-- latest_release 2.1.67 -->
|
|
4
|
+
## [v2.1.67](https://github.com/chef/inspec/tree/v2.1.67) (2018-05-03)
|
|
5
5
|
|
|
6
6
|
#### Bug Fixes
|
|
7
|
-
-
|
|
7
|
+
- Add A2 support for profile compliance depends [#3014](https://github.com/chef/inspec/pull/3014) ([jquick](https://github.com/jquick))
|
|
8
8
|
<!-- latest_release -->
|
|
9
9
|
|
|
10
|
-
<!-- release_rollup since=2.1.
|
|
11
|
-
### Changes since 2.1.
|
|
10
|
+
<!-- release_rollup since=2.1.59 -->
|
|
11
|
+
### Changes since 2.1.59 release
|
|
12
|
+
|
|
13
|
+
#### New Features
|
|
14
|
+
- #2810 - Add check if aws s3 bucket is encrypted. [#2937](https://github.com/chef/inspec/pull/2937) ([UranusBytes](https://github.com/UranusBytes)) <!-- 2.1.64 -->
|
|
12
15
|
|
|
13
16
|
#### Bug Fixes
|
|
14
|
-
-
|
|
17
|
+
- Add A2 support for profile compliance depends [#3014](https://github.com/chef/inspec/pull/3014) ([jquick](https://github.com/jquick)) <!-- 2.1.67 -->
|
|
18
|
+
- nginx_conf resource: Fix include paths with quotes [#2726](https://github.com/chef/inspec/pull/2726) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.1.63 -->
|
|
19
|
+
|
|
20
|
+
#### Enhancements
|
|
21
|
+
- Split inspec into a core gem. [#3008](https://github.com/chef/inspec/pull/3008) ([miah](https://github.com/miah)) <!-- 2.1.65 -->
|
|
22
|
+
- Refactors Terraform plan to break out steps [#2996](https://github.com/chef/inspec/pull/2996) ([dmccown](https://github.com/dmccown)) <!-- 2.1.61 -->
|
|
15
23
|
|
|
16
24
|
#### Merged Pull Requests
|
|
17
|
-
-
|
|
18
|
-
-
|
|
19
|
-
-
|
|
25
|
+
- Add inspec-core gem to expeditor release [#3018](https://github.com/chef/inspec/pull/3018) ([jquick](https://github.com/jquick)) <!-- 2.1.66 -->
|
|
26
|
+
- cmp should recognise a string being a negative int [#3007](https://github.com/chef/inspec/pull/3007) ([james-stocks](https://github.com/james-stocks)) <!-- 2.1.62 -->
|
|
27
|
+
- Update Habitat plan [#3000](https://github.com/chef/inspec/pull/3000) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.1.60 -->
|
|
28
|
+
<!-- release_rollup -->
|
|
29
|
+
|
|
30
|
+
<!-- latest_stable_release -->
|
|
31
|
+
## [v2.1.59](https://github.com/chef/inspec/tree/v2.1.59) (2018-04-26)
|
|
20
32
|
|
|
21
33
|
#### Enhancements
|
|
22
|
-
- Update shadow#to_s to return @path instead of hardcoded `/etc/shadow` [#2978](https://github.com/chef/inspec/pull/2978) ([miah](https://github.com/miah))
|
|
23
|
-
|
|
34
|
+
- Update shadow#to_s to return @path instead of hardcoded `/etc/shadow` [#2978](https://github.com/chef/inspec/pull/2978) ([miah](https://github.com/miah))
|
|
35
|
+
|
|
36
|
+
#### Bug Fixes
|
|
37
|
+
- Catch exceptions in control blocks and fail the control [#2987](https://github.com/chef/inspec/pull/2987) ([clintoncwolfe](https://github.com/clintoncwolfe))
|
|
24
38
|
|
|
39
|
+
#### Merged Pull Requests
|
|
40
|
+
- Makes JSON resource enumerable, despite method_missing magic [#2910](https://github.com/chef/inspec/pull/2910) ([TheLonelyGhost](https://github.com/TheLonelyGhost))
|
|
41
|
+
