inspec 3.0.25 → 3.0.46
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +36 -15
- data/Rakefile +11 -12
- data/lib/fetchers/git.rb +5 -1
- data/lib/fetchers/url.rb +24 -6
- data/lib/inspec/cli.rb +63 -2
- data/lib/inspec/objects/control.rb +2 -1
- data/lib/inspec/objects/describe.rb +2 -2
- data/lib/inspec/objects/test.rb +4 -3
- data/lib/inspec/rspec_extensions.rb +8 -0
- data/lib/inspec/rule.rb +1 -0
- data/lib/inspec/runner.rb +5 -3
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-init/test/functional/inspec_init_test.rb +0 -1
- data/lib/resources/aws/aws_vpc.rb +2 -2
- data/lib/resources/iis_site.rb +3 -6
- data/lib/resources/port.rb +3 -1
- data/lib/resources/xml.rb +2 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5ff447f7ae9aa9544f0e511e2d5d07f2e52015e031f33fdde47e578b3f1a7ed8
|
4
|
+
data.tar.gz: 94a76db1779ffcf1e6b74101e064891578e30e74f18c3d6dc87d9a0dfb1e593f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 052a13a474764ee9857ade3a9caef06204a568d48a254f85f753d8ccfa6051b6214268e007acdf051fc8fc0699bb18680b92acd870cab2889e1e24037ceabafb
|
7
|
+
data.tar.gz: 3ce8e4121cd642573a713d365e9bdb1624c0ab145b81c42ce608e2a57705a0fa80356731d94d88367d23ce84b7af0b5b18ca399471de50f0db9c074fb715409f
|
data/CHANGELOG.md
CHANGED
@@ -1,31 +1,53 @@
|
|
1
1
|
# Change Log
|
2
2
|
<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
|
3
|
-
<!-- latest_release 3.0.
|
4
|
-
## [v3.0.
|
3
|
+
<!-- latest_release 3.0.46 -->
|
4
|
+
## [v3.0.46](https://github.com/inspec/inspec/tree/v3.0.46) (2018-11-08)
|
5
5
|
|
6
|
-
####
|
7
|
-
-
|
6
|
+
#### New Features
|
7
|
+
- Add Git SSH and HTTP basic auth support to `inspec exec` [#3562](https://github.com/inspec/inspec/pull/3562) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
8
8
|
<!-- latest_release -->
|
9
9
|
|
10
|
-
<!-- release_rollup since=3.0.
|
11
|
-
### Changes since 3.0.
|
10
|
+
<!-- release_rollup since=3.0.25 -->
|
11
|
+
### Changes since 3.0.25 release
|
12
|
+
|
13
|
+
#### New Features
|
14
|
+
- Add Git SSH and HTTP basic auth support to `inspec exec` [#3562](https://github.com/inspec/inspec/pull/3562) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 3.0.46 -->
|
12
15
|
|
13
16
|
#### Bug Fixes
|
14
|
-
-
|
17
|
+
- port: Correctly detect FreeBSD [#3579](https://github.com/inspec/inspec/pull/3579) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 3.0.43 -->
|
18
|
+
- Update iis_site bindingInformation construction and add tests [#3492](https://github.com/inspec/inspec/pull/3492) ([mrshanahan](https://github.com/mrshanahan)) <!-- 3.0.40 -->
|
19
|
+
- Silence RSpec 'should' Warning [#3560](https://github.com/inspec/inspec/pull/3560) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 3.0.29 -->
|
15
20
|
|
16
21
|
#### Enhancements
|
17
|
-
- Allow
|
18
|
-
-
|
22
|
+
- Allow add_test to accept negation [#3586](https://github.com/inspec/inspec/pull/3586) ([rachelrice](https://github.com/rachelrice)) <!-- 3.0.37 -->
|
23
|
+
- Added xml resource support for ints, bools, and string responses [#3583](https://github.com/inspec/inspec/pull/3583) ([greenantdotcom](https://github.com/greenantdotcom)) <!-- 3.0.34 -->
|
24
|
+
- Add only_if to Inspec objects [#3577](https://github.com/inspec/inspec/pull/3577) ([james-stocks](https://github.com/james-stocks)) <!-- 3.0.31 -->
