lint

.rubocop.yml

@@ -45,13 +45,17 @@ Style/PredicateName:
   Enabled: false
 Style/ClassAndModuleChildren:
   Enabled: false
+Style/ConditionalAssignment:
+  Enabled: false
 Style/BracesAroundHashParameters:
   Enabled: false
 Style/AndOr:
   Enabled: false
 Style/Not:
   Enabled: false
-Style/TrailingComma:
+Style/TrailingCommaInLiteral:
+  EnforcedStyleForMultiline: comma
+Style/TrailingCommaInArguments:
   EnforcedStyleForMultiline: comma
 Style/NegatedIf:
   Enabled: false

lib/inspec/dsl.rb

@@ -13,8 +13,21 @@ module Inspec::DSL
     ::Inspec::DSL.load_spec_files_for_profile self, id, true, &block
   end
 
-  alias_method :require_rules, :require_controls
-  alias_method :include_rules, :include_controls
+  alias require_rules require_controls
+  alias include_rules include_controls
+
+  def self.rule_from_check(m, a, b)
+    if a.is_a?(Array) && !a.empty? &&
+       a[0].respond_to?(:resource_skipped) &&
+       !a[0].resource_skipped.nil?
+      ::Inspec::Rule.__send__(m, *a) do
+        it a[0].resource_skipped
+      end
+    else
+      # execute the method
+      ::Inspec::Rule.__send__(m, *a, &b)
+    end
+  end
 
   # Register a given rule with RSpec and
   # let it run. This happens after everything
@@ -24,24 +37,11 @@ module Inspec::DSL
     fid = InspecBaseRule.full_id(r, profile_id)
     checks.each do |m, a, b|
       # check if the resource is skippable and skipped
-      if a.is_a?(Array) && !a.empty? &&
-         a[0].respond_to?(:resource_skipped) &&
-         !a[0].resource_skipped.nil?
-        cres = ::Inspec::Rule.__send__(m, *a) do
-          it a[0].resource_skipped
-        end
-      else
-        # execute the method
-        cres = ::Inspec::Rule.__send__(m, *a, &b)
-      end
-      if m == 'describe'
-        set_rspec_ids(cres, fid)
-      end
+      cres = rule_from_check(m, a, b)
+      set_rspec_ids(cres, fid) if m == 'describe'
     end
   end
 
-  private
-
   # merge two rules completely; all defined
   # fields from src will be overwritten in dst
   def self.merge_rules(dst, src)

lib/inspec/plugins/resource.rb

@@ -22,7 +22,7 @@ module Inspec
       end
 
       def self.__register(name, obj)
-        # rubocop:disable Lint/NestedMethodDefinition
+        # rubocop:disable Lint/NestedMethodDefinition, Lint/DuplicateMethods
         cl = Class.new(obj) do
           # add some common methods
           include Inspec::Plugins::ResourceCommon

lib/inspec/profile.rb

@@ -147,7 +147,7 @@ module Inspec
 
       profile_name = @params[:name]
 
-      opts[:zip] ? ext='zip' : ext='tar.gz'
+      ext = opts[:zip] ? 'zip' : 'tar.gz'
       slug = profile_name.downcase.strip.tr(' ', '-').gsub(/[^\w-]/, '_')
       archive = Pathname.new(File.dirname(__FILE__)).join('../..', "#{slug}.#{ext}")
 

lib/inspec/profile_context.rb

@@ -133,9 +133,9 @@ module Inspec
 
         alias_method :skip_rule, :skip_control
 
-        def only_if(&block)
+        def only_if
           return unless block_given?
-          @skip_profile = !block.call
+          @skip_profile = !yield
         end
       end
       # rubocop:enable all

lib/inspec/rule.rb

@@ -138,11 +138,11 @@ module Inspec
         rule.instance_variable_set(:@profile_id, profile_id)
         pid = profile_id
       end
-      if pid.nil? or pid.empty?
-        return rid
-      else
-        return "#{pid}/#{rid}"
-      end
+
+      # if we don't have a profile id, just return the rule's ID
+      return rid if pid.nil? or pid.empty?
+      # otherwise combine them
+      "#{pid}/#{rid}"
     end
 
     private
@@ -155,8 +155,8 @@ module Inspec
     def unindent(text)
       return '' if text.nil?
       text.strip.split("\n").map(&:strip)
-        .map { |x| x.empty? ? "\n" : x }
-        .join(' ')
+          .map { |x| x.empty? ? "\n" : x }
+          .join(' ')
     end
 
     # get the rule's source code

lib/inspec/shell.rb

@@ -89,10 +89,8 @@ You are currently running on:
 EOF
       elsif resource == 'resources'
         resources
-      else
-
-        if !Inspec::Resource.registry[resource].nil?
-          puts <<EOF
+      elsif !Inspec::Resource.registry[resource].nil?
+        puts <<EOF
 #{mark 'Name:'} #{resource}
 
 #{mark 'Description:'}
@@ -107,10 +105,9 @@ EOF
 https://github.com/chef/inspec/blob/master/docs/resources.rst##{resource}
 
 EOF
-        else
-          puts 'Only the following resources are available:'
-          resources
-        end
+      else
+        puts 'Only the following resources are available:'
+        resources
       end
     end
 

lib/inspec/targets/dir.rb

@@ -28,7 +28,7 @@ module Inspec::Targets
 
       def get_filenames(paths)
         paths.find_all do |path|
-          (path.start_with?('controls') || path.start_with?('test')) && path.end_with?('.rb')
+          path.start_with?('controls', 'test') && path.end_with?('.rb')
         end
       end
 

lib/inspec/targets/tar.rb

@@ -9,16 +9,13 @@ require 'inspec/targets/archive'
 module Inspec::Targets
   class TarHelper < ArchiveHelper
     def handles?(target)
-      File.file?(target) and (
-        target.end_with?('.tar.gz') ||
-        target.end_with?('.tgz')
-      )
+      File.file?(target) && target.end_with?('.tar.gz', '.tgz')
     end
 
     def structure(input)
       files = []
       rootdir = ''
-      Gem::Package::TarReader.new(Zlib::GzipReader.open input) do |tar|
+      Gem::Package::TarReader.new(Zlib::GzipReader.open(input)) do |tar|
         files = tar.map(&:full_name)
       end
 
@@ -35,7 +32,7 @@ module Inspec::Targets
 
     def content(input, files, rootdir = nil, opts = {})
       content = []
-      Gem::Package::TarReader.new(Zlib::GzipReader.open input) do |tar|
+      Gem::Package::TarReader.new(Zlib::GzipReader.open(input)) do |tar|
         tar.each do |entry|
           if entry.directory?
             # nothing to do

lib/inspec/targets/url.rb

@@ -17,7 +17,7 @@ module Inspec::Targets
 
     def resolve(target, opts = {})
       # abort if the target does not start with http or https
-      return nil unless target.start_with? 'https://' or target.start_with? 'http://'
+      return nil unless target.start_with?('https://', 'http://')
 
       # support for github url
       m = %r{^https?://(www\.)?github\.com/(?<user>[\w-]+)/(?<repo>[\w-]+)(\.git)?$}.match(target)

lib/inspec/version.rb

@@ -3,5 +3,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '0.9.8'
+  VERSION = '0.9.8'.freeze
 end

lib/matchers/matchers.rb

@@ -70,7 +70,7 @@ end
 # matcher to check /etc/passwd, /etc/shadow and /etc/group
 RSpec::Matchers.define :contain_legacy_plus do
   match do |file|
-    file.content.match(/^\+:/)
+    file.content =~ /^\+:/
   end
 end
 

lib/resources/audit_policy.rb

@@ -44,7 +44,7 @@ class AuditPolicy < Inspec.resource(1)
     # find line
     target = nil
     result.each_line {|s|
-      target = s.strip if s.match(/\b.*#{key}.*\b/)
+      target = s.strip if s =~ /\b.*#{key}.*\b/
     }
 
