Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-24 05:33:17 +00:00
Code Issues Projects Releases Packages Wiki Activity
5730 commits 453 branches 1898 tags 74 MiB
Commit graph

312 commits

Author SHA1 Message Date
Steven Danna
3a6e610de9 Allow functional tests to pass on OSX 
A few minor issues were causing 3 functional test failures on OS X.
These were not program errors but where rather the result of the
profiles under test assuming a linux environment.

Since many of the developers who will work on this project in the future
will be running OS X, let's ensure they can run the functional tests
easily.

Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-26 15:25:59 +02:00
Christoph Hartmann
64a5a4d082 switch from os-hardening to ssh-hardening profile 2016-08-25 14:42:55 +02:00
Steven Danna
6034ece853 Initial control isolation support 
The goal of this change is to provide an isolated view of the available
profiles when the user calls the include_controls or require_controls
APIs.  Namely,

- A profile should only be able to reference profiles that are part of
  its transitive dependency tree. That is, if the dependency tree for a
  profile looks like the following:

  A
  |- B --> C
  |
  |- D --> E

  Then profile B should only be able to see profile C and fail if it
  tries to reference A, D, or E.

- The same profile should be include-able at different versions from
  different parts of the tree without conflict.  That is, if the
  dependency tree for a profile looks like the following:

  A
  |- B --> C@1.0
  |
  |- D --> C@2.0

  Then profile B should see the 1.0 version of C and profile D should
  see the 2.0 profile C with respect to the included controls.

To achieve these goals we:

- Ensure that we construct ProfileContext objects with respect to the
  correct dependencies in Inspec::DSL.

- Provide a method of accessing all transitively defined rules on a
  ProfileContext without pushing all of the rules onto the same global
  namespace.

This does not yet handle attributes or libraries.
 2016-08-25 14:42:55 +02:00
Christoph Hartmann
956d3b7292 add unit test for new package resource 2016-08-24 14:40:26 +02:00
Christoph Hartmann
95029203cd unique controls for dependency tests 2016-08-19 09:47:41 +02:00
Steven Danna
d779dd53ae Move all dependency related classes into inspec/dependencies 
Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-19 09:47:40 +02:00
Steven Danna
2041a08aa2 Fetch deps based on urls 
This extends the dependency feature to include support for url-based
dependencies.  It takes some deviations from the current support for
URLs that we'll likely want to make more consistent.

By default, we store downloaded archives in the cache rather than the
unpacked archive. However, to facilitate debugging, we will prefer the
unpacked archive if we find it in the cache.

Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-19 09:47:40 +02:00
Steven Danna
34ae3122e9 Fix recursive deps for path-based deps 
Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-18 16:02:16 +02:00
Victoria Jeffrey
cf771ab967 ssh_config parse should be case insensitive 2016-08-16 10:01:10 +02:00
Alex Pop
353dcf10ec make netstat default for getting ports and get only listening ones 2016-08-12 16:02:56 +01:00
Christoph Hartmann
d9a1a500d0 add params and content method to parse_config 2016-08-05 12:13:56 +02:00
Dominik Richter
c2f34932ad add port resource for windows 2008 
using `netstat -an`
 2016-07-21 14:58:43 +02:00
Dominik Richter
c6644ebdfe check service running by ActiveState 
See http://unix.stackexchange.com/questions/159174/differences-between-inactive-vs-disabled-and-active-vs-enabled-services
 2016-07-06 12:57:04 +02:00
Christoph Hartmann
9bdb01f1d5 improve wmi resource 2016-06-19 23:40:45 +02:00
Dominik Richter
f93084520f introduce cli report formatter 2016-06-15 17:11:29 +02:00
Dominik Richter
2db8d83d56 support intra-libraries file referencing + loading 
solves https://github.com/chef/inspec/issues/779
 2016-06-03 22:54:35 +02:00
Victoria Jeffrey
1811eb6666 Expose label for processes only on linux 2016-05-10 13:59:13 -04:00
Alex Pop
f78afe0d75 Use only strings in resource examples, docs and tests 2016-05-03 23:27:18 +01:00
Anirudh Gupta
738ef69bcf prefixed hpux to cmd file name 2016-05-03 21:38:39 +05:30
Anirudh Gupta
d839f218bf hpux support for basic port properties 2016-05-03 14:30:59 +05:30
Anirudh Gupta
75534fdaa5 added hpux user and package resource support 2016-04-21 14:01:56 +05:30
Thomas Cate
3051ead64d added tests for grub_conf resource 2016-04-17 10:46:29 -04:00
Dominik Richter
14995534cd skip profiles if the platform isnt supported 2016-04-16 15:34:23 -04:00
Jacob McCann
9dbf5354e5 Add 'static' value as enabled to systemd service enabled check 2016-04-13 14:44:28 -05:00
Dominik Richter
fb54c4ea24 api: inspec.yml supports now adds tests w/o running 
Instead of just removing all tests because of OS support, supports now acts by adding all tests to the execution context, but doesnt actually execute them. Instead tests are set to skip before they get to the actual execution context
 2016-04-06 11:28:52 +02:00
Christoph Hartmann
cd57b26bd0 wmi unit test 2016-03-20 11:53:56 +01:00
Dominik Richter
e617f74bcd filter xinetd fields by regex 2016-02-26 14:46:51 +01:00
Dominik Richter
4a39275fc0 add xinetd_conf resource 2016-02-26 13:19:16 +01:00
Dominik Richter
f023d02bbb add inspec source reader 2016-02-22 11:24:35 +01:00
Dominik Richter
1e096c7181 add shadow resource for /etc/shadow 2016-02-19 14:26:04 +01:00
Dominik Richter
83fcc35d2a expose all fields + deprecate singular accessors 2016-02-18 16:10:42 +01:00
Stephan Renatus
e184347c6d iptables unit test: add comment examples 
this is not broken; but it should stay not broken ;)
 2016-02-10 09:57:32 +01:00
Stephan Renatus
cd5f47ed33 auditd_rules: unit tests, meet the real world 2016-02-09 11:51:52 +01:00
Stephan Renatus
664561aa80 auditd_rules: status querying (old/new) and unit tests 
TODO: unit tests for the legacy format
 2016-02-09 11:51:52 +01:00
Stephan Renatus
4afb22565e auditd_rules: teach old dog new tricks 2016-02-09 11:51:52 +01:00
Stephan Renatus
688709356c upstart_service: add version mock for ubuntu 2016-02-05 13:49:18 +01:00
Christoph Hartmann
62844eee0c add unit tests 2016-01-28 18:30:38 +01:00
Dominik Richter
cac102aeac add profile tests (non-legacy) 2016-01-20 21:57:23 +01:00
Dominik Richter
611487e956 clearly identify legacy profile tests and fix identification 2016-01-19 15:48:06 +01:00
Dominik Richter
8c464965c1 extract example group creation 
and restore profile tests that had been completely mocked until now
 2016-01-19 15:48:06 +01:00
Dominik Richter
acbc345321 make metadata.rb legacy mode consistent for supports 
Before introducing InSpec profiles in https://github.com/chef/inspec/pull/252 we had `metadata.rb` keep all information. This included an undisclosed field called `supports`. However, this field was never actually used in practice. So for legacy profiles, this means that `supports` was ignored. In order to keep old profiles running in exactly the way they were before, ignore this field when reading from metadata.rb
 2016-01-15 18:58:18 +01:00
Jeremy W. Chalfant
a2ea1da6e3 move all lsof to formmated output (-F) 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
b363e1d147 formatted lsof mockup 2016-01-14 23:03:24 -05:00
Mark Harrison
f5780b69a4 Correctly detect UDP ports on linux 
netstat on UDP lines doesn't display a port state (e.g. LISTEN), so make this
field optional when parsing the netstat line.
 2016-01-14 22:53:38 -05:00
Jacob McCann
f25ab3a373 Fix systemd service enabled check 2016-01-11 15:32:33 -06:00
Stephan Renatus
a26dbe146d fix reading profiles bug 
For reading the profiles metadata, we're using the train mock backend
through Inspec::Runner. The new `supports` feature never agrees with the
mock backend.

Now, it we figure out if this is a mock class and then just say that it
supports whatever we're asking for.