- Fix case where res is nil in etc_group [#2984](https://github.com/chef/inspec/pull/2984) ([chris-rock](https://github.com/chris-rock))
|
|
42
|
+
- os_env resource returns only user's environment variable on Windows [#2945](https://github.com/chef/inspec/pull/2945) ([omar-irizarry](https://github.com/omar-irizarry))
|
|
25
43
|
<!-- latest_stable_release -->
|
|
44
|
+
|
|
26
45
|
## [v2.1.54](https://github.com/chef/inspec/tree/v2.1.54) (2018-04-19)
|
|
27
46
|
|
|
28
47
|
#### New Features
|
|
@@ -43,7 +62,6 @@
|
|
|
43
62
|
|
|
44
63
|
#### Merged Pull Requests
|
|
45
64
|
- Add A2 support to the inspec-compliance toolset [#2963](https://github.com/chef/inspec/pull/2963) ([jquick](https://github.com/jquick))
|
|
46
|
-
<!-- latest_stable_release -->
|
|
47
65
|
|
|
48
66
|
## [v2.1.43](https://github.com/chef/inspec/tree/v2.1.43) (2018-04-12)
|
|
49
67
|
|
data/Gemfile
CHANGED
data/README.md
CHANGED
|
@@ -424,6 +424,12 @@ Use the rake task `bundle exec rake test:aws` to test the AWS resources against
|
|
|
424
424
|
|
|
425
425
|
Please see [TESTING_AGAINST_AWS.md](./test/integration/aws/TESTING_AGAINST_AWS.md) for details on how to setup the needed AWS accounts to perform testing.
|
|
426
426
|
|
|
427
|
+
### Azure Tests
|
|
428
|
+
|
|
429
|
+
Use the rake task `bundle exec rake test:azure` to test the Azure resources against an Azure account.
|
|
430
|
+
|
|
431
|
+
Please see [TESTING_AGAINST_AZURE.md](./test/integration/aws/TESTING_AGAINST_AZURE.md) for details on how to setup the needed Azure accounts to perform testing.
|
|
432
|
+
|
|
427
433
|
## License
|
|
428
434
|
|
|
429
435
|
| | |
|
data/Rakefile
CHANGED
|
@@ -2,13 +2,15 @@
|
|
|
2
2
|
# encoding: utf-8
|
|
3
3
|
|
|
4
4
|
require 'bundler'
|
|
5
|
-
require 'bundler/
|
|
5
|
+
require 'bundler/gem_helper'
|
|
6
6
|
require 'rake/testtask'
|
|
7
7
|
require 'passgen'
|
|
8
8
|
require 'train'
|
|
9
9
|
require_relative 'tasks/maintainers'
|
|
10
10
|
require_relative 'tasks/spdx'
|
|
11
11
|
|
|
12
|
+
Bundler::GemHelper.install_tasks name: 'inspec'
|
|
13
|
+
|
|
12
14
|
def prompt(message)
|
|
13
15
|
print(message)
|
|
14
16
|
STDIN.gets.chomp
|
|
@@ -152,15 +154,30 @@ namespace :test do
|
|
|
152
154
|
namespace :azure do
|
|
153
155
|
# Specify the directory for the integration tests
|
|
154
156
|
integration_dir = File.join(project_dir, 'test', 'integration', 'azure')
|
|
157
|
+
tf_vars_file = File.join(integration_dir, 'build', 'terraform.tfvars')
|
|
155
158
|
attribute_file = File.join(integration_dir, '.attribute.yml')
|
|
156
159
|
|
|
157
160
|
task :setup, :tf_workspace do |t, args|
|
|
158
161
|
tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
|
|
159
162
|
abort("You must either call the top-level test:azure task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
|
|
160
|
-
|
|
163
|
+
|
|
164
|
+
puts '----> Setup Terraform Workspace'
|
|
165
|
+
|
|
161
166
|
sh("cd #{integration_dir}/build/ && terraform init -upgrade")
|
|
162
167
|
sh("cd #{integration_dir}/build/ && terraform workspace new #{tf_workspace}")
|
|
163
168
|
|
|
169
|
+
Rake::Task["test:azure:vars"].execute
|
|
170
|
+
