2019-06-11 22:24:35 +00:00
|
|
|
require "helper"
|
|
|
|
require "inspec/resource"
|
|
|
|
require "inspec/resources/shadow"
|
2016-02-19 11:48:43 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "Inspec::Resources::Shadow" do
|
|
|
|
let(:shadow) { load_resource("shadow") }
|
2016-02-19 11:48:43 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "content should be mapped correctly" do
|
2018-03-07 14:31:30 +00:00
|
|
|
_(shadow.content).must_equal "root:x:1:2:3\nwww-data:!!:10:20:30:40:50:60"
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "retrieve users via field" do
|
2019-01-12 22:06:37 +00:00
|
|
|
_(shadow.users).must_equal %w{root www-data}
|
2018-03-07 14:31:30 +00:00
|
|
|
_(shadow.count).must_equal 2
|
2016-02-19 11:48:43 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "retrieve passwords via field" do
|
2019-01-12 22:06:37 +00:00
|
|
|
_(shadow.passwords).must_equal %w{x !!}
|
2016-02-19 11:48:43 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "retrieve last password change via field" do
|
2019-01-12 22:06:37 +00:00
|
|
|
_(shadow.last_changes).must_equal %w{1 10}
|
2016-02-19 11:48:43 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "retrieve min password days via field" do
|
2016-02-19 11:48:43 +00:00
|
|
|
_(shadow.min_days).must_equal %w{2 20}
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "retrieve max password days via field" do
|
2016-02-19 11:48:43 +00:00
|
|
|
_(shadow.max_days).must_equal %w{3 30}
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "retrieve warning days for password expiry via field" do
|
2016-02-19 11:48:43 +00:00
|
|
|
_(shadow.warn_days).must_equal [nil, "40"]
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "retrieve days before account is inactive via field" do
|
2016-02-19 11:48:43 +00:00
|
|
|
_(shadow.inactive_days).must_equal [nil, "50"]
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "retrieve dates when account will expire via field" do
|
2019-01-12 22:06:37 +00:00
|
|
|
_(shadow.expiry_dates).must_equal [nil, "60"]
|
2016-02-19 11:48:43 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "access all lines of the file" do
|
2019-04-16 21:28:39 +00:00
|
|
|
expect_deprecation(:properties_shadow) do
|
2019-06-11 22:24:35 +00:00
|
|
|
shadow.lines[0].must_equal "root:x:1:2:3::::"
|
2019-02-21 17:24:19 +00:00
|
|
|
end
|
2016-02-19 11:48:43 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "access all params of the file" do
|
2018-04-12 19:37:22 +00:00
|
|
|
_(shadow.entries[0].to_h).must_equal({
|
2019-06-11 22:24:35 +00:00
|
|
|
user: "root", password: "x", last_change: "1",
|
|
|
|
min_days: "2", max_days: "3", warn_days: nil,
|
|
|
|
inactive_days: nil, expiry_date: nil, reserved: nil
|
2016-02-19 11:48:43 +00:00
|
|
|
})
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "returns deprecation notice on user property" do
|
2019-04-16 21:28:39 +00:00
|
|
|
expect_deprecation(:properties_shadow) do
|
2019-02-21 17:24:19 +00:00
|
|
|
shadow.user.must_equal %w{root www-data}
|
|
|
|
end
|
2018-03-07 14:31:30 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "returns deprecatation notice on password property" do
|
2019-04-16 21:28:39 +00:00
|
|
|
expect_deprecation(:properties_shadow) do
|
2019-02-21 17:24:19 +00:00
|
|
|
shadow.password.must_equal %w{x !!}
|
|
|
|
end
|
2018-03-07 14:31:30 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "returns deprecation notice on last_change property" do
|
2019-04-16 21:28:39 +00:00
|
|
|
expect_deprecation(:properties_shadow) do
|
2019-02-21 17:24:19 +00:00
|
|
|
shadow.last_change.must_equal %w{1 10}
|
|
|
|
end
|
2018-03-07 14:31:30 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "returns deprecation notice on expiry_date property" do
|
2019-04-16 21:28:39 +00:00
|
|
|
expect_deprecation(:properties_shadow) do
|
