2015-07-14 22:50:34 +00:00
|
|
|
# encoding: utf-8
|
|
|
|
# copyright: 2015, Vulcano Security GmbH
|
2015-10-06 16:55:44 +00:00
|
|
|
# author: Dominik Richter
|
|
|
|
# author: Christoph Hartmann
|
2015-07-14 22:50:34 +00:00
|
|
|
# license: All rights reserved
|
|
|
|
|
2015-06-21 09:06:39 +00:00
|
|
|
RSpec::Matchers.define :be_readable do
|
|
|
|
match do |file|
|
|
|
|
file.readable?(@by_type, @by_user)
|
|
|
|
end
|
|
|
|
|
|
|
|
chain :by do |by_type|
|
|
|
|
@by_type = by_type
|
|
|
|
end
|
|
|
|
|
|
|
|
chain :by_user do |by_user|
|
|
|
|
@by_user = by_user
|
|
|
|
end
|
|
|
|
|
|
|
|
description do
|
2015-09-03 18:35:23 +00:00
|
|
|
res = 'be readable'
|
2015-06-21 09:06:39 +00:00
|
|
|
res += " by #{@by_type}" unless @by_type.nil?
|
|
|
|
res += " by user #{@by_user}" unless @by_user.nil?
|
|
|
|
res
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
RSpec::Matchers.define :be_writable do
|
|
|
|
match do |file|
|
|
|
|
file.writable?(@by_type, @by_user)
|
|
|
|
end
|
|
|
|
|
|
|
|
chain :by do |by_type|
|
|
|
|
@by_type = by_type
|
|
|
|
end
|
|
|
|
|
|
|
|
chain :by_user do |by_user|
|
|
|
|
@by_user = by_user
|
|
|
|
end
|
|
|
|
|
|
|
|
description do
|
2015-09-03 18:35:23 +00:00
|
|
|
res = 'be writable'
|
2015-06-21 09:06:39 +00:00
|
|
|
res += " by #{@by_type}" unless @by_type.nil?
|
|
|
|
res += " by user #{@by_user}" unless @by_user.nil?
|
|
|
|
res
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
RSpec::Matchers.define :be_executable do
|
|
|
|
match do |file|
|
|
|
|
file.executable?(@by_type, @by_user)
|
|
|
|
end
|
|
|
|
|
|
|
|
chain :by do |by_type|
|
|
|
|
@by_type = by_type
|
|
|
|
end
|
|
|
|
|
|
|
|
chain :by_user do |by_user|
|
|
|
|
@by_user = by_user
|
|
|
|
end
|
|
|
|
|
|
|
|
description do
|
2015-09-03 18:35:23 +00:00
|
|
|
res = 'be executable'
|
2015-06-21 09:06:39 +00:00
|
|
|
res += " by #{@by_type}" unless @by_type.nil?
|
|
|
|
res += " by user #{@by_user}" unless @by_user.nil?
|
|
|
|
res
|
|
|
|
end
|
|
|
|
end
|
2015-07-14 22:50:34 +00:00
|
|
|
|
|
|
|
# matcher to check /etc/passwd, /etc/shadow and /etc/group
|
|
|
|
RSpec::Matchers.define :contain_legacy_plus do
|
|
|
|
match do |file|
|
|
|
|
file.content.match(/^\+:/)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
# verifies that no entry in an array contains a value
|
|
|
|
RSpec::Matchers.define :contain_match do |regex|
|
|
|
|
match do |arr|
|
2015-09-04 07:59:30 +00:00
|
|
|
arr.inject { |result, i|
|
2015-09-25 12:40:52 +00:00
|
|
|
result = i.match(regex)
|
2015-07-14 22:50:34 +00:00
|
|
|
result || i.match(/$/)
|
2015-09-04 07:59:30 +00:00
|
|
|
}
|
2015-07-14 22:50:34 +00:00
|
|
|
end
|
|
|
|
end
|
2015-07-15 13:16:28 +00:00
|
|
|
|
|
|
|
RSpec::Matchers.define :contain_duplicates do
|
|
|
|
match do |arr|
|
2015-09-04 07:59:30 +00:00
|
|
|
dup = arr.select { |element| arr.count(element) > 1 }
|
2015-07-15 13:16:28 +00:00
|
|
|
!dup.uniq.empty?
