mirror of
https://github.com/inspec/inspec
synced 2024-11-26 22:50:36 +00:00
fix rubocop issues
This commit is contained in:
parent
8c039dfc27
commit
0e8651bf26
41 changed files with 140 additions and 150 deletions
|
@ -61,7 +61,8 @@ class ApacheConf < Vulcano.resource(1)
|
|||
@content += raw_conf
|
||||
|
||||
# parse include file parameters
|
||||
params = SimpleConfig.new(raw_conf,
|
||||
params = SimpleConfig.new(
|
||||
raw_conf,
|
||||
assignment_re: /^\s*(\S+)\s+(.*)\s*$/,
|
||||
multiple_values: true
|
||||
).params
|
||||
|
|
|
@ -36,7 +36,8 @@ class AuditDaemonConf < Vulcano.resource(1)
|
|||
return skip_resource "Can't read file \"#{@conf_path}\""
|
||||
end
|
||||
# parse the file
|
||||
@params = SimpleConfig.new(@content,
|
||||
@params = SimpleConfig.new(
|
||||
@content,
|
||||
multiple_values: false
|
||||
).params
|
||||
end
|
||||
|
|
|
@ -17,7 +17,8 @@ module Vulcano::Resources
|
|||
def read_content
|
||||
# parse the file
|
||||
@content = @file.content
|
||||
@params = SimpleConfig.new(@file.content,
|
||||
@params = SimpleConfig.new(
|
||||
@file.content,
|
||||
assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
|
||||
multiple_values: true
|
||||
).params if @file.exists?
|
||||
|
|
|
@ -13,11 +13,9 @@ module Vulcano::Resources
|
|||
|
||||
%w{
|
||||
type exists? file? block_device? character_device? socket? directory?
|
||||
symlink? pipe?
|
||||
mode mode? owner owned_by? group grouped_into? link_target linked_to?
|
||||
content mtime size selinux_label
|
||||
mounted? immutable? product_version file_version version?
|
||||
md5sum sha256sum
|
||||
symlink? pipe? mode mode? owner owned_by? group grouped_into? link_target
|
||||
linked_to? content mtime size selinux_label mounted? immutable?
|
||||
product_version file_version version? md5sum sha256sum
|
||||
}.each do |m|
|
||||
define_method m.to_sym do |*args|
|
||||
@file.method(m.to_sym).call(*args)
|
||||
|
@ -32,7 +30,7 @@ module Vulcano::Resources
|
|||
if by_user.nil?
|
||||
m = unix_mode_mask(by_owner, 'r') ||
|
||||
fail("#{by_owner} is not a valid unix owner.")
|
||||
( @file.mask & m ) != 0
|
||||
(@file.mask & m) != 0
|
||||
else
|
||||
# TODO: REMOVE THIS FALLBACK
|
||||
Specinfra::Runner.check_file_is_accessible_by_user(@path, by_user, 'r')
|
||||
|
@ -43,7 +41,7 @@ module Vulcano::Resources
|
|||
if by_user.nil?
|
||||
m = unix_mode_mask(by_owner, 'w') ||
|
||||
fail("#{by_owner} is not a valid unix owner.")
|
||||
( @file.mask & m ) != 0
|
||||
(@file.mask & m) != 0
|
||||
else
|
||||
# TODO: REMOVE THIS FALLBACK
|
||||
Specinfra::Runner.check_file_is_accessible_by_user(@path, by_user, 'w')
|
||||
|
@ -54,7 +52,7 @@ module Vulcano::Resources
|
|||
if by_user.nil?
|
||||
m = unix_mode_mask(by_owner, 'x') ||
|
||||
fail("#{by_owner} is not a valid unix owner.")
|
||||
( @file.mask & m ) != 0
|
||||
(@file.mask & m) != 0
|
||||
else
|
||||
# TODO: REMOVE THIS FALLBACK
|
||||
Specinfra::Runner.check_file_is_accessible_by_user(@path, by_user, 'x')
|
||||
|
|
|
@ -5,8 +5,8 @@
|
|||
require 'json'
|
||||
|
||||
# return JSON object
|
||||
def gpo (policy_path, policy_name)
|
||||
file = ::File.read(::File.join ::File.dirname(__FILE__), "gpo.json")
|
||||
def gpo(policy_path, policy_name)
|
||||
file = ::File.read(::File.join ::File.dirname(__FILE__), 'gpo.json')
|
||||
gpo_hash = JSON.parse(file)
|
||||
key = 'Machine--' + policy_path + '--' + policy_name
|
||||
gpo_hash[key]
|
||||
|
@ -20,7 +20,7 @@ class GroupPolicy < Vulcano.resource(1)
|
|||
keys = entry['registry_information'][0]
|
||||
cmd = "(Get-Item 'Registry::#{keys['path']}').GetValue('#{keys['key']}')"
|
||||
command_result ||= vulcano.run_command(cmd)
|
||||
val = { :exit_code => command_result.exit_status.to_i, :data => command_result.stdout }
|
||||
val = { exit_code: command_result.exit_status.to_i, data: command_result.stdout }
|
||||
val
|
||||
end
|
||||
|
||||
|
|
|
@ -35,7 +35,8 @@ class InetdConf < Vulcano.resource(1)
|
|||
return skip_resource "Can't read file \"#{@conf_path}\""
|
||||
end
|
||||
# parse the file
|
||||
@params = SimpleConfig.new(@content,
|
||||
@params = SimpleConfig.new(
|
||||
@content,
|
||||
assignment_re: /^\s*(\S+?)\s+(.*?)\s+(.*?)\s+(.*?)\s+(.*?)\s+(.*?)\s+(.*?)\s*$/,
|
||||
key_vals: 6,
|
||||
multiple_values: false
|
||||
|
|
|
@ -35,7 +35,8 @@ class LimitsConf < Vulcano.resource(1)
|
|||
return skip_resource "Can't read file \"#{@conf_path}\""
|
||||
end
|
||||
# parse the file
|
||||
@params = SimpleConfig.new(@content,
|
||||
@params = SimpleConfig.new(
|
||||
@content,
|
||||
assignment_re: /^\s*(\S+?)\s+(.*?)\s+(.*?)\s+(.*?)\s*$/,
|
||||
key_vals: 3,
|
||||
multiple_values: true
|
||||
|
|
|
@ -35,7 +35,8 @@ class LoginDef < Vulcano.resource(1)
|
|||
return skip_resource "Can't read file \"#{@conf_path}\""
|
||||
end
|
||||
# parse the file
|
||||
@params = SimpleConfig.new(@content,
|
||||
@params = SimpleConfig.new(
|
||||
@content,
|
||||
assignment_re: /^\s*(\S+)\s+(\S*)\s*$/,
|
||||
multiple_values: false
|
||||
).params
|
||||
|
|
|
@ -14,10 +14,10 @@ class MysqlSession < Vulcano.resource(1)
|
|||
skip_resource("Can't run MySQL SQL checks without authentication") if @user.nil? or @pass.nil?
