inspec/lib/resources/file.rb

# encoding: utf-8
# copyright: 2015, Vulcano Security GmbH
# author: Dominik Richter
# author: Christoph Hartmann
# license: All rights reserved

require 'shellwords'

module Inspec::Resources
  module FilePermissionsSelector
    def select_file_perms_style(os)
      if os.unix?
        @perms_provider = UnixFilePermissions.new(inspec)
      elsif os.windows?
        @perms_provider = WindowsFilePermissions.new(inspec)
      end
    end
  end

  class FileResource < Inspec.resource(1) # rubocop:disable Metrics/ClassLength
    include FilePermissionsSelector
    include MountParser

    name 'file'
    desc 'Use the file InSpec audit resource to test all system file types, including files, directories, symbolic links, named pipes, sockets, character devices, block devices, and doors.'
    example "
      describe file('path') do
        it { should exist }
        it { should be_file }
        it { should be_readable }
        it { should be_writable }
        it { should be_owned_by 'root' }
        its('mode') { should cmp '0644' }
      end
    "

    attr_reader :file, :mount_options
    def initialize(path)
      # select permissions style
      @perms_provider = select_file_perms_style(inspec.os)
      @file = inspec.backend.file(path)
    end

    %w{
      type exist? file? block_device? character_device? socket? directory?
      symlink? pipe? mode mode? owner owned_by? group grouped_into?
      link_path linked_to? mtime size selinux_label immutable?
      product_version file_version version? md5sum sha256sum
      path basename source source_path uid gid
    }.each do |m|
      define_method m.to_sym do |*args|
        file.method(m.to_sym).call(*args)
      end
    end

    def content
      res = file.content
      return nil if res.nil?
      res.force_encoding('utf-8')
    end

    def contain(*_)
      fail 'Contain is not supported. Please use standard RSpec matchers.'
    end

    def readable?(by_usergroup, by_specific_user)
      return false unless exist?
      return skip_resource '`readable?` is not supported on your OS yet.' if @perms_provider.nil?

      file_permission_granted?('read', by_usergroup, by_specific_user)
    end

    def writable?(by_usergroup, by_specific_user)
      return false unless exist?
      return skip_resource '`writable?` is not supported on your OS yet.' if @perms_provider.nil?

      file_permission_granted?('write', by_usergroup, by_specific_user)
    end

    def executable?(by_usergroup, by_specific_user)
      return false unless exist?
      return skip_resource '`executable?` is not supported on your OS yet.' if @perms_provider.nil?

      file_permission_granted?('execute', by_usergroup, by_specific_user)
    end

    def mounted?(expected_options = nil, identical = false)
      mounted = file.mounted

      # return if no additional parameters have been provided
      return file.mounted? if expected_options.nil?

      # deprecation warning, this functionality will be removed in future version
      warn "[DEPRECATION] `be_mounted.with and be_mounted.only_with` are deprecated.  Please use `mount('#{source_path}')` instead."

      # we cannot read mount data on non-Linux systems
      return nil if !inspec.os.linux?

      # parse content if we are on linux
      @mount_options ||= parse_mount_options(mounted.stdout, true)

      if identical
        # check if the options should be identical
        @mount_options == expected_options
      else
        # otherwise compare the selected values
        @mount_options.contains(expected_options)
      end
    end

    def suid
      (mode & 04000) > 0
    end

    def sgid
      (mode & 02000) > 0
    end

    def sticky
      (mode & 01000) > 0
    end

    def to_s
      "File #{source_path}"
    end

    private

    def file_permission_granted?(access, by_usergroup, by_specific_user)
      fail '`file_permission_granted?` is not supported on your OS' if @perms_provider.nil?
      if by_specific_user.nil? || by_specific_user.empty?
        return nil if !inspec.os.unix?
        usergroup = usergroup_for(by_usergroup, by_specific_user)
        check_file_permission_by_mask(usergroup, access)
      else
        @perms_provider.check_file_permission_by_user(by_specific_user, access, source_path)
      end
    end

    def check_file_permission_by_mask(usergroup, flag)
      mask = file.unix_mode_mask(usergroup, flag)
      fail 'Invalid usergroup/owner provided' if mask.nil?

