Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-12-11 22:02:47 +00:00
Code Issues Projects Releases Packages Wiki Activity
1604 commits 455 branches 1904 tags 76 MiB
Commit graph

836 commits

Author SHA1 Message Date
Dominik Richter
af8e4e93ca add supports keyword to profiles 2015-12-31 17:54:13 +01:00
Dominik Richter
2e0da6e9e8 unify metadata resolution 2015-12-31 12:49:18 +01:00
Dominik Richter
3db2dd756d resolve metadata from profile targets 2015-12-31 12:49:18 +01:00
Dominik Richter
e7b7f166cf dry folder resolver 2015-12-31 12:49:18 +01:00
Dominik Richter
96c9794cbf bugfix: reload inspec DSL after loading libraries 2015-12-29 19:27:00 +01:00
Dominik Richter
526932584d fix metadata validation 2015-12-28 13:35:38 +01:00
Dominik Richter
cfa2b9a39c fix metadata reading and parsing 2015-12-28 13:16:09 +01:00
Dominik Richter
cdc95df5ca keep metadata checks in metadata.rb 2015-12-28 13:07:21 +01:00
Dominik Richter
aef0cabde8 fix method length in inspec.check 2015-12-28 13:01:27 +01:00
Christoph Hartmann
0ab46ff5b1 rename metadata.yml to inspec.yml 2015-12-28 12:53:42 +01:00
Christoph Hartmann
1d4295ee4d remove owner/name restriction 2015-12-28 12:53:42 +01:00
Christoph Hartmann
06c1265b38 add support for .tgz extension. Thanks @srenatus 2015-12-28 12:53:42 +01:00
Christoph Hartmann
31c8509092 lint profile implementation 2015-12-28 12:53:42 +01:00
Christoph Hartmann
27150e5341 feature: generate profile archive 2015-12-28 12:53:42 +01:00
Christoph Hartmann
9da0e32f3d bugfix: only add path to load path if the test is located on filesystem 2015-12-28 12:53:42 +01:00
Christoph Hartmann
ebe54efd67 feature: load tests from zip and tar.gz 2015-12-28 12:53:42 +01:00
Christoph Hartmann
43c778078c feature: add support for metadata.yml 2015-12-28 12:53:42 +01:00
Christoph Hartmann
9e8e64319e improvement: better detection of directory types 2015-12-28 12:53:42 +01:00
Christoph Hartmann
bb97044338 bugfix: fix profile check 2015-12-28 12:53:38 +01:00
Christoph Hartmann
9fda6d3e89 bugfix: use skip_control instead of skip_rule as default 2015-12-28 12:07:57 +01:00
Christoph Hartmann
e122e48ae5 change profile directory from 'test' to 'controls' 2015-12-28 12:07:57 +01:00
Dominik Richter
7473dea1f2 ignore auto-generated controls during verify check 2015-12-23 11:11:49 +01:00
Dominik Richter
b2e0fac625 change check errors on summary+title to warnings 2015-12-23 09:18:59 +01:00
Dominik Richter
d2509f745e reference correct fields from metadata in inspec check 2015-12-23 09:18:59 +01:00
Dominik Richter
25706b3612 0.9.7 2015-12-21 16:31:48 +01:00
Christoph Hartmann
ca33ac9288 Merge pull request #321 from jeremymv2/security_policy_fixes 
Fixing issue with security policy always returning nil
 2015-12-17 17:55:01 +01:00
Jeremy J. Miller
f1e8483cd8 Removed extra whitespace 2015-12-17 08:56:43 -05:00
Stephan Renatus
3a1dcb7669 teach cmp matcher octal tricks 2015-12-16 11:32:31 +01:00
Jeremy J. Miller
af55cb41d8 Added ensure block to always delete file 2015-12-15 14:40:57 -05:00
Jeremy J. Miller
652392918d Fixing issue with security policy always returning nil 2015-12-15 10:29:54 -05:00
Stephan Renatus
a5a780f920 reset rspec configuration when initializing Inspec::Runner 
fixes https://github.com/chef/kitchen-inspec/issues/15
 2015-12-15 14:00:53 +01:00
troyready
29f954f7f3 add release to el pkg version & catch missing linebreaks 
Package release info (e.g. '19.el7') is often required to determine if
a system has been properly patched.