     # extract value

lib/resources/command.rb

@@ -39,15 +39,15 @@ class Cmd < Inspec.resource(1)
   end
 
   def exist?
+    # silent for mock resources
+    return false if inspec.os[:family].to_s == 'unknown'
+
     if inspec.os.linux?
       res = inspec.backend.run_command("bash -c 'type \"#{@command}\"'")
     elsif inspec.os.windows?
       res = inspec.backend.run_command("where.exe \"#{@command}\"")
     elsif inspec.os.unix?
       res = inspec.backend.run_command("type \"#{@command}\"")
-    elsif inspec.os[:family].to_s == 'unknown'
-      # silent for mock resources
-      return false
     else
       warn "`command(#{@command}).exist?` is not suported on you OS: #{inspec.os[:family]}"
       return false

lib/resources/group.rb

@@ -48,15 +48,13 @@ class Group < Inspec.resource(1)
   end
 
   def gid
-    if group_info.nil? || group_info.size == 0
-      return nil
-    elsif group_info.size == 1
-      # the default case should be one group
-      return group_info[0][:gid]
-    else
-      # return array if we got multiple gids
-      return group_info.map { |grp| grp[:gid] }
-    end
+    return nil if group_info.nil? || group_info.size == 0
+
+    # the default case should be one group
+    return group_info[0][:gid] if group_info.size == 1
+
+    # return array if we got multiple gids
+    group_info.map { |grp| grp[:gid] }
   end
 
   # implements rspec has matcher, to be compatible with serverspec
@@ -65,15 +63,13 @@ class Group < Inspec.resource(1)
   end
 
   def local
-    if group_info.nil? || group_info.size == 0
-      return nil
-    elsif group_info.size == 1
-      # the default case should be one group
-      return group_info[0][:local]
-    else
-      # return array if we got multiple gids
-      return group_info.map { |grp| grp[:local] }
-    end
+    return nil if group_info.nil? || group_info.size == 0
+
+    # the default case should be one group
+    return group_info[0][:local] if group_info.size == 1
+
+    # return array if we got multiple gids
+    group_info.map { |grp| grp[:local] }
   end
 
   def to_s

lib/resources/iptables.rb

@@ -47,7 +47,7 @@ class IpTables < Inspec.resource(1)
     retrieve_rules.each { |line|
       # checks if the rule is part of the ruleset
       # for now, we expect an excact match
-      found = true if line.downcase == rule.downcase
+      found = true if line.casecmp(rule)
     }
     found
   end

lib/resources/json.rb

@@ -74,11 +74,9 @@ class JsonConfig < Inspec.resource(1)
       value = value[key.to_s].nil? ? nil : value[key.to_s]
     end
 
-    # check if further keys exist
-    if !keys.first.nil?
-      return extract_value(keys.clone, value)
-    else
-      return value
-    end
+    # if there are no more keys, just return the value
+    return value if keys.first.nil?
+    # if there are more keys, extract more
+    extract_value(keys.clone, value)
   end
 end

lib/resources/kernel_parameter.rb

@@ -24,7 +24,7 @@ class KernelParameter < Inspec.resource(1)
     # remove whitespace
     cmd = cmd.stdout.chomp.strip
     # convert to number if possible
-    cmd = cmd.to_i if cmd.match(/^\d+$/)
+    cmd = cmd.to_i if cmd =~ /^\d+$/
     cmd
   end
 

lib/resources/os.rb

@@ -13,7 +13,7 @@ class OS < Inspec.resource(1)
 
   # reuse helper methods from backend
   %w{redhat? debian? suse? bsd? solaris? linux? unix? windows?}.each do |os_family|
-    define_method((os_family).to_sym) do
+    define_method(os_family.to_sym) do
       inspec.backend.os.send(os_family)
     end
   end

lib/resources/package.rb

@@ -134,9 +134,9 @@ class Brew < PkgManagement
     # parse data
     pkg = JSON.parse(cmd.stdout)[0]
     {
-      name: "#{pkg.name}",
+      name: pkg.name.to_s,
       installed: true,
-      version: "#{pkg.installed.version}",
+      version: pkg.installed.version.to_s,
       type: 'brew',
     }
   end

lib/resources/passwd.rb

@@ -87,7 +87,7 @@ end
 class PasswdUid
   def initialize(passwd, uid)
     @passwd = passwd
-    @users = @passwd.parsed.select { |x| x['uid'] == "#{uid}" }
+    @users = @passwd.parsed.select { |x| x['uid'] == uid.to_s }
   end
 
   def username

lib/resources/port.rb

@@ -146,7 +146,7 @@ class DarwinPorts < PortsInfo
       net_addr = parsed[9].split(':')
       # convert to number if possible
       net_port = net_addr[1]
-      net_port = net_port.to_i if /^\d+$/.match(net_port)
+      net_port = net_port.to_i if net_port =~ /^\d+$/
       protocol = parsed[8].downcase
 
