inspec/lib/resources/iis_app_pool.rb

128 lines
3 KiB
Ruby
Raw Normal View History

# encoding: utf-8
# frozen_string_literal: true
# check for web applications in IIS
# Note: this is only supported in windows 2012 and later
class IisAppPool < Inspec.resource(1)
name 'iis_app_pool'
desc 'Tests IIS application pool configuration on windows.'
supports platform: 'windows'
example <<~EXAMPLE
describe iis_app_pool('DefaultAppPool') do
it { should exist }
its('enable32bit') { should cmp 'True' }
its('runtime_version') { should eq 'v4.0' }
its('pipeline_mode') { should eq 'Integrated' }
end
EXAMPLE
def initialize(pool_name)
@pool_name = pool_name
@pool_path = "IIS:\\AppPools\\#{@pool_name}"
@cache = nil
# verify that this resource is only supported on Windows
return skip_resource 'The `iis_app_pool` resource is not supported on your OS.' unless inspec.os.windows?
end
def pool_name
iis_app_pool[:pool_name]
end
def runtime_version
iis_app_pool[:version]
end
def enable32bit
iis_app_pool[:e32b]
end
def pipeline_mode
iis_app_pool[:mode]
end
def max_processes
iis_app_pool[:processes]
end
def timeout
iis_app_pool[:timeout]
end
def timeout_days
iis_app_pool[:timeout_days]
end
def timeout_hours
iis_app_pool[:timeout_hours]
end
def timeout_minutes
iis_app_pool[:timeout_minutes]
end
def timeout_seconds
iis_app_pool[:timeout_seconds]
end
def user_identity_type
iis_app_pool[:user_identity_type]
end
def username
iis_app_pool[:username]
end
def exists?
!iis_app_pool[:pool_name].empty?
end
def to_s
"IIS App Pool '#{@pool_name}'"
end
private
def iis_app_pool
return @cache unless @cache.nil?
# We use `-Compress` here to avoid a bug in PowerShell
# It does not affect validity of the output, only the representation
# See: https://github.com/inspec/inspec/pull/3842
script = <<~EOH
Import-Module WebAdministration
If (Test-Path '#{@pool_path}') {
Get-Item '#{@pool_path}' | Select-Object * | ConvertTo-Json -Compress
} Else {
Write-Host '{}'
}
EOH
cmd = inspec.powershell(script)
begin
pool = JSON.parse(cmd.stdout)
rescue JSON::ParserError => _e
raise Inspec::Exceptions::ResourceFailed, 'Unable to parse app pool JSON'
end
process_model = pool.fetch('processModel', {})
idle_timeout = process_model.fetch('idleTimeout', {})
# map our values to a hash table
@cache = {
pool_name: pool['name'],
version: pool['managedRuntimeVersion'],
e32b: pool['enable32BitAppOnWin64'],
mode: pool['managedPipelineMode'],
processes: process_model['maxProcesses'],
timeout: "#{idle_timeout['Hours']}:#{idle_timeout['Minutes']}:#{idle_timeout['Seconds']}",
timeout_days: idle_timeout['Days'],
timeout_hours: idle_timeout['Hours'],
timeout_minutes: idle_timeout['Minutes'],
timeout_seconds: idle_timeout['Seconds'],
user_identity_type: process_model['identityType'],
username: process_model['userName'],
}
end
end