Lines like the following from rpm are messing up the version returned
by the package resource:
"...\nVersion     : 1.8.6p3                           Vendor: Red Hat, Inc.\n..."
Correcting this with a new conditional check.
 2015-12-11 13:05:22 -08:00
Dominik Richter
cc67d8d4c0 0.9.6 2015-12-11 18:34:15 +01:00
Dominik Richter
494ed708d4 Merge pull request #318 from chef/chris-rock/cmp-matcher 
matcher for less-restrictive comparison
 2015-12-11 17:58:47 +01:00
Christoph Hartmann
0185751ff5 lint exception 2015-12-11 17:48:05 +01:00
Christoph Hartmann
52cd0b38d1 update style of float? detection 2015-12-11 17:26:46 +01:00
Christoph Hartmann
31f8863701 update failure message for cmp matcher 2015-12-11 17:19:28 +01:00
Christoph Hartmann
53728ee03a lint fix 2015-12-11 17:17:01 +01:00
Christoph Hartmann
9f0755be99 add new cmp matcher that eases the comparison for values 2015-12-11 17:02:48 +01:00
Christoph Hartmann
b2c457cf22 lint: remove redundant return 2015-12-11 15:39:49 +01:00
Christoph Hartmann
6badbf4dc9 bugfix: abort registry_key resource if the os is not supported 2015-12-11 15:39:49 +01:00
Christoph Hartmann
90e1eb9e39 bugfix: always ensure the script resource is properly initialized, even if the os is not supported 2015-12-11 15:39:49 +01:00
Christoph Hartmann
7422306ba7 lint fix 2015-12-11 14:34:28 +01:00
Christoph Hartmann
95c7ba8fe5 simplify prompt color setting 2015-12-11 14:29:31 +01:00
Christoph Hartmann
100df85b27 improve shell prompt and help 2015-12-11 14:03:36 +01:00
Stephan Renatus
652d51e9dc [resource/port] add port(addr, port) variant 2015-12-08 20:33:36 +01:00
Stephan Renatus
8532dd7034 [resource/port] change attribute names to plural, indicating arrays 
see discussion in #256
 2015-12-08 20:33:36 +01:00
Adam Leff
c146a76679 File permission checks should return false unless file exists 
Currently, #readable?, #writeable?, and #executable? will incorrectly
return true if the file does not exist.

In addition, I took the opportunity to refactor the File resource to
make it easier to write unit tests and supplied a full unit test
suite for this resource.
 2015-12-08 19:57:34 +01:00
Stephan Renatus
7a1cd660c3 [resources/processes] add users, states attribute; update docs 
processes('bash').user does not actually make much sense for a resource
that is a list -- different entries can belong to different users.
Analogous for processes('bash').state.

The attributes 'users' and 'states' expose the unique values
corresponding to that property of entries in the process list.

Fixes #295.
 2015-12-08 13:06:27 +01:00
Stephan Renatus
bf15c05f7f Merge pull request #299 from chef/chris-rock/os-resource 
support string and symbol for os resource
 2015-12-07 12:22:58 +01:00
Stephan Renatus
33f2fe3dde hide summary output when running interactively (inspec shell) 2015-12-07 11:12:41 +01:00
Stephan Renatus
17a80d32a9 remove second welcome 2015-12-07 11:12:41 +01:00
Stephan Renatus
c6fd8c5880 mention help [resource] 2015-12-07 11:12:41 +01:00
Christoph Hartmann
dcb09802d3 support string and symbol for os resource 2015-12-07 11:11:55 +01:00
Stephan Renatus
79f48afa6c [resources/apache_conf]: add tests, fix bug 
before, the resource would throw an exception when include_files
returned nil (i.e., [].flatten!)

added basic unit tests capturing the include_files behaviour
 2015-12-07 10:50:48 +01:00
Christoph Hartmann
7c393a1891 Merge pull request #291 from chef/sr/fix-find_files 
revert to old find_files interface
 2015-12-04 14:41:36 +01:00
Stephan Renatus
324ba14a6b fix optional type argument handling 2015-12-04 14:27:32 +01:00
Stephan Renatus
390e0fcca7 restore old find_files interface 
- fixes #276
- basic test for find_files
 2015-12-04 14:15:45 +01:00
Adam Leff
e0c356dae7 Adding support for Wind River Linux 
WRL is used as the OS on Cisco Nexus devices and acts like a Red
Hat variant. These changes add support for WRL.
 2015-12-03 17:41:11 -05:00
Christoph Hartmann
766fe47b87 add inline documentation 2015-12-01 10:56:47 +01:00
Christoph Hartmann
6a6cff1526 feature: add help command for resources 2015-12-01 10:56:47 +01:00
Christoph Hartmann
2c8a8ccb25 improvement: add etc_group support for centos and add integration test 2015-12-01 10:40:12 +01:00
Dominik Richter
762562b967 0.9.5 2015-11-25 15:43:31 +01:00
Dominik Richter
468159772f 0.9.4 2015-11-24 20:04:31 +01:00
Christoph Hartmann
a822dcee1a optimize code structure 2015-11-24 18:39:32 +01:00
Christoph Hartmann
0bd7f557d5 bugfix: do manual split of id result because we cannot use whitespace 2015-11-24 18:35:10 +01:00
Christoph Hartmann
be62b76dc2 improvement: add checks to ensure the requested file is available 2015-11-24 16:46:17 +01:00
Christoph Hartmann
60e2a3512f add init resource 2015-11-24 16:46:17 +01:00
Christoph Hartmann
0657525f4d lint json resource 2015-11-24 16:46:17 +01:00
Christoph Hartmann
62ecdf6a1f rewrite extraction of values 2015-11-24 16:46:17 +01:00
Christoph Hartmann
b70ba447b2 simplify method returns 2015-11-24 10:41:46 +01:00
Christoph Hartmann
129395141b bugfix: make registry_key case-insensitive for properties 2015-11-23 16:26:17 +01:00
Dominik Richter
75d8b9388b 0.9.3 2015-11-20 23:33:18 +01:00
Seth Chisamore
606f618fc7 ensure all test directories are on the runner $LOAD_PATH 
This change builds on chef/kitchen-inspec#12. All test directories should
be on the `$LOAD_PATH` when `Inspec::Runner` executes the test suites with
`RSpec::Core::Runner`. This will allow things like `require 'spec_helper'`
to work as expected.
 2015-11-20 00:14:57 -05:00
Seth Chisamore
beade346bf Add Windows support to the os_env resource 
This change allows checks like:

```
describe os_env('PATH') do
  its('split') { should include('C:\wix') }
end
```
 2015-11-19 15:41:00 +01:00
Dominik Richter
a04ff021c6 bugfix: support multiple computed calls to describe 
fixes #246
 2015-11-19 14:28:42 +01:00
Christoph Hartmann
b899430541 bugfix: add attribute reader to make the command accessible to script resource 2015-11-17 22:40:07 +01:00
Christoph Hartmann
cb95951e03 simplify script resource 2015-11-17 22:28:11 +01:00
Christoph Hartmann
cd35d82326 improvement: reimplement registry key resource 2015-11-17 22:28:11 +01:00
Christoph Hartmann
c6166e335b lint: fix lint error 2015-11-17 12:29:33 +01:00
Christoph Hartmann
850af710b0 improvement: add v6 protocol detection, it netstat does not deliver the information 2015-11-17 12:15:49 +01:00
Christoph Hartmann
9e3dccbfa3 improvement: restrice rescue to URI parse error 2015-11-17 12:14:05 +01:00
Christoph Hartmann
a4c47e1cd7 bugfix: fix regular expression to leave port colon 2015-11-17 12:12:59 +01:00
Christoph Hartmann
0de7549a64 lint: remove trailing whitespace 2015-11-16 21:44:12 +01:00
Christoph Hartmann
7898c1d29c improvement: optimize regular expression, catch parse errors and ignore header lines 2015-11-16 20:33:49 +01:00
