mirror of
https://github.com/inspec/inspec
synced 2024-11-27 07:00:39 +00:00
Merge pull request #1779 from aaronlippold/al/mysql-session-update
Al/mysql session update
This commit is contained in:
commit
39d35dd99f
1 changed files with 5 additions and 3 deletions
|
@ -2,6 +2,7 @@
|
||||||
# copyright: 2015, Vulcano Security GmbH
|
# copyright: 2015, Vulcano Security GmbH
|
||||||
# author: Dominik Richter
|
# author: Dominik Richter
|
||||||
# author: Christoph Hartmann
|
# author: Christoph Hartmann
|
||||||
|
# author: Aaron Lippold
|
||||||
# license: All rights reserved
|
# license: All rights reserved
|
||||||
|
|
||||||
module Inspec::Resources
|
module Inspec::Resources
|
||||||
|
@ -9,15 +10,16 @@ module Inspec::Resources
|
||||||
name 'mysql_session'
|
name 'mysql_session'
|
||||||
desc 'Use the mysql_session InSpec audit resource to test SQL commands run against a MySQL database.'
|
desc 'Use the mysql_session InSpec audit resource to test SQL commands run against a MySQL database.'
|
||||||
example "
|
example "
|
||||||
sql = mysql_session('my_user','password')
|
sql = mysql_session('my_user','password','host')
|
||||||
describe sql.query('show databases like \'test\';') do
|
describe sql.query('show databases like \'test\';') do
|
||||||
its('stdout') { should_not match(/test/) }
|
its('stdout') { should_not match(/test/) }
|
||||||
end
|
end
|
||||||
"
|
"
|
||||||
|
|
||||||
def initialize(user = nil, pass = nil)
|
def initialize(user = nil, pass = nil, host = 'localhost')
|
||||||
@user = user
|
@user = user
|
||||||
@pass = pass
|
@pass = pass
|
||||||
|
@host = host
|
||||||
init_fallback if user.nil? or pass.nil?
|
init_fallback if user.nil? or pass.nil?
|
||||||
skip_resource("Can't run MySQL SQL checks without authentication") if @user.nil? or @pass.nil?
|
skip_resource("Can't run MySQL SQL checks without authentication") if @user.nil? or @pass.nil?
|
||||||
end
|
end
|
||||||
|
@ -28,7 +30,7 @@ module Inspec::Resources
|
||||||
escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
|
escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
|
||||||
|
|
||||||
# run the query
|
# run the query
|
||||||
cmd = inspec.command("mysql -u#{@user} -p#{@pass} #{db} -s -e \"#{escaped_query}\"")
|
cmd = inspec.command("mysql -u#{@user} -p#{@pass} -h #{@host} #{db} -s -e \"#{escaped_query}\"")
|
||||||
out = cmd.stdout + "\n" + cmd.stderr
|
out = cmd.stdout + "\n" + cmd.stderr
|
||||||
if out =~ /Can't connect to .* MySQL server/ or
|
if out =~ /Can't connect to .* MySQL server/ or
|
||||||
out.downcase =~ /^error/
|
out.downcase =~ /^error/
|
||||||
|
|
Loading…
Reference in a new issue