2019-02-21 17:24:19 +00:00
|
|
|
shadow.expiry_date.must_equal [nil, "60"]
|
|
|
|
end
|
2018-03-07 14:31:30 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "multiple filters" do
|
|
|
|
it "filters with min_days and max_days" do
|
|
|
|
_(shadow.filter(min_days: 20, max_days: 30).users).must_equal ["www-data"]
|
|
|
|
_(shadow.filter(last_change: 1, min_days: 2).users).must_equal ["root"]
|
2018-03-08 22:26:08 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "when method chained" do
|
|
|
|
let(:unreadable_shadow) { load_resource("shadow", "/fakepath/fakefile") }
|
2018-04-12 19:37:22 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "can read /etc/shadow and #filter matches user with no password and inactive_days" do
|
|
|
|
users = shadow.filter(password: /[^x]/).entries.map { |x| x["user"] }
|
2019-02-21 17:24:19 +00:00
|
|
|
|
2018-06-14 17:42:00 +00:00
|
|
|
users.each do |expected_user|
|
2019-04-16 21:28:39 +00:00
|
|
|
expect_deprecation(:properties_shadow) do
|
2019-06-11 22:24:35 +00:00
|
|
|
shadow.user(expected_user).users.must_equal(["www-data"])
|
2019-02-21 17:24:19 +00:00
|
|
|
end
|
2019-04-16 21:28:39 +00:00
|
|
|
expect_deprecation(:properties_shadow) do
|
2019-06-11 22:24:35 +00:00
|
|
|
shadow.user(expected_user).inactive_days.must_equal(["50"])
|
2019-02-21 17:24:19 +00:00
|
|
|
end
|
2018-04-12 19:37:22 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "cant read /etc/unreadable_shadow and #filter matches nothing" do
|
|
|
|
users = unreadable_shadow.filter(password: /[^x]/).entries.map { |x| x["user"] }
|
2018-04-12 19:37:22 +00:00
|
|
|
users.each do |user|
|
|
|
|
expect(shadow.users(user).user).must_equal([])
|
|
|
|
expect(shadow.users(user).inactive_days).must_equal([])
|
|
|
|
end
|
|
|
|
end
|
2018-04-26 12:53:42 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "returns the unreadable_shadow path" do
|
|
|
|
expect(unreadable_shadow.to_s).must_equal "/fakepath/fakefile"
|
2018-04-26 12:53:42 +00:00
|
|
|
end
|
2018-04-12 19:37:22 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "filter via name =~ /^www/" do
|
2018-06-14 17:42:00 +00:00
|
|
|
let(:child) { shadow.users(/^www/) }
|
2016-02-19 11:48:43 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "filters by user via name (regex)" do
|
|
|
|
_(child.users).must_equal ["www-data"]
|
2016-02-19 11:48:43 +00:00
|
|
|
_(child.count).must_equal 1
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "prints a nice to_s string" do
|
|
|
|
_(child.to_s).must_equal "/etc/shadow with user == /^www/"
|
2018-03-07 14:31:30 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "filter via name = root" do
|
|
|
|
let(:child) { shadow.users("root") }
|
2018-03-07 14:31:30 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "filters by user name" do
|
2018-06-14 17:42:00 +00:00
|
|
|
_(child.users).must_equal %w{root}
|
2018-03-07 14:31:30 +00:00
|
|
|
_(child.count).must_equal 1
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "filter via min_days" do
|
|
|
|
let(:child) { shadow.min_days("20") }
|
2018-03-07 14:31:30 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "filters by property" do
|
2018-06-14 17:42:00 +00:00
|
|
|
_(child.users).must_equal %w{www-data}
|
2018-03-07 14:31:30 +00:00
|
|
|
_(child.count).must_equal 1
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "it raises errors" do
|
|
|
|
it "fails and raises error on unsupported os" do
|
|
|
|
resource = MockLoader.new(:windows).load_resource("shadow")
|
2018-07-19 12:16:54 +00:00
|
|
|
_(resource.resource_failed?).must_equal true
|
2018-03-08 21:01:50 +00:00
|
|
|
_(resource.resource_exception_message)
|
2019-06-11 22:24:35 +00:00
|
|
|
.must_equal "Resource `shadow` is not supported on platform windows/6.2.9200."
|
2016-02-19 11:48:43 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|