inspec 4.18.0 → 4.18.24

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f1383016cfa4899dc2457ba11f9f4a7e79e02b8cfa9c1fd9b2cba34e8b0a6aa4
-  data.tar.gz: f80b35ba96ed8a3954240b5a43611bd4e7822589bf1a52e761b75e3a9e144ab6
+  metadata.gz: 6d18c5e5d562f59e26b4ddf2b757be945f349d5b09076acfae1468d058326497
+  data.tar.gz: d7290f25cd505d9014e80ff5b7a410d3dab495384c77c426602e60da2dc89356
 SHA512:
-  metadata.gz: 1c2b2cc5aea6c768acb57bd40cfd414c66ac56926dd8243e947e74aa748877a45ae778001c89d7d8a2f03abcc3ee165b2f525ebb664d0732f2d634a91498fbfe
-  data.tar.gz: cd5787223718099c19c4b3d4c85b726eee454305ea66ad7a0762674df7778efc64840d3f3db0debcaa4e1ec485202f9bebe8a2c9ad59c50361510133197efe7c
+  metadata.gz: 8cba31a9207fde92c5568746e5ec59a45f2f4cd0b1820964f9722d12424ec98a970d84bebed7f3ae6e9cd2f6f8ee22d5f625c615f8477d6f139b7a64d563811a
+  data.tar.gz: 898e03c84739355f05c720311d72a1b787499e26197bfc205d160830448e5870570affd649b1db67caa0eae6aeda61435ed9b4e77707636397778a35aac3802b

data/inspec.gemspec

@@ -31,6 +31,7 @@ Gem::Specification.new do |spec|
 
   # Implementation dependencies
   spec.add_dependency "license-acceptance", ">= 0.2.13", "< 2.0"
+  spec.add_dependency "chef-core", "~> 0.0"
   spec.add_dependency "thor", "~> 0.20"
   spec.add_dependency "json-schema", "~> 2.8"
   spec.add_dependency "method_source", "~> 0.8"

data/lib/inspec/dependencies/cache.rb

@@ -19,6 +19,8 @@ module Inspec
     def initialize(path = nil)
       @path = path || File.join(Inspec.config_dir, "cache")
       FileUtils.mkdir_p(@path) unless File.directory?(@path)
+    rescue Errno::EACCES
+      # ignore
     end
 
     def prefered_entry_for(key)

data/lib/inspec/file_provider.rb

@@ -171,7 +171,7 @@ module Inspec
           path = Pathname.new(name).relative_path_from(here).to_s
 
           @contents[path] = begin # not ||= in a tarball, last one wins
-                              res = entry.read
+                              res = entry.read || ""
                               try = res.dup
                               try.force_encoding Encoding::UTF_8
                               res = try if try.valid_encoding?

data/lib/inspec/input.rb

@@ -318,6 +318,17 @@ module Inspec
       !current_value.is_a? NO_VALUE_SET
     end
 
+    def to_hash
+      as_hash = { name: name, options: {} }
+      %i{description title identifier type required value}.each do |field|
+        val = send(field)
+        next if val.nil?
+
+        as_hash[:options][field] = val
+      end
+      as_hash
+    end
+
     #--------------------------------------------------------------------------#
     #                           Value Type Coercion
     #--------------------------------------------------------------------------#

data/lib/inspec/plugin/v1/plugin_types/resource.rb

@@ -16,7 +16,7 @@ module Inspec
 
   module ResourceDSL
     def name(name = nil)
-      return if name.nil?
+      return @name if name.nil?
 