Christoph Hartmann
83e6f46724 add centos support for port 2015-11-16 20:32:43 +01:00
Dominik Richter
17ce88b63d api: don't force root on os_env 2015-11-13 12:10:22 +01:00
Dominik Richter
069075b48a lint 2015-11-13 10:46:04 +01:00
Christoph Hartmann
7b179872bd extend upstart implementation to support systemv services 2015-11-13 09:54:30 +01:00
Dominik Richter
6cbe3466fb update rubocop 0.35.1 2015-11-13 01:03:15 +01:00
Dominik Richter
007594eef7 lint 2015-11-13 00:48:52 +01:00
Dominik Richter
b47409fd73 0.9.2 2015-11-05 18:40:24 +01:00
Dominik Richter
faa0b41803 bugfix: correct add_content call to new param structure 
this was breaking inspec shell
 2015-11-05 18:35:38 +01:00
Dominik Richter
b31501ab93 0.9.1 2015-11-04 00:51:16 +01:00
Dominik Richter
6c36720bd1 0.9.0 2015-11-03 03:04:57 +01:00
Dominik Richter
6e548364f4 bugfix: dont skip controls during json generation 2015-11-03 01:10:05 +01:00
Dominik Richter
ea66947b36 dont warn on command not existing on mock backend 2015-11-03 00:35:45 +01:00
Dominik Richter
6e8c4f02a1 fix typo 2015-11-03 00:35:45 +01:00
Christoph Hartmann
9d32bc7f81 improvement: fail properly if os is not supported 2015-11-02 22:58:20 +00:00
Christoph Hartmann
b1153685a4 bugfix: relax fail for command.exist? for inspec check command 2015-11-02 22:52:04 +00:00
Dominik Richter
7a07c02b4d alias rule instead of recreating it 2015-11-02 22:43:20 +01:00
Dominik Richter
ccabe55608 api: change require/include_rules -> require/include_controls 2015-11-02 22:26:20 +01:00
Dominik Richter
f976730a27 api: make control the default keyword 2015-11-02 22:26:20 +01:00
Dominik Richter
9aec339d9f disable class length metrics on profile context for now 2015-11-02 17:47:04 +01:00
Dominik Richter
de8437caa6 feature: introduce group title for files 2015-11-02 17:31:56 +01:00
Dominik Richter
93ee171dfa bugfix: use full path when resolving files 2015-11-02 16:43:39 +01:00
Dominik Richter
31d42b0212 lint: ignore line length on runner for now 2015-11-02 15:06:48 +01:00
Dominik Richter
421d7ecaa9 feature: auto-load libraries in profiles 2015-11-02 15:06:48 +01:00
Dominik Richter
f410ee3dba simplify folder resolver 2015-11-02 15:06:48 +01:00
Dominik Richter
22bf549e0b api: change library loading from /lib -> /libraries 2015-11-02 15:06:48 +01:00
Christoph Hartmann
d470803c37 improve command.exist? for more operating systems 2015-11-02 12:06:42 +01:00
Dominik Richter
13a6538acf temporarily disable rubocop metric on profile 2015-11-02 10:06:35 +01:00
Christoph Hartmann
ea47c5add8 use new internal structure for inspect check 2015-11-02 09:59:15 +01:00
Christoph Hartmann
4a676f55c3 remove dup method users, use usernames, fix example 2015-11-02 00:22:08 +01:00
Dominik Richter
d328919370 simplify resiliance 2015-11-01 23:48:29 +01:00
Christoph Hartmann
cdab39079a improvement: make os_env command more robust 2015-11-01 23:22:01 +01:00
Christoph Hartmann
1be689b77e remove exit_status and only call split if we have a string 2015-11-01 23:21:08 +01:00
Christoph Hartmann
324fa4881f do not offer stderr method via os_env 2015-11-01 23:14:12 +01:00
Christoph Hartmann
1941606b9e deactivate group policy for now 2015-11-01 22:39:30 +01:00
Christoph Hartmann
9e53556379 fix os_env example 2015-10-31 11:55:10 +01:00
Dominik Richter
24451469ca api: method_missing doesnt resolve hashmaps 
Since #its has its(pun) own way of handling calls with a dot-notation, the full call is never passed to the resource. For example:

```ruby
describe json('file') do
  its('a.b.c') { should eq 123 }
end
```