|
||||
end
|
||||
|
||||
def describe(query, db = "", &block)
|
||||
def describe(query, db = '', &block)
|
||||
# TODO: simple escape, must be handled by a library
|
||||
# that does this securely
|
||||
escaped_query = query.gsub(/\\/, '\\\\').gsub(/"/,'\\"').gsub(/\$/,'\\$')
|
||||
escaped_query = query.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
|
||||
# run the query
|
||||
cmd = vulcano.run_command("mysql -u#{@user} -p#{@pass} #{db} -s -e \"#{escaped_query}\"")
|
||||
out = cmd.stdout + "\n" + cmd.stderr
|
||||
|
|
|
@ -34,7 +34,8 @@ class NtpConf < Vulcano.resource(1)
|
|||
return skip_resource "Can't read file \"#{@conf_path}\""
|
||||
end
|
||||
# parse the file
|
||||
@params = SimpleConfig.new(@content,
|
||||
@params = SimpleConfig.new(
|
||||
@content,
|
||||
assignment_re: /^\s*(\S+)\s+(.*)\s*$/,
|
||||
multiple_values: true
|
||||
).params
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
class PConfig < Vulcano.resource(1)
|
||||
name 'parse_config'
|
||||
|
||||
def initialize(content=nil, useropts = {})
|
||||
def initialize(content = nil, useropts = {})
|
||||
default_options = {}
|
||||
@opts = default_options.merge(useropts)
|
||||
@content = content
|
||||
|
|
|
@ -65,7 +65,6 @@ class PostgresConf < Vulcano.resource(1)
|
|||
not @files_contents.key? fp
|
||||
end
|
||||
end
|
||||
#
|
||||
@content
|
||||
end
|
||||
|
||||
|
|
|
@ -28,28 +28,28 @@ class PostgresSession
|
|||
end
|
||||
|
||||
def describe(query, db = [], &block)
|
||||
dbs = db.map{|x| "-d #{x}" }.join(' ')
|
||||
dbs = db.map { |x| "-d #{x}" }.join(' ')
|
||||
# TODO: simple escape, must be handled by a library
|
||||
# that does this securely
|
||||
escaped_query = query.gsub(/\\/, '\\\\').gsub(/"/,'\\"').gsub(/\$/,'\\$')
|
||||
escaped_query = query.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
|
||||
# run the query
|
||||
cmd = vulcano.run_command("PGPASSWORD='#{@pass}' psql -U #{@user} #{dbs} -c \"#{escaped_query}\"")
|
||||
out = cmd.stdout + "\n" + cmd.stderr
|
||||
if out =~ /could not connect to .*/ or
|
||||
out.downcase =~ /^error/
|
||||
# skip this test if the server can't run the query
|
||||
RSpec.describe( cmd ) do
|
||||
RSpec.describe(cmd) do
|
||||
it 'is skipped', skip: out do
|
||||
end
|
||||
end
|
||||
else
|
||||
lines = cmd.stdout.
|
||||
# remove the whole header (i.e. up to the first ^-----+------+------$)
|
||||
sub(/(.*\n)+([-]+[+])*[-]+\n/,'').
|
||||
# remove the tail
|
||||
sub(/\n[^\n]*\n\n$/,'')
|
||||
# remove the whole header (i.e. up to the first ^-----+------+------$)
|
||||
sub(/(.*\n)+([-]+[+])*[-]+\n/, '').
|
||||
# remove the tail
|
||||
sub(/\n[^\n]*\n\n$/, '')
|
||||
l = Lines.new(lines.strip, "PostgreSQL query: #{query}")
|
||||
RSpec.__send__( 'describe', l, &block )
|
||||
RSpec.__send__('describe', l, &block)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -10,7 +10,7 @@ class Processes < Vulcano.resource(1)
|
|||
# turn into a regexp if it isn't one yet
|
||||
if grep.class == String
|
||||
grep = '(/[^/]*)*'+grep if grep[0] != '/'
|
||||
grep = Regexp.new('^'+grep+'(\s|$)')
|
||||
grep = Regexp.new('^' + grep + '(\s|$)')
|
||||
end
|
||||
|
||||
# get all running processes
|
||||
|
|
|
@ -19,7 +19,7 @@ class RegistryKey < Vulcano.resource(1)
|
|||
def getRegistryValue(path, key)
|
||||
cmd = "(Get-Item 'Registry::#{path}').GetValue('#{key}')"
|
||||
command_result ||= @runner.run_command(cmd)
|
||||
val = { :exit_code => command_result.exit_status.to_i, :data => command_result.stdout }
|
||||
val = { exit_code: command_result.exit_status.to_i, data: command_result.stdout }
|
||||
val
|
||||
end
|
||||
|
||||
|
|
|
@ -65,6 +65,6 @@ class SecurityPolicy < Vulcano.resource(1)
|
|||
end
|
||||
|
||||
def to_s
|
||||
%Q[Security Policy]
|
||||
%{Security Policy}
|
||||
end
|
||||
end
|
||||
|
|
|
@ -9,7 +9,7 @@ class SshConf < Vulcano.resource(1)
|
|||
|
||||
def initialize(conf_path = nil, type = nil)
|
||||
@conf_path = conf_path || '/etc/ssh/ssh_config'
|
||||
typename = ( @conf_path.include?('sshd') ? 'Server' : 'Client' )
|
||||
typename = (@conf_path.include?('sshd') ? 'Server' : 'Client')
|
||||
@type = type || "SSH #{typename} configuration #{conf_path}"
|
||||
read_content
|
||||
end
|
||||
|
|
|
@ -12,13 +12,13 @@ class FindFiles
|
|||
file: 'f',
|
||||
link: 'l',
|
||||
socket: 's',
|
||||
door: 'D',
|
||||
door: 'D'
|
||||
}
|
||||
|
||||
attr_reader :error, :files
|
||||
def initialize(path, opts = {})
|
||||
depth = opts[:depth]
|
||||
type = TYPES[ opts[:type].to_sym ]
|
||||
type = TYPES[opts[:type].to_sym]
|
||||
|
||||
cmd = "find #{path}"
|
||||
cmd += " -maxdepth #{depth.to_i}" if depth.to_i > 0
|
||||
|
@ -27,7 +27,7 @@ class FindFiles
|
|||
@result = Specinfra::Runner.run_command(cmd)
|
||||
exit_status = @result.exit_status.to_i
|
||||
if exit_status == 0
|
||||
@files = @result.stdout.split("\n").map{|x| x.strip}.find_all{|x| !x.empty?}
|
||||
@files = @result.stdout.split("\n").map{ |x| x.strip }.find_all { |x| !x.empty? }
|
||||
else
|
||||
@files = []
|
||||
end
|
||||
|
|
|
@ -94,24 +94,24 @@ class ParseConfig
|
|||
# DEPRECATED - will be removed in future versions
|
||||
#
|
||||
def get_value(param)
|
||||
puts "ParseConfig Deprecation Warning: get_value() is deprecated. Use " + \
|
||||
"config['param'] or config['group']['param'] instead."
|
||||
return self.params[param]
|
||||
puts 'ParseConfig Deprecation Warning: get_value() is deprecated. Use ' \
|
||||
"config['param'] or config['group']['param'] instead."
|
||||
self.params[param]
|
||||
end
|
||||
|
||||
# This method is a shortcut to accessing the @params variable
|
||||
def [](param)
|
||||
return self.params[param]
|
||||
self.params[param]
|
||||
end
|
||||
|
||||
# This method returns all parameters/groups defined in a config file.
|
||||
def get_params()
|
||||
return self.params.keys
|
||||
self.params.keys
|
||||
end
|
||||
|
||||
# List available sub-groups of the config.
|
||||
def get_groups()
|
||||
return self.groups
|
||||
self.groups
|
||||
end
|
||||
|
||||
# This method adds an element to the config object (not the config file)
|
||||
|
|
|
@ -28,14 +28,14 @@ class SimpleConfig
|
|||
start_idx = 2
|
||||
i = 0
|
||||
count = values - 1
|
||||
if (values == 1) then
|
||||
if (values == 1)
|
||||
return match[start_idx]
|
||||
else
|
||||
# iterate over expected parameters
|
||||
values = []
|
||||
begin
|
||||
values.push(match[start_idx+i])
|
||||
i +=1;
|
||||
values.push(match[start_idx + i])
|
||||
i += 1
|
||||
end until i > count
|
||||
return values
|
||||
end
|
||||
|
@ -45,18 +45,18 @@ class SimpleConfig
|
|||
idx_nl = rest.index("\n")
|
||||
idx_comment = rest.index(opts[:comment_char])
|
||||
idx_nl = rest.length if idx_nl.nil?
|
||||
idx_comment = idx_nl+1 if idx_comment.nil?
|
||||
idx_comment = idx_nl + 1 if idx_comment.nil?
