mirror of
https://github.com/inspec/inspec
synced 2024-11-30 00:20:28 +00:00
d5dbae2efd
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
124 lines
2.8 KiB
Ruby
124 lines
2.8 KiB
Ruby
# encoding: utf-8
|
|
# frozen_string_literal: true
|
|
# check for web applications in IIS
|
|
# Note: this is only supported in windows 2012 and later
|
|
|
|
class IisAppPool < Inspec.resource(1)
|
|
name 'iis_app_pool'
|
|
desc 'Tests IIS application pool configuration on windows.'
|
|
supports platform: 'windows'
|
|
example <<~EOH
|
|
describe iis_app_pool('DefaultAppPool') do
|
|
it { should exist }
|
|
its('enable32bit') { should cmp 'True' }
|
|
its('runtime_version') { should eq 'v4.0' }
|
|
its('pipeline_mode') { should eq 'Integrated' }
|
|
end
|
|
EOH
|
|
|
|
def initialize(pool_name)
|
|
@pool_name = pool_name
|
|
@pool_path = "IIS:\\AppPools\\#{@pool_name}"
|
|
@cache = nil
|
|
|
|
# verify that this resource is only supported on Windows
|
|
return skip_resource 'The `iis_app_pool` resource is not supported on your OS.' unless inspec.os.windows?
|
|
end
|
|
|
|
def pool_name
|
|
iis_app_pool[:pool_name]
|
|
end
|
|
|
|
def runtime_version
|
|
iis_app_pool[:version]
|
|
end
|
|
|
|
def enable32bit
|
|
iis_app_pool[:e32b]
|
|
end
|
|
|
|
def pipeline_mode
|
|
iis_app_pool[:mode]
|
|
end
|
|
|
|
def max_processes
|
|
iis_app_pool[:processes]
|
|
end
|
|
|
|
def timeout
|
|
iis_app_pool[:timeout]
|
|
end
|
|
|
|
def timeout_days
|
|
iis_app_pool[:timeout_days]
|
|
end
|
|
|
|
def timeout_hours
|
|
iis_app_pool[:timeout_hours]
|
|
end
|
|
|
|
def timeout_minutes
|
|
iis_app_pool[:timeout_minutes]
|
|
end
|
|
|
|
def timeout_seconds
|
|
iis_app_pool[:timeout_seconds]
|
|
end
|
|
|
|
def user_identity_type
|
|
iis_app_pool[:user_identity_type]
|
|
end
|
|
|
|
def username
|
|
iis_app_pool[:username]
|
|
end
|
|
|
|
def exists?
|
|
!iis_app_pool[:pool_name].empty?
|
|
end
|
|
|
|
def to_s
|
|
"IIS App Pool '#{@pool_name}'"
|
|
end
|
|
|
|
private
|
|
|
|
def iis_app_pool
|
|
return @cache unless @cache.nil?
|
|
|
|
script = <<~EOH
|
|
Import-Module WebAdministration
|
|
If (Test-Path '#{@pool_path}') {
|
|
Get-Item '#{@pool_path}' | Select-Object * | ConvertTo-Json
|
|
} Else {
|
|
Write-Host '{}'
|
|
}
|
|
EOH
|
|
cmd = inspec.powershell(script)
|
|
|
|
begin
|
|
pool = JSON.parse(cmd.stdout)
|
|
rescue JSON::ParserError => _e
|
|
raise Inspec::Exceptions::ResourceFailed, 'Unable to parse app pool JSON'
|
|
end
|
|
|
|
process_model = pool.fetch('processModel', {})
|
|
idle_timeout = process_model.fetch('idleTimeout', {})
|
|
|
|
# map our values to a hash table
|
|
@cache = {
|
|
pool_name: pool['name'],
|
|
version: pool['managedRuntimeVersion'],
|
|
e32b: pool['enable32BitAppOnWin64'],
|
|
mode: pool['managedPipelineMode'],
|
|
processes: process_model['maxProcesses'],
|
|
timeout: "#{idle_timeout['Hours']}:#{idle_timeout['Minutes']}:#{idle_timeout['Seconds']}",
|
|
timeout_days: idle_timeout['Days'],
|
|
timeout_hours: idle_timeout['Hours'],
|
|
timeout_minutes: idle_timeout['Minutes'],
|
|
timeout_seconds: idle_timeout['Seconds'],
|
|
user_identity_type: process_model['identityType'],
|
|
username: process_model['userName'],
|
|
}
|
|
end
|
|
end
|