       # add version to protocol
@@ -192,17 +192,18 @@ class LinuxPorts < PortsInfo
       # prep for URI parsing, parse ip6 port
       ip6 = /^(\S+):(\d+)$/.match(net_addr)
       ip6addr = ip6[1]
-      ip6addr = '::' if /^:::$/.match(ip6addr)
+      ip6addr = '::' if ip6addr =~ /^:::$/
       # build uri
       ip_addr = URI("addr://[#{ip6addr}]:#{ip6[2]}")
       # replace []
       host = ip_addr.host[1..ip_addr.host.size-2]
-      port = ip_addr.port
     else
       ip_addr = URI('addr://'+net_addr)
       host = ip_addr.host
-      port = ip_addr.port
     end
+
+    port = ip_addr.port
+
     [host, port]
   rescue URI::InvalidURIError => e
     warn "Could not parse #{net_addr}, #{e}"
@@ -228,7 +229,7 @@ class LinuxPorts < PortsInfo
     # extract PID
     process = parsed[9].split('/')
     pid = process[0]
-    pid = pid.to_i if /^\d+$/.match(pid)
+    pid = pid.to_i if pid =~ /^\d+$/
     process = process[1]
 
     # map data
@@ -264,14 +265,14 @@ class FreeBsdPorts < PortsInfo
     case protocol
     when 'tcp4', 'udp4'
       # replace * with 0.0.0.0
-      net_addr = net_addr.gsub(/^\*:/, '0.0.0.0:') if /^*:(\d+)$/.match(net_addr)
+      net_addr = net_addr.gsub(/^\*:/, '0.0.0.0:') if net_addr =~ /^*:(\d+)$/
       ip_addr = URI('addr://'+net_addr)
       host = ip_addr.host
       port = ip_addr.port
     when 'tcp6', 'udp6'
       return [] if net_addr == '*:*' # abort for now
       # replace * with 0:0:0:0:0:0:0:0
-      net_addr = net_addr.gsub(/^\*:/, '0:0:0:0:0:0:0:0:') if /^*:(\d+)$/.match(net_addr)
+      net_addr = net_addr.gsub(/^\*:/, '0:0:0:0:0:0:0:0:') if net_addr =~ /^*:(\d+)$/
       # extract port
       ip6 = /^(\S+):(\d+)$/.match(net_addr)
       ip6addr = ip6[1]
@@ -301,7 +302,7 @@ class FreeBsdPorts < PortsInfo
 
     # extract PID
     pid = parsed[3]
-    pid = pid.to_i if /^\d+$/.match(pid)
+    pid = pid.to_i if pid =~ /^\d+$/
 
     # map tcp4 and udp4
     protocol = 'tcp' if protocol.eql?('tcp4')

lib/resources/postgres_conf.rb

@@ -21,7 +21,7 @@ class PostgresConf < Inspec.resource(1)
 
   def initialize(conf_path = nil)
     @conf_path = conf_path || inspec.postgres.conf_path
-    @conf_dir = File.expand_path(File.dirname @conf_path)
+    @conf_dir = File.expand_path(File.dirname(@conf_path))
     @files_contents = {}
     @content = nil
     @params = nil

lib/resources/postgres_session.rb

@@ -58,8 +58,8 @@ class PostgresSession < Inspec.resource(1)
       # remove the whole header (i.e. up to the first ^-----+------+------$)
       # remove the tail
       lines = cmd.stdout
-              .sub(/(.*\n)+([-]+[+])*[-]+\n/, '')
-              .sub(/\n[^\n]*\n\n$/, '')
+                 .sub(/(.*\n)+([-]+[+])*[-]+\n/, '')
+                 .sub(/\n[^\n]*\n\n$/, '')
       l = Lines.new(lines.strip, "PostgreSQL query: #{query}")
       RSpec.__send__('describe', l, &block)
     end

lib/resources/security_policy.rb

@@ -58,7 +58,7 @@ class SecurityPolicy < Inspec.resource(1)
     key = Regexp.escape(method.to_s)
     target = ''
     @policy.each_line {|s|
-      target = s.strip if s.match(/^\s*#{key}\s*=\s*(.*)\b/)
+      target = s.strip if s =~ /^\s*#{key}\s*=\s*(.*)\b/
     }
 