This is resolved to calling `json('file').a.b.c` and thus doesnt work as an intended `json('file').send('a.b.c'). For now use
regular its-behavior of calling `json('file').params ...  its(%w{a b c}) { should ... }`.

Its' behavior must be improved.
 2015-10-27 16:35:43 +01:00
Dominik Richter
8daf8dfa86 lint 2015-10-27 03:07:38 +01:00
Dominik Richter
59a8ca6639 construct profile in legacy structure 
This is a temporary commit to achieve compliance with other components. It will be overturned before the final release.
 2015-10-27 02:29:11 +01:00
Dominik Richter
5720aa3294 bugfix: detect filename+line for all example blocks 2015-10-27 02:29:11 +01:00
Dominik Richter
32e5e3ec29 move to symbols-based fields in profile params 2015-10-27 02:29:11 +01:00
Christoph Hartmann
cdb30c356f add apache base config 2015-10-27 02:20:29 +01:00
Dominik Richter
b280203d03 consistently set an empty logger in non-verbose mode 2015-10-26 18:27:46 +01:00
Dominik Richter
471a723b83 restore parse_passwd_line to be public, thanks @chris-rock 2015-10-26 17:16:05 +01:00
Dominik Richter
d5973d1189 bugfix: harmonize postgres session handling 2015-10-26 16:59:46 +01:00
Dominik Richter
e76b83a24e bugfix: mysql conf and session handling 2015-10-26 16:58:42 +01:00
Dominik Richter
5485111907 bugfix: support missing conf path for postgres_conf 2015-10-26 16:50:49 +01:00
Dominik Richter
414bf6b1fa bugfix: handle empty processes result 2015-10-26 16:49:26 +01:00
Dominik Richter
ec6d1e680a support postgres_session resource 2015-10-26 16:47:45 +01:00
Dominik Richter
ee0e9fc7c1 mock outer dsl attributes method 2015-10-26 16:44:20 +01:00
Dominik Richter
1613add894 bugfix: group policy needs a name for init 2015-10-26 16:40:21 +01:00
Dominik Richter
6dc0a3b638 rename inetd_config -> inetd_conf 
be consistent with the filename
 2015-10-26 16:21:51 +01:00
Dominik Richter
0ac3c412aa bugfix: support empty content in simpleconfig 2015-10-26 16:16:42 +01:00
Dominik Richter
03fe892899 bugfix: handle empty parseconfig options 2015-10-26 16:13:48 +01:00
Dominik Richter
69be6acae8 bugfix: fail on missing access to /etc/group 2015-10-26 16:11:28 +01:00
Dominik Richter
95242bf9c2 add content parser tests 2015-10-26 15:50:57 +01:00
Dominik Richter
9d1dcef469 bugfix: remove '/' prefix from folder 2015-10-26 13:06:44 +01:00
Dominik Richter
090281fb0b lint 2015-10-26 12:34:35 +01:00
Dominik Richter
b58a4b3f43 rename vulcanosec -> inspec 2015-10-26 12:34:15 +01:00
Christoph Hartmann
4bcfc76f27 simplify auditd name 2015-10-26 12:15:29 +01:00
Dominik Richter
05eb8df687 lint 2015-10-26 12:09:43 +01:00
Dominik Richter
76f7282e2c add yard header to profile#check 2015-10-26 12:07:03 +01:00
Dominik Richter
83082b2e7b feature: bring back profile check 2015-10-26 11:58:41 +01:00
Dominik Richter
b0bef37b06 support chef audit folder structure 2015-10-26 11:53:09 +01:00
Dominik Richter
9c1f258707 dont fail on missing rule body source 2015-10-26 11:46:43 +01:00
Dominik Richter
9703f3c747 bugfix: provide source code for rules in json 2015-10-26 11:46:43 +01:00