inspec 4.18.24 → 4.18.38

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6d18c5e5d562f59e26b4ddf2b757be945f349d5b09076acfae1468d058326497
-  data.tar.gz: d7290f25cd505d9014e80ff5b7a410d3dab495384c77c426602e60da2dc89356
+  metadata.gz: 5c6bd13128388c648c4282da23a2139a861b097ba71056355b77493f81dd09a4
+  data.tar.gz: fb42433c9d7feb7552edadd726c9f916cf33ecb3c4cb669487e8d5037209663a
 SHA512:
-  metadata.gz: 8cba31a9207fde92c5568746e5ec59a45f2f4cd0b1820964f9722d12424ec98a970d84bebed7f3ae6e9cd2f6f8ee22d5f625c615f8477d6f139b7a64d563811a
-  data.tar.gz: 898e03c84739355f05c720311d72a1b787499e26197bfc205d160830448e5870570affd649b1db67caa0eae6aeda61435ed9b4e77707636397778a35aac3802b
+  metadata.gz: a7b4fc775a7579e52b1f50bf29c6760c1c7ec9cfe65f1fe6629665d4d12807b3dbf082eeaa6f15166b6d7e8a65d0dff4d5829961f299b1eb6131c081a6a1d954
+  data.tar.gz: 3f1334efc5c92a9d6cba4db27783a5218a9d298b49c61e129ba6f91b43695f4b32ec6afa711c081e2e6a02b35700f3c61ef80eef82e890ae2bce4b9eff8f9364

data/Gemfile

@@ -19,9 +19,10 @@ group :omnibus do
 end
 
 group :test do
-  gem "chefstyle", "0.13.0"
+  gem "chefstyle", "~> 0.13.0"
   gem "coveralls", require: false
   gem "minitest", "~> 5.5"
+  gem "minitest-sprint", "~> 1.0"
   gem "rake", ">= 10"
   gem "simplecov", "~> 0.10"
   gem "concurrent-ruby", "~> 1.0"

data/etc/deprecations.json

@@ -116,6 +116,10 @@
     "wmi_non_hash_usage": {
       "action": "fail_control",
       "suffix": "This property was removed in InSpec 4.0."
+    },
+    "object_classes": {
+      "action": "warn",
+      "suffix": "These classes will be removed in InSpec 5.0."
     }
   }
 }

data/inspec.gemspec

@@ -31,7 +31,6 @@ Gem::Specification.new do |spec|
 
   # Implementation dependencies
   spec.add_dependency "license-acceptance", ">= 0.2.13", "< 2.0"
-  spec.add_dependency "chef-core", "~> 0.0"
   spec.add_dependency "thor", "~> 0.20"
   spec.add_dependency "json-schema", "~> 2.8"
   spec.add_dependency "method_source", "~> 0.8"

data/lib/inspec/cli.rb

@@ -122,8 +122,8 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     else
       %w{location profile controls timestamp valid}.each do |item|
         prepared_string = format("%-12s %s",
-          "#{item.to_s.capitalize} :",
-          result[:summary][item.to_sym])
+                                 "#{item.to_s.capitalize} :",
+                                 result[:summary][item.to_sym])
         ui.plain_line(prepared_string)
       end
       puts

data/lib/inspec/config.rb

@@ -207,7 +207,8 @@ module Inspec
     end
 
     def _utc_find_credset_name(_credentials, transport_name)
-      return nil unless final_options[:target]
+      return unless final_options[:target]
+
       match = final_options[:target].match(%r{^#{transport_name}://(?<credset_name>[\w\-]+)$})
       match ? match[:credset_name] : nil
     end

data/lib/inspec/dependencies/requirement.rb

@@ -21,16 +21,20 @@ module Inspec
       }
 
       new(dep[:name],
-        dep[:version],
-        config,
-        opts.merge(dep))
+          dep[:version],
+          config,
+          opts.merge(dep))
     end
 
     def self.from_lock_entry(entry, config, opts = {})
+      resolved_source = entry[:resolved_source]
+        .merge(backend: config[:backend])
+        .merge(opts)
+
       req = new(entry[:name],
-        entry[:version_constraints],
-        config,
-        entry[:resolved_source].merge(backend: config[:backend]).merge(opts))
+                entry[:version_constraints],
+                config,
+                resolved_source)
 
       locked_deps = []
       Array(entry[:dependencies]).each do |dep_entry|

data/lib/inspec/describe_base.rb

@@ -1,5 +1,10 @@
+require "inspec/input_dsl_helpers"
+
 module Inspec
   class DescribeBase
+
+    include Inspec::InputDslHelpers
+
     def initialize(action)
       @action = action
       @checks = []
@@ -17,6 +22,14 @@ module Inspec
       @action.call("describe.one", @checks, nil)
     end
 
+    def input(input_name, options = {})
+      input_with_profile_id(__profile_id, input_name, options)
+    end
+
+    def input_object(name)
+      Inspec::InputRegistry.find_or_register_input(name, __profile_id)
+    end
+
     def method_missing(method_name, *arguments)
       Inspec::DSL.method_missing_resource(inspec, method_name, *arguments)
     end
@@ -24,5 +37,17 @@ module Inspec
     def describe(*args, &block)
       @checks.push(["describe", args, block])
     end
+
+    private
+
+    # While this is marked private, it gets consumed during an instance_eval,
+    # so it is fully visible. The double underscore is there to discourage
+    # use - this is a private API.
+    def __profile_id
+      # Excavate the profile ID. The action is a Method calling __add_check on
+      # a Rule whose profile ID we want
+      @action.receiver.instance_variable_get(:@__profile_id)
+    end
+
   end
 end

data/lib/inspec/file_provider.rb

@@ -123,6 +123,7 @@ module Inspec
     end
 
     def read(file)
+      # TODO: this is inefficient
       @contents[file] ||= read_from_zip(file)
     end
 
