mirror of
https://github.com/inspec/inspec
synced 2024-09-20 14:31:58 +00:00
Address rubocop violations
Signed-off-by: Tom Duffield <tom@chef.io>
This commit is contained in:
parent
c5ad7b5d4a
commit
1ea83f526c
63 changed files with 124 additions and 125 deletions
|
@ -154,17 +154,17 @@ module Artifact
|
||||||
p = Pathname.new(path_to_profile)
|
p = Pathname.new(path_to_profile)
|
||||||
p = p.join('inspec.yml')
|
p = p.join('inspec.yml')
|
||||||
if not p.exist?
|
if not p.exist?
|
||||||
fail "#{path_to_profile} doesn't appear to be a valid Inspec profile"
|
raise "#{path_to_profile} doesn't appear to be a valid Inspec profile"
|
||||||
end
|
end
|
||||||
yaml = YAML.load_file(p.to_s)
|
yaml = YAML.load_file(p.to_s)
|
||||||
yaml = yaml.to_hash
|
yaml = yaml.to_hash
|
||||||
|
|
||||||
if not yaml.key? 'name'
|
if not yaml.key? 'name'
|
||||||
fail 'Profile is invalid, name is not defined'
|
raise 'Profile is invalid, name is not defined'
|
||||||
end
|
end
|
||||||
|
|
||||||
if not yaml.key? 'version'
|
if not yaml.key? 'version'
|
||||||
fail 'Profile is invalid, version is not defined'
|
raise 'Profile is invalid, version is not defined'
|
||||||
end
|
end
|
||||||
rescue => e
|
rescue => e
|
||||||
# rewrap it and pass it up to the CLI
|
# rewrap it and pass it up to the CLI
|
||||||
|
@ -212,15 +212,15 @@ module Artifact
|
||||||
public_keyfile = "#{file_keyname}.pem.pub"
|
public_keyfile = "#{file_keyname}.pem.pub"
|
||||||
puts "Looking for #{public_keyfile} to verify artifact"
|
puts "Looking for #{public_keyfile} to verify artifact"
|
||||||
if not File.exist? public_keyfile
|
if not File.exist? public_keyfile
|
||||||
fail "Can't find #{public_keyfile}"
|
raise "Can't find #{public_keyfile}"
|
||||||
end
|
end
|
||||||
|
|
||||||
if not VALID_PROFILE_DIGESTS.member? file_alg
|
if not VALID_PROFILE_DIGESTS.member? file_alg
|
||||||
fail 'Invalid artifact digest algorithm detected'
|
raise 'Invalid artifact digest algorithm detected'
|
||||||
end
|
end
|
||||||
|
|
||||||
if not VALID_PROFILE_VERSIONS.member? file_version
|
if not VALID_PROFILE_VERSIONS.member? file_version
|
||||||
fail 'Invalid artifact version detected'
|
raise 'Invalid artifact version detected'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -38,7 +38,7 @@ module Compliance
|
||||||
# post a file
|
# post a file
|
||||||
def self.post_file(url, headers, file_path, insecure)
|
def self.post_file(url, headers, file_path, insecure)
|
||||||
uri = URI.parse(url)
|
uri = URI.parse(url)
|
||||||
fail "Unable to parse URL: #{url}" if uri.nil? || uri.host.nil?
|
raise "Unable to parse URL: #{url}" if uri.nil? || uri.host.nil?
|
||||||
http = Net::HTTP.new(uri.host, uri.port)
|
http = Net::HTTP.new(uri.host, uri.port)
|
||||||
|
|
||||||
# set connection flags
|
# set connection flags
|
||||||
|
@ -67,7 +67,7 @@ module Compliance
|
||||||
}
|
}
|
||||||
opts[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if insecure
|
opts[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if insecure
|
||||||
|
|
||||||
fail "Unable to parse URI: #{uri}" if uri.nil? || uri.host.nil?
|
raise "Unable to parse URI: #{uri}" if uri.nil? || uri.host.nil?
|
||||||
res = Net::HTTP.start(uri.host, uri.port, opts) { |http|
|
res = Net::HTTP.start(uri.host, uri.port, opts) { |http|
|
||||||
http.request(req)
|
http.request(req)
|
||||||
}
|
}
|
||||||
|
|
|
@ -37,7 +37,7 @@ module Compliance
|
||||||
server = 'compliance'
|
server = 'compliance'
|
||||||
msg = "inspec compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
|
msg = "inspec compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
|
||||||
end
|
end
|
||||||
fail Inspec::FetcherFailure, <<EOF
|
raise Inspec::FetcherFailure, <<EOF
|
||||||
|
|
||||||
Cannot fetch #{uri} because your #{server} token has not been
|
Cannot fetch #{uri} because your #{server} token has not been
|
||||||
configured.
|
configured.
|
||||||
|
@ -51,7 +51,7 @@ EOF
|
||||||
# verifies that the target e.g base/ssh exists
|
# verifies that the target e.g base/ssh exists
|
||||||
profile = uri.host + uri.path
|
profile = uri.host + uri.path
|
||||||
if !Compliance::API.exist?(config, profile)
|
if !Compliance::API.exist?(config, profile)
|
||||||
fail Inspec::FetcherFailure, "The compliance profile #{profile} was not found on the configured compliance server"
|
raise Inspec::FetcherFailure, "The compliance profile #{profile} was not found on the configured compliance server"
|
||||||
end
|
end
|
||||||
profile_fetch_url = Compliance::API.target_url(config, profile)
|
profile_fetch_url = Compliance::API.target_url(config, profile)
|
||||||
end
|
end
|
||||||
|
|
|
@ -45,7 +45,7 @@ module Supermarket
|
||||||
"#{p['tool_owner']}/#{p['slug']}" == profile
|
"#{p['tool_owner']}/#{p['slug']}" == profile
|
||||||
}
|
}
|
||||||
|
|
||||||
if found.length == 0
|
if found.empty?
|
||||||
puts "#{mark_text(profile)} is not available on Supermarket"
|
puts "#{mark_text(profile)} is not available on Supermarket"
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
|
@ -86,7 +86,7 @@ module Fetchers
|
||||||
cmd = shellout("git ls-remote \"#{@remote_url}\" \"#{ref_name}*\"")
|
cmd = shellout("git ls-remote \"#{@remote_url}\" \"#{ref_name}*\"")
|
||||||
ref = parse_ls_remote(cmd.stdout, ref_name)
|
ref = parse_ls_remote(cmd.stdout, ref_name)
|
||||||
if !ref
|
if !ref
|
||||||
fail "Unable to resolve #{ref_name} to a specific git commit for #{@remote_url}"
|
raise "Unable to resolve #{ref_name} to a specific git commit for #{@remote_url}"
|
||||||
end
|
end
|
||||||
ref
|
ref
|
||||||
end
|
end
|
||||||
|
|
|
@ -17,12 +17,12 @@ module Inspec
|
||||||
name = Train.validate_backend(conf)
|
name = Train.validate_backend(conf)
|
||||||
transport = Train.create(name, conf)
|
transport = Train.create(name, conf)
|
||||||
if transport.nil?
|
if transport.nil?
|
||||||
fail "Can't find transport backend '#{name}'."
|
raise "Can't find transport backend '#{name}'."
|
||||||
end
|
end
|
||||||
|
|
||||||
connection = transport.connection
|
connection = transport.connection
|
||||||
if connection.nil?
|
if connection.nil?
|
||||||
fail "Can't connect to transport backend '#{name}'."
|
raise "Can't connect to transport backend '#{name}'."
|
||||||
end
|
end
|
||||||
|
|
||||||
cls = Class.new do
|
cls = Class.new do
|
||||||
|
|
|
@ -142,7 +142,7 @@ module Inspec
|
||||||
$stderr.puts exception.message
|
$stderr.puts exception.message
|
||||||
exit(1)
|
exit(1)
|
||||||
else
|
else
|
||||||
raise exception # rubocop:disable Style/SignalException
|
raise exception
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@ module Inspec
|
||||||
@fetcher = Inspec::Fetcher.resolve(target)
|
@fetcher = Inspec::Fetcher.resolve(target)
|
||||||
|
|
||||||
if @fetcher.nil?
|
if @fetcher.nil?
|
||||||
fail("Could not fetch inspec profile in #{target.inspect}.")
|
raise("Could not fetch inspec profile in #{target.inspect}.")
|
||||||
end
|
end
|
||||||
|
|
||||||
@cache = cache
|
@cache = cache
|
||||||
|
@ -50,7 +50,7 @@ module Inspec
|
||||||
def assert_cache_sanity!
|
def assert_cache_sanity!