       @name = name
       __register(name, self)

data/lib/inspec/plugin/v2/loader.rb

@@ -3,12 +3,6 @@ require "inspec/version"
 require "inspec/plugin/v2/config_file"
 require "inspec/plugin/v2/filter"
 
-# Add the current directory of the process to the load path
-$LOAD_PATH.unshift(".") unless $LOAD_PATH.include?(".")
-# Add the InSpec source root directory to the load path
-folder = File.expand_path(File.join("..", "..", "..", ".."), __dir__)
-$LOAD_PATH.unshift(folder) unless $LOAD_PATH.include?("folder")
-
 module Inspec::Plugin::V2
   class Loader
     attr_reader :conf_file, :registry, :options

data/lib/inspec/profile.rb

@@ -332,6 +332,7 @@ module Inspec
       # convert legacy os-* supports to their platform counterpart
       if res[:supports] && !res[:supports].empty?
         res[:supports].each do |support|
+          # TODO: deprecate
           support[:"platform-family"] = support.delete(:"os-family") if support.key?(:"os-family")
           support[:"platform-name"] = support.delete(:"os-name") if support.key?(:"os-name")
         end

data/lib/inspec/resource.rb

@@ -10,10 +10,12 @@ module Inspec
       @default_registry ||= {}
     end
 
+    # TODO: these are keyed off of strings
     def self.registry
       @registry ||= default_registry
     end
 
+    # TODO: these are keyed off of symbols
     def self.supports
       @supports ||= {}
     end
@@ -22,6 +24,29 @@ module Inspec
       default_registry.dup
     end
 
+    def self.backfill_supports!
+      reg = registry.keys.map(&:to_sym).sort
+      sup = supports.keys.map(&:to_sym).sort
+
+      missings = reg - sup
+
+      supports[:platform] = [{ platform: "os" }] # patch the circular dep
+
+      missings.each do |missing|
+        klass = registry[missing.to_s].superclass
+        sklas = klass.superclass.name&.to_sym # might be resource = no name
+
+        klass = klass.name.to_sym
+
+        case
+        when klass != missing # an alias
+          supports[missing] = supports[klass]
+        when sklas
+          supports[klass]   = supports[sklas]
+        end
+      end
+    end
+
     # Creates the inner DSL which includes all resources for
     # creating tests. It is always connected to one target,
     # which is specified via the backend argument.

data/lib/inspec/resources/etc_hosts_allow_deny.rb

@@ -33,6 +33,10 @@ module Inspec::Resources
 
     filter.install_filter_methods_on_resource(self, :params)
 
+    def to_s
+      "hosts.allow Configuration"
+    end
+
     private
 
     def read_content

data/lib/inspec/resources/filesystem.rb

@@ -95,7 +95,7 @@ module Inspec::Resources
 
   class LinuxFileSystemResource < FsManagement
     def info(partition)
-      cmd = inspec.command("df #{partition} -T")
+      cmd = inspec.command("df #{partition} -PT")
       if cmd.stdout.nil? || cmd.stdout.empty? || cmd.exit_status != 0
         raise Inspec::Exceptions::ResourceFailed,
           "Unable to get available space for partition #{partition}"

data/lib/inspec/resources/iis_app_pool.rb

@@ -22,10 +22,6 @@ module Inspec::Resources
     def initialize(pool_name)
       @pool_name = pool_name
       @pool_path = "IIS:\\AppPools\\#{@pool_name}"
-      @cache = nil
-
-      # verify that this resource is only supported on Windows
-      return skip_resource "The `iis_app_pool` resource is not supported on your OS." unless inspec.os.windows?
     end
 
     def pool_name
@@ -77,7 +73,7 @@ module Inspec::Resources
     end
 
     def exists?
-      !iis_app_pool[:pool_name].empty?
+      !!iis_app_pool[:pool_name]
     end
 
