mirror of
https://github.com/inspec/inspec
synced 2024-09-21 06:51:56 +00:00
Mysql socket (#1933)
* showing how to shellout in docs Signed-off-by: Richard Shade <rshade@rightscale.com> * adding basic example Signed-off-by: Richard Shade <rshade@rightscale.com> * cleanup Signed-off-by: Richard Shade <rshade@rightscale.com> * adding in mysql socket, as this doesn't work with non-default installs Signed-off-by: Richard Shade <rshade@rightscale.com> * updating per peer review to make socket not a req, and adding port Signed-off-by: Richard Shade <rshade@rightscale.com> * updating docs Signed-off-by: Richard Shade <rshade@rightscale.com>
This commit is contained in:
parent
b12f95ea76
commit
1fbd4b57a2
2 changed files with 25 additions and 2 deletions
|
@ -61,3 +61,15 @@ The following examples show how to use this InSpec audit resource.
|
|||
describe sql.query('show databases like \'test\';') do
|
||||
its('stdout') { should_not match(/test/) }
|
||||
end
|
||||
|
||||
### Alternate Connection: Different Host
|
||||
|
||||
sql = mysql_session('my_user','password','db.example.com')
|
||||
|
||||
### Alternate Connection: Different Port
|
||||
|
||||
sql = mysql_seesion('my_user','password','localhost',3307)
|
||||
|
||||
### Alternate Connection: Using a socket
|
||||
|
||||
sql = mysql_session('my_user','password', nil, nil, '/var/lib/mysql-default/mysqld.sock')
|
||||
|
|
|
@ -16,10 +16,12 @@ module Inspec::Resources
|
|||
end
|
||||
"
|
||||
|
||||
def initialize(user = nil, pass = nil, host = 'localhost')
|
||||
def initialize(user = nil, pass = nil, host = 'localhost', port = nil, socket = nil)
|
||||
@user = user
|
||||
@pass = pass
|
||||
@host = host
|
||||
@port = port
|
||||
@socket = socket
|
||||
init_fallback if user.nil? or pass.nil?
|
||||
skip_resource("Can't run MySQL SQL checks without authentication") if @user.nil? or @pass.nil?
|
||||
end
|
||||
|
@ -30,7 +32,16 @@ module Inspec::Resources
|
|||
escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
|
||||
|
||||
# run the query
|
||||
cmd = inspec.command("mysql -u#{@user} -p#{@pass} -h #{@host} #{db} -s -e \"#{escaped_query}\"")
|
||||
command = "mysql -u#{@user} -p#{@pass}"
|
||||
if !socket.nil?
|
||||
command += " -S #{@socket}"
|
||||
else
|
||||
command += " -h #{@host}"
|
||||
end
|
||||
command += " --port #{@port}" unless @port.nil?
|
||||
command += " #{db} -s -S #{@socket} -e \"#{escaped_query}\""
|
||||
|
||||
cmd = inspec.command(command)
|
||||
out = cmd.stdout + "\n" + cmd.stderr
|
||||
if out =~ /Can't connect to .* MySQL server/ or
|
||||
out.downcase =~ /^error/
|
||||
|
|
Loading…
Reference in a new issue