Merge pull request #1751 from nsdavidson/add-oracle-session

Add an oracle_session resource
2024-11-23 13:13:22 +00:00 · 2017-05-09 13:21:53 +02:00 · 2017-05-09 13:21:53 +02:00 · 00682eb2d2
commit 00682eb2d2
parent d3baf0a96d ba6745444e
4 changed files with 129 additions and 0 deletions
--- a/docs/resources/oracledb_session.md.erb
+++ b/docs/resources/oracledb_session.md.erb
@ -0,0 +1,71 @@
+---
+title: About the oracledb_session Resource
+---
+
+# oracledb_session
+
+Use the `oracledb_session` InSpec audit resource to test SQL commands run against a Oracle database.
+
+## Syntax
+
+A `oracledb_session` resource block declares the username and password to use for the session with an optional service to connect to, and then the command to be run:
+
+    describe oracledb_session(user: 'username', pass: 'password').query('QUERY') do
+      its('output') { should eq('') }
+    end
+
+where
+
+* `oracledb_session` declares a username and password with permission to run the query (required), and an optional parameters for host (default: `localhost`), SID (default: `nil`, which uses the default SID, and path to the sqlplus binary (default: `sqlplus`).  
+* `query('QUERY')` contains the query to be run
+* `its('output') { should eq('') }` compares the results of the query against the expected result in the test
+
+## Matchers
+
+This InSpec audit resource has the following matchers:
+
+### be
+
+<%= partial "/shared/matcher_be" %>
+
+### cmp
+
+<%= partial "/shared/matcher_cmp" %>
+
+### eq
+
+<%= partial "/shared/matcher_eq" %>
+
+### include
+
+<%= partial "/shared/matcher_include" %>
+
+### match
+
+<%= partial "/shared/matcher_match" %>
+
+### output
+
+The `output` matcher tests the results of the query:
+
+    its('output') { should eq(/^0/) }
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test for matching databases
+
+    sql = oracledb_session(user: 'my_user', pass: 'password')
+    
+    describe sql.query('SELECT NAME FROM v$database;') do
+      its('stdout') { should_not match(/test/) }
+    end
+
+### Test for matching databases with custom host, SID and sqlplus binary location
+
+    sql = oracledb_session(user: 'my_user', pass: 'password', host: 'oraclehost', sid: 'mysid', sqlplus_bin: '/u01/app/oracle/product/12.1.0/dbhome_1/bin/sqlplus')
+    
+    describe sql.query('SELECT NAME FROM v$database;') do
+      its('stdout') { should_not match(/test/) }
+    end
--- a/lib/inspec/resource.rb
+++ b/lib/inspec/resource.rb
@ -114,6 +114,7 @@ require 'resources/mysql_session'
 require 'resources/npm'
 require 'resources/ntp_conf'
 require 'resources/oneget'
+require 'resources/oracledb_session'
 require 'resources/os'
 require 'resources/os_env'
 require 'resources/package'
--- a/lib/resources/oracledb_session.rb
+++ b/lib/resources/oracledb_session.rb
@ -0,0 +1,42 @@
+# encoding: utf-8
+# author: Nolan Davidson
+# license: All rights reserved
+
+module Inspec::Resources
+  class OracledbSession < Inspec.resource(1)
+    name 'oracledb_session'
+    desc 'Use the oracledb_session InSpec resource to test commands against an Oracle database'
+    example "
+      sql = oracledb_session(user: 'my_user', pass: 'password')
+      describe sql.query('SELECT NAME FROM v$database;') do
+        its('stdout') { should_not match(/test/) }
+      end
+    "
+
+    attr_reader :user, :pass, :host, :sid, :sqlplus_bin
+
+    def initialize(opts = {})
+      @user = opts[:user]
+      @pass = opts[:pass]
+      @host = opts[:host] || 'localhost'
+      @sid = opts[:sid]
+      @sqlplus_bin = opts[:sqlplus_bin] || 'sqlplus'
+      return skip_resource("Can't run Oracle checks without authentication") if @user.nil? or @pass.nil?
+    end
+
+    def query(q)
+      escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"')
+      cmd = inspec.command("echo \"#{escaped_query}\" | #{@sqlplus_bin} -s #{@user}/#{@pass}@#{@host}/#{@sid}")
+      out = cmd.stdout + "\n" + cmd.stderr
+      if out.downcase =~ /^error/
+        skip_resource("Can't connect to Oracle instance for SQL checks.")
+      end
+
+      cmd
+    end
+
+    def to_s
+      'Oracle Session'
+    end
+  end
+end
--- a/test/unit/resources/oracledb_session_test.rb
+++ b/test/unit/resources/oracledb_session_test.rb
@ -0,0 +1,15 @@
+# encoding: utf-8
+# author: Nolan Davidson
+
+require 'helper'
+
+describe 'Inspec::Resources::OracledbSession' do
+  it 'verify oracledb_session configuration' do
+    resource = load_resource('oracledb_session', user: 'myuser', pass: 'mypass', host: 'oraclehost', sid: 'mysid')
+    _(resource.user).must_equal 'myuser'
+    _(resource.pass).must_equal 'mypass'
+    _(resource.host).must_equal 'oraclehost'
+    _(resource.sid).must_equal 'mysid'
+    _(resource.sqlplus_bin).must_equal 'sqlplus'
+  end
+end