|
||||||
if target.respond_to?(:key?) && target.key?(:sha256)
|
if target.respond_to?(:key?) && target.key?(:sha256)
|
||||||
if fetcher.resolved_source[:sha256] != target[:sha256]
|
if fetcher.resolved_source[:sha256] != target[:sha256]
|
||||||
fail <<EOF
|
raise <<EOF
|
||||||
The remote source #{fetcher} no longer has the requested content:
|
The remote source #{fetcher} no longer has the requested content:
|
||||||
|
|
||||||
Request Content Hash: #{target[:sha256]}
|
Request Content Hash: #{target[:sha256]}
|
||||||
|
|
|
@ -35,8 +35,6 @@ module Inspec
|
||||||
# @param profile_context [Inspec::ProfileContext]
|
# @param profile_context [Inspec::ProfileContext]
|
||||||
# @param outer_dsl [OuterDSLClass]
|
# @param outer_dsl [OuterDSLClass]
|
||||||
# @return [ProfileContextClass]
|
# @return [ProfileContextClass]
|
||||||
#
|
|
||||||
# rubocop:disable Lint/NestedMethodDefinition
|
|
||||||
def self.create(profile_context, resources_dsl) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
|
def self.create(profile_context, resources_dsl) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
|
||||||
rule_class = rule_context(resources_dsl)
|
rule_class = rule_context(resources_dsl)
|
||||||
profile_context_owner = profile_context
|
profile_context_owner = profile_context
|
||||||
|
|
|
@ -18,7 +18,7 @@ module Inspec
|
||||||
def self.from_content(content)
|
def self.from_content(content)
|
||||||
parsed_content = YAML.load(content)
|
parsed_content = YAML.load(content)
|
||||||
version = parsed_content['lockfile_version']
|
version = parsed_content['lockfile_version']
|
||||||
fail "No lockfile_version set in #{path}!" if version.nil?
|
raise "No lockfile_version set in #{path}!" if version.nil?
|
||||||
validate_lockfile_version!(version.to_i)
|
validate_lockfile_version!(version.to_i)
|
||||||
new(parsed_content)
|
new(parsed_content)
|
||||||
end
|
end
|
||||||
|
@ -28,9 +28,10 @@ module Inspec
|
||||||
from_content(content)
|
from_content(content)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# rubocop:disable Style/GuardClause
|
||||||
def self.validate_lockfile_version!(version)
|
def self.validate_lockfile_version!(version)
|
||||||
if version < MINIMUM_SUPPORTED_VERSION
|
if version < MINIMUM_SUPPORTED_VERSION
|
||||||
fail <<EOF
|
raise <<EOF
|
||||||
This lockfile specifies a lockfile_version of #{version} which is
|
This lockfile specifies a lockfile_version of #{version} which is
|
||||||
lower than the minimum supported version #{MINIMUM_SUPPORTED_VERSION}.
|
lower than the minimum supported version #{MINIMUM_SUPPORTED_VERSION}.
|
||||||
|
|
||||||
|
@ -39,7 +40,7 @@ Please create a new lockfile for this project by running:
|
||||||
inspec vendor
|
inspec vendor
|
||||||
EOF
|
EOF
|
||||||
elsif version > CURRENT_LOCKFILE_VERSION
|
elsif version > CURRENT_LOCKFILE_VERSION
|
||||||
fail <<EOF
|
raise <<EOF
|
||||||
This lockfile claims to be version #{version} which is greater than
|
This lockfile claims to be version #{version} which is greater than
|
||||||
the most recent lockfile version(#{CURRENT_LOCKFILE_VERSION}).
|
the most recent lockfile version(#{CURRENT_LOCKFILE_VERSION}).
|
||||||
|
|
||||||
|
@ -48,6 +49,7 @@ used to create the lockfile.
|
||||||
EOF
|
EOF
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
# rubocop:enable Style/GuardClause
|
||||||
|
|
||||||
attr_reader :version, :deps
|
attr_reader :version, :deps
|
||||||
def initialize(lockfile_content_hash)
|
def initialize(lockfile_content_hash)
|
||||||
|
@ -80,7 +82,7 @@ EOF
|
||||||
else
|
else
|
||||||
# If we've gotten here, there is likely a mistake in the
|
# If we've gotten here, there is likely a mistake in the
|
||||||
# lockfile version validation in the constructor.
|
# lockfile version validation in the constructor.
|
||||||
fail "No lockfile parser for version #{version}"
|
raise "No lockfile parser for version #{version}"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,7 @@ module Inspec
|
||||||
#
|
#
|
||||||
class Requirement
|
class Requirement
|
||||||
def self.from_metadata(dep, cache, opts)
|
def self.from_metadata(dep, cache, opts)
|
||||||
fail 'Cannot load empty dependency.' if dep.nil? || dep.empty?
|
raise 'Cannot load empty dependency.' if dep.nil? || dep.empty?
|
||||||
new(dep[:name], dep[:version], cache, opts[:cwd], opts.merge(dep))
|
new(dep[:name], dep[:version], cache, opts[:cwd], opts.merge(dep))
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,7 @@ module Inspec
|
||||||
def self.resolve(dependencies, cache, working_dir, backend)
|
def self.resolve(dependencies, cache, working_dir, backend)
|
||||||
reqs = dependencies.map do |dep|
|
reqs = dependencies.map do |dep|
|
||||||
req = Inspec::Requirement.from_metadata(dep, cache, cwd: working_dir, backend: backend)
|
req = Inspec::Requirement.from_metadata(dep, cache, cwd: working_dir, backend: backend)
|
||||||
req || fail("Cannot initialize dependency: #{req}")
|
req || raise("Cannot initialize dependency: #{req}")
|
||||||
end
|
end
|
||||||
new.resolve(reqs)
|
new.resolve(reqs)
|
||||||
end
|
end
|
||||||
|
@ -40,7 +40,7 @@ module Inspec
|
||||||
else
|
else
|
||||||
"the dependency information for #{path_string.split(' ').last}"
|
"the dependency information for #{path_string.split(' ').last}"
|
||||||
end
|
end
|
||||||
fail Inspec::DuplicateDep, "The dependency #{dep.name} is listed twice in #{problem_cookbook}"
|
raise Inspec::DuplicateDep, "The dependency #{dep.name} is listed twice in #{problem_cookbook}"
|
||||||
else
|
else
|
||||||
seen_items_local << dep.name
|
seen_items_local << dep.name
|
||||||
end
|
end
|
||||||
|
@ -65,13 +65,13 @@ module Inspec
|
||||||
end
|
end
|
||||||
|
|
||||||
if new_seen_items.key?(dep.resolved_source)
|
if new_seen_items.key?(dep.resolved_source)
|
||||||
fail Inspec::CyclicDependencyError, "Dependency #{dep} would cause a dependency cycle (#{new_path_string})"
|
raise Inspec::CyclicDependencyError, "Dependency #{dep} would cause a dependency cycle (#{new_path_string})"
|
||||||
else
|
else
|
||||||
new_seen_items[dep.resolved_source] = true
|
new_seen_items[dep.resolved_source] = true
|
||||||
end
|
end
|
||||||
|
|
||||||
if !dep.source_satisfies_spec?
|
if !dep.source_satisfies_spec?
|
||||||
fail Inspec::UnsatisfiedVersionSpecification, "The profile #{dep.name} from #{dep.resolved_source} has a version #{dep.source_version} which doesn't match #{dep.required_version}"
|
raise Inspec::UnsatisfiedVersionSpecification, "The profile #{dep.name} from #{dep.resolved_source} has a version #{dep.source_version} which doesn't match #{dep.required_version}"
|
||||||
end
|
end
|
||||||
|
|
||||||
Inspec::Log.debug("Adding dependency #{dep.name} (#{dep.resolved_source})")
|
Inspec::Log.debug("Adding dependency #{dep.name} (#{dep.resolved_source})")
|
||||||
|
|
|
@ -19,7 +19,7 @@ module Inspec::DSL
|
||||||
alias include_rules include_controls
|
alias include_rules include_controls
|
||||||
|
|
||||||
def require_resource(options = {})
|
def require_resource(options = {})
|
||||||
fail 'You must specify a specific resource name when calling require_resource()' if options[:resource].nil?
|
raise 'You must specify a specific resource name when calling require_resource()' if options[:resource].nil?
|
||||||
|
|
||||||
from_profile = options[:profile] || profile_name
|
from_profile = options[:profile] || profile_name
|
||||||
target_name = options[:as] || options[:resource]
|
target_name = options[:as] || options[:resource]
|
||||||
|
@ -33,7 +33,7 @@ module Inspec::DSL
|
||||||
|
|
||||||
dep_entry = dependencies.list[profile_id]
|
dep_entry = dependencies.list[profile_id]
|
||||||
if dep_entry.nil?