     # extract variable value
@@ -66,7 +66,7 @@ class SecurityPolicy < Inspec.resource(1)
 
     if !result.nil?
       val = result[:value]
-      val = val.to_i if val.match(/^\d+$/)
+      val = val.to_i if val =~ /^\d+$/
     else
       # TODO: we may need to return skip or failure if the
       # requested value is not available

lib/resources/yum.rb

@@ -57,7 +57,7 @@ class Yum < Inspec.resource(1)
     in_repo = false
     @content.each_line do |line|
       # detect repo start
-      in_repo = true if line.match(/^\s*Repo-id\s*:\s*(.*)\b/)
+      in_repo = true if line =~ /^\s*Repo-id\s*:\s*(.*)\b/
       # detect repo end
       if line == "\n" && in_repo
         in_repo = false
@@ -94,7 +94,7 @@ class Yum < Inspec.resource(1)
 
   # Removes lefthand and righthand whitespace
   def strip(value)
-    value.lstrip.rstrip if !value.nil?
+    value.strip if !value.nil?
   end
 
   # Optimize the key value

lib/utils/convert.rb

@@ -6,7 +6,7 @@ module Converter
   # convert the value to an integer if we have numbers only
   # otherwise we return the string
   def convert_to_i(val)
-    val = val.to_i if val.match(/^\d+$/)
+    val = val.to_i if val =~ /^\d+$/
     val
   end
 end

lib/utils/find_files.rb

@@ -14,7 +14,7 @@ module FindFiles
     link: 'l',
     socket: 's',
     door: 'D',
-  }
+  }.freeze
 
   # ignores errors
   def find_files(path, opts = {})
@@ -38,7 +38,7 @@ module FindFiles
     end
 
     result.stdout.split("\n")
-      .map(&:strip)
-      .find_all { |x| !x.empty? }
+          .map(&:strip)
+          .find_all { |x| !x.empty? }
   end
 end

lib/utils/parser.rb

@@ -81,9 +81,9 @@ module MountParser
         name, val = option.split('=')
         if val.nil?
           val = true
-        else
+        elsif val =~ /^\d+$/
           # parse numbers
-          val = val.to_i if val.match(/^\d+$/)
+          val = val.to_i
         end
         mount_options[:options][name.to_sym] = val
       end

tasks/maintainers.rb

@@ -21,7 +21,7 @@ SOURCE = File.join(File.dirname(__FILE__), '..', 'MAINTAINERS.toml')
 TARGET = File.join(File.dirname(__FILE__), '..', 'MAINTAINERS.md')
 
 # The list of repositories that teams should own
-REPOSITORIES = ['chef/inspec']
+REPOSITORIES = ['chef/inspec'].freeze
 
 begin
   require 'tomlrb'
@@ -194,11 +194,11 @@ begin
 
   # rubocop:disable Metrics/AbcSize
   def person(list, person)
-    if list[person].key?('GitHub')
-      out = "* [#{list[person]['Name']}](https://github.com/#{list[person]['GitHub']})"
-    else
-      out = "* #{list[person]['Name']}"
-    end
+    out = if list[person].key?('GitHub')
+            "* [#{list[person]['Name']}](https://github.com/#{list[person]['GitHub']})"
+          else
+            "* #{list[person]['Name']}"
+          end
     out << "\n  * IRC - #{list[person]['IRC']}" if list[person].key?('IRC')
     out << "\n  * [@#{list[person]['Twitter']}](https://twitter.com/#{list[person]['Twitter']})" if list[person].key?('Twitter')
     out << "\n  * [#{list[person]['email']}](mailto:#{list[person]['email']})" if list[person].key?('email')