Tl;dr: there's probably a more beautiful solution to this.

Added a test case, but it fails -- while the command line interface
works fine.
 2016-01-07 15:16:49 -08:00
Christoph Hartmann
a72ba94f10 handle mount results with multiple entries 2016-01-03 00:03:24 +01:00
Christoph Hartmann
a5acb03e49 add mount resource 2016-01-03 00:03:24 +01:00
Dominik Richter
b2e0fac625 change check errors on summary+title to warnings 2015-12-23 09:18:59 +01:00
Stephan Renatus
7a1cd660c3 [resources/processes] add users, states attribute; update docs 
processes('bash').user does not actually make much sense for a resource
that is a list -- different entries can belong to different users.
Analogous for processes('bash').state.

The attributes 'users' and 'states' expose the unique values
corresponding to that property of entries in the process list.

Fixes #295.
 2015-12-08 13:06:27 +01:00
Stephan Renatus
79f48afa6c [resources/apache_conf]: add tests, fix bug 
before, the resource would throw an exception when include_files
returned nil (i.e., [].flatten!)

added basic unit tests capturing the include_files behaviour
 2015-12-07 10:50:48 +01:00
Christoph Hartmann
9231833cad add unit tests for user resource that cover ldap groups 2015-11-24 18:35:10 +01:00
Christoph Hartmann
0531976a40 implement unit tests for ini resource 2015-11-24 16:46:17 +01:00
Seth Chisamore
beade346bf Add Windows support to the os_env resource 
This change allows checks like:

```
describe os_env('PATH') do
  its('split') { should include('C:\wix') }
end
```
 2015-11-19 15:41:00 +01:00
Christoph Hartmann
27de925c2b update mock command for registry key 2015-11-17 22:28:11 +01:00
Dominik Richter
17ce88b63d api: don't force root on os_env 2015-11-13 12:10:22 +01:00
Dominik Richter
e0874b47b1 extend yaml tests, remove dot-resolver 2015-10-27 15:58:02 +01:00
Dominik Richter
a55e240a0f extend json tests, remove dot-resolver 2015-10-27 15:58:02 +01:00
Dominik Richter
7779cdb469 add simple tests for profile 2015-10-27 02:29:11 +01:00
Christoph Hartmann
128eb4a7f6 add tests for iptables 2015-10-12 10:34:24 +02:00
Christoph Hartmann
9774ec7984 add test coverage for apt 2015-10-10 23:28:03 +02:00
Christoph Hartmann
2176039120 add linux tests for host 2015-10-09 19:27:29 +02:00
Christoph Hartmann
5a70133330 add mock files for host windows tests 2015-10-09 19:27:07 +02:00
Christoph Hartmann
3126a46b1e add bridge unit tests for windows 2015-10-09 15:26:59 +02:00
Christoph Hartmann
b2ed180885 add bridge test for linux 2015-10-09 15:07:58 +02:00
Christoph Hartmann
9d92abf524 add windows support to network adapter 2015-10-08 13:01:50 +02:00
Christoph Hartmann
153c670952 introduce better network interface abstraction, add test cases 2015-10-08 13:01:50 +02:00
Christoph Hartmann
9c893c5653 add mock result for GetWin32 Group 2015-10-07 18:45:08 +02:00
Christoph Hartmann
028e7f977e filter comments in /etc/group 2015-10-07 18:45:07 +02:00
Christoph Hartmann
df9411e529 rename test from etcgroup 2015-10-07 18:45:07 +02:00
Christoph Hartmann
6b2064ad89 return password expiry information for linux 2015-10-05 11:50:49 +02:00
Christoph Hartmann
cab93a178a add tests for user resource 2015-10-05 11:50:49 +02:00
Christoph Hartmann
e139070923 increase test coverage for oneget 2015-10-03 13:27:20 +02:00
Christoph Hartmann
007d292890 rewrite systemv service implementation, read enabled services from rc 2015-09-25 12:58:03 +02:00