|
if dep_entry.nil?
|
||||||
fail <<EOF
|
raise <<EOF
|
||||||
Cannot load #{profile_id} since it is not listed as a dependency
|
Cannot load #{profile_id} since it is not listed as a dependency
|
||||||
of #{bind_context.profile_name}.
|
of #{bind_context.profile_name}.
|
||||||
|
|
||||||
|
|
|
@ -34,7 +34,7 @@ module Inspec
|
||||||
|
|
||||||
def self.fetcher(version)
|
def self.fetcher(version)
|
||||||
if version != 1
|
if version != 1
|
||||||
fail 'Only fetcher version 1 is supported!'
|
raise 'Only fetcher version 1 is supported!'
|
||||||
end
|
end
|
||||||
Inspec::Plugins::Fetcher
|
Inspec::Plugins::Fetcher
|
||||||
end
|
end
|
||||||
|
|
|
@ -17,7 +17,7 @@ module Inspec
|
||||||
elsif File.exist?(path)
|
elsif File.exist?(path)
|
||||||
DirProvider.new(path)
|
DirProvider.new(path)
|
||||||
else
|
else
|
||||||
fail "No file provider for the provided path: #{path}"
|
raise "No file provider for the provided path: #{path}"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -25,11 +25,11 @@ module Inspec
|
||||||
end
|
end
|
||||||
|
|
||||||
def read(_file)
|
def read(_file)
|
||||||
fail "#{self} does not implement `read(...)`. This is required."
|
raise "#{self} does not implement `read(...)`. This is required."
|
||||||
end
|
end
|
||||||
|
|
||||||
def files
|
def files
|
||||||
fail "Fetcher #{self} does not implement `files()`. This is required."
|
raise "Fetcher #{self} does not implement `files()`. This is required."
|
||||||
end
|
end
|
||||||
|
|
||||||
def relative_provider
|
def relative_provider
|
||||||
|
@ -148,7 +148,7 @@ module Inspec
|
||||||
@parent = parent_provider
|
@parent = parent_provider
|
||||||
@prefix = get_prefix(parent.files)
|
@prefix = get_prefix(parent.files)
|
||||||
if @prefix.nil?
|
if @prefix.nil?
|
||||||
fail "Could not determine path prefix for #{parent}"
|
raise "Could not determine path prefix for #{parent}"
|
||||||
end
|
end
|
||||||
@files = parent.files.find_all { |x| x.start_with?(prefix) && x != prefix }
|
@files = parent.files.find_all { |x| x.start_with?(prefix) && x != prefix }
|
||||||
.map { |x| x[prefix.length..-1] }
|
.map { |x| x[prefix.length..-1] }
|
||||||
|
|
|
@ -35,7 +35,7 @@ module Inspec
|
||||||
|
|
||||||
c3 = Class.new do
|
c3 = Class.new do
|
||||||
include Inspec::DSL::RequireOverride
|
include Inspec::DSL::RequireOverride
|
||||||
def initialize(require_loader) # rubocop:disable Lint/NestedMethodDefinition
|
def initialize(require_loader)
|
||||||
@require_loader = require_loader
|
@require_loader = require_loader
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
module Inspec
|
module Inspec
|
||||||
class List < Value
|
class List < Value
|
||||||
def map
|
def map
|
||||||
fail 'Inspec::List.map needs to be called with a block' unless block_given?
|
raise 'Inspec::List.map needs to be called with a block' unless block_given?
|
||||||
t = List.new
|
t = List.new
|
||||||
t.qualifier = [['x']]
|
t.qualifier = [['x']]
|
||||||
yield(t)
|
yield(t)
|
||||||
|
|
|
@ -51,7 +51,7 @@ module Inspec
|
||||||
def load(name)
|
def load(name)
|
||||||
path = @registry[name]
|
path = @registry[name]
|
||||||
if path.nil?
|
if path.nil?
|
||||||
fail "Couldn't find plugin #{name}. Searching in #{@home}"
|
raise "Couldn't find plugin #{name}. Searching in #{@home}"
|
||||||
end
|
end
|
||||||
# puts "Loading plugin #{name} from #{path}"
|
# puts "Loading plugin #{name} from #{path}"
|
||||||
require path
|
require path
|
||||||
|
|
|
@ -36,7 +36,7 @@ module Inspec
|
||||||
# profile.
|
# profile.
|
||||||
#
|
#
|
||||||
def archive_path
|
def archive_path
|
||||||
fail "Fetcher #{self} does not implement `archive_path()`. This is required."
|
raise "Fetcher #{self} does not implement `archive_path()`. This is required."
|
||||||
end
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -49,7 +49,7 @@ module Inspec
|
||||||
# /foo/bar/baz.zip
|
# /foo/bar/baz.zip
|
||||||
#
|
#
|
||||||
def fetch(_path)
|
def fetch(_path)
|
||||||
fail "Fetcher #{self} does not implement `fetch()`. This is required."
|
raise "Fetcher #{self} does not implement `fetch()`. This is required."
|
||||||
end
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -59,14 +59,14 @@ module Inspec
|
||||||
# tag will be resolved to an exact revision.
|
# tag will be resolved to an exact revision.
|
||||||
#
|
#
|
||||||
def resolved_source
|
def resolved_source
|
||||||
fail "Fetcher #{self} does not implement `resolved_source()`. This is required for terminal fetchers."
|
raise "Fetcher #{self} does not implement `resolved_source()`. This is required for terminal fetchers."
|
||||||
end
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
# The unique key based on the content of the remote archive.
|
# The unique key based on the content of the remote archive.
|
||||||
#
|
#
|
||||||
def cache_key
|
def cache_key
|
||||||
fail "Fetcher #{self} does not implement `cache_key()`. This is required for terminal fetchers."
|
raise "Fetcher #{self} does not implement `cache_key()`. This is required for terminal fetchers."
|
||||||
end
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
|
@ -38,7 +38,6 @@ module Inspec
|
||||||
end
|
end
|
||||||
|
|
||||||
def __register(name, obj)
|
def __register(name, obj)
|
||||||
# rubocop:disable Lint/NestedMethodDefinition
|
|
||||||
cl = Class.new(obj) do
|
cl = Class.new(obj) do
|
||||||
def initialize(backend, name, *args)
|
def initialize(backend, name, *args)
|
||||||
# attach the backend to this instance
|
# attach the backend to this instance
|
||||||
|
|
|
@ -15,7 +15,7 @@ module Inspec
|
||||||
#
|
#
|
||||||
# @return [Inspec::Metadata] profile metadata
|
# @return [Inspec::Metadata] profile metadata
|
||||||
def metadata
|
def metadata
|
||||||
fail "SourceReader #{self} does not implement `metadata()`. This method is required"
|
raise "SourceReader #{self} does not implement `metadata()`. This method is required"
|
||||||
end
|
end
|
||||||
|
|
||||||
# Retrieve this profile's tests
|
# Retrieve this profile's tests
|
||||||
|
@ -26,14 +26,14 @@ module Inspec
|
||||||
#
|
#
|
||||||
# @return [Hash] Collection with references pointing to test contents
|
# @return [Hash] Collection with references pointing to test contents
|
||||||
def tests
|
def tests
|
||||||
fail "SourceReader #{self} does not implement `tests()`. This method is required"
|
raise "SourceReader #{self} does not implement `tests()`. This method is required"
|
||||||
end
|
end
|
||||||
|
|
||||||
# Retrieve this profile's libraries
|
# Retrieve this profile's libraries
|
||||||
#
|
#
|
||||||
# @return [Hash] Collection with references pointing to library contents
|
# @return [Hash] Collection with references pointing to library contents
|
||||||
def libraries
|
def libraries
|
||||||
fail "SourceReader #{self} does not implement `libraries()`. This method is required"
|
raise "SourceReader #{self} does not implement `libraries()`. This method is required"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -57,7 +57,7 @@ module Inspec
|
||||||
|
|
||||||
reader = Inspec::SourceReader.resolve(rp)
|
reader = Inspec::SourceReader.resolve(rp)
|
||||||
if reader.nil?
|
if reader.nil?
|
||||||
fail("Don't understand inspec profile in #{path}, it " \
|
raise("Don't understand inspec profile in #{path}, it " \
|
||||||
"doesn't look like a supported profile structure.")
|
"doesn't look like a supported profile structure.")
|
||||||
end
|
end
|
||||||
new(reader, opts)
|
new(reader, opts)
|
||||||
|
@ -108,7 +108,7 @@ module Inspec
|
||||||
metadata.params[:version]
|
metadata.params[:version]
|
||||||
end
|
end
|
||||||
|
|
||||||
def writable? # rubocop:disable Style/TrivialAccessors
|
def writable?
