2015-06-07 15:09:02 +00:00
|
|
|
# copyright: 2015, Dominik Richter
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
require "method_source"
|
|
|
|
require "inspec/describe"
|
|
|
|
require "inspec/expect"
|
|
|
|
require "inspec/resource"
|
|
|
|
require "inspec/resources/os"
|
2015-10-18 17:07:43 +00:00
|
|
|
|
2015-10-26 03:04:18 +00:00
|
|
|
module Inspec
|
2017-12-07 19:22:55 +00:00
|
|
|
class Rule
|
2015-10-18 17:07:43 +00:00
|
|
|
include ::RSpec::Matchers
|
|
|
|
|
2016-09-14 13:57:26 +00:00
|
|
|
#
|
|
|
|
# Include any resources from the given resource DSL. The passed
|
|
|
|
# resource_dsl will also be included in any Inspec::Expect objects
|
|
|
|
# we make.
|
|
|
|
#
|
|
|
|
# @params resource_dsl [Module]
|
|
|
|
# @returns [TrueClass]
|
|
|
|
#
|
|
|
|
def self.with_resource_dsl(resource_dsl)
|
|
|
|
include resource_dsl
|
|
|
|
@resource_dsl = resource_dsl
|
|
|
|
true
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.resource_dsl # rubocop:disable Style/TrivialAccessors
|
|
|
|
@resource_dsl
|
|
|
|
end
|
|
|
|
|
2017-12-05 13:13:41 +00:00
|
|
|
def initialize(id, profile_id, opts, &block)
|
2015-09-25 17:14:32 +00:00
|
|
|
@impact = nil
|
|
|
|
@title = nil
|
2018-09-26 17:28:58 +00:00
|
|
|
@descriptions = {}
|
2016-03-17 22:07:42 +00:00
|
|
|
@refs = []
|
|
|
|
@tags = {}
|
2016-04-05 14:16:00 +00:00
|
|
|
|
2015-09-25 17:14:32 +00:00
|
|
|
# not changeable by the user:
|
2018-11-05 14:59:01 +00:00
|
|
|
@__code = nil
|
2016-04-05 14:16:00 +00:00
|
|
|
@__block = block
|
|
|
|
@__source_location = __get_block_source_location(&block)
|
2016-04-09 17:05:52 +00:00
|
|
|
@__rule_id = id
|
|
|
|
@__profile_id = profile_id
|
2016-04-05 14:16:00 +00:00
|
|
|
@__checks = []
|
2018-08-01 22:14:58 +00:00
|
|
|
@__skip_rule = {}
|
2016-08-11 18:45:56 +00:00
|
|
|
@__merge_count = 0
|
2018-08-02 18:39:11 +00:00
|
|
|
@__merge_changes = []
|
2017-12-05 13:13:41 +00:00
|
|
|
@__skip_only_if_eval = opts[:skip_only_if_eval]
|
2016-04-05 14:16:00 +00:00
|
|
|
|
2015-09-25 17:14:32 +00:00
|
|
|
# evaluate the given definition
|
2018-04-26 19:44:16 +00:00
|
|
|
return unless block_given?
|
2019-07-09 00:20:30 +00:00
|
|
|
|
2018-04-26 19:44:16 +00:00
|
|
|
begin
|
|
|
|
instance_eval(&block)
