mirror of
https://github.com/inspec/inspec
synced 2024-12-03 18:09:32 +00:00
commit
782e4daa00
8 changed files with 46 additions and 35 deletions
3
Gemfile
3
Gemfile
|
@ -29,7 +29,8 @@ group :integration do
|
|||
gem 'berkshelf', '~> 4.3'
|
||||
gem 'test-kitchen', '~> 1.6'
|
||||
gem 'kitchen-vagrant'
|
||||
gem 'kitchen-inspec', '0.12.5'
|
||||
# we need winrm v2 support >= 0.15.1
|
||||
gem 'kitchen-inspec', '>= 0.15.1'
|
||||
gem 'kitchen-ec2'
|
||||
gem 'kitchen-dokken'
|
||||
end
|
||||
|
|
|
@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
|
|||
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
||||
spec.require_paths = ['lib']
|
||||
|
||||
spec.add_dependency 'train', '>=0.16.0', '<1.0'
|
||||
spec.add_dependency 'train', '>=0.19.0', '<1.0'
|
||||
spec.add_dependency 'thor', '~> 0.19'
|
||||
spec.add_dependency 'json', '>= 1.8', '< 3.0'
|
||||
spec.add_dependency 'rainbow', '~> 2'
|
||||
|
|
|
@ -22,13 +22,9 @@ module Inspec::Resources
|
|||
unless inspec.os.windows?
|
||||
return skip_resource 'The `script` resource is not supported on your OS yet.'
|
||||
end
|
||||
|
||||
# encodes a script as base64 to run as powershell encodedCommand
|
||||
# this comes with performance issues: @see https://gist.github.com/fnichol/7b20596b950e65fb96f9
|
||||
require 'winrm'
|
||||
script = WinRM::PowershellScript.new(script)
|
||||
cmd = "powershell -encodedCommand #{script.encoded}"
|
||||
super(cmd)
|
||||
# since WinRM 2.0 and the default use of powershell for local execution in
|
||||
# train, we do not need to wrap the script here anymore
|
||||
super(script)
|
||||
end
|
||||
|
||||
# we cannot determine if a command exists, because that does not work for scripts
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
# author: Christoph Hartmann
|
||||
# author: Dominik Richter
|
||||
|
||||
require 'securerandom'
|
||||
|
||||
module Inspec::Resources
|
||||
# This resource allows users to run vbscript on windows machines. We decided
|
||||
# not to use scriptcontrol, due to the fact that it works on 32 bit systems only:
|
||||
|
@ -34,10 +36,11 @@ module Inspec::Resources
|
|||
|
||||
def initialize(vbscript)
|
||||
return skip_resource 'The `vbscript` resource is not supported on your OS yet.' unless inspec.os.windows?
|
||||
|
||||
@seperator = SecureRandom.uuid
|
||||
cmd = <<-EOH
|
||||
$vbscript = @"
|
||||
#{vbscript}
|
||||
Wscript.Stdout.Write "#{@seperator}"
|
||||
"@
|
||||
$filename = [System.IO.Path]::GetTempFileName() + ".vbs"
|
||||
New-Item $filename -type file -force -value $vbscript | Out-Null
|
||||
|
@ -47,8 +50,21 @@ EOH
|
|||
super(cmd)
|
||||
end
|
||||
|
||||
def result
|
||||
@result ||= parse_stdout
|
||||
end
|
||||
|
||||
def to_s
|
||||
'Windows VBScript'
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def parse_stdout
|
||||
res = inspec.backend.run_command(@command)
|
||||
parsed_result = res.stdout.gsub(/#{@seperator}\r\n$/, '')
|
||||
res.stdout = parsed_result
|
||||
res