|
||||||
@writable
|
@writable
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -397,10 +397,10 @@ module Inspec
|
||||||
end
|
end
|
||||||
|
|
||||||
name = params[:name] ||
|
name = params[:name] ||
|
||||||
fail('Cannot create an archive without a profile name! Please '\
|
raise('Cannot create an archive without a profile name! Please '\
|
||||||
'specify the name in metadata or use --output to create the archive.')
|
'specify the name in metadata or use --output to create the archive.')
|
||||||
version = params[:version] ||
|
version = params[:version] ||
|
||||||
fail('Cannot create an archive without a profile version! Please '\
|
raise('Cannot create an archive without a profile version! Please '\
|
||||||
'specify the version in metadata or use --output to create the archive.')
|
'specify the version in metadata or use --output to create the archive.')
|
||||||
ext = opts[:zip] ? 'zip' : 'tar.gz'
|
ext = opts[:zip] ? 'zip' : 'tar.gz'
|
||||||
slug = name.downcase.strip.tr(' ', '-').gsub(/[^\w-]/, '_')
|
slug = name.downcase.strip.tr(' ', '-').gsub(/[^\w-]/, '_')
|
||||||
|
|
|
@ -21,7 +21,7 @@ module Inspec
|
||||||
attr_accessor :rules
|
attr_accessor :rules
|
||||||
def initialize(profile_id, backend, conf)
|
def initialize(profile_id, backend, conf)
|
||||||
if backend.nil?
|
if backend.nil?
|
||||||
fail 'ProfileContext is initiated with a backend == nil. ' \
|
raise 'ProfileContext is initiated with a backend == nil. ' \
|
||||||
'This is a backend error which must be fixed upstream.'
|
'This is a backend error which must be fixed upstream.'
|
||||||
end
|
end
|
||||||
@profile_id = profile_id
|
@profile_id = profile_id
|
||||||
|
|
|
@ -39,7 +39,7 @@ module Inspec
|
||||||
profile_context.subcontext_by_name(profile_name)
|
profile_context.subcontext_by_name(profile_name)
|
||||||
end
|
end
|
||||||
|
|
||||||
fail ProfileNotFound, "Cannot find profile named: #{profile_name}" if inner_context.nil?
|
raise ProfileNotFound, "Cannot find profile named: #{profile_name}" if inner_context.nil?
|
||||||
inner_context.resource_registry[resource_name]
|
inner_context.resource_registry[resource_name]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -64,7 +64,7 @@ module Inspec
|
||||||
|
|
||||||
def self.validate_resource_dsl_version!(version)
|
def self.validate_resource_dsl_version!(version)
|
||||||
if version != 1
|
if version != 1
|
||||||
fail 'Only resource version 1 is supported!'
|
raise 'Only resource version 1 is supported!'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -166,7 +166,7 @@ module Inspec
|
||||||
backend: @backend,
|
backend: @backend,
|
||||||
controls: @controls,
|
controls: @controls,
|
||||||
attributes: @conf[:attributes])
|
attributes: @conf[:attributes])
|
||||||
fail "Could not resolve #{target} to valid input." if profile.nil?
|
raise "Could not resolve #{target} to valid input." if profile.nil?
|
||||||
@target_profiles << profile if supports_profile?(profile)
|
@target_profiles << profile if supports_profile?(profile)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -174,13 +174,13 @@ module Inspec
|
||||||
return true if @ignore_supports
|
return true if @ignore_supports
|
||||||
|
|
||||||
if !profile.supports_runtime?
|
if !profile.supports_runtime?
|
||||||
fail 'This profile requires InSpec version '\
|
raise 'This profile requires InSpec version '\
|
||||||
"#{profile.metadata.inspec_requirement}. You are running "\
|
"#{profile.metadata.inspec_requirement}. You are running "\
|
||||||
"InSpec v#{Inspec::VERSION}.\n"
|
"InSpec v#{Inspec::VERSION}.\n"
|
||||||
end
|
end
|
||||||
|
|
||||||
if !profile.supports_os?
|
if !profile.supports_os?
|
||||||
fail "This OS/platform (#{@backend.os[:name]}) is not supported by this profile."
|
raise "This OS/platform (#{@backend.os[:name]}) is not supported by this profile."
|
||||||
end
|
end
|
||||||
|
|
||||||
true
|
true
|
||||||
|
@ -249,7 +249,7 @@ module Inspec
|
||||||
# otherwise return all working tests
|
# otherwise return all working tests
|
||||||
return ok_tests
|
return ok_tests
|
||||||
else
|
else
|
||||||
fail "A rule was registered with #{method_name.inspect}, "\
|
raise "A rule was registered with #{method_name.inspect}, "\
|
||||||
"which isn't understood and cannot be processed."
|
"which isn't understood and cannot be processed."
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -10,7 +10,7 @@ module Inspec
|
||||||
|
|
||||||
def self.secrets(version)
|
def self.secrets(version)
|
||||||
if version != 1
|
if version != 1
|
||||||
fail 'Only secrets version 1 is supported!'
|
raise 'Only secrets version 1 is supported!'
|
||||||
end
|
end
|
||||||
Inspec::Plugins::Secret
|
Inspec::Plugins::Secret
|
||||||
end
|
end
|
||||||
|
|
|
@ -79,7 +79,7 @@ module Inspec
|
||||||
# determine min whitespace that can be removed
|
# determine min whitespace that can be removed
|
||||||
min = nil
|
min = nil
|
||||||
example.lines.each do |line|
|
example.lines.each do |line|
|
||||||
if line.strip.length > 0 # ignore empty lines
|
if !line.strip.empty? # ignore empty lines
|
||||||
line_whitespace = line.length - line.lstrip.length
|
line_whitespace = line.length - line.lstrip.length
|
||||||
min = line_whitespace if min.nil? || line_whitespace < min
|
min = line_whitespace if min.nil? || line_whitespace < min
|
||||||
end
|
end
|
||||||
|
|
|
@ -19,7 +19,7 @@ module Inspec
|
||||||
|
|
||||||
def self.source_reader(version)
|
def self.source_reader(version)
|
||||||
if version != 1
|
if version != 1
|
||||||
fail 'Only source readers version 1 is supported!'
|
raise 'Only source readers version 1 is supported!'
|
||||||
end
|
end
|
||||||
Inspec::Plugins::SourceReader
|
Inspec::Plugins::SourceReader
|
||||||
end
|
end
|
||||||
|
|
|
@ -105,7 +105,7 @@ RSpec::Matchers.define :be_installed do
|
||||||
end
|
end
|
||||||
|
|
||||||
chain :by do
|
chain :by do
|
||||||
fail "[UNSUPPORTED] Please use the new resources 'gem', 'npm' or 'pip'."
|
raise "[UNSUPPORTED] Please use the new resources 'gem', 'npm' or 'pip'."
|
||||||
end
|
end
|
||||||
|
|
||||||
chain :with_version do |version|
|
chain :with_version do |version|
|
||||||
|
@ -121,7 +121,7 @@ RSpec::Matchers.define :be_enabled do
|
||||||
end
|
end
|
||||||
|
|
||||||
chain :with_level do |_level|
|
chain :with_level do |_level|
|
||||||
fail '[UNSUPPORTED] with level is not supported'
|
raise '[UNSUPPORTED] with level is not supported'
|
||||||
end
|
end
|
||||||
|
|
||||||
failure_message do |service|
|
failure_message do |service|
|
||||||
|
@ -137,7 +137,7 @@ RSpec::Matchers.define :be_running do
|
||||||
end
|
end
|
||||||
|
|
||||||
chain :under do |_under|
|
chain :under do |_under|
|
||||||
fail '[UNSUPPORTED] under is not supported'
|
raise '[UNSUPPORTED] under is not supported'
|
||||||
end
|
end
|
||||||
|
|
||||||
failure_message do |service|
|
failure_message do |service|
|
||||||
|
@ -178,7 +178,7 @@ RSpec::Matchers.define :be_reachable do
|
||||||
end
|
end
|
||||||
|
|
||||||
chain :with do |_attr|
|
chain :with do |_attr|
|
||||||
fail '[UNSUPPORTED] `with` is not supported in combination with `be_reachable`'
|
raise '[UNSUPPORTED] `with` is not supported in combination with `be_reachable`'
|
||||||
end
|
end
|
||||||
|
|
||||||
failure_message do |host|
|
failure_message do |host|
|
||||||
|
@ -193,7 +193,7 @@ RSpec::Matchers.define :be_resolvable do
|
||||||
end
|
end
|
||||||
|
|
||||||
chain :by do |_type|
|
chain :by do |_type|
|
||||||
fail "[UNSUPPORTED] `by` is not supported in combination with `be_resolvable`. Please use the following syntax `host('example.com', port: 53, proto: 'udp')`."