|
||||
# is a comment inside this line
|
||||
if idx_comment < idx_nl
|
||||
if idx_comment == 0
|
||||
line = ''
|
||||
else
|
||||
line = rest[0..(idx_comment-1)]
|
||||
line = rest[0..(idx_comment - 1)]
|
||||
# in case we don't allow comments at the end
|
||||
# of an assignment/statement, ignore it and fall
|
||||
# back to treating this as a regular line
|
||||
if opts[:standalone_comments] && !is_empty_line(line)
|
||||
line = rest[0..(idx_nl-1)]
|
||||
line = rest[0..(idx_nl - 1)]
|
||||
end
|
||||
end
|
||||
# if there is no comment in this line
|
||||
|
@ -64,7 +64,7 @@ class SimpleConfig
|
|||
if idx_nl == 0
|
||||
line = ''
|
||||
else
|
||||
line = rest[0..(idx_nl-1)]
|
||||
line = rest[0..(idx_nl - 1)]
|
||||
end
|
||||
end
|
||||
# now line contains what we are interested in parsing
|
||||
|
@ -86,10 +86,10 @@ class SimpleConfig
|
|||
end
|
||||
|
||||
# return whatever is left
|
||||
return rest[(idx_nl+1)..-1] || ''
|
||||
rest[(idx_nl + 1)..-1] || ''
|
||||
end
|
||||
|
||||
def is_empty_line l
|
||||
def is_empty_line(l)
|
||||
l =~ /^\s*$/
|
||||
end
|
||||
|
||||
|
@ -104,5 +104,4 @@ class SimpleConfig
|
|||
multiple_values: false
|
||||
}
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -21,9 +21,9 @@ module DummyTestTypes
|
|||
end
|
||||
|
||||
module DummyVulcanoTypes
|
||||
%w(
|
||||
%w{
|
||||
attributes registry_key
|
||||
).each do |name|
|
||||
}.each do |name|
|
||||
define_method name do |*arg|
|
||||
end
|
||||
end
|
||||
|
|
|
@ -6,7 +6,7 @@ module Vulcano
|
|||
# Extract vmetadata.rb information
|
||||
class Metadata
|
||||
attr_reader :dict
|
||||
def initialize log = nil
|
||||
def initialize(log = nil)
|
||||
@log = log || Log.new
|
||||
@dict = {}
|
||||
end
|
||||
|
@ -28,7 +28,7 @@ module Vulcano
|
|||
end
|
||||
end
|
||||
|
||||
def supports sth, version = nil
|
||||
def supports(sth, version = nil)
|
||||
@dict['supports'] ||= []
|
||||
@dict['supports'].push({
|
||||
'os' => sth,
|
||||
|
@ -55,8 +55,8 @@ module Vulcano
|
|||
|
||||
def self.for_path(path, profile_id, log = nil)
|
||||
log ||= Log.new
|
||||
dpath = File::join(path, 'vmetadata.rb')
|
||||
if !File::file?(dpath)
|
||||
dpath = File.join(path, 'vmetadata.rb')
|
||||
if !File.file?(dpath)
|
||||
log.error "Missing vmetadata.rb in #{path}"
|
||||
return nil
|
||||
end
|
||||
|
|
|
@ -15,7 +15,7 @@ module Vulcano
|
|||
end
|
||||
|
||||
def add_folder(f)
|
||||
path = File::expand_path(f)
|
||||
path = File.expand_path(f)
|
||||
if File.directory? path
|
||||
add_specs_in_folder path
|
||||
else
|
||||
|
@ -25,7 +25,7 @@ module Vulcano
|
|||
end
|
||||
|
||||
def valid_folder?(f)
|
||||
path = File::expand_path(f)
|
||||
path = File.expand_path(f)
|
||||
if !File.directory? path
|
||||
return @log.error "This is not a folder: #{path}"
|
||||
else
|
||||
|
@ -39,15 +39,15 @@ module Vulcano
|
|||
if specs.empty?
|
||||
@log.warn "No tests found in #{path}"
|
||||
end
|
||||
specs.each{|s| valid_spec? s, metadata }
|
||||
specs.each { |s| valid_spec? s, metadata }
|
||||
end
|
||||
|
||||
def valid_spec?(f, metadata)
|
||||
return @log.error "Can't find spec file #{f}" unless File::file? f
|
||||
return @log.error "Can't find spec file #{f}" unless File.file? f
|
||||
# validation tracking
|
||||
valid = true
|
||||
invalid = lambda {|type, msg|
|
||||
@log.send type, "#{msg} (#{File::basename f})"
|
||||
@log.send type, "#{msg} (#{File.basename f})"
|
||||
valid = false if type == :error
|
||||
}
|
||||
# Load the spec file
|
||||
|
@ -59,14 +59,14 @@ module Vulcano
|
|||
# detect missing metadata
|
||||
meta = specs.metadata
|
||||
if meta['title'].nil?
|
||||
invalid.(:warn, "Missing title in spec file")
|
||||
invalid.(:warn, 'Missing title in spec file')
|
||||
end
|
||||
if meta['copyright'].nil?
|
||||
invalid.(:warn, "Missing copyright in spec file")
|
||||
invalid.(:warn, 'Missing copyright in spec file')
|
||||
end
|
||||
# detect empty rules
|
||||
unless meta['rules'][''].nil?
|
||||
invalid.(:error, "Please configure IDs for all rules.")
|
||||
invalid.(:error, 'Please configure IDs for all rules.')
|
||||
end
|
||||
|
||||
meta['rules'].each do |k,v|
|
||||
|
@ -92,7 +92,7 @@ module Vulcano
|
|||
meta = Metadata.for_path(path, @profile_id, @log)
|
||||
|
||||
Dir["#{path}/spec/*_spec.rb"].each do |specfile|
|
||||
rel_path = specfile.sub(File.join(path,''), '')
|
||||
rel_path = specfile.sub(File.join(path, ''), '')
|
||||
specs = SpecFile.from_file(specfile, meta)
|
||||
allrules[rel_path] = sanitize_specfile_json(specs.metadata)
|
||||
end
|
||||
|
@ -102,9 +102,9 @@ module Vulcano
|
|||
end
|
||||
|
||||
def sanitize_specfile_json(j)
|
||||
j['rules'].each do |k,v|
|
||||
j['rules'].each do |k, v|
|
||||
v['title'] = k if v['title'].nil?