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -146,9 +146,9 @@ class MockLoader
|
|||
'Remove-Item win_secpol.cfg' => cmd.call('success'),
|
||||
'env' => cmd.call('env'),
|
||||
'${Env:PATH}' => cmd.call('$env-PATH'),
|
||||
# registry key test (winrm 1.6.0, 1.6.1)
|
||||
'dd429dd12596fa193ba4111469b4417ecbd78a1d7ba4317c334c9111644bae44' => cmd.call('reg_schedule'),
|
||||
'Fdd429dd12596fa193ba4111469b4417ecbd78a1d7ba4317c334c9111644bae44' => cmd.call('reg_schedule'),
|
||||
# registry key test using winrm 2.0
|
||||
'2376c7b3d81de9382303356e1efdea99385effb84788562c3e697032d51bf942' => cmd.call('reg_schedule'),
|
||||
'F2376c7b3d81de9382303356e1efdea99385effb84788562c3e697032d51bf942' => cmd.call('reg_schedule'),
|
||||
'Auditpol /get /subcategory:\'User Account Management\' /r' => cmd.call('auditpol'),
|
||||
'/sbin/auditctl -l' => cmd.call('auditctl'),
|
||||
'/sbin/auditctl -s' => cmd.call('auditctl-s'),
|
||||
|
@ -210,8 +210,7 @@ class MockLoader
|
|||
# user info for freebsd
|
||||
'pw usershow root -7' => cmd.call('pw-usershow-root-7'),
|
||||
# user info for windows (winrm 1.6.0, 1.6.1)
|
||||
'650b6b72a66316418b25421a54afe21a230704558082914c54711904bb10e370' => cmd.call('GetUserAccount'),
|
||||
'174686f0441b8dd387b35cf1cbeed3f98441544351de5d8fb7b54f655e75583f' => cmd.call('GetUserAccount'),
|
||||
'1f2dd0691487fe7ca8169dfd764e0197e6303f17de416e7c1b7439aedef87ae7' => cmd.call('GetUserAccount'),
|
||||
# group info for windows
|
||||
'Get-WmiObject Win32_Group | Select-Object -Property Caption, Domain, Name, SID, LocalAccount | ConvertTo-Json' => cmd.call('GetWin32Group'),
|
||||
# network interface
|
||||
|
@ -248,7 +247,7 @@ class MockLoader
|
|||
# xinetd configuration
|
||||
'find /etc/xinetd.d -type f' => cmd.call('find-xinetd.d'),
|
||||
# wmi test
|
||||
"4762fab9e8180997634ae70aae6d5f59e641084111fb9f5e5bf2848a583aa5f5" => cmd.call('get-wmiobject'),
|
||||
"2979ebeb80a475107d85411f109209a580ccf569071b3dc7acff030b8635c6b9" => cmd.call('get-wmiobject'),
|
||||
#user info on hpux
|
||||
"logins -x -l root" => cmd.call('logins-x'),
|
||||
#packages on hpux
|
||||
|
|
|
@ -2,18 +2,23 @@
|
|||
|
||||
return unless os.windows?
|
||||
|
||||
# script that may have multiple lines
|
||||
vbscript = <<-EOH
|
||||
WScript.Echo "hello"
|
||||
EOH
|
||||
|
||||
describe vbscript(vbscript) do
|
||||
describe vbscript("WScript.Echo \"hello\"") do
|
||||
its('stdout') { should eq "hello\r\n" }
|
||||
end
|
||||
|
||||
# remove whitespace \r\n from stdout
|
||||
# script that may have multiple lines
|
||||
vbscript = <<-EOH
|
||||
WScript.Echo "hello"
|
||||
Wscript.Stdout.Write "end"
|
||||
EOH
|
||||
|
||||
describe vbscript(vbscript) do
|
||||
its('strip') { should eq "hello" }
|
||||
its('stdout') { should eq "hello\r\nend" }
|
||||
end
|
||||
|
||||
# remove whitespace from stdout
|
||||
describe vbscript("WScript.Echo \"hello\"") do
|
||||
its('strip') { should eq 'hello' }
|
||||
end
|
||||
|
||||
# ensure that we do not require a newline
|