@@ -141,6 +142,10 @@ module Inspec
           next unless file == entry.name
 
           res = io.read
+          try = res.dup
+          try.force_encoding Encoding::UTF_8
+          res = try.encode(try.encoding, universal_newline: true) if try.valid_encoding?
+
           break
         end
       end
@@ -174,7 +179,8 @@ module Inspec
                               res = entry.read || ""
                               try = res.dup
                               try.force_encoding Encoding::UTF_8
-                              res = try if try.valid_encoding?
+                              res = try.encode(try.encoding, universal_newline: true) if
+                                try.valid_encoding?
                               res
                             end
         end

data/lib/inspec/input_dsl_helpers.rb

@@ -0,0 +1,26 @@
+
+require "inspec/input_registry"
+
+module Inspec
+  # A mixin to provide implementations for the input() DSL methods
+  module InputDslHelpers
+
+    # Find or create an input, explicitly named by a profile ID and
+    #  input name. Evaluate the input and return the value.
+    # @param [String] Profile ID
+    # @param [String] Input Name
+    # @param [Hash] Input options - see input docs on website
+    # @returns [Object] Input value
+    def input_with_profile_id(profile_id, input_name, options)
+      if options.empty?
+        # Simply an access, no event here
+        Inspec::InputRegistry.find_or_register_input(input_name, profile_id).value
+      else
+        options[:priority] = 20
+        options[:provider] = :inline_control_code
+        evt = Inspec::Input.infer_event(options)
+        Inspec::InputRegistry.find_or_register_input(input_name, profile_id, event: evt).value
+      end
+    end
+  end
+end

data/lib/inspec/input_registry.rb

@@ -208,8 +208,8 @@ module Inspec
         data = Inspec::SecretsBackend.resolve(path)
         if data.nil?
           raise Inspec::Exceptions::SecretsBackendNotFound,
-            "Cannot find parser for inputs file '#{path}'. " \
-            "Check to make sure file has the appropriate extension."
+                "Cannot find parser for inputs file '#{path}'. " \
+                "Check to make sure file has the appropriate extension."
         end
 
         next if data.inputs.nil?
@@ -230,14 +230,14 @@ module Inspec
     def validate_inputs_file_readability!(path)
       unless File.exist?(path)
         raise Inspec::Exceptions::InputsFileDoesNotExist,
-          "Cannot find input file '#{path}'. " \
-          "Check to make sure file exists."
+              "Cannot find input file '#{path}'. " \
+              "Check to make sure file exists."
       end
 
       unless File.readable?(path)
         raise Inspec::Exceptions::InputsFileNotReadable,
-          "Cannot read input file '#{path}'. " \
-          "Check to make sure file is readable."
+              "Cannot read input file '#{path}'. " \
+              "Check to make sure file is readable."
       end
 
       true

data/lib/inspec/metadata.rb

@@ -64,6 +64,7 @@ module Inspec
     end
 
     def supports_platform?(backend)
+      require "inspec/resources/platform" # break circularity in load
       backend.platform.supported?(params[:supports])
     end
 
@@ -156,9 +157,12 @@ module Inspec
         nil
       when nil then nil
       else
-        Inspec.deprecate(:supports_syntax,
+        Inspec.deprecate(
+          :supports_syntax,
           "Do not use deprecated `supports: #{x}` syntax. Instead use:\n"\
-          "supports:\n  - os-family: #{x}\n\n")
+            "supports:\n  - os-family: #{x}\n\n"
+        )
+
         { :'os-family' => x } # rubocop:disable Style/HashSyntax
       end
     end

data/lib/inspec/method_source.rb

@@ -14,7 +14,7 @@ module Inspec
       ::MethodSource.expression_at(src.lines, location[:line]).force_encoding("utf-8")
     rescue SyntaxError => e
       raise ::MethodSource::SourceNotFoundError,
-        "Could not parse source at #{location[:ref]}:#{location[:line]}: #{e.message}"
+            "Could not parse source at #{location[:ref]}:#{location[:line]}: #{e.message}"
     end
   end
 end

data/lib/inspec/objects/control.rb

@@ -1,3 +1,8 @@
+# This class is deprecated and will be removed in the next major release of InSpec.
+# Use the Inspec::Object classes from the inspec-objects rubygem instead.
+
+require "inspec/utils/deprecation"
+
 module Inspec
   class Control
     attr_accessor :id, :title, :descriptions, :impact, :tests, :tags, :refs, :only_if
@@ -6,6 +11,8 @@ module Inspec
       @tags = []
       @refs = []
       @descriptions = {}
+
+      Inspec.deprecate(:object_classes, "The Inspec::Control class is deprecated. Use the Inspec::Object::Control class from the inspec-objects Ruby library.")
     end
 
     def add_test(t)

data/lib/inspec/objects/describe.rb

@@ -1,3 +1,8 @@
+# This class is deprecated and will be removed in the next major release of InSpec.
+# Use the Inspec::Object classes from the inspec-objects rubygem instead.
+
+require "inspec/utils/deprecation"
+
 module Inspec
   class Describe
     # Internal helper to structure test objects.
@@ -53,6 +58,8 @@ module Inspec
       @qualifier = []
       @tests = []
       @variables = []
+
+      Inspec.deprecate(:object_classes, "The Inspec::Describe class is deprecated. Use the Inspec::Object::Describe class from the inspec-objects Ruby library.")
     end
 
     def add_test(its, matcher, expectation, opts = {})

