Merge pull request #5636 from inspec/vasundhara/remove-wmic-calls-security-identifier

Replace use of wmic from security_identifier resource as it will be deprecated soon
2024-09-20 22:41:55 +00:00 · 2021-08-30 17:11:58 -04:00 · 2021-08-30 17:11:58 -04:00 · 04dabfee23
commit 04dabfee23
parent 2b2faa7c41 2100a66bef
5 changed files with 17 additions and 23 deletions
--- a/lib/inspec/resources/security_identifier.rb
+++ b/lib/inspec/resources/security_identifier.rb
@ -57,14 +57,14 @@ module Inspec::Resources
      @sids = {}
      case @type
      when :group
-        sid_data = wmi_results(:group)
+        sid_data = cim_results(:group)
      when :user
-        sid_data = wmi_results(:user)
+        sid_data = cim_results(:user)
      when :unspecified
        # try group first, then user
-        sid_data = wmi_results(:group)
+        sid_data = cim_results(:group)
        if sid_data.empty?
-          sid_data = wmi_results(:user)
+          sid_data = cim_results(:user)
        end
      else
        raise "Unhandled entity type '#{@type}'"
@ -72,20 +72,14 @@ module Inspec::Resources
      sid_data.each { |sid| @sids[sid[1]] = sid[2] }
    end

-    def wmi_results(type)
-      query = "wmic "
+    def cim_results(type)
      case type
      when :group
-        query += "group"
+        cmd = "Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID | Where-Object { $_.Name -eq '#{@name}' -and { $_.SIDType -eq 4 -or $_.SIDType -eq 5 } } | ConvertTo-Csv -NoTypeInformation"
      when :user
-        query += "useraccount"
+        cmd = "Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID, SIDType | Where-Object { $_.Name -eq '#{@name}' -and $_.SIDType -eq 1 } | ConvertTo-Csv -NoTypeInformation"
      end
-      query += " where 'Name=\"#{@name}\"' get Name\",\"SID /format:csv"
-      # Example output:
-      #     inspec> command("wmic useraccount where 'Name=\"Administrator\"' get Name\",\"SID /format:csv").stdout
-      #     => "\r\n\r\nNode,Name,SID\r\n\r\nComputer1,Administrator,S-1-5-21-650485088-1194226989-968533923-500\r\n\r\n"
-      # Remove the \r characters, split on \n\n, ignore the CSV header row
-      inspec.command(query).stdout.strip.tr("\r", "").split("\n\n")[1..-1].map { |entry| entry.split(",") }
+      inspec.command(cmd).stdout.strip.gsub("\"", "").tr("\r", "").split("\n")[1..-1].map { |entry| entry.split(",") }
    end
  end
 end
--- a/test/fixtures/cmd/security-identifier-alice
+++ b/test/fixtures/cmd/security-identifier-alice
@ -1,4 +1,4 @@
-Node,Name,SID
+Domain,Name,SID


 Computer1,Alice,S-1-5-21-1601936709-1892662786-3840804712-315762
--- a/test/fixtures/cmd/security-identifier-guests
+++ b/test/fixtures/cmd/security-identifier-guests
@ -1,4 +1,4 @@
-Node,Name,SID
+Domain,Name,SID


 Computer1,Guests,S-1-5-32-546
--- a/test/fixtures/cmd/security-identifier-unknown
+++ b/test/fixtures/cmd/security-identifier-unknown
@ -1,3 +1,3 @@
-Node,
+Domain,


--- a/test/helpers/mock_loader.rb
+++ b/test/helpers/mock_loader.rb
@ -565,12 +565,12 @@ class MockLoader
      "(New-Object System.Security.Principal.SecurityIdentifier(\"S-1-5-32-544\")).Translate( [System.Security.Principal.NTAccount]).Value" => cmd.call("security-policy-sid-translated"),
      "(New-Object System.Security.Principal.SecurityIdentifier(\"S-1-5-32-555\")).Translate( [System.Security.Principal.NTAccount]).Value" => cmd.call("security-policy-sid-untranslated"),

-      # Windows SID calls
-      'wmic useraccount where \'Name="Alice"\' get Name","SID /format:csv' => cmd.call("security-identifier-alice"),
-      'wmic useraccount where \'Name="Bob"\' get Name","SID /format:csv' => cmd.call("security-identifier-unknown"),
-      'wmic useraccount where \'Name="DontExist"\' get Name","SID /format:csv' => cmd.call("security-identifier-unknown"),
-      'wmic group where \'Name="Guests"\' get Name","SID /format:csv' => cmd.call("security-identifier-guests"),
-      'wmic group where \'Name="DontExist"\' get Name","SID /format:csv' => cmd.call("security-identifier-unknown"),
+      # Windows SID calls with CimInstance
+      "Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID, SIDType | Where-Object { $_.Name -eq 'Alice' -and $_.SIDType -eq 1 } | ConvertTo-Csv -NoTypeInformation" => cmd.call("security-identifier-alice"),
+      "Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID, SIDType | Where-Object { $_.Name -eq 'Bob' -and $_.SIDType -eq 1 } | ConvertTo-Csv -NoTypeInformation" => cmd.call("security-identifier-unknown"),
+      "Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID, SIDType | Where-Object { $_.Name -eq 'DontExist' -and $_.SIDType -eq 1 } | ConvertTo-Csv -NoTypeInformation" => cmd.call("security-identifier-unknown"),
+      "Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID | Where-Object { $_.Name -eq 'Guests' -and { $_.SIDType -eq 4 -or $_.SIDType -eq 5 } } | ConvertTo-Csv -NoTypeInformation" => cmd.call("security-identifier-guests"),
+      "Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID | Where-Object { $_.Name -eq 'DontExist' -and { $_.SIDType -eq 4 -or $_.SIDType -eq 5 } } | ConvertTo-Csv -NoTypeInformation" => cmd.call("security-identifier-unknown"),

      # alpine package commands
      "apk info -vv --no-network | grep git" => cmd.call("apk-info-grep-git"),