inspec 4.7.3 → 4.7.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/inspec.gemspec +1 -1
- data/lib/bundles/inspec-supermarket/api.rb +2 -1
- data/lib/bundles/inspec-supermarket/cli.rb +6 -6
- data/lib/bundles/inspec-supermarket/target.rb +1 -0
- data/lib/fetchers/git.rb +3 -1
- data/lib/fetchers/mock.rb +1 -0
- data/lib/fetchers/url.rb +6 -3
- data/lib/inspec/backend.rb +1 -0
- data/lib/inspec/base_cli.rb +4 -1
- data/lib/inspec/cli.rb +5 -4
- data/lib/inspec/config.rb +9 -1
- data/lib/inspec/control_eval_context.rb +1 -0
- data/lib/inspec/dependencies/cache.rb +1 -0
- data/lib/inspec/dependencies/dependency_set.rb +2 -0
- data/lib/inspec/dependencies/lockfile.rb +1 -0
- data/lib/inspec/dependencies/requirement.rb +8 -7
- data/lib/inspec/dependencies/resolver.rb +3 -3
- data/lib/inspec/describe.rb +1 -0
- data/lib/inspec/dsl.rb +1 -1
- data/lib/inspec/dsl_shared.rb +1 -1
- data/lib/inspec/env_printer.rb +4 -4
- data/lib/inspec/fetcher.rb +4 -2
- data/lib/inspec/file_provider.rb +18 -8
- data/lib/inspec/formatters/base.rb +5 -0
- data/lib/inspec/impact.rb +2 -0
- data/lib/inspec/input_registry.rb +14 -13
- data/lib/inspec/metadata.rb +6 -2
- data/lib/inspec/method_source.rb +1 -1
- data/lib/inspec/objects/control.rb +4 -1
- data/lib/inspec/objects/describe.rb +3 -1
- data/lib/inspec/objects/input.rb +6 -5
- data/lib/inspec/objects/list.rb +2 -0
- data/lib/inspec/objects/test.rb +3 -2
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +7 -0
- data/lib/inspec/plugin/v1/plugins.rb +4 -3
- data/lib/inspec/plugin/v1/registry.rb +3 -2
- data/lib/inspec/plugin/v2.rb +1 -0
- data/lib/inspec/plugin/v2/activator.rb +2 -0
- data/lib/inspec/plugin/v2/config_file.rb +4 -1
- data/lib/inspec/plugin/v2/filter.rb +1 -0
- data/lib/inspec/plugin/v2/installer.rb +9 -7
- data/lib/inspec/plugin/v2/loader.rb +2 -0
- data/lib/inspec/plugin/v2/plugin_base.rb +1 -0
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +2 -2
- data/lib/inspec/plugin/v2/registry.rb +3 -1
- data/lib/inspec/profile.rb +13 -6
- data/lib/inspec/profile_context.rb +4 -2
- data/lib/inspec/reporters/cli.rb +14 -10
- data/lib/inspec/reporters/json.rb +1 -0
- data/lib/inspec/reporters/json_automate.rb +3 -0
- data/lib/inspec/reporters/json_min.rb +2 -0
- data/lib/inspec/resource.rb +2 -0
- data/lib/inspec/resources/aide_conf.rb +4 -3
- data/lib/inspec/resources/apache_conf.rb +1 -1
- data/lib/inspec/resources/apt.rb +2 -0
- data/lib/inspec/resources/auditd.rb +19 -18
- data/lib/inspec/resources/bridge.rb +5 -2
- data/lib/inspec/resources/chocolatey_package.rb +2 -0
- data/lib/inspec/resources/command.rb +1 -1
- data/lib/inspec/resources/crontab.rb +9 -8
- data/lib/inspec/resources/csv.rb +1 -1
- data/lib/inspec/resources/dh_params.rb +6 -0
- data/lib/inspec/resources/docker.rb +37 -34
- data/lib/inspec/resources/docker_container.rb +1 -0
- data/lib/inspec/resources/docker_image.rb +1 -0
- data/lib/inspec/resources/docker_plugin.rb +1 -0
- data/lib/inspec/resources/docker_service.rb +1 -0
- data/lib/inspec/resources/elasticsearch.rb +24 -24
- data/lib/inspec/resources/etc_fstab.rb +8 -7
- data/lib/inspec/resources/etc_group.rb +4 -0
- data/lib/inspec/resources/etc_hosts.rb +4 -4
- data/lib/inspec/resources/etc_hosts_allow_deny.rb +5 -3
- data/lib/inspec/resources/file.rb +4 -1
- data/lib/inspec/resources/filesystem.rb +5 -3
- data/lib/inspec/resources/firewalld.rb +7 -4
- data/lib/inspec/resources/groups.rb +6 -4
- data/lib/inspec/resources/grub_conf.rb +3 -0
- data/lib/inspec/resources/host.rb +5 -3
- data/lib/inspec/resources/http.rb +6 -4
- data/lib/inspec/resources/iis_app.rb +1 -0
- data/lib/inspec/resources/iis_app_pool.rb +1 -1
- data/lib/inspec/resources/iis_site.rb +4 -3