     def to_s
@@ -87,45 +83,45 @@ module Inspec::Resources
     private
 
     def iis_app_pool
-      return @cache unless @cache.nil?
-
-      # We use `-Compress` here to avoid a bug in PowerShell
-      # It does not affect validity of the output, only the representation
-      # See: https://github.com/inspec/inspec/pull/3842
-      script = <<~EOH
-        Import-Module WebAdministration
-        If (Test-Path '#{@pool_path}') {
-          Get-Item '#{@pool_path}' | Select-Object * | ConvertTo-Json -Compress
-        } Else {
-          Write-Host '{}'
+      @iis_app_pool ||= begin
+        # We use `-Compress` here to avoid a bug in PowerShell
+        # It does not affect validity of the output, only the representation
+        # See: https://github.com/inspec/inspec/pull/3842
+        script = <<~EOH
+          Import-Module WebAdministration
+          If (Test-Path '#{@pool_path}') {
+            Get-Item '#{@pool_path}' | Select-Object * | ConvertTo-Json -Compress
+          } Else {
+            Write-Host '{}'
+          }
+        EOH
+        cmd = inspec.powershell(script)
+
+        begin
+          pool = JSON.parse(cmd.stdout)
+        rescue JSON::ParserError => _e
+          raise Inspec::Exceptions::ResourceFailed, "Unable to parse app pool JSON"
+        end
+
+        process_model = pool.fetch("processModel", {})
+        idle_timeout = process_model.fetch("idleTimeout", {})
+
+        # map our values to a hash table
+        @cache = {
+          pool_name: pool["name"],
+          version: pool["managedRuntimeVersion"],
+          e32b: pool["enable32BitAppOnWin64"],
+          mode: pool["managedPipelineMode"],
+          processes: process_model["maxProcesses"],
+          timeout: "#{idle_timeout["Hours"]}:#{idle_timeout["Minutes"]}:#{idle_timeout["Seconds"]}",
+          timeout_days: idle_timeout["Days"],
+          timeout_hours: idle_timeout["Hours"],
+          timeout_minutes: idle_timeout["Minutes"],
+          timeout_seconds: idle_timeout["Seconds"],
+          user_identity_type: process_model["identityType"],
+          username: process_model["userName"],
         }
-      EOH
-      cmd = inspec.powershell(script)
-
-      begin
-        pool = JSON.parse(cmd.stdout)
-      rescue JSON::ParserError => _e
-        raise Inspec::Exceptions::ResourceFailed, "Unable to parse app pool JSON"
       end
-
-      process_model = pool.fetch("processModel", {})
-      idle_timeout = process_model.fetch("idleTimeout", {})
-
-      # map our values to a hash table
-      @cache = {
-        pool_name: pool["name"],
-        version: pool["managedRuntimeVersion"],
-        e32b: pool["enable32BitAppOnWin64"],
-        mode: pool["managedPipelineMode"],
-        processes: process_model["maxProcesses"],
-        timeout: "#{idle_timeout["Hours"]}:#{idle_timeout["Minutes"]}:#{idle_timeout["Seconds"]}",
-        timeout_days: idle_timeout["Days"],
-        timeout_hours: idle_timeout["Hours"],
-        timeout_minutes: idle_timeout["Minutes"],
-        timeout_seconds: idle_timeout["Seconds"],
-        user_identity_type: process_model["identityType"],
-        username: process_model["userName"],
-      }
     end
   end
 end

data/lib/inspec/resources/json.rb

@@ -5,6 +5,7 @@ require "inspec/utils/file_reader"
 module Inspec::Resources
   class JsonConfig < Inspec.resource(1)
     name "json"
+    supports platform: "os"
     desc "Use the json InSpec audit resource to test data in a JSON file."
     example <<~EXAMPLE
       describe json('policyfile.lock.json') do

data/lib/inspec/resources/mssql_session.rb

@@ -11,6 +11,7 @@ module Inspec::Resources
   # @see https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-connect-and-query-sqlcmd
   class MssqlSession < Inspec.resource(1)
     name "mssql_session"
+    supports platform: "windows"
     desc "Use the mssql_session InSpec audit resource to test SQL commands run against a MS Sql Server database."
     example <<~EXAMPLE
       # Using SQL authentication

data/lib/inspec/resources/oracledb_session.rb

@@ -1,8 +1,8 @@
 require "inspec/resources/command"
-require "hashie/mash"
 require "inspec/utils/database_helpers"
 require "htmlentities"
 require "rexml/document"
+require "hashie/mash"
 require "csv"
 
 module Inspec::Resources
@@ -21,8 +21,9 @@ module Inspec::Resources
       end
     EXAMPLE
 
-    attr_reader :user, :password, :host, :service, :as_os_user, :as_db_role
-    # rubocop:disable Metrics/PerceivedComplexity,Metrics/CyclomaticComplexity
+    attr_reader :bin, :db_role, :host, :password, :port, :service,
+                :su_user, :user
+
     def initialize(opts = {})
       @user = opts[:user]
       @password = opts[:password] || opts[:pass]
@@ -30,60 +31,35 @@ module Inspec::Resources
         Inspec.deprecate(:oracledb_session_pass_option, "The oracledb_session `pass` option is deprecated. Please use `password`.")
       end
 
+      @bin = "sqlplus"
       @host = opts[:host] || "localhost"
       @port = opts[:port] || "1521"
       @service = opts[:service]
-
-      # connection as sysdba stuff
-      return skip_resource "Option 'as_os_user' not available in Windows" if inspec.os.windows? && opts[:as_os_user]
-
       @su_user = opts[:as_os_user]
       @db_role = opts[:as_db_role]
-
-      # we prefer sqlci although it is way slower than sqlplus, but it understands csv properly
-      @sqlcl_bin = "sql" unless opts.key?(:sqlplus_bin) # don't use it if user specified sqlplus_bin option
+      @sqlcl_bin = opts[:sqlcl_bin] || nil
       @sqlplus_bin = opts[:sqlplus_bin] || "sqlplus"
-
-      return fail_resource "Can't run Oracle checks without authentication" if @su_user.nil? && (@user.nil? || @password.nil?)
-      return fail_resource "You must provide a service name for the session" if @service.nil?
+      skip_resource "Option 'as_os_user' not available in Windows" if inspec.os.windows? && su_user
+      fail_resource "Can't run Oracle checks without authentication" unless su_user && (user || password)
+      fail_resource "You must provide a service name for the session" unless service
     end
 
-    def query(q)
-      escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"')
-      # escape tables with $
-      escaped_query = escaped_query.gsub("$", '\\$')
-
-      p = nil
-      # use sqlplus if sqlcl is not available
+    def query(sql)
       if @sqlcl_bin && inspec.command(@sqlcl_bin).exist?
-        bin = @sqlcl_bin
-        opts = "set sqlformat csv\nSET FEEDBACK OFF"
-        p = :parse_csv_result
+        @bin = @sqlcl_bin
+        format_options = "set sqlformat csv\nSET FEEDBACK OFF"
+        parser = :parse_csv_result
       else
-        bin = @sqlplus_bin
-        opts = "SET MARKUP HTML ON\nSET PAGESIZE 32000\nSET FEEDBACK OFF"
-        p = :parse_html_result
+        @bin = "#{@sqlplus_bin} -S"
+        format_options = "SET MARKUP HTML ON\nSET PAGESIZE 32000\nSET FEEDBACK OFF"
+        parser = :parse_html_result
       end
 
