mirror of
https://github.com/inspec/inspec
synced 2024-11-22 12:43:07 +00:00
b5fcc141d2
* Failing test for export - should not evaluate Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Sketch out a info_from_parse method Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Temporary commit to checkpoint experimental work Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Basic control ids extraction Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Modify to capture entire block Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Ability to parse desc, impact and title of a control (#6662) Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Rework per-control metadata collectors to be class-based Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * REFACTOR: make a common base class for collectors Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * memoise `info_from_parse` Signed-off-by: Sathish <sbabu@progress.com> * Add --legacy-export option to inspec export (#6661) * support legacy export option Signed-off-by: Sathish <sbabu@progress.com> * ability to run legacy export option Signed-off-by: Sathish <sbabu@progress.com> --------- Signed-off-by: Sathish <sbabu@progress.com> * Improve ControlIDCollector and other fields of export data (#6686) * Parse tags & refs from the ast nodes Signed-off-by: Sonu Saha <sonu.saha@progress.com> * ENHANCE: Improve Desc collector to collect description Signed-off-by: Sonu Saha <sonu.saha@progress.com> * ENHANCE: Only loop through the child node of begin block Signed-off-by: Sonu Saha <sonu.saha@progress.com> * FIX: Fix bug/todo to handle duplicacy of control ids Signed-off-by: Sonu Saha <sonu.saha@progress.com> * TEST - a profile which fails to properly be exported but is likely to be used by MITRE Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Revert "FIX: Fix bug/todo to handle duplicacy of control ids" This reverts commit46d66e0026. * Revert "ENHANCE: Only loop through the child node of begin block" This reverts commit47c92d8746. * ADD: Add code key in control data Signed-off-by: Sonu Saha <sonu.saha@progress.com> * ADD: Add source_location key in controls data Signed-off-by: Sonu Saha <sonu.saha@progress.com> * HACK: Update the location ref for the controls Signed-off-by: Sonu Saha <sonu.saha@progress.com> * FIX: Update variable name as latest changes Signed-off-by: Sonu Saha <sonu.saha@progress.com> * FIX: Fix source location ref for all controls in a file Signed-off-by: Sonu Saha <sonu.saha@progress.com> * FIX: Improve tagcollector to handle other data types Signed-off-by: Sonu Saha <sonu.saha@progress.com> * FIX: Improve tagcollector to handle different types of tags Signed-off-by: Sonu Saha <sonu.saha@progress.com> * ENHANCE & TEST: Improve tag collector to collector different tag styles and add test for it Signed-off-by: Sonu Saha <sonu.saha@progress.com> * update groups Signed-off-by: Sathish <sbabu@progress.com> * Add yml data to export info_from_parse Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Add inputs to export data info_from_parse Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Add status and status_messages Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Initialize all control fields Signed-off-by: Sonu Saha <sonu.saha@progress.com> * WIP: Filter controls using --controls Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Add inputs collector class - rules remaining Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Parse inputs from dsl - 1 Signed-off-by: Sonu Saha <sonu.saha@progress.com> * TEST: Uncomment tests to verify export Signed-off-by: Sonu Saha <sonu.saha@progress.com> * TEST: Include test for different desc Signed-off-by: Sonu Saha <sonu.saha@progress.com> * TEST: Include test for different title Signed-off-by: Sonu Saha <sonu.saha@progress.com> * TEST: Include test for different ref Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Default impact to 0.5 and add test Signed-off-by: Sonu Saha <sonu.saha@progress.com> * FIX: Avoid duplicate inputs Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Add test for inputs Signed-off-by: Sonu Saha <sonu.saha@progress.com> * REFACTOR: Minor refactoring of tests Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Uncomment test for refs Signed-off-by: Sonu Saha <sonu.saha@progress.com> --------- Signed-off-by: Sonu Saha <sonu.saha@progress.com> Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> Signed-off-by: Sathish <sbabu@progress.com> Co-authored-by: Clinton Wolfe <clintoncwolfe@gmail.com> Co-authored-by: Sathish <sbabu@progress.com> * Update option to match inspec's coding standard Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Handle inputs within control block Signed-off-by: Sonu Saha <sonu.saha@progress.com> * TEST & ENHANCE: Enhance parser and add more tests Signed-off-by: Sonu Saha <sonu.saha@progress.com> * FIX: Fix broken test for profile_test Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Update groups after filtering control Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Add --legacy-export support to inspec json