- data/lib/inspec/resources/interface.rb +10 -7
- data/lib/inspec/resources/json.rb +1 -1
- data/lib/inspec/resources/kernel_module.rb +1 -1
- data/lib/inspec/resources/kernel_parameter.rb +2 -1
- data/lib/inspec/resources/key_rsa.rb +5 -0
- data/lib/inspec/resources/mount.rb +3 -1
- data/lib/inspec/resources/mysql_conf.rb +3 -1
- data/lib/inspec/resources/mysql_session.rb +2 -0
- data/lib/inspec/resources/nginx.rb +1 -0
- data/lib/inspec/resources/nginx_conf.rb +10 -6
- data/lib/inspec/resources/ntp_conf.rb +1 -0
- data/lib/inspec/resources/oneget.rb +1 -1
- data/lib/inspec/resources/oracledb_session.rb +4 -2
- data/lib/inspec/resources/os_env.rb +1 -0
- data/lib/inspec/resources/package.rb +10 -6
- data/lib/inspec/resources/packages.rb +7 -5
- data/lib/inspec/resources/passwd.rb +7 -7
- data/lib/inspec/resources/pip.rb +2 -0
- data/lib/inspec/resources/port.rb +22 -8
- data/lib/inspec/resources/postgres.rb +2 -1
- data/lib/inspec/resources/postgres_conf.rb +2 -0
- data/lib/inspec/resources/postgres_hba_conf.rb +6 -6
- data/lib/inspec/resources/postgres_ident_conf.rb +3 -3
- data/lib/inspec/resources/processes.rb +16 -15
- data/lib/inspec/resources/rabbitmq_config.rb +2 -0
- data/lib/inspec/resources/registry_key.rb +8 -3
- data/lib/inspec/resources/security_identifier.rb +3 -1
- data/lib/inspec/resources/security_policy.rb +2 -1
- data/lib/inspec/resources/service.rb +13 -1
- data/lib/inspec/resources/shadow.rb +1 -0
- data/lib/inspec/resources/ssh_config.rb +2 -0
- data/lib/inspec/resources/ssl.rb +12 -11
- data/lib/inspec/resources/users.rb +29 -19
- data/lib/inspec/resources/virtualization.rb +10 -0
- data/lib/inspec/resources/windows_feature.rb +1 -1
- data/lib/inspec/resources/windows_hotfix.rb +2 -0
- data/lib/inspec/resources/windows_task.rb +4 -0
- data/lib/inspec/resources/wmi.rb +2 -1
- data/lib/inspec/resources/x509_certificate.rb +8 -0
- data/lib/inspec/resources/xinetd_conf.rb +10 -9
- data/lib/inspec/resources/yum.rb +15 -11
- data/lib/inspec/resources/zfs_dataset.rb +4 -2
- data/lib/inspec/resources/zfs_pool.rb +2 -1
- data/lib/inspec/rule.rb +11 -1
- data/lib/inspec/runner.rb +9 -6
- data/lib/inspec/runner_rspec.rb +10 -8
- data/lib/inspec/schema.rb +1 -0
- data/lib/inspec/secrets.rb +1 -0
- data/lib/inspec/secrets/yaml.rb +1 -0
- data/lib/inspec/shell.rb +20 -19
- data/lib/inspec/shell_detector.rb +1 -1
- data/lib/inspec/source_reader.rb +2 -0
- data/lib/inspec/ui.rb +1 -0
- data/lib/inspec/utils/deprecation/config_file.rb +8 -4
- data/lib/inspec/utils/erlang_parser.rb +2 -0
- data/lib/inspec/utils/file_reader.rb +1 -1
- data/lib/inspec/utils/filter.rb +16 -3
- data/lib/inspec/utils/find_files.rb +2 -2
- data/lib/inspec/utils/object_traversal.rb +1 -0
- data/lib/inspec/utils/parser.rb +2 -0
- data/lib/inspec/utils/simpleconfig.rb +4 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +4 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +12 -11
- data/lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb +3 -3
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +15 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +4 -2
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +13 -12
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +3 -0
- data/lib/plugins/inspec-compliance/test/unit/api_test.rb +28 -28
- data/lib/plugins/inspec-compliance/test/unit/target_test.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +1 -1
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +7 -6
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +2 -2
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +1 -0
- data/lib/plugins/inspec-init/test/functional/inspec_init_plugin_test.rb +12 -10
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +6 -5
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +1 -0
- data/lib/plugins/shared/core_plugin_test_helper.rb +1 -0
- data/lib/resource_support/aws/aws_resource_mixin.rb +3 -2
- data/lib/resources/aws/aws_billing_report.rb +1 -1
- data/lib/resources/aws/aws_billing_reports.rb +8 -7
- data/lib/resources/aws/aws_cloudtrail_trail.rb +1 -1
- data/lib/resources/aws/aws_cloudtrail_trails.rb +1 -0
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +4 -3
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +2 -1
- data/lib/resources/aws/aws_config_delivery_channel.rb +1 -1
- data/lib/resources/aws/aws_config_recorder.rb +2 -0
- data/lib/resources/aws/aws_ebs_volume.rb +1 -0
- data/lib/resources/aws/aws_ebs_volumes.rb +2 -0
- data/lib/resources/aws/aws_ec2_instance.rb +2 -0
- data/lib/resources/aws/aws_ec2_instances.rb +2 -0
- data/lib/resources/aws/aws_ecs_cluster.rb +2 -2
- data/lib/resources/aws/aws_eks_cluster.rb +3 -3
- data/lib/resources/aws/aws_elb.rb +2 -2
- data/lib/resources/aws/aws_elbs.rb +14 -12
- data/lib/resources/aws/aws_flow_log.rb +2 -2
- data/lib/resources/aws/aws_iam_access_key.rb +3 -1
- data/lib/resources/aws/aws_iam_access_keys.rb +18 -16
- data/lib/resources/aws/aws_iam_groups.rb +1 -0
- data/lib/resources/aws/aws_iam_password_policy.rb +9 -7
- data/lib/resources/aws/aws_iam_policies.rb +2 -1
- data/lib/resources/aws/aws_iam_policy.rb +10 -1
- data/lib/resources/aws/aws_iam_role.rb +1 -0
- data/lib/resources/aws/aws_iam_user.rb +5 -2
- data/lib/resources/aws/aws_iam_users.rb +12 -11
- data/lib/resources/aws/aws_kms_key.rb +2 -2
- data/lib/resources/aws/aws_kms_keys.rb +3 -1
- data/lib/resources/aws/aws_route_table.rb +2 -2
- data/lib/resources/aws/aws_route_tables.rb +2 -1
- data/lib/resources/aws/aws_s3_bucket.rb +5 -3
- data/lib/resources/aws/aws_s3_bucket_object.rb +3 -1
- data/lib/resources/aws/aws_s3_buckets.rb +1 -0
- data/lib/resources/aws/aws_security_group.rb +20 -9
- data/lib/resources/aws/aws_security_groups.rb +1 -0
- data/lib/resources/aws/aws_sns_subscription.rb +1 -1
- data/lib/resources/aws/aws_sns_topics.rb +2 -0
- data/lib/resources/aws/aws_subnet.rb +2 -2
- data/lib/resources/aws/aws_subnets.rb +4 -3
- data/lib/resources/aws/aws_vpc.rb +1 -1
- data/lib/resources/aws/aws_vpcs.rb +3 -2
- data/lib/resources/azure/azure_generic_resource.rb +4 -4
- data/lib/resources/azure/azure_resource_group.rb +1 -0
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +13 -12
- data/lib/source_readers/flat.rb +1 -0
- data/lib/source_readers/inspec.rb +1 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d453fd4901acccda0f5a0e8de3fc2bc430ed23e4577d239bc33b49823df00c3e
|
|
4
|
+
data.tar.gz: 8dd4196875d5f02b501517df0b8316e05b9e7e2b1ee59ffb30aa59a68edd7c4e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4492befd82753e4fd2134c01c67a4e867703634ff41d708cf13d23cc8b11c6740f88129af56aa7a1b0c926fe890bf8cc00ef07e2bc8fe0b94eeee82a9dff9cf9
|
|
7
|
+
data.tar.gz: b8c87a88dd89f526d001de7eb0d71224e0166192d2854793b30de72bf23187ac3118840c76211fb74027f607a28a7d7e98b4da9927977b21bc8efec6b92d7150
|
data/inspec.gemspec
CHANGED
|
@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
|
|
|
18
18
|
).reject { |f| File.directory?(f) }
|
|
19
19
|
|
|
20
20
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
|
21
|
-
|
|
21
|
+
.reject { |f| File.directory?(f) || f =~ %r{lib/plugins/.*/test/} }
|
|
22
22
|
spec.require_paths = ["lib"]
|
|
23
23
|
|
|
24
24
|
spec.required_ruby_version = ">= 2.4"
|
|
@@ -35,10 +35,11 @@ module Supermarket
|
|
|
35
35
|
def self.info(profile, supermarket_url = SUPERMARKET_URL)
|
|
36
36
|
_tool_owner, tool_name = profile_name("supermarket://#{profile}")
|
|
37
37
|
return if tool_name.nil? || tool_name.empty?
