serverspec 0.2.22 → 0.2.23

data/lib/serverspec.rb

@@ -8,6 +8,7 @@ require 'serverspec/setup'
 require 'serverspec/filter'
 require 'serverspec/subject'
 require 'serverspec/commands/base'
+require 'serverspec/commands/linux'
 require 'serverspec/commands/redhat'
 require 'serverspec/commands/debian'
 require 'serverspec/commands/gentoo'
@@ -30,3 +31,24 @@ RSpec.configure do |c|
     end
   end
 end
+
+module RSpec
+  module Matchers
+    module DSL
+      class Matcher
+        def failure_message_for_should(&block)
+          if block.to_s =~ /serverspec\/matchers\/.+\.rb/
+            @custom = true
+          end
+          if @custom
+            cache_or_call_cached(:failure_message_for_should, &block)
+          else
+            message =  "#{example.metadata[:command]}\n"
+            message += "#{example.metadata[:stdout]}"
+            message
+          end
+        end
+      end
+    end
+  end
+end

data/lib/serverspec/backend/exec.rb

@@ -1,5 +1,3 @@
-require 'open3'
-
 module Serverspec
   module Backend
     class Exec
@@ -12,17 +10,17 @@ module Serverspec
       end
 
       def run_command(cmd, opts={})
+        stdout = `#{cmd} 2>&1`
         # In ruby 1.9, it is possible to use Open3.capture3, but not in 1.8
         #stdout, stderr, status = Open3.capture3(cmd)
-        # So get exit status with `command`
-        `#{cmd} 2>&1`
-        ret = { :exit_status => $?, :exit_signal => nil }
-
-        # Get stdout and stderr
-        stdin, stdout, stderr = Open3.popen3(cmd)
-        ret[:stdout] = stdout.read
-        ret[:stderr] = stderr.read
-        ret
+
+        if ! @example.nil?
+          @example.metadata[:command] = cmd
+          @example.metadata[:stdout]  = stdout
+        end
+
+        { :stdout => stdout, :stderr => nil,
+          :exit_status => $?, :exit_signal => nil }
       end
 
       def check_zero(cmd, *args)
@@ -33,11 +31,12 @@ module Serverspec
       # Default action is to call check_zero with args
       def method_missing(meth, *args, &block)
         # Remove example object from *args
-        args.shift
+        @example = args.shift
         check_zero(meth, *args)
       end
 
       def check_installed_by_gem(example, package, version)
+        @example = example
         ret = run_command(commands.check_installed_by_gem(package))
         res = ret[:exit_status] == 0
         if res && version
@@ -47,6 +46,7 @@ module Serverspec
       end
 
       def check_running(example, process)
+        @example = example
         ret = run_command(commands.check_running(process))
         if ret[:exit_status] == 1 || ret[:stdout] =~ /stopped/
           ret = run_command(commands.check_process(process))
@@ -55,11 +55,13 @@ module Serverspec
       end
 
       def check_running_under_supervisor(example, process)
+        @example = example
         ret = run_command(commands.check_running_under_supervisor(process))
         ret[:exit_status] == 0 && ret[:stdout] =~ /RUNNING/
       end
 
       def check_readable(example, file, by_whom)
+        @example = example
         mode = sprintf('%04s',run_command(commands.get_mode(file))[:stdout].strip)
         mode = mode.split('')
         mode_octal = mode[0].to_i * 512 + mode[1].to_i * 64 + mode[2].to_i * 8 + mode[3].to_i * 1
@@ -76,6 +78,7 @@ module Serverspec
       end
 
       def check_writable(example, file, by_whom)
+        @example = example
         mode = sprintf('%04s',run_command(commands.get_mode(file))[:stdout].strip)
         mode = mode.split('')
         mode_octal = mode[0].to_i * 512 + mode[1].to_i * 64 + mode[2].to_i * 8 + mode[3].to_i * 1
@@ -92,6 +95,7 @@ module Serverspec
       end
 
       def check_executable(example, file, by_whom)
+        @example = example
         mode = sprintf('%04s',run_command(commands.get_mode(file))[:stdout].strip)
         mode = mode.split('')
         mode_octal = mode[0].to_i * 512 + mode[1].to_i * 64 + mode[2].to_i * 8 + mode[3].to_i * 1
@@ -108,6 +112,7 @@ module Serverspec
       end
 
       def check_mounted(example, path, expected_attr, only_with)
+        @example = example
         ret = run_command(commands.check_mounted(path))
         if expected_attr.nil? || ret[:exit_status] != 0
           return ret[:exit_status] == 0

data/lib/serverspec/backend/ssh.rb

@@ -5,7 +5,12 @@ module Serverspec
     class Ssh < Exec
       def run_command(cmd, opt={})
         cmd = "sudo #{cmd}" if not RSpec.configuration.ssh.options[:user] == 'root'
-        ssh_exec!(cmd)
+        ret = ssh_exec!(cmd)
+        if ! @example.nil?
+          @example.metadata[:command] = cmd
+          @example.metadata[:stdout]  = ret[:stdout]
+        end
+        ret
       end
 
       private

data/lib/serverspec/commands/base.rb

@@ -1,48 +1,55 @@
+require 'shellwords'
+
 module Serverspec
   module Commands
     class Base
       class NotImplementedError < Exception; end
 
+      def escape target
+        Shellwords.shellescape(target.to_s())
+      end
+
       def check_enabled service
         raise NotImplementedError.new
       end
 
       def check_mounted path
-        "mount | grep -w 'on #{path}'"
+        regexp = "on #{path}"
+        "mount | grep -w -- #{escape(regexp)}"
       end
 
       def check_reachable host, port, proto, timeout
         if port.nil?
-          "ping -n #{host} -w #{timeout} -c 2"
+          "ping -n #{escape(host)} -w #{escape(timeout)} -c 2"
         else
-          "nc -vvvvz#{proto[0].chr} #{host} #{port} -w #{timeout}"
+          "nc -vvvvz#{escape(proto[0].chr)} #{escape(host)} #{escape(port)} -w #{escape(timeout)}"
         end
       end
 
       def check_resolvable name, type
         if type == "dns"
-          "nslookup -timeout=1 #{name}"
+          "nslookup -timeout=1 #{escape(name)}"
         elsif type == "hosts"
-          "grep -w #{name} /etc/hosts"
+          "grep -w -- #{escape(name)} /etc/hosts"
         else
-          "getent hosts #{name}"
+          "getent hosts #{escape(name)}"
         end
       end
 
       def check_file file
-        "test -f #{file}"
+        "test -f #{escape(file)}"
       end
 
       def check_directory directory
-        "test -d #{directory}"
+        "test -d #{escape(directory)}"
       end
 
       def check_user user
-        "id #{user}"
+        "id #{escape(user)}"
       end
 
       def check_group group
-        "getent group | grep -wq #{group}"
+        "getent group | grep -wq -- #{escape(group)}"
       end
 
       def check_installed package
@@ -50,90 +57,91 @@ module Serverspec
       end
 
       def check_listening port
-        "netstat -tunl | grep ':#{port} '"
+        regexp = ":#{port} "
+        "netstat -tunl | grep -- #{escape(regexp)}"
       end
 
       def check_running service
-        "service #{service} status"
+        "service #{escape(service)} status"
       end
 
       def check_running_under_supervisor service
-        "supervisorctl status #{service}"
+        "supervisorctl status #{escape(service)}"
       end
 
       def check_process process
-        "ps aux | grep -w #{process} | grep -qv grep"
+        "ps aux | grep -w -- #{escape(process)} | grep -qv grep"
       end
 
       def check_file_contain file, expected_pattern
-        "grep -q '#{expected_pattern}' #{file}"
+        "grep -q -- #{escape(expected_pattern)} #{escape(file)}"
       end
 
       def check_file_contain_within file, expected_pattern, from=nil, to=nil
         from ||= '1'
         to ||= '$'
         checker = check_file_contain("-", expected_pattern)
-        "sed -n '#{from},#{to}p' #{file} | #{checker}"
+        "sed -n #{escape(from)},#{escape(to)}p #{escape(file)} | #{checker}"
       end
 
       def check_mode file, mode
-        "stat -c %a #{file} | grep '^#{mode}$'"
+        regexp = "^#{mode}$"
+        "stat -c %a #{escape(file)} | grep -- #{escape(regexp)}"
       end
 
       def check_owner file, owner
-        "stat -c %U #{file} | grep '^#{owner}$'"
+        regexp = "^#{owner}$"
+        "stat -c %U #{escape(file)} | grep -- #{escape(regexp)}"
       end
 
       def check_grouped file, group
-        "stat -c %G #{file} | grep '^#{group}$'"
+        regexp = "^#{group}$"
+        "stat -c %G #{escape(file)} | grep -- #{escape(regexp)}"
       end
 
       def check_cron_entry user, entry
         entry_escaped = entry.gsub(/\*/, '\\*')
-        "crontab -u #{user} -l | grep \"#{entry_escaped}\""
+        "crontab -u #{escape(user)} -l | grep -- #{escape(entry_escaped)}"
       end
 
       def check_link link, target
-        "stat -c %N #{link} | grep #{target}"
+        "stat -c %N #{escape(link)} | grep -- #{escape(target)}"
       end
 
       def check_installed_by_gem name
-        "gem list --local | grep '^#{name} '"
+        gem_name = "^#{name} "
+        "gem list --local | grep -- #{escape(gem_name)}"
       end
 
       def check_belonging_group user, group
-        "id #{user} | awk '{print $3}' | grep #{group}"
+        "id #{escape(user)} | awk '{print $3}' | grep -- #{escape(group)}"
       end
 
       def check_gid group, gid
-        "getent group | grep -w ^#{group} | cut -f 3 -d ':' | grep -w #{gid}"
+        regexp = "^#{group}"
+        "getent group | grep -w -- #{escape(regexp)} | cut -f 3 -d ':' | grep -w -- #{escape(gid)}"
       end
 
       def check_uid user, uid
-        "id #{user} | grep '^uid=#{uid}('"
+        regexp = "^uid=#{uid}("
+        "id #{escape(user)} | grep -- #{escape(regexp)}"
       end
 
       def check_login_shell user, path_to_shell
-        "getent passwd #{user} | cut -f 7 -d ':' | grep -w #{path_to_shell}"
+        "getent passwd #{escape(user)} | cut -f 7 -d ':' | grep -w -- #{escape(path_to_shell)}"
       end
 
       def check_home_directory user, path_to_home
-        "getent passwd #{user} | cut -f 6 -d ':' | grep -w #{path_to_home}"
+        "getent passwd #{escape(user)} | cut -f 6 -d ':' | grep -w -- #{escape(path_to_home)}"
       end
 
       def check_authorized_key user, key
         key.sub!(/\s+\S*$/, '') if key.match(/^\S+\s+\S+\s+\S*$/)
-        "grep -w '#{key}' ~#{user}/.ssh/authorized_keys"
+        "grep -w -- #{escape(key)} ~#{escape(user)}/.ssh/authorized_keys"
       end
 
       def check_iptables_rule rule, table=nil, chain=nil
-        cmd = "iptables"
-        cmd += " -t #{table}" if table
-        cmd += " -S"
-        cmd += " #{chain}" if chain
-        rule.gsub!(/\-/, '\\-')
-        cmd += " | grep '#{rule}'"
-        cmd
+        raise NotImplementedError.new
       end
 
       def check_zfs zfs, property=nil, value=nil
@@ -141,7 +149,7 @@ module Serverspec
       end
 
       def get_mode(file)
-        "stat -c %a #{file}"
+        "stat -c %a #{escape(file)}"
       end
 
       def check_ipfilter_rule rule
@@ -161,7 +169,7 @@ module Serverspec
       end
 
       def check_selinux mode
-        "/usr/sbin/getenforce | grep -i '#{mode}'"
+        raise NotImplementedError.new
       end
     end
   end

data/lib/serverspec/commands/debian.rb

@@ -1,12 +1,12 @@
 module Serverspec
   module Commands
-    class Debian < Base
+    class Debian < Linux
       def check_enabled service
-        "ls /etc/rc3.d/ | grep #{service}"
+        "ls /etc/rc3.d/ | grep -- #{escape(service)}"
       end
 
       def check_installed package
-        "dpkg -s #{package}"
+        "dpkg -s #{escape(package)}"
       end
     end
   end

data/lib/serverspec/commands/gentoo.rb

@@ -1,16 +1,17 @@
 module Serverspec
   module Commands
-    class Gentoo < Base
+    class Gentoo < Linux
       def check_enabled service
-        "/sbin/rc-update show | grep '^\\s*#{service}\\s*|\\s*\\(boot\\|default\\)'"
+        regexp = "^\\s*#{service}\\s*|\\s*\\(boot\\|default\\)"
+        "/sbin/rc-update show | grep -- #{escape(regexp)}"
       end
 
       def check_installed package
-        "/usr/bin/eix #{package} --installed"
+        "/usr/bin/eix #{escape(package)} --installed"
       end
 
       def check_running service
-        "/etc/init.d/#{service} status"
+        "/etc/init.d/#{escape(service)} status"
       end
     end
   end

data/lib/serverspec/commands/linux.rb

@@ -0,0 +1,22 @@
+require 'shellwords'
+
+module Serverspec
+  module Commands
+    class Linux < Base
+      class NotImplementedError < Exception; end
+
+      def check_iptables_rule rule, table=nil, chain=nil
+        cmd = "iptables"
+        cmd += " -t #{escape(table)}" if table
+        cmd += " -S"
+        cmd += " #{escape(chain)}" if chain
+        cmd += " | grep -- #{escape(rule)}"
+        cmd
+      end
+
+      def check_selinux mode
+        "/usr/sbin/getenforce | grep -i -- #{escape(mode)}"
+      end
+    end
+  end
+end

data/lib/serverspec/commands/redhat.rb

@@ -1,12 +1,12 @@
 module Serverspec
   module Commands
-    class RedHat < Base
+    class RedHat < Linux
       def check_enabled service
-        "chkconfig --list #{service} | grep 3:on"
+        "chkconfig --list #{escape(service)} | grep 3:on"
       end
 
       def check_installed package
-        "rpm -q #{package}"
+        "rpm -q #{escape(package)}"
       end
     end
   end

data/lib/serverspec/commands/solaris.rb

@@ -2,54 +2,59 @@ module Serverspec
   module Commands
     class Solaris < Base
       def check_enabled service
-        "svcs -l #{service} 2> /dev/null | grep 'enabled      true'"
+        "svcs -l #{escape(service)} 2> /dev/null | grep 'enabled      true'"
       end
 
       def check_installed package
-        "pkg list -H #{package} 2> /dev/null"
+        "pkg list -H #{escape(package)} 2> /dev/null"
       end
 
       def check_listening port
-        "netstat -an 2> /dev/null | egrep 'LISTEN|Idle' | grep '\.#{port} '"
+        regexp = "\.#{port} "
+        "netstat -an 2> /dev/null | egrep 'LISTEN|Idle' | grep -- #{escape(regexp)}"
       end
 
       def check_running service
-        "svcs -l #{service} status 2> /dev/null |grep 'state        online'"
+        "svcs -l #{escape(service)} status 2> /dev/null |grep 'state        online'"
       end
 
       def check_cron_entry user, entry
         entry_escaped = entry.gsub(/\*/, '\\*')
-        "crontab -l #{user} | grep '#{entry_escaped}'"
+        "crontab -l #{escape(user)} | grep -- #{escape(entry_escaped)}"
       end
 
       def check_zfs zfs, property=nil
         if property.nil?
-          "/sbin/zfs list -H #{zfs}"
+          "/sbin/zfs list -H #{escape(zfs)}"
         else
           commands = []
           property.sort.each do |key, value|
-            commands << "/sbin/zfs list -H -o #{key} #{zfs} | grep ^#{value}$"
+            regexp = "^#{value}$"
+            commands << "/sbin/zfs list -H -o #{escape(key)} #{escape(zfs)} | grep -- #{escape(regexp)}"
           end
           commands.join(' && ')
         end
       end
 
       def check_ipfilter_rule rule
-        "/sbin/ipfstat -io 2> /dev/null | grep '#{rule}'"
+        "/sbin/ipfstat -io 2> /dev/null | grep -- #{escape(rule)}"
       end
 
       def check_ipnat_rule rule
-        "/sbin/ipnat -l 2> /dev/null | grep '^#{rule}$'"
+        regexp = "^#{rule}$"
+        "/sbin/ipnat -l 2> /dev/null | grep -- #{escape(regexp)}"
       end
 
       def check_svcprop svc, property, value
-        "svcprop -p #{property} #{svc} | grep ^#{value}$"
+        regexp = "^#{value}$"
+        "svcprop -p #{escape(property)} #{escape(svc)} | grep -- #{escape(regexp)}"
       end
 
       def check_svcprops svc, property
         commands = []
         property.sort.each do |key, value|
-          commands << "svcprop -p #{key} #{svc} | grep ^#{value}$"
+          regexp = "^#{value}$"
+          commands << "svcprop -p #{escape(key)} #{escape(svc)} | grep -- #{escape(regexp)}"
         end
         commands.join(' && ')
       end
@@ -58,23 +63,24 @@ module Serverspec
         from ||= '1'
         to ||= '$'
         checker = check_file_contain("/dev/stdin", expected_pattern)
-        "sed -n '#{from},#{to}p' #{file} | #{checker}"
+        "sed -n #{escape(from)},#{escape(to)}p #{escape(file)} | #{checker}"
       end
 
       def check_belonging_group user, group
-        "id -Gn #{user} | grep #{group}"
+        "id -Gn #{escape(user)} | grep -- #{escape(group)}"
       end
 
       def check_gid group, gid
-        "getent group | grep ^#{group}: | cut -f 3 -d ':' | grep -w #{gid}"
+        regexp = "^#{group}:"
+        "getent group | grep -- #{escape(regexp)} | cut -f 3 -d ':' | grep -w -- #{escape(gid)}"
       end
 
       def check_home_directory user, path_to_home
-        "getent passwd #{user} | cut -f 6 -d ':' | grep -w #{path_to_home}"
+        "getent passwd #{escape(user)} | cut -f 6 -d ':' | grep -w -- #{escape(path_to_home)}"
       end
 
       def check_login_shell user, path_to_shell
-        "getent passwd #{user} | cut -f 7 -d ':' | grep -w #{path_to_shell}"
+        "getent passwd #{escape(user)} | cut -f 7 -d ':' | grep -w -- #{escape(path_to_shell)}"
       end
     end
   end