|
25
|
+
- aws_vpc: accept 17 hexadecimal characters for vpc_id [#3564](https://github.com/inspec/inspec/pull/3564) ([kchistova](https://github.com/kchistova)) <!-- 3.0.28 -->
|
19
26
|
|
20
27
|
#### Merged Pull Requests
|
21
|
-
-
|
22
|
-
-
|
23
|
-
-
|
24
|
-
- Modernize omnibus config and reduce omnibus package size [#3543](https://github.com/inspec/inspec/pull/3543) ([tas50](https://github.com/tas50)) <!-- 3.0.15 -->
|
25
|
-
- Adding inspec init profile for GCP. [#3484](https://github.com/inspec/inspec/pull/3484) ([skpaterson](https://github.com/skpaterson)) <!-- 3.0.13 -->
|
28
|
+
- Fixes broken link in documentation [#3588](https://github.com/inspec/inspec/pull/3588) ([dmccown](https://github.com/dmccown)) <!-- 3.0.30 -->
|
29
|
+
- Fixes (some) ruby warnings related to functional tests [#3561](https://github.com/inspec/inspec/pull/3561) ([TheLonelyGhost](https://github.com/TheLonelyGhost)) <!-- 3.0.27 -->
|
30
|
+
- Fix functional tests issues with vendoring [#3572](https://github.com/inspec/inspec/pull/3572) ([jquick](https://github.com/jquick)) <!-- 3.0.26 -->
|
26
31
|
<!-- release_rollup -->
|
27
32
|
|
28
33
|
<!-- latest_stable_release -->
|
34
|
+
## [v3.0.25](https://github.com/inspec/inspec/tree/v3.0.25) (2018-11-01)
|
35
|
+
|
36
|
+
#### Enhancements
|
37
|
+
- ✓ adds additional checks for vendored profiles [#3362](https://github.com/inspec/inspec/pull/3362) ([chris-rock](https://github.com/chris-rock))
|
38
|
+
- Allow help args after Thor commands [#3553](https://github.com/inspec/inspec/pull/3553) ([jquick](https://github.com/jquick))
|
39
|
+
|
40
|
+
#### Bug Fixes
|
41
|
+
- Change usage of `Dir.home` to `Inspec.config_dir` [#3567](https://github.com/inspec/inspec/pull/3567) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
42
|
+
|
43
|
+
#### Merged Pull Requests
|
44
|
+
- Adding inspec init profile for GCP. [#3484](https://github.com/inspec/inspec/pull/3484) ([skpaterson](https://github.com/skpaterson))
|
45
|
+
- Modernize omnibus config and reduce omnibus package size [#3543](https://github.com/inspec/inspec/pull/3543) ([tas50](https://github.com/tas50))
|
46
|
+
- Allow end of options during Thor array parsing [#3547](https://github.com/inspec/inspec/pull/3547) ([jquick](https://github.com/jquick))
|
47
|
+
- Pin to train 1.5.6 [#3568](https://github.com/inspec/inspec/pull/3568) ([jquick](https://github.com/jquick))
|
48
|
+
- bump expeditor version [#3569](https://github.com/inspec/inspec/pull/3569) ([jquick](https://github.com/jquick))
|
49
|
+
<!-- latest_stable_release -->
|
50
|
+
|
29
51
|
## [v3.0.12](https://github.com/inspec/inspec/tree/v3.0.12) (2018-10-24)
|
30
52
|
|
31
53
|
#### New Resources
|
@@ -36,7 +58,6 @@
|
|
36
58
|
|
37
59
|
#### Merged Pull Requests
|
38
60
|
- Add inspec/train vault to plugin exclusion [#3532](https://github.com/inspec/inspec/pull/3532) ([jquick](https://github.com/jquick))
|
39
|
-
<!-- latest_stable_release -->
|
40
61
|
|
41
62
|
## [v3.0.9](https://github.com/inspec/inspec/tree/v3.0.9) (2018-10-18)
|
42
63
|
|
data/Rakefile
CHANGED
@@ -81,19 +81,18 @@ namespace :test do
|
|
81
81
|
t.ruby_opts = ['--dev'] if defined?(JRUBY_VERSION)
