mirror of
https://github.com/inspec/inspec
synced 2024-11-26 22:50:36 +00:00
c7e87ca3e3
* Create file-check functionality into utility file There are the similar issues as PR #2302. Almost resources return false positives when a file does not exist or is not read. * Replace to file-check functionality * Fix dh_params and x509_certificate resources If a file is empty, OpenSSL::PKey::DH and OpenSSL::X509::Certificate have raised an exception and have skipped the inspection. Thus x509_certificate and dh_params resources are not allowed to read a empty file. * to_s of shadow expects filters is not nil * Remove workaround of sshd_config Removes the workaround of sshd_config since Travis CI fails due to a bug of dev-sec/ssh-baseline and the PR #100 will fix it. * Use init block variable in methods Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
79 lines
1.9 KiB
Ruby
79 lines
1.9 KiB
Ruby
# encoding: utf-8
|
|
|
|
require 'utils/file_reader'
|
|
require 'resources/postgres'
|
|
|
|
module Inspec::Resources
|
|
class PostgresIdentConf < Inspec.resource(1)
|
|
name 'postgres_ident_conf'
|
|
supports platform: 'unix'
|
|
desc 'Use the postgres_ident_conf InSpec audit resource to test the client
|
|
authentication data is controlled by a pg_ident.conf file.'
|
|
example "
|
|
describe postgres_ident_conf.where { pg_username == 'acme_user' } do
|
|
its('map_name') { should eq ['ssl-test'] }
|
|
end
|
|
"
|
|
|
|
include FileReader
|
|
|
|
attr_reader :params, :conf_file
|
|
|
|
def initialize(ident_conf_path = nil)
|
|
@conf_file = ident_conf_path || File.expand_path('pg_ident.conf', inspec.postgres.conf_dir)
|
|
@content = nil
|
|
@params = nil
|
|
read_content
|
|
end
|
|
|
|
filter = FilterTable.create
|
|
filter.add_accessor(:where)
|
|
.add_accessor(:entries)
|
|
.add(:map_name, field: 'map_name')
|
|
.add(:system_username, field: 'system_username')
|
|
.add(:pg_username, field: 'pg_username')
|
|
|
|
filter.connect(self, :params)
|
|
|
|
def to_s
|
|
"PostgreSQL Ident Config #{@conf_file}"
|
|
end
|
|
|
|
private
|
|
|
|
def filter_comments(data)
|
|
content = []
|
|
data.each do |line|
|
|
line.chomp!
|
|
content << line unless line.match(/^\s*#/) || line.empty?
|
|
end
|
|
content
|
|
end
|
|
|
|
def read_content
|
|
@content = ''
|
|
@params = {}
|
|
@content = filter_comments(read_file(@conf_file))
|
|
@params = parse_conf(@content)
|
|
end
|
|
|
|
def parse_conf(content)
|
|
content.map do |line|
|
|
parse_line(line)
|
|
end.compact
|
|
end
|
|
|
|
def parse_line(line)
|
|
x = line.split(/\s+/)
|
|
{
|
|
'map_name' => x[0],
|
|
'system_username' => x[1],
|
|
'pg_username' => x[2],
|
|
}
|
|
end
|
|
|
|
def read_file(conf_file = @conf_file)
|
|
read_file_content(conf_file, allow_empty: true).lines
|
|
end
|
|
end
|
|
end
|