|
|
|
|
rescue StandardError => e
|
|
|
|
# We've encountered an exception while trying to eval the code inside the
|
|
|
|
# control block. We need to prevent the exception from bubbling up, and
|
|
|
|
# fail the control. Controls are failed by having a failed resource within
|
|
|
|
# them; but since our control block is unsafe (and opaque) to us, let's
|
|
|
|
# make a dummy and fail that.
|
2019-06-11 22:24:35 +00:00
|
|
|
location = block.source_location.compact.join(":")
|
|
|
|
describe "Control Source Code Error" do
|
2018-04-26 19:44:16 +00:00
|
|
|
# Rubocop thinks we are raising an exception - we're actually calling RSpec's fail()
|
|
|
|
its(location) { fail e.message } # rubocop: disable Style/SignalException
|
|
|
|
end
|
|
|
|
end
|
2015-06-19 18:11:26 +00:00
|
|
|
end
|
|
|
|
|
2016-08-31 11:17:44 +00:00
|
|
|
def to_s
|
|
|
|
Inspec::Rule.rule_id(self)
|
|
|
|
end
|
|
|
|
|
2015-09-25 17:14:32 +00:00
|
|
|
def id(*_)
|
|
|
|
# never overwrite the ID
|
|
|
|
@id
|
2015-06-19 18:11:26 +00:00
|
|
|
end
|
|
|
|
|
2015-09-25 17:14:32 +00:00
|
|
|
def impact(v = nil)
|
2018-09-13 18:14:05 +00:00
|
|
|
if v.is_a?(String)
|
|
|
|
@impact = Inspec::Impact.impact_from_string(v)
|
|
|
|
elsif !v.nil?
|
|
|
|
@impact = v
|
|
|
|
end
|
|
|
|
|
2015-09-25 17:14:32 +00:00
|
|
|
@impact
|
2015-08-12 19:03:41 +00:00
|
|
|
end
|
2015-06-18 15:32:40 +00:00
|
|
|
|
2015-09-25 17:14:32 +00:00
|
|
|
def title(v = nil)
|
|
|
|
@title = v unless v.nil?
|
|
|
|
@title
|
2015-06-19 19:43:04 +00:00
|
|
|
end
|
2015-06-19 19:17:56 +00:00
|
|
|
|
2018-09-26 17:28:58 +00:00
|
|
|
def desc(v = nil, data = nil)
|
|
|
|
return @descriptions[:default] if v.nil?
|
2019-07-09 00:20:30 +00:00
|
|
|
|
2018-09-26 17:28:58 +00:00
|
|
|
if data.nil?
|
|
|
|
@descriptions[:default] = unindent(v)
|
|
|
|
else
|
|
|
|
@descriptions[v.to_sym] = unindent(data)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def descriptions(description_hash = nil)
|
|
|
|
return @descriptions if description_hash.nil?
|
2019-07-09 00:20:30 +00:00
|
|
|
|
2018-09-26 17:28:58 +00:00
|
|
|
@descriptions.merge!(description_hash)
|
2015-06-19 22:00:53 +00:00
|
|
|
end
|
2015-06-19 20:18:54 +00:00
|
|
|
|
2016-03-17 22:07:42 +00:00
|
|
|
def ref(ref = nil, opts = {})
|
|
|
|
return @refs if ref.nil? && opts.empty?
|
2019-07-09 00:20:30 +00:00
|
|
|
|
2016-03-17 22:07:42 +00:00
|
|
|
if opts.empty? && ref.is_a?(Hash)
|
|
|
|
opts = ref
|
|
|
|
else
|
|
|
|
opts[:ref] = ref
|
|
|
|
end
|
|
|
|
@refs.push(opts)
|
|
|
|
end
|
|
|
|
|
|
|
|
def tag(*args)
|
|
|
|
args.each do |arg|
|
|
|
|
if arg.is_a?(Hash)
|
|
|
|
@tags.merge!(arg)
|
|
|
|
else
|
|
|
|
@tags[arg] ||= nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
@tags
|
|
|
|
end
|
|
|
|
|
2017-10-17 12:47:30 +00:00
|
|
|
def source_file
|
|
|
|
@__file
|
|
|
|
end
|
|
|
|
|
2016-04-05 15:01:08 +00:00
|
|
|
# Skip all checks if only_if is false
|
|
|
|
#
|
|
|
|
# @param [Type] &block returns true if tests are added, false otherwise
|
|
|
|
# @return [nil]
|
2018-08-02 23:55:31 +00:00
|
|
|
def only_if(message = nil)
|
2016-04-05 15:01:08 +00:00
|
|
|
return unless block_given?
|
2017-12-05 13:13:41 +00:00
|
|
|
return if @__skip_only_if_eval == true
|
|
|
|
|
2018-08-01 22:14:58 +00:00
|
|
|
@__skip_rule[:result] ||= !yield
|
|
|
|
@__skip_rule[:message] = message
|
2016-04-05 15:01:08 +00:00
|
|
|
end
|
|
|
|
|
2016-02-25 12:44:57 +00:00
|
|
|
# Describe will add one or more tests to this control. There is 2 ways
|
|
|
|
# of calling it:
|
|
|
|
#
|
|
|
|
# describe resource do ... end
|
|
|
|
#
|
|
|
|
# or
|
|
|
|
#
|
|
|
|
# describe.one do ... end
|
|
|
|
#
|
|
|
|
# @param [any] Resource to be describe, string, or nil
|
|
|
|
# @param [Proc] An optional block containing tests for the described resource
|
|
|
|
# @return [nil|DescribeBase] if called without arguments, returns DescribeBase
|
|
|
|
def describe(*values, &block)
|
|
|
|
if values.empty? && !block_given?
|
|
|
|
dsl = self.class.ancestors[1]
|
|
|
|
Class.new(DescribeBase) do
|
|
|
|
include dsl
|
2016-04-05 14:16:00 +00:00
|
|
|
end.new(method(:__add_check))
|
2016-02-25 12:44:57 +00:00
|
|
|
else
|
2019-06-11 22:24:35 +00:00
|
|
|
__add_check("describe", values, with_dsl(block))
|
2016-02-25 12:44:57 +00:00
|
|
|
end
|
2015-10-18 17:07:43 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def expect(value, &block)
|
2016-09-14 13:57:26 +00:00
|
|
|
target = Inspec::Expect.new(value, &with_dsl(block))
|
2019-06-11 22:24:35 +00:00
|
|
|
__add_check("expect", [value], target)
|
2015-10-18 17:07:43 +00:00
|
|
|
target
|
2015-06-19 22:00:53 +00:00
|
|
|
end
|
|
|
|
|
2016-04-05 14:16:00 +00:00
|
|
|
def self.rule_id(rule)
|
|
|
|
rule.instance_variable_get(:@__rule_id)
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.set_rule_id(rule, value)
|
|
|
|
rule.instance_variable_set(:@__rule_id, value)
|
|
|
|
end
|
|
|
|
|
2016-04-09 18:09:04 +00:00
|
|
|
def self.profile_id(rule)
|
|
|
|
rule.instance_variable_get(:@__profile_id)
|
|
|
|
end
|
|
|
|
|
2016-04-05 14:16:00 +00:00
|
|
|
def self.checks(rule)
|
|
|
|
rule.instance_variable_get(:@__checks)
|
|
|
|
end
|
|
|
|
|
2016-04-05 15:01:08 +00:00
|
|
|
def self.skip_status(rule)
|
|
|
|
rule.instance_variable_get(:@__skip_rule)
|
|
|
|
end
|
|
|
|
|
2018-08-07 17:10:45 +00:00
|
|
|
def self.set_skip_rule(rule, value, message = nil)
|
|
|
|
rule.instance_variable_set(:@__skip_rule,
|
2019-07-09 00:20:30 +00:00
|
|
|
{ result: value, message: message })
|
2016-04-05 15:01:08 +00:00
|
|
|
end
|
|
|
|
|
2016-08-11 18:45:56 +00:00
|
|
|
def self.merge_count(rule)
|
|
|
|
rule.instance_variable_get(:@__merge_count)
|
|
|
|
end
|
|
|
|
|
2018-08-02 18:39:11 +00:00
|
|
|
def self.merge_changes(rule)
|
|
|
|
rule.instance_variable_get(:@__merge_changes)
|
|
|
|
end
|
|
|
|
|
2016-04-05 15:01:08 +00:00
|
|
|
def self.prepare_checks(rule)
|
2018-08-09 19:12:47 +00:00
|
|
|
skip_check = skip_status(rule)
|
|
|
|
return checks(rule) unless skip_check[:result].eql?(true)
|
2019-07-09 00:20:30 +00:00
|
|
|
|
2018-08-09 19:12:47 +00:00
|
|
|
if skip_check[:message]
|
2018-08-09 20:00:57 +00:00
|
|
|
msg = "Skipped control due to only_if condition: #{skip_check[:message]}"
|
2018-08-01 22:14:58 +00:00
|
|
|
else
|
2019-06-11 22:24:35 +00:00
|
|
|
msg = "Skipped control due to only_if condition."