      (file.mode & mask) != 0
    end

    def usergroup_for(usergroup, specific_user)
      if usergroup == 'others'
        'other'
      elsif (usergroup.nil? || usergroup.empty?) && specific_user.nil?
        'all'
      else
        usergroup
      end
    end
  end

  class FilePermissions
    attr_reader :inspec
    def initialize(inspec)
      @inspec = inspec
    end
  end

  class UnixFilePermissions < FilePermissions
    def check_file_permission_by_user(user, access_type, path)
      flag = case access_type
             when 'read'
               'r'
             when 'write'
               'w'
             when 'execute'
               'x'
             else
               fail 'Invalid access_type provided'
             end
      if inspec.os.linux?
        perm_cmd = "su -s /bin/sh -c \"test -#{flag} #{path}\" #{user}"
      elsif inspec.os.bsd? || inspec.os.solaris?
        perm_cmd = "sudo -u #{user} test -#{flag} #{path}"
      elsif inspec.os.aix?
        perm_cmd = "su #{user} -c test -#{flag} #{path}"
      elsif inspec.os.hpux?
        perm_cmd = "su #{user} -c \"test -#{flag} #{path}\""
      else
        return skip_resource 'The `file` resource does not support `by_user` on your OS.'
      end

      cmd = inspec.command(perm_cmd)
      cmd.exit_status == 0 ? true : false
    end
  end

  class WindowsFilePermissions < FilePermissions
    def check_file_permission_by_user(user, access_type, path)
      access_rule = case access_type
                    when 'read'
                      '@(\'FullControl\', \'Modify\', \'ReadAndExecute\', \'Read\', \'ListDirectory\')'
                    when 'write'
                      '@(\'FullControl\', \'Modify\', \'Write\')'
                    when 'execute'
                      '@(\'FullControl\', \'Modify\', \'ReadAndExecute\', \'ExecuteFile\')'
                    else
                      fail 'Invalid access_type provided'
                    end
      cmd = inspec.command("@(@((Get-Acl #{path}).access | Where-Object {$_.AccessControlType -eq 'Allow' -and $_.IdentityReference -eq '#{user}' }) | Where-Object {($_.FileSystemRights.ToString().Split(',') | % {$_.trim()} | ? {#{access_rule} -contains $_}) -ne $null}) | measure | % { $_.Count }")
      cmd.stdout.chomp == '0' ? false : true
    end
  end
end
update copyright header 2015-07-15 13:15:18 +00:00			`# encoding: utf-8`
			`# copyright: 2015, Vulcano Security GmbH`
add author header 2015-10-06 16:55:44 +00:00			`# author: Dominik Richter`
			`# author: Christoph Hartmann`
update copyright header 2015-07-15 13:15:18 +00:00			`# license: All rights reserved`

add file uid and gid accessors 2016-03-31 00:23:23 +00:00			`require 'shellwords'`

rename vulcanosec -> inspec 2015-10-26 03:04:18 +00:00			`module Inspec::Resources`
changing module name Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-13 14:05:57 +00:00			`module FilePermissionsSelector`
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`def select_file_perms_style(os)`
			`if os.unix?`
changing module name Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-13 14:05:57 +00:00			`@perms_provider = UnixFilePermissions.new(inspec)`
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`elsif os.windows?`
changing module name Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-13 14:05:57 +00:00			`@perms_provider = WindowsFilePermissions.new(inspec)`
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`end`
			`end`
			`end`