-      query = verify_query(escaped_query)
-      query += ";" unless query.end_with?(";")
-      if @db_role.nil?
-        command = %{#{bin} "#{@user}"/"#{@password}"@#{@host}:#{@port}/#{@service} <<EOC\n#{opts}\n#{query}\nEXIT\nEOC}
-      elsif @su_user.nil?
-        command = %{#{bin} "#{@user}"/"#{@password}"@#{@host}:#{@port}/#{@service} as #{@db_role} <<EOC\n#{opts}\n#{query}\nEXIT\nEOC}
-      else
-        command = %{su - #{@su_user} -c "env ORACLE_SID=#{@service} #{bin} / as #{@db_role} <<EOC\n#{opts}\n#{query}\nEXIT\nEOC"}
-      end
-      cmd = inspec.command(command)
-
-      out = cmd.stdout + "\n" + cmd.stderr
-      if out.downcase =~ /^error/
-        # TODO: we need to throw an exception here
-        # change once https://github.com/chef/inspec/issues/1205 is in
-        warn "Could not execute the sql query #{out}"
-        DatabaseHelper::SQLQueryResult.new(cmd, Hashie::Mash.new({}))
-      end
-      DatabaseHelper::SQLQueryResult.new(cmd, send(p, cmd.stdout))
+      command = command_builder(format_options, sql)
+      inspec_cmd = inspec.command(command)
+
+      DatabaseHelper::SQLQueryResult.new(inspec_cmd, send(parser,
+                                                          inspec_cmd.stdout))
     end
 
     def to_s
@@ -92,9 +68,30 @@ module Inspec::Resources
 
     private
 
+    # 3 commands
+    # regular user password
+    # using a db_role
+    # su, using a db_role
+    def command_builder(format_options, query)
+      verified_query = verify_query(query)
+      sql_prefix, sql_postfix = "", ""
+      if inspec.os.windows?
+        sql_prefix = %{@'\n#{format_options}\n#{verified_query}\nEXIT\n'@ | }
+      else
+        sql_postfix = %{ <<'EOC'\n#{format_options}\n#{verified_query}\nEXIT\nEOC}
+      end
+
+      if @db_role.nil?
+        %{#{sql_prefix}#{bin} "#{user}"/"#{password}"@#{host}:#{port}/#{@service}#{sql_postfix}}
+      elsif @su_user.nil?
+        %{#{sql_prefix}#{bin} "#{user}"/"#{password}"@#{host}:#{port}/#{@service} as #{@db_role}#{sql_postfix}}
+      else
+        %{su - #{@su_user} -c "env ORACLE_SID=#{@service} #{bin} / as #{@db_role}#{sql_postfix}}
+      end
+    end
+
     def verify_query(query)
-      # ensure we have a ; at the end
-      query + ";" unless query.strip.end_with?(";")
+      query += ";" unless query.strip.end_with?(";")
       query
     end
 
@@ -115,7 +112,7 @@ module Inspec::Resources
       results
     end
 
-    def parse_html_result(stdout) # rubocop:disable Metrics/AbcSize
+    def parse_html_result(stdout)
       result = stdout
       # make oracle html valid html by removing the p tag, it does not include a closing tag
       result = result.gsub("<p>", "").gsub("</p>", "").gsub("<br>", "")

data/lib/inspec/resources/users.rb

@@ -464,8 +464,9 @@ module Inspec::Resources
         multiple_values: false
       ).params
 
-      dparse = Date.parse "#{params['Last password change']}"
-      dayslastset = (Date.today - dparse).to_i
+      last_change = params["Last password change"]
+      dparse = Date.parse "#{last_change}" rescue nil
+      dayslastset = (Date.today - dparse).to_i if dparse
       cmd = inspec.command("lastb -w -a | grep #{username} | wc -l")
       badpasswordattempts = convert_to_i(cmd.stdout.chomp) if cmd.exit_status == 0
 

data/lib/inspec/resources/yum.rb

@@ -59,7 +59,7 @@ module Inspec::Resources
         # detect repo start
         in_repo = true if line =~ /^\s*Repo-id\s*:\s*(.*)\b/
         # detect repo end
-        if line == "\n" && in_repo
+        if (line == "\n" || line =~ /\s*Total packages:/) && in_repo
           in_repo = false
           @cache.push(repo)
           repo = {}
@@ -70,6 +70,9 @@ module Inspec::Resources
           repo[repo_key(strip(val[1]))] = strip(val[2])
         end
       end
+
+      @cache.push(repo) if in_repo
+
       @cache
     end
 

