Class: Inspec::Profile

Inherits:

Object

• Object
• Inspec::Profile

Extended by:

Forwardable

Defined in:

lib/inspec/profile.rb

Overview

rubocop:disable Metrics/ClassLength

Instance Attribute Summary

• #runner_context ⇒ Object

  Returns the value of attribute runner_context.

• #source_reader ⇒ Object readonly

  Returns the value of attribute source_reader.

Class Method Summary

• .for_target(target, opts) ⇒ Object
• .resolve_target(target, opts) ⇒ Object

Instance Method Summary

• #archive(opts) ⇒ Object

  generates a archive of a folder profile assumes that the profile was checked before.

• #check ⇒ Boolean

  Check if the profile is internall well-structured.

• #controls_count ⇒ Object
• #cwd ⇒ Object

  TODO(ssd): Relative path handling really needs to be carefully thought through, especially with respect to relative paths in tarballs.

• #generate_lockfile(vendor_path = nil) ⇒ Inspec::Lockfile

  Generate an in-memory lockfile.

• #info ⇒ Object
• #initialize(source_reader, options = nil) ⇒ Profile constructor

  rubocop:disable Metrics/AbcSize.

• #locked_dependencies ⇒ Object
• #lockfile ⇒ Object
• #lockfile_exists? ⇒ Boolean
• #lockfile_path ⇒ Object
• #name ⇒ Object
• #params ⇒ Object

Constructor Details

#initialize(source_reader, options = nil) ⇒ Profile

rubocop:disable Metrics/AbcSize

# File 'lib/inspec/profile.rb', line 46

def initialize(source_reader, options = nil)
  @options = options || {}
  @target = @options.delete(:target)
  @logger = @options[:logger] || Logger.new(nil)
  @source_reader = source_reader
  @profile_id = @options[:id]
  @runner_context = nil
  Metadata.finalize(@source_reader.metadata, @profile_id)
end

Instance Attribute Details

#runner_context ⇒ Object

Returns the value of attribute runner_context.

# File 'lib/inspec/profile.rb', line 40

def runner_context
  @runner_context
end

#source_reader ⇒ Object (readonly)

Returns the value of attribute source_reader.

# File 'lib/inspec/profile.rb', line 39

def source_reader
  @source_reader
end

Class Method Details

.for_target(target, opts) ⇒ Object

# File 'lib/inspec/profile.rb', line 35

def self.for_target(target, opts)
  new(resolve_target(target, opts), opts)
end

.resolve_target(target, opts) ⇒ Object

# File 'lib/inspec/profile.rb', line 18

def self.resolve_target(target, opts)
  # Fetchers retrieve file contents
  opts[:target] = target
  fetcher = Inspec::Fetcher.resolve(target)
  if fetcher.nil?
    fail("Could not fetch inspec profile in #{target.inspect}.")
  end
  # Source readers understand the target's structure and provide
  # access to tests, libraries, and metadata
  reader = Inspec::SourceReader.resolve(fetcher.relative_target)
  if reader.nil?
    fail("Don't understand inspec profile in #{target.inspect}, it "\
         "doesn't look like a supported profile structure.")
  end
  reader
end

Instance Method Details

#archive(opts) ⇒ Object

generates a archive of a folder profile assumes that the profile was checked before

# File 'lib/inspec/profile.rb', line 178

def archive(opts)
  # check if file exists otherwise overwrite the archive
  dst = archive_name(opts)
  if dst.exist? && !opts[:overwrite]
    @logger.info "Archive #{dst} exists already. Use --overwrite."
    return false
  end

  # remove existing archive
  File.delete(dst) if dst.exist?
  @logger.info "Generate archive #{dst}."

  # filter files that should not be part of the profile
  # TODO ignore all .files, but add the files to debug output

  # display all files that will be part of the archive
  @logger.debug 'Add the following files to archive:'
  root_path = @source_reader.target.prefix
  files = @source_reader.target.files
  files.each { |f| @logger.debug '    ' + f }

  if opts[:zip]
    # generate zip archive
    require 'inspec/archive/zip'
    zag = Inspec::Archive::ZipArchiveGenerator.new
    zag.archive(root_path, files, dst)
  else
    # generate tar archive
    require 'inspec/archive/tar'
    tag = Inspec::Archive::TarArchiveGenerator.new
    tag.archive(root_path, files, dst)
  end

  @logger.info 'Finished archive generation.'
  true
end

#check ⇒ Boolean

Check if the profile is internall well-structured. The logger will be used to print information on errors and warnings which are found.

Returns:

• (Boolean) —

  true if no errors were found, false otherwise

# File 'lib/inspec/profile.rb', line 87

def check # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/MethodLength
  # initial values for response object
  result = {
    summary: {
      valid: false,
      timestamp: Time.now.iso8601,
      location: @target,
      profile: nil,
      controls: 0,
    },
    errors: [],
    warnings: [],
  }

  entry = lambda { |file, line, column, control, msg|
    {
      file: file,
      line: line,
      column: column,
      control_id: control,
      msg: msg,
    }
  }

  warn = lambda { |file, line, column, control, msg|
    @logger.warn(msg)
    result[:warnings].push(entry.call(file, line, column, control, msg))
  }

  error = lambda { |file, line, column, control, msg|
    @logger.error(msg)
    result[:errors].push(entry.call(file, line, column, control, msg))
  }

  @logger.info "Checking profile in #{@target}"
  meta_path = @source_reader.target.abs_path(@source_reader.metadata.ref)
  if meta_path =~ /metadata\.rb$/
    warn.call(@target, 0, 0, nil, 'The use of `metadata.rb` is deprecated. Use `inspec.yml`.')
  end

  # verify metadata
  m_errors, m_warnings = metadata.valid
  m_errors.each { |msg| error.call(meta_path, 0, 0, nil, msg) }
  m_warnings.each { |msg| warn.call(meta_path, 0, 0, nil, msg) }
  m_unsupported = metadata.unsupported
  m_unsupported.each { |u| warn.call(meta_path, 0, 0, nil, "doesn't support: #{u}") }
  @logger.info 'Metadata OK.' if m_errors.empty? && m_unsupported.empty?

  # extract profile name
  result[:summary][:profile] = metadata.params[:name]

  # check if the profile is using the old test directory instead of the
  # new controls directory
  if @source_reader.tests.keys.any? { |x| x =~ %r{^test/$} }
    warn.call(@target, 0, 0, nil, 'Profile uses deprecated `test` directory, rename it to `controls`.')
  end

  count = controls_count
  result[:summary][:controls] = count
  if count == 0
    warn.call(nil, nil, nil, nil, 'No controls or tests were defined.')
  else
    @logger.info("Found #{count} controls.")
  end

  # iterate over hash of groups
  params[:controls].each { |id, control|
    sfile = control[:source_location][:ref]
    sline = control[:source_location][:line]
    error.call(sfile, sline, nil, id, 'Avoid controls with empty IDs') if id.nil? or id.empty?
    next if id.start_with? '(generated '
    warn.call(sfile, sline, nil, id, "Control #{id} has no title") if control[:title].to_s.empty?
    warn.call(sfile, sline, nil, id, "Control #{id} has no description") if control[:desc].to_s.empty?
    warn.call(sfile, sline, nil, id, "Control #{id} has impact > 1.0") if control[:impact].to_f > 1.0
    warn.call(sfile, sline, nil, id, "Control #{id} has impact < 0.0") if control[:impact].to_f < 0.0
    warn.call(sfile, sline, nil, id, "Control #{id} has no tests defined") if control[:checks].nil? or control[:checks].empty?
  }

  # profile is valid if we could not find any error
  result[:summary][:valid] = result[:errors].empty?

  @logger.info 'Control definitions OK.' if result[:warnings].empty?
  result
end

#controls_count ⇒ Object

# File 'lib/inspec/profile.rb', line 172

def controls_count
  params[:controls].values.length
end

#cwd ⇒ Object

TODO(ssd): Relative path handling really needs to be carefully thought through, especially with respect to relative paths in tarballs.

# File 'lib/inspec/profile.rb', line 232

def cwd
  @target.is_a?(String) && File.directory?(@target) ? @target : './'
end

#generate_lockfile(vendor_path = nil) ⇒ Inspec::Lockfile

Generate an in-memory lockfile. This won’t render the lock file to disk, it must be explicitly written to disk by the caller.

Parameters:

• vendor_path (String) (defaults to: nil) —

  Path to the on-disk vendor dir

Returns:

• (Inspec::Lockfile)

# File 'lib/inspec/profile.rb', line 251

def generate_lockfile(vendor_path = nil)
  res = Inspec::DependencySet.new(cwd, vendor_path)
  res.vendor(metadata.dependencies)
  Inspec::Lockfile.from_dependency_set(res)
end

#info ⇒ Object

# File 'lib/inspec/profile.rb', line 64

def info
  res = params.dup
  # add information about the controls
  controls = res[:controls].map do |id, rule|
    next if id.to_s.empty?
    data = rule.dup
    data.delete(:checks)
    data[:impact] ||= 0.5
    data[:impact] = 1.0 if data[:impact] > 1.0
    data[:impact] = 0.0 if data[:impact] < 0.0
    [id, data]
  end
  res[:controls] = Hash[controls.compact]

  # add information about the required attributes
  res[:attributes] = res[:attributes].map(&:to_hash) unless res[:attributes].nil? || res[:attributes].empty?
  res
end

#locked_dependencies ⇒ Object

# File 'lib/inspec/profile.rb', line 215

def locked_dependencies
  @locked_dependencies ||= load_dependencies
end

#lockfile ⇒ Object

# File 'lib/inspec/profile.rb', line 236

def lockfile
  @lockfile ||= if lockfile_exists?
                  Inspec::Lockfile.from_file(lockfile_path)
                else
                  generate_lockfile
                end
end

#lockfile_exists? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/inspec/profile.rb', line 219

def lockfile_exists?
  File.exist?(lockfile_path)
end

#lockfile_path ⇒ Object

# File 'lib/inspec/profile.rb', line 223

def lockfile_path
  File.join(cwd, 'inspec.lock')
end

#name ⇒ Object

# File 'lib/inspec/profile.rb', line 56

def name
  metadata.params[:name]
end

#params ⇒ Object

# File 'lib/inspec/profile.rb', line 60

def params
  @params ||= load_params
end