|
2018-08-01 22:14:58 +00:00
|
|
|
end
|
2016-04-05 15:01:08 +00:00
|
|
|
|
|
|
|
# TODO: we use os as the carrier here, but should consider
|
|
|
|
# a separate resource to do skipping
|
|
|
|
resource = rule.os
|
|
|
|
resource.skip_resource(msg)
|
2019-06-11 22:24:35 +00:00
|
|
|
[["describe", [resource], nil]]
|
2016-04-05 14:16:00 +00:00
|
|
|
end
|
|
|
|
|
2018-06-21 17:37:47 +00:00
|
|
|
def self.merge(dst, src) # rubocop:disable Metrics/AbcSize
|
2015-09-25 17:14:32 +00:00
|
|
|
if src.id != dst.id
|
|
|
|
# TODO: register an error, this case should not happen
|
|
|
|
return
|
|
|
|
end
|
2019-07-09 00:20:30 +00:00
|
|
|
|
2016-04-05 14:16:00 +00:00
|
|
|
sp = rule_id(src)
|
|
|
|
dp = rule_id(dst)
|
2015-09-25 17:14:32 +00:00
|
|
|
if sp != dp
|
|
|
|
# TODO: register an error, this case should not happen
|
|
|
|
return
|
|
|
|
end
|
2019-07-09 00:20:30 +00:00
|
|
|
|
2015-09-25 17:14:32 +00:00
|
|
|
# merge all fields
|
2018-09-26 17:28:58 +00:00
|
|
|
dst.impact(src.impact) unless src.impact.nil?
|
|
|
|
dst.title(src.title) unless src.title.nil?
|
|
|
|
dst.descriptions(src.descriptions) unless src.descriptions.nil?
|
|
|
|
dst.tag(src.tag) unless src.tag.nil?
|
|
|
|
dst.ref(src.ref) unless src.ref.nil?
|
2018-06-21 17:37:47 +00:00
|
|
|
|
2015-09-25 17:14:32 +00:00
|
|
|
# merge indirect fields
|
|
|
|
# checks defined in the source will completely eliminate
|
|
|
|
# all checks that were defined in the destination
|
2016-04-05 14:16:00 +00:00
|
|
|
sc = checks(src)
|
|
|
|
dst.instance_variable_set(:@__checks, sc) unless sc.empty?
|
2018-08-29 17:32:22 +00:00
|
|
|
skip_check = skip_status(src)
|
|
|
|
sr = skip_check[:result]
|
|
|
|
msg = skip_check[:message]
|
|
|
|
set_skip_rule(dst, sr, msg) unless sr.nil?
|
2018-08-02 18:39:11 +00:00
|
|
|
|
|
|
|
# Save merge history
|
2016-08-11 18:45:56 +00:00
|
|
|
dst.instance_variable_set(:@__merge_count, merge_count(dst) + 1)
|
2018-08-02 18:39:11 +00:00
|
|
|
dst.instance_variable_set(
|
|
|
|
:@__merge_changes,
|
2019-06-11 22:24:35 +00:00
|
|
|
merge_changes(dst) << src.instance_variable_get(:@__source_location)
|
2018-08-02 18:39:11 +00:00
|
|
|
)
|
2015-06-19 22:00:53 +00:00
|
|
|
end
|
|
|
|
|
2015-10-22 22:45:09 +00:00
|
|
|
private
|
|
|
|
|
2016-04-05 14:16:00 +00:00
|
|
|
def __add_check(describe_or_expect, values, block)
|
|
|
|
@__checks.push([describe_or_expect, values, block])
|
2016-02-25 12:44:57 +00:00
|
|
|
end
|
|
|
|
|
2016-09-14 13:57:26 +00:00
|
|
|
#
|
|
|
|
# Takes a block and returns a block that will run the given block
|
|
|
|
# with access to the resource_dsl of the current class. This is to
|
|
|
|
# ensure that inside the constructed Rspec::ExampleGroup users
|
|
|
|
# have access to DSL methods. Previous this was done in
|
|
|
|
# Inspec::Runner before sending the example groups to rspec. It
|
|
|
|
# was moved here to ensure that code inside `its` blocks hae the
|
|
|
|
# same visibility into resources as code outside its blocks.
|
|
|
|
#
|
|
|
|
# @param [Proc] block
|
|
|
|
# @return [Proc]
|
|
|
|
#
|
|
|
|
def with_dsl(block)
|
|
|
|
return nil if block.nil?
|
2019-07-09 00:20:30 +00:00
|
|
|
|
2016-09-14 13:57:26 +00:00
|
|
|
if self.class.resource_dsl
|
|
|
|
dsl = self.class.resource_dsl
|
|
|
|
proc do |*args|
|
|
|
|
include dsl
|
|
|
|
instance_exec(*args, &block)
|
|
|
|
end
|
|
|
|
else
|
|
|
|
block
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-04-25 10:39:25 +00:00
|
|
|
# Idio(ma)tic unindent, behaves similar to Ruby2.3 curly heredocs.
|
|
|
|
# Find the shortest indentation of non-empty lines and strip that from every line
|
|
|
|
# See: https://bugs.ruby-lang.org/issues/9098
|
|
|
|
#
|
|
|
|
# It is implemented here to support pre-Ruby2.3 with this feature and
|
|
|
|
# to not force non-programmers to understand heredocs.
|
|
|
|
#
|
|
|
|
# Please note: tabs are not supported! (they will be removed but they are not
|
|
|
|
# treated the same as in Ruby2.3 heredocs)
|
2015-10-22 22:45:09 +00:00
|
|
|
#
|
|
|
|
# @param [String] text string which needs to be unindented
|
2017-04-25 10:39:25 +00:00
|
|
|
# @return [String] input with indentation removed; '' if input is nil
|
2015-10-22 22:45:09 +00:00
|
|
|
def unindent(text)
|
2019-06-11 22:24:35 +00:00
|
|
|
return "" if text.nil?
|
2019-07-09 00:20:30 +00:00
|
|
|
|
2017-04-25 10:39:25 +00:00
|
|
|
len = text.split("\n").reject { |l| l.strip.empty? }.map { |x| x.index(/[^\s]/) }.compact.min
|
2019-06-11 22:24:35 +00:00
|
|
|
text.gsub(/^[[:blank:]]{#{len}}/, "").strip
|
2015-10-22 22:45:09 +00:00
|
|
|
end
|
2015-10-26 01:32:02 +00:00
|
|
|
|
2016-02-04 16:01:38 +00:00
|
|
|
# get the source location of the block
|
2016-02-03 17:52:15 +00:00
|
|
|
def __get_block_source_location(&block)
|
2016-06-28 10:03:20 +00:00
|
|
|
return {} unless block_given?
|
2019-07-09 00:20:30 +00:00
|
|
|
|
2016-06-28 10:03:20 +00:00
|
|
|
r, l = block.source_location
|
|
|
|
{ ref: r, line: l }
|
2016-02-03 17:52:15 +00:00
|
|
|
rescue MethodSource::SourceNotFoundError
|
2016-06-28 10:03:20 +00:00
|
|
|
{}
|
2016-02-03 17:52:15 +00:00
|
|
|
end
|
2015-06-18 15:32:40 +00:00
|
|
|
end
|
2015-06-19 18:11:26 +00:00
|
|
|
end
|