data/lib/inspec/objects/each_loop.rb

@@ -1,3 +1,8 @@
+# This class is deprecated and will be removed in the next major release of InSpec.
+# Use the Inspec::Object classes from the inspec-objects rubygem instead.
+
+require "inspec/utils/deprecation"
+
 module Inspec
   class EachLoop < List
     attr_reader :variables
@@ -6,6 +11,8 @@ module Inspec
       super
       @tests = []
       @variables = []
+
+      Inspec.deprecate(:object_classes, "The Inspec::EachLoop class is deprecated. Use the Inspec::Object::EachLoop class from the inspec-objects Ruby library.")
     end
 
     def add_test(t = nil)

data/lib/inspec/objects/input.rb

@@ -1,3 +1,7 @@
+# This file is deprecated and will be removed in the next major release of InSpec.
+# The Inspec::Input class will remain but these methods will be removed.
+# Use the Inspec::Object::Input class from the inspec-objects rubygem instead.
+
 require "inspec/input"
 
 module Inspec

data/lib/inspec/objects/or_test.rb

@@ -1,9 +1,16 @@
+# This class is deprecated and will be removed in the next major release of InSpec.
+# Use the Inspec::Object classes from the inspec-objects rubygem instead.
+
+require "inspec/utils/deprecation"
+
 module Inspec
   class OrTest
     attr_reader :tests
     def initialize(tests)
       @tests = tests
       @negated = false
+
+      Inspec.deprecate(:object_classes, "The Inspec::OrTest class is deprecated. Use the Inspec::Object::OrTest class from the inspec-objects Ruby library.")
     end
 
     def skip

data/lib/inspec/objects/tag.rb

@@ -1,3 +1,8 @@
+# This class is deprecated and will be removed in the next major release of InSpec.
+# Use the Inspec::Object classes from the inspec-objects rubygem instead.
+
+require "inspec/utils/deprecation"
+
 module Inspec
   class Tag
     attr_accessor :key, :value
@@ -5,6 +10,8 @@ module Inspec
     def initialize(key, value)
       @key = key
       @value = value
+
+      Inspec.deprecate(:object_classes, "The Inspec::Tag class is deprecated. Use the Inspec::Object::Tag class from the inspec-objects Ruby library.")
     end
 
     def to_hash

data/lib/inspec/objects/test.rb

@@ -1,3 +1,8 @@
+# This class is deprecated and will be removed in the next major release of InSpec.
+# Use the Inspec::Object classes from the inspec-objects rubygem instead.
+
+require "inspec/utils/deprecation"
+
 module Inspec
   class Test
     attr_accessor :qualifier, :matcher, :expectation, :skip, :negated, :variables, :only_if
@@ -7,6 +12,8 @@ module Inspec
       @qualifier = []
       @negated = false
       @variables = []
+
+      Inspec.deprecate(:object_classes, "The Inspec::Test class is deprecated. Use the Inspec::Object::Test class from the inspec-objects Ruby library.")
     end
 
     def negate!
@@ -75,7 +82,7 @@ module Inspec
                 " " + expectation.inspect
               end
       format("%s%sdescribe %s do\n  %s { should%s %s%s }\nend",
-        only_if_clause, vars, res, itsy, naughty, matcher, xpect)
+             only_if_clause, vars, res, itsy, naughty, matcher, xpect)
     end
 
     def rb_skip

data/lib/inspec/objects/value.rb

@@ -1,3 +1,8 @@
+# This class is deprecated and will be removed in the next major release of InSpec.
+# Use the Inspec::Object classes from the inspec-objects rubygem instead.
+
+require "inspec/utils/deprecation"
+
 module Inspec
   class Value
     include ::Inspec::RubyHelper
@@ -9,6 +14,8 @@ module Inspec
     def initialize(qualifiers = [])
       @qualifier = qualifiers
       @variable = nil
+
+      Inspec.deprecate(:object_classes, "The Inspec::Value class is deprecated. Use the Inspec::Object::Value class from the inspec-objects Ruby library.")
     end
 
     def to_ruby

data/lib/inspec/plugin/v2/installer.rb

@@ -267,12 +267,17 @@ module Inspec::Plugin::V2
       # Make Set that encompasses just the gemfile that was provided
       plugin_local_source = Gem::Source::SpecificFile.new(opts[:gem_file])
 
-      plugin_dependency = Gem::Dependency.new(requested_plugin_name,
-        plugin_local_source.spec.version)
+      plugin_dependency = Gem::Dependency.new(
+        requested_plugin_name,
+        plugin_local_source.spec.version
+      )
 
       requested_local_gem_set = Gem::Resolver::InstallerSet.new(:both)
-      requested_local_gem_set.add_local(plugin_dependency.name,
-        plugin_local_source.spec, plugin_local_source)
+      requested_local_gem_set.add_local(
+        plugin_dependency.name,
+        plugin_local_source.spec,
+        plugin_local_source
+      )
 
       install_gem_to_plugins_dir(plugin_dependency, [requested_local_gem_set])
     end

data/lib/inspec/resource.rb

@@ -110,3 +110,5 @@ end
 
 # Many resources use FilterTable.
 require "inspec/utils/filter"
+# conflicts with global `gem` method so we need to pre-load this.
+require "inspec/resources/gem"

data/lib/inspec/resources/apt.rb

@@ -92,7 +92,7 @@ module Inspec::Resources
         # deb [trusted=yes] http://archive.ubuntu.com/ubuntu/ wily main restricted ...
 