|
|
|
|
end
|
|
|
|
end
|
2015-09-08 22:10:54 +00:00
|
|
|
|
|
|
|
# for packages
|
|
|
|
RSpec::Matchers.define :be_installed do
|
|
|
|
match do |package|
|
|
|
|
package.installed? == true
|
|
|
|
end
|
|
|
|
|
|
|
|
failure_message do |package|
|
|
|
|
"expected that `#{package}` is installed"
|
|
|
|
end
|
|
|
|
|
|
|
|
chain :by do
|
|
|
|
fail "[UNSUPPORTED] Please use the new resources 'gem', 'npm' or 'pip'."
|
|
|
|
end
|
|
|
|
|
|
|
|
chain :with_version do |version|
|
|
|
|
warn "[DEPRECATION] `with_version` is deprecated. Please use `its(:version) { should eq '1.4.1' }` instead."
|
|
|
|
@version = version
|
|
|
|
end
|
|
|
|
end
|
2015-09-14 13:01:33 +00:00
|
|
|
|
|
|
|
# for services
|
|
|
|
RSpec::Matchers.define :be_enabled do
|
|
|
|
match do |service|
|
|
|
|
service.enabled? == true
|
|
|
|
end
|
|
|
|
|
|
|
|
chain :with_level do |_level|
|
|
|
|
fail '[UNSUPPORTED] with level is not supported'
|
|
|
|
end
|
|
|
|
|
|
|
|
failure_message do |service|
|
|
|
|
"expected that `#{service}` is enabled"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-10-03 11:32:19 +00:00
|
|
|
# service resource matcher for serverspec compatibility
|
|
|
|
# Deprecated: You should not use this matcher anymore
|
2015-09-14 13:01:33 +00:00
|
|
|
RSpec::Matchers.define :be_running do
|
|
|
|
match do |service|
|
|
|
|
service.running? == true
|
|
|
|
end
|
|
|
|
|
|
|
|
chain :under do |_under|
|
|
|
|
fail '[UNSUPPORTED] under is not supported'
|
|
|
|
end
|
|
|
|
|
|
|
|
failure_message do |service|
|
|
|
|
"expected that `#{service}` is running"
|
|
|
|
end
|
|
|
|
end
|
2015-10-03 11:32:19 +00:00
|
|
|
|
|
|
|
# user resource matcher for serverspec compatibility
|
|
|
|
# Deprecated: You should not use this matcher anymore
|
|
|
|
RSpec::Matchers.define :belong_to_group do |compare_group|
|
|
|
|
match do |user|
|
|
|
|
warn "[DEPRECATION] `belong_to_group` is deprecated. Please use `its(:groups) { should include('root') }` instead."
|
|
|
|
user.groups.include?(compare_group)
|
|
|
|
end
|
|
|
|
|
|
|
|
failure_message do |group|
|
|
|
|
"expected that the user belongs to group `#{group}`"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
# user resource matcher for serverspec compatibility
|
|
|
|
# Deprecated: You should not use this matcher anymore
|
|
|
|
RSpec::Matchers.define :belong_to_primary_group do |compare_group|
|
|
|
|
match do |user|
|
|
|
|
warn "[DEPRECATION] `belong_to_primary_group` is deprecated. Please use `its(:group) { should eq 'root' }` instead."
|
|
|
|
user.group == compare_group
|
|
|
|
end
|
|
|
|
|
|
|
|
failure_message do |group|
|
|
|
|
"expected that the user belongs to primary group `#{group}`"
|
|
|
|
end
|
|
|
|
end
|
2015-10-09 17:10:10 +00:00
|
|
|
|
|
|
|
# matcher to check if host is reachable
|
|
|
|
RSpec::Matchers.define :be_reachable do
|
|
|
|
match do |host|
|
|
|
|
host.reachable? == true
|
|
|
|
end
|
|
|
|
|
|
|
|
chain :with do |_attr|
|
|
|
|
fail '[UNSUPPORTED] `with` is not supported in combination with `be_reachable`'
|
|
|
|
end
|
|
|
|
|
|
|
|
failure_message do |host|
|
|
|
|
"expected that host #{host} is reachable"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
# matcher to check if host is resolvable
|
|
|
|
RSpec::Matchers.define :be_resolvable do
|
|
|
|
match do |host|
|
|
|
|
host.resolvable? == true
|
|
|
|
end
|
|
|
|
|
|
|
|
chain :by do |_type|
|
|
|
|
fail '[UNSUPPORTED] `by` is not supported in combination with `be_resolvable`'
|
|
|
|
end
|
|
|
|
|
|
|
|
failure_message do |host|
|
|
|
|
"expected that host #{host} is resolvable"
|
|
|
|
end
|
|
|
|
end
|