mirror of
https://github.com/inspec/inspec
synced 2024-11-24 05:33:17 +00:00
8f0756812c
This adds supports for connecting to MS SQL instances using Window authentication rather than SQL authentication. By leaving either the user or password parameters blank causes the sqlcmd to leave off the -U and -P params. This will cause sqlcmd to authenticate as the current Windows user. Signed-off-by: Nolan Davidson <ndavidson@chef.io>
54 lines
1.6 KiB
Ruby
54 lines
1.6 KiB
Ruby
# encoding: utf-8
|
|
# author: Christoph Hartmann
|
|
# author: Dominik Richter
|
|
|
|
module Inspec::Resources
|
|
class MssqlSession < Inspec.resource(1)
|
|
name 'mssql_session'
|
|
desc 'Use the mssql_session InSpec audit resource to test SQL commands run against a MS Sql Server database.'
|
|
example "
|
|
# Using SQL authentication
|
|
sql = mssql_session(user: 'myuser', pass: 'mypassword')
|
|
describe sql.query('select * from sys.databases where name like \'*test*\') do
|
|
its('stdout') { should_not match(/test/) }
|
|
end
|
|
|
|
# Passing no credentials to mssql_session forces it to use Windows authentication
|
|
sql_windows_auth = mssql_session
|
|
describe sql_window_auth.query('select * from sys.databases where name like \'*test*\') do
|
|
its('stdout') { should_not match(/test/) }
|
|
end
|
|
"
|
|
|
|
attr_reader :user, :pass, :host
|
|
|
|
def initialize(opts = {})
|
|
@user = opts[:user]
|
|
@pass = opts[:pass]
|
|
@host = opts[:host] || 'localhost'
|
|
@instance = opts[:instance]
|
|
end
|
|
|
|
def query(q)
|
|
escaped_query = q.gsub(/\\/, '\\\\').gsub(/"/, '\\"').gsub(/\$/, '\\$').gsub(/\@/, '`@')
|
|
cmd_string = "sqlcmd -Q \"#{escaped_query}\""
|
|
cmd_string += " -U #{@user} -P #{@pass}" unless @user.nil? or @pass.nil?
|
|
if @instance.nil?
|
|
cmd_string += " -S #{@host}"
|
|
else
|
|
cmd_string += " -S #{@host}\\#{@instance}"
|
|
end
|
|
puts cmd_string
|
|
cmd = inspec.command(cmd_string)
|
|
out = cmd.stdout + "\n" + cmd.stderr
|
|
if out =~ /Sqlcmd: Error/
|
|
skip_resource("Can't connect to the MS SQL Server.")
|
|
end
|
|
cmd
|
|
end
|
|
|
|
def to_s
|
|
'MSSQL session'
|
|
end
|
|
end
|
|
end
|