mirror of
https://github.com/inspec/inspec
synced 2024-11-27 07:00:39 +00:00
Add an oracle_session resource
This adds an oracle_session resource similar to the existing resource for MySQL and MSSQL. It assumes the sqlplus tool is installed and in the path of the user InSpec connects as. Signed-off-by: Nolan Davidson <ndavidson@chef.io>
This commit is contained in:
parent
ec79938060
commit
9cd69ce4af
3 changed files with 103 additions and 0 deletions
63
docs/resources/oracle_session.md.erb
Normal file
63
docs/resources/oracle_session.md.erb
Normal file
|
@ -0,0 +1,63 @@
|
|||
---
|
||||
title: About the oracle_session Resource
|
||||
---
|
||||
|
||||
# oracle_session
|
||||
|
||||
Use the `oracle_session` InSpec audit resource to test SQL commands run against a Oracle database.
|
||||
|
||||
## Syntax
|
||||
|
||||
A `oracle_session` resource block declares the username and password to use for the session with an optional service to connect to, and then the command to be run:
|
||||
|
||||
describe oracle_session('username', 'password').query('QUERY') do
|
||||
its('output') { should eq('') }
|
||||
end
|
||||
|
||||
where
|
||||
|
||||
* `oracle_session` declares a username and password with permission to run the query, and an optional service name. If none is specifed, it will use the default service on the instance.
|
||||
* `query('QUERY')` contains the query to be run
|
||||
* `its('output') { should eq('') }` compares the results of the query against the expected result in the test
|
||||
|
||||
## Matchers
|
||||
|
||||
This InSpec audit resource has the following matchers:
|
||||
|
||||
### be
|
||||
|
||||
<%= partial "/shared/matcher_be" %>
|
||||
|
||||
### cmp
|
||||
|
||||
<%= partial "/shared/matcher_cmp" %>
|
||||
|
||||
### eq
|
||||
|
||||
<%= partial "/shared/matcher_eq" %>
|
||||
|
||||
### include
|
||||
|
||||
<%= partial "/shared/matcher_include" %>
|
||||
|
||||
### match
|
||||
|
||||
<%= partial "/shared/matcher_match" %>
|
||||
|
||||
### output
|
||||
|
||||
The `output` matcher tests the results of the query:
|
||||
|
||||
its('output') { should eq(/^0/) }
|
||||
|
||||
## Examples
|
||||
|
||||
The following examples show how to use this InSpec audit resource.
|
||||
|
||||
### Test for matching databases
|
||||
|
||||
sql = oracle_session('my_user','password')
|
||||
|
||||
describe sql.query('SELECT NAME FROM v$database;') do
|
||||
its('stdout') { should_not match(/test/) }
|
||||
end
|
|
@ -114,6 +114,7 @@ require 'resources/mysql_session'
|
|||
require 'resources/npm'
|
||||
require 'resources/ntp_conf'
|
||||
require 'resources/oneget'
|
||||
require 'resources/oracle_session'
|
||||
require 'resources/os'
|
||||
require 'resources/os_env'
|
||||
require 'resources/package'
|
||||
|
|
39
lib/resources/oracle_session.rb
Normal file
39
lib/resources/oracle_session.rb
Normal file
|
@ -0,0 +1,39 @@
|
|||
# encoding: utf-8
|
||||
# author: Nolan Davidson
|
||||
# license: All rights reserved
|
||||
|
||||
module Inspec::Resources
|
||||
class OracleSession < Inspec.resource(1)
|
||||
name 'oracle_session'
|
||||
desc 'Use the oracle_session InSpec resource to test commands against an Oracle database'
|
||||
example "
|
||||
sql = oracle_session('my_user','password')
|
||||
describe sql.query('SELECT NAME FROM v$database;') do
|
||||
its('stdout') { should_not match(/test/) }
|
||||
end
|
||||
"
|
||||
|
||||
def initialize(user = nil, pass = nil, service = nil)
|
||||
@user = user
|
||||
@pass = pass
|
||||
@service = service
|
||||
return skip_resource("Can't run Oracle checks without authentication") if user.nil? or pass.nil?
|
||||
end
|
||||
|
||||
def query(q)
|
||||
escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$')
|
||||
|
||||
cmd = inspec.command("echo \"#{q}\" | sqlplus -s #{@user}/#{@pass}@localhost/#{@service}")
|
||||
out = cmd.stdout + "\n" + cmd.stderr
|
||||
if out.downcase =~ /^error/
|
||||
skip_resource("Can't connect to Oracle instance for SQL checks.")
|
||||
end
|
||||
|
||||
cmd
|
||||
end
|
||||
|
||||
def to_s
|
||||
'Oracle Session'
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue