2019-06-11 22:24:35 +00:00
|
|
|
require "helper"
|
2019-06-07 23:33:56 +00:00
|
|
|
require "inspec/file_provider" # TODO: split
|
2016-09-08 09:11:44 +00:00
|
|
|
|
|
|
|
describe Inspec::MockProvider do
|
|
|
|
let(:subject) { Inspec::MockProvider.new(target) }
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "without data" do
|
|
|
|
let(:target) { { mock: {} } }
|
|
|
|
it "has no files on empty" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(subject.files).must_equal []
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "with_data" do
|
2016-09-08 09:11:44 +00:00
|
|
|
let(:file_name) { rand.to_s }
|
|
|
|
let(:file_content) { rand.to_s }
|
2019-06-11 22:24:35 +00:00
|
|
|
let(:target) { { mock: { file_name => file_content } } }
|
2016-09-08 09:11:44 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "has files" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(subject.files).must_equal [file_name]
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "can read a file" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(subject.read(file_name)).must_equal file_content
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe Inspec::DirProvider do
|
|
|
|
let(:subject) { Inspec::DirProvider.new(target) }
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "applied to this file" do
|
2016-09-08 09:11:44 +00:00
|
|
|
let(:target) { __FILE__ }
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must only contain this file" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(subject.files).must_equal [__FILE__]
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must not read if the file doesnt exist" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(subject.read("file-does-not-exist")).must_be_nil
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must not read files not covered" do
|
2020-12-18 16:49:35 +00:00
|
|
|
not_covered = File.expand_path("../helper.rb", __dir__)
|
2019-09-30 22:31:55 +00:00
|
|
|
_(File.file?(not_covered)).must_equal true
|
|
|
|
_(subject.read(not_covered)).must_be_nil
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must read the contents of the file" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(subject.read(__FILE__)).must_equal File.read(__FILE__)
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "applied to this folder" do
|
2016-09-08 09:11:44 +00:00
|
|
|
let(:target) { File.dirname(__FILE__) }
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must contain all files" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(subject.files).must_include __FILE__
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must not read if the file doesnt exist" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(subject.read("file-not-in-folder")).must_be_nil
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must not read files not covered" do
|
2020-12-18 16:49:35 +00:00
|
|
|
not_covered = File.expand_path("../helper.rb", __dir__)
|
2019-09-30 22:31:55 +00:00
|
|
|
_(File.file?(not_covered)).must_equal true
|
|
|
|
_(subject.read(not_covered)).must_be_nil
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must read the contents of the file" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(subject.read(__FILE__)).must_equal File.read(__FILE__)
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe Inspec::ZipProvider do
|
|
|
|
let(:subject) { Inspec::ZipProvider.new(target) }
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "applied to a tar archive" do
|
|
|
|
let(:target) { MockLoader.profile_zip("complete-profile") }
|
2016-09-08 09:11:44 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must contain all files" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(subject.files.sort).must_equal %w{inspec.yml libraries libraries/testlib.rb
|
2018-10-15 22:25:27 +00:00
|
|
|
controls controls/host_spec.rb files files/a_sub_dir
|
2017-07-11 19:33:55 +00:00
|
|
|
files/a_sub_dir/sub_items.conf files/items.conf}.sort
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must not read if the file isnt included" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(subject.read("file-not-in-archive")).must_be_nil
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must read the contents of the file" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(subject.read("inspec.yml")).must_match(/^name: complete$/)
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
end
|
2017-07-24 16:37:13 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "applied to a zip with an empty filename" do
|
2017-07-24 16:37:13 +00:00
|
|
|
# Just a placeholder, it will be ignored anyway:
|
2019-06-11 22:24:35 +00:00
|
|
|
let(:cls) do
|
2017-07-24 16:37:13 +00:00