Rake::Task["test:azure:plan"].execute
|
|
171
|
+
Rake::Task["test:azure:apply"].execute
|
|
172
|
+
end
|
|
173
|
+
|
|
174
|
+
desc "Generate terraform.tfvars file"
|
|
175
|
+
task :vars do |t, args|
|
|
176
|
+
|
|
177
|
+
next if File.exist?(tf_vars_file)
|
|
178
|
+
|
|
179
|
+
puts '----> Generating Vars'
|
|
180
|
+
|
|
164
181
|
# Generate Azure crendentials
|
|
165
182
|
connection = Train.create('azure').connection
|
|
166
183
|
creds = connection.options
|
|
@@ -172,23 +189,43 @@ namespace :test do
|
|
|
172
189
|
# Use the first 4 characters of the storage account to create a suffix
|
|
173
190
|
suffix = sa_name[0..3]
|
|
174
191
|
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
+
content = <<~VARS
|
|
193
|
+
subscription_id = "#{creds[:subscription_id]}"
|
|
194
|
+
client_id = "#{creds[:client_id]}"
|
|
195
|
+
client_secret = "#{creds[:client_secret]}"
|
|
196
|
+
tenant_id = "#{creds[:tenant_id]}"
|
|
197
|
+
storage_account_name = "#{sa_name}"
|
|
198
|
+
admin_password = "#{admin_password}"
|
|
199
|
+
suffix = "#{suffix}"
|
|
200
|
+
VARS
|
|
201
|
+
|
|
202
|
+
content << "location = \"#{ENV['AZURE_LOCATION']}\"\n" if ENV['AZURE_LOCATION']
|
|
203
|
+
|
|
204
|
+
File.write(tf_vars_file, content)
|
|
205
|
+
end
|
|
206
|
+
|
|
207
|
+
desc "generate plan from state using terraform.tfvars file"
|
|
208
|
+
task :plan, [:tf_workspace] => [:vars] do |t, args|
|
|
209
|
+
tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
|
|
210
|
+
abort("You must set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
|
|
211
|
+
|
|
212
|
+
puts '----> Generating Plan'
|
|
213
|
+
|
|
214
|
+
result = sh("cd #{integration_dir}/build/ && terraform workspace select #{tf_workspace}")
|
|
215
|
+
|
|
216
|
+
sh("cd #{integration_dir}/build/ && terraform plan -out inspec-azure.plan")
|
|
217
|
+
end
|
|
218
|
+
|
|
219
|
+
desc "apply terraform plan"
|
|
220
|
+
task :apply, [:tf_workspace] => [:plan] do |t, args|
|
|
221
|
+
tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
|
|
222
|
+
abort("You must set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
|
|
223
|
+
puts '----> Applying Plan'
|
|
224
|
+
|
|
225
|
+
sh("cd #{integration_dir}/build/ && terraform workspace select #{tf_workspace}")
|
|
226
|
+
|
|
227
|
+
sh("cd #{integration_dir}/build/ && terraform apply inspec-azure.plan")
|
|
228
|
+
|
|
192
229
|
Rake::Task["test:azure:dump_attrs"].execute
|
|
193
230
|
end
|
|
194
231
|
|
|
@@ -197,7 +234,7 @@ namespace :test do
|
|
|
197
234
|
raw_output = File.read(attribute_file)
|
|
198
235
|
yaml_output = raw_output.gsub(" = ", " : ")
|
|
199
236
|
File.open(attribute_file, "w") {|file| file.puts yaml_output}
|
|
200
|
-
|
|
237
|
+
end
|
|
201
238
|
|
|
202
239
|
task :run do
|
|
203
240
|
puts '----> Run'
|
|
@@ -209,23 +246,11 @@ namespace :test do
|
|
|
209
246
|
abort("You must either call the top-level test:azure task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
|
|
210
247
|
puts '----> Cleanup'
|
|
211
248
|
|
|
212
|
-
|
|
213
|
-
creds = connection.options
|
|
214
|
-
|
|
215
|
-
cmd = ""
|
|
216
|
-
cmd += "cd #{integration_dir}/build/ && terraform destroy -force "
|
|
217
|
-
cmd += " -var 'subscription_id=#{creds[:subscription_id]}' "
|
|
218
|
-
cmd += " -var 'client_id=#{creds[:client_id]}' "
|
|
219
|
-
cmd += " -var 'client_secret=#{creds[:client_secret]}' "
|
|
220
|
-
cmd += " -var 'tenant_id=#{creds[:tenant_id]}' "
|
|
221
|
-
cmd += " -var 'storage_account_name=dummy' "
|
|
222
|
-
cmd += " -var 'admin_password=dummy' "
|
|
223
|
-
cmd += " -var 'suffix=dummy' "
|
|
224
|
-
|
|
225
|
-
sh(cmd)
|
|
249
|
+
sh("cd #{integration_dir}/build/ && terraform destroy -force ")
|
|
226
250
|
|
|
227
251
|
sh("cd #{integration_dir}/build/ && terraform workspace select default")
|
|
228
252
|
sh("cd #{integration_dir}/build && terraform workspace delete #{tf_workspace}")
|
|
253
|
+
File.delete(tf_vars_file)
|
|
229
254
|
end
|
|
230
255
|
end
|
|
231
256
|
|
|
@@ -132,3 +132,9 @@ Note: This resource does not detect insecure object ACLs.
|
|
|
132
132
|
The `have_access_logging_enabled` matcher tests if access logging is enabled for the s3 bucket.
|
|
133
133
|
|
|
134
134
|
it { should have_access_logging_enabled }
|
|
135
|
+
|
|
136
|
+
### have\_default\_encryption\_enabled
|
|
137
|
+
|
|
138
|
+
The `have_default_encryption_enabled` matcher tests if default encryption is enabled for the s3 bucket.
|
|
139
|
+
|
|
140
|
+
it { should have_default_encryption_enabled }
|
|
@@ -20,7 +20,7 @@ A `filesystem` resource block declares tests for disk space in a partition:
|
|
|
20
20
|
where
|
|
21
21
|
|
|
22
22
|
* `filesystem('/')` states that the resource will look at the root (/) partition.
|
|
23
|
-
* `size` is measured in
|
|
23
|
+
* `size` is measured in kilobytes (KB).
|
|
24
24
|
|
|
25
25
|
<br>
|
|
26
26
|
|
|
@@ -28,7 +28,7 @@ where
|
|
|
28
28
|
|
|
29
29
|
The following examples show how to use this InSpec audit resource.
|
|
30
30
|
|
|
31
|
-
### Test if the root partition is greater than 32000
|
|
31
|
+
### Test if the root partition is greater than 32000 KB
|
|
32
32
|
|
|
33
33
|
describe filesystem('/') do
|
|
34
34
|
its('size') { should be >= 32000 }
|
|
@@ -62,7 +62,8 @@ module Compliance
|
|
|
62
62
|
config['token'] = Compliance::API.get_token(config)
|
|
63
63
|
|
|
64
64
|
# Needed for automate2 post request
|
|
65
|
-
|
|
65
|
+
profile_stub = profile || target[:compliance]
|
|
66
|
+
config['profile'] = Compliance::API.profile_split(profile_stub)
|
|
66
67
|
|
|
67
68
|
new(profile_fetch_url, config)
|
|
68
69
|
rescue URI::Error => _e
|
data/lib/fetchers/url.rb
CHANGED
|
@@ -157,6 +157,12 @@ module Fetchers
|
|
|
157
157
|
opts = http_opts
|
|
158
158
|
opts[:use_ssl] = uri.scheme == 'https'
|
|
159
159
|
|
|
160
|
+
if @insecure
|
|
161
|
+
opts[:verify_mode] = OpenSSL::SSL::VERIFY_NONE
|
|
162
|
+
else
|
|
163
|
+
opts[:verify_mode] = OpenSSL::SSL::VERIFY_PEER
|
|
164
|
+
end
|
|
165
|
+
|
|
160
166
|
req = Net::HTTP::Post.new(uri)
|
|
161
167
|
opts.each do |key, value|
|
|
162
168
|
req.add_field(key, value)
|
data/lib/inspec/resource.rb
CHANGED
|
@@ -78,13 +78,16 @@ end
|
|
|
78
78
|
require 'utils/filter'