|
|
38
|
+
|
|
38
39
|
# Tool name in Supermarket URL is downcased so we need to downcase
|
|
39
40
|
url = "#{supermarket_url}/api/v1/tools/#{tool_name.downcase}"
|
|
40
41
|
_success, data = get(url, {})
|
|
41
|
-
JSON.parse(data)
|
|
42
|
+
JSON.parse(data) unless data.nil?
|
|
42
43
|
rescue JSON::ParserError
|
|
43
44
|
nil
|
|
44
45
|
end
|
|
@@ -20,7 +20,7 @@ module Supermarket
|
|
|
20
20
|
|
|
21
21
|
headline("Available profiles:")
|
|
22
22
|
supermarket_profiles.each do |p|
|
|
23
|
-
li("#{p[
|
|
23
|
+
li("#{p["tool_name"]} #{mark_text(p["tool_owner"] + "/" + p["slug"])}")
|
|
24
24
|
end
|
|
25
25
|
end
|
|
26
26
|
|
|
@@ -48,7 +48,7 @@ module Supermarket
|
|
|
48
48
|
# check that the profile is available
|
|
49
49
|
supermarket_profiles = Supermarket::API.profiles
|
|
50
50
|
found = supermarket_profiles.select do |p|
|
|
51
|
-
profile == "#{p[
|
|
51
|
+
profile == "#{p["tool_owner"]}/#{p["slug"]}"
|
|
52
52
|
end
|
|
53
53
|
|
|
54
54
|
if found.empty?
|
|
@@ -58,11 +58,11 @@ module Supermarket
|
|
|
58
58
|
|
|
59
59
|
# load details for the specific profile
|
|
60
60
|
info = Supermarket::API.info(profile)
|
|
61
|
-
puts "#{mark_text(
|
|
62
|
-
puts "#{mark_text(
|
|
63
|
-
puts "#{mark_text(
|
|
61
|
+
puts "#{mark_text("name: ")} #{info["slug"]}"
|
|
62
|
+
puts "#{mark_text("owner:")} #{info["owner"]}"
|
|
63
|
+
puts "#{mark_text("url: ")} #{info["source_url"]}"
|
|
64
64
|
puts
|
|
65
|
-
puts "#{mark_text(
|
|
65
|
+
puts "#{mark_text("description: ")} #{info["description"]}"
|
|
66
66
|
end
|
|
67
67
|
end
|
|
68
68
|
|
|
@@ -17,6 +17,7 @@ module Supermarket
|
|
|
17
17
|
end
|
|
18
18
|
return nil unless supermarket_uri
|
|
19
19
|
return nil unless Supermarket::API.exist?(supermarket_uri, supermarket_server)
|
|
20
|
+
|
|
20
21
|
tool_info = Supermarket::API.find(supermarket_uri, supermarket_server)
|
|
21
22
|
resolve_next(tool_info["tool_source_url"], opts)
|
|
22
23
|
rescue URI::Error
|
data/lib/fetchers/git.rb
CHANGED
|
@@ -89,10 +89,12 @@ module Fetchers
|
|
|
89
89
|
command_string = "git ls-remote \"#{@remote_url}\" \"#{ref_name}*\""
|
|
90
90
|
cmd = shellout(command_string)
|
|
91
91
|
raise "Error running '#{command_string}': #{cmd.stderr}" unless cmd.exitstatus == 0
|
|
92
|
+
|
|
92
93
|
ref = parse_ls_remote(cmd.stdout, ref_name)
|
|
93
|
-
|
|
94
|
+
unless ref
|
|
94
95
|
raise "Unable to resolve #{ref_name} to a specific git commit for #{@remote_url}"
|
|
95
96
|
end
|
|
97
|
+
|
|
96
98
|
ref
|
|
97
99
|
end
|
|
98
100
|
|
data/lib/fetchers/mock.rb
CHANGED
data/lib/fetchers/url.rb
CHANGED
|
@@ -29,6 +29,7 @@ module Fetchers
|
|
|
29
29
|
uri = URI.parse(target)
|
|
30
30
|
return nil if uri.nil? || uri.scheme.nil?