         words = line.split
-        words.delete 1 if words[1] && words[1].start_with?("[")
+        words.delete_at 1 if words[1] && words[1].start_with?("[")
         type, url, distro, *components = words
         url = url.delete('"') if url
 

data/lib/inspec/resources/auditd.rb

@@ -30,7 +30,7 @@ module Inspec::Resources
     def initialize
       unless inspec.command("/sbin/auditctl").exist?
         raise Inspec::Exceptions::ResourceFailed,
-          "Command `/sbin/auditctl` does not exist"
+              "Command `/sbin/auditctl` does not exist"
       end
 
       auditctl_cmd = "/sbin/auditctl -l"
@@ -38,7 +38,7 @@ module Inspec::Resources
 
       if result.exit_status != 0
         raise Inspec::Exceptions::ResourceFailed,
-          "Command `#{auditctl_cmd}` failed with error: #{result.stderr}"
+              "Command `#{auditctl_cmd}` failed with error: #{result.stderr}"
       end
 
       @content = result.stdout
@@ -46,8 +46,8 @@ module Inspec::Resources
 
       if @content =~ /^LIST_RULES:/
         raise Inspec::Exceptions::ResourceFailed,
-          "The version of audit is outdated." \
-          "The `auditd` resource supports versions of audit >= 2.3."
+              "The version of audit is outdated." \
+              "The `auditd` resource supports versions of audit >= 2.3."
       end
       parse_content
     end

data/lib/inspec/resources/command.rb

@@ -37,7 +37,7 @@ module Inspec::Resources
           # Make sure command is replaced so sensitive output isn't shown
           @command = "ERROR"
           raise Inspec::Exceptions::ResourceFailed,
-            "The `redact_regex` option must be a regular expression"
+                "The `redact_regex` option must be a regular expression"
         end
         @redact_regex = options[:redact_regex]
       end

data/lib/inspec/resources/filesystem.rb

@@ -98,7 +98,7 @@ module Inspec::Resources
       cmd = inspec.command("df #{partition} -PT")
       if cmd.stdout.nil? || cmd.stdout.empty? || cmd.exit_status != 0
         raise Inspec::Exceptions::ResourceFailed,
-          "Unable to get available space for partition #{partition}"
+              "Unable to get available space for partition #{partition}"
       end
       value = cmd.stdout.split(/\n/)[1].strip.split(" ")
       {
@@ -125,8 +125,8 @@ module Inspec::Resources
         fs = JSON.parse(cmd.stdout)
       rescue JSON::ParserError => e
         raise Inspec::Exceptions::ResourceFailed,
-          "Failed to parse JSON from Powershell. " \
-          "Error: #{e}"
+              "Failed to parse JSON from Powershell. " \
+              "Error: #{e}"
       end
       {
         name: fs["DeviceID"],

data/lib/inspec/resources/gem.rb

@@ -2,7 +2,7 @@ require "inspec/resources/command"
 
 module Inspec::Resources
   class GemPackage < Inspec.resource(1)
-    name "gem"
+    name "gem" # TODO: rename to "rubygem" and provide alias
     supports platform: "unix"
     supports platform: "windows"
     desc "Use the gem InSpec audit resource to test if a global gem package is installed."
@@ -17,11 +17,12 @@ module Inspec::Resources
 
     def initialize(package_name, gem_binary = nil)
       @package_name = package_name
-      @gem_binary = case gem_binary
+      @gem_binary = case gem_binary # TODO: no. this is not right
                     when nil
                       "gem"
                     when :chef
                       if inspec.os.windows?
+                        # TODO: what about chef-dk or other installs?
                         'c:\opscode\chef\embedded\bin\gem.bat'
                       else
                         "/opt/chef/embedded/bin/gem"

data/lib/inspec/resources/http.rb

@@ -35,8 +35,8 @@ module Inspec::Resources
       # profiles.
       if opts.key?(:enable_remote_worker) && !inspec.local_transport?
         warn "Ignoring `enable_remote_worker` option, the `http` resource ",
-          "remote worker is enabled by default for remote targets and ",
-          "cannot be disabled"
+             "remote worker is enabled by default for remote targets and ",
+             "cannot be disabled"
       end
 
       # Run locally if InSpec is ran locally and remotely if ran remotely
@@ -164,7 +164,7 @@ module Inspec::Resources
         def initialize(inspec, http_method, url, opts)
           unless inspec.command("curl").exist?
             raise Inspec::Exceptions::ResourceSkipped,
-              "curl is not available on the target machine"
+                  "curl is not available on the target machine"
           end
 
           @ran_curl = false

data/lib/inspec/resources/npm.rb

@@ -27,12 +27,20 @@ module Inspec::Resources
       return @info if defined?(@info)
 
       if @location
-        npm = "cd #{Shellwords.escape @location} && npm"
+        command_separator = inspec.os.platform?("windows") ? ";" : "&&"
+        invocation = "cd #{Shellwords.escape @location} #{command_separator} npm"
       else
-        npm = "npm -g"
+        invocation = "npm -g"
       end
 
-      cmd = inspec.command("#{npm} ls --json #{@package_name}")
+      invocation = "#{invocation} ls --json #{@package_name}"
+
+      # If on unix, wrap in sh -c to protect against sudo
+      unless inspec.os.platform?("windows")
+        invocation = "sh -c '#{invocation}'"
+      end
+
+      cmd = inspec.command(invocation)
       @info = {
         name: @package_name,
         type: "npm",

data/lib/inspec/resources/oracledb_session.rb

@@ -58,8 +58,8 @@ module Inspec::Resources
       command = command_builder(format_options, sql)
       inspec_cmd = inspec.command(command)
 
-      DatabaseHelper::SQLQueryResult.new(inspec_cmd, send(parser,
-                                                          inspec_cmd.stdout))
+      DatabaseHelper::SQLQueryResult.new(inspec_cmd,
+                                         send(parser, inspec_cmd.stdout))
     end
 
     def to_s

data/lib/inspec/resources/package.rb

@@ -217,8 +217,7 @@ module Inspec::Resources
       }
     rescue JSON::ParserError => e
       raise Inspec::Exceptions::ResourceFailed,
-        "Failed to parse JSON from `brew` command. " \
-        "Error: #{e}"
+            "Failed to parse JSON from `brew` command. Error: #{e}"
     end
   end
 
@@ -307,8 +306,7 @@ module Inspec::Resources
         package = JSON.parse(cmd.stdout)
       rescue JSON::ParserError => e
         raise Inspec::Exceptions::ResourceFailed,
-          "Failed to parse JSON from PowerShell. " \
-          "Error: #{e}"
+              "Failed to parse JSON from PowerShell. Error: #{e}"
       end
 
       # What if we match multiple packages?  just pick the first one for now.

data/lib/inspec/resources/service.rb

@@ -304,10 +304,12 @@ module Inspec::Resources
 
       # LoadState values eg. loaded, not-found
       installed = params["LoadState"] == "loaded"
+      startname = params["User"]
 
       {
         name: params["Id"],
         description: params["Description"],
+        startname: startname,
         installed: installed,
         running: is_active?(service_name),
         enabled: is_enabled?(service_name),

data/lib/inspec/resources/sys_info.rb

@@ -45,7 +45,7 @@ module Inspec::Resources
     end
 
     def linux_hostname(opt = nil)
-      if !opt.nil?
+      if opt
         opt = case opt
               when "f", "long", "fqdn", "full"
                 " -f"
@@ -67,7 +67,7 @@ module Inspec::Resources
     end
 
     def mac_hostname(opt = nil)
-      if !opt.nil?
+      if opt
         opt = case opt
               when "f", "long", "fqdn", "full"
                 " -f"

data/lib/inspec/resources/users.rb

@@ -624,7 +624,9 @@ module Inspec::Resources
 
     def meta_info(username)
       res = identity(username)
+
       return if res.nil?
+
       {
         home: res[:home],
         shell: res[:shell],
@@ -635,7 +637,9 @@ module Inspec::Resources
 
     def credentials(username)
       res = identity(username)
+
       return if res.nil?
+
       {
         mindays: res[:mindays],
         maxdays: res[:maxdays],

data/lib/inspec/rspec_extensions.rb

@@ -1,6 +1,7 @@
 require "inspec/input_registry"
 require "inspec/plugin/v2"
 require "rspec/core/example_group"
+require "inspec/input_dsl_helpers"
 
 # Any additions to RSpec::Core::ExampleGroup (the RSpec class behind describe blocks) should go here.
 
@@ -82,18 +83,12 @@ module Inspec
 end
 
 class RSpec::Core::ExampleGroup
+  include Inspec::InputDslHelpers
+
   # This DSL method allows us to access the values of inputs within InSpec tests
   def input(input_name, options = {})
     profile_id = self.class.metadata[:profile_id]
-    if options.empty?
-      # Simply an access, no event here
-      Inspec::InputRegistry.find_or_register_input(input_name, profile_id).value
-    else
-      options[:priority] = 20
-      options[:provider] = :inline_control_code
-      evt = Inspec::Input.infer_event(options)
-      Inspec::InputRegistry.find_or_register_input(input_name, profile_id, event: evt).value
-    end
+    input_with_profile_id(profile_id, input_name, options)
   end
   define_example_method :input
 

data/lib/inspec/rule.rb

@@ -4,6 +4,7 @@ require "method_source"
 require "date"
 require "inspec/describe_base"
 require "inspec/expect"
+require "inspec/impact"
 require "inspec/resource"
 require "inspec/resources/os"
 require "inspec/input_registry"
@@ -204,7 +205,11 @@ module Inspec
 
     def self.set_skip_rule(rule, value, message = nil, type = :only_if)
       rule.instance_variable_set(:@__skip_rule,
-        { result: value, message: message, type: type })
+                                 {
+                                   result: value,
+                                   message: message,
+                                   type: type,
+                                 })
     end
 
     def self.merge_count(rule)

data/lib/inspec/runner.rb

@@ -190,10 +190,10 @@ module Inspec
     #
     def add_target(target, _opts = [])
       profile = Inspec::Profile.for_target(target,
-        vendor_cache: @cache,
-        backend: @backend,
-        controls: @controls,
-        runner_conf: @conf)
+                                           vendor_cache: @cache,
+                                           backend: @backend,
+                                           controls: @controls,
+                                           runner_conf: @conf)
       raise "Could not resolve #{target} to valid input." if profile.nil?
 
       @target_profiles << profile if supports_profile?(profile)

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "4.18.24".freeze
+  VERSION = "4.18.38".freeze
 end

data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb

@@ -162,7 +162,7 @@ module InspecPlugins
         if verification_key.verify digest, signature, content
           content_block.yield(content)
         else
-          puts "Artifact is invalid"
+          raise "Artifact is invalid"
         end
       end
     end

data/lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb

@@ -1,17 +1,16 @@
-require_relative "../../../shared/core_plugin_test_helper.rb"
 require "fileutils"
+require "plugins/shared/core_plugin_test_helper"
 require "securerandom"
 
 class ArtifactCli < Minitest::Test
   include CorePluginFunctionalHelper
 
   def test_generating_archive_keys
-    Dir.mktmpdir do |dir|
+    prepare_examples do |dir|
       unique_key_name = SecureRandom.uuid
-      out = run_inspec_process("artifact generate --keyname #{unique_key_name}", prefix: "cd #{dir} &&")
+      out = run_inspec_process("artifact generate --keyname #{unique_key_name}", prefix: "cd #{dir};")
 
       stdout = out.stdout.force_encoding(Encoding::UTF_8)
-      skip_windows!
       assert_includes stdout, "Generating private key"
       assert_includes stdout, "Generating public key"
 
