From de87080987db050e3c906057ff590a3db006dda4 Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Thu, 5 May 2022 19:17:55 -0400 Subject: [PATCH] Several small bugs and usability fixes Signed-off-by: Clinton Wolfe --- lib/inspec/base_cli.rb | 3 +++ lib/inspec/errors.rb | 2 +- lib/inspec/file_provider.rb | 4 ++-- lib/inspec/iaf_file.rb | 6 +++++- lib/plugins/inspec-sign/lib/inspec-sign/base.rb | 8 ++++++-- 5 files changed, 17 insertions(+), 6 deletions(-) diff --git a/lib/inspec/base_cli.rb b/lib/inspec/base_cli.rb index b09fa5275..b88486d92 100644 --- a/lib/inspec/base_cli.rb +++ b/lib/inspec/base_cli.rb @@ -323,6 +323,9 @@ module Inspec def pretty_handle_exception(exception) case exception + when Inspec::InvalidProfileSignature + $stderr.puts exception.message + Inspec::UI.new.exit(:bad_signature) when Inspec::Error $stderr.puts exception.message exit(1) diff --git a/lib/inspec/errors.rb b/lib/inspec/errors.rb index cdcddd6d3..db8f42b7a 100644 --- a/lib/inspec/errors.rb +++ b/lib/inspec/errors.rb @@ -23,5 +23,5 @@ module Inspec attr_accessor :version end - class InvalidProfile < Error; end + class InvalidProfileSignature < Error; end end diff --git a/lib/inspec/file_provider.rb b/lib/inspec/file_provider.rb index 35513736f..a8f90d98b 100644 --- a/lib/inspec/file_provider.rb +++ b/lib/inspec/file_provider.rb @@ -20,7 +20,7 @@ module Inspec if iaf_file.valid? IafProvider.new(path) else - raise Inspec::InvalidProfile, "Profile is invalid." + raise Inspec::InvalidProfileSignature, "Profile signature is invalid." end elsif File.exist?(path) DirProvider.new(path) @@ -239,7 +239,7 @@ module Inspec f.close content = content.slice(490, content.length).lstrip else - raise Inspec::InvalidProfile, "Profile is invalid." + raise Inspec::InvalidProfileSignature, "Unrecognized IAF version." end tmpfile = nil diff --git a/lib/inspec/iaf_file.rb b/lib/inspec/iaf_file.rb index 92b2c2c83..0cc374d74 100644 --- a/lib/inspec/iaf_file.rb +++ b/lib/inspec/iaf_file.rb @@ -56,15 +56,18 @@ module Inspec false end + attr_reader :key_name, :version + def initialize(path) @path = path + @key_name = nil end def valid? header = [] valid = true f = File.open(@path, "rb") - version = f.readline.strip! + @version = f.readline.strip! if version == INSPEC_PROFILE_VERSION_1 header << version header << f.readline.strip! @@ -96,6 +99,7 @@ module Inspec valid = false end + @key_name = header[1] validation_key_path = Inspec::IafFile.find_validation_key(header[1]) unless valid_header?(header) diff --git a/lib/plugins/inspec-sign/lib/inspec-sign/base.rb b/lib/plugins/inspec-sign/lib/inspec-sign/base.rb index 281f9453e..df742a1f8 100644 --- a/lib/plugins/inspec-sign/lib/inspec-sign/base.rb +++ b/lib/plugins/inspec-sign/lib/inspec-sign/base.rb @@ -36,11 +36,11 @@ module InspecPlugins FileUtils.mkdir_p(path) puts "Generating signing key in #{path}/#{options["keyname"]}.pem.key" - open "#{options["keyname"]}.pem.key", "w" do |io| + open "#{path}/#{options["keyname"]}.pem.key", "w" do |io| io.write key.to_pem end puts "Generating validation key in #{path}/#{options["keyname"]}.pem.pub" - open "#{options["keyname"]}.pem.pub", "w" do |io| + open "#{path}/#{options["keyname"]}.pem.pub", "w" do |io| io.write key.public_key.to_pem end end @@ -89,9 +89,13 @@ module InspecPlugins iaf_file = Inspec::IafFile.new(file_to_verify) if iaf_file.valid? + puts "Detected format version '#{iaf_file.version}'" + puts "Attempting to verify using key '#{iaf_file.key_name}'" puts "Profile is valid." Inspec::UI.new.exit(:normal) else + puts "Detected format version '#{iaf_file.version}'" + puts "Attempting to verify using key '#{iaf_file.key_name}'" if iaf_file.key_name puts "Profile is invalid" Inspec::UI.new.exit(:bad_signature) end