Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-25 22:20:27 +00:00
Code Issues Projects Releases Packages Wiki Activity

CFINSPEC-291: Initial fix to consider processes without path on Windows

Browse source 
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
This commit is contained in:
Sonu Saha 2022-06-01 13:09:30 +05:30
parent ed171586eb
commit 39b4f0a7a5
1 changed files with 8 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
lib/inspec/resources/processes.rb
View file

@ -41,9 +41,10 @@ module Inspec::Resources
grep = Regexp.new(grep) grep = Regexp.new(grep)
end end
# require "byebug"; byebug
all_cmds = ps_axo all_cmds = ps_axo
@list = all_cmds.find_all do |hm| @list = all_cmds.find_all do |hm|
hm[:command] =~ grep hm[:command] =~ grep || hm[:process_name] =~ grep
end end
end end
@ -84,6 +85,7 @@ module Inspec::Resources
.register_column(:time, field: "time") .register_column(:time, field: "time")
.register_column(:users, field: "user") .register_column(:users, field: "user")
.register_column(:commands, field: "command") .register_column(:commands, field: "command")
.register_column(:process_name, field: "process_name")
.install_filter_methods_on_resource(self, :filtered_processes) .install_filter_methods_on_resource(self, :filtered_processes)
private private
@ -98,9 +100,9 @@ module Inspec::Resources
if os.linux? if os.linux?
command, regex, field_map = ps_configuration_for_linux command, regex, field_map = ps_configuration_for_linux
elsif os.windows? elsif os.windows?
command = '$Proc = Get-Process -IncludeUserName | Where-Object {$_.Path -ne $null } | Select-Object PriorityClass,Id,CPU,PM,VirtualMemorySize,NPM,SessionId,Responding,StartTime,TotalProcessorTime,UserName,Path | ConvertTo-Csv -NoTypeInformation;$Proc.Replace("""","").Replace("`r`n","`n")' command = '$Proc = Get-Process -IncludeUserName | Select-Object PriorityClass,Id,CPU,PM,VirtualMemorySize,NPM,SessionId,Responding,StartTime,TotalProcessorTime,UserName,Path,ProcessName | ConvertTo-Csv -NoTypeInformation;$Proc.Replace("""","").Replace("`r`n","`n")'
# Wanted to use /(?:^|,)([^,]*)/; works on rubular.com not sure why here? # Wanted to use /(?:^|,)([^,]*)/; works on rubular.com not sure why here?
regex = /^(.+),(.+),(.+),(.+),(.+),(.+),(.+),(.+),(.+),(.+),(.+),(.+)$/ regex = /^(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*),(.*)$/
field_map = { field_map = {
pid: 2, pid: 2,
cpu: 3, cpu: 3,
@ -113,6 +115,7 @@ module Inspec::Resources
time: 10, time: 10,
user: 11, user: 11,
command: 12, command: 12,
process_name: 13,
} }
else else
command = "ps axo pid,pcpu,pmem,vsz,rss,tty,stat,start,time,user,command" command = "ps axo pid,pcpu,pmem,vsz,rss,tty,stat,start,time,user,command"
@ -187,6 +190,7 @@ module Inspec::Resources
end end
def build_process_list(command, regex, field_map) def build_process_list(command, regex, field_map)
# require "byebug"; byebug
cmd = inspec.command(command) cmd = inspec.command(command)
all = cmd.stdout.split("\n")[1..-1] all = cmd.stdout.split("\n")[1..-1]
return [] if all.nil? return [] if all.nil?
@ -204,7 +208,7 @@ module Inspec::Resources
# build a hash of process data that we'll turn into a struct for FilterTable # build a hash of process data that we'll turn into a struct for FilterTable
process_data = {} process_data = {}
%i{label pid cpu mem vsz rss tty stat start time user command}.each do |param| %i{label pid cpu mem vsz rss tty stat start time user command process_name}.each do |param|
# not all operating systems support all fields, so skip the field if we don't have it # not all operating systems support all fields, so skip the field if we don't have it
process_data[param] = line[field_map[param]] if field_map.key?(param) process_data[param] = line[field_map[param]] if field_map.key?(param)
end end