@@ -20,27 +19,32 @@ class ArtifactCli < Minitest::Test
   end
 
   def test_verify_and_install_signed_profile
-    Dir.mktmpdir do |dir|
+    prepare_examples do |dir|
       unique_key_name = SecureRandom.uuid
       install_dir = File.join(dir, SecureRandom.uuid)
       FileUtils.mkdir(install_dir)
 
       # create profile
       profile = File.join(dir, "artifact-profile")
-      run_inspec_process("init profile artifact-profile", prefix: "cd #{dir} &&")
+      run_inspec_process("init profile artifact-profile", prefix: "cd #{dir};")
 
-      out = run_inspec_process("artifact generate --keyname #{unique_key_name}", prefix: "cd #{dir} &&")
-      skip_windows!
+      out = run_inspec_process("artifact generate --keyname #{unique_key_name}", prefix: "cd #{dir};")
       assert_exit_code 0, out
 
-      out = run_inspec_process("artifact sign-profile --profile #{profile} --keyname #{unique_key_name}", prefix: "cd #{dir} &&")
+      out = run_inspec_process("artifact sign-profile --profile #{profile} --keyname #{unique_key_name}", prefix: "cd #{dir};")
       assert_exit_code 0, out
 
-      out = run_inspec_process("artifact install-profile --infile artifact-profile-0.1.0.iaf --destdir #{install_dir}", prefix: "cd #{dir} &&")
+      # The archive install commands do not currently support windows
+      # and use specific linux extract tar commands. Since artifact is
+      # still experimental we are skipping it for now.
+      return if is_windows?
+
+      out = run_inspec_process("artifact install-profile --infile artifact-profile-0.1.0.iaf --destdir #{install_dir}", prefix: "cd #{dir};")
       assert_exit_code 0, out
 
       assert_includes out.stdout.force_encoding(Encoding::UTF_8), "Installing to #{install_dir}"
       assert_includes Dir.entries(install_dir).join, "inspec.yml"
+      assert_exit_code 0, out
     end
   end
 end

data/lib/plugins/inspec-habitat/test/unit/profile_test.rb

@@ -116,8 +116,8 @@ class InspecPlugins::Habitat::ProfileTest < Minitest::Test
   def test_duplicate_profile
     current_profile = @test_profile
     duplicated_profile = @hab_profile.send(:duplicate_profile,
-      @test_profile_path,
-      @tmpdir)
+                                           @test_profile_path,
+                                           @tmpdir)
     assert duplicated_profile.is_a?(Inspec::Profile)
     assert duplicated_profile.sha256 == current_profile.sha256.to_s
     refute_same duplicated_profile.root_path, current_profile.root_path
@@ -130,8 +130,8 @@ class InspecPlugins::Habitat::ProfileTest < Minitest::Test
 
   def test_copy_profile_to_working_dir
     duplicated_profile = @hab_profile.send(:duplicate_profile,
-      @test_profile_path,
-      @tmpdir)
+                                           @test_profile_path,
+                                           @tmpdir)
 
     dst = File.join(@tmpdir, "working_dir")
     FileUtils.mkdir_p(dst)
@@ -176,7 +176,7 @@ class InspecPlugins::Habitat::ProfileTest < Minitest::Test
 
     Inspec::ProfileVendor.stub :new, mock do
       new_profile = @hab_profile.send(:vendor_profile_dependencies!,
-        @test_profile)
+                                      @test_profile)
       assert new_profile.is_a?(Inspec::Profile)
     end
   end
@@ -192,7 +192,7 @@ class InspecPlugins::Habitat::ProfileTest < Minitest::Test
 
     Inspec::ProfileVendor.stub :new, mock do
       new_profile = @hab_profile.send(:vendor_profile_dependencies!,
-        @test_profile)
+                                      @test_profile)
       assert new_profile.is_a?(Inspec::Profile)
     end
     mock.verify

data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/fixtures/README.md

@@ -19,6 +19,6 @@ When writing your functional tests, you can point InSpec at the various test fix
 
 ## Using test fixtures provided with the `inspec` source code
 
-InSpec itself ships with many test fixtures - not just profiles, but attribute files, configuration directories, and more.  Examine them at [the fixtures directory](https://github.com/inspec/inspec/tree/master/test/unit/mock)
+InSpec itself ships with many test fixtures - not just profiles, but attribute files, configuration directories, and more.  Examine them at [the fixtures directory](https://github.com/inspec/inspec/tree/master/test/fixtures)
 
-To use them, see the helper.rb file included in the example at test/helper.rb .
+To use them, see the helper.rb file included in the example at test/helper.rb .

data/lib/plugins/inspec-init/test/functional/inspec_init_plugin_test.rb

@@ -142,10 +142,11 @@ class InitPluginCli < Minitest::Test
 
       # Check generated files and contents.
       # Each file must exist, and its contents must match each of the regexen given.
+
       {
         File.join(plugin, "README.md") => [],
         File.join(plugin, "LICENSE") => [
-          /Copyright © 2018 Bob/,
+          /Copyright . 2018 Bob/,
           /used to endorse or promote/,
         ],
         File.join(plugin, "Gemfile") => [],

data/lib/plugins/inspec-plugin-manager-cli/test/functional/install_test.rb

@@ -29,7 +29,7 @@ class PluginManagerCliInstall < Minitest::Test
       resolved_path: File.join(core_config_dir_path, "test-fixture-1-float", "gems", ruby_abi_version, "gems", "inspec-test-fixture-0.1.0", "lib", "inspec-test-fixture.rb"),
     },
     "refers_to_a_relative_path" => {
-      given: File.join("test", "unit", "mock", "plugins", "inspec-test-fixture", "lib", "inspec-test-fixture.rb"),
+      given: File.join("test", "fixtures", "plugins", "inspec-test-fixture", "lib", "inspec-test-fixture.rb"),
     },
     "refers_to_a_train_plugin" => {
       given: File.join(core_config_dir_path, "train-test-fixture", "gems", ruby_abi_version, "gems", "train-test-fixture-0.1.0", "lib", "train-test-fixture.rb"),

data/lib/plugins/inspec-plugin-manager-cli/test/unit/plugin_def_test.rb

@@ -9,7 +9,7 @@ class PluginManagerCliDefinitionTests < Minitest::Test
   @@orig_home = Dir.home
 
   def setup
-    mock_path = File.expand_path "test/unit/mock"
+    mock_path = File.expand_path "test/fixtures"
 
     @config_dir_path = File.join(mock_path, "config_dirs")
     ENV["HOME"] = File.join(@config_dir_path, "fakehome")

data/lib/plugins/shared/core_plugin_test_helper.rb

@@ -12,6 +12,7 @@ require "tmpdir"
 require "pathname"
 require "forwardable"
 
+require "functional/helper"
 require "inspec/plugin/v2"
 
 # Configure Minitest to expose things like `let`
@@ -36,35 +37,32 @@ end
 #   end
 # end
 
+# TODO: remove me! There's no need!
 module CorePluginBaseHelper
-  libdir = File.expand_path "lib"
-
-  let(:repo_path) { File.expand_path(File.join(__FILE__, "..", "..", "..", "..")) }
-  let(:inspec_path) { File.join(repo_path, "inspec-bin", "bin", "inspec") }
-  let(:exec_inspec) { [Gem.ruby, "-I#{libdir}", inspec_path].join " " }
-  let(:core_mock_path) { File.join(repo_path, "test", "unit", "mock") }
-  let(:core_fixture_plugins_path) { File.join(core_mock_path, "plugins") }
-  let(:core_config_dir_path) { File.join(core_mock_path, "config_dirs") }
+  let(:mock_path) { File.join(repo_path, "test", "fixtures", "mock") }
+  let(:core_fixture_plugins_path) { File.join(mock_path, "plugins") }
+  let(:core_config_dir_path) { File.join(mock_path, "config_dirs") }
 
   let(:registry) { Inspec::Plugin::V2::Registry.instance }
 end
 
-require "functional/helper"
-
 module CorePluginFunctionalHelper
   include CorePluginBaseHelper
   include FunctionalHelper
 
+  # TODO: so much duplication! Remove everything we can!
   require "train"
   TRAIN_CONNECTION = Train.create("local", command_runner: :generic).connection
 
+  # TODO: remove me! it's in test/functional/helper.rb
   def run_inspec_process(command_line, opts = {})
     prefix = ""
     if opts.key?(:prefix)
       prefix = opts[:prefix]
     elsif opts.key?(:env)
-      prefix = opts[:env].to_a.map { |assignment| "#{assignment[0]}=#{assignment[1]}" }.join(" ")
+      prefix = assemble_env_prefix opts[:env]
     end
+
     TRAIN_CONNECTION.run_command("#{prefix} #{exec_inspec} #{command_line}")
   end
 

data/lib/resource_support/aws/aws_resource_mixin.rb

@@ -1,7 +1,7 @@
 module AwsResourceMixin
   def initialize(resource_params = {})
     Inspec.deprecate(:aws_resources_in_resource_pack,
-      "Resource '#{@__resource_name__ ||= self.class.to_s}'")
+                     "Resource '#{@__resource_name__ ||= self.class.to_s}'")
     validate_params(resource_params).each do |param, value|
       instance_variable_set(:"@#{param}", value)
     end

data/lib/resources/aws/aws_billing_report.rb

@@ -23,7 +23,7 @@ class AwsBillingReport < Inspec.resource(1)
   include AwsSingularResourceMixin
 
   attr_reader :report_name, :time_unit, :format, :compression, :s3_bucket,
-    :s3_prefix, :s3_region
+              :s3_prefix, :s3_region
 
   def to_s
     "AWS Billing Report #{report_name}"

data/lib/resources/aws/aws_cloudtrail_trail.rb

@@ -15,7 +15,7 @@ class AwsCloudTrailTrail < Inspec.resource(1)
 
   include AwsSingularResourceMixin
   attr_reader :cloud_watch_logs_log_group_arn, :cloud_watch_logs_role_arn, :home_region,
-    :kms_key_id, :s3_bucket_name, :trail_arn
+              :kms_key_id, :s3_bucket_name, :trail_arn
 
   def to_s
     "CloudTrail #{@trail_name}"

data/lib/resources/aws/aws_config_delivery_channel.rb

@@ -16,7 +16,7 @@ class AwsConfigDeliveryChannel < Inspec.resource(1)
 
   include AwsSingularResourceMixin
   attr_reader :channel_name, :s3_bucket_name, :s3_key_prefix, :sns_topic_arn,
-    :delivery_frequency_in_hours
+              :delivery_frequency_in_hours
 
   def to_s
     "Config_Delivery_Channel: #{@channel_name}"

data/lib/resources/aws/aws_ecs_cluster.rb

@@ -15,8 +15,8 @@ class AwsEcsCluster < Inspec.resource(1)
 
   include AwsSingularResourceMixin
   attr_reader :cluster_arn, :cluster_name, :status,
-    :registered_container_instances_count, :running_tasks_count,
-    :pending_tasks_count, :active_services_count, :statistics
+              :registered_container_instances_count, :running_tasks_count,
+              :pending_tasks_count, :active_services_count, :statistics
 
   def to_s
     "AWS ECS cluster #{cluster_name}"

data/lib/resources/aws/aws_eks_cluster.rb

@@ -15,9 +15,9 @@ class AwsEksCluster < Inspec.resource(1)
 