|
82
82
|
end
|
83
83
|
|
84
|
-
# Functional tests on Windows
|
85
|
-
#
|
86
|
-
|
87
|
-
|
84
|
+
# Functional tests on Windows take a bit to run. This
|
85
|
+
# optionally takes a env to breake the tests up into 3 workers.
|
86
|
+
Rake::TestTask.new(:'functional:windows') do |t, args|
|
87
|
+
files = Dir.glob('test/functional/*_test.rb').sort
|
88
|
+
if ENV['WORKER_NUMBER']
|
89
|
+
count = (files.count / 3).abs+1
|
90
|
+
start = (ENV['WORKER_NUMBER'].to_i - 1) * count
|
91
|
+
files = files[start..start+count-1]
|
92
|
+
end
|
93
|
+
|
88
94
|
t.libs << 'test'
|
89
|
-
t.test_files =
|
90
|
-
'test/functional/inspec_exec_test.rb',
|
91
|
-
'test/functional/inspec_exec_json_test.rb',
|
92
|
-
'test/functional/inspec_detect_test.rb',
|
93
|
-
'test/functional/inspec_vendor_test.rb',
|
94
|
-
'test/functional/inspec_check_test.rb',
|
95
|
-
'test/functional/filter_table_test.rb',
|
96
|
-
]
|
95
|
+
t.test_files = files
|
97
96
|
t.warning = true
|
98
97
|
t.verbose = true
|
99
98
|
t.ruby_opts = ['--dev'] if defined?(JRUBY_VERSION)
|
data/lib/fetchers/git.rb
CHANGED
@@ -29,7 +29,11 @@ module Fetchers
|
|
29
29
|
priority 200
|
30
30
|
|
31
31
|
def self.resolve(target, opts = {})
|
32
|
-
|
32
|
+
if target.is_a?(String)
|
33
|
+
new(target, opts) if target.start_with?('git@') || target.end_with?('.git')
|
34
|
+
elsif target.respond_to?(:has_key?) && target.key?(:git)
|
35
|
+
new(target[:git], opts.merge(target))
|
36
|
+
end
|
33
37
|
end
|
34
38
|
|
35
39
|
def initialize(remote_url, opts = {})
|
data/lib/fetchers/url.rb
CHANGED
@@ -95,6 +95,7 @@ module Fetchers
|
|
95
95
|
|
96
96
|
def initialize(url, opts)
|
97
97
|
@target = url
|
98
|
+
@target_uri = parse_uri(@target)
|
98
99
|
@insecure = opts['insecure']
|
99
100
|
@token = opts['token']
|
100
101
|
@config = opts
|
@@ -120,6 +121,11 @@ module Fetchers
|
|
120
121
|
|
121
122
|
private
|
122
123
|
|
124
|
+
def parse_uri(target)
|
125
|
+
return URI.parse(target) if target.is_a?(String)
|
126
|
+
URI.parse(target[:url])
|
127
|
+
end
|
128
|
+
|
123
129
|
def sha256
|
124
130
|
file = @archive_path || temp_archive_path
|
125
131
|
OpenSSL::Digest::SHA256.digest(File.read(file)).unpack('H*')[0]
|
@@ -155,9 +161,8 @@ module Fetchers
|
|
155
161
|
version: @config['profile'][2],
|
156
162
|
}.to_json
|
157
163
|
|
158
|
-
uri = URI.parse(@target)
|
159
164
|
opts = http_opts
|
160
|
-
opts[:use_ssl] =
|
165
|
+
opts[:use_ssl] = @target_uri.scheme == 'https'
|
161
166
|
|
162
167
|
if @insecure
|
163
168
|
opts[:verify_mode] = OpenSSL::SSL::VERIFY_NONE
|
@@ -165,12 +170,12 @@ module Fetchers
|
|
165
170
|
opts[:verify_mode] = OpenSSL::SSL::VERIFY_PEER
|
166
171
|
end
|
167
172
|
|
168
|
-
req = Net::HTTP::Post.new(
|
173
|
+
req = Net::HTTP::Post.new(@target_uri)
|
169
174
|
opts.each do |key, value|
|
170
175
|
req.add_field(key, value)
|
171
176
|
end
|
172
177
|
req.body = json
|
173
|
-
res = Net::HTTP.start(
|
178
|
+
res = Net::HTTP.start(@target_uri.host, @target_uri.port, opts) { |http|
|
174
179
|
http.request(req)
|
175
180
|
}
|
176
181
|
|
@@ -188,7 +193,7 @@ module Fetchers
|
|
188
193
|
def download_archive_to_temp
|
189
194
|
return @temp_archive_path if !@temp_archive_path.nil?
|
190
195
|
Inspec::Log.debug("Fetching URL: #{@target}")
|
191
|
-
remote =
|
196
|
+
remote = open_via_uri(@target)
|
192
197
|
@archive_type = file_type_from_remote(remote) # side effect :(
|
193
198
|
archive = Tempfile.new(['inspec-dl-', @archive_type])
|
194
199
|
archive.binmode
|
@@ -199,6 +204,17 @@ module Fetchers
|
|
199
204
|
@temp_archive_path = archive.path
|
200
205
|
end
|
201
206
|
|
207
|
+
def open_via_uri(target)
|
208
|
+
opts = http_opts
|
209
|
+
|
210
|
+
if opts[:http_basic_authentication]
|
211
|
+
# OpenURI does not support userinfo so we need to remove it
|
212
|
+
open(target.sub("#{@target_uri.userinfo}@", ''), opts)
|
213
|
+
else
|
214
|
+
open(target, opts)
|
215
|
+
end
|
216
|
+
end
|
217
|
+
|
202
218
|
def download_archive(path)
|
203
219
|
temp_archive_path
|
204
220
|
final_path = "#{path}#{@archive_type}"
|
@@ -225,7 +241,9 @@ module Fetchers
|
|
225
241
|
opts['Authorization'] = "Bearer #{@token}"
|
226
242
|
end
|
227
243
|
|
228
|
-
|
244
|
+
username = @config[:username] || @target_uri.user
|
245
|
+
password = @config[:password] || @target_uri.password
|
246
|
+
opts[:http_basic_authentication] = [username, password] if username
|
229
247
|
|
230
248
|
# Do not send any headers that have nil values.
|
231
249
|
# Net::HTTP does not gracefully handle this situation.
|
data/lib/inspec/cli.rb
CHANGED
@@ -168,9 +168,70 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
168
168
|
pretty_handle_exception(e)
|
169
169
|
end
|
170
170
|
|
171
|
-
desc 'exec
|
171
|
+
desc 'exec LOCATIONS', 'run all test files at the specified LOCATIONS.'
|
172
172
|
long_desc <<~EOT
|
173
|
-
Loads the given profile(s) and fetches their dependencies if needed.
|
173
|
+
Loads the given profile(s) and fetches their dependencies if needed. Then
|
174
|
+
connects to the target and executes any controls contained in the profiles.
|
175
|
+
One or more reporters are used to generate output. If all tests passed
|
176
|
+
(no fails, no skips) exit code 0 is returned. If some tests skipped but
|
177
|
+
none failed, exit code 101 is returned. If at least one test failed, exit
|
178
|
+
code 100 is returned. If inspec failed for any other reason, exit code 1
|
179
|
+
is returned.
|
180
|
+
|
181
|
+
Below are some examples of using `exec` with different test LOCATIONS:
|
182
|
+
|
183
|
+
Automate:
|
184
|
+
```
|
185
|
+
inspec compliance login
|
186
|
+
inspec exec compliance://username/linux-baseline
|
187
|
+
```
|
188
|
+
|
189
|
+
Supermarket:
|
190
|
+
```
|
191
|
+
inspec exec supermarket://username/linux-baseline
|
192
|
+
```
|
193
|
+
|
194
|
+
Local profile (executes all tests in `controls/`):
|
195
|
+
```
|
196
|
+
inspec exec /path/to/profile
|
197
|
+
```
|
198
|
+
|
199
|
+
Local single test (doesn't allow attributes or custom resources)
|
200
|
+
```
|
201
|
+
inspec exec /path/to/a_test.rb
|
202
|
+
```
|
203
|
+
|
204
|
+
Git via SSH
|
205
|
+
```
|
206
|
+
inspec exec git@github.com:dev-sec/linux-baseline.git
|
207
|
+
```
|
208
|
+
|
209
|
+
Git via HTTPS (.git suffix is required):
|
210
|
+
```
|
211
|
+
inspec exec https://github.com/dev-sec/linux-baseline.git
|
212
|
+
```
|
213
|
+
|
214
|
+
Private Git via HTTPS (.git suffix is required):
|
215
|
+
```
|
216
|
+
inspec exec https://API_TOKEN@github.com/dev-sec/linux-baseline.git
|
217
|
+
```
|
218
|
+
|
219
|
+
Private Git via HTTPS and cached credentials (.git suffix is required):
|
220
|
+
```
|
221
|
+
git config credential.helper cache
|
222
|
+
git ls-remote https://github.com/dev-sec/linux-baseline.git
|
223
|
+
inspec exec https://github.com/dev-sec/linux-baseline.git
|
224
|
+
```
|
225
|
+
|
226
|
+
Web hosted fileshare (also supports .zip):
|
227
|
+
```
|
228
|
+
inspec exec https://webserver/linux-baseline.tar.gz
|
229
|
+
```
|
230
|
+
|
231
|
+
Web hosted fileshare with basic authentication (supports .zip):
|
232
|
+
```
|
233
|
+
inspec exec https://username:password@webserver/linux-baseline.tar.gz
|
234
|
+
```
|
174
235
|
EOT
|
175
236
|
exec_options
|
176
237
|
def exec(*targets)
|
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
module Inspec
|
4
4
|
class Control
|
5
|
-
attr_accessor :id, :title, :descriptions, :impact, :tests, :tags, :refs
|
5
|
+
attr_accessor :id, :title, :descriptions, :impact, :tests, :tags, :refs, :only_if
|
6
6
|
def initialize
|
7
7
|
@tests = []
|
8
8
|
@tags = []
|
@@ -43,6 +43,7 @@ module Inspec
|
|
43
43
|
res.push " impact #{impact}" unless impact.nil?
|
44
44
|
tags.each { |t| res.push(indent(t.to_ruby, 2)) }
|
45
45
|
refs.each { |t| res.push(" ref #{print_ref(t)}") }
|
46
|
+
res.push " only_if { #{only_if} }" if only_if
|
46
47
|
tests.each { |t| res.push(indent(t.to_ruby, 2)) }
|
47
48
|
res.push 'end'
|
48
49
|
res.join("\n")
|
@@ -57,8 +57,8 @@ module Inspec
|
|
57
57
|
@variables = []
|
58
58
|
end
|
59
59
|
|
60
|
-
def add_test(its, matcher, expectation)
|
61
|
-
test = Inspec::Describe::Test.new(its, matcher, expectation,
|
60
|
+
def add_test(its, matcher, expectation, opts = {})
|
61
|
+
test = Inspec::Describe::Test.new(its, matcher, expectation, opts[:negated])
|
62
62
|
tests.push(test)
|
63
63
|
test
|
64
64
|
end
|
data/lib/inspec/objects/test.rb
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
module Inspec
|
4
4
|
class Test
|
5
|
-
attr_accessor :qualifier, :matcher, :expectation, :skip, :negated, :variables
|
5
|
+
attr_accessor :qualifier, :matcher, :expectation, :skip, :negated, :variables, :only_if
|
6
6
|
include RubyHelper
|
7
7
|
|
8
8
|
def initialize
|
@@ -61,6 +61,7 @@ module Inspec
|
|
61
61
|
end
|
62
62
|
|
63
63
|
def rb_describe
|
64
|
+
only_if_clause = "only_if { #{only_if} }\n" if only_if
|
64
65
|
vars = variables.map(&:to_ruby).join("\n")
|
65
66
|
vars += "\n" unless vars.empty?
|
66
67
|
res, xtra = describe_chain
|
@@ -74,8 +75,8 @@ module Inspec
|
|
74
75
|
elsif xpect != ''
|
75
76
|
' ' + expectation.inspect
|
76
77
|
end
|
77
|
-
format("%sdescribe %s do\n %s { should%s %s%s }\nend",
|
78
|
-
vars, res, itsy, naughty, matcher, xpect)
|
78
|
+
format("%s%sdescribe %s do\n %s { should%s %s%s }\nend",
|
79
|
+
only_if_clause, vars, res, itsy, naughty, matcher, xpect)
|
79
80
|
end
|
80
81
|
|
81
82
|
def rb_skip
|
@@ -1,6 +1,14 @@
|
|
1
1
|
require 'inspec/attribute_registry'
|
2
|
+
require 'rspec/core'
|
2
3
|
require 'rspec/core/example_group'
|
3
4
|
|
5
|
+
# Setup RSpec to allow use of `should` syntax without warnings
|
6
|
+
RSpec.configure do |config|
|
7
|
+
config.expect_with(:rspec) do |rspec_expectations_config|
|
8
|
+
rspec_expectations_config.syntax = :should
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
4
12
|
# This file allows you to add ExampleGroups to be used in rspec tests
|
5
13
|
#
|
6
14
|
class RSpec::Core::ExampleGroup
|
data/lib/inspec/rule.rb
CHANGED
data/lib/inspec/runner.rb
CHANGED
@@ -238,9 +238,11 @@ module Inspec
|
|
238
238
|
|
239
239
|
# Load local profile dependencies. This is used in inspec shell
|
240
240
|
# to provide access to local profiles that add resources.
|
241
|
-
@depends
|
242
|
-
|
243
|
-
.
|
241
|
+
@depends.each do |dep|
|
242
|
+
# support for windows paths
|
243
|
+
dep = dep.tr('\\', '/')
|
244
|
+
Inspec::Profile.for_path(dep, { profile_context: ctx }).load_libraries
|
245
|
+
end
|
244
246
|
|
245
247
|
ctx.load(command)
|
246
248
|
end
|
data/lib/inspec/version.rb
CHANGED
@@ -32,7 +32,6 @@ class InitCli < MiniTest::Test
|
|
32
32
|
|
33
33
|
def test_generating_inspec_profile_with_bad_platform
|
34
34
|
Dir.mktmpdir do |dir|
|
35
|
-
profile = File.join(dir, 'test-profile')
|
36
35
|
out = run_inspec_process("init profile --platform nonesuch test-profile", prefix: "cd #{dir} &&")
|
37
36
|
assert_equal 1, out.exit_status
|
38
37
|
assert_includes out.stdout, 'Unable to generate profile'
|
@@ -30,8 +30,8 @@ class AwsVpc < Inspec.resource(1)
|
|
30
30
|
allowed_scalar_type: String,
|
31
31
|
)
|
32
32
|
|
33
|
-
if validated_params.key?(:vpc_id) && validated_params[:vpc_id] !~ /^vpc\-[0-9a-f]{8}
|
34
|
-
raise ArgumentError, 'aws_vpc VPC ID must be in the format "vpc-" followed by 8 hexadecimal characters.'