||||
|
|
|
@ -14,19 +14,13 @@ describe 'Inspec::Resources::Powershell' do
|
|||
|
||||
it 'check if `powershell` for windows is properly generated ' do
|
||||
resource = MockLoader.new(:windows).load_resource('powershell', ps1_script)
|
||||
if Gem.loaded_specs['winrm'].version < Gem::Version.new('1.6.1')
|
||||
_(resource.command).must_equal 'powershell -encodedCommand IAAgACAAIAAjACAAYwBhAGwAbAAgAGgAZQBsAHAAIABmAG8AcgAgAGcAZQB0ACAAYwBvAG0AbQBhAG4AZAAKACAAIAAgACAARwBlAHQALQBIAGUAbABwACAARwBlAHQALQBDAG8AbQBtAGEAbgBkAAoA'
|
||||
else
|
||||
_(resource.command).must_equal 'powershell -encodedCommand JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnADsAIAAgACAAIAAjACAAYwBhAGwAbAAgAGgAZQBsAHAAIABmAG8AcgAgAGcAZQB0ACAAYwBvAG0AbQBhAG4AZAAKACAAIAAgACAARwBlAHQALQBIAGUAbABwACAARwBlAHQALQBDAG8AbQBtAGEAbgBkAAoA'
|
||||
end
|
||||
# string should be the same
|
||||
_(resource.command.to_s).must_equal ps1_script
|
||||
end
|
||||
|
||||
it 'check if legacy `script` for windows is properly generated ' do
|
||||
resource = MockLoader.new(:windows).load_resource('script', ps1_script)
|
||||
if Gem.loaded_specs['winrm'].version < Gem::Version.new('1.6.1')
|
||||
_(resource.command).must_equal 'powershell -encodedCommand IAAgACAAIAAjACAAYwBhAGwAbAAgAGgAZQBsAHAAIABmAG8AcgAgAGcAZQB0ACAAYwBvAG0AbQBhAG4AZAAKACAAIAAgACAARwBlAHQALQBIAGUAbABwACAARwBlAHQALQBDAG8AbQBtAGEAbgBkAAoA'
|
||||
else
|
||||
_(resource.command).must_equal 'powershell -encodedCommand JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnADsAIAAgACAAIAAjACAAYwBhAGwAbAAgAGgAZQBsAHAAIABmAG8AcgAgAGcAZQB0ACAAYwBvAG0AbQBhAG4AZAAKACAAIAAgACAARwBlAHQALQBIAGUAbABwACAARwBlAHQALQBDAG8AbQBtAGEAbgBkAAoA'
|
||||
end
|
||||
# string should be the same
|
||||
_(resource.command.to_s).must_equal ps1_script
|
||||
end
|
||||
end
|
||||
|
|
|
@ -13,6 +13,6 @@ describe 'Inspec::Resources::VbScript' do
|
|||
|
||||
it 'check if `vbscript` for windows is properly generated ' do
|
||||
resource = MockLoader.new(:windows).load_resource('vbscript', vb_script)
|
||||
_(resource.command).must_equal 'powershell -encodedCommand JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnADsAJAB2AGIAcwBjAHIAaQBwAHQAIAA9ACAAQAAiAAoAIAAgACAAIABXAFMAYwByAGkAcAB0AC4ARQBjAGgAbwAgACIAaABlAGwAbABvACAAdgBiAHMAYwByAGkAcAB0ACIACgAKACIAQAAKACQAZgBpAGwAZQBuAGEAbQBlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBQAGEAdABoAF0AOgA6AEcAZQB0AFQAZQBtAHAARgBpAGwAZQBOAGEAbQBlACgAKQAgACsAIAAiAC4AdgBiAHMAIgAKAE4AZQB3AC0ASQB0AGUAbQAgACQAZgBpAGwAZQBuAGEAbQBlACAALQB0AHkAcABlACAAZgBpAGwAZQAgAC0AZgBvAHIAYwBlACAALQB2AGEAbAB1AGUAIAAkAHYAYgBzAGMAcgBpAHAAdAAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgBjAHMAYwByAGkAcAB0AC4AZQB4AGUAIAAvAG4AbwBsAG8AZwBvACAAJABmAGkAbABlAG4AYQBtAGUACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAkAGYAaQBsAGUAbgBhAG0AZQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgA='
|
||||
_(resource.command.to_s).must_include vb_script
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue