mirror of
https://github.com/inspec/inspec
synced 2024-11-15 01:17:08 +00:00
110 lines
3.2 KiB
Ruby
110 lines
3.2 KiB
Ruby
# encoding: utf-8
|
|
# copyright: 2015, Vulcano Security GmbH
|
|
# author: Dominik Richter
|
|
# author: Christoph Hartmann
|
|
# license: All rights reserved
|
|
|
|
module Inspec::Resources
|
|
class File < Inspec.resource(1)
|
|
name 'file'
|
|
|
|
attr_reader :path
|
|
def initialize(path)
|
|
@path = path
|
|
@file = inspec.backend.file(@path)
|
|
end
|
|
|
|
%w{
|
|
type exist? file? block_device? character_device? socket? directory?
|
|
symlink? pipe? mode mode? owner owned_by? group grouped_into? link_target
|
|
link_path linked_to? content mtime size selinux_label mounted? immutable?
|
|
product_version file_version version? md5sum sha256sum
|
|
}.each do |m|
|
|
define_method m.to_sym do |*args|
|
|
@file.method(m.to_sym).call(*args)
|
|
end
|
|
end
|
|
|
|
def contain(*_)
|
|
fail 'Contain is not supported. Please use standard RSpec matchers.'
|
|
end
|
|
|
|
def readable?(by_owner, by_user)
|
|
if inspec.os.unix?
|
|
by_owner, by_user = check_preconditions(by_owner, by_user)
|
|
|
|
if by_user.nil?
|
|
m = @file.unix_mode_mask(by_owner, 'r') ||
|
|
fail("#{by_owner} is not a valid unix owner.")
|
|
(@file.mode & m) != 0
|
|
else
|
|
check_user_access(by_user, @path, 'r')
|
|
end
|
|
else
|
|
fail "`file(#{@path}).executable?` is not suported on you OS: #{inspec.os['family']}"
|
|
end
|
|
end
|
|
|
|
def writable?(by_owner, by_user)
|
|
if inspec.os.unix?
|
|
by_owner, by_user = check_preconditions(by_owner, by_user)
|
|
|
|
if by_user.nil?
|
|
m = @file.unix_mode_mask(by_owner, 'w') ||
|
|
fail("#{by_owner} is not a valid unix owner.")
|
|
(@file.mode & m) != 0
|
|
else
|
|
check_user_access(by_user, @path, 'w')
|
|
end
|
|
else
|
|
fail "`file(#{@path}).executable?` is not suported on you OS: #{inspec.os['family']}"
|
|
end
|
|
end
|
|
|
|
def executable?(by_owner, by_user)
|
|
if inspec.os.unix?
|
|
by_owner, by_user = check_preconditions(by_owner, by_user)
|
|
|
|
if by_user.nil?
|
|
m = @file.unix_mode_mask(by_owner, 'x') ||
|
|
fail("#{by_owner} is not a valid unix owner.")
|
|
return (@file.mode & m) != 0
|
|
else
|
|
return check_user_access(by_user, @path, 'x')
|
|
end
|
|
else
|
|
fail "`file(#{@path}).executable?` is not suported on you OS: #{inspec.os['family']}"
|
|
end
|
|
end
|
|
|
|
def to_s
|
|
"File #{@path}"
|
|
end
|
|
|
|
private
|
|
|
|
def check_preconditions(by_owner, by_user)
|
|
by_owner = 'other' if by_owner == 'others'
|
|
by_owner = 'all' if (by_owner.nil? || by_owner.empty?) && (by_user.nil?)
|
|
[by_owner, by_user]
|
|
end
|
|
|
|
# check permissions on linux
|
|
def check_user_access(user, file, flag)
|
|
if inspec.os.linux? == true
|
|
# use sh on linux
|
|
perm_cmd = "su -s /bin/sh -c \"test -#{flag} #{file}\" #{user}"
|
|
elsif inspec.os[:family] == 'freebsd'
|
|
# use sudo on freebsd
|
|
perm_cmd = "sudo -u #{user} test -#{flag} #{file}"
|
|
end
|
|
|
|
if !perm_cmd.nil?
|
|
cmd = inspec.command(perm_cmd)
|
|
cmd.exit_status == 0 ? true : false
|
|
else
|
|
return skip_resource 'The `file` resource does not support `by_user` on your OS.'
|
|
end
|
|
end
|
|
end
|
|
end
|