|
raise "[UNSUPPORTED] `by` is not supported in combination with `be_resolvable`. Please use the following syntax `host('example.com', port: 53, proto: 'udp')`."
|
||||||
end
|
end
|
||||||
|
|
||||||
failure_message do |host|
|
failure_message do |host|
|
||||||
|
@ -208,11 +208,11 @@ RSpec::Matchers.define :have_rule do |rule|
|
||||||
end
|
end
|
||||||
|
|
||||||
chain :with_table do |_table|
|
chain :with_table do |_table|
|
||||||
fail "[UNSUPPORTED] `with_table` is not supported in combination with `have_rule`. Please use the following syntax `iptables(table:'mangle', chain: 'input')`."
|
raise "[UNSUPPORTED] `with_table` is not supported in combination with `have_rule`. Please use the following syntax `iptables(table:'mangle', chain: 'input')`."
|
||||||
end
|
end
|
||||||
|
|
||||||
chain :with_chain do |_chain|
|
chain :with_chain do |_chain|
|
||||||
fail "[UNSUPPORTED] `with_table` is not supported in combination with `with_chain`. Please use the following syntax `iptables(table:'mangle', chain: 'input')`."
|
raise "[UNSUPPORTED] `with_table` is not supported in combination with `with_chain`. Please use the following syntax `iptables(table:'mangle', chain: 'input')`."
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -70,7 +70,7 @@ module Inspec::Resources
|
||||||
end
|
end
|
||||||
|
|
||||||
raw_conf = file.content
|
raw_conf = file.content
|
||||||
if raw_conf.empty? && file.size > 0
|
if raw_conf.empty? && !file.empty?
|
||||||
return skip_resource("Can't read file \"#{@conf_path}\"")
|
return skip_resource("Can't read file \"#{@conf_path}\"")
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -41,7 +41,7 @@ module Inspec::Resources
|
||||||
end
|
end
|
||||||
|
|
||||||
content = file.content
|
content = file.content
|
||||||
if content.empty? && file.size > 0
|
if content.empty? && !file.empty?
|
||||||
skip_resource "Can't read file '#{@conf_path}'"
|
skip_resource "Can't read file '#{@conf_path}'"
|
||||||
return @params = {}
|
return @params = {}
|
||||||
end
|
end
|
||||||
|
|
|
@ -93,7 +93,7 @@ module Inspec::Resources
|
||||||
# rubocop:disable Style/MethodName
|
# rubocop:disable Style/MethodName
|
||||||
def LIST_RULES
|
def LIST_RULES
|
||||||
return @legacy.LIST_RULES if @legacy
|
return @legacy.LIST_RULES if @legacy
|
||||||
fail 'Using legacy auditd_rules LIST_RULES interface with non-legacy audit package. Please use the new syntax.'
|
raise 'Using legacy auditd_rules LIST_RULES interface with non-legacy audit package. Please use the new syntax.'
|
||||||
end
|
end
|
||||||
|
|
||||||
def status(name = nil)
|
def status(name = nil)
|
||||||
|
|
|
@ -115,7 +115,7 @@ module Inspec::Resources
|
||||||
adapter_collection.push(info) if info[:name].casecmp(bridge_name) == 0
|
adapter_collection.push(info) if info[:name].casecmp(bridge_name) == 0
|
||||||
end
|
end
|
||||||
|
|
||||||
return nil if bridges.size == 0
|
return nil if bridges.empty?
|
||||||
warn "[Possible Error] detected multiple bridges interfaces with the name #{bridge_name}" if bridges.size > 1
|
warn "[Possible Error] detected multiple bridges interfaces with the name #{bridge_name}" if bridges.size > 1
|
||||||
bridges[0]
|
bridges[0]
|
||||||
end
|
end
|
||||||
|
|
|
@ -107,7 +107,7 @@ module Inspec::Resources
|
||||||
# iterate over each line and filter comments
|
# iterate over each line and filter comments
|
||||||
@content.split("\n").each_with_object([]) do |line, lines|
|
@content.split("\n").each_with_object([]) do |line, lines|
|
||||||
grp_info = parse_group_line(line)
|
grp_info = parse_group_line(line)
|
||||||
lines.push(grp_info) if !grp_info.nil? && grp_info.size > 0
|
lines.push(grp_info) if !grp_info.nil? && !grp_info.empty?
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -119,7 +119,7 @@ module Inspec::Resources
|
||||||
line, _idx_nl = parse_comment_line(line, opts)
|
line, _idx_nl = parse_comment_line(line, opts)
|
||||||
x = line.split(':')
|
x = line.split(':')
|
||||||
# abort if we have an empty or comment line
|
# abort if we have an empty or comment line
|
||||||
return nil if x.size == 0
|
return nil if x.empty?
|
||||||
# map data
|
# map data
|
||||||
{
|
{
|
||||||
'name' => x.at(0), # Name of the group.
|
'name' => x.at(0), # Name of the group.
|
||||||
|
|
|
@ -61,7 +61,7 @@ module Inspec::Resources
|
||||||
end
|
end
|
||||||
|
|
||||||
def contain(*_)
|
def contain(*_)
|
||||||
fail 'Contain is not supported. Please use standard RSpec matchers.'
|
raise 'Contain is not supported. Please use standard RSpec matchers.'
|
||||||
end
|
end
|
||||||
|
|
||||||
def readable?(by_usergroup, by_specific_user)
|
def readable?(by_usergroup, by_specific_user)
|
||||||
|
@ -128,7 +128,7 @@ module Inspec::Resources
|
||||||
private
|
private
|
||||||
|
|
||||||
def file_permission_granted?(access_type, by_usergroup, by_specific_user)
|
def file_permission_granted?(access_type, by_usergroup, by_specific_user)
|
||||||
fail '`file_permission_granted?` is not supported on your OS' if @perms_provider.nil?
|
raise '`file_permission_granted?` is not supported on your OS' if @perms_provider.nil?
|
||||||
if by_specific_user.nil? || by_specific_user.empty?
|
if by_specific_user.nil? || by_specific_user.empty?
|
||||||
@perms_provider.check_file_permission_by_mask(file, access_type, by_usergroup, by_specific_user)
|
@perms_provider.check_file_permission_by_mask(file, access_type, by_usergroup, by_specific_user)
|
||||||
else
|
else
|
||||||
|
@ -154,7 +154,7 @@ module Inspec::Resources
|
||||||
when 'execute'
|
when 'execute'
|
||||||
'x'
|
'x'
|
||||||
else
|
else
|
||||||
fail 'Invalid access_type provided'
|
raise 'Invalid access_type provided'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -172,7 +172,7 @@ module Inspec::Resources
|
||||||
usergroup = usergroup_for(usergroup, specific_user)
|
usergroup = usergroup_for(usergroup, specific_user)
|
||||||
flag = permission_flag(access_type)
|
flag = permission_flag(access_type)
|
||||||
mask = file.unix_mode_mask(usergroup, flag)
|
mask = file.unix_mode_mask(usergroup, flag)
|
||||||
fail 'Invalid usergroup/owner provided' if mask.nil?
|
raise 'Invalid usergroup/owner provided' if mask.nil?
|
||||||
(file.mode & mask) != 0
|
(file.mode & mask) != 0
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -197,7 +197,7 @@ module Inspec::Resources
|
||||||
|
|
||||||
class WindowsFilePermissions < FilePermissions
|
class WindowsFilePermissions < FilePermissions
|
||||||
def check_file_permission_by_mask(_file, _access_type, _usergroup, _specific_user)
|
def check_file_permission_by_mask(_file, _access_type, _usergroup, _specific_user)
|
||||||
fail '`check_file_permission_by_mask` is not supported on Windows'
|
raise '`check_file_permission_by_mask` is not supported on Windows'
|
||||||
end
|
end
|
||||||
|
|
||||||
def check_file_permission_by_user(access_type, user, path)
|
def check_file_permission_by_user(access_type, user, path)
|
||||||
|
@ -209,7 +209,7 @@ module Inspec::Resources
|
||||||
when 'execute'
|
when 'execute'
|
||||||
'@(\'FullControl\', \'Modify\', \'ReadAndExecute\', \'ExecuteFile\')'
|
'@(\'FullControl\', \'Modify\', \'ReadAndExecute\', \'ExecuteFile\')'
|
||||||
else
|
else
|
||||||
fail 'Invalid access_type provided'
|
raise 'Invalid access_type provided'
|
||||||
end
|
end
|
||||||
cmd = inspec.command("@(@((Get-Acl '#{path}').access | Where-Object {$_.AccessControlType -eq 'Allow' -and $_.IdentityReference -eq '#{user}' }) | Where-Object {($_.FileSystemRights.ToString().Split(',') | % {$_.trim()} | ? {#{access_rule} -contains $_}) -ne $null}) | measure | % { $_.Count }")
|
cmd = inspec.command("@(@((Get-Acl '#{path}').access | Where-Object {$_.AccessControlType -eq 'Allow' -and $_.IdentityReference -eq '#{user}' }) | Where-Object {($_.FileSystemRights.ToString().Split(',') | % {$_.trim()} | ? {#{access_rule} -contains $_}) -ne $null}) | measure | % { $_.Count }")
|
||||||
cmd.stdout.chomp == '0' ? false : true
|
cmd.stdout.chomp == '0' ? false : true
|
||||||
|
|
|
@ -99,18 +99,18 @@ module Inspec::Resources
|
||||||
|
|
||||||
# verifies if a group exists
|
# verifies if a group exists
|
||||||
def exists?
|
def exists?
|
||||||
group_info.entries.size > 0
|
!group_info.entries.empty?
|
||||||
end
|
end
|
||||||
|
|
||||||
def gid
|
def gid
|
||||||
gids = group_info.gids
|
gids = group_info.gids
|
||||||
if gids.size == 0
|
if gids.empty?
|
||||||
nil
|
nil
|
||||||
# the default case should be one group
|
# the default case should be one group
|
||||||
elsif gids.size == 1
|
elsif gids.size == 1
|
||||||
gids.entries[0]
|
gids.entries[0]
|
||||||
else
|
else
|
||||||
fail 'found more than one group with the same name, please use `groups` resource'
|
raise 'found more than one group with the same name, please use `groups` resource'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -144,7 +144,7 @@ module Inspec::Resources
|
||||||
end
|
end
|
||||||
|
|
||||||
def groups
|
def groups
|
||||||
fail 'group provider must implement the `groups` method'
|
raise 'group provider must implement the `groups` method'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -38,11 +38,11 @@ class GrubConfig < Inspec.resource(1) # rubocop:disable Metrics/ClassLength
|
||||||
@conf_path = path || '/boot/grub/grub.cfg'
|
@conf_path = path || '/boot/grub/grub.cfg'
|
||||||
@defaults_path = '/etc/default/grub'
|
@defaults_path = '/etc/default/grub'
|
||||||
@version = 'grub2'
|
@version = 'grub2'
|
||||||
elsif os[:name] == 'amazon' # rubocop:disable Style/GuardClause
|
elsif os[:name] == 'amazon'
|
||||||
@conf_path = path || '/etc/grub.conf'
|
@conf_path = path || '/etc/grub.conf'
|
||||||
@version = 'legacy'
|
@version = 'legacy'
|
||||||
else
|
else
|
||||||
fail UnknownGrubConfig
|
raise UnknownGrubConfig
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -145,7 +145,7 @@ class GrubConfig < Inspec.resource(1) # rubocop:disable Metrics/ClassLength
|
||||||
|
|
||||||
content = file.content
|
content = file.content
|
||||||
|
|
||||||
if content.empty? && file.size > 0
|
if content.empty? && !file.empty?
|
||||||
skip_resource "Can't read file '#{@conf_path}'"
|
skip_resource "Can't read file '#{@conf_path}'"
|
||||||
return @params = {}
|
return @params = {}
|
||||||
end
|
end
|
||||||
|
|
|
@ -60,7 +60,7 @@ module Inspec::Resources
|
||||||
end
|
end
|
||||||
|
|
||||||
def reachable?(port = nil, proto = nil, timeout = nil)
|
def reachable?(port = nil, proto = nil, timeout = nil)
|
||||||
fail "Use `host` resource with host('#{@hostname}', port: #{port}, proto: '#{proto}') parameters." if !port.nil? || !proto.nil? || !timeout.nil?
|
raise "Use `host` resource with host('#{@hostname}', port: #{port}, proto: '#{proto}') parameters." if !port.nil? || !proto.nil? || !timeout.nil?
|
||||||
ping.nil? ? false : ping
|
ping.nil? ? false : ping
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -43,7 +43,7 @@ module Inspec::Resources
|
||||||
end
|
end
|
||||||
|
|
||||||
content = file.content
|
content = file.content
|
||||||
if content.empty? && file.size > 0
|
if content.empty? && !file.empty?
|
||||||
skip_resource "Can't read file \"#{@conf_path}\""
|
skip_resource "Can't read file \"#{@conf_path}\""
|
||||||
return @params = {}
|
return @params = {}
|
||||||
end
|
end
|
||||||
|
|
|
@ -121,7 +121,7 @@ module Inspec::Resources
|
||||||
adapter_collection.push(info) if info[:name].casecmp(iface) == 0
|
adapter_collection.push(info) if info[:name].casecmp(iface) == 0
|
||||||
end
|
end
|
||||||
|
|
||||||
return nil if adapters.size == 0
|
return nil if adapters.empty?
|
||||||
warn "[Possible Error] detected multiple network interfaces with the name #{iface}" if adapters.size > 1
|
warn "[Possible Error] detected multiple network interfaces with the name #{iface}" if adapters.size > 1
|
||||||
adapters[0]
|
adapters[0]
|
||||||
end
|
end
|
||||||
|
|
|
@ -49,7 +49,7 @@ module Inspec::Resources
|
||||||
end
|
end
|
||||||
|
|
||||||
# check if file is readable
|
# check if file is readable
|
||||||
if @file_content.nil? && @file.size > 0
|
if @file_content.nil? && !@file.empty?
|
||||||
skip_resource "Can't read file \"#{@path}\""
|
skip_resource "Can't read file \"#{@path}\""
|
||||||
return @params = {}
|
return @params = {}
|
||||||
end
|
end
|
||||||
|
|
|
@ -35,7 +35,7 @@ module Inspec::Resources
|
||||||
end
|
end
|
||||||
|
|
||||||
content = file.content
|
content = file.content
|
||||||
if content.empty? && file.size > 0
|
if content.empty? && !file.empty?
|
||||||
skip_resource "Can't read file \"#{@conf_path}\""
|
skip_resource "Can't read file \"#{@conf_path}\""
|
||||||
return @params = {}
|
return @params = {}
|
||||||
end
|
end
|
||||||
|
|
|
@ -47,7 +47,7 @@ module Inspec::Resources
|
||||||
end
|
end
|
||||||
|
|
||||||
content = file.content
|
content = file.content
|
||||||
if content.empty? && file.size > 0
|
if content.empty? && !file.empty?
|
||||||
skip_resource "Can't read file \"#{@conf_path}\""
|
skip_resource "Can't read file \"#{@conf_path}\""
|
||||||
return @params = {}
|
return @params = {}
|
||||||
end
|
end
|
||||||
|
|
|
@ -73,7 +73,7 @@ module Inspec::Resources
|
||||||
return skip_resource "Can't find file \"#{@conf_path}\""
|
return skip_resource "Can't find file \"#{@conf_path}\""
|
||||||
end
|
end
|
||||||
raw_conf = read_file(@conf_path)
|
raw_conf = read_file(@conf_path)
|
||||||
if raw_conf.empty? && inspec.file(@conf_path).size > 0
|
if raw_conf.empty? && !inspec.file(@conf_path).empty?
|
||||||
return skip_resource("Can't read file \"#{@conf_path}\"")
|
return skip_resource("Can't read file \"#{@conf_path}\"")
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -43,7 +43,7 @@ module Inspec::Resources
|
||||||
end
|
end
|
||||||
|
|
||||||
content = inspec.file(@conf_path).content
|
content = inspec.file(@conf_path).content
|
||||||
if content.empty? && inspec.file(@conf_path).size > 0
|
if content.empty? && !inspec.file(@conf_path).empty?
|
||||||
skip_resource "Can't read file \"#{@conf_path}\""
|
skip_resource "Can't read file \"#{@conf_path}\""
|
||||||
return @params = {}
|
return @params = {}
|
||||||
end
|
end
|
||||||
|
|
|
@ -50,7 +50,7 @@ module Inspec::Resources
|
||||||
elsif p.class == Regexp
|
elsif p.class == Regexp
|
||||||
p
|
p
|
||||||
else
|
else
|
||||||
fail 'invalid name argument to packages resource, please use a "string" or /regexp/'
|
raise 'invalid name argument to packages resource, please use a "string" or /regexp/'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -64,7 +64,7 @@ module Inspec::Resources
|
||||||
if os.debian?
|
if os.debian?
|
||||||
command = "dpkg-query -W -f='${db:Status-Abbrev} ${Package} ${Version}\\n'"
|
command = "dpkg-query -W -f='${db:Status-Abbrev} ${Package} ${Version}\\n'"
|
||||||
else
|
else
|
||||||
fail "packages resource is not yet supported on #{os.name}"
|
raise "packages resource is not yet supported on #{os.name}"
|
||||||
end
|
end
|
||||||
build_package_list(command)
|
build_package_list(command)
|
||||||
end
|
end
|
||||||
|
|
|
@ -76,7 +76,7 @@ module Inspec::Resources
|
||||||
return skip_resource "Can't find file \"#{conf_path}\""
|
return skip_resource "Can't find file \"#{conf_path}\""
|
||||||
end
|
end
|
||||||
@content = read_file(conf_path).to_s
|
@content = read_file(conf_path).to_s
|
||||||
if @content.empty? && inspec.file(conf_path).size > 0
|
if @content.empty? && !inspec.file(conf_path).empty?
|
||||||
return skip_resource "Can't read file \"#{conf_path}\""
|
return skip_resource "Can't read file \"#{conf_path}\""
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -45,7 +45,7 @@ module Inspec::Resources
|
||||||
.add(:protocols, field: 'protocol', style: :simple)
|
.add(:protocols, field: 'protocol', style: :simple)
|
||||||
.add(:processes, field: 'process', style: :simple)
|
.add(:processes, field: 'process', style: :simple)
|
||||||
.add(:pids, field: 'pid', style: :simple)
|
.add(:pids, field: 'pid', style: :simple)
|
||||||
.add(:listening?) { |x| x.entries.length > 0 }
|
.add(:listening?) { |x| !x.entries.empty? }
|
||||||
filter.connect(self, :info)
|
filter.connect(self, :info)
|
||||||
|
|
||||||
def to_s
|
def to_s
|
||||||
|
@ -169,7 +169,7 @@ module Inspec::Resources
|
||||||
ports = []
|
ports = []
|
||||||
|
|
||||||
# check that lsof is available, otherwise fail
|
# check that lsof is available, otherwise fail
|
||||||
fail 'Please ensure `lsof` is available on the machine.' if !inspec.command(@lsof.to_s).exist?
|
raise 'Please ensure `lsof` is available on the machine.' if !inspec.command(@lsof.to_s).exist?
|
||||||
|
|
||||||
# -F p=pid, c=command, P=protocol name, t=type, n=internet addresses
|
# -F p=pid, c=command, P=protocol name, t=type, n=internet addresses
|
||||||
# see 'OUTPUT FOR OTHER PROGRAMS' in LSOF(8)
|
# see 'OUTPUT FOR OTHER PROGRAMS' in LSOF(8)
|
||||||
|
|
|
@ -65,7 +65,7 @@ module Inspec::Resources
|
||||||
return skip_resource "Can't find file \"#{@conf_path}\""
|
return skip_resource "Can't find file \"#{@conf_path}\""
|
||||||
end
|
end
|
||||||
raw_conf = read_file(@conf_path)
|
raw_conf = read_file(@conf_path)
|
||||||
if raw_conf.empty? && inspec.file(@conf_path).size > 0
|
if raw_conf.empty? && !inspec.file(@conf_path).empty?
|
||||||
return skip_resource("Can't read file \"#{@conf_path}\"")
|
return skip_resource("Can't read file \"#{@conf_path}\"")
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -117,7 +117,7 @@ module Inspec::Resources
|
||||||
return skip_resource "Can't read security policy" if cmd.exit_status.to_i != 0
|
return skip_resource "Can't read security policy" if cmd.exit_status.to_i != 0
|
||||||
@content = cmd.stdout
|
@content = cmd.stdout
|
||||||
|
|
||||||
if @content.empty? && file.size > 0
|
if @content.empty? && !file.empty?
|
||||||
return skip_resource "Can't read security policy"
|
return skip_resource "Can't read security policy"
|
||||||
end
|
end
|
||||||
@content
|
@content
|
||||||
|
|
|
@ -62,7 +62,7 @@ module Inspec::Resources
|
||||||
end
|
end
|
||||||
|
|
||||||
@content = file.content
|
@content = file.content
|
||||||
if @content.empty? && file.size > 0
|
if @content.empty? && !file.empty?
|
||||||
return skip_resource "Can't read file \"#{@conf_path}\""
|
return skip_resource "Can't read file \"#{@conf_path}\""
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -52,7 +52,7 @@ class SSL < Inspec.resource(1)
|
||||||
elsif inspec.backend.class.to_s == 'Train::Transports::Local::Connection'
|
elsif inspec.backend.class.to_s == 'Train::Transports::Local::Connection'
|
||||||
@host = 'localhost'
|
@host = 'localhost'
|
||||||
else
|
else
|
||||||
fail 'Cannot determine host for SSL test. Please specify it or use a different target.'
|
raise 'Cannot determine host for SSL test. Please specify it or use a different target.'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
@port = opts[:port] || 443
|
@port = opts[:port] || 443
|
||||||
|
|
|
@ -242,7 +242,7 @@ module Inspec::Resources
|
||||||
|
|
||||||
def has_authorized_key?(_compare_key)
|
def has_authorized_key?(_compare_key)
|
||||||
deprecated('has_authorized_key?')
|
deprecated('has_authorized_key?')
|
||||||
fail NotImplementedError
|
raise NotImplementedError
|
||||||
end
|
end
|
||||||
|
|
||||||
def deprecated(name, alternative = nil)
|
def deprecated(name, alternative = nil)
|
||||||
|
@ -292,7 +292,7 @@ module Inspec::Resources
|
||||||
# groups: '',
|
# groups: '',
|
||||||
# }
|
# }
|
||||||
def identity(_username)
|
def identity(_username)
|
||||||
fail 'user provider must implement the `identity` method'
|
raise 'user provider must implement the `identity` method'
|
||||||
end
|
end
|
||||||
|
|
||||||
# returns optional information about a user, eg shell
|
# returns optional information about a user, eg shell
|
||||||
|
@ -313,7 +313,7 @@ module Inspec::Resources
|
||||||
|
|
||||||
# returns an array with users
|
# returns an array with users
|
||||||
def list_users
|
def list_users
|
||||||
fail 'user provider must implement the `list_users` method'
|
raise 'user provider must implement the `list_users` method'
|
||||||
end
|
end
|
||||||
|
|
||||||
# retuns all aspects of the user as one hash
|
# retuns all aspects of the user as one hash
|
||||||
|
@ -556,7 +556,7 @@ module Inspec::Resources
|
||||||
def parse_windows_account(username)
|
def parse_windows_account(username)
|
||||||
account = username.split('\\')
|
account = username.split('\\')
|
||||||
name = account.pop
|
name = account.pop
|
||||||
domain = account.pop if account.size > 0
|
domain = account.pop if !account.empty?
|
||||||
[name, domain]
|
[name, domain]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -565,7 +565,7 @@ module Inspec::Resources
|
||||||
name, _domain = parse_windows_account(username)
|
name, _domain = parse_windows_account(username)
|
||||||
return if collect_user_details.nil?
|
return if collect_user_details.nil?
|
||||||
res = collect_user_details.select { |user| user[:username] == name }
|
res = collect_user_details.select { |user| user[:username] == name }
|
||||||
res[0] if res.length > 0
|
res[0] if !res.empty?
|
||||||
end
|
end
|
||||||
|
|
||||||
def list_users
|
def list_users
|
||||||
|
|
|
@ -57,7 +57,7 @@ module Inspec::Resources
|
||||||
end
|
end
|
||||||
|
|
||||||
@contents[path] = file.content
|
@contents[path] = file.content
|
||||||
if @contents[path].empty? && file.size > 0
|
if @contents[path].empty? && !file.empty?
|
||||||
return skip_resource "Can't read file \"#{path}\""
|
return skip_resource "Can't read file \"#{path}\""
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -9,20 +9,20 @@ class CommandWrapper
|
||||||
|
|
||||||
def self.wrap(cmd, options)
|
def self.wrap(cmd, options)
|
||||||
unless options.is_a?(Hash)
|
unless options.is_a?(Hash)
|
||||||
fail 'All options for the command wrapper must be provided as a hash. '\
|
raise 'All options for the command wrapper must be provided as a hash. '\
|
||||||
"You entered: #{options.inspect}. Please consult the documentation."
|
"You entered: #{options.inspect}. Please consult the documentation."