Signed-off-by: Sonu Saha <sonu.saha@progress.com> * TEST: Fix broken test & fix group filters Signed-off-by: Sonu Saha <sonu.saha@progress.com> * DOCS: Manually update cli.md to include export cmd Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Add tag filtering support to export Signed-off-by: Sonu Saha <sonu.saha@progress.com> * TEST: Add test for tag and control based filtering Signed-off-by: Sonu Saha <sonu.saha@progress.com> * LINT: Fix lint offense Signed-off-by: Sonu Saha <sonu.saha@progress.com> * CHORE: Remove addressed todo and update comments Signed-off-by: Sonu Saha <sonu.saha@progress.com> * CHEF-6493: Support `--legacy-export` option in `inspec archive` (#6829) * Introduce --legacy-export flag to archive command Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Add more test to verify --legacy-export with archive Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Update logic to fetch info based on --legacy-export flag Signed-off-by: Sonu Saha <sonu.saha@progress.com> --------- Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Enhance InputCollector to match pattern instead of to indexing children type to avoid nil errors Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Improve RefCollector to handle ref ({:ref=>'Some ref', :url=>'https://'\}\) syntax Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Improve RefCollector and TagCollector to handle variables values from inputs/attributes Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Run inspec check using output info_from_parse (#6673) * Add test fixture profile that emits evaluation markers on stderr Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Failing test for export - should not evaluate Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Sketch out a info_from_parse method Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Temporary commit to checkpoint experimental work Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Basic control ids extraction Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Modify to capture entire block Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Ability to parse desc, impact and title of a control (#6662) Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Rework per-control metadata collectors to be class-based Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * REFACTOR: make a common base class for collectors Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * memoise `info_from_parse` Signed-off-by: Sathish <sbabu@progress.com> * Add --legacy-export option to inspec export (#6661) * support legacy export option Signed-off-by: Sathish <sbabu@progress.com> * ability to run legacy export option Signed-off-by: Sathish <sbabu@progress.com> --------- Signed-off-by: Sathish <sbabu@progress.com> * Parse tags & refs from the ast nodes Signed-off-by: Sonu Saha <sonu.saha@progress.com> * ENHANCE: Improve Desc collector to collect description Signed-off-by: Sonu Saha <sonu.saha@progress.com> * ENHANCE: Only loop through the child node of begin block Signed-off-by: Sonu Saha <sonu.saha@progress.com> * FIX: Fix bug/todo to handle duplicacy of control ids Signed-off-by: Sonu Saha <sonu.saha@progress.com> * TEST - a profile which fails to properly be exported but is likely to be used by MITRE Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Revert "FIX: Fix bug/todo to handle duplicacy of control ids" This reverts commit46d66e0026. * Revert "ENHANCE: Only loop through the child node of begin block" This reverts commit47c92d8746. * ADD: Add code key in control data Signed-off-by: Sonu Saha <sonu.saha@progress.com> * ADD: Add source_location key in controls data Signed-off-by: Sonu Saha <sonu.saha@progress.com> * HACK: Update the location ref for the controls Signed-off-by: Sonu Saha <sonu.saha@progress.com> * FIX: Update variable name as latest changes Signed-off-by: Sonu Saha <sonu.saha@progress.com> * FIX: Fix source location ref for all controls in a file Signed-off-by: Sonu Saha <sonu.saha@progress.com> * FIX: Improve tagcollector to handle other data types Signed-off-by: Sonu Saha <sonu.saha@progress.com> * FIX: Improve tagcollector to handle different types of tags Signed-off-by: Sonu Saha <sonu.saha@progress.com> * ENHANCE & TEST: Improve tag collector to collector different tag styles and add test for it Signed-off-by: Sonu Saha <sonu.saha@progress.com> * update groups Signed-off-by: Sathish <sbabu@progress.com> * Add yml data to export info_from_parse Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Add inputs to export data info_from_parse Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Add status and status_messages Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Initialize all control fields Signed-off-by: Sonu Saha <sonu.saha@progress.com> * make description `default` as a symbol Signed-off-by: Sathish Babu <sbabu@progress.com> * define `checks` as Set Signed-off-by: Sathish Babu <sbabu@progress.com> * Collect tests as part of collector and store it in `checks` Signed-off-by: Sathish Babu <sbabu@progress.com> * refactor to read `ID` from controls which is an Array now unlike an Hash in `params.controls` Signed-off-by: Sathish Babu <sbabu@progress.com> * read yaml params from metadata Signed-off-by: Sathish Babu <sbabu@progress.com> * use to Array to simply DS as the o/p ie being converted to JSON Signed-off-by: Sathish Babu <sbabu@progress.com> * move old check as legacy check Signed-off-by: Sathish Babu <sbabu@progress.com> * support `legacy_check` as an option to run checks in legacy mode Signed-off-by: Sathish Babu <sbabu@progress.com> * fix tests to support `legacy_checks` Signed-off-by: Sathish Babu <sbabu@progress.com> * update document for check Signed-off-by: Sathish Babu <sbabu@progress.com> * Update usage doc for --legaccy-check Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> --------- Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> Signed-off-by: Sonu Saha <sonu.saha@progress.com> Signed-off-by: Sathish <sbabu@progress.com> Signed-off-by: Sathish Babu <sbabu@progress.com> Co-authored-by: Clinton Wolfe <clintoncwolfe@gmail.com> Co-authored-by: Sonu Saha <98935583+ahasunos@users.noreply.github.com> Co-authored-by: Sonu Saha <sonu.saha@progress.com> * LINT: Fix lint offense Signed-off-by: Sonu Saha <sonu.saha@progress.com> * do not include tests to controls by default Signed-off-by: Sathish Babu <sbabu@progress.com> * generate info with tests for check Signed-off-by: Sathish Babu <sbabu@progress.com> --------- Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> Signed-off-by: Sonu Saha <sonu.saha@progress.com> Signed-off-by: Sathish <sbabu@progress.com> Signed-off-by: Sathish Babu <sbabu@progress.com> Co-authored-by: Clinton Wolfe <clintoncwolfe@gmail.com> Co-authored-by: Sathish <sbabu@progress.com> Co-authored-by: Sathish Babu <80091550+sathish-progress@users.noreply.github.com>
181 lines
6 KiB
Ruby
181 lines
6 KiB
Ruby
require "functional/helper"
|
|
require "tmpdir"
|
|
require "zip"
|
|
require "rubygems/package"
|
|
|
|
describe "inspec archive" do
|
|
include FunctionalHelper
|
|
let(:auto_dst) { File.expand_path(File.join(repo_path, "profile-1.0.0.tar.gz")) }
|
|
|
|
parallelize_me!
|
|
|
|
it "archive is successful" do
|
|
prepare_examples("profile") do |dir|
|
|
out = inspec("archive " + dir + " --overwrite")
|
|
|
|
_(out.stdout).must_match(/Generate archive [^ ]*profile-1.0.0.tar.gz/)
|
|
_(out.stdout).must_include "Finished archive generation."
|
|
assert_exit_code 0, out
|
|
end
|
|
end
|
|
|
|
it "archives to output file" do
|
|
prepare_examples("profile") do |dir|
|
|
out = inspec("archive " + dir + " --output " + dst.path)
|
|
|
|
_(out.stderr).must_equal ""
|
|
_(out.stdout).must_include "Generate archive " + dst.path
|
|
_(out.stdout).must_include "Finished archive generation."
|
|
_(File.exist?(dst.path)).must_equal true
|
|
assert_exit_code 0, out
|
|
end
|
|
end
|
|
|
|
it "archives an inspec.json file if export if provided --export option" do
|
|
prepare_examples("profile") do |dir|
|
|
out = inspec("archive " + dir + " --overwrite --export")
|
|
|
|
_(out.stderr).must_equal ""
|
|
t = Zlib::GzipReader.open(auto_dst)
|
|
_(Gem::Package::TarReader.new(t).entries.map(&:header).map(&:name)).must_include "inspec.json"
|
|
assert_exit_code 0, out
|
|
end
|
|
end
|
|
|
|
it "archives an inspec.json file utilizing info from legacy export if provided --legacy-export option with a non-marker profile" do
|
|
prepare_examples("profile") do |dir|
|
|
out = inspec("archive " + dir + " --overwrite --legacy-export")
|
|
|
|
_(out.stderr).must_equal ""
|
|
t = Zlib::GzipReader.open(auto_dst)
|
|
_(Gem::Package::TarReader.new(t).entries.map(&:header).map(&:name)).must_include "inspec.json"
|
|
assert_exit_code 0, out
|
|
end
|
|
end
|
|
|
|
it "archives an inspec.json file utilizing info from legacy export if provided --legacy-export option with a marker profile" do
|
|
prepare_profiles("eval-markers") do |dir|
|
|
out = inspec("archive " + dir + " --overwrite --legacy-export --output " + dst.path)
|
|
|
|
_(out.stderr).must_include "TOP_LEVEL_MARKER"
|
|
_(out.stderr).must_include "CONTROL_BODY_MARKER"
|
|
_(out.stderr).must_include "METADATA_MARKER"
|
|
_(out.stdout).must_include "Generate archive " + dst.path
|
|
t = Zlib::GzipReader.open(dst.path)
|
|
files = Gem::Package::TarReader.new(t).entries.map(&:header).map(&:name)
|
|
_(files).must_include "inspec.json"
|
|
assert_exit_code 0, out
|
|
end
|
|
end
|
|
|
|
it "does not archive an inspec.json file by default" do
|
|
prepare_examples("profile") do |dir|
|
|
out = inspec("archive " + dir + " --overwrite")
|
|
|
|
_(out.stderr).must_equal ""
|
|
t = Zlib::GzipReader.open(auto_dst)
|
|
_(Gem::Package::TarReader.new(t).entries.map(&:header).map(&:name)).wont_include "inspec.json"
|
|
assert_exit_code 0, out
|
|
end
|
|
end
|
|
|
|
it "auto-archives when no --output is given" do
|
|
prepare_examples("profile") do |dir|
|
|
out = inspec("archive " + dir + " --overwrite")
|
|
|
|
_(out.stderr).must_equal ""
|
|
_(out.stdout).must_include "Generate archive " + auto_dst
|
|
_(out.stdout).must_include "Finished archive generation."
|
|
_(File.exist?(auto_dst)).must_equal true
|
|
assert_exit_code 0, out
|
|
end
|
|
end
|
|
|
|
it "archive on invalid archive" do
|
|
Dir.tmpdir do |target_dir|
|
|
out = inspec("archive #{target_dir} --output " + dst.path)
|
|
|
|
_(out.stderr).must_include "Don't understand inspec profile in \"#{target_dir}\""
|
|
_(File.exist?(dst.path)).must_equal false
|
|
assert_exit_code 1, out
|
|
end
|
|
end
|
|
|
|
it "archive will overwrite existing files even without --overwrite" do
|
|
prepare_examples("profile") do |dir|
|
|
x = rand.to_s
|
|
File.write(dst.path, x)
|
|
|
|
out = inspec("archive " + dir + " --output " + dst.path)
|
|
|
|
_(out.stderr).must_equal ""
|
|
_(out.stdout).must_include "Generate archive " + dst.path
|
|
_(File.read(dst.path)).wont_equal x
|
|
assert_exit_code 0, out
|
|
end
|
|
end
|
|
|
|
it "creates valid tar.gz archives" do
|
|
prepare_examples("profile") do |dir|
|
|
out = inspec("archive " + dir + " --output " + dst.path + " --tar")
|
|
|
|
_(out.stderr).must_equal ""
|
|
_(out.stdout).must_include "Generate archive " + dst.path
|
|
t = Zlib::GzipReader.open(dst.path)
|
|
_(Gem::Package::TarReader.new(t).entries.map(&:header).map(&:name)).must_include "inspec.yml"
|
|
assert_exit_code 0, out
|
|
end
|
|
end
|
|
|
|
it "creates valid zip archives" do
|
|
prepare_examples("profile") do |dir|
|
|
out = inspec("archive " + dir + " --output " + dst.path + " --zip")
|
|
|
|
_(out.stderr).must_equal ""
|
|
_(out.stdout).must_include "Generate archive " + dst.path
|
|
_(Zip::File.new(dst.path).entries.map(&:name)).must_include "inspec.yml"
|
|
assert_exit_code 0, out
|
|
end
|
|
end
|
|
|
|
it "vendors dependencies by default" do
|
|
prepare_profiles("dependencies/inheritance") do |dir|
|
|
out = inspec("archive " + dir + " --output " + dst.path)
|
|
|
|
_(out.stderr).must_equal ""
|
|
_(out.stdout).must_include "Generate archive " + dst.path
|
|
t = Zlib::GzipReader.open(dst.path)
|
|
files = Gem::Package::TarReader.new(t).entries.map(&:header).map(&:name)
|
|
_(files).must_include "inspec.lock"
|
|
_(files.select { |f| f =~ /vendor/ }.count).must_be :>, 1
|
|
assert_exit_code 0, out
|
|
end
|
|
end
|
|
|
|
it "can archive a profile with required inputs" do
|
|
archive_depends_path = File.join(profile_path, "profile-with-required-inputs")
|
|
|
|
Dir.mktmpdir do |tmpdir|
|
|
FileUtils.cp_r(archive_depends_path + "/.", tmpdir)
|
|
|
|
out = inspec("archive " + tmpdir + " --output " + dst.path)
|
|
|
|
_(out.stderr).must_equal ""
|
|
assert_exit_code 0, out
|
|
end
|
|
end
|
|
|
|
it "does not evaluate a profile by default" do
|
|
eval_marker_path = File.join(profile_path, "eval-markers")
|
|
|
|
Dir.mktmpdir do |tmpdir|
|
|
FileUtils.cp_r(eval_marker_path + "/.", tmpdir)
|
|
|
|
out = inspec("archive " + tmpdir + " --overwrite")
|
|
|
|
_(out.stdout).wont_include "EVALUATION_MARKER"
|
|
_(out.stderr).must_equal ""
|
|
assert_exit_code 0, out
|
|
end
|
|
end
|
|
end
|