inspec 3.0.46 → 3.0.52
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +33 -21
- data/lib/inspec/fetcher.rb +3 -0
- data/lib/inspec/file_provider.rb +2 -2
- data/lib/inspec/version.rb +1 -1
- data/lib/resources/aws/aws_security_group.rb +18 -0
- data/lib/resources/service.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c5971c1dc6baf84c252d7f662178f0759a78b470b748c11aa303c2fb52c0de01
|
|
4
|
+
data.tar.gz: 04164f7e8bf06371813f01126c1cebc86bd90bd282d168d978ca06317530458d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1b252d1733f366b92f0e996413fe38166d69f30f02a23762d34fed9de10d1f2ad25ac9cb1395294e49aa9d16d2b61f10924dd1e5a23c5a9e69ad913deeebae85
|
|
7
|
+
data.tar.gz: 137e9b3594c8245c5171dc5c6ae88ae9d00114d5a362c6a420c316e2856b6568fbc591ffeb8eca2df9db915ebeef0e0796cdae734cf3030bb6f5cf7d8a6b1ac7
|
data/CHANGELOG.md
CHANGED
|
@@ -1,36 +1,49 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
|
|
3
|
-
<!-- latest_release 3.0.
|
|
4
|
-
## [v3.0.
|
|
3
|
+
<!-- latest_release 3.0.52 -->
|
|
4
|
+
## [v3.0.52](https://github.com/inspec/inspec/tree/v3.0.52) (2018-11-15)
|
|
5
5
|
|
|
6
|
-
####
|
|
7
|
-
-
|
|
6
|
+
#### Merged Pull Requests
|
|
7
|
+
- Load the compliance plugin when the fetcher is needed [#3609](https://github.com/inspec/inspec/pull/3609) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
8
8
|
<!-- latest_release -->
|
|
9
9
|
|
|
10
|
-
<!-- release_rollup since=3.0.
|
|
11
|
-
### Changes since 3.0.
|
|
10
|
+
<!-- release_rollup since=3.0.46 -->
|
|
11
|
+
### Changes since 3.0.46 release
|
|
12
12
|
|
|
13
|
-
####
|
|
14
|
-
-
|
|
13
|
+
#### Merged Pull Requests
|
|
14
|
+
- Load the compliance plugin when the fetcher is needed [#3609](https://github.com/inspec/inspec/pull/3609) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 3.0.52 -->
|
|
15
15
|
|
|
16
16
|
#### Bug Fixes
|
|
17
|
-
-
|
|
18
|
-
- Update iis_site bindingInformation construction and add tests [#3492](https://github.com/inspec/inspec/pull/3492) ([mrshanahan](https://github.com/mrshanahan)) <!-- 3.0.40 -->
|
|
19
|
-
- Silence RSpec 'should' Warning [#3560](https://github.com/inspec/inspec/pull/3560) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 3.0.29 -->
|
|
17
|
+
- Adds protection against zipslip vulnerability [#3604](https://github.com/inspec/inspec/pull/3604) ([hdost](https://github.com/hdost)) <!-- 3.0.51 -->
|
|
20
18
|
|
|
21
19
|
#### Enhancements
|
|
22
|
-
-
|
|
23
|
-
-
|
|
24
|
-
- Add only_if to Inspec objects [#3577](https://github.com/inspec/inspec/pull/3577) ([james-stocks](https://github.com/james-stocks)) <!-- 3.0.31 -->
|
|
25
|
-
- aws_vpc: accept 17 hexadecimal characters for vpc_id [#3564](https://github.com/inspec/inspec/pull/3564) ([kchistova](https://github.com/kchistova)) <!-- 3.0.28 -->
|
|
26
|
-
|
|
27
|
-
#### Merged Pull Requests
|
|
28
|
-
- Fixes broken link in documentation [#3588](https://github.com/inspec/inspec/pull/3588) ([dmccown](https://github.com/dmccown)) <!-- 3.0.30 -->
|
|
29
|
-
- Fixes (some) ruby warnings related to functional tests [#3561](https://github.com/inspec/inspec/pull/3561) ([TheLonelyGhost](https://github.com/TheLonelyGhost)) <!-- 3.0.27 -->
|
|
30
|
-
- Fix functional tests issues with vendoring [#3572](https://github.com/inspec/inspec/pull/3572) ([jquick](https://github.com/jquick)) <!-- 3.0.26 -->
|
|
20
|
+
- Adding --no-pager to service checks [#3592](https://github.com/inspec/inspec/pull/3592) ([fernandoalex](https://github.com/fernandoalex)) <!-- 3.0.50 -->
|
|
21
|
+
- aws_security_group: Query against other security group ids in allow_* matchers [#3576](https://github.com/inspec/inspec/pull/3576) ([j00p34](https://github.com/j00p34)) <!-- 3.0.49 -->
|
|
31
22
|
<!-- release_rollup -->
|
|
32
23
|
|
|
33
24
|
<!-- latest_stable_release -->
|
|
25
|
+
## [v3.0.46](https://github.com/inspec/inspec/tree/v3.0.46) (2018-11-08)
|
|
26
|
+
|
|
27
|
+
#### New Features
|
|
28
|
+
- Add Git SSH and HTTP basic auth support to `inspec exec` [#3562](https://github.com/inspec/inspec/pull/3562) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
|
29
|
+
|
|
30
|
+
#### Enhancements
|
|
31
|
+
- aws_vpc: accept 17 hexadecimal characters for vpc_id [#3564](https://github.com/inspec/inspec/pull/3564) ([kchistova](https://github.com/kchistova))
|
|
32
|
+
- Add only_if to Inspec objects [#3577](https://github.com/inspec/inspec/pull/3577) ([james-stocks](https://github.com/james-stocks))
|
|
33
|
+
- Added xml resource support for ints, bools, and string responses [#3583](https://github.com/inspec/inspec/pull/3583) ([greenantdotcom](https://github.com/greenantdotcom))
|
|
34
|
+
- Allow add_test to accept negation [#3586](https://github.com/inspec/inspec/pull/3586) ([rachelrice](https://github.com/rachelrice))
|
|
35
|
+
|
|
36
|
+
#### Bug Fixes
|
|
37
|
+
- Silence RSpec 'should' Warning [#3560](https://github.com/inspec/inspec/pull/3560) ([clintoncwolfe](https://github.com/clintoncwolfe))
|
|
38
|
+
- Update iis_site bindingInformation construction and add tests [#3492](https://github.com/inspec/inspec/pull/3492) ([mrshanahan](https://github.com/mrshanahan))
|
|
39
|
+
- port: Correctly detect FreeBSD [#3579](https://github.com/inspec/inspec/pull/3579) ([clintoncwolfe](https://github.com/clintoncwolfe))
|
|
40
|
+
|
|
41
|
+
#### Merged Pull Requests
|
|
42
|
+
- Fix functional tests issues with vendoring [#3572](https://github.com/inspec/inspec/pull/3572) ([jquick](https://github.com/jquick))
|
|
43
|
+
- Fixes (some) ruby warnings related to functional tests [#3561](https://github.com/inspec/inspec/pull/3561) ([TheLonelyGhost](https://github.com/TheLonelyGhost))
|
|
44
|
+
- Fixes broken link in documentation [#3588](https://github.com/inspec/inspec/pull/3588) ([dmccown](https://github.com/dmccown))
|
|
45
|
+
<!-- latest_stable_release -->
|
|
46
|
+
|
|
34
47
|
## [v3.0.25](https://github.com/inspec/inspec/tree/v3.0.25) (2018-11-01)
|
|
35
48
|
|
|
36
49
|
#### Enhancements
|
|
@@ -46,7 +59,6 @@
|
|
|
46
59
|
- Allow end of options during Thor array parsing [#3547](https://github.com/inspec/inspec/pull/3547) ([jquick](https://github.com/jquick))
|
|
47
60
|
- Pin to train 1.5.6 [#3568](https://github.com/inspec/inspec/pull/3568) ([jquick](https://github.com/jquick))
|
|
48
61
|
- bump expeditor version [#3569](https://github.com/inspec/inspec/pull/3569) ([jquick](https://github.com/jquick))
|
|
49
|
-
<!-- latest_stable_release -->
|
|
50
62
|
|
|
51
63
|
## [v3.0.12](https://github.com/inspec/inspec/tree/v3.0.12) (2018-10-24)
|
|
52
64
|
|
data/lib/inspec/fetcher.rb
CHANGED
data/lib/inspec/file_provider.rb
CHANGED
|
@@ -100,7 +100,7 @@ module Inspec
|
|
|
100
100
|
walk_zip(@path) do |io|
|
|
101
101
|
while (entry = io.get_next_entry)
|
|
102
102
|
name = entry.name.sub(%r{/+$}, '')
|
|
103
|
-
@files.push(name) unless name.empty?
|
|
103
|
+
@files.push(name) unless name.empty? || name.squeeze('/') =~ %r{\.{2}(?:/|\z)}
|
|
104
104
|
end
|
|
105
105
|
end
|
|
106
106
|
end
|
|
@@ -156,7 +156,7 @@ module Inspec
|
|
|
156
156
|
@files = tar.find_all(&:file?)
|
|
157
157
|
|
|
158
158
|
# delete all entries with no name
|
|
159
|
-
@files = @files.find_all { |x| !x.full_name.empty? }
|
|
159
|
+
@files = @files.find_all { |x| !x.full_name.empty? && x.full_name.squeeze('/') !~ %r{\.{2}(?:/|\z)} }
|
|
160
160
|
|
|
161
161
|
# delete all entries that have a PaxHeader
|
|
162
162
|
@files = @files.delete_if { |x| x.full_name.include?('PaxHeader/') }
|
data/lib/inspec/version.rb
CHANGED
|
@@ -41,9 +41,18 @@ class AwsSecurityGroup < Inspec.resource(1)
|
|
|
41
41
|
private
|
|
42
42
|
|
|
43
43
|
def allow_only(rules, criteria)
|
|
44
|
+
rules = allow__focus_on_position(rules, criteria)
|
|
44
45
|
# allow_{in_out}_only require either a single-rule group, or you
|
|
45
46
|
# to select a rule using position.
|
|
46
47
|
return false unless rules.count == 1 || criteria.key?(:position)
|
|
48
|
+
if criteria.key?(:security_group)
|
|
49
|
+
if criteria.key?(:position)
|
|
50
|
+
pos = criteria[:position] -1
|
|
51
|
+
else
|
|
52
|
+
pos = 0
|
|
53
|
+
end
|
|
54
|
+
return false unless rules[pos].key?(:user_id_group_pairs) && rules[pos][:user_id_group_pairs].count == 1
|
|
55
|
+
end
|
|
47
56
|
criteria[:exact] = true
|
|
48
57
|
allow(rules, criteria)
|
|
49
58
|
end
|
|
@@ -58,6 +67,7 @@ class AwsSecurityGroup < Inspec.resource(1)
|
|
|
58
67
|
matched &&= allow__match_protocol(rule, criteria)
|
|
59
68
|
matched &&= allow__match_ipv4_range(rule, criteria)
|
|
60
69
|
matched &&= allow__match_ipv6_range(rule, criteria)
|
|
70
|
+
matched &&= allow__match_security_group(rule, criteria)
|
|
61
71
|
matched
|
|
62
72
|
end
|
|
63
73
|
end
|
|
@@ -67,6 +77,7 @@ class AwsSecurityGroup < Inspec.resource(1)
|
|
|
67
77
|
:from_port,
|
|
68
78
|
:ipv4_range,
|
|
69
79
|
:ipv6_range,
|
|
80
|
+
:security_group,
|
|
70
81
|
:port,
|
|
71
82
|
:position,
|
|
72
83
|
:protocol,
|
|
@@ -187,6 +198,13 @@ class AwsSecurityGroup < Inspec.resource(1)
|
|
|
187
198
|
match_ipv4_or_6_range(rule, criteria)
|
|
188
199
|
end
|
|
189
200
|
|
|
201
|
+
def allow__match_security_group(rule, criteria)
|
|
202
|
+
return true unless criteria.key?(:security_group)
|
|
203
|
+
query = criteria[:security_group]
|
|
204
|
+
return false unless rule[:user_id_group_pairs]
|
|
205
|
+
rule[:user_id_group_pairs].any? { |group| query == group[:group_id] }
|
|
206
|
+
end
|
|
207
|
+
|
|
190
208
|
def validate_params(raw_params)
|
|
191
209
|
recognized_params = check_resource_param_names(
|
|
192
210
|
raw_params: raw_params,
|
data/lib/resources/service.rb
CHANGED
|
@@ -272,7 +272,7 @@ module Inspec::Resources
|
|
|
272
272
|
end
|
|
273
273
|
|
|
274
274
|
def info(service_name)
|
|
275
|
-
cmd = inspec.command("#{service_ctl} show --all #{service_name}")
|
|
275
|
+
cmd = inspec.command("#{service_ctl} show --no-pager --all #{service_name}")
|
|
276
276
|
return nil if cmd.exit_status.to_i != 0
|
|
277
277
|
|
|
278
278
|
# parse data
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.52
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dominik Richter
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-11-
|
|
11
|
+
date: 2018-11-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: train
|