|
||||
v['desc'] = "" if v['desc'].nil?
|
||||
v['desc'] = '' if v['desc'].nil?
|
||||
v['impact'] = 0.5 if v['impact'].nil?
|
||||
end
|
||||
j
|
||||
|
|
|
@ -8,7 +8,7 @@ require 'method_source'
|
|||
# the user may use dynamic evaluations via pry
|
||||
begin
|
||||
require 'pry'
|
||||
rescue LoadError
|
||||
rescue LoadError
|
||||
end
|
||||
|
||||
module Vulcano
|
||||
|
@ -27,7 +27,7 @@ module Vulcano
|
|||
end
|
||||
|
||||
def __get_block_source(&block)
|
||||
return "" unless block_given?
|
||||
return '' unless block_given?
|
||||
block.source.to_s
|
||||
end
|
||||
|
||||
|
@ -61,8 +61,8 @@ module Vulcano
|
|||
# of this profile
|
||||
def require(sth)
|
||||
# ignore vulcano includes, we already have those
|
||||
lib = File::expand_path( File.join @path, '..', '..', 'lib', "#{sth}.rb" )
|
||||
if File::file? lib
|
||||
lib = File.expand_path(File.join @path, '..', '..', 'lib', "#{sth}.rb")
|
||||
if File.file? lib
|
||||
require_relative lib
|
||||
end
|
||||
end
|
||||
|
@ -70,19 +70,18 @@ module Vulcano
|
|||
def method_missing(sth, *args)
|
||||
@errors.push "Don't understand method #{sth} ( #{args} )."
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
module Vulcano
|
||||
class SpecFile
|
||||
Log = ::Vulcano::Log.new()
|
||||
Log = ::Vulcano::Log.new
|
||||
|
||||
attr_reader :errors, :rules
|
||||
def initialize path, metadata
|
||||
@filename = File::basename(path)
|
||||
def initialize(path, metadata)
|
||||
@filename = File.basename(path)
|
||||
@rules = []
|
||||
@raw = File::read(path)
|
||||
@raw = File.read(path)
|
||||
@profile_id = metadata.dict['name']
|
||||
@invalid_calls = []
|
||||
|
||||
|
@ -93,7 +92,7 @@ module Vulcano
|
|||
end
|
||||
|
||||
def metadata
|
||||
header = @raw.sub(/^[^#].*\Z/m,'')
|
||||
header = @raw.sub(/^[^#].*\Z/m, '')
|
||||
{
|
||||
'title' => mOr(header.match(/^# title: (.*)$/), @filename),
|
||||
'copyright' => mOr(header.match(/^# copyright: (.*)$/), 'All rights reserved'),
|
||||
|
@ -102,7 +101,7 @@ module Vulcano
|
|||
end
|
||||
|
||||
def self.from_file(path, metadata)
|
||||
if !File::file?(path)
|
||||
if !File.file?(path)
|
||||
Log.error "Can't find spec file in #{path}"
|
||||
return nil
|
||||
end
|
||||
|
@ -130,8 +129,8 @@ module Vulcano
|
|||
res[id] = nu
|
||||
else
|
||||
Log.error(
|
||||
"Not redefining rule id #{id}:\n"+
|
||||
"-- #{res[id]}\n"+
|
||||
"Not redefining rule id #{id}:\n" \
|
||||
"-- #{res[id]}\n" \
|
||||
"++ #{nu}\n"
|
||||
)
|
||||
end
|
||||
|
|
|
@ -21,5 +21,5 @@ require 'matchers/matchers'
|
|||
# which may be injected by the user. This covers data
|
||||
# like passwords, usernames, or configuration flags.
|
||||
def attributes(what, required: false)
|
||||
return nil
|
||||
nil
|
||||
end
|
||||
|
|
|
@ -17,7 +17,7 @@ module Vulcano
|
|||
|
||||
return conf if conf['target'].to_s.empty?
|
||||
|
||||
uri = URI::parse(conf['target'].to_s)
|
||||
uri = URI.parse(conf['target'].to_s)
|
||||
conf['backend'] = conf['backend'] || uri.scheme
|
||||
conf['host'] = conf['host'] || uri.host
|
||||
conf['port'] = conf['port'] || uri.port
|
||||
|
|
|
@ -4,7 +4,7 @@ module Vulcano::Backends
|
|||
class Mock < Vulcano.backend(1)
|
||||
name 'mock'
|
||||
|
||||
def initialize(conf , mapping = {})
|
||||
def initialize(conf, mapping = {})
|
||||
@conf = conf
|
||||
@files = {}
|
||||
@mapping = mapping
|
||||
|
@ -28,7 +28,6 @@ module Vulcano::Backends
|
|||
|
||||
class Mock
|
||||
class File
|
||||
|
||||
def initialize(runtime, path, mock = true)
|
||||
@path = path
|
||||
# mock dataset
|
||||
|
@ -38,7 +37,7 @@ module Vulcano::Backends
|
|||
@size = 0
|
||||
@content = ''
|
||||
if @exists && @is_file
|
||||
@size = ( rand ** 3 * 1000 ).to_i
|
||||
@size = (rand**3 * 1000).to_i
|
||||
@size = 0 if rand < 0.2
|
||||
end
|
||||
if @size > 0
|
||||
|
@ -82,6 +81,5 @@ module Vulcano::Backends
|
|||
@stderr = (0...50).map { ('a'..'z').to_a[rand(26)] }.join
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -84,8 +84,8 @@ module Vulcano::Backends
|
|||
ssh_opts = {
|
||||
port: @conf['port'] || 22,
|
||||
auth_methods: ['none'],
|
||||
user_known_hosts_file: "/dev/null",
|
||||
global_known_hosts_file: "/dev/null",
|
||||
user_known_hosts_file: '/dev/null',
|
||||
global_known_hosts_file: '/dev/null',
|
||||
number_of_password_prompts: 0,
|
||||
user: @conf['user'],
|
||||
password: @conf['password'],
|
||||
|
@ -93,13 +93,13 @@ module Vulcano::Backends
|
|||
}
|
||||
|
||||
if host.empty?
