inspec/test/unit/file_provider_test.rb

287 lines
8.4 KiB
Ruby
Raw Normal View History

# author: Dominik Richter
# author: Christoph Hartmann
require 'helper'
describe Inspec::MockProvider do
let(:subject) { Inspec::MockProvider.new(target) }
describe 'without data' do
let(:target) {{ mock: {}}}
it 'has no files on empty' do
subject.files.must_equal []
end
end
describe 'with_data' do
let(:file_name) { rand.to_s }
let(:file_content) { rand.to_s }
let(:target) {{ mock: { file_name => file_content } }}
it 'has files' do
subject.files.must_equal [file_name]
end
it 'can read a file' do
subject.read(file_name).must_equal file_content
end
end
end
describe Inspec::DirProvider do
let(:subject) { Inspec::DirProvider.new(target) }
describe 'applied to this file' do
let(:target) { __FILE__ }
it 'must only contain this file' do
subject.files.must_equal [__FILE__]
end
it 'must not read if the file doesnt exist' do
subject.read('file-does-not-exist').must_be_nil
end
it 'must not read files not covered' do
not_covered = File.expand_path('../../helper.rb', __FILE__)
File.file?(not_covered).must_equal true
subject.read(not_covered).must_be_nil
end
it 'must read the contents of the file' do
subject.read(__FILE__).must_equal File.read(__FILE__)
end
end
describe 'applied to this folder' do
let(:target) { File.dirname(__FILE__) }
it 'must contain all files' do
subject.files.must_include __FILE__
end
it 'must not read if the file doesnt exist' do
subject.read('file-not-in-folder').must_be_nil
end
it 'must not read files not covered' do
not_covered = File.expand_path('../../helper.rb', __FILE__)
File.file?(not_covered).must_equal true
subject.read(not_covered).must_be_nil
end
it 'must read the contents of the file' do
subject.read(__FILE__).must_equal File.read(__FILE__)
end
end
end
describe Inspec::ZipProvider do
let(:subject) { Inspec::ZipProvider.new(target) }
describe 'applied to a tar archive' do
let(:target) { MockLoader.profile_zip('complete-profile') }
it 'must contain all files' do
subject.files.sort.must_equal %w{inspec.yml libraries libraries/testlib.rb
Inspec 3.0 (#3512) * Remove deprecated yumrepo. (#3435) * Remove deprecations for cli `--format` and metadata.rb (#3452) * Remove deprecated database_helpers stderr/stdout methods. Update deprecation text for processes/apache. * Remove deprecations for `--format` and metadata.rb Remove deprecated `format` code. Remove deprecated code test and change json-config format test to use reporter. Remove deprecated metadata.rb code Remove deprecation notice for old supports syntax. Deprecate metadata.rb from source_reader Remove rubocop disables as they are no longer required for this code block. Remove deprecated legacy metadata.rb mock profiles. Remove deprecated metadata.rb profile tests. Remove deprecated yumrepo test. * Allow inspec-3.0 branch to be tested. * Allow appveyor to test inspec-3.0 branch * Change runner tests to use reporter rather than format. Remove deprecated `supports: linux` tests. * Remove skip from inherited profiles from showing up in reporting (breaking change) (#3332) * Skip loading dependency profiles if they are unsupported on the current platform. Skip loading dependencies if they are unsupported on the current platform. Wrap our log and next in a conditional checking if the platform is supported. Change a `if !` into a `unless` Check if the backend is a Train Mock Connection and if so say that the profile does support the platform. While iterating through tests being loaded skip when the platform is unsupported. We now log a WARN when a profile is skipped due to unsupported platform, so lets check that. Modified existing test to log that there are 0 skipped tests, instead of 2. Add functional test that loads profile-support-skip with a json reporter to check that our controls are not loaded and that stderr contains our warning. * Rather than iterating through each test return before recursion if the platform is unsupported. * Resolve tests using a supported platform different from testing platform Add a control to `test/unit/mock/profiles/complete-profile` that would work on any OS with a Internet connection. This allows the profile to execute on any OS with success. `filesystem_spec.rb` was a control that would only work on Linux and some BSD's. We want profile tests to consistently work across development and testing platforms, and not get 'skipped' in some cases. Travis-CI tests on Linux, Inspec Dev team uses Linux and MacOS, Appveyor tests on Windows Also Updated `file_provider_test.rb` for `complete-profile` content changes. If you `MockLoader.load_profile` on a unsupported platform you might not hit the usual skip. Lets handle situations where the tests array in Profile#load_checks_params could be nil. * Use safe navigation rather than checking if tests is nil. Update tests to point to unsupported_inspec and account for WARN changes. Make unsupported_inspec profile support os-family 'unsupported_inspec' * Fix skip bug when using include/require controls. (#3487) * Fix skip bug when using include/require controls. * fix test and feedback. * Remove need for UUID detection for Automate report (#3507) * Add json metadata for skipped profiles (#3495) * Add skip metadata to json reports * Unify skip messages. * Update with status field. * Add testing. * Fix tests. * lint * Add skip exit codes for profile skips. * Update website for 3.0 launch Add `plugins` to sidebar. Change 2.0 -> 3.0 in slim files. Update 3.0 features list. * Fix comments * Update float to numeric. * Change Float to numeric. * updated feature list and impact doc * Change "What's new in InSpec 3.0" -> "Announcing InSpec 3.0" * Bump VERSION to 3.0.0 (#3511) * Remove 3.0 testing checks. * Fix azure link.
