train-core 3.13.4 → 3.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 470b27511b7ffb2b3994b51f95465ea89e484c2a9cab59826760fc943d148aae
-  data.tar.gz: 5de12e071d0be7aedc0c5d01c22577a0a530c677a40a36aed95a98464d470962
+  metadata.gz: 1d838f638d6bbc471fdd186099014d342ec80ea3d208885d709351ed1564d96d
+  data.tar.gz: 4a3c73b0faed531af7e55578a94e76754a6ce408a1a6aac706bc2a05eff7b5f1
 SHA512:
-  metadata.gz: 7492ea263b349a770fc84b3b475fc9d72c58d887a90cf522524b7e3c2f86354e23541d3dc09e00e548d6e98e94243c1367e39ea345c3cade5f950a5b4ada2c11
-  data.tar.gz: 5fb6ba093f4758d506b20130b4d8ed0e5f36d3f2a51289cd96ec11911f6727f49e27dc749ec376363a8e73bfbe033685a06a25efb8e56374547ca2ba4eee00e8
+  metadata.gz: 5e379c906184e37a441b6c9736b95b6fd6fa724bccba8f626b964b4342305f201b4fce792bb81e4c275b8b49036aa2cad97c0682880529029354530e6d06d121
+  data.tar.gz: 72a4cfe2de2a43d359fb63c23f48264b8b316b5513693150ac256d10a867514722b5445619571b845256aeac157feaf06ea54f36288e5f192421cf6a4cf4b487

data/lib/train/extras/stat.rb

@@ -34,7 +34,7 @@ module Train::Extras
 
     def self.linux_stat(shell_escaped_path, backend, follow_symlink)
       lstat = follow_symlink ? " -L" : ""
-      format = (backend.os.esx? || %w{alpine yocto ubios}.include?(backend.os[:name])) ? "-c" : "--printf"
+      format = (backend.os.esx? || %w{alpine yocto ubios}.include?(backend.os[:name]) || %w{chainguard}.include?(backend.os[:family])) ? "-c" : "--printf"
       res = backend.run_command("stat#{lstat} #{shell_escaped_path} 2>/dev/null #{format} '%s\n%f\n%U\n%u\n%G\n%g\n%X\n%Y\n%C'")
       # ignore the exit_code: it is != 0 if selinux labels are not supported
       # on the system.

data/lib/train/platforms/detect/helpers/os_windows.rb

@@ -25,10 +25,9 @@ module Train::Platforms::Detect::Helpers
         @platform[:name] = "Windows #{@platform[:release]}"
       end
 
-      # `Get-CimInstance` is a PowerShell-specific command and is not available in Command Prompt.
-      # Since the logic has always relied on `read_wmic` at this point, we are skipping the conditional check for `wmic_available?`
-      # and directly invoking `read_wmic` to maintain the existing behavior.
-      read_wmic
+      # Prefer retrieving the OS details via `wmic` if available on the system to retain existing behavior.
+      # If `wmic` is not available, fall back to using cmd-only commands as an alternative method.
+      wmic_available? ? read_wmic : read_cmd_os
       true
     end
 
@@ -243,6 +242,62 @@ module Train::Platforms::Detect::Helpers
       arch_map[res.stdout.strip.to_i]
     end
 
+    # Fallback method for reading OS info using cmd-only commands when wmic is not available
+    def read_cmd_os
+      # Try to get architecture from PROCESSOR_ARCHITECTURE environment variable
+      # This covers the same architectures as wmic CPU detection but uses environment variables
+      # which are available on all Windows versions since NT
+      arch_res = @backend.run_command("echo %PROCESSOR_ARCHITECTURE%")
+      if arch_res.exit_status == 0
+        arch_string = arch_res.stdout.strip.downcase
+        # Only set architecture if we got actual output
+        unless arch_string.empty?
+          @platform[:arch] = case arch_string
+                            when "x86"
+                              "i386"
+                            when "amd64", "x64"
+                              "x86_64"
+                            when "ppc", "powerpc"
+                              "powerpc"
+                            else
+                              # For any unknown architecture, preserve the original value
+                              # This handles: arm64, ia64, arm, mips, alpha, and future architectures
+                              arch_string
+                             end
+        end
+      end
+      # If PROCESSOR_ARCHITECTURE fails, architecture remains unset (consistent with other methods)
+
+      # Try to get more detailed OS info from systeminfo command as fallback
+      # This is slower than wmic but works without PowerShell
+      # Only override the basic info from check_cmd if systeminfo provides better data
+      sysinfo_res = @backend.run_command("systeminfo")
+      if sysinfo_res.exit_status == 0
+        sysinfo_res.stdout.lines.each do |line|
+          line = line.strip
+          if line =~ /^OS Name:\s*(.+)$/i
+            os_name = $1.strip
+            # Only override if we get a more detailed name than the basic "Windows X.X.X" from check_cmd
+            detailed_name = os_name.gsub("Microsoft", "").strip
+            @platform[:name] = detailed_name unless detailed_name.empty?
+          elsif line =~ /^OS Version:\s*(.+)$/i
+            version_info = $1.strip
+            # Extract version number from format like "10.0.19044 N/A Build 19044"
+            if version_info =~ /^(\d+\.\d+\.\d+)/
+              # Only override release if systeminfo provides the same or more detailed version
+              systeminfo_release = $1
+              @platform[:release] = systeminfo_release if systeminfo_release
+            end
+            # Extract build number (this is additional info not available from check_cmd)
+            if version_info =~ /Build (\d+)/
+              @platform[:build] = $1
+            end
+          end
+        end
+      end
+      # If systeminfo fails, we keep the basic info from check_cmd method
+    end
+
     def windows_uuid_from_cim
       cmd = 'powershell -Command "(Get-CimInstance -Class Win32_ComputerSystemProduct).UUID"'
       res = @backend.run_command(cmd)

