From 08f2fcf4bbf8c2489e6c1a351da73dc5a9b33421 Mon Sep 17 00:00:00 2001 From: Vasu1105 Date: Thu, 13 May 2021 21:18:41 +0530 Subject: [PATCH 1/5] Fix for port resource performance: adding more specific search while using ss command Signed-off-by: Vasu1105 --- lib/inspec/resources/port.rb | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/lib/inspec/resources/port.rb b/lib/inspec/resources/port.rb index 30711fb88..d6b460a57 100644 --- a/lib/inspec/resources/port.rb +++ b/lib/inspec/resources/port.rb @@ -54,7 +54,7 @@ module Inspec::Resources def port_manager_for_os os = inspec.os if os.linux? - LinuxPorts.new(inspec) + LinuxPorts.new(inspec, @port) elsif os.aix? # AIX: see http://www.ibm.com/developerworks/aix/library/au-lsof.html#resources # and https://www-01.ibm.com/marketing/iwm/iwm/web/reg/pick.do?source=aixbp @@ -102,8 +102,9 @@ module Inspec::Resources # }] class PortsInfo attr_reader :inspec - def initialize(inspec) + def initialize(inspec, port = nil) @inspec = inspec + @port = port end end @@ -394,7 +395,12 @@ module Inspec::Resources def ports_via_ss return nil unless inspec.command("ss").exist? - cmd = inspec.command("ss -tulpen") + if @port.nil? + cmd = inspec.command("ss -tulpen") + else + cmd = inspec.command("ss -tulpen '( dport = #{@port} or sport = #{@port} )'") + end + return nil unless cmd.exit_status.to_i == 0 ports = [] @@ -560,7 +566,6 @@ module Inspec::Resources # fe80::a00:27ff:fe32:ed09%enp0s3:9200 parsed_net_address = parsed[:local_addr].match(/(\S+):(\*|\d+)$/) return nil if parsed_net_address.nil? - host = parsed_net_address[1] port = parsed_net_address[2] return nil if host.nil? && port.nil? From 9786a467f13775f90368f7d410cb0e5929061c97 Mon Sep 17 00:00:00 2001 From: Vasu1105 Date: Fri, 14 May 2021 16:28:13 +0530 Subject: [PATCH 2/5] Fix lint errors Signed-off-by: Vasu1105 --- lib/inspec/resources/port.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/inspec/resources/port.rb b/lib/inspec/resources/port.rb index d6b460a57..c5da9b300 100644 --- a/lib/inspec/resources/port.rb +++ b/lib/inspec/resources/port.rb @@ -566,6 +566,7 @@ module Inspec::Resources # fe80::a00:27ff:fe32:ed09%enp0s3:9200 parsed_net_address = parsed[:local_addr].match(/(\S+):(\*|\d+)$/) return nil if parsed_net_address.nil? + host = parsed_net_address[1] port = parsed_net_address[2] return nil if host.nil? && port.nil? From 7990b31f5f9b8e7f8e14419cb754320fe943f91d Mon Sep 17 00:00:00 2001 From: Vasu1105 Date: Fri, 14 May 2021 17:57:10 +0530 Subject: [PATCH 3/5] Updated test to mock the newly added command Signed-off-by: Vasu1105 --- test/helpers/mock_loader.rb | 4 ++++ test/unit/resources/port_test.rb | 18 +++++++++--------- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/test/helpers/mock_loader.rb b/test/helpers/mock_loader.rb index e49d62e69..22e487c8b 100644 --- a/test/helpers/mock_loader.rb +++ b/test/helpers/mock_loader.rb @@ -591,6 +591,10 @@ class MockLoader %{sh -c 'type "ss"'} => empty.call, %{sh -c 'type "netstat"'} => empty.call, "ss -tulpen" => cmd.call("ss-tulpen"), + "ss -tulpen '( dport = 22 or sport = 22 )'" => cmd.call("ss-tulpen"), + "ss -tulpen '( dport = 68 or sport = 68 )'" => cmd.call("ss-tulpen"), + "ss -tulpen '( dport = 9200 or sport = 9200 )'" => cmd.call("ss-tulpen"), + "ss -tulpen '( dport = 80 or sport = 80 )'" => cmd.call("ss-tulpen"), "netstat -tulpen" => cmd.call("netstat-tulpen") ) end diff --git a/test/unit/resources/port_test.rb b/test/unit/resources/port_test.rb index f60c9ffaf..63de99dfb 100644 --- a/test/unit/resources/port_test.rb +++ b/test/unit/resources/port_test.rb @@ -4,7 +4,7 @@ require "inspec/resources/port" describe "Inspec::Resources::Port" do it "verify port on Ubuntu 14.04" do - resource = MockLoader.new(:ubuntu1404).load_resource("port", 22) + resource = MockLoader.new(:ubuntu1604).load_resource("port", 22) _(resource.listening?).must_equal true _(resource.protocols).must_equal %w{ tcp tcp6 } _(resource.pids).must_equal [1222] @@ -13,7 +13,7 @@ describe "Inspec::Resources::Port" do end it "lists all ports" do - resource = MockLoader.new(:ubuntu1404).load_resource("port") + resource = MockLoader.new(:ubuntu1604).load_resource("port") _(resource.entries.length).must_equal 9 _(resource.listening?).must_equal true _(resource.protocols).must_equal %w{ udp tcp tcp6 } @@ -23,7 +23,7 @@ describe "Inspec::Resources::Port" do end it "filter ports by conditions" do - resource = MockLoader.new(:ubuntu1404).load_resource("port").where { protocol =~ /udp/i } + resource = MockLoader.new(:ubuntu1604).load_resource("port").where { protocol =~ /udp/i } _(resource.entries.length).must_equal 1 _(resource.listening?).must_equal true _(resource.protocols).must_equal ["udp"] @@ -33,7 +33,7 @@ describe "Inspec::Resources::Port" do end it "verify UDP port on Ubuntu 14.04" do - resource = MockLoader.new(:ubuntu1404).load_resource("port", 68) + resource = MockLoader.new(:ubuntu1604).load_resource("port", 68) _(resource.entries.length).must_equal 1 _(resource.listening?).must_equal true _(resource.protocols).must_equal ["udp"] @@ -43,7 +43,7 @@ describe "Inspec::Resources::Port" do end it "accepts the port as a string" do - resource = MockLoader.new(:ubuntu1404).load_resource("port", "68") + resource = MockLoader.new(:ubuntu1604).load_resource("port", "68") _(resource.entries.length).must_equal 1 _(resource.listening?).must_equal true _(resource.protocols).must_equal ["udp"] @@ -53,7 +53,7 @@ describe "Inspec::Resources::Port" do end it "properly handles multiple processes using one fd" do - resource = MockLoader.new(:ubuntu1404).load_resource("port", "80") + resource = MockLoader.new(:ubuntu1604).load_resource("port", "80") _(resource.entries.length).must_equal 1 _(resource.listening?).must_equal true _(resource.protocols).must_equal ["tcp"] @@ -63,7 +63,7 @@ describe "Inspec::Resources::Port" do end it "properly handles a IPv4 address in a v6 listing" do - resource = MockLoader.new(:ubuntu1404).load_resource("port", 9200) + resource = MockLoader.new(:ubuntu1604).load_resource("port", 9200) _(resource.protocols).must_equal %w{ tcp tcp6 } _(resource.addresses).must_equal ["10.0.2.15", "fe80::a00:27ff:fe32:ed09"] end @@ -185,7 +185,7 @@ describe "Inspec::Resources::Port" do end it "verify port and interface on Ubuntu 14.04" do - resource = MockLoader.new(:ubuntu1404).load_resource("port", "0.0.0.0", 22) + resource = MockLoader.new(:ubuntu1604).load_resource("port", "0.0.0.0", 22) _(resource.listening?).must_equal true _(resource.protocols).must_equal %w{ tcp } _(resource.pids).must_equal [1222] @@ -194,7 +194,7 @@ describe "Inspec::Resources::Port" do end it "verify not listening port on interface on Ubuntu 14.04" do - resource = MockLoader.new(:ubuntu1404).load_resource("port", "127.0.0.1", 22) + resource = MockLoader.new(:ubuntu1604).load_resource("port", "127.0.0.1", 22) _(resource.listening?).must_equal false _(resource.addresses).must_equal [] end From da75f0ce33bd1a878ea659a11956b712a91bc826 Mon Sep 17 00:00:00 2001 From: Vasu1105 Date: Mon, 17 May 2021 11:28:39 +0530 Subject: [PATCH 4/5] Removed old ubuntu version from mock_loader file as it's not getting used and added new version of Ubuntu in mock_loader file. Signed-off-by: Vasu1105 --- test/fixtures/cmd/ss-tulpen-port | 10 ++++++++++ test/helpers/mock_loader.rb | 2 +- test/unit/resources/port_test.rb | 18 +++++++++--------- 3 files changed, 20 insertions(+), 10 deletions(-) create mode 100644 test/fixtures/cmd/ss-tulpen-port diff --git a/test/fixtures/cmd/ss-tulpen-port b/test/fixtures/cmd/ss-tulpen-port new file mode 100644 index 000000000..28d6c7603 --- /dev/null +++ b/test/fixtures/cmd/ss-tulpen-port @@ -0,0 +1,10 @@ +Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port +udp UNCONN 0 0 *:68 *:* users:(("dhclient",pid=1146,fd=6)) ino:15168 sk:1 <-> +tcp LISTEN 0 128 *:22 *:* users:(("sshd",pid=1222,fd=3)) ino:15973 sk:2 <-> +tcp LISTEN 0 128 ::ffff:10.0.2.15:9200 :::* users:(("java",pid=1722,fd=125)) uid:112 ino:19543 sk:8 v6only:0 <-> +tcp LISTEN 0 128 fe80::a00:27ff:fe32:ed09%enp0s3:9200 :::* users:(("java",pid=1722,fd=124)) uid:112 ino:19542 sk:9 v6only:1 <-> +tcp LISTEN 0 128 ::ffff:10.0.2.15:9300 :::* users:(("java",pid=1722,fd=117)) uid:112 ino:19502 sk:a v6only:0 <-> +tcp LISTEN 0 128 fe80::a00:27ff:fe32:ed09%enp0s3:9300 :::* users:(("java",pid=1722,fd=115)) uid:112 ino:19494 sk:b v6only:1 <-> +tcp LISTEN 0 128 :::22 :::* users:(("sshd",pid=1222,fd=4)) ino:15982 sk:3 v6only:1 <-> +tcp LISTEN 0 128 *:80 *:* users:(("nginx",pid=583,fd=8),("nginx",pid=582,fd=8),("nginx",pid=580,fd=8),("nginx",pid=579,fd=8)) ino:14427 sk:ffff8800baf12080 <-> +tcp 0 128 *:25 *:* users:(("sendmail",3965,4)) ino:11604 sk:ffff88013a3b5800 diff --git a/test/helpers/mock_loader.rb b/test/helpers/mock_loader.rb index 22e487c8b..7652abd40 100644 --- a/test/helpers/mock_loader.rb +++ b/test/helpers/mock_loader.rb @@ -18,10 +18,10 @@ class MockLoader freebsd12: { name: "freebsd", family: "bsd", release: "12", arch: "amd64" }, macos10_10: { name: "mac_os_x", family: "darwin", release: "10.10.4", arch: nil }, macos10_16: { name: "darwin", family: "darwin", release: "10.16", arch: nil }, - ubuntu1204: { name: "ubuntu", family: "debian", release: "12.04", arch: "x86_64" }, ubuntu1404: { name: "ubuntu", family: "debian", release: "14.04", arch: "x86_64" }, ubuntu1504: { name: "ubuntu", family: "debian", release: "15.04", arch: "x86_64" }, ubuntu1604: { name: "ubuntu", family: "debian", release: "16.04", arch: "x86_64" }, + ubuntu1804: { name: "ubuntu", family: "debian", release: "18.04", arch: "x86_64" }, mint17: { name: "linuxmint", family: "debian", release: "17.3", arch: "x86_64" }, mint18: { name: "linuxmint", family: "debian", release: "18", arch: "x86_64" }, windows: { name: "windows", family: "windows", release: "6.2.9200", arch: "x86_64" }, diff --git a/test/unit/resources/port_test.rb b/test/unit/resources/port_test.rb index 63de99dfb..72d4431a7 100644 --- a/test/unit/resources/port_test.rb +++ b/test/unit/resources/port_test.rb @@ -4,7 +4,7 @@ require "inspec/resources/port" describe "Inspec::Resources::Port" do it "verify port on Ubuntu 14.04" do - resource = MockLoader.new(:ubuntu1604).load_resource("port", 22) + resource = MockLoader.new(:ubuntu1804).load_resource("port", 22) _(resource.listening?).must_equal true _(resource.protocols).must_equal %w{ tcp tcp6 } _(resource.pids).must_equal [1222] @@ -13,7 +13,7 @@ describe "Inspec::Resources::Port" do end it "lists all ports" do - resource = MockLoader.new(:ubuntu1604).load_resource("port") + resource = MockLoader.new(:ubuntu1804).load_resource("port") _(resource.entries.length).must_equal 9 _(resource.listening?).must_equal true _(resource.protocols).must_equal %w{ udp tcp tcp6 } @@ -23,7 +23,7 @@ describe "Inspec::Resources::Port" do end it "filter ports by conditions" do - resource = MockLoader.new(:ubuntu1604).load_resource("port").where { protocol =~ /udp/i } + resource = MockLoader.new(:ubuntu1804).load_resource("port").where { protocol =~ /udp/i } _(resource.entries.length).must_equal 1 _(resource.listening?).must_equal true _(resource.protocols).must_equal ["udp"] @@ -33,7 +33,7 @@ describe "Inspec::Resources::Port" do end it "verify UDP port on Ubuntu 14.04" do - resource = MockLoader.new(:ubuntu1604).load_resource("port", 68) + resource = MockLoader.new(:ubuntu1804).load_resource("port", 68) _(resource.entries.length).must_equal 1 _(resource.listening?).must_equal true _(resource.protocols).must_equal ["udp"] @@ -43,7 +43,7 @@ describe "Inspec::Resources::Port" do end it "accepts the port as a string" do - resource = MockLoader.new(:ubuntu1604).load_resource("port", "68") + resource = MockLoader.new(:ubuntu1804).load_resource("port", "68") _(resource.entries.length).must_equal 1 _(resource.listening?).must_equal true _(resource.protocols).must_equal ["udp"] @@ -53,7 +53,7 @@ describe "Inspec::Resources::Port" do end it "properly handles multiple processes using one fd" do - resource = MockLoader.new(:ubuntu1604).load_resource("port", "80") + resource = MockLoader.new(:ubuntu1804).load_resource("port", "80") _(resource.entries.length).must_equal 1 _(resource.listening?).must_equal true _(resource.protocols).must_equal ["tcp"] @@ -63,7 +63,7 @@ describe "Inspec::Resources::Port" do end it "properly handles a IPv4 address in a v6 listing" do - resource = MockLoader.new(:ubuntu1604).load_resource("port", 9200) + resource = MockLoader.new(:ubuntu1804).load_resource("port", 9200) _(resource.protocols).must_equal %w{ tcp tcp6 } _(resource.addresses).must_equal ["10.0.2.15", "fe80::a00:27ff:fe32:ed09"] end @@ -185,7 +185,7 @@ describe "Inspec::Resources::Port" do end it "verify port and interface on Ubuntu 14.04" do - resource = MockLoader.new(:ubuntu1604).load_resource("port", "0.0.0.0", 22) + resource = MockLoader.new(:ubuntu1804).load_resource("port", "0.0.0.0", 22) _(resource.listening?).must_equal true _(resource.protocols).must_equal %w{ tcp } _(resource.pids).must_equal [1222] @@ -194,7 +194,7 @@ describe "Inspec::Resources::Port" do end it "verify not listening port on interface on Ubuntu 14.04" do - resource = MockLoader.new(:ubuntu1604).load_resource("port", "127.0.0.1", 22) + resource = MockLoader.new(:ubuntu1804).load_resource("port", "127.0.0.1", 22) _(resource.listening?).must_equal false _(resource.addresses).must_equal [] end From 1ea3697197412d6c5a78bf03478e4d595ff8f36f Mon Sep 17 00:00:00 2001 From: Vasu1105 Date: Mon, 17 May 2021 11:32:06 +0530 Subject: [PATCH 5/5] Removed fixture file which was not needed Signed-off-by: Vasu1105 --- test/fixtures/cmd/ss-tulpen-port | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 test/fixtures/cmd/ss-tulpen-port diff --git a/test/fixtures/cmd/ss-tulpen-port b/test/fixtures/cmd/ss-tulpen-port deleted file mode 100644 index 28d6c7603..000000000 --- a/test/fixtures/cmd/ss-tulpen-port +++ /dev/null @@ -1,10 +0,0 @@ -Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port -udp UNCONN 0 0 *:68 *:* users:(("dhclient",pid=1146,fd=6)) ino:15168 sk:1 <-> -tcp LISTEN 0 128 *:22 *:* users:(("sshd",pid=1222,fd=3)) ino:15973 sk:2 <-> -tcp LISTEN 0 128 ::ffff:10.0.2.15:9200 :::* users:(("java",pid=1722,fd=125)) uid:112 ino:19543 sk:8 v6only:0 <-> -tcp LISTEN 0 128 fe80::a00:27ff:fe32:ed09%enp0s3:9200 :::* users:(("java",pid=1722,fd=124)) uid:112 ino:19542 sk:9 v6only:1 <-> -tcp LISTEN 0 128 ::ffff:10.0.2.15:9300 :::* users:(("java",pid=1722,fd=117)) uid:112 ino:19502 sk:a v6only:0 <-> -tcp LISTEN 0 128 fe80::a00:27ff:fe32:ed09%enp0s3:9300 :::* users:(("java",pid=1722,fd=115)) uid:112 ino:19494 sk:b v6only:1 <-> -tcp LISTEN 0 128 :::22 :::* users:(("sshd",pid=1222,fd=4)) ino:15982 sk:3 v6only:1 <-> -tcp LISTEN 0 128 *:80 *:* users:(("nginx",pid=583,fd=8),("nginx",pid=582,fd=8),("nginx",pid=580,fd=8),("nginx",pid=579,fd=8)) ino:14427 sk:ffff8800baf12080 <-> -tcp 0 128 *:25 *:* users:(("sendmail",3965,4)) ino:11604 sk:ffff88013a3b5800