From 2100a66bef115e1e6127cc200ec4b0186bb2b333 Mon Sep 17 00:00:00 2001 From: Vasu1105 Date: Mon, 30 Aug 2021 12:47:03 +0530 Subject: [PATCH] Removed use of wmic from security_identifier resource as it will be deprecated soon Signed-off-by: Vasu1105 --- lib/inspec/resources/security_identifier.rb | 22 +++++++------------ test/fixtures/cmd/security-identifier-alice | 2 +- test/fixtures/cmd/security-identifier-guests | 2 +- test/fixtures/cmd/security-identifier-unknown | 2 +- test/helpers/mock_loader.rb | 12 +++++----- 5 files changed, 17 insertions(+), 23 deletions(-) diff --git a/lib/inspec/resources/security_identifier.rb b/lib/inspec/resources/security_identifier.rb index 1393921ce..ebd697bae 100644 --- a/lib/inspec/resources/security_identifier.rb +++ b/lib/inspec/resources/security_identifier.rb @@ -57,14 +57,14 @@ module Inspec::Resources @sids = {} case @type when :group - sid_data = wmi_results(:group) + sid_data = cim_results(:group) when :user - sid_data = wmi_results(:user) + sid_data = cim_results(:user) when :unspecified # try group first, then user - sid_data = wmi_results(:group) + sid_data = cim_results(:group) if sid_data.empty? - sid_data = wmi_results(:user) + sid_data = cim_results(:user) end else raise "Unhandled entity type '#{@type}'" @@ -72,20 +72,14 @@ module Inspec::Resources sid_data.each { |sid| @sids[sid[1]] = sid[2] } end - def wmi_results(type) - query = "wmic " + def cim_results(type) case type when :group - query += "group" + cmd = "Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID | Where-Object { $_.Name -eq '#{@name}' -and { $_.SIDType -eq 4 -or $_.SIDType -eq 5 } } | ConvertTo-Csv -NoTypeInformation" when :user - query += "useraccount" + cmd = "Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID, SIDType | Where-Object { $_.Name -eq '#{@name}' -and $_.SIDType -eq 1 } | ConvertTo-Csv -NoTypeInformation" end - query += " where 'Name=\"#{@name}\"' get Name\",\"SID /format:csv" - # Example output: - # inspec> command("wmic useraccount where 'Name=\"Administrator\"' get Name\",\"SID /format:csv").stdout - # => "\r\n\r\nNode,Name,SID\r\n\r\nComputer1,Administrator,S-1-5-21-650485088-1194226989-968533923-500\r\n\r\n" - # Remove the \r characters, split on \n\n, ignore the CSV header row - inspec.command(query).stdout.strip.tr("\r", "").split("\n\n")[1..-1].map { |entry| entry.split(",") } + inspec.command(cmd).stdout.strip.gsub("\"", "").tr("\r", "").split("\n")[1..-1].map { |entry| entry.split(",") } end end end diff --git a/test/fixtures/cmd/security-identifier-alice b/test/fixtures/cmd/security-identifier-alice index 3dfc2a1d7..163d63db8 100644 --- a/test/fixtures/cmd/security-identifier-alice +++ b/test/fixtures/cmd/security-identifier-alice @@ -1,4 +1,4 @@ -Node,Name,SID +Domain,Name,SID Computer1,Alice,S-1-5-21-1601936709-1892662786-3840804712-315762 diff --git a/test/fixtures/cmd/security-identifier-guests b/test/fixtures/cmd/security-identifier-guests index 6954f82ce..4f3db8c4e 100644 --- a/test/fixtures/cmd/security-identifier-guests +++ b/test/fixtures/cmd/security-identifier-guests @@ -1,4 +1,4 @@ -Node,Name,SID +Domain,Name,SID Computer1,Guests,S-1-5-32-546 diff --git a/test/fixtures/cmd/security-identifier-unknown b/test/fixtures/cmd/security-identifier-unknown index 12d81461b..f280a8888 100644 --- a/test/fixtures/cmd/security-identifier-unknown +++ b/test/fixtures/cmd/security-identifier-unknown @@ -1,3 +1,3 @@ -Node, +Domain, diff --git a/test/helpers/mock_loader.rb b/test/helpers/mock_loader.rb index 863b17090..82352de25 100644 --- a/test/helpers/mock_loader.rb +++ b/test/helpers/mock_loader.rb @@ -565,12 +565,12 @@ class MockLoader "(New-Object System.Security.Principal.SecurityIdentifier(\"S-1-5-32-544\")).Translate( [System.Security.Principal.NTAccount]).Value" => cmd.call("security-policy-sid-translated"), "(New-Object System.Security.Principal.SecurityIdentifier(\"S-1-5-32-555\")).Translate( [System.Security.Principal.NTAccount]).Value" => cmd.call("security-policy-sid-untranslated"), - # Windows SID calls - 'wmic useraccount where \'Name="Alice"\' get Name","SID /format:csv' => cmd.call("security-identifier-alice"), - 'wmic useraccount where \'Name="Bob"\' get Name","SID /format:csv' => cmd.call("security-identifier-unknown"), - 'wmic useraccount where \'Name="DontExist"\' get Name","SID /format:csv' => cmd.call("security-identifier-unknown"), - 'wmic group where \'Name="Guests"\' get Name","SID /format:csv' => cmd.call("security-identifier-guests"), - 'wmic group where \'Name="DontExist"\' get Name","SID /format:csv' => cmd.call("security-identifier-unknown"), + # Windows SID calls with CimInstance + "Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID, SIDType | Where-Object { $_.Name -eq 'Alice' -and $_.SIDType -eq 1 } | ConvertTo-Csv -NoTypeInformation" => cmd.call("security-identifier-alice"), + "Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID, SIDType | Where-Object { $_.Name -eq 'Bob' -and $_.SIDType -eq 1 } | ConvertTo-Csv -NoTypeInformation" => cmd.call("security-identifier-unknown"), + "Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID, SIDType | Where-Object { $_.Name -eq 'DontExist' -and $_.SIDType -eq 1 } | ConvertTo-Csv -NoTypeInformation" => cmd.call("security-identifier-unknown"), + "Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID | Where-Object { $_.Name -eq 'Guests' -and { $_.SIDType -eq 4 -or $_.SIDType -eq 5 } } | ConvertTo-Csv -NoTypeInformation" => cmd.call("security-identifier-guests"), + "Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID | Where-Object { $_.Name -eq 'DontExist' -and { $_.SIDType -eq 4 -or $_.SIDType -eq 5 } } | ConvertTo-Csv -NoTypeInformation" => cmd.call("security-identifier-unknown"), # alpine package commands "apk info -vv --no-network | grep git" => cmd.call("apk-info-grep-git"),