|
|
79
79
|
|
|
80
80
|
# AWS resources are included via their own file.
|
|
81
|
-
require 'resource_support/aws'
|
|
81
|
+
require 'resource_support/aws' if Gem.loaded_specs.key?('aws-sdk')
|
|
82
|
+
|
|
83
|
+
if Gem.loaded_specs.key?('azure_mgmt_resources')
|
|
84
|
+
require 'resources/azure/azure_backend.rb'
|
|
85
|
+
require 'resources/azure/azure_generic_resource.rb'
|
|
86
|
+
require 'resources/azure/azure_resource_group.rb'
|
|
87
|
+
require 'resources/azure/azure_virtual_machine.rb'
|
|
88
|
+
require 'resources/azure/azure_virtual_machine_data_disk.rb'
|
|
89
|
+
end
|
|
82
90
|
|
|
83
|
-
require 'resources/azure/azure_backend.rb'
|
|
84
|
-
require 'resources/azure/azure_generic_resource.rb'
|
|
85
|
-
require 'resources/azure/azure_resource_group.rb'
|
|
86
|
-
require 'resources/azure/azure_virtual_machine.rb'
|
|
87
|
-
require 'resources/azure/azure_virtual_machine_data_disk.rb'
|
|
88
91
|
require 'resources/aide_conf'
|
|
89
92
|
require 'resources/apache'
|
|
90
93
|
require 'resources/apache_conf'
|
data/lib/inspec/version.rb
CHANGED
data/lib/matchers/matchers.rb
CHANGED
|
@@ -10,7 +10,7 @@ class AwsS3Bucket < Inspec.resource(1)
|
|
|
10
10
|
supports platform: 'aws'
|
|
11
11
|
|
|
12
12
|
include AwsSingularResourceMixin
|
|
13
|
-
attr_reader :bucket_name, :has_access_logging_enabled, :region
|
|
13
|
+
attr_reader :bucket_name, :has_default_encryption_enabled, :has_access_logging_enabled, :region
|
|
14
14
|
|
|
15
15
|
def to_s
|
|
16
16
|
"S3 Bucket #{@bucket_name}"
|
|
@@ -35,8 +35,13 @@ class AwsS3Bucket < Inspec.resource(1)
|
|
|
35
35
|
bucket_policy.any? { |s| s.effect == 'Allow' && s.principal == '*' }
|
|
36
36
|
end
|
|
37
37
|
|
|
38
|
+
def has_default_encryption_enabled?
|
|
39
|
+
return false unless @exists
|
|
40
|
+
@has_default_encryption_enabled ||= fetch_bucket_encryption_configuration
|
|
41
|
+
end
|
|
42
|
+
|
|
38
43
|
def has_access_logging_enabled?
|
|
39
|
-
return unless @exists
|
|
44
|
+
return false unless @exists
|
|
40
45
|
catch_aws_errors do
|
|
41
46
|
@has_access_logging_enabled ||= !BackendFactory.create(inspec_runner).get_bucket_logging(bucket: bucket_name).logging_enabled.nil?
|
|
42
47
|
end
|
|
@@ -89,6 +94,19 @@ class AwsS3Bucket < Inspec.resource(1)
|
|
|
89
94
|
end
|
|
90
95
|
end
|
|
91
96
|
|
|
97
|
+
def fetch_bucket_encryption_configuration
|
|
98
|
+
@has_default_encryption_enabled ||= catch_aws_errors do
|
|
99
|
+
begin
|
|
100
|
+
!BackendFactory.create(inspec_runner)
|
|
101
|
+
.get_bucket_encryption(bucket: bucket_name)
|
|
102
|
+
.server_side_encryption_configuration
|
|
103
|
+
.nil?
|
|
104
|
+
rescue Aws::S3::Errors::ServerSideEncryptionConfigurationNotFoundError
|
|
105
|
+
false
|
|
106
|
+
end
|
|
107
|
+
end
|
|
108
|
+
end
|
|
109
|
+
|
|
92
110
|
# Uses the SDK API to really talk to AWS
|
|
93
111
|
class Backend
|
|
94
112
|
class AwsClientApi < AwsBackendBase
|
|
@@ -110,6 +128,10 @@ class AwsS3Bucket < Inspec.resource(1)
|
|
|
110
128
|
def get_bucket_logging(query)
|
|
111
129
|
aws_service_client.get_bucket_logging(query)
|
|
112
130
|
end
|
|
131
|
+
|
|
132
|
+
def get_bucket_encryption(query)
|
|
133
|
+
aws_service_client.get_bucket_encryption(query)
|
|
134
|
+
end
|
|
113
135
|
end
|
|
114
136
|
end
|
|
115
137
|
end
|
data/lib/utils/find_files.rb
CHANGED
|
@@ -17,17 +17,20 @@ module FindFiles
|
|
|
17
17
|
|
|
18
18
|
# ignores errors
|
|
19
19
|
def find_files(path, opts = {})
|
|
20
|
-
|
|
20
|
+
find_files_or_warn(path, opts) || []
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
-
def
|
|
23
|
+
def find_files_or_warn(path, opts = {})
|
|
24
24
|
depth = opts[:depth]
|
|
25
25
|
type = TYPES[opts[:type].to_sym] if opts[:type]
|
|
26
26
|
|
|
27
|
-
|
|
27
|
+
# If `path` contains a `'` we must modify how we quote the `sh -c` argument
|
|
28
|
+
quote = path.include?("'") ? '"' : '\''
|
|
29
|
+
|
|
30
|
+
cmd = "sh -c #{quote}find #{path}"
|
|
28
31
|
cmd += " -type #{type}" unless type.nil?
|
|
29
32
|
cmd += " -maxdepth #{depth.to_i}" if depth.to_i > 0
|
|
30
|
-
cmd +=
|
|
33
|
+
cmd += quote
|
|
31
34
|
|
|
32
35
|
result = inspec.command(cmd)
|
|
33
36
|
exit_status = result.exit_status
|
data/lib/utils/nginx_parser.rb
CHANGED
|
@@ -33,12 +33,32 @@ class NginxParser < Parslet::Parser
|
|
|
33
33
|
standard_identifier | quoted_identifier
|
|
34
34
|
}
|
|
35
35
|
|
|
36
|
-
rule(:
|
|
37
|
-
((match(
|
|
36
|
+
rule(:standard_value) {
|
|
37
|
+
((match(/[#;{'"]/).absent? >> any) >> (
|
|
38
38
|
str('\\') >> any | match('[#;{]|\s').absent? >> any
|
|
39
39
|
).repeat).as(:value) >> space.repeat
|
|
40
40
|
}
|
|
41
41
|
|
|
42
|
+
rule(:single_quoted_value) {
|
|
43
|
+
str("'") >> (
|
|
44
|
+
str('\\') >> any | str("'").absent? >> any
|
|
45
|
+
).repeat.as(:value) >> str("'") >> space.repeat
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
rule(:double_quoted_value) {
|
|
49
|
+
str('"') >> (
|
|
50
|
+
str('\\') >> any | str('"').absent? >> any
|
|
51
|
+
).repeat.as(:value) >> str('"') >> space.repeat
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
rule(:quoted_value) {
|
|
55
|
+
single_quoted_value | double_quoted_value
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
rule(:value) {
|
|
59
|
+
standard_value | quoted_value
|
|
60
|
+
}
|
|
61
|
+
|
|
42
62
|
rule(:values) {
|
|
43
63
|
value.repeat >> space.maybe
|
|
44
64
|
}
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
4
|
+
version: 2.1.67
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dominik Richter
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-05-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: train
|