|
|
31
31
|
return nil unless %{ http https }.include? uri.scheme
|
|
32
|
+
|
|
32
33
|
target = transform(target)
|
|
33
34
|
opts[:username] = username if username
|
|
34
35
|
opts[:password] = password if password
|
|
@@ -121,6 +122,7 @@ module Fetchers
|
|
|
121
122
|
|
|
122
123
|
def parse_uri(target)
|
|
123
124
|
return URI.parse(target) if target.is_a?(String)
|
|
125
|
+
|
|
124
126
|
URI.parse(target[:url])
|
|
125
127
|
end
|
|
126
128
|
|
|
@@ -150,7 +152,7 @@ module Fetchers
|
|
|
150
152
|
end
|
|
151
153
|
|
|
152
154
|
def download_automate2_archive_to_temp
|
|
153
|
-
return @temp_archive_path
|
|
155
|
+
return @temp_archive_path unless @temp_archive_path.nil?
|
|
154
156
|
|
|
155
157
|
Inspec::Log.debug("Fetching URL: #{@target}")
|
|
156
158
|
json = {
|
|
@@ -189,7 +191,8 @@ module Fetchers
|
|
|
189
191
|
|
|
190
192
|
# Downloads archive to temporary file with side effect :( of setting @archive_type
|
|
191
193
|
def download_archive_to_temp
|
|
192
|
-
return @temp_archive_path
|
|
194
|
+
return @temp_archive_path unless @temp_archive_path.nil?
|
|
195
|
+
|
|
193
196
|
Inspec::Log.debug("Fetching URL: #{@target}")
|
|
194
197
|
remote = open_via_uri(@target)
|
|
195
198
|
@archive_type = file_type_from_remote(remote) # side effect :(
|
|
@@ -262,7 +265,7 @@ module Fetchers
|
|
|
262
265
|
end
|
|
263
266
|
unless keys_missing_values.empty?
|
|
264
267
|
raise "Unable to fetch profile - the following HTTP headers have no value: " \
|
|
265
|
-
"#{keys_missing_values.join(
|
|
268
|
+
"#{keys_missing_values.join(", ")}"
|
|
266
269
|
end
|
|
267
270
|
end
|
|
268
271
|
end
|
data/lib/inspec/backend.rb
CHANGED
data/lib/inspec/base_cli.rb
CHANGED
|
@@ -10,9 +10,11 @@ require "inspec/utils/deprecation/global_method"
|
|
|
10
10
|
class Thor::Arguments
|
|
11
11
|
def parse_array(_name)
|
|
12
12
|
return shift if peek.is_a?(Array)
|
|
13
|
+
|
|
13
14
|
array = []
|
|
14
15
|
while current_is_value?
|
|
15
16
|
break unless @parsing_options
|
|
17
|
+
|
|
16
18
|
array << shift
|
|
17
19
|
end
|
|
18
20
|
array
|
|
@@ -157,7 +159,7 @@ module Inspec
|
|
|
157
159
|
next if data.nil?
|
|
158
160
|
|
|
159
161
|
data = "\e[1m\e[#{color}m#{data}\e[0m"
|
|
160
|
-
str << format("#{
|
|
162
|
+
str << format("#{" " * indent}%-10s %s\n", item.to_s.capitalize + ":", data)
|
|
161
163
|
end
|
|
162
164
|
str
|
|
163
165
|
end
|
|
@@ -218,6 +220,7 @@ module Inspec
|
|
|
218
220
|
|
|
219
221
|
def suppress_log_output?(opts)
|
|
220
222
|
return false if opts["reporter"].nil?
|
|
223
|
+
|
|
221
224
|
match = %w{json json-min json-rspec json-automate junit html yaml documentation progress} & opts["reporter"].keys
|
|
222
225
|
unless match.empty?
