Class: Inspec::Profile

Inherits:
Object
  • Object
show all
Extended by:
Forwardable
Defined in:
lib/inspec/profile.rb

Overview

rubocop:disable Metrics/ClassLength

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(source_reader, options = {}) ⇒ Profile

rubocop:disable Metrics/AbcSize



48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/inspec/profile.rb', line 48

def initialize(source_reader, options = {})
  @options = options
  @target = @options.delete(:target)
  @logger = @options[:logger] || Logger.new(nil)
  @source_reader = source_reader
  if options[:dependencies]
    @locked_dependencies = options[:dependencies]
  end
  @controls = options[:controls] || []
  @profile_id = @options[:id]
  @backend = @options[:backend] || Inspec::Backend.create(options)
  Metadata.finalize(@source_reader.metadata, @profile_id)
  @runner_context = @options[:profile_context] || Inspec::ProfileContext.for_profile(self, @backend, @options[:attributes])
end

Instance Attribute Details

#runner_contextObject

Returns the value of attribute runner_context.



42
43
44
 
# File 'lib/inspec/profile.rb', line 42

def runner_context
  @runner_context
end

#source_readerObject (readonly)

Returns the value of attribute source_reader.



41
42
43
 
# File 'lib/inspec/profile.rb', line 41

def source_reader
  @source_reader
end

Class Method Details

.for_target(target, opts = {}) ⇒ Object 



37
38
39
 
# File 'lib/inspec/profile.rb', line 37

def self.for_target(target, opts = {})
  new(resolve_target(target), opts.merge(target: target))
end

.resolve_target(target) ⇒ Object 



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/inspec/profile.rb', line 21

def self.resolve_target(target)
  # Fetchