Commit graph

169 commits

Author SHA1 Message Date
Dominik Richter
562f6ad732 add the Nginx parser
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-03 17:25:00 +02:00
Adam Leff
f14ed844a9 Merge pull request #1856 from chef/chris-rock/1828
Fix parameters to `find` commands
2017-05-31 14:35:32 -04:00
Christoph Hartmann
687f1a5827 update unit tests
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-31 00:21:05 -05:00
Christoph Hartmann
a6ef98c896 verifies that inspec.yml uses licenses in SPDX format
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-31 00:21:05 -05:00
Christoph Hartmann
57097ea2a9 fix #1828
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-31 00:20:42 -05:00
Dominik Richter
1dafe50bd9 rename SimpleConfig / parse_config / parse_config_file options
See https://github.com/chef/inspec/issues/1709
Fixes https://github.com/chef/inspec/issues/1709

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 23:18:40 +02:00
Dominik Richter
02e435b6d0 add rabbitmq config resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-12 20:51:12 +02:00
Adam Leff
ea7c0c493e Provide a method-based accessor for SimpleConfig hashes
When SimpleConfig parses a config file that has sections, such as a mysqld
config file, the values within that section are returned via a Hash. However,
we do not provide an easy way to write tests for those deep hash values:

```
describe mysql_conf('/tmp/my.cnf') do
  its('mysqld.expire_logs_days') { should cmp 10 }
end

  MySQL Configuration
     ∅  undefined method `expire_logs_days' for #<Hash:0x007fe463795a00>
```

This change provides a method-based accessor for Hashes that are built via
SimpleConfig.

```
describe mysql_conf('/tmp/my.cnf') do
  its('mysqld.expire_logs_days') { should cmp 10 }
end

  MySQL Configuration
     ✔  mysqld.expire_logs_days should cmp == 10
```

Fixes #1541 by changing the way the attributes are fetched.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-15 14:49:16 -05:00
Adam Leff
4f2b66302d Fix ObjectTraverser when accessing array values
When attempting to access array values via the `json` resource:

```
describe json('/tmp/test.json') do
      its(['array',0]) { should eq "zero" }
end
```

... the resulting data would be an array of the size of the original array
with all the values replaced with nils:

```
     expected: "zero"
          got: [nil, nil, nil]
```

This was due to a bug in the ObjectTraverser mixin that mapped array values
back through `extract_value` rather than properly handling the passed-in
key(s). This worked fine for the specific data format created by the `csv`
resource but did not work `json` or any other resource that subclassed the
`JsonConfig` resource.

This change fixes the logic when dealing with an array when it's encountered,
and fixes up the `csv` resource with its own `value` method.

This change also adds tests for ObjectTraverser.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-15 11:35:55 +01:00
Makoto Nozaki
f913b56ffc Avoid connection timeout of "inspec version" (#1538)
* Add open_timeout to NET::HTTP.start call
Signed-off-by: Makoto Nozaki <makoto.nozaki@twosigma.com>

* Code cleanup based on the discussion at #1538
Signed-off-by: Makoto Nozaki <makoto.nozaki@twosigma.com>
2017-03-06 09:23:42 -07:00
Joseph Benden
1fdecc6680 Add FreeBSD support for ZFS datasets and pools
The following new resources have been added; however, they
presently only support FreeBSD and similar.

* `zfs_dataset`: tests if a named ZFS dataset is present
  and/or has certain properties.
* `zfs_pool`: tests if a named ZFS pool is present and/or
  has certain properties.

Additionally, the `mount` resource has been reworked to
include support for FreeBSD; while the existing class
was renamed to LinuxMountParser.

Unit-tests were added for all of the above.

Signed-off-by: Joseph Benden <joe@benden.us>
2017-02-22 10:29:49 -07:00
Tom Duffield
1ea83f526c Address rubocop violations
Signed-off-by: Tom Duffield <tom@chef.io>
2017-02-08 16:49:16 -06:00
Alex Pop
a3de32ad04 Fix xinetd parsing of services from the same file. Expose resource.protocols
Signed-off-by: Alex Pop <apop@chef.io>
2017-01-31 12:40:29 +00:00
Christoph Hartmann
f0cdad800f display if inspec version is outdated
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-01-03 12:10:43 +01:00
Dominik Richter
441967510f bugfix: support nil entries in filter table 2016-10-05 13:04:00 +02:00
Christoph Hartmann
c23263f3d0 handle xinetd config with only one entry 2016-08-16 17:23:22 +02:00
Steven Danna
b5cd64d16a Ignore comment lines in /etc/passwd
Most passwd/shadow implementations treat lines that start with '#' as
comments. For example, the implementation in OS X:

     if (buf[0] == '#') {
          /* skip comments for Rhapsody. */
          continue;
     }

https://opensource.apple.com/source/remote_cmds/remote_cmds-41/rpc_yppasswdd.tproj/passwd.c