|
|
223
226
|
match.each do |m|
|
data/lib/inspec/cli.rb
CHANGED
|
@@ -124,7 +124,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
|
124
124
|
else
|
|
125
125
|
%w{location profile controls timestamp valid}.each do |item|
|
|
126
126
|
puts format("%-12s %s", item.to_s.capitalize + ":",
|
|
127
|
-
|
|
127
|
+
mark_text(result[:summary][item.to_sym]))
|
|
128
128
|
end
|
|
129
129
|
puts
|
|
130
130
|
|
|
@@ -148,8 +148,8 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
|
148
148
|
|
|
149
149
|
puts
|
|
150
150
|
puts format("Summary: %s%d errors%s, %s%d warnings%s",
|
|
151
|
-
|
|
152
|
-
|
|
151
|
+
red, result[:errors].length, rst,
|
|
152
|
+
yellow, result[:warnings].length, rst)
|
|
153
153
|
end
|
|
154
154
|
end
|
|
155
155
|
exit 1 unless result[:summary][:valid]
|
|
@@ -375,7 +375,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
|
375
375
|
puts Inspec::Schema.json(name)
|
|
376
376
|
rescue StandardError => e
|
|
377
377
|
puts e
|
|
378
|
-
puts "Valid schemas are #{Inspec::Schema.names.join(
|
|
378
|
+
puts "Valid schemas are #{Inspec::Schema.names.join(", ")}"
|
|
379
379
|
end
|
|
380
380
|
|
|
381
381
|
desc "version", "prints the version of this tool"
|
|
@@ -410,6 +410,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
|
410
410
|
runner.load
|
|
411
411
|
|
|
412
412
|
return :ruby_eval, res if runner.all_rules.empty?
|
|
413
|
+
|
|
413
414
|
return :rspec_run, runner.run_tests # rubocop:disable Style/RedundantReturn
|
|
414
415
|
end
|
|
415
416
|
end
|
data/lib/inspec/config.rb
CHANGED
|
@@ -60,6 +60,7 @@ module Inspec
|
|
|
60
60
|
|
|
61
61
|
def diagnose
|
|
62
62
|
return unless self[:diagnose]
|
|
63
|
+
|
|
63
64
|
puts "InSpec version: #{Inspec::VERSION}"
|
|
64
65
|
puts "Train version: #{Train::VERSION}"
|
|
65
66
|
puts "Command line configuration:"
|
|
@@ -159,6 +160,7 @@ module Inspec
|
|
|
159
160
|
unless transport_name
|
|
160
161
|
raise ArgumentError, "Could not recognize a backend from the target #{final_options[:target]} - use a URI format with the backend name as the URI schema. Example: 'ssh://somehost.com' or 'transport://credset' or 'transport://' if credentials are provided outside of InSpec."
|
|
161
162
|
end
|
|
163
|
+
|
|
162
164
|
credentials[:backend] = transport_name.to_s # these are indeed stored in Train as Strings.
|
|
163
165
|
end
|
|
164
166
|
|
|
@@ -185,6 +187,7 @@ module Inspec
|
|
|
185
187
|
|
|
186
188
|
def _utc_find_credset_name(_credentials, transport_name)
|
|
187
189
|
return nil unless final_options[:target]
|
|
190
|
+
|
|
188
191
|
match = final_options[:target].match(%r{^#{transport_name}://(?<credset_name>[\w\d\-]+)$})
|
|
189
192
|
match ? match[:credset_name] : nil
|
|
190
193
|
end
|
|
@@ -196,6 +199,7 @@ module Inspec
|
|
|
196
199
|
# Regardless of our situation, end up with a readable IO object
|
|
197
200
|
def resolve_cfg_io(cli_opts, cfg_io)
|
|
198
201
|
raise(ArgumentError, "Inspec::Config must use an IO to read from") if cfg_io && !cfg_io.respond_to?(:read)
|
|
202
|
+
|
|
199
203
|
cfg_io ||= check_for_piped_config(cli_opts)
|
|
200
204
|
return cfg_io if cfg_io
|
|
201
205
|
|
|
@@ -211,6 +215,7 @@ module Inspec
|
|
|
211
215
|
|
|
212
216
|
return nil unless cli_opt
|
|
213
217
|
return nil unless cli_opt == "-"
|
|
218
|
+
|
|
214
219
|
# This warning is here so that if a user invokes inspec with --config=-,
|
|
215
220
|
# they will have an explanation for why it appears to hang.
|
|
216
221
|
Inspec::Log.warn "Reading JSON config from standard input" if STDIN.tty?