Christoph Hartmann
5be574693f add unit tests for freebsd service resource 2015-09-25 12:53:40 +02:00
Christoph Hartmann
d5d517af0a improve service handling for mac and add unit tests 2015-09-25 12:51:12 +02:00
Christoph Hartmann
cb3d170ce6 add centos 7 unit mock for service resource 2015-09-25 12:48:21 +02:00
Christoph Hartmann
1936383120 add service unit tests for ubuntu 14.04 2015-09-25 11:52:33 +02:00
Christoph Hartmann
3807a7412c add package unit test for windows 2015-09-23 23:30:31 +02:00
Christoph Hartmann
52e4459d61 rename pacman mock file 2015-09-23 23:30:31 +02:00
Christoph Hartmann
cd6dbd03a1 add sockstat mock result 2015-09-23 23:15:37 +02:00
Christoph Hartmann
b47ec509fd port resource support for Windows 2015-09-23 23:08:19 +02:00
Christoph Hartmann
4eeb84945c port resource support for MacOS 2015-09-23 23:07:07 +02:00
Christoph Hartmann
c187230336 implement port resource for linux 2015-09-23 18:12:51 +02:00
Christoph Hartmann
693d9cd0cf add example.csv for unit test 2015-09-22 02:27:04 +02:00
Christoph Hartmann
b9d4fc6d8c add yaml resource 2015-09-22 02:27:04 +02:00
Christoph Hartmann
0e43d4ca6a add json resource 2015-09-22 02:27:04 +02:00
Christoph Hartmann
8fc108bcd7 add tests 2015-09-22 02:27:04 +02:00
Christoph Hartmann
baee8daae8 add unit tests for windows feature 2015-09-22 02:27:03 +02:00
Christoph Hartmann
9a6063c267 add resource test for windows 2015-09-22 02:26:59 +02:00
Christoph Hartmann
33f9dd8e87 add oneget resource 2015-09-22 02:17:21 +02:00
Dominik Richter
ddbaebae46 add mysql unit tests 
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
 2015-09-22 02:15:42 +02:00
Christoph Hartmann
238f1b2016 add pip resource to verify gem packages 2015-09-22 02:15:41 +02:00
Christoph Hartmann
bdb859b730 add npm resource to verify gem packages 2015-09-22 02:15:41 +02:00
Christoph Hartmann
0171b2e2f2 add gem resource to verify gem packages 2015-09-22 02:15:41 +02:00
Christoph Hartmann
02afd48576 add mock resources for package resource 2015-09-22 02:15:41 +02:00
Christoph Hartmann
a7efec310b implement yum resource 2015-09-22 01:10:56 +02:00
Christoph Hartmann
9554a4ac32 add audit_daemon resource test cases 2015-09-21 14:12:11 +02:00
Christoph Hartmann
90935e75e1 add unit test for audit_policy resource 2015-09-21 14:09:16 +02:00
Christoph Hartmann
888f8588fb add unit test for registry_key resource 2015-09-21 14:08:27 +02:00
Christoph Hartmann
ca2e0ed6cb add unit tests for etc_group resource 2015-09-21 14:07:32 +02:00
Christoph Hartmann
fb3b4b1369 add unit test for inetd_conf 2015-09-21 14:05:42 +02:00
Christoph Hartmann
158e4ac1ab add unit test for limits.conf 2015-09-21 14:03:24 +02:00
Christoph Hartmann
797d24c14a add login_def resource unit test 2015-09-21 14:01:51 +02:00
Christoph Hartmann
faf7f44a42 add os_env unit test 2015-09-21 13:58:22 +02:00
Christoph Hartmann
0adf3314af add ntp unit test 2015-09-21 13:57:42 +02:00
Christoph Hartmann
413267c322 add passwd unit test 2015-09-21 13:55:51 +02:00
Christoph Hartmann
1b643ae1da implement security policy resource tests 2015-09-21 13:51:43 +02:00
Christoph Hartmann
08ad9704a7 move mock files to new sub-directory 2015-09-21 13:43:09 +02:00
Christoph Hartmann
03a7dd7176 implement unit test for processes resource 2015-09-21 13:43:09 +02:00
Christoph Hartmann
ae514959d2 add ssh unit tests 2015-09-21 13:38:54 +02:00
Christoph Hartmann
cf77e56118 add unit test for bond resource 2015-09-03 17:34:11 +02:00