data/lib/inspec/rspec_extensions.rb

@@ -50,8 +50,8 @@ module Inspec
     def method_missing(method_name, *arguments, &block)
       # see if it is a resource first
       begin
-        inspec = inspec if respond_to?(:inspec) # backend not available??
-        resource = Inspec::DSL.method_missing_resource(inspec, method_name, *arguments)
+        backend = inspec if respond_to?(:inspec) # backend not available??
+        resource = Inspec::DSL.method_missing_resource(backend, method_name, *arguments)
         return resource if resource
       rescue LoadError
         # pass through

data/lib/inspec/rule.rb

@@ -2,7 +2,7 @@
 
 require "method_source"
 require "date"
-require "inspec/describe"
+require "inspec/describe_base"
 require "inspec/expect"
 require "inspec/resource"
 require "inspec/resources/os"
@@ -60,7 +60,7 @@ module Inspec
         # waivers have higher precedence than only_if.
         __apply_waivers
 
-      rescue StandardError => e
+      rescue SystemStackError, StandardError => e
         # We've encountered an exception while trying to eval the code inside the
         # control block. We need to prevent the exception from bubbling up, and
         # fail the control. Controls are failed by having a failed resource within

data/lib/inspec/runner.rb

@@ -34,6 +34,8 @@ module Inspec
     attr_reader :backend, :rules
     attr_accessor :target_profiles
 
+    attr_accessor :test_collector
+
     def attributes
       Inspec.deprecate(:rename_attributes_to_inputs, "Don't call runner.attributes, call runner.inputs")
       inputs

data/lib/inspec/utils/nginx_parser.rb

@@ -18,7 +18,7 @@ class NginxParser < Parslet::Parser
   end
 
   rule(:standard_identifier) do
-    (match("[a-zA-Z]") >> match('\S').repeat).as(:identifier) >> space >> space.repeat
+    (match("[a-zA-Z~*.]") >> match('\S').repeat).as(:identifier) >> space >> space.repeat
   end
 
   rule(:quoted_identifier) do

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "4.18.0".freeze
+  VERSION = "4.18.24".freeze
 end

data/lib/plugins/inspec-compliance/README.md

@@ -152,7 +152,7 @@ $ inspec exec compliance://admin/profile
 
 Pending: (Failures listed here are expected and do not affect your suite's status)
 
-  1) gordon_config Can't find file "/tmp/gordon/config.yaml"
+  1) example_config Can't find file "/tmp/example/config.yaml"
      # Not yet implemented
      # ./lib/inspec/runner.rb:157
 

data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb

@@ -72,10 +72,10 @@ module InspecPlugins
       desc "exec PROFILE", "executes a #{COMPLIANCE_PRODUCT_NAME} profile"
       exec_options
       def exec(*tests)
-        config = InspecPlugins::Compliance::Configuration.new
-        return unless loggedin(config)
+        compliance_config = InspecPlugins::Compliance::Configuration.new
+        return unless loggedin(compliance_config)
 
-        o = opts(:exec).dup
+        o = config # o is an Inspec::Config object, provided by a helper method from Inspec::BaseCLI
         diagnose(o)
         configure_logger(o)
 

data/lib/plugins/inspec-plugin-manager-cli/test/functional/helper.rb

@@ -9,7 +9,7 @@ module PluginManagerHelpers
   let(:list_after_run) do
     Proc.new do |run_result, tmp_dir|
       # After installing/uninstalling/whatevering, run list with config in the same dir, and capture it.
-      run_result.payload.list_result = parse_plugin_list_lines(
+      @list_result = parse_plugin_list_lines(
         run_inspec_process("plugin list", env: { INSPEC_CONFIG_DIR: tmp_dir }).stdout
       )
     end

data/lib/plugins/inspec-plugin-manager-cli/test/functional/install_test.rb

@@ -54,12 +54,12 @@ class PluginManagerCliInstall < Minitest::Test
       assert_includes success_message, "plugin installed via source path reference"
 
       # Check round-trip UX via list
-      itf_plugin = install_result.payload.list_result.detect { |p| p[:name] == fixture_info[:plugin_name] }
+      itf_plugin = @list_result.detect { |p| p[:name] == fixture_info[:plugin_name] }
       refute_nil itf_plugin, "plugin name should now appear in the output of inspec list"
       assert_equal "path", itf_plugin[:type], "list output should show that it is a path installation"
 
       # Check plugin statefile. Extra important in this case, since all should resolve to the same entry point.
-      plugin_data = install_result.payload.plugin_data
+      plugin_data = @plugin_data
       entry = plugin_data["plugins"].detect { |e| e["name"] == fixture_info[:plugin_name] }
       assert_equal fixture_info[:resolved_path], entry["installation_path"], "Regardless of input, the entry point should be correct."
 
@@ -164,7 +164,7 @@ class PluginManagerCliInstall < Minitest::Test
     refute_nil success_message, "Should find a success message at the end"
     assert_includes success_message, "installed from local .gem file"
 
-    itf_plugin = install_result.payload.list_result.detect { |p| p[:name] == "inspec-test-fixture" }
+    itf_plugin = @list_result.detect { |p| p[:name] == "inspec-test-fixture" }
     refute_nil itf_plugin, "plugin name should now appear in the output of inspec list"
     assert_equal "gem (user)", itf_plugin[:type]
     assert_equal "0.1.0", itf_plugin[:version]
@@ -195,7 +195,7 @@ class PluginManagerCliInstall < Minitest::Test
     assert_includes success_message, "0.2.0"
     assert_includes success_message, "installed from rubygems.org"
 
-    itf_plugin = install_result.payload.list_result.detect { |p| p[:name] == "inspec-test-fixture" }
+    itf_plugin = @list_result.detect { |p| p[:name] == "inspec-test-fixture" }
     refute_nil itf_plugin, "plugin name should now appear in the output of inspec list"
     assert_equal "gem (user)", itf_plugin[:type]
     assert_equal "0.2.0", itf_plugin[:version]
@@ -225,7 +225,7 @@ class PluginManagerCliInstall < Minitest::Test
     assert_includes success_message, "0.1.0"
     assert_includes success_message, "installed from rubygems.org"
 
-    itf_plugin = install_result.payload.list_result.detect { |p| p[:name] == "inspec-test-fixture" }
+    itf_plugin = @list_result.detect { |p| p[:name] == "inspec-test-fixture" }
     refute_nil itf_plugin, "plugin name should now appear in the output of inspec list"
     assert_equal "gem (user)", itf_plugin[:type]
     assert_equal "0.1.0", itf_plugin[:version]
@@ -317,7 +317,7 @@ class PluginManagerCliInstall < Minitest::Test
     assert_includes success_message, "0.1.0"
     assert_includes success_message, "installed from rubygems.org"
 
-    ttf_plugin = install_result.payload.list_result.detect { |p| p[:name] == "train-test-fixture" }
+    ttf_plugin = @list_result.detect { |p| p[:name] == "train-test-fixture" }
     refute_nil ttf_plugin, "plugin name should now appear in the output of inspec list"
     assert_equal "gem (user)", ttf_plugin[:type]
     assert_equal "0.1.0", ttf_plugin[:version]

data/lib/plugins/inspec-plugin-manager-cli/test/functional/uninstall_test.rb

@@ -20,7 +20,7 @@ class PluginManagerCliUninstall < Minitest::Test
     assert_includes success_message, "0.1.0"
     assert_includes success_message, "has been uninstalled"
 
-    itf_plugins = uninstall_result.payload.list_result.select { |p| p[:name] == "inspec-test-fixture" }
+    itf_plugins = @list_result.select { |p| p[:name] == "inspec-test-fixture" }
     assert_empty itf_plugins, "inspec-test-fixture should not appear in the output of inspec list"
 
     assert_empty uninstall_result.stderr
@@ -42,7 +42,7 @@ class PluginManagerCliUninstall < Minitest::Test
     assert_includes success_message, "path-based plugin install"
     assert_includes success_message, "has been uninstalled"
 
-    itf_plugins = uninstall_result.payload.list_result.select { |p| p[:name] == "inspec-meaning-of-life" }
+    itf_plugins = @list_result.select { |p| p[:name] == "inspec-meaning-of-life" }
     assert_empty itf_plugins, "inspec-meaning-of-life should not appear in the output of inspec list"
 
     assert_empty uninstall_result.stderr

data/lib/plugins/inspec-plugin-manager-cli/test/functional/update_test.rb

@@ -22,7 +22,7 @@ class PluginManagerCliUpdate < Minitest::Test
     assert_includes success_message, "0.2.0"
     assert_includes success_message, "updated from rubygems.org"
 
-    itf_plugin = update_result.payload.list_result.detect { |p| p[:name] == "inspec-test-fixture" }
+    itf_plugin = @list_result.detect { |p| p[:name] == "inspec-test-fixture" }
     refute_nil itf_plugin, "plugin name should now appear in the output of inspec list"
     assert_equal "gem (user)", itf_plugin[:type]
     assert_equal "0.2.0", itf_plugin[:version]

data/lib/plugins/shared/core_plugin_test_helper.rb

@@ -65,7 +65,7 @@ module CorePluginFunctionalHelper
     elsif opts.key?(:env)
       prefix = opts[:env].to_a.map { |assignment| "#{assignment[0]}=#{assignment[1]}" }.join(" ")
     end
-    Inspec::FuncTestRunResult.new(TRAIN_CONNECTION.run_command("#{prefix} #{exec_inspec} #{command_line}"))
+    TRAIN_CONNECTION.run_command("#{prefix} #{exec_inspec} #{command_line}")
   end
 
   # This helper does some fancy footwork to make InSpec think a plugin
@@ -76,8 +76,7 @@ module CorePluginFunctionalHelper
   #       Modify plugin_statefile_data as needed; it will be written to a plugins.json
   #       in tmp_dir_path.  You may also copy in other things to the tmp_dir_path. Your PWD
   #       will be in the tmp_dir, and it will exist and be empty.
-  #    :post_run: Proc(FuncTestRunResult, tmp_dir_path) - optional result capture block.
-  #       run_result will be populated, but you can add more to the ostruct .payload
+  #    :post_run: Proc(CommandResult, tmp_dir_path) - optional result capture block.
   #       Your PWD will be the tmp_dir, and it will still exist (for a moment!)
   def run_inspec_process_with_this_plugin(command_line, opts = {})
     plugin_path = __find_plugin_path_from_caller
@@ -101,7 +100,7 @@ module CorePluginFunctionalHelper
 
       # Read the resulting plugins.json into memory, if any
       if File.exist?(plugin_file_path)
-        run_result.payload.plugin_data = JSON.parse(File.read(plugin_file_path))
+        @plugin_data = JSON.parse(File.read(plugin_file_path))
       end
 
       opts[:post_run]&.call(run_result, tmp_dir)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 4.18.0
+  version: 4.18.24
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-10-10 00:00:00.000000000 Z
+date: 2019-10-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
@@ -86,6 +86,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: chef-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.0'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -454,7 +468,7 @@ files:
 - lib/inspec/dependencies/lockfile.rb
 - lib/inspec/dependencies/requirement.rb
 - lib/inspec/dependencies/resolver.rb
-- lib/inspec/describe.rb
+- lib/inspec/describe_base.rb
 - lib/inspec/dist.rb
 - lib/inspec/dsl.rb
 - lib/inspec/dsl_shared.rb