|
||||
fail "You must configure a target host."
|
||||
fail 'You must configure a target host.'
|
||||
end
|
||||
unless ssh_opts[:port] > 0
|
||||
fail "Port must be > 0 (not #{ssh_opts[:port]})"
|
||||
end
|
||||
if ssh_opts[:user].to_s.empty?
|
||||
fail "User must not be empty."
|
||||
fail 'User must not be empty.'
|
||||
end
|
||||
unless ssh_opts[:keys].empty?
|
||||
ssh_opts[:auth_methods].push('publickey')
|
||||
|
@ -109,12 +109,11 @@ module Vulcano::Backends
|
|||
ssh_opts[:auth_methods].push('password')
|
||||
end
|
||||
if ssh_opts[:keys].empty? and ssh_opts[:password].nil?
|
||||
fail "You must configure at least one authentication method" +
|
||||
": Password or key."
|
||||
fail 'You must configure at least one authentication method' \
|
||||
': Password or key.'
|
||||
end
|
||||
|
||||
si.ssh_options = ssh_opts
|
||||
|
||||
end
|
||||
|
||||
def configure_winrm
|
||||
|
@ -166,7 +165,6 @@ module Vulcano::Backends
|
|||
end
|
||||
|
||||
class SpecinfraHelper
|
||||
|
||||
class File < FileCommon
|
||||
TYPES = {
|
||||
socket: 00140000,
|
||||
|
@ -185,7 +183,7 @@ module Vulcano::Backends
|
|||
path = Shellwords.escape(@path)
|
||||
raw_type = Specinfra::Runner.run_command("stat -c %f #{path}").stdout
|
||||
tmask = raw_type.to_i(16)
|
||||
res = TYPES.find{|x, mask| mask & tmask == mask}
|
||||
res = TYPES.find{ |x, mask| mask & tmask == mask }
|
||||
return :unknown if res.nil?
|
||||
res[0]
|
||||
end
|
||||
|
|
|
@ -5,7 +5,7 @@ require 'digest'
|
|||
module Vulcano::Plugins
|
||||
|
||||
class Backend
|
||||
def self.name( name )
|
||||
def self.name(name)
|
||||
Vulcano::Plugins::Backend.__register(name, self)
|
||||
end
|
||||
|
||||
|
@ -100,18 +100,19 @@ module Vulcano::Plugins
|
|||
end
|
||||
|
||||
# helper methods provided to any implementing class
|
||||
|
||||
private
|
||||
|
||||
UNIX_MODE_OWNERS = {
|
||||
owner: 00700,
|
||||
group: 00070,
|
||||
other: 00007,
|
||||
other: 00007
|
||||
}
|
||||
|
||||
UNIX_MODE_TYPES = {
|
||||
r: 00444,
|
||||
w: 00222,
|
||||
x: 00111,
|
||||
x: 00111
|
||||
}
|
||||
|
||||
def unix_mode_mask(owner, type)
|
||||
|
@ -123,8 +124,6 @@ module Vulcano::Plugins
|
|||
|
||||
t & o
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -2,9 +2,8 @@
|
|||
|
||||
module Vulcano
|
||||
module Plugins
|
||||
|
||||
class Resource
|
||||
def self.name( name )
|
||||
def self.name(name)
|
||||
Vulcano::Plugins::Resource.__register(name, self)
|
||||
end
|
||||
|
||||
|
@ -14,7 +13,7 @@ module Vulcano
|
|||
include Vulcano::Plugins::ResourceCommon
|
||||
def initialize(backend, *args)
|
||||
# attach the backend to this instance
|
||||
self.class.send(:define_method, :vulcano){backend}
|
||||
self.class.send(:define_method, :vulcano) { backend }
|
||||
# call the resource initializer
|
||||
super(*args)
|
||||
end
|
||||
|
@ -30,10 +29,9 @@ module Vulcano
|
|||
@resource_skipped
|
||||
end
|
||||
|
||||
def skip_resource message
|
||||
def skip_resource(message)
|
||||
@resource_skipped = message
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -2,13 +2,11 @@
|
|||
require 'vulcano/backend'
|
||||
|
||||
module Vulcano
|
||||
|
||||
class ProfileContext
|
||||
|
||||
attr_reader :rules, :only_ifs
|
||||
def initialize(profile_id, backend, profile_registry: {}, only_ifs: [])
|
||||
if backend.nil?