data/lib/train/platforms/detect/specifications/os.rb

@@ -232,6 +232,27 @@ module Train::Platforms::Detect::Specifications
         end
       end
 
+      declare_category("chainguard", "linux") do
+        rel = linux_os_release
+        rel && rel["ID"] =~ /(wolfi|chainguard)/
+      end
+
+      declare_instance("wolfi", "Wolfi Linux", "chainguard") do
+        rel = linux_os_release
+        if rel && rel["ID"] =~ /wolfi/
+          @platform[:release] = rel["VERSION_ID"]
+          true
+        end
+      end
+
+      declare_instance("chainguard", "Chainguard Linux", "chainguard") do
+        rel = linux_os_release
+        if rel && rel["ID"] =~ /chainguard/
+          @platform[:release] = rel["VERSION_ID"]
+          true
+        end
+      end
+
       # brocade family detected here if device responds to 'uname' command,
       # happens when logging in as root
       plat.family("brocade").title("Brocade Family").in_family("linux")

data/lib/train/transports/local.rb

@@ -230,6 +230,12 @@ module Train::Transports
 
           pipe = nil
 
+          # Verify ownership before connecting
+          owner, current_user, is_owner = pipe_owned_by_current_user?(pipe_name)
+          unless is_owner
+            raise PipeError, "Unauthorized user '#{current_user}' tried to connect to pipe '#{pipe_name}'. Pipe is owned by '#{owner}'."
+          end
+
           # PowerShell needs time to create pipe.
           100.times do
             pipe = open("//./pipe/#{pipe_name}", "r+")
@@ -246,8 +252,11 @@ module Train::Transports
 
           script = <<-EOF
             $ErrorActionPreference = 'Stop'
-
-            $pipeServer = New-Object System.IO.Pipes.NamedPipeServerStream('#{pipe_name}')
+            $user = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
+            $pipeSecurity = New-Object System.IO.Pipes.PipeSecurity
+            $rule = New-Object System.IO.Pipes.PipeAccessRule($user, "FullControl", "Allow")
+            $pipeSecurity.AddAccessRule($rule)
+            $pipeServer = New-Object System.IO.Pipes.NamedPipeServerStream('#{pipe_name}', [System.IO.Pipes.PipeDirection]::InOut, 1, [System.IO.Pipes.PipeTransmissionMode]::Byte, [System.IO.Pipes.PipeOptions]::None, 4096, 4096, $pipeSecurity)
             $pipeReader = New-Object System.IO.StreamReader($pipeServer)
             $pipeWriter = New-Object System.IO.StreamWriter($pipeServer)
 
@@ -288,6 +297,29 @@ module Train::Transports
           cmd = "#{@powershell_cmd} -NoProfile -ExecutionPolicy bypass -NonInteractive -EncodedCommand #{base64_script}"
           Process.create(command_line: cmd).process_id
         end
+
+        def current_windows_user
+          user = `powershell -Command "[System.Security.Principal.WindowsIdentity]::GetCurrent().Name"`.strip
+          if user.nil? || user.empty?
+            user = `whoami`.strip
+          end
+          if user.nil? || user.empty?
+            raise "Unable to determine current Windows user"
+          end
+
+          user
+        end
+
+        # Verify pipe ownership before connecting
+        def pipe_owned_by_current_user?(pipe_name)
+          exists = `powershell -Command "Test-Path \\\\.\\pipe\\#{pipe_name}"`.strip.downcase == "true"
+          current_user = current_windows_user
+          return [nil, current_user, false] unless exists
+
+          owner = `powershell -Command "(Get-Acl \\\\.\\pipe\\#{pipe_name}).Owner" 2>&1`.strip
+          is_owner = !owner.nil? && !current_user.nil? && owner.casecmp(current_user) == 0
+          [owner, current_user, is_owner]
+        end
       end
     end
   end

data/lib/train/version.rb

@@ -2,5 +2,5 @@
 # Author:: Dominik Richter (<dominik.richter@gmail.com>)
 
 module Train
-  VERSION = "3.13.4".freeze
+  VERSION = "3.15.0".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: train-core
 version: !ruby/object:Gem::Version
-  version: 3.13.4
+  version: 3.15.0
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2025-08-20 00:00:00.000000000 Z
+date: 2025-12-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -28,16 +28,22 @@ dependencies:
   name: ffi
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.16.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.18'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.16.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.18'
 - !ruby/object:Gem::Dependency
   name: json
   requirement: !ruby/object:Gem::Requirement