|
33
|
+
if validated_params.key?(:vpc_id) && validated_params[:vpc_id] !~ /^vpc\-([0-9a-f]{8})|(^vpc\-[0-9a-f]{17})$/
|
34
|
+
raise ArgumentError, 'aws_vpc VPC ID must be in the format "vpc-" followed by 8 or 17 hexadecimal characters.'
|
35
35
|
end
|
36
36
|
|
37
37
|
validated_params
|
data/lib/resources/iis_site.rb
CHANGED
@@ -94,7 +94,7 @@ module Inspec::Resources
|
|
94
94
|
|
95
95
|
# want to populate everything using one powershell command here and spit it out as json
|
96
96
|
def iis_site(name)
|
97
|
-
command = "Get-Website '#{name}' |
|
97
|
+
command = "Get-Website '#{name}' | Select-Object -Property Name,State,PhysicalPath,bindings,ApplicationPool | ConvertTo-Json"
|
98
98
|
cmd = @inspec.command(command)
|
99
99
|
|
100
100
|
begin
|
@@ -103,11 +103,8 @@ module Inspec::Resources
|
|
103
103
|
return nil
|
104
104
|
end
|
105
105
|
|
106
|
-
bindings_array = site['bindings']['Collection'].map { |k
|
107
|
-
k['protocol']
|
108
|
-
' ' <<
|
109
|
-
k['bindingInformation'] <<
|
110
|
-
(k['protocol'] == 'https' ? ' sslFlags=' << flags : '')
|
106
|
+
bindings_array = site['bindings']['Collection'].map { |k|
|
107
|
+
"#{k['protocol']} #{k['bindingInformation']}#{k['protocol'] == 'https' ? " sslFlags=#{k['sslFlags']}" : ''}"
|
111
108
|
}
|
112
109
|
|
113
110
|
# map our values to a hash table
|
data/lib/resources/port.rb
CHANGED
@@ -63,10 +63,12 @@ module Inspec::Resources
|
|
63
63
|
AixPorts.new(inspec)
|
64
64
|
elsif os.darwin?
|
65
65
|
# Darwin: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/lsof.8.html
|
66
|
+
# Careful: make sure darwin comes before BSD, below
|
66
67
|
LsofPorts.new(inspec)
|
67
68
|
elsif os.windows?
|
68
69
|
WindowsPorts.new(inspec)
|
69
|
-
elsif
|
70
|
+
elsif os.bsd?
|
71
|
+
# Relies on sockstat, usually present on FreeBSD and NetBSD (but not MacOS X)
|
70
72
|
FreeBsdPorts.new(inspec)
|
71
73
|
elsif os.solaris?
|
72
74
|
SolarisPorts.new(inspec)
|
data/lib/resources/xml.rb
CHANGED
@@ -27,6 +27,8 @@ module Inspec::Resources
|
|
27
27
|
output.push(element.to_s)
|
28
28
|
elsif element.is_a?(REXML::Element)
|
29
29
|
output.push(element.text)
|
30
|
+
elsif element.is_a?(Integer) || element.is_a?(TrueClass) || element.is_a?(FalseClass) || element.is_a?(String)
|
31
|
+
output.push(element)
|
30
32
|
else
|
31
33
|
raise Inspec::Exceptions::ResourceFailed, "Unknown XML object received (#{element.class}): #{element}"
|
32
34
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0.
|
4
|
+
version: 3.0.46
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dominik Richter
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-11-
|
11
|
+
date: 2018-11-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: train
|