Fixes #725

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-16 10:54:52 +02:00
Dominik Richter
70dd639471 move base_cli to lib/inspec
It is not a disconnected library, but a core component of inspec. Fix its location.
2016-07-26 20:11:25 +02:00
Dominik Richter
211a2e25fb align inspec detect output 2016-06-16 13:00:09 +02:00
Dominik Richter
0fec9cca13 enhance cli output for inspec check 2016-06-16 13:00:09 +02:00
Dominik Richter
f93084520f introduce cli report formatter 2016-06-15 17:11:29 +02:00
Christoph Hartmann
f1faf47112 introduce secrets backend 2016-06-14 02:49:47 +02:00
Dominik Richter
302a718b48 list arbitrary ports and query it
utilizing filter table to make port more flexible and useful.
2016-05-31 03:14:07 +02:00
Dominik Richter
02dae2c3c5 add simple style for filter table data
for quick flattening, filtering, and non-nil results. this also simplifies some interal calls and structure
2016-05-31 03:01:03 +02:00
Dominik Richter
d6345ffd17 add resource to filter table blocks
i.e. get access to the original resource for more information and calls.
2016-05-30 23:31:14 +02:00
Jeremy J. Miller
cfcc06a379 fix spelling 2016-05-15 11:04:23 -04:00
Jeremy J. Miller
9795879628 add sudo_command option 2016-05-15 07:22:18 -04:00
Dominik Richter
4d28fd8f31 remove inspec [exec|json|...] --id flag 2016-05-06 13:14:40 +02:00
Dominik Richter
67fccc1246 expose deprecated fields in passwd 2016-05-04 15:27:58 +02:00
Dominik Richter
fc718267c4 extend filter table to handle soft variable lookup 2016-05-04 15:27:58 +02:00
Dominik Richter
f30b6fb6f5 bugfix: handle train errors in inspec execution 2016-05-02 08:34:45 -04:00
Dominik Richter
6f612dc948 WIP add block support to where conditionals (1) passwd.users { != 2 } (2) add tests 2016-04-28 23:10:52 +02:00
Dominik Richter
0c8e891ee1 add #entries to filter table + remodel configuration 2016-04-28 22:46:39 +02:00
Dominik Richter
048a1584b9 encapsulated filters 2016-04-28 22:46:39 +02:00
Dominik Richter
d86161c616 add general filter utility for resources 2016-04-28 22:46:39 +02:00
Dominik Richter
01caf05020 add cmd for executing calls against the inspec api 2016-04-27 06:31:01 -07:00
Dominik Richter
9da23f9cbc remodel bash and shell wrappers 2016-04-18 11:48:42 -04:00
Dominik Richter
14995534cd skip profiles if the platform isnt supported 2016-04-16 15:34:23 -04:00
Christoph Hartmann
cd57b26bd0 wmi unit test 2016-03-20 11:53:56 +01:00
Christoph Hartmann
67251d2982 implement object traversal for wmi object, make namespace and filter optional 2016-03-20 11:53:56 +01:00
Dominik Richter
ccf2694940 bugfix: inheritance of local profiles 2016-03-08 14:59:14 +01:00
Dominik Richter
90f2212ed5 add color output + make default 2016-03-07 22:21:31 +01:00
Dominik Richter
b831b62a90 make controls selectable 2016-03-06 23:54:28 +01:00
Dominik Richter
f6bd7ed3b8 unify exec options 2016-03-06 15:07:12 +01:00
Dominik Richter
4a39275fc0 add xinetd_conf resource 2016-02-26 13:19:16 +01:00
Dominik Richter
33b2876d7c fix tests and lint 2016-02-22 12:06:42 +01:00
Dominik Richter
e4c3c9370b fix detection with new profile/runner scheme 2016-02-22 11:24:36 +01:00
Dominik Richter
1e1e473cb0 replace target-helper with fetcher+reader 2016-02-22 11:24:35 +01:00
Dominik Richter
1825fd1fef separate reusable plugin registry with sorting 2016-02-22 11:24:35 +01:00
Dominik Richter
83fcc35d2a expose all fields + deprecate singular accessors 2016-02-18 16:10:42 +01:00
Stephan Renatus
405b3e3fa4 rubocop fixes 2016-02-09 11:51:52 +01:00
Stephan Renatus
57db5a9414 unit test FilterArray, make retrieved values unique 2016-02-09 11:51:52 +01:00
Stephan Renatus
5270f21da9 move FilterArray to utils, add retrieving values 2016-02-09 11:51:52 +01:00
Dominik Richter
bb264897f4 wrap basecli in inspec module
Take care of a rare error which has Inspec undefined
2016-02-05 18:25:40 +01:00
Christoph Hartmann
b7a88dbd7a fix linting and unit test 2016-02-05 16:57:51 +01:00
Christoph Hartmann
a55a4869d9 extract base cli class 2016-02-05 14:20:32 +01:00
Christoph Hartmann
826d059b19 optimize json logger for line delimited JSON 2016-02-04 16:38:57 +01:00
Christoph Hartmann
907a4e1f33 add json stream logger for inspec check 2016-02-04 16:38:57 +01:00
Stephan Renatus
ff682532cf fix warning in #find_files[_or_error] 2016-02-01 16:32:47 +01:00
Christoph Hartmann
678ee2b473 parse port information on solaris 10 and 11 via netstat 2016-01-28 18:30:38 +01:00
Dominik Richter
4092691a78 lint 2016-01-15 04:07:25 +01:00
Christoph Hartmann
772df929f6 implement be_mounted.with for file resources 2016-01-03 00:03:24 +01:00
Christoph Hartmann
19ed6be39f more fine-grained utils parser 2016-01-02 22:41:58 +01:00
Stephan Renatus
324ba14a6b fix optional type argument handling 2015-12-04 14:27:32 +01:00
Stephan Renatus
390e0fcca7 restore old find_files interface
- fixes #276
- basic test for find_files
2015-12-04 14:15:45 +01:00
Dominik Richter
6cbe3466fb update rubocop 0.35.1 2015-11-13 01:03:15 +01:00
Dominik Richter
471a723b83 restore parse_passwd_line to be public, thanks @chris-rock 2015-10-26 17:16:05 +01:00
Dominik Richter
0ac3c412aa bugfix: support empty content in simpleconfig 2015-10-26 16:16:42 +01:00
Dominik Richter
95242bf9c2 add content parser tests 2015-10-26 15:50:57 +01:00
Dominik Richter
b58a4b3f43 rename vulcanosec -> inspec 2015-10-26 12:34:15 +01:00
Dominik Richter
45f7057f30 lint 2015-10-26 04:39:16 +01:00
Christoph Hartmann
949496776e move comment parser to utils 2015-10-07 18:45:07 +02:00
Christoph Hartmann
8fff2ee989 add author header 2015-10-06 18:55:44 +02:00
Christoph Hartmann
14c5c3f393 lint: remove whitespace 2015-10-05 12:28:28 +02:00
Christoph Hartmann
6b2064ad89 return password expiry information for linux 2015-10-05 11:50:49 +02:00
Christoph Hartmann
57676d88a1 externalize passwd parser 2015-10-05 11:42:20 +02:00
Christoph Hartmann
77f48cfcf3 move line-split to simple config 2015-10-05 11:42:20 +02:00
Dominik Richter
aa4593ff71 replace parseconfig with simpleconfig
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-30 12:19:55 +02:00
Dominik Richter
8b97bdbaa7 expose simpleconfig groups
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-30 12:18:09 +02:00
Dominik Richter
2d8b63cb22 feature: support simple config groups
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-30 12:00:38 +02:00
Dominik Richter
1076dcbd52 remove os_ prefix from detect json syntax
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-23 10:25:05 +02:00
Dominik Richter
7fb41cdbee remove conditional or on release for detect util
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:03 +02:00
Dominik Richter
e78fbf1b96 move windows OS detection to backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:02 +02:00
Dominik Richter
94d748efd1 add os name to detect util
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:02 +02:00
Dominik Richter
4852842bf6 feature: add hash utility for deep_merge
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
1345c1d017 update findfiles to work with new backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
f1cc7cbf9b lint utils
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
753e7775ef lint detect
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Christoph Hartmann
0e8651bf26 fix rubocop issues 2015-09-05 16:07:54 +02:00
Christoph Hartmann
36c9de7529 more rubocop fixes 2015-09-04 09:59:30 +02:00
Christoph Hartmann
bbbb8380ca replace raise with fail 2015-09-03 23:24:42 +02:00
Christoph Hartmann
556bb5a0f0 remove empty lines 2015-09-03 23:20:53 +02:00
Christoph Hartmann
349d5bf9f1 harmonize method definition style 2015-09-03 20:43:58 +02:00
Christoph Hartmann
7bdcc00e94 add utf-8 header 2015-09-03 20:36:46 +02:00
Christoph Hartmann
5612752b82 use single quotes 2015-09-03 20:35:23 +02:00
Dominik Richter
b2e031c056 start serverspec migration
This project is inspired by Serverspec and all the wonderful contributions that went into it. Thank you all so much! We have used Serverspec as our audit base and have now a slightly different perspective. We hope to continue the spirit on this path. Hopefully both projects will find their way together.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 17:36:05 -07:00
Christoph Hartmann
3570295007 bugfix: remove debug message 2015-08-14 01:46:43 -07:00
Christoph Hartmann
6e7d2f6bcf detect windows versions 2015-08-14 01:43:02 -07:00
Christoph Hartmann
e4de940dfe improve windows detection 2015-08-14 00:49:31 -07:00
Dominik Richter
086d385fe0 add detect utility to get os info
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-13 17:18:17 -07:00