|
||||
fail 'ProfileContext is initiated with a backend == nil. ' +
|
||||
fail 'ProfileContext is initiated with a backend == nil. ' \
|
||||
'This is a backend error which must be fixed upstream.'
|
||||
end
|
||||
|
||||
|
@ -48,15 +46,15 @@ module Vulcano
|
|||
end
|
||||
|
||||
def unregister_rule(id)
|
||||
full_id = VulcanoBaseRule::full_id(@profile_id, id)
|
||||
full_id = VulcanoBaseRule.full_id(@profile_id, id)
|
||||
@rules[full_id] = nil
|
||||
end
|
||||
|
||||
def register_rule(r)
|
||||
# get the full ID
|
||||
full_id = VulcanoBaseRule::full_id(@profile_id, r)
|
||||
full_id = VulcanoBaseRule.full_id(@profile_id, r)
|
||||
if full_id.nil?
|
||||
# TODO error
|
||||
# TODO: error
|
||||
return
|
||||
end
|
||||
# add the rule to the registry
|
||||
|
@ -64,7 +62,7 @@ module Vulcano
|
|||
if existing.nil?
|
||||
@rules[full_id] = r
|
||||
else
|
||||
VulcanoBaseRule::merge(existing, r)
|
||||
VulcanoBaseRule.merge(existing, r)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -7,16 +7,17 @@ require 'rspec/core'
|
|||
module RSpec::Core::Formatters
|
||||
class JsonFormatter
|
||||
private
|
||||
|
||||
def format_example(example)
|
||||
{
|
||||
:description => example.description,
|
||||
:full_description => example.full_description,
|
||||
:status => example.execution_result.status.to_s,
|
||||
:file_path => example.metadata[:file_path],
|
||||
:line_number => example.metadata[:line_number],
|
||||
:run_time => example.execution_result.run_time,
|
||||
:pending_message => example.execution_result.pending_message,
|
||||
:id => example.metadata[:id]
|
||||
description: example.description,
|
||||
full_description: example.full_description,
|
||||
status: example.execution_result.status.to_s,
|
||||
file_path: example.metadata['file_path'],
|
||||
line_number: example.metadata['line_number'],
|
||||
run_time: example.execution_result.run_time,
|
||||
pending_message: example.execution_result.pending_message,
|
||||
id: example.metadata[:id]
|
||||
}
|
||||
end
|
||||
end
|
||||
|
|
|
@ -31,7 +31,7 @@ module Vulcano::DSL
|
|||
def describe(*args, &block)
|
||||
path = block.source_location[0]
|
||||
line = block.source_location[1]
|
||||
id = "#{File::basename(path)}:#{line}"
|
||||
id = "#{File.basename(path)}:#{line}"
|
||||
rule = Vulcano::Rule.new(id, {}) do
|
||||
describe *args, &block
|
||||
end
|
||||
|
@ -61,7 +61,7 @@ module Vulcano::DSL
|
|||
def self.execute_rule(r, profile_id)
|
||||
checks = r.instance_variable_get(:@checks)
|
||||
fid = VulcanoBaseRule.full_id(r, profile_id)
|
||||
checks.each do |m,a,b|
|
||||
checks.each do |m, a, b|
|
||||
# check if the resource is skippable and skipped
|
||||
if a.is_a?(Array) && !a.empty? &&
|
||||
a[0].respond_to?(:resource_skipped) &&
|
||||
|
@ -84,7 +84,7 @@ module Vulcano::DSL
|
|||
# merge two rules completely; all defined
|
||||
# fields from src will be overwritten in dst
|
||||
def self.merge_rules(dst, src)
|
||||
VulcanoBaseRule::merge dst, src
|
||||
VulcanoBaseRule.merge dst, src
|
||||
end
|
||||
|
||||
# Attach an ID attribute to the
|
||||
|
@ -129,7 +129,7 @@ module Vulcano::DSL
|
|||
# that were defined in the block
|
||||
unless include_all
|
||||
remove = rule_registry.keys - block_registry.keys
|
||||
remove.each{|key| rule_registry.delete(key)}
|
||||
remove.each { |key| rule_registry.delete(key) }
|
||||
end
|
||||
|
||||
# merge the rules in the block_registry (adjustments) with
|
||||
|
@ -162,7 +162,7 @@ module Vulcano::DSL
|
|||
if File.directory? libdir and !$LOAD_PATH.include?(libdir)
|
||||
$LOAD_PATH.unshift(libdir)
|
||||
end
|
||||
files = Dir[File.join(path, 'spec','*_spec.rb')]
|
||||
files = Dir[File.join(path, 'spec', '*_spec.rb')]
|
||||
end
|
||||
files
|
||||
end
|
||||
|
@ -170,11 +170,11 @@ module Vulcano::DSL
|
|||
end
|
||||
|
||||
module Vulcano::GlobalDSL
|
||||
def __register_rule r
|
||||
def __register_rule(r)
|
||||
# make sure the profile id is attached to the rule
|
||||
::Vulcano::DSL.execute_rule(r, __profile_id)
|
||||
end
|
||||
def __unregister_rule id
|
||||
def __unregister_rule(id)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@ module Vulcano
|
|||
|
||||
def normalize_map(hm)
|
||||
res = {}
|
||||
hm.each{|k,v|
|
||||
hm.each {|k, v|
|
||||
res[k.to_s] = v
|
||||
}
|
||||
res
|
||||
|
@ -43,7 +43,7 @@ module Vulcano
|
|||
end
|
||||
|
||||
def configure_backend
|
||||
backend_name = ( @conf['backend'] ||= 'exec' )
|
||||
backend_name = (@conf['backend'] ||= 'exec')
|
||||
# @TODO all backends except for mock revert to specinfra for now
|
||||
unless %w{ mock }.include? backend_name
|
||||
backend_class = Vulcano::Backend.registry['specinfra']
|
||||
|
@ -82,7 +82,7 @@ module Vulcano
|
|||
ctx.rules.each do |rule_id, rule|
|
||||
#::Vulcano::DSL.execute_rule(rule, profile_id)
|
||||
checks = rule.instance_variable_get(:@checks)
|
||||
checks.each do |m,a,b|
|
||||
checks.each do |m, a, b|
|
||||
# resource skipping
|
||||
if !a.empty? &&
|
||||
a[0].respond_to?(:resource_skipped) &&
|
||||
|
|
|
@ -14,13 +14,12 @@ module Vulcano
|
|||
|
||||
def self.resolve(targets)
|
||||
Array(targets).map do |target|
|
||||
handler = modules.values.find{|m| m.handles?(target)}
|
||||
handler = modules.values.find { |m| m.handles?(target) }
|
||||
if handler.nil?