|
|
@@ -287,13 +292,14 @@ module Inspec
|
|
|
287
292
|
valid_fields = %w{version cli_options credentials compliance reporter}.sort
|
|
288
293
|
@cfg_file_contents.keys.each do |seen_field|
|
|
289
294
|
unless valid_fields.include?(seen_field)
|
|
290
|
-
raise Inspec::ConfigError::Invalid, "Unrecognized top-level configuration field #{seen_field}. Recognized fields: #{valid_fields.join(
|
|
295
|
+
raise Inspec::ConfigError::Invalid, "Unrecognized top-level configuration field #{seen_field}. Recognized fields: #{valid_fields.join(", ")}"
|
|
291
296
|
end
|
|
292
297
|
end
|
|
293
298
|
end
|
|
294
299
|
|
|
295
300
|
def validate_reporters!(reporters)
|
|
296
301
|
return if reporters.nil?
|
|
302
|
+
|
|
297
303
|
# TODO: move this into a reporter plugin type system
|
|
298
304
|
valid_types = %w{
|
|
299
305
|
automate
|
|
@@ -313,6 +319,7 @@ module Inspec
|
|
|
313
319
|
raise NotImplementedError, "'#{reporter_name}' is not a valid reporter type." unless valid_types.include?(reporter_name)
|
|
314
320
|
|
|
315
321
|
next unless reporter_name == "automate"
|
|
322
|
+
|
|
316
323
|
%w{token url}.each do |option|
|
|
317
324
|
raise Inspec::ReporterError, "You must specify a automate #{option} via the config file." if reporter_config[option].nil?
|
|
318
325
|
end
|
|
@@ -410,6 +417,7 @@ module Inspec
|
|
|
410
417
|
%w{password sudo-password}.each do |option_name|
|
|
411
418
|
snake_case_option_name = option_name.tr("-", "_").to_s
|
|
412
419
|
next unless options[snake_case_option_name] == -1 # Thor sets -1 for missing value - see #1918
|
|
420
|
+
|
|
413
421
|
raise ArgumentError, "Please provide a value for --#{option_name}. For example: --#{option_name}=hello."
|
|
414
422
|
end
|
|
415
423
|
|
|
@@ -216,6 +216,7 @@ module Inspec
|
|
|
216
216
|
return if @skip_only_if_eval == true
|
|
217
217
|
|
|
218
218
|
return if block.yield == true
|
|
219
|
+
|
|
219
220
|
# Apply `set_skip_rule` for other rules in the same file
|
|
220
221
|
profile_context_owner.rules.values.each do |r|
|
|
221
222
|
sources_match = r.source_file == block.source_location[0]
|
|
@@ -71,6 +71,7 @@ module Inspec
|
|
|
71
71
|
|
|
72
72
|
def to_array
|
|
73
73
|
return [] if @dep_list.nil?
|
|
74
|
+
|
|
74
75
|
@dep_list.map do |_k, v|
|
|
75
76
|
v.to_hash
|
|
76
77
|
end.compact
|
|
@@ -85,6 +86,7 @@ module Inspec
|
|
|
85
86
|
#
|
|
86
87
|
def vendor(dependencies)
|
|
87
88
|
return nil if dependencies.nil? || dependencies.empty?
|
|
89
|
+
|
|
88
90
|
@dep_list = Resolver.resolve(dependencies, @cache, @cwd, @backend)
|
|
89
91
|
end
|
|
90
92
|
end
|
|
@@ -21,16 +21,16 @@ module Inspec
|
|
|
21
21
|
}
|
|
22
22
|
|
|
23
23
|
new(dep[:name],
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
24
|
+
dep[:version],
|
|
25
|
+
config,
|
|
26
|
+
opts.merge(dep))
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
def self.from_lock_entry(entry, config, opts = {})
|
|
30
30
|
req = new(entry[:name],
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
31
|
+
entry[:version_constraints],
|
|
32
|
+
config,
|
|
33
|
+
entry[:resolved_source].merge(backend: config[:backend]).merge(opts))
|
|
34
34
|
|
|
35
35
|
locked_deps = []
|
|
36
36
|
Array(entry[:dependencies]).each do |dep_entry|
|
|
@@ -86,7 +86,7 @@ module Inspec
|
|
|
86
86
|
"version_constraints" => version_constraints,
|
|
87
87
|
}
|
|
88
88
|
|
|
89
|
-
|
|
89
|
+
unless dependencies.empty?
|
|
90
90
|
h["dependencies"] = dependencies.map(&:to_hash)
|
|
91
91
|
end
|
|
92
92
|
|
|
@@ -115,6 +115,7 @@ module Inspec
|
|
|
115
115
|
# load the profile for the requirement
|
|
116
116
|
def profile
|
|
117
117
|
return @profile unless @profile.nil?