implementing changes requested in review Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-17 13:41:36 +00:00			`class FileResource < Inspec.resource(1) # rubocop:disable Metrics/ClassLength`
changing module name Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-13 14:05:57 +00:00			`include FilePermissionsSelector`
			`include MountParser`
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00
start migrating file resource Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-30 00:14:17 +00:00			`name 'file'`
add inline documentation 2015-11-27 13:02:38 +00:00			`desc 'Use the file InSpec audit resource to test all system file types, including files, directories, symbolic links, named pipes, sockets, character devices, block devices, and doors.'`
			`example "`
			`describe file('path') do`
			`it { should exist }`
			`it { should be_file }`
			`it { should be_readable }`
			`it { should be_writable }`
			`it { should be_owned_by 'root' }`
update file resource example to use cmd matcher for better failure output in octal 2016-04-20 11:06:40 +00:00			`its('mode') { should cmp '0644' }`
add inline documentation 2015-11-27 13:02:38 +00:00			`end`
			`"`
migrate file resource Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-29 07:44:16 +00:00
update to new train interface 2016-04-28 16:35:55 +00:00			`attr_reader :file, :mount_options`
start migrating file resource Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-30 00:14:17 +00:00			`def initialize(path)`
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`# select permissions style`
			`@perms_provider = select_file_perms_style(inspec.os)`
update to new train interface 2016-04-28 16:35:55 +00:00			`@file = inspec.backend.file(path)`
start migrating file resource Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-30 00:14:17 +00:00			`end`
migrate file resource Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-29 07:44:16 +00:00
start migrating file resource Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-30 00:14:17 +00:00			`%w{`
File.exists? is deprecated in ruby 2.1 See: http://ruby-doc.org/core-2.1.0/File.html#method-c-exists-3F Same for Dir: http://ruby-doc.org/core-2.1.0/Dir.html#method-c-exists-3F Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-09-18 10:35:32 +00:00			`type exist? file? block_device? character_device? socket? directory?`
update to new train interface 2016-04-28 16:35:55 +00:00			`symlink? pipe? mode mode? owner owned_by? group grouped_into?`
force encoding to utf-8 2016-02-22 03:44:49 +00:00			`link_path linked_to? mtime size selinux_label immutable?`
fix rubocop issues 2015-09-05 14:07:54 +00:00			`product_version file_version version? md5sum sha256sum`
support basename parameter and add tests 2016-04-29 17:28:34 +00:00			`path basename source source_path uid gid`
complete all file tests Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-09-03 14:17:52 +00:00			`}.each do \|m\|`
			`define_method m.to_sym do \|*args\|`
File permission checks should return false unless file exists Currently, #readable?, #writeable?, and #executable? will incorrectly return true if the file does not exist. In addition, I took the opportunity to refactor the File resource to make it easier to write unit tests and supplied a full unit test suite for this resource. 2015-12-07 19:41:05 +00:00			`file.method(m.to_sym).call(*args)`
start migrating file resource Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-30 00:14:17 +00:00			`end`
migrate file resource Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-29 07:44:16 +00:00			`end`

force encoding to utf-8 2016-02-22 03:44:49 +00:00			`def content`
			`res = file.content`
			`return nil if res.nil?`
			`res.force_encoding('utf-8')`
			`end`

wrap up core resource linting Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-09-09 16:52:27 +00:00			`def contain(*_)`
improve fail warning. thanks @arlimus 2015-10-25 20:47:27 +00:00			`fail 'Contain is not supported. Please use standard RSpec matchers.'`
start migrating file resource Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-30 00:14:17 +00:00			`end`
migrate file resource Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-29 07:44:16 +00:00
File permission checks should return false unless file exists Currently, #readable?, #writeable?, and #executable? will incorrectly return true if the file does not exist. In addition, I took the opportunity to refactor the File resource to make it easier to write unit tests and supplied a full unit test suite for this resource. 2015-12-07 19:41:05 +00:00			`def readable?(by_usergroup, by_specific_user)`
			`return false unless exist?`
implementing changes requested in review Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-17 13:41:36 +00:00			return skip_resource '`readable?` is not supported on your OS yet.' if @perms_provider.nil?
File permission checks should return false unless file exists Currently, #readable?, #writeable?, and #executable? will incorrectly return true if the file does not exist. In addition, I took the opportunity to refactor the File resource to make it easier to write unit tests and supplied a full unit test suite for this resource. 2015-12-07 19:41:05 +00:00
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`file_permission_granted?('read', by_usergroup, by_specific_user)`
start migrating file resource Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-30 00:14:17 +00:00			`end`
migrate file resource Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-29 07:44:16 +00:00
File permission checks should return false unless file exists Currently, #readable?, #writeable?, and #executable? will incorrectly return true if the file does not exist. In addition, I took the opportunity to refactor the File resource to make it easier to write unit tests and supplied a full unit test suite for this resource. 2015-12-07 19:41:05 +00:00			`def writable?(by_usergroup, by_specific_user)`
			`return false unless exist?`
implementing changes requested in review Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-17 13:41:36 +00:00			return skip_resource '`writable?` is not supported on your OS yet.' if @perms_provider.nil?
File permission checks should return false unless file exists Currently, #readable?, #writeable?, and #executable? will incorrectly return true if the file does not exist. In addition, I took the opportunity to refactor the File resource to make it easier to write unit tests and supplied a full unit test suite for this resource. 2015-12-07 19:41:05 +00:00
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`file_permission_granted?('write', by_usergroup, by_specific_user)`
bugfix: indicate that file resource is really working with paths Signed-off-by: Dominik Richter <dominik@vulcanosec.com> 2015-06-21 09:23:30 +00:00			`end`
migrate file resource Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-29 07:44:16 +00:00
File permission checks should return false unless file exists Currently, #readable?, #writeable?, and #executable? will incorrectly return true if the file does not exist. In addition, I took the opportunity to refactor the File resource to make it easier to write unit tests and supplied a full unit test suite for this resource. 2015-12-07 19:41:05 +00:00			`def executable?(by_usergroup, by_specific_user)`
			`return false unless exist?`
implementing changes requested in review Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-17 13:41:36 +00:00			return skip_resource '`executable?` is not supported on your OS yet.' if @perms_provider.nil?
File permission checks should return false unless file exists Currently, #readable?, #writeable?, and #executable? will incorrectly return true if the file does not exist. In addition, I took the opportunity to refactor the File resource to make it easier to write unit tests and supplied a full unit test suite for this resource. 2015-12-07 19:41:05 +00:00
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`file_permission_granted?('execute', by_usergroup, by_specific_user)`
migrate file resource Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-29 07:44:16 +00:00			`end`

implement `be_mounted.with` for file resources 2015-12-31 00:08:57 +00:00			`def mounted?(expected_options = nil, identical = false)`
			`mounted = file.mounted`

			`# return if no additional parameters have been provided`
			`return file.mounted? if expected_options.nil?`

add deprecation warning for serverspec users 2016-01-02 23:01:54 +00:00			`# deprecation warning, this functionality will be removed in future version`
use the source_path instead of path for file internal reporting 2016-04-28 23:56:13 +00:00			warn "[DEPRECATION] `be_mounted.with and be_mounted.only_with` are deprecated. Please use `mount('#{source_path}')` instead."
add deprecation warning for serverspec users 2016-01-02 23:01:54 +00:00
restrict mount functionality to linux 2016-01-02 21:57:52 +00:00			`# we cannot read mount data on non-Linux systems`
			`return nil if !inspec.os.linux?`

implement `be_mounted.with` for file resources 2015-12-31 00:08:57 +00:00			`# parse content if we are on linux`
			`@mount_options \|\|= parse_mount_options(mounted.stdout, true)`

			`if identical`
			`# check if the options should be identical`
			`@mount_options == expected_options`
			`else`
			`# otherwise compare the selected values`
			`@mount_options.contains(expected_options)`
			`end`
			`end`

add suid sgid and sticky support for file resource 2016-07-10 18:40:06 +00:00			`def suid`
			`(mode & 04000) > 0`
			`end`

			`def sgid`
			`(mode & 02000) > 0`
			`end`

			`def sticky`
			`(mode & 01000) > 0`
			`end`

start migrating file resource Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-30 00:14:17 +00:00			`def to_s`
use the source_path instead of path for file internal reporting 2016-04-28 23:56:13 +00:00			`"File #{source_path}"`
start migrating file resource Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-30 00:14:17 +00:00			`end`
improvement: file resource check precondition and add file permission check 2015-10-25 20:35:35 +00:00
			`private`

adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`def file_permission_granted?(access, by_usergroup, by_specific_user)`
implementing changes requested in review Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-17 13:41:36 +00:00			fail '`file_permission_granted?` is not supported on your OS' if @perms_provider.nil?
sanity check and AIX tests 2015-12-21 22:12:29 +00:00			`if by_specific_user.nil? \|\| by_specific_user.empty?`
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`return nil if !inspec.os.unix?`
sanity check and AIX tests 2015-12-21 22:12:29 +00:00			`usergroup = usergroup_for(by_usergroup, by_specific_user)`
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`check_file_permission_by_mask(usergroup, access)`
File permission checks should return false unless file exists Currently, #readable?, #writeable?, and #executable? will incorrectly return true if the file does not exist. In addition, I took the opportunity to refactor the File resource to make it easier to write unit tests and supplied a full unit test suite for this resource. 2015-12-07 19:41:05 +00:00			`else`
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`@perms_provider.check_file_permission_by_user(by_specific_user, access, source_path)`
improvement: file resource check precondition and add file permission check 2015-10-25 20:35:35 +00:00			`end`
File permission checks should return false unless file exists Currently, #readable?, #writeable?, and #executable? will incorrectly return true if the file does not exist. In addition, I took the opportunity to refactor the File resource to make it easier to write unit tests and supplied a full unit test suite for this resource. 2015-12-07 19:41:05 +00:00			`end`