|
|
|
class MockZipProvider < Inspec::ZipProvider
|
|
|
|
Entry = Struct.new(:name)
|
|
|
|
class List < Array
|
|
|
|
alias :get_next_entry :pop
|
|
|
|
end
|
2019-06-11 22:24:35 +00:00
|
|
|
|
2017-07-24 16:37:13 +00:00
|
|
|
private
|
2019-06-11 22:24:35 +00:00
|
|
|
|
2017-07-24 16:37:13 +00:00
|
|
|
def walk_zip(path, &callback)
|
2019-06-11 22:24:35 +00:00
|
|
|
list = List.new([Entry.new(""), Entry.new("zipzip"), Entry.new("")])
|
|
|
|
yield(list)
|
2017-07-24 16:37:13 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
MockZipProvider
|
2019-06-11 22:24:35 +00:00
|
|
|
end
|
2017-07-24 16:37:13 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must contain all files" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(cls.new(rand.to_s).files).must_equal %w{zipzip}
|
2017-07-24 16:37:13 +00:00
|
|
|
end
|
|
|
|
end
|
2018-11-13 19:33:34 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "paths outside of the archive ignored" do
|
2018-11-13 19:33:34 +00:00
|
|
|
# This is to test for the zipslip vulnerability
|
2019-06-11 22:24:35 +00:00
|
|
|
let(:cls) do
|
2018-11-13 19:33:34 +00:00
|
|
|
class MockZipSlipZipProvider < Inspec::ZipProvider
|
|
|
|
Entry = Struct.new(:name)
|
|
|
|
class List < Array
|
|
|
|
alias :get_next_entry :pop
|
|
|
|
end
|
2019-06-11 22:24:35 +00:00
|
|
|
|
2018-11-13 19:33:34 +00:00
|
|
|
private
|
2019-06-11 22:24:35 +00:00
|
|
|
|
2018-11-13 19:33:34 +00:00
|
|
|
def walk_zip(path, &callback)
|
2019-06-11 22:24:35 +00:00
|
|
|
list = List.new([Entry.new("../../blah"), Entry.new("zipzip"), Entry.new("../../haha")])
|
|
|
|
yield(list)
|
2018-11-13 19:33:34 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
MockZipSlipZipProvider
|
2019-06-11 22:24:35 +00:00
|
|
|
end
|
2018-11-13 19:33:34 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must contain all files" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(cls.new(rand.to_s).files).must_equal %w{zipzip}
|
2018-11-13 19:33:34 +00:00
|
|
|
end
|
|
|
|
end
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
describe Inspec::ZipProvider do
|
|
|
|
let(:subject) { Inspec::ZipProvider.new(target) }
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "applied to a tar archive" do
|
|
|
|
let(:target) { MockLoader.profile_zip("complete-profile") }
|
2016-09-08 09:11:44 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must contain all files" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(subject.files.sort).must_equal %w{inspec.yml libraries libraries/testlib.rb
|
2018-10-15 22:25:27 +00:00
|
|
|
controls controls/host_spec.rb files files/a_sub_dir
|
2017-07-11 19:33:55 +00:00
|
|
|
files/a_sub_dir/sub_items.conf files/items.conf}.sort
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must not read if the file isnt included" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(subject.read("file-not-in-archive")).must_be_nil
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must read the contents of the file" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(subject.read("inspec.yml")).must_match(/^name: complete$/)
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe Inspec::TarProvider do
|
|
|
|
let(:subject) { Inspec::TarProvider.new(target) }
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "applied to a tar archive" do
|
|
|
|
let(:target) { MockLoader.profile_tgz("complete-profile") }
|
2016-09-08 09:11:44 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must contain all files" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(subject.files.sort).must_equal %w{inspec.yml libraries/testlib.rb
|
2018-10-15 22:25:27 +00:00
|
|
|
controls/host_spec.rb files/a_sub_dir/sub_items.conf
|
2017-10-10 09:36:57 +00:00
|
|
|
files/items.conf}.sort
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must not read if the file isnt included" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(subject.read("file-not-in-archive")).must_be_nil
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must read the contents of the file" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(subject.read("inspec.yml")).must_match(/^name: complete$/)
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
2019-10-18 21:26:24 +00:00
|
|
|
|
|
|
|
it "deals with empty files in tarballs correctly" do
|
|
|
|
path = "test/fixtures/contains-empty-file-0.1.0.tar.gz"
|
|
|
|
f = Inspec::FileProvider.for_path(path)
|
|
|
|
_(f.files.grep(/empty/)).wont_be_empty
|
|
|
|
end
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
2017-07-24 16:37:13 +00:00
|
|
|
|
2019-09-06 01:06:23 +00:00
|
|
|
Entry = Struct.new(:full_name) do
|
|
|
|
def file?; true; end
|
|
|
|
|
|
|
|
def read; ""; end
