Class: Inspec::BaseCLI

Inherits:

Thor

• Object
• Thor
• Inspec::BaseCLI

Defined in:

lib/inspec/plugin/v2/plugin_types/cli.rb,
lib/inspec/base_cli.rb

Overview

The InSpec load order has this file being loaded before ‘inspec/base_cli` can finish being loaded. So, we must define Inspec::BaseCLI here first to avoid a NameError below.

Direct Known Subclasses

InspecCLI, Plugin::V2::PluginType::CliCommand, Supermarket::SupermarketCLI

Class Attribute Summary

• .inspec_cli_command ⇒ Object

  Returns the value of attribute inspec_cli_command.

Class Method Summary

• .check_license! ⇒ Object

  EULA acceptance.

• .exec_options ⇒ Object
• .exit_on_failure? ⇒ Boolean

  github.com/erikhuda/thor/issues/244.

• .format_platform_info(params: {}, indent: 0, color: 39) ⇒ Object
• .help(*args) ⇒ Object
• .profile_options ⇒ Object
• .start(given_args = ARGV, config = {}) ⇒ Object
• .target_options ⇒ Object

  rubocop:disable Metrics/MethodLength.

Class Attribute Details

.inspec_cli_command ⇒ Object

Returns the value of attribute inspec_cli_command.

# File 'lib/inspec/base_cli.rb', line 29

def inspec_cli_command
  @inspec_cli_command
end

Class Method Details

.check_license! ⇒ Object

EULA acceptance

# File 'lib/inspec/base_cli.rb', line 39

def self.check_license!
  allowed_commands = ["-h", "--help", "help", "-v", "--version", "version"]

  require "license_acceptance/acceptor"
  begin
    if (allowed_commands & ARGV.map(&:downcase)).empty? && # Did they use a non-exempt command?
        !ARGV.empty? # Did they supply at least one command?
      LicenseAcceptance::Acceptor.check_and_persist(
        Inspec::Dist::EXEC_NAME,
        Inspec::VERSION,
        logger: Inspec::Log
      )
    end
  rescue LicenseAcceptance::LicenseNotAcceptedError
    Inspec::Log.error "#{Inspec::Dist::PRODUCT_NAME} cannot execute without accepting the license"
    Inspec::UI.new.exit(:license_not_accepted)
  end
end

.exec_options ⇒ Object

# File 'lib/inspec/base_cli.rb', line 130

def self.exec_options
  target_options
  profile_options
  option :controls, type: :array,
    desc: "A list of control names to run, or a list of /regexes/ to match against control names. Ignore all other tests."
  option :reporter, type: :array,
    banner: "one two:/output/file/path",
    desc: "Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit, yaml"
  option :reporter_message_truncation, type: :string,
    desc: "Number of characters to truncate failure messages in report data to (default: no truncation)"
  option :reporter_backtrace_inclusion, type: :boolean,
    desc: "Include a code backtrace in report data (default: true)"
  option :input, type: :array, banner: "name1=value1 name2=value2",
    desc: "Specify one or more inputs directly on the command line, as --input NAME=VALUE. Accepts single-quoted YAML and JSON structures."
  option :input_file, type: :array,
    desc: "Load one or more input files, a YAML file with values for the profile to use"
  option :waiver_file, type: :array,
    desc: "Load one or more waiver files."
  option :attrs, type: :array,
    desc: "Legacy name for --input-file - deprecated."
  option :create_lockfile, type: :boolean,
    desc: "Write out a lockfile based on this execution (unless one already exists)"
  option :backend_cache, type: :boolean,
    desc: "Allow caching for backend command output. (default: true)"
  option :show_progress, type: :boolean,
    desc: "Show progress while executing tests."
  option :distinct_exit, type: :boolean, default: true,
    desc: "Exit with code 101 if any tests fail, and 100 if any are skipped (default).  If disabled, exit 0 on skips and 1 for failures."
  option :silence_deprecations, type: :array,
    banner: "[all]|[GROUP GROUP...]",
    desc: "Suppress deprecation warnings. See install_dir/etc/deprecations.json for list of GROUPs or use 'all'."
  option :diff, type: :boolean, default: true,
    desc: "Use --no-diff to suppress 'diff' output of failed textual test results."
  option :sort_results_by, type: :string, default: "file", banner: "--sort-results-by=none|control|file|random",
    desc: "After normal execution order, results are sorted by control ID, or by file (default), or randomly. None uses legacy unsorted mode."
end

.exit_on_failure? ⇒ Boolean

github.com/erikhuda/thor/issues/244

Returns:

• (Boolean)