			`def check_file_permission_by_mask(usergroup, flag)`
			`mask = file.unix_mode_mask(usergroup, flag)`
			`fail 'Invalid usergroup/owner provided' if mask.nil?`
improvement: file resource check precondition and add file permission check 2015-10-25 20:35:35 +00:00
File permission checks should return false unless file exists Currently, #readable?, #writeable?, and #executable? will incorrectly return true if the file does not exist. In addition, I took the opportunity to refactor the File resource to make it easier to write unit tests and supplied a full unit test suite for this resource. 2015-12-07 19:41:05 +00:00			`(file.mode & mask) != 0`
			`end`

adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`def usergroup_for(usergroup, specific_user)`
			`if usergroup == 'others'`
			`'other'`
			`elsif (usergroup.nil? \|\| usergroup.empty?) && specific_user.nil?`
			`'all'`
			`else`
			`usergroup`
			`end`
			`end`
			`end`

changing module name Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-13 14:05:57 +00:00			`class FilePermissions`
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`attr_reader :inspec`
			`def initialize(inspec)`
			`@inspec = inspec`
			`end`
			`end`

changing module name Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-13 14:05:57 +00:00			`class UnixFilePermissions < FilePermissions`
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`def check_file_permission_by_user(user, access_type, path)`
			`flag = case access_type`
			`when 'read'`
			`'r'`
			`when 'write'`
			`'w'`
			`when 'execute'`
			`'x'`
implementing changes requested in review Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-17 13:41:36 +00:00			`else`
			`fail 'Invalid access_type provided'`
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`end`
remove os check exposure in file resource 2016-01-28 22:33:11 +00:00			`if inspec.os.linux?`
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`perm_cmd = "su -s /bin/sh -c \"test -#{flag} #{path}\" #{user}"`
remove os check exposure in file resource 2016-01-28 22:33:11 +00:00			`elsif inspec.os.bsd? \|\| inspec.os.solaris?`
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`perm_cmd = "sudo -u #{user} test -#{flag} #{path}"`
remove os check exposure in file resource 2016-01-28 22:33:11 +00:00			`elsif inspec.os.aix?`
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`perm_cmd = "su #{user} -c test -#{flag} #{path}"`
added file permission by user check for hp-ux 2016-04-26 09:23:28 +00:00			`elsif inspec.os.hpux?`
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`perm_cmd = "su #{user} -c \"test -#{flag} #{path}\""`
improvement: file resource check precondition and add file permission check 2015-10-25 20:35:35 +00:00			`else`
			return skip_resource 'The `file` resource does not support `by_user` on your OS.'
			`end`
File permission checks should return false unless file exists Currently, #readable?, #writeable?, and #executable? will incorrectly return true if the file does not exist. In addition, I took the opportunity to refactor the File resource to make it easier to write unit tests and supplied a full unit test suite for this resource. 2015-12-07 19:41:05 +00:00
			`cmd = inspec.command(perm_cmd)`
			`cmd.exit_status == 0 ? true : false`
			`end`
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`end`
File permission checks should return false unless file exists Currently, #readable?, #writeable?, and #executable? will incorrectly return true if the file does not exist. In addition, I took the opportunity to refactor the File resource to make it easier to write unit tests and supplied a full unit test suite for this resource. 2015-12-07 19:41:05 +00:00
changing module name Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-13 14:05:57 +00:00			`class WindowsFilePermissions < FilePermissions`
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`def check_file_permission_by_user(user, access_type, path)`
			`access_rule = case access_type`
			`when 'read'`
			`'@(\'FullControl\', \'Modify\', \'ReadAndExecute\', \'Read\', \'ListDirectory\')'`
			`when 'write'`
			`'@(\'FullControl\', \'Modify\', \'Write\')'`
			`when 'execute'`
			`'@(\'FullControl\', \'Modify\', \'ReadAndExecute\', \'ExecuteFile\')'`
implementing changes requested in review Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-17 13:41:36 +00:00			`else`
			`fail 'Invalid access_type provided'`
adding by_user permissions support for windows Signed-off-by: Jeremy J. Miller <jm@chef.io> 2016-10-12 01:55:45 +00:00			`end`
			`cmd = inspec.command("@(@((Get-Acl #{path}).access \| Where-Object {$_.AccessControlType -eq 'Allow' -and $_.IdentityReference -eq '#{user}' }) \| Where-Object {($_.FileSystemRights.ToString().Split(',') \| % {$_.trim()} \| ? {#{access_rule} -contains $_}) -ne $null}) \| measure \| % { $_.Count }")`
			`cmd.stdout.chomp == '0' ? false : true`
File permission checks should return false unless file exists Currently, #readable?, #writeable?, and #executable? will incorrectly return true if the file does not exist. In addition, I took the opportunity to refactor the File resource to make it easier to write unit tests and supplied a full unit test suite for this resource. 2015-12-07 19:41:05 +00:00			`end`
migrate file resource Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-29 07:44:16 +00:00			`end`
			`end`