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "applied to a tar with an empty filename" do
|
2017-07-24 16:37:13 +00:00
|
|
|
# Just a placeholder, it will be ignored anyway:
|
2019-06-11 22:24:35 +00:00
|
|
|
let(:cls) do
|
2017-07-24 16:37:13 +00:00
|
|
|
class MockTarProvider < Inspec::TarProvider
|
|
|
|
def walk_tar(path, &callback)
|
2019-09-06 01:06:23 +00:00
|
|
|
paths = ["", "tartar", ""]
|
|
|
|
yield paths.map { |s| Entry.new s }
|
2017-07-24 16:37:13 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
MockTarProvider
|
2019-06-11 22:24:35 +00:00
|
|
|
end
|
2017-07-24 16:37:13 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must contain all files" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(cls.new(rand.to_s).files).must_equal %w{tartar}
|
2017-07-24 16:37:13 +00:00
|
|
|
end
|
|
|
|
end
|
2018-11-13 19:33:34 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "applied to a tar with paths above dir" do
|
|
|
|
let(:cls) do
|
2018-11-13 19:33:34 +00:00
|
|
|
class MockZipSlipTarProvider < Inspec::TarProvider
|
|
|
|
def walk_tar(path, &callback)
|
2019-09-06 01:06:23 +00:00
|
|
|
paths = ["", "tartar", ""]
|
|
|
|
yield paths.map { |s| Entry.new s }
|
2018-11-13 19:33:34 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
MockZipSlipTarProvider
|
2019-06-11 22:24:35 +00:00
|
|
|
end
|
2018-11-13 19:33:34 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "must not contain all files" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(cls.new(rand.to_s).files).must_equal %w{tartar}
|
2018-11-13 19:33:34 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
describe Inspec::RelativeFileProvider do
|
|
|
|
def fetcher
|
|
|
|
src_fetcher.expects(:files).returns(in_files).at_least_once
|
|
|
|
Inspec::RelativeFileProvider.new(src_fetcher)
|
|
|
|
end
|
|
|
|
|
2019-07-09 00:20:30 +00:00
|
|
|
let(:src_fetcher) { mock }
|
2016-09-08 09:11:44 +00:00
|
|
|
|
|
|
|
IN_AND_OUT = {
|
2019-06-11 22:24:35 +00:00
|
|
|
[] => [],
|
|
|
|
%w{file} => %w{file},
|
2016-09-08 09:11:44 +00:00
|
|
|
# don't prefix just by filename
|
2019-06-11 22:24:35 +00:00
|
|
|
%w{file file_a} => %w{file file_a},
|
|
|
|
%w{path/file path/file_a} => %w{file file_a},
|
|
|
|
%w{path/to/file} => %w{file},
|
|
|
|
%w{/path/to/file} => %w{file},
|
|
|
|
%w{alice bob} => %w{alice bob},
|
2016-09-08 09:11:44 +00:00
|
|
|
# mixed paths
|
2019-06-11 22:24:35 +00:00
|
|
|
%w{x/a y/b} => %w{x/a y/b},
|
|
|
|
%w{/x/a /y/b} => %w{x/a y/b},
|
|
|
|
%w{z/x/a z/y/b} => %w{x/a y/b},
|
|
|
|
%w{/z/x/a /z/y/b} => %w{x/a y/b},
|
2016-09-08 09:11:44 +00:00
|
|
|
# mixed with relative path
|
2019-06-11 22:24:35 +00:00
|
|
|
%w{a path/to/b} => %w{a path/to/b},
|
|
|
|
%w{path/to/b a} => %w{path/to/b a},
|
|
|
|
%w{path/to/b path/a} => %w{to/b a},
|
|
|
|
%w{path/to/b path/a c} => %w{path/to/b path/a c},
|
2016-09-08 09:11:44 +00:00
|
|
|
# When the first element is the directory
|
2019-06-11 22:24:35 +00:00
|
|
|
%w{path/ path/to/b path/a} => %w{to/b a},
|
|
|
|
%w{path path/to/b path/a} => %w{to/b a},
|
2016-09-08 09:11:44 +00:00
|
|
|
# mixed with absolute paths
|
2019-06-11 22:24:35 +00:00
|
|
|
%w{/path/to/b /a} => %w{path/to/b a},
|
|
|
|
%w{/path/to/b /path/a} => %w{to/b a},
|
|
|
|
%w{/path/to/b /path/a /c} => %w{path/to/b path/a c},
|
2016-09-08 09:11:44 +00:00
|
|
|
# mixing absolute and relative paths
|
2019-06-11 22:24:35 +00:00
|
|
|
%w{path/a /path/b} => %w{path/a /path/b},
|
|
|
|
%w{/path/a path/b} => %w{/path/a path/b},
|
2016-09-08 09:11:44 +00:00
|
|
|
# extract folder structure buildup
|
2019-06-11 22:24:35 +00:00
|
|
|
%w{/a /a/b /a/b/c} => %w{c},
|
|
|
|
%w{/a /a/b /a/b/c/d/e} => %w{e},
|
2016-09-08 09:11:44 +00:00
|
|
|
# extract folder structure buildup (relative)
|
2019-06-11 22:24:35 +00:00
|
|
|
%w{a a/b a/b/c} => %w{c},
|
|
|
|
%w{a a/b a/b/c/d/e} => %w{e},
|
2016-09-08 09:11:44 +00:00
|
|
|
# extract folder structure buildup (relative)
|
2019-06-11 22:24:35 +00:00
|
|
|
%w{a/ a/b/ a/b/c} => %w{c},
|
|
|
|
%w{a/ a/b/ a/b/c/d/e} => %w{e},
|
2016-09-08 09:11:44 +00:00
|
|
|
# ignore pax_global_header, which are commonly seen in github tars and are not
|
|
|
|
# ignored by all tar streaming tools, its not extracted by GNU tar since 1.14
|
2019-06-11 22:24:35 +00:00
|
|
|
%w{/pax_global_header /a/b} => %w{b},
|
|
|
|
%w{pax_global_header a/b} => %w{b},
|
2016-09-08 09:11:44 +00:00
|
|
|
}.each do |ins, outs|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "empty profile" do
|
2016-09-08 09:11:44 +00:00
|
|
|
let(:in_files) { ins }
|
|
|
|
|
|
|
|
it "turns #{ins} into #{outs}" do
|
2019-09-30 22:31:55 +00:00
|
|
|
_(fetcher.files).must_equal outs
|
2016-09-08 09:11:44 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|