|
||||||
end
|
end
|
||||||
|
|
||||||
wrap = options[:wrap]
|
wrap = options[:wrap]
|
||||||
if !wrap.nil? && !wrap.is_a?(Proc)
|
if !wrap.nil? && !wrap.is_a?(Proc)
|
||||||
fail "Called command wrapper with wrap: #{wrap.inspect}. It must be called with a Proc."
|
raise "Called command wrapper with wrap: #{wrap.inspect}. It must be called with a Proc."
|
||||||
elsif !wrap.nil?
|
elsif !wrap.nil?
|
||||||
return wrap.call(cmd)
|
return wrap.call(cmd)
|
||||||
end
|
end
|
||||||
|
|
||||||
shell = options[:shell]
|
shell = options[:shell]
|
||||||
unless UNIX_SHELLS.include?(shell)
|
unless UNIX_SHELLS.include?(shell)
|
||||||
fail "Don't know how to wrap commands for shell: #{shell.inspect}."
|
raise "Don't know how to wrap commands for shell: #{shell.inspect}."
|
||||||
end
|
end
|
||||||
|
|
||||||
path = options[:path] || shell
|
path = options[:path] || shell
|
||||||
|
|
|
@ -70,7 +70,7 @@ module FilterTable
|
||||||
end
|
end
|
||||||
|
|
||||||
def new_entry(*_)
|
def new_entry(*_)
|
||||||
fail "#{self.class} must not be used on its own. It must be inherited "\
|
raise "#{self.class} must not be used on its own. It must be inherited "\
|
||||||
'and the #new_entry method must be implemented. This is an internal '\
|
'and the #new_entry method must be implemented. This is an internal '\
|
||||||
'error and should not happen.'
|
'error and should not happen.'
|
||||||
end
|
end
|
||||||
|
|
|
@ -39,7 +39,7 @@ class PluginRegistry
|
||||||
#
|
#
|
||||||
# @return [PluginRegistry] plugin registry for this plugin
|
# @return [PluginRegistry] plugin registry for this plugin
|
||||||
def self.plugin_registry
|
def self.plugin_registry
|
||||||
fail "Plugin #{self} does not implement `self.plugin_registry()`. This method is required"
|
raise "Plugin #{self} does not implement `self.plugin_registry()`. This method is required"
|
||||||
end
|
end
|
||||||
|
|
||||||
# Register a new plugin by name
|
# Register a new plugin by name
|
||||||
|
@ -47,7 +47,7 @@ class PluginRegistry
|
||||||
# @param [String] the unique name of this plugin
|
# @param [String] the unique name of this plugin
|
||||||
# @return [nil] disregard
|
# @return [nil] disregard
|
||||||
def self.name(name)
|
def self.name(name)
|
||||||
fail "Trying to register #{self} with name == nil" if name.nil?
|
raise "Trying to register #{self} with name == nil" if name.nil?
|
||||||
@name = name
|
@name = name
|
||||||
plugin_registry.registry[name] = self
|
plugin_registry.registry[name] = self
|
||||||
end
|
end
|
||||||
|
@ -72,7 +72,7 @@ class PluginRegistry
|
||||||
# @param [String] target to try to resolve
|
# @param [String] target to try to resolve
|
||||||
# @return [Plugin] instance if it can be resolved, nil otherwise
|
# @return [Plugin] instance if it can be resolved, nil otherwise
|
||||||
def self.resolve(_target)
|
def self.resolve(_target)
|
||||||
fail "Plugin #{self} does not implement `self.resolve(target)`. This method is required"
|
raise "Plugin #{self} does not implement `self.resolve(target)`. This method is required"
|
||||||
end
|
end
|
||||||
|
|
||||||
# When a plugin's resolve doesn't lead to the final state, it can
|
# When a plugin's resolve doesn't lead to the final state, it can
|
||||||
|
|
|
@ -33,7 +33,7 @@ class SimpleConfig
|
||||||
raw_data = raw_data.tr(options[:line_separator], "\n")
|
raw_data = raw_data.tr(options[:line_separator], "\n")
|
||||||
end
|
end
|
||||||
rest = raw_data
|
rest = raw_data
|
||||||
rest = parse_rest(rest, options) while rest.length > 0
|
rest = parse_rest(rest, options) until rest.empty?
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
|
@ -135,7 +135,7 @@ class ResourceDocs
|
||||||
|
|
||||||
def render_path(path)
|
def render_path(path)
|
||||||
abs = File.join(@root, path)
|
abs = File.join(@root, path)
|
||||||
fail "Can't find file to render in #{abs}" unless File.file?(abs)
|
raise "Can't find file to render in #{abs}" unless File.file?(abs)
|
||||||
|
|
||||||
ERB.new(File.read(abs)).result(binding)
|
ERB.new(File.read(abs)).result(binding)
|
||||||
end
|
end
|
||||||
|
|
|
@ -28,7 +28,7 @@ end
|
||||||
module Verify
|
module Verify
|
||||||
def self.file(path)
|
def self.file(path)
|
||||||
return print("\033[32m.\033[0m") if File.file?(path)
|
return print("\033[32m.\033[0m") if File.file?(path)
|
||||||
fail "Failed to build this step. Looking for file in #{path} but it doesn't exist."
|
raise "Failed to build this step. Looking for file in #{path} but it doesn't exist."
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.ok
|
def self.ok
|
||||||
|
|
|
@ -64,15 +64,15 @@ namespace :www do
|
||||||
end
|
end
|
||||||
|
|
||||||
unless File.directory?(dst) && File.file?(File.join(dst, 'index.html'))
|
unless File.directory?(dst) && File.file?(File.join(dst, 'index.html'))
|
||||||
fail 'It looks like the site was not build. Aborting.'
|
raise 'It looks like the site was not build. Aborting.'
|
||||||
end
|
end
|
||||||
|
|
||||||
# check if git exists
|
# check if git exists
|
||||||
sh('command -v git >/dev/null 2>&1') ||
|
sh('command -v git >/dev/null 2>&1') ||
|
||||||
fail("It looks like `git` isn't installed. It is required to run this build task.")
|
raise("It looks like `git` isn't installed. It is required to run this build task.")
|
||||||
|
|
||||||
unless sh('git diff-index --quiet HEAD --')
|
unless sh('git diff-index --quiet HEAD --')
|
||||||
fail 'Please make sure you have no uncommitted changes in this repository.'
|
raise 'Please make sure you have no uncommitted changes in this repository.'
|
||||||
end
|
end
|
||||||
|
|
||||||
File.write('www/build/CNAME', 'inspec.io')
|
File.write('www/build/CNAME', 'inspec.io')
|
||||||
|
@ -86,7 +86,7 @@ namespace :www do
|
||||||
|
|
||||||
current_branch = `git rev-parse --abbrev-ref HEAD`.strip
|
current_branch = `git rev-parse --abbrev-ref HEAD`.strip
|
||||||
if current_branch.empty?
|
if current_branch.empty?
|
||||||
fail 'Cannot determine current branch to go back to! Aborting.'
|
raise 'Cannot determine current branch to go back to! Aborting.'
|
||||||
end
|
end
|
||||||
|
|
||||||
Log.info 'Create empty gh-pages branch'
|
Log.info 'Create empty gh-pages branch'
|
||||||
|
|
|
@ -5,7 +5,7 @@ module SidebarHelpers
|
||||||
|
|
||||||
def sidebar_data(sidebar_layout)
|
def sidebar_data(sidebar_layout)
|
||||||
unless SIDEBAR_LAYOUTS.include?(sidebar_layout)
|
unless SIDEBAR_LAYOUTS.include?(sidebar_layout)
|
||||||
fail "'#{sidebar_layout}' is not a valid sidebar layout type."
|
raise "'#{sidebar_layout}' is not a valid sidebar layout type."
|
||||||
end
|
end
|
||||||
|
|
||||||
data.public_send(:"#{sidebar_layout}_sidebar").sidebar_links.dup
|
data.public_send(:"#{sidebar_layout}_sidebar").sidebar_links.dup
|
||||||
|
|
|
@ -135,7 +135,7 @@ end
|
||||||
|
|
||||||
def generate_simulation_files(simulator, commands, output_dir)
|
def generate_simulation_files(simulator, commands, output_dir)
|
||||||
require 'docker'
|
require 'docker'
|
||||||
fail "#{simulator} docker image is not available" unless Docker::Image.exist?(simulator)
|
raise "#{simulator} docker image is not available" unless Docker::Image.exist?(simulator)
|
||||||
|
|
||||||
# start container and get id
|
# start container and get id
|
||||||
Docker.options[:read_timeout] = 3 * 60
|
Docker.options[:read_timeout] = 3 * 60
|
||||||
|
|
Loading…
Reference in a new issue