# File 'lib/inspec/base_cli.rb', line 59

def self.exit_on_failure?
  true
end

.format_platform_info(params: {}, indent: 0, color: 39) ⇒ Object

# File 'lib/inspec/base_cli.rb', line 173

def self.format_platform_info(params: {}, indent: 0, color: 39)
  str = ""
  params.each do |item, info|
    data = info

    # Format Array for better output if applicable
    data = data.join(", ") if data.is_a?(Array)

    # Do not output fields of data is missing ('unknown' is fine)
    next if data.nil?

    data = "\e[1m\e[#{color}m#{data}\e[0m"
    str << format("#{" " * indent}%-10s %s\n", item.to_s.capitalize + ":", data)
  end
  str
end

.help(*args) ⇒ Object

# File 'lib/inspec/base_cli.rb', line 167

def self.help(*args)
  super(*args)
  puts "\nAbout #{Inspec::Dist::PRODUCT_NAME}:"
  puts "  Patents: chef.io/patents\n\n"
end

.profile_options ⇒ Object

# File 'lib/inspec/base_cli.rb', line 123

def self.profile_options
  option :profiles_path, type: :string,
    desc: "Folder which contains referenced profiles."
  option :vendor_cache, type: :string,
    desc: "Use the given path for caching dependencies. (default: ~/.inspec/cache)"
end

.start(given_args = ARGV, config = {}) ⇒ Object

# File 'lib/inspec/base_cli.rb', line 32

def self.start(given_args = ARGV, config = {})
  check_license! if config[:enforce_license] || config[:enforce_license].nil?

  super(given_args, config)
end

.target_options ⇒ Object

rubocop:disable Metrics/MethodLength

# File 'lib/inspec/base_cli.rb', line 63

def self.target_options # rubocop:disable Metrics/MethodLength
  option :target, aliases: :t, type: :string,
    desc: "Simple targeting option using URIs, e.g. ssh://user:pass@host:port"
  option :backend, aliases: :b, type: :string,
    desc: "Choose a backend: local, ssh, winrm, docker."
  option :host, type: :string,
    desc: "Specify a remote host which is tested."
  option :port, aliases: :p, type: :numeric,
    desc: "Specify the login port for a remote scan."
  option :user, type: :string,
    desc: "The login user for a remote scan."
  option :password, type: :string, lazy_default: -1,
    desc: "Login password for a remote scan, if required."
  option :enable_password, type: :string, lazy_default: -1,
    desc: "Password for enable mode on Cisco IOS devices."
  option :key_files, aliases: :i, type: :array,
    desc: "Login key or certificate file for a remote scan."
  option :path, type: :string,
    desc: "Login path to use when connecting to the target (WinRM)."
  option :sudo, type: :boolean,
    desc: "Run scans with sudo. Only activates on Unix and non-root user."
  option :sudo_password, type: :string, lazy_default: -1,
    desc: "Specify a sudo password, if it is required."
  option :sudo_options, type: :string,
    desc: "Additional sudo options for a remote scan."
  option :sudo_command, type: :string,
    desc: "Alternate command for sudo."
  option :shell, type: :boolean,
    desc: "Run scans in a subshell. Only activates on Unix."
  option :shell_options, type: :string,
    desc: "Additional shell options."
  option :shell_command, type: :string,
    desc: "Specify a particular shell to use."
  option :ssl, type: :boolean,
    desc: "Use SSL for transport layer encryption (WinRM)."
  option :self_signed, type: :boolean,
    desc: "Allow remote scans with self-signed certificates (WinRM)."
  option :winrm_transport, type: :string, default: "negotiate",
    desc: "Specify which transport to use, defaults to negotiate (WinRM)."
  option :winrm_disable_sspi, type: :boolean,
    desc: "Whether to use disable sspi authentication, defaults to false (WinRM)."
  option :winrm_basic_auth_only, type: :boolean,
    desc: "Whether to use basic authentication, defaults to false (WinRM)."
  option :config, type: :string,
    desc: "Read configuration from JSON file (`-` reads from stdin)."
  option :json_config, type: :string, hide: true
  option :proxy_command, type: :string,
    desc: "Specifies the command to use to connect to the server"
  option :bastion_host, type: :string,
    desc: "Specifies the bastion host if applicable"
  option :bastion_user, type: :string,
    desc: "Specifies the bastion user if applicable"
  option :bastion_port, type: :string,
    desc: "Specifies the bastion port if applicable"
  option :insecure, type: :boolean, default: false,
    desc: "Disable SSL verification on select targets"
  option :target_id, type: :string,
    desc: "Provide a ID which will be included on reports"
end