mirror of
https://github.com/inspec/inspec
synced 2024-11-23 13:13:22 +00:00
e23249d635
* Add hotfix resource for Windows Signed-off-by: Matt Ray <matthewhray@gmail.com> * Renamed hotfix to windows_hotfix Added additional unit test checking for KB that is not present on a box Signed-off-by: Matt Ray <matthewhray@gmail.com> * Integration test to spot-check for hotfixes Queries the Windows operating system via Powershell for a list of all installed hotfixes and spot-checks every 10th one with the windows_hotfix resource. Checking hundreds is time-consuming. Also checks to ensure a non-installed hotfix is not present. Signed-off-by: Matt Ray <matthewhray@gmail.com>
35 lines
938 B
Ruby
35 lines
938 B
Ruby
# encoding: utf-8
|
|
# author: Matt Ray
|
|
|
|
module Inspec::Resources
|
|
class WindowsHotfix < Inspec.resource(1)
|
|
name 'windows_hotfix'
|
|
desc 'Use the windows_hotfix InSpec audit resource to test if the hotfix has been installed on the Windows system.'
|
|
example "
|
|
describe windows_hotfix('KB4012212') do
|
|
it { should be_installed }
|
|
end
|
|
"
|
|
|
|
attr_accessor :content
|
|
|
|
def initialize(hotfix_id = nil)
|
|
@id = hotfix_id.upcase
|
|
@content = nil
|
|
os = inspec.os
|
|
return skip_resource 'The `windows_hotfix` resource is not a feature of your OS.' unless os.windows?
|
|
query = "Get-WmiObject -class \"win32_quickfixengineering\" -filter \"HotFixID = '" + @id + "'\""
|
|
cmd = inspec.powershell(query)
|
|
@content = cmd.stdout
|
|
end
|
|
|
|
def to_s
|
|
"Windows Hotfix #{@id}"
|
|
end
|
|
|
|
def installed?
|
|
return false if @content.nil?
|
|
@content.include?(@id)
|
|
end
|
|
end
|
|
end
|