2018-10-15 22:25:27 +00:00
controls controls/host_spec.rb files files/a_sub_dir
files/a_sub_dir/sub_items.conf files/items.conf}.sort
end
it 'must not read if the file isnt included' do
subject.read('file-not-in-archive').must_be_nil
end
it 'must read the contents of the file' do
subject.read('inspec.yml').must_match(/^name: complete$/)
end
end
describe 'applied to a zip with an empty filename' do
# Just a placeholder, it will be ignored anyway:
let(:cls) {
class MockZipProvider < Inspec::ZipProvider
Entry = Struct.new(:name)
class List < Array
alias :get_next_entry :pop
end
private
def walk_zip(path, &callback)
list = List.new([Entry.new(''), Entry.new('zipzip'), Entry.new('')])
callback.call(list)
end
end
MockZipProvider
}
it 'must contain all files' do
cls.new(rand.to_s).files.must_equal %w{zipzip}
end
end
describe 'paths outside of the archive ignored' do
# This is to test for the zipslip vulnerability
let(:cls) {
class MockZipSlipZipProvider < Inspec::ZipProvider
Entry = Struct.new(:name)
class List < Array
alias :get_next_entry :pop
end
private
def walk_zip(path, &callback)
list = List.new([Entry.new('../../blah'), Entry.new('zipzip'), Entry.new('../../haha')])
callback.call(list)
end
end
MockZipSlipZipProvider
}
it 'must contain all files' do
cls.new(rand.to_s).files.must_equal %w{zipzip}
end
end
end
describe Inspec::ZipProvider do
let(:subject) { Inspec::ZipProvider.new(target) }
describe 'applied to a tar archive' do
let(:target) { MockLoader.profile_zip('complete-profile') }
it 'must contain all files' do
subject.files.sort.must_equal %w{inspec.yml libraries libraries/testlib.rb
Inspec 3.0 (#3512) * Remove deprecated yumrepo. (#3435) * Remove deprecations for cli `--format` and metadata.rb (#3452) * Remove deprecated database_helpers stderr/stdout methods. Update deprecation text for processes/apache. * Remove deprecations for `--format` and metadata.rb Remove deprecated `format` code. Remove deprecated code test and change json-config format test to use reporter. Remove deprecated metadata.rb code Remove deprecation notice for old supports syntax. Deprecate metadata.rb from source_reader Remove rubocop disables as they are no longer required for this code block. Remove deprecated legacy metadata.rb mock profiles. Remove deprecated metadata.rb profile tests. Remove deprecated yumrepo test. * Allow inspec-3.0 branch to be tested. * Allow appveyor to test inspec-3.0 branch * Change runner tests to use reporter rather than format. Remove deprecated `supports: linux` tests. * Remove skip from inherited profiles from showing up in reporting (breaking change) (#3332) * Skip loading dependency profiles if they are unsupported on the current platform. Skip loading dependencies if they are unsupported on the current platform. Wrap our log and next in a conditional checking if the platform is supported. Change a `if !` into a `unless` Check if the backend is a Train Mock Connection and if so say that the profile does support the platform. While iterating through tests being loaded skip when the platform is unsupported. We now log a WARN when a profile is skipped due to unsupported platform, so lets check that. Modified existing test to log that there are 0 skipped tests, instead of 2. Add functional test that loads profile-support-skip with a json reporter to check that our controls are not loaded and that stderr contains our warning. * Rather than iterating through each test return before recursion if the platform is unsupported. * Resolve tests using a supported platform different from testing platform Add a control to `test/unit/mock/profiles/complete-profile` that would work on any OS with a Internet connection. This allows the profile to execute on any OS with success. `filesystem_spec.rb` was a control that would only work on Linux and some BSD's. We want profile tests to consistently work across development and testing platforms, and not get 'skipped' in some cases. Travis-CI tests on Linux, Inspec Dev team uses Linux and MacOS, Appveyor tests on Windows Also Updated `file_provider_test.rb` for `complete-profile` content changes. If you `MockLoader.load_profile` on a unsupported platform you might not hit the usual skip. Lets handle situations where the tests array in Profile#load_checks_params could be nil. * Use safe navigation rather than checking if tests is nil. Update tests to point to unsupported_inspec and account for WARN changes. Make unsupported_inspec profile support os-family 'unsupported_inspec' * Fix skip bug when using include/require controls. (#3487) * Fix skip bug when using include/require controls. * fix test and feedback. * Remove need for UUID detection for Automate report (#3507) * Add json metadata for skipped profiles (#3495) * Add skip metadata to json reports * Unify skip messages. * Update with status field. * Add testing. * Fix tests. * lint * Add skip exit codes for profile skips. * Update website for 3.0 launch Add `plugins` to sidebar. Change 2.0 -> 3.0 in slim files. Update 3.0 features list. * Fix comments * Update float to numeric. * Change Float to numeric. * updated feature list and impact doc * Change "What's new in InSpec 3.0" -> "Announcing InSpec 3.0" * Bump VERSION to 3.0.0 (#3511) * Remove 3.0 testing checks. * Fix azure link.
2018-10-15 22:25:27 +00:00
controls controls/host_spec.rb files files/a_sub_dir
files/a_sub_dir/sub_items.conf files/items.conf}.sort
end
it 'must not read if the file isnt included' do
subject.read('file-not-in-archive').must_be_nil
end
it 'must read the contents of the file' do
subject.read('inspec.yml').must_match(/^name: complete$/)
end
end
end
describe Inspec::TarProvider do
let(:subject) { Inspec::TarProvider.new(target) }
describe 'applied to a tar archive' do
let(:target) { MockLoader.profile_tgz('complete-profile') }
it 'must contain all files' do
subject.files.sort.must_equal %w{inspec.yml libraries/testlib.rb
Inspec 3.0 (#3512) * Remove deprecated yumrepo. (#3435) * Remove deprecations for cli `--format` and metadata.rb (#3452) * Remove deprecated database_helpers stderr/stdout methods. Update deprecation text for processes/apache. * Remove deprecations for `--format` and metadata.rb Remove deprecated `format` code. Remove deprecated code test and change json-config format test to use reporter. Remove deprecated metadata.rb code Remove deprecation notice for old supports syntax. Deprecate metadata.rb from source_reader Remove rubocop disables as they are no longer required for this code block. Remove deprecated legacy metadata.rb mock profiles. Remove deprecated metadata.rb profile tests. Remove deprecated yumrepo test. * Allow inspec-3.0 branch to be tested. * Allow appveyor to test inspec-3.0 branch * Change runner tests to use reporter rather than format. Remove deprecated `supports: linux` tests. * Remove skip from inherited profiles from showing up in reporting (breaking change) (#3332) * Skip loading dependency profiles if they are unsupported on the current platform. Skip loading dependencies if they are unsupported on the current platform. Wrap our log and next in a conditional checking if the platform is supported. Change a `if !` into a `unless` Check if the backend is a Train Mock Connection and if so say that the profile does support the platform. While iterating through tests being loaded skip when the platform is unsupported. We now log a WARN when a profile is skipped due to unsupported platform, so lets check that. Modified existing test to log that there are 0 skipped tests, instead of 2. Add functional test that loads profile-support-skip with a json reporter to check that our controls are not loaded and that stderr contains our warning. * Rather than iterating through each test return before recursion if the platform is unsupported. * Resolve tests using a supported platform different from testing platform Add a control to `test/unit/mock/profiles/complete-profile` that would work on any OS with a Internet connection. This allows the profile to execute on any OS with success. `filesystem_spec.rb` was a control that would only work on Linux and some BSD's. We want profile tests to consistently work across development and testing platforms, and not get 'skipped' in some cases. Travis-CI tests on Linux, Inspec Dev team uses Linux and MacOS, Appveyor tests on Windows Also Updated `file_provider_test.rb` for `complete-profile` content changes. If you `MockLoader.load_profile` on a unsupported platform you might not hit the usual skip. Lets handle situations where the tests array in Profile#load_checks_params could be nil. * Use safe navigation rather than checking if tests is nil. Update tests to point to unsupported_inspec and account for WARN changes. Make unsupported_inspec profile support os-family 'unsupported_inspec' * Fix skip bug when using include/require controls. (#3487) * Fix skip bug when using include/require controls. * fix test and feedback. * Remove need for UUID detection for Automate report (#3507) * Add json metadata for skipped profiles (#3495) * Add skip metadata to json reports * Unify skip messages. * Update with status field. * Add testing. * Fix tests. * lint * Add skip exit codes for profile skips. * Update website for 3.0 launch Add `plugins` to sidebar. Change 2.0 -> 3.0 in slim files. Update 3.0 features list. * Fix comments * Update float to numeric. * Change Float to numeric. * updated feature list and impact doc * Change "What's new in InSpec 3.0" -> "Announcing InSpec 3.0" * Bump VERSION to 3.0.0 (#3511) * Remove 3.0 testing checks. * Fix azure link.
2018-10-15 22:25:27 +00:00
controls/host_spec.rb files/a_sub_dir/sub_items.conf
files/items.conf}.sort
end
it 'must not read if the file isnt included' do
subject.read('file-not-in-archive').must_be_nil
end
it 'must read the contents of the file' do
subject.read('inspec.yml').must_match(/^name: complete$/)
end
end
describe 'applied to a tar with an empty filename' do
# Just a placeholder, it will be ignored anyway:
let(:cls) {
class MockTarProvider < Inspec::TarProvider
Entry = Struct.new(:full_name, :file?)
private
def walk_tar(path, &callback)
callback.call([Entry.new('', true), Entry.new('tartar', true), Entry.new('', true)])
end
end
MockTarProvider
}
it 'must contain all files' do
cls.new(rand.to_s).files.must_equal %w{tartar}
end
end
describe 'applied to a tar with paths above dir' do
let(:cls) {
class MockZipSlipTarProvider < Inspec::TarProvider
Entry = Struct.new(:full_name, :file?)
private
def walk_tar(path, &callback)
callback.call([Entry.new('../haha', true), Entry.new('tartar', true), Entry.new('../../blah', true)])
end
end
MockZipSlipTarProvider
}
it 'must not contain all files' do
cls.new(rand.to_s).files.must_equal %w{tartar}
end
end
end
describe Inspec::RelativeFileProvider do
def fetcher
src_fetcher.expects(:files).returns(in_files).at_least_once
Inspec::RelativeFileProvider.new(src_fetcher)
end
let(:src_fetcher) { mock() }
IN_AND_OUT = {
[] => [],
%w{file} => %w{file},
# don't prefix just by filename
%w{file file_a} => %w{file file_a},
%w{path/file path/file_a} => %w{file file_a},
%w{path/to/file} => %w{file},
%w{/path/to/file} => %w{file},
%w{alice bob} => %w{alice bob},
# mixed paths
%w{x/a y/b} => %w{x/a y/b},
%w{/x/a /y/b} => %w{x/a y/b},
%w{z/x/a z/y/b} => %w{x/a y/b},
%w{/z/x/a /z/y/b} => %w{x/a y/b},
# mixed with relative path
%w{a path/to/b} => %w{a path/to/b},
%w{path/to/b a} => %w{path/to/b a},
%w{path/to/b path/a} => %w{to/b a},
%w{path/to/b path/a c} => %w{path/to/b path/a c},
# When the first element is the directory
%w{path/ path/to/b path/a} => %w{to/b a},
%w{path path/to/b path/a} => %w{to/b a},
# mixed with absolute paths
%w{/path/to/b /a} => %w{path/to/b a},
%w{/path/to/b /path/a} => %w{to/b a},
%w{/path/to/b /path/a /c} => %w{path/to/b path/a c},
# mixing absolute and relative paths
%w{path/a /path/b} => %w{path/a /path/b},
%w{/path/a path/b} => %w{/path/a path/b},
# extract folder structure buildup
%w{/a /a/b /a/b/c} => %w{c},
%w{/a /a/b /a/b/c/d/e} => %w{e},
# extract folder structure buildup (relative)
%w{a a/b a/b/c} => %w{c},
%w{a a/b a/b/c/d/e} => %w{e},
# extract folder structure buildup (relative)
%w{a/ a/b/ a/b/c} => %w{c},
%w{a/ a/b/ a/b/c/d/e} => %w{e},
# ignore pax_global_header, which are commonly seen in github tars and are not
# ignored by all tar streaming tools, its not extracted by GNU tar since 1.14
%w{/pax_global_header /a/b} => %w{b},
%w{pax_global_header a/b} => %w{b},
}.each do |ins, outs|
describe 'empty profile' do
let(:in_files) { ins }
it "turns #{ins} into #{outs}" do
fetcher.files.must_equal outs
end
end
end
end