|
||||
fail "Don't know how to handle target: #{target}"
|
||||
end
|
||||
handler.resolve(target)
|
||||
end.flatten
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
module Vulcano::Targets
|
||||
module DirsHelper
|
||||
|
||||
class ChefAuditDir
|
||||
def handles?(paths)
|
||||
paths.include?('recipes') and paths.include?('metadata.rb')
|
||||
|
@ -33,17 +32,16 @@ module Vulcano::Targets
|
|||
end
|
||||
|
||||
def get_filenames(paths)
|
||||
paths.find_all{|x| x.end_with?('.rb') and !x.include?('/')}
|
||||
paths.find_all { |x| x.end_with?('.rb') and !x.include?('/') }
|
||||
end
|
||||
end
|
||||
|
||||
HANDLERS = [
|
||||
ChefAuditDir, ServerspecDir, FlatDir
|
||||
].map{|x| x.new }
|
||||
].map { |x| x.new }
|
||||
|
||||
def self.getHandler(paths)
|
||||
HANDLERS.find{|x| x.handles? paths}
|
||||
HANDLERS.find { |x| x.handles? paths }
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -10,9 +10,9 @@ module Vulcano::Targets
|
|||
|
||||
def resolve(target)
|
||||
# find all files in the folder
|
||||
files = Dir[File.join(target,'**','*')]
|
||||
files = Dir[File.join(target, '**', '*')]
|
||||
# remove the prefix
|
||||
files = files.map{|x| x[target.length+1..-1]}
|
||||
files = files.map { |x| x[target.length + 1..-1] }
|
||||
# get the dirs helper
|
||||
helper = DirsHelper.getHandler(files)
|
||||
if helper.nil?
|
||||
|
@ -22,7 +22,7 @@ module Vulcano::Targets
|
|||
file_handler = Vulcano::Targets.modules['file']
|
||||
test_files = helper.get_filenames(files)
|
||||
test_files.map do |f|
|
||||
file_handler.resolve(File.join(target,f))
|
||||
file_handler.resolve(File.join(target, f))
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -6,7 +6,7 @@ module Vulcano::Targets
|
|||
class TarHelper
|
||||
def structure(input)
|
||||
files = []
|
||||
Gem::Package::TarReader.new( Zlib::GzipReader.open input ) do |tar|
|
||||
Gem::Package::TarReader.new(Zlib::GzipReader.open input) do |tar|
|
||||
files = tar.map{|entry| entry.full_name }
|
||||
end
|
||||
files
|
||||
|
@ -14,7 +14,7 @@ module Vulcano::Targets
|
|||
|
||||
def content(input)
|
||||
content = {}
|
||||
Gem::Package::TarReader.new( Zlib::GzipReader.open input ) do |tar|
|
||||
Gem::Package::TarReader.new(Zlib::GzipReader.open input) do |tar|
|
||||
tar.each do |entry|
|
||||
if entry.directory?
|
||||
# nothing to do
|
||||
|
|
|
@ -5,7 +5,6 @@ require 'open-uri'
|
|||
require 'vulcano/targets/zip'
|
||||
|
||||
module Vulcano::Targets
|
||||
|
||||
class UrlHelper
|
||||
def handles?(target)
|
||||
uri = URI.parse(target)
|
||||
|
@ -14,7 +13,7 @@ module Vulcano::Targets
|
|||
|
||||
def resolve(target)
|
||||
if target.start_with? 'https://github.com' and target.end_with? '.git'
|
||||
url = target.sub(/.git$/,'') + '/archive/master.zip'
|
||||
url = target.sub(/.git$/, '') + '/archive/master.zip'
|
||||
return resolve_zip(url)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -8,8 +8,8 @@ Gem::Specification.new do |spec|
|
|||
spec.version = Vulcano::VERSION
|
||||
spec.authors = ['Dominik Richter']
|
||||
spec.email = ['dominik@vulcanosec.com']
|
||||
spec.summary = %q{Validate Vulcano compliance checks.}
|
||||
spec.description = %q{Validate Vulcano compliance checks.}
|
||||
spec.summary = 'Validate Vulcano compliance checks.'
|
||||
spec.description = 'Validate Vulcano compliance checks.'
|
||||
spec.homepage = 'https://github.com/...'
|
||||
spec.license = 'Proprietary'
|
||||
|
||||
|
|
Loading…
Reference in a new issue