From 7c3cddbc849e762b585afce8fd0b5afa4ce2b13e Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Fri, 22 Apr 2022 16:55:58 +0530 Subject: [PATCH 1/6] CFINSPEC-81: Add php_config resource with value property Signed-off-by: Sonu Saha --- lib/inspec/resources/php_config.rb | 68 ++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 lib/inspec/resources/php_config.rb diff --git a/lib/inspec/resources/php_config.rb b/lib/inspec/resources/php_config.rb new file mode 100644 index 000000000..56aaedf81 --- /dev/null +++ b/lib/inspec/resources/php_config.rb @@ -0,0 +1,68 @@ +require "inspec/resources/command" + +module Inspec::Resources + class PhpConfig < Inspec.resource(1) + # Resource's internal name. + name "php_config" + desc "Use the php_config InSpec audit resource to test PHP config parameters" + + example <<~EXAMPLE + describe php_config("config_param") do + its("value") { should eq "some_value" } + end + + describe php_config("config_param", { "ini" => "path_to_ini_file" }) do + its("value") { should eq "some_value" } + end + EXAMPLE + + # Resource initialization. + attr_reader :config_param, :config_file_or_path + def initialize(config_param, config_file_or_path = {}) + @config_param = config_param + @config_file_or_path = config_file_or_path + end + + # Unique resource id + def resource_id + config_param + end + + # Resource appearance in test reports. + def to_s + "php_config #{resource_id}" + end + + # Returns the value evaluated for the initialized config parameter + def value + php_utility = find_utility_or_error + + # The keys in the hash provided by user can be string or symbols. + # Converting the key to symbols to handle scenario when "ini" key is provided as string. + config_file_or_path.transform_keys(&:to_sym) + + # Assign the path with -c option for ini file provided by the user if any. + php_ini_file = !config_file_or_path.empty? && config_file_or_path.key?(:ini) ? "-c #{config_file_or_path[:ini]}" : "" + + # The below command `get_cfg_var` is used to fetch the value for any config parameter. + php_cmd = "#{php_utility} #{php_ini_file} -r 'echo get_cfg_var(\"#{config_param}\");'" + config_value_cmd = inspec.command(php_cmd) + + raise Inspec::Exceptions::ResourceFailed, "Executing #{php_cmd} failed: #{config_value_cmd.stderr}" if config_value_cmd.exit_status.to_i != 0 + + # Return the standard output of the command executed. + config_value_cmd.stdout.strip + end + + private + + # Method to check if php is present or not on the system. + def find_utility_or_error + %w{/usr/sbin/php /sbin/php php}.each do |cmd| + return cmd if inspec.command(cmd).exist? + end + + raise Inspec::Exceptions::ResourceFailed, "Could not find `php` on your system." + end + end +end From b4f52dff23aa2d40c24ac4f381a1ac2dd9acf03c Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Sat, 23 Apr 2022 10:59:57 +0530 Subject: [PATCH 2/6] CFINSPEC-81: Add unit test for php_config Signed-off-by: Sonu Saha --- test/fixtures/cmd/get-cfg-var | 1 + test/helpers/mock_loader.rb | 6 ++++ test/unit/resources/php_config_test.rb | 41 ++++++++++++++++++++++++++ 3 files changed, 48 insertions(+) create mode 100644 test/fixtures/cmd/get-cfg-var create mode 100644 test/unit/resources/php_config_test.rb diff --git a/test/fixtures/cmd/get-cfg-var b/test/fixtures/cmd/get-cfg-var new file mode 100644 index 000000000..528976b4a --- /dev/null +++ b/test/fixtures/cmd/get-cfg-var @@ -0,0 +1 @@ +text/html \ No newline at end of file diff --git a/test/helpers/mock_loader.rb b/test/helpers/mock_loader.rb index a63760aa4..0582baf5c 100644 --- a/test/helpers/mock_loader.rb +++ b/test/helpers/mock_loader.rb @@ -401,6 +401,12 @@ class MockLoader %{sh -c 'type "cgget"'} => empty.call, # mail_alias "cat /etc/aliases | grep '^daemon:'" => cmd.call("mail-alias"), + # php_config + %{sh -c 'type "php"'} => empty.call, + 'Get-Command "php"' => empty.call, + 'type "php"' => empty.call, + "php -r 'echo get_cfg_var(\"default_mimetype\");'" => cmd.call("get-cfg-var"), + "php -c /etc/php/7.4/cli/php.ini -r 'echo get_cfg_var(\"default_mimetype\");'" => cmd.call("get-cfg-var"), # routing_table "netstat -rn" => cmd.call("netstat-rn-linux"), %{sh -c 'type "netstat"'} => empty.call, diff --git a/test/unit/resources/php_config_test.rb b/test/unit/resources/php_config_test.rb new file mode 100644 index 000000000..eef3ed904 --- /dev/null +++ b/test/unit/resources/php_config_test.rb @@ -0,0 +1,41 @@ +# If we can load the InSpec globals definition file... +require "inspec/globals" +require "#{Inspec.src_root}/test/helper" +require_relative "../../../lib/inspec/resources/php_config" + +describe Inspec::Resources::PhpConfig do + # ubuntu + it "checks php config parameters on ubuntu from default ini file." do + resource = MockLoader.new("ubuntu".to_sym).load_resource("php_config", "default_mimetype") + _(resource.value).must_equal "text/html" + _(resource.resource_id).must_equal "default_mimetype" + end + + # ubuntu with custom ini file. + it "checks php config parameters on ubuntu from default ini file." do + resource = MockLoader.new("ubuntu".to_sym).load_resource("php_config", "default_mimetype", { "ini" => "/etc/php/7.4/cli/php.ini" }) + _(resource.value).must_equal "text/html" + _(resource.resource_id).must_equal "default_mimetype" + end + + # windows + it "checks php config parameters on windows from default ini file." do + resource = MockLoader.new("windows".to_sym).load_resource("php_config", "default_mimetype") + _(resource.value).must_equal "text/html" + _(resource.resource_id).must_equal "default_mimetype" + end + + # macos10_10 + it "checks php config parameters on darwin from default ini file." do + resource = MockLoader.new("macos10_10".to_sym).load_resource("php_config", "default_mimetype") + _(resource.value).must_equal "text/html" + _(resource.resource_id).must_equal "default_mimetype" + end + + # ubuntu with invalid config param + it "checks invalid php config parameters on ubuntu from default ini file." do + resource = MockLoader.new("ubuntu".to_sym).load_resource("php_config", "an_invalid_param") + ex = _ { resource.value }.must_raise(Inspec::Exceptions::ResourceFailed) + _(ex.message).must_include "Executing php -r 'echo get_cfg_var(\"an_invalid_param\");' failed" + end +end From 120bf0ab9acbaf536e467bc5552d8f03bb533a4b Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Sat, 23 Apr 2022 11:27:47 +0530 Subject: [PATCH 3/6] CFINSPEC-81: Add documentation for php_config Signed-off-by: Sonu Saha --- .../content/inspec/resources/php_config.md | 71 +++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 docs-chef-io/content/inspec/resources/php_config.md diff --git a/docs-chef-io/content/inspec/resources/php_config.md b/docs-chef-io/content/inspec/resources/php_config.md new file mode 100644 index 000000000..98c884570 --- /dev/null +++ b/docs-chef-io/content/inspec/resources/php_config.md @@ -0,0 +1,71 @@ ++++ +title = "php_config resource" +draft = false +gh_repo = "inspec" + +[menu] + [menu.inspec] + title = "php_config" + identifier = "inspec/resources/os/php_config.md php_config resource" + parent = "inspec/resources/os" ++++ + +Use the `php_config` Chef InSpec audit resource to test PHP config parameters from the default php.ini file or a custom php configuration file. + + +## Availability + +### Installation + +This resource is distributed along with Chef InSpec itself. + +## Syntax + +A `php_config` Chef InSpec audit resource allows to test PHP config parameters from the default php.ini file or a custom php configuration file. The path for custom configuration file is given in a hash format with `ini` as the key and path as the value. + +```ruby + describe php_config("config_param") do + its("value") { should eq "some_value" } + end + + describe php_config("config_param", { "ini" => "path_to_ini_file" }) do + its("value") { should eq "some_value" } + end +``` +> where +> +> - `config_param` is a valid parameter of php configuration +> - `value` is a property of this resource +> - `some_value` is the value of the given `config_param` +> - `path_to_ini_file` is the path for custom php configuration file + +## Properties + +- The property of this resource is `value` + +### value + +The value property fetches the value of the given config parameter from the default php.ini file or a custom php configuration file. + +```ruby + its("value") { should eq "some_value" } +``` + +## Examples +The following examples show how to use this Chef InSpec audit resource. + +### Fetch the value for a config parameter from the default configuration file + +```ruby + describe php_config("default_mimetype") do + its("value") { should eq "text/html" } + end +``` + +### Fetch the value for a config parameter from a custom configuration file + +```ruby + describe php_config("default_mimetype", { "ini" => "/etc/php/7.4/cli/php.ini" }) do + its("value") { should eq "text/html" } + end +``` From f16b948bdca20182c43254f58783efee656988a6 Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Sat, 23 Apr 2022 11:35:57 +0530 Subject: [PATCH 4/6] CFINSPEC-81: Handle situation for integer config values Signed-off-by: Sonu Saha --- lib/inspec/resources/php_config.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/inspec/resources/php_config.rb b/lib/inspec/resources/php_config.rb index 56aaedf81..e8a6ef467 100644 --- a/lib/inspec/resources/php_config.rb +++ b/lib/inspec/resources/php_config.rb @@ -50,8 +50,10 @@ module Inspec::Resources raise Inspec::Exceptions::ResourceFailed, "Executing #{php_cmd} failed: #{config_value_cmd.stderr}" if config_value_cmd.exit_status.to_i != 0 - # Return the standard output of the command executed. - config_value_cmd.stdout.strip + config_value = config_value_cmd.stdout.strip + + # Convert value to integer if the config value are digits. + config_value.match(/^(\d)+$/) ? config_value.to_i : config_value end private From a0a6a39bb0fcfed921d065887f9d92c269429d95 Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Mon, 25 Apr 2022 11:48:44 +0530 Subject: [PATCH 5/6] CFINSPEC-81: Add supports platform check Signed-off-by: Sonu Saha --- docs-chef-io/content/inspec/resources/php_config.md | 1 + lib/inspec/resources/php_config.rb | 2 ++ 2 files changed, 3 insertions(+) diff --git a/docs-chef-io/content/inspec/resources/php_config.md b/docs-chef-io/content/inspec/resources/php_config.md index 98c884570..17e77578c 100644 --- a/docs-chef-io/content/inspec/resources/php_config.md +++ b/docs-chef-io/content/inspec/resources/php_config.md @@ -2,6 +2,7 @@ title = "php_config resource" draft = false gh_repo = "inspec" +platform = "os" [menu] [menu.inspec] diff --git a/lib/inspec/resources/php_config.rb b/lib/inspec/resources/php_config.rb index e8a6ef467..1dd526a23 100644 --- a/lib/inspec/resources/php_config.rb +++ b/lib/inspec/resources/php_config.rb @@ -4,6 +4,8 @@ module Inspec::Resources class PhpConfig < Inspec.resource(1) # Resource's internal name. name "php_config" + supports platform: "unix" + supports platform: "windows" desc "Use the php_config InSpec audit resource to test PHP config parameters" example <<~EXAMPLE From e507443c777a3004bce396b35420b7bf2c6a79b6 Mon Sep 17 00:00:00 2001 From: Deepa Kumaraswamy Date: Fri, 13 May 2022 20:11:01 +0530 Subject: [PATCH 6/6] Review Doc Signed-off-by: Deepa Kumaraswamy --- .../content/inspec/resources/php_config.md | 33 ++++++++++--------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/docs-chef-io/content/inspec/resources/php_config.md b/docs-chef-io/content/inspec/resources/php_config.md index 17e77578c..a5a76cd45 100644 --- a/docs-chef-io/content/inspec/resources/php_config.md +++ b/docs-chef-io/content/inspec/resources/php_config.md @@ -11,51 +11,52 @@ platform = "os" parent = "inspec/resources/os" +++ -Use the `php_config` Chef InSpec audit resource to test PHP config parameters from the default php.ini file or a custom php configuration file. - +Use the `php_config` Chef InSpec audit resource to test the PHP configuration parameters from the default `php.ini` file or a custom *php* file. ## Availability ### Installation -This resource is distributed along with Chef InSpec itself. +The Chef InSpec distributes This resource. ## Syntax -A `php_config` Chef InSpec audit resource allows to test PHP config parameters from the default php.ini file or a custom php configuration file. The path for custom configuration file is given in a hash format with `ini` as the key and path as the value. +A `php_config` Chef InSpec audit resource allows to test PHP configuration parameters from the default `php.ini` or a custom *php* file. The custom configuration file path is provided in a hash format with `ini` as the key and path as the value. ```ruby describe php_config("config_param") do - its("value") { should eq "some_value" } + its("value") { should eq "VALUE" } end describe php_config("config_param", { "ini" => "path_to_ini_file" }) do - its("value") { should eq "some_value" } + its("value") { should eq "VALUE" } end ``` + > where -> -> - `config_param` is a valid parameter of php configuration -> - `value` is a property of this resource -> - `some_value` is the value of the given `config_param` -> - `path_to_ini_file` is the path for custom php configuration file +> +> - `config_param` is a valid parameter of php configuration. +> - `value` is a property of this resource. +> - `some_value` is the value of the specified `config_param`. +> - `path_to_ini_file` is the path for custom php configuration file. ## Properties -- The property of this resource is `value` +The property of this resource is `value`. ### value -The value property fetches the value of the given config parameter from the default php.ini file or a custom php configuration file. +The value property fetches the provided configuration parameter value from the default `php.ini` file or a custom `php` file. ```ruby - its("value") { should eq "some_value" } + its("value") { should eq "VALUE" } ``` ## Examples + The following examples show how to use this Chef InSpec audit resource. -### Fetch the value for a config parameter from the default configuration file +### Fetch the configuration parameter value from the default configuration file ```ruby describe php_config("default_mimetype") do @@ -63,7 +64,7 @@ The following examples show how to use this Chef InSpec audit resource. end ``` -### Fetch the value for a config parameter from a custom configuration file +### Fetch the configuration parameter value from a custom configuration file ```ruby describe php_config("default_mimetype", { "ini" => "/etc/php/7.4/cli/php.ini" }) do