   include AwsSingularResourceMixin
   attr_reader :version, :arn, :cluster_name, :certificate_authority, :name,
-    :status, :endpoint, :subnets_count, :subnet_ids, :security_group_ids,
-    :created_at, :role_arn, :vpc_id, :security_groups_count, :creating,
-    :active, :failed, :deleting
+              :status, :endpoint, :subnets_count, :subnet_ids, :security_group_ids,
+              :created_at, :role_arn, :vpc_id, :security_groups_count, :creating,
+              :active, :failed, :deleting
   # Use aliases for matchers
   alias active? active
   alias failed? failed

data/lib/resources/aws/aws_elb.rb

@@ -14,8 +14,8 @@ class AwsElb < Inspec.resource(1)
 
   include AwsSingularResourceMixin
   attr_reader :availability_zones, :dns_name, :elb_name, :external_ports,
-    :instance_ids, :internal_ports, :security_group_ids,
-    :subnet_ids, :vpc_id
+              :instance_ids, :internal_ports, :security_group_ids,
+              :subnet_ids, :vpc_id
 
   def to_s
     "AWS ELB #{elb_name}"

data/lib/resources/aws/aws_flow_log.rb

@@ -55,7 +55,7 @@ class AwsFlowLog < Inspec.resource(1)
 
     if validated_params.empty?
       raise ArgumentError,
-        "aws_flow_log requires a parameter: flow_log_id, subnet_id, or vpc_id"
+            "aws_flow_log requires a parameter: flow_log_id, subnet_id, or vpc_id"
     end
 
     validated_params

data/lib/resources/aws/aws_iam_user.rb

@@ -17,7 +17,7 @@ class AwsIamUser < Inspec.resource(1)
 
   include AwsSingularResourceMixin
   attr_reader :access_keys, :attached_policy_names, :attached_policy_arns, \
-    :has_console_password, :has_mfa_enabled, :inline_policy_names, :username
+              :has_console_password, :has_mfa_enabled, :inline_policy_names, :username
   alias has_mfa_enabled? has_mfa_enabled
   alias has_console_password? has_console_password
 

data/lib/resources/aws/aws_kms_key.rb

@@ -15,8 +15,8 @@ class AwsKmsKey < Inspec.resource(1)
 
   include AwsSingularResourceMixin
   attr_reader :key_id, :arn, :creation_date, :key_usage, :key_state, :description,
-    :deletion_date, :valid_to, :external, :has_key_expiration, :managed_by_aws,
-    :has_rotation_enabled, :enabled
+              :deletion_date, :valid_to, :external, :has_key_expiration, :managed_by_aws,
+              :has_rotation_enabled, :enabled
   # Use aliases for matchers
   alias deletion_time deletion_date
   alias invalidation_time valid_to

data/lib/resources/aws/aws_route_table.rb

@@ -33,8 +33,8 @@ class AwsRouteTable < Inspec.resource(1)
     if validated_params.key?(:route_table_id) &&
         validated_params[:route_table_id] !~ /^rtb\-([0-9a-f]{17})|(^rtb\-[0-9a-f]{8})$/
       raise ArgumentError,
-        "aws_route_table Route Table ID must be in the" \
-        ' format "rtb-" followed by 8 or 17 hexadecimal characters.'
+            "aws_route_table Route Table ID must be in the" \
+            ' format "rtb-" followed by 8 or 17 hexadecimal characters.'
     end
 
     validated_params

data/lib/resources/aws/aws_sns_subscription.rb

@@ -20,7 +20,7 @@ class AwsSnsSubscription < Inspec.resource(1)
 
   include AwsSingularResourceMixin
   attr_reader :arn, :owner, :raw_message_delivery, :topic_arn, :endpoint, :protocol,
-    :confirmation_was_authenticated, :aws_response
+              :confirmation_was_authenticated, :aws_response
 
   alias confirmation_authenticated? confirmation_was_authenticated
   alias raw_message_delivery? raw_message_delivery

data/lib/resources/aws/aws_subnet.rb

@@ -15,8 +15,8 @@ class AwsSubnet < Inspec.resource(1)
 
   include AwsSingularResourceMixin
   attr_reader :assigning_ipv_6_address_on_creation, :availability_zone, :available_ip_address_count,
-    :available, :cidr_block, :default_for_az, :ipv_6_cidr_block_association_set,
-    :mapping_public_ip_on_launch, :subnet_id, :vpc_id
+              :available, :cidr_block, :default_for_az, :ipv_6_cidr_block_association_set,
+              :mapping_public_ip_on_launch, :subnet_id, :vpc_id
   alias available? available
   alias default_for_az? default_for_az
   alias mapping_public_ip_on_launch? mapping_public_ip_on_launch

data/lib/resources/aws/aws_vpc.rb

@@ -19,8 +19,8 @@ class AwsVpc < Inspec.resource(1)
     "VPC #{vpc_id}"
   end
 
-  attr_reader :cidr_block, :dhcp_options_id, :instance_tenancy, :is_default,\
-    :state, :vpc_id
+  attr_reader :cidr_block, :dhcp_options_id, :instance_tenancy, :is_default,
+              :state, :vpc_id
 
   alias default? is_default
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 4.18.24
+  version: 4.18.38
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-10-31 00:00:00.000000000 Z
+date: 2019-11-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
@@ -86,20 +86,6 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '2.0'
-- !ruby/object:Gem::Dependency
-  name: chef-core
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.0'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -485,6 +471,7 @@ files:
 - lib/inspec/globals.rb
 - lib/inspec/impact.rb
 - lib/inspec/input.rb
+- lib/inspec/input_dsl_helpers.rb
 - lib/inspec/input_registry.rb
 - lib/inspec/library_eval_context.rb
 - lib/inspec/log.rb