Class: Inspec::Resources::FileResource

Inherits:

Object

• Object
• Inspec::Resources::FileResource

Includes:

FilePermissionsSelector, LinuxMountParser

Defined in:

lib/resources/file.rb

Direct Known Subclasses

Bond, Directory

Instance Attribute Summary

• #file ⇒ Object readonly

  Returns the value of attribute file.

• #mount_options ⇒ Object readonly

  Returns the value of attribute mount_options.

Instance Method Summary

• #allowed?(permission, opts = {}) ⇒ Boolean
• #contain(*_) ⇒ Object
• #content ⇒ Object
• #executable?(by_usergroup, by_specific_user) ⇒ Boolean
• #initialize(path) ⇒ FileResource constructor

  A new instance of FileResource.

• #more_permissive_than?(max_mode = nil) ⇒ Boolean
• #mounted?(expected_options = nil, identical = false) ⇒ Boolean
• #readable?(by_usergroup, by_specific_user) ⇒ Boolean
• #sgid ⇒ Object (also: #setgid?)
• #sticky ⇒ Object (also: #sticky?)
• #suid ⇒ Object (also: #setuid?)
• #to_s ⇒ Object
• #writable?(by_usergroup, by_specific_user) ⇒ Boolean

Methods included from LinuxMountParser

#includes_whitespaces?, #parse_mount_options

Methods included from FilePermissionsSelector

#select_file_perms_style

Constructor Details

#initialize(path) ⇒ FileResource

Returns a new instance of FileResource.

# File 'lib/resources/file.rb', line 38

def initialize(path)
  # select permissions style
  @perms_provider = select_file_perms_style(inspec.os)
  @file = inspec.backend.file(path)
end

Instance Attribute Details

#file ⇒ Object (readonly)

Returns the value of attribute file.

# File 'lib/resources/file.rb', line 37

def file
  @file
end

#mount_options ⇒ Object (readonly)

Returns the value of attribute mount_options.

# File 'lib/resources/file.rb', line 37

def mount_options
  @mount_options
end

Instance Method Details

#allowed?(permission, opts = {}) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/resources/file.rb', line 87

def allowed?(permission, opts = {})
  return false unless exist?
  return skip_resource '`allowed?` is not supported on your OS yet.' if @perms_provider.nil?

  file_permission_granted?(permission, opts[:by], opts[:by_user])
end

#contain(*_) ⇒ Object

# File 'lib/resources/file.rb', line 62

def contain(*_)
  raise 'Contain is not supported. Please use standard RSpec matchers.'
end

#content ⇒ Object

# File 'lib/resources/file.rb', line 56

def content
  res = file.content
  return nil if res.nil?
  res.force_encoding('utf-8')
end

#executable?(by_usergroup, by_specific_user) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/resources/file.rb', line 80

def executable?(by_usergroup, by_specific_user)
  return false unless exist?
  return skip_resource '`executable?` is not supported on your OS yet.' if @perms_provider.nil?

  file_permission_granted?('execute', by_usergroup, by_specific_user)
end

#more_permissive_than?(max_mode = nil) ⇒ Boolean

Returns:

• (Boolean)

Raises:

• (Inspec::Exceptions::ResourceFailed)

# File 'lib/resources/file.rb', line 136

def more_permissive_than?(max_mode = nil)
  raise Inspec::Exceptions::ResourceFailed, 'The file' + file.path + 'doesn\'t seem to exist' unless exist?
  raise ArgumentError, 'You must proivde a value for the `maximum allowable permission` for the file.' if max_mode.nil?
  raise ArgumentError, 'You must proivde the `maximum permission target` as a `String`, you provided: ' + max_mode.class.to_s unless max_mode.is_a?(String)
  raise ArgumentError, 'The value of the `maximum permission target` should be a valid file mode in 4-ditgit octal format: for example, `0644` or `0777`' unless /(0)?([0-7])([0-7])([0-7])/.match?(max_mode)

  # Using the files mode and a few bit-wise calculations we can ensure a
  # file is no more permisive than desired.
  #
  # 1. Calculate the inverse of the desired mode (e.g., 0644) by XOR it with
  # 0777 (all 1s). We are interested in the bits that are currently 0 since
  # it indicates that the actual mode is more permissive than the desired mode.
  # Conversely, we dont care about the bits that are currently 1 because they
  # cannot be any more permissive and we can safely ignore them.
  #
  # 2. Calculate the above result of ANDing the actual mode and the inverse
  # mode. This will determine if any of the bits that would indicate a more
  # permissive mode are set in the actual mode.
  #
  # 3. If the result is 0000, the files mode is equal
  # to or less permissive than the desired mode (PASS). Otherwise, the files
  # mode is more permissive than the desired mode (FAIL).

  max_mode = max_mode.rjust(4, '0')
  binary_desired_mode = format('%04b', max_mode).to_i(2)
  desired_mode_inverse = (binary_desired_mode ^ 0b111111111)
  (desired_mode_inverse & file.mode).zero? ? false : true
end

#mounted?(expected_options = nil, identical = false) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/resources/file.rb', line 94

def mounted?(expected_options = nil, identical = false)
  mounted = file.mounted

  # return if no additional parameters have been provided
  return file.mounted? if expected_options.nil?

  # deprecation warning, this functionality will be removed in future version
  Inspec.deprecate(:file_resource_be_mounted_matchers, 'The file resource `be_mounted.with` and `be_mounted.only_with` matchers are deprecated. Please use the `mount` resource instead')

  # we cannot read mount data on non-Linux systems
  return nil if !inspec.os.linux?

  # parse content if we are on linux
  @mount_options ||= parse_mount_options(mounted.stdout, true)

  if identical
    # check if the options should be identical
    @mount_options == expected_options
  else
    # otherwise compare the selected values
    @mount_options.contains(expected_options)
  end
end

#readable?(by_usergroup, by_specific_user) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/resources/file.rb', line 66

def readable?(by_usergroup, by_specific_user)
  return false unless exist?
  return skip_resource '`readable?` is not supported on your OS yet.' if @perms_provider.nil?

  file_permission_granted?('read', by_usergroup, by_specific_user)
end

#sgid ⇒ Object Also known as: setgid?

# File 'lib/resources/file.rb', line 124

def sgid
  (mode & 02000) > 0
end

#sticky ⇒ Object Also known as: sticky?

# File 'lib/resources/file.rb', line 130

def sticky
  (mode & 01000) > 0
end

#suid ⇒ Object Also known as: setuid?

# File 'lib/resources/file.rb', line 118

def suid
  (mode & 04000) > 0
end

#to_s ⇒ Object

# File 'lib/resources/file.rb', line 165

def to_s
  "File #{source_path}"
end

#writable?(by_usergroup, by_specific_user) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/resources/file.rb', line 73

def writable?(by_usergroup, by_specific_user)
  return false unless exist?
  return skip_resource '`writable?` is not supported on your OS yet.' if @perms_provider.nil?

  file_permission_granted?('write', by_usergroup, by_specific_user)
end