mirror of
https://github.com/inspec/inspec
synced 2024-11-10 23:24:18 +00:00
a6582bea9b
* Remove any "All Rights Reserved" references InSpec is licensed and released under the Apache 2.0 license. This change removes all reference to legacy code files that still had any Copyright or License lines referring to "All Rights Reserved". Signed-off-by: Adam Leff <adam@leff.co> * fix functional tests Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
116 lines
3.1 KiB
Ruby
116 lines
3.1 KiB
Ruby
# encoding: utf-8
|
|
# copyright: 2015, Vulcano Security GmbH
|
|
# author: Dominik Richter
|
|
# author: Christoph Hartmann
|
|
|
|
# Usage example:
|
|
#
|
|
# audit = command('/sbin/auditctl -l').stdout
|
|
# options = {
|
|
# assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
|
|
# multiple_values: true
|
|
# }
|
|
# describe parse_config(audit, options ) do
|
|
|
|
module Inspec::Resources
|
|
class PConfig < Inspec.resource(1)
|
|
name 'parse_config'
|
|
desc 'Use the parse_config InSpec audit resource to test arbitrary configuration files.'
|
|
example "
|
|
output = command('some-command').stdout
|
|
describe parse_config(output, { data_config_option: value } ) do
|
|
its('setting') { should eq 1 }
|
|
end
|
|
|
|
output2 = command('curl http://127.0.0.1/php_status').stdout
|
|
# php status is in format 'key : value', and we do not allow for multiple values
|
|
options2 = {
|
|
assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
|
|
multiple_values: false
|
|
}
|
|
|
|
describe parse_config(output2, options2) do
|
|
its('pool') { should eq 'www'}
|
|
its('process manager') { should eq process_manager }
|
|
end
|
|
|
|
# getting specific key from the output above, convert it to integer and then compare
|
|
# make sure 'listen queue' is below 100
|
|
describe parse_config(output2, options2 ).params['listen queue'].to_i do
|
|
it { should be < 100 }
|
|
end
|
|
"
|
|
|
|
attr_reader :content
|
|
def initialize(content = nil, useropts = nil)
|
|
@opts = {}
|
|
@opts = useropts.dup unless useropts.nil?
|
|
@files_contents = {}
|
|
|
|
@content = content
|
|
read_params unless @content.nil?
|
|
end
|
|
|
|
def method_missing(name)
|
|
read_params[name.to_s]
|
|
end
|
|
|
|
def params(*opts)
|
|
opts.inject(read_params) do |res, nxt|
|
|
res.respond_to?(:key) ? res[nxt] : nil
|
|
end
|
|
end
|
|
|
|
def to_s
|
|
"Parse Config #{@conf_path}"
|
|
end
|
|
|
|
private
|
|
|
|
def parse_file(conf_path)
|
|
@conf_path = conf_path
|
|
|
|
# read the file
|
|
if !inspec.file(conf_path).file?
|
|
return skip_resource "Can't find file \"#{conf_path}\""
|
|
end
|
|
@content = read_file(conf_path).to_s
|
|
if @content.empty? && !inspec.file(conf_path).empty?
|
|
return skip_resource "Can't read file \"#{conf_path}\""
|
|
end
|
|
|
|
read_params
|
|
end
|
|
|
|
def read_file(path)
|
|
@files_contents[path] ||= inspec.file(path).content
|
|
end
|
|
|
|
def read_params
|
|
@params ||= if content.nil?
|
|
{}
|
|
else
|
|
SimpleConfig.new(content, @opts).params
|
|
end
|
|
end
|
|
end
|
|
|
|
class PConfigFile < PConfig
|
|
name 'parse_config_file'
|
|
desc 'Use the parse_config_file InSpec audit resource to test arbitrary configuration files. It works identiacal to parse_config. Instead of using a command output, this resource works with files.'
|
|
example "
|
|
describe parse_config_file('/path/to/file') do
|
|
its('setting') { should eq 1 }
|
|
end
|
|
"
|
|
|
|
def initialize(path, opts = nil)
|
|
super(nil, opts)
|
|
parse_file(path)
|
|
end
|
|
|
|
def to_s
|
|
"Parse Config File #{@conf_path}"
|
|
end
|
|
end
|
|
end
|