Class: Inspec::Rule

Inherits:

Object

• Object
• Inspec::Rule

Includes:

RSpec::Matchers

Defined in:

lib/inspec/rule.rb

Overview

rubocop:disable Metrics/ClassLength

Class Method Summary

• .checks(rule) ⇒ Object
• .full_id(profile_id, rule) ⇒ Object

  Get the full id consisting of profile id + rule id for the rule.

• .merge(dst, src) ⇒ Object
• .prepare_checks(rule) ⇒ Object
• .rule_id(rule) ⇒ Object
• .set_rule_id(rule, value) ⇒ Object
• .set_skip_rule(rule, value) ⇒ Object
• .skip_status(rule) ⇒ Object

Instance Method Summary

• #desc(v = nil) ⇒ Object
• #describe(*values, &block) ⇒ nil|DescribeBase

  Describe will add one or more tests to this control.

• #expect(value, &block) ⇒ Object
• #id(*_) ⇒ Object
• #impact(v = nil) ⇒ Object
• #initialize(id, _opts, &block) ⇒ Rule constructor

  A new instance of Rule.

• #only_if ⇒ nil

  Skip all checks if only_if is false.

• #ref(ref = nil, opts = {}) ⇒ Object
• #tag(*args) ⇒ Object
• #title(v = nil) ⇒ Object

Constructor Details

#initialize(id, _opts, &block) ⇒ Rule

Returns a new instance of Rule.

# File 'lib/inspec/rule.rb', line 15

def initialize(id, _opts, &block)
  @id = id
  @impact = nil
  @title = nil
  @desc = nil
  @refs = []
  @tags = {}

  # not changeable by the user:
  @__block = block
  @__code = __get_block_source(&block)
  @__source_location = __get_block_source_location(&block)
  @__rule_id = nil
  @__checks = []
  @__skip_rule = nil

  # evaluate the given definition
  instance_eval(&block) if block_given?
end

Class Method Details

.checks(rule) ⇒ Object

# File 'lib/inspec/rule.rb', line 122

def self.checks(rule)
  rule.instance_variable_get(:@__checks)
end

.full_id(profile_id, rule) ⇒ Object

Get the full id consisting of profile id + rule id for the rule. If the rule’s profile id is empty, the given profile_id will be used instead and also set for the rule.

# File 'lib/inspec/rule.rb', line 174

def self.full_id(profile_id, rule)
  if rule.is_a?(String) or rule.nil?
    rid = rule
  else
    # As the profile context is exclusively pulled with a
    # profile ID, attach it to the rule if necessary.
    rid = rule.instance_variable_get(:@id)
    if rid.nil?
      # TODO: Message about skipping this rule
      # due to missing ID
      return nil
    end
  end
  pid = rule_id(rule)
  pid = set_rule_id(rule, profile_id) if pid.nil?

  # if we don't have a profile id, just return the rule's ID
  return rid if pid.nil? or pid.empty?
  # otherwise combine them
  "#{pid}/#{rid}"
end

.merge(dst, src) ⇒ Object

# File 'lib/inspec/rule.rb', line 146

def self.merge(dst, src)
  if src.id != dst.id
    # TODO: register an error, this case should not happen
    return
  end
  sp = rule_id(src)
  dp = rule_id(dst)
  if sp != dp
    # TODO: register an error, this case should not happen
    return
  end
  # merge all fields
  dst.impact(src.impact) unless src.impact.nil?
  dst.title(src.title)   unless src.title.nil?
  dst.desc(src.desc)     unless src.desc.nil?
  # merge indirect fields
  # checks defined in the source will completely eliminate
  # all checks that were defined in the destination
  sc = checks(src)
  dst.instance_variable_set(:@__checks, sc) unless sc.empty?
  sr = skip_status(src)
  set_skip_rule(dst, sr) unless sr.nil?
end

.prepare_checks(rule) ⇒ Object

# File 'lib/inspec/rule.rb', line 134

def self.prepare_checks(rule)
  msg = skip_status(rule)
  return checks(rule) unless msg
  msg = 'Skipped control due to only_if condition.' if msg == true

  # TODO: we use os as the carrier here, but should consider
  # a separate resource to do skipping
  resource = rule.os
  resource.skip_resource(msg)
  [['describe', [resource], nil]]
end

.rule_id(rule) ⇒ Object

# File 'lib/inspec/rule.rb', line 114

def self.rule_id(rule)
  rule.instance_variable_get(:@__rule_id)
end

.set_rule_id(rule, value) ⇒ Object

# File 'lib/inspec/rule.rb', line 118

def self.set_rule_id(rule, value)
  rule.instance_variable_set(:@__rule_id, value)
end

.set_skip_rule(rule, value) ⇒ Object

# File 'lib/inspec/rule.rb', line 130

def self.set_skip_rule(rule, value)
  rule.instance_variable_set(:@__skip_rule, value)
end

.skip_status(rule) ⇒ Object

# File 'lib/inspec/rule.rb', line 126

def self.skip_status(rule)
  rule.instance_variable_get(:@__skip_rule)
end

Instance Method Details

#desc(v = nil) ⇒ Object

# File 'lib/inspec/rule.rb', line 50

def desc(v = nil)
  @desc = unindent(v) unless v.nil?
  @desc
end

#describe(*values, &block) ⇒ nil|DescribeBase

Describe will add one or more tests to this control. There is 2 ways of calling it:

describe resource do ... end

or

describe.one do ... end

Parameters:

• Resource (any) —

  to be describe, string, or nil

• An (Proc) —

  optional block containing tests for the described resource

Returns:

• (nil|DescribeBase) —

  if called without arguments, returns DescribeBase

# File 'lib/inspec/rule.rb', line 97

def describe(*values, &block)
  if values.empty? && !block_given?
    dsl = self.class.ancestors[1]
    Class.new(DescribeBase) do
      include dsl
    end.new(method(:__add_check))
  else
    __add_check('describe', values, block)
  end
end

#expect(value, &block) ⇒ Object

# File 'lib/inspec/rule.rb', line 108

def expect(value, &block)
  target = Inspec::Expect.new(value, &block)
  __add_check('expect', [value], target)
  target
end

#id(*_) ⇒ Object

# File 'lib/inspec/rule.rb', line 35

def id(*_)
  # never overwrite the ID
  @id
end

#impact(v = nil) ⇒ Object

# File 'lib/inspec/rule.rb', line 40

def impact(v = nil)
  @impact = v unless v.nil?
  @impact
end

#only_if ⇒ nil

Skip all checks if only_if is false

Parameters:

• &block (Type) —

  returns true if tests are added, false otherwise

Returns:

• (nil)

# File 'lib/inspec/rule.rb', line 80

def only_if
  return unless block_given?
  @__skip_rule ||= !yield
end

#ref(ref = nil, opts = {}) ⇒ Object

# File 'lib/inspec/rule.rb', line 55

def ref(ref = nil, opts = {})
  return @refs if ref.nil? && opts.empty?
  if opts.empty? && ref.is_a?(Hash)
    opts = ref
  else
    opts[:ref] = ref
  end
  @refs.push(opts)
end

#tag(*args) ⇒ Object

# File 'lib/inspec/rule.rb', line 65

def tag(*args)
  args.each do |arg|
    if arg.is_a?(Hash)
      @tags.merge!(arg)
    else
      @tags[arg] ||= nil
    end
  end
  @tags
end

#title(v = nil) ⇒ Object

# File 'lib/inspec/rule.rb', line 45

def title(v = nil)
  @title = v unless v.nil?
  @title
end