Class: Inspec::Resources::WindowsFilePermissions

Inherits:

FilePermissions

• Object
• FilePermissions
• Inspec::Resources::WindowsFilePermissions

Defined in:

lib/inspec/resources/file.rb

Instance Attribute Summary

Attributes inherited from FilePermissions

#inspec

Instance Method Summary

• #check_file_permission_by_mask(_file, _access_type, _usergroup, _specific_user) ⇒ Object
• #check_file_permission_by_user(access_type, user, path) ⇒ Object
• #inherited?(file) ⇒ Boolean
• #more_permissive_than? ⇒ Boolean
• #user_permissions(file) ⇒ Object

Methods inherited from FilePermissions

#initialize

Constructor Details

This class inherits a constructor from Inspec::Resources::FilePermissions

Instance Method Details

#check_file_permission_by_mask(_file, _access_type, _usergroup, _specific_user) ⇒ Object

# File 'lib/inspec/resources/file.rb', line 313

def check_file_permission_by_mask(_file, _access_type, _usergroup, _specific_user)
  raise "`check_file_permission_by_mask` is not supported on Windows"
end

#check_file_permission_by_user(access_type, user, path) ⇒ Object

# File 'lib/inspec/resources/file.rb', line 321

def check_file_permission_by_user(access_type, user, path)
  access_rule = translate_perm_names(access_type)
  access_rule = convert_to_powershell_array(access_rule)

  cmd = inspec.command("@(@((Get-Acl '#{path}').access | Where-Object {$_.AccessControlType -eq 'Allow' -and $_.IdentityReference -eq '#{user}' }) | Where-Object {($_.FileSystemRights.ToString().Split(',') | % {$_.trim()} | ? {#{access_rule} -contains $_}) -ne $null}) | measure | % { $_.Count }")
  cmd.stdout.chomp == "0" ? false : true
end

#inherited?(file) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/inspec/resources/file.rb', line 308

def inherited?(file)
  cmd = inspec.command("(Get-Acl -Path #{file.path}).access| Where-Object {$_.IsInherited -eq $true} | measure | % { $_.Count }")
  cmd.stdout.chomp == "0" ? false : true
end

#more_permissive_than? ⇒ Boolean

Returns:

• (Boolean)

Raises:

• (Inspec::Exceptions::ResourceSkipped)

# File 'lib/inspec/resources/file.rb', line 317

def more_permissive_than?(*)
  raise Inspec::Exceptions::ResourceSkipped, "The `more_permissive_than?` matcher is not supported on your OS yet."
end

#user_permissions(file) ⇒ Object

# File 'lib/inspec/resources/file.rb', line 294

def user_permissions(file)
  script = <<-EOH
  $Acl = Get-Acl -Path #{file.path}
  $Result = foreach ($Access in $acl.Access) {
    [PSCustomObject]@{
      $Access.IdentityReference.Value  = $Access.FileSystemRights.ToString()
    }
  }
  $Result | ConvertTo-Json
  EOH
  result = inspec.powershell(script)
  JSON.load(result.stdout).inject(&:merge) unless result.stdout.empty?
end