|
|
118
|
+
|
|
118
119
|
opts = @opts.dup
|
|
119
120
|
opts[:backend] = @backend
|
|
120
121
|
opts[:runner_conf] = Inspec::Config.cached
|
|
@@ -37,7 +37,7 @@ module Inspec
|
|
|
37
37
|
problem_cookbook = if top_level
|
|
38
38
|
"the inspec.yml for this profile."
|
|
39
39
|
else
|
|
40
|
-
"the dependency information for #{path_string.split(
|
|
40
|
+
"the dependency information for #{path_string.split(" ").last}"
|
|
41
41
|
end
|
|
42
42
|
raise Inspec::DuplicateDep, "The dependency #{dep.name} is listed twice in #{problem_cookbook}"
|
|
43
43
|
else
|
|
@@ -68,13 +68,13 @@ module Inspec
|
|
|
68
68
|
|
|
69
69
|
new_seen_items[dep.resolved_source] = true
|
|
70
70
|
|
|
71
|
-
|
|
71
|
+
unless dep.source_satisfies_spec?
|
|
72
72
|
raise Inspec::UnsatisfiedVersionSpecification, "The profile #{dep.name} from #{dep.resolved_source} has a version #{dep.source_version} which doesn't match #{dep.version_constraints}"
|
|
73
73
|
end
|
|
74
74
|
|
|
75
75
|
Inspec::Log.debug("Adding dependency #{dep.name} (#{dep.resolved_source})")
|
|
76
76
|
graph[dep.name] = dep
|
|
77
|
-
|
|
77
|
+
unless dep.dependencies.empty?
|
|
78
78
|
resolve(dep.dependencies, false, new_seen_items.dup, new_path_string)
|
|
79
79
|
end
|
|
80
80
|
end
|
data/lib/inspec/describe.rb
CHANGED
data/lib/inspec/dsl.rb
CHANGED
|
@@ -68,7 +68,7 @@ module Inspec::DSL
|
|
|
68
68
|
context = dep_entry.profile.runner_context
|
|
69
69
|
# if we don't want all the rules, then just make 1 pass to get all rule_IDs
|
|
70
70
|
# that we want to keep from the original
|
|
71
|
-
filter_included_controls(context, dep_entry.profile, &block)
|
|
71
|
+
filter_included_controls(context, dep_entry.profile, &block) unless opts[:include_all]
|
|
72
72
|
# interpret the block and skip/modify as required
|
|
73
73
|
context.load(block) if block_given?
|
|
74
74
|
bind_context.add_subcontext(context)
|
data/lib/inspec/dsl_shared.rb
CHANGED
|
@@ -10,7 +10,7 @@ module Inspec
|
|
|
10
10
|
|
|
11
11
|
def require(path)
|
|
12
12
|
rbpath = path + ".rb"
|
|
13
|
-
return __ruby_require(path)
|
|
13
|
+
return __ruby_require(path) unless @require_loader.exists?(rbpath)
|
|
14
14
|
return false if @require_loader.loaded?(rbpath)
|
|
15
15
|
|
|
16
16
|
# This is equivalent to calling `require 'lib'` with lib on disk.
|
data/lib/inspec/env_printer.rb
CHANGED
|
@@ -23,8 +23,8 @@ module Inspec
|
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
def print_and_exit!
|
|
26
|
-
exit_no_shell
|
|
27
|
-
exit_no_completion
|
|
26
|
+
exit_no_shell unless have_shell?
|
|
27
|
+
exit_no_completion unless have_shell_completion?
|
|
28
28
|
|
|
29
29
|
print_completion_for_shell
|
|
30
30
|
print_detection_warning($stdout) if @detected
|
|
@@ -77,7 +77,7 @@ module Inspec
|
|
|
77
77
|
#
|
|
78
78
|
# inspec env SHELLNAME
|
|
79
79
|
#
|
|
80
|
-
# Currently supported shells are: #{shells_with_completions.join(
|
|
80
|
+
# Currently supported shells are: #{shells_with_completions.join(", ")}
|
|
81
81
|
#
|
|
82
82
|
EOF
|
|
83
83
|
end
|
|
@@ -98,7 +98,7 @@ module Inspec
|
|
|
98
98
|
#
|
|
99
99
|
# inspec env SHELLNAME
|
|
100
100
|
#
|
|
101
|
-
# Currently supported shells are: #{shells_with_completions.join(
|
|
101
|
+
# Currently supported shells are: #{shells_with_completions.join(", ")}
|
|
102
102
|
EOF
|
|
103
103
|
exit 1
|
|
104
104
|
end
|