Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-27 07:00:39 +00:00
Code Issues Projects Releases Packages Wiki Activity

implementing changes requested in review

Browse source 
Signed-off-by: Jeremy J. Miller <jm@chef.io>
This commit is contained in:
Jeremy J. Miller 2016-10-17 09:41:36 -04:00 committed by Christoph Hartmann
parent 1288f90247
commit fe18e3090d
1 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
lib/resources/file.rb
View file

@ -17,7 +17,7 @@ module Inspec::Resources
end end
end end
class FileResource < Inspec.resource(1) class FileResource < Inspec.resource(1) # rubocop:disable Metrics/ClassLength
include FilePermissionsSelector include FilePermissionsSelector
include MountParser include MountParser
@ -39,7 +39,6 @@ module Inspec::Resources
# select permissions style # select permissions style
@perms_provider = select_file_perms_style(inspec.os) @perms_provider = select_file_perms_style(inspec.os)
@file = inspec.backend.file(path) @file = inspec.backend.file(path)
return skip_resource 'The `file` resource is not supported on your OS yet.' if @perms_provider.nil?
end end
%w{ %w{
@ -66,18 +65,21 @@ module Inspec::Resources
def readable?(by_usergroup, by_specific_user) def readable?(by_usergroup, by_specific_user)
return false unless exist? return false unless exist?
return skip_resource '`readable?` is not supported on your OS yet.' if @perms_provider.nil?
file_permission_granted?('read', by_usergroup, by_specific_user) file_permission_granted?('read', by_usergroup, by_specific_user)
end end
def writable?(by_usergroup, by_specific_user) def writable?(by_usergroup, by_specific_user)
return false unless exist? return false unless exist?
return skip_resource '`writable?` is not supported on your OS yet.' if @perms_provider.nil?
file_permission_granted?('write', by_usergroup, by_specific_user) file_permission_granted?('write', by_usergroup, by_specific_user)
end end
def executable?(by_usergroup, by_specific_user) def executable?(by_usergroup, by_specific_user)
return false unless exist? return false unless exist?
return skip_resource '`executable?` is not supported on your OS yet.' if @perms_provider.nil?
file_permission_granted?('execute', by_usergroup, by_specific_user) file_permission_granted?('execute', by_usergroup, by_specific_user)
end end
@ -125,7 +127,7 @@ module Inspec::Resources
private private
def file_permission_granted?(access, by_usergroup, by_specific_user) def file_permission_granted?(access, by_usergroup, by_specific_user)
return nil if @perms_provider.nil? fail '`file_permission_granted?` is not supported on your OS' if @perms_provider.nil?
if by_specific_user.nil? || by_specific_user.empty? if by_specific_user.nil? || by_specific_user.empty?
return nil if !inspec.os.unix? return nil if !inspec.os.unix?
usergroup = usergroup_for(by_usergroup, by_specific_user) usergroup = usergroup_for(by_usergroup, by_specific_user)
@ -169,6 +171,8 @@ module Inspec::Resources
'w' 'w'
when 'execute' when 'execute'
'x' 'x'
else
fail 'Invalid access_type provided'
end end
if inspec.os.linux? if inspec.os.linux?
perm_cmd = "su -s /bin/sh -c \"test -#{flag} #{path}\" #{user}" perm_cmd = "su -s /bin/sh -c \"test -#{flag} #{path}\" #{user}"
@ -196,6 +200,8 @@ module Inspec::Resources
'@(\'FullControl\', \'Modify\', \'Write\')' '@(\'FullControl\', \'Modify\', \'Write\')'
when 'execute' when 'execute'
'@(\'FullControl\', \'Modify\', \'ReadAndExecute\', \'ExecuteFile\')' '@(\'FullControl\', \'Modify\', \'ReadAndExecute\', \'ExecuteFile\')'
else
fail 'Invalid access_type provided'
end end
cmd = inspec.command("@(@((Get-Acl #{path}).access | Where-Object {$_.AccessControlType -eq 'Allow' -and $_.IdentityReference -eq '#{user}' }) | Where-Object {($_.FileSystemRights.ToString().Split(',') | % {$_.trim()} | ? {#{access_rule} -contains $_}) -ne $null}) | measure | % { $_.Count }") cmd = inspec.command("@(@((Get-Acl #{path}).access | Where-Object {$_.AccessControlType -eq 'Allow' -and $_.IdentityReference -eq '#{user}' }) | Where-Object {($_.FileSystemRights.ToString().Split(',') | % {$_.trim()} | ? {#{access_rule} -contains $_}) -ne $null}) | measure | % { $_.Count }")
cmd.stdout.chomp == '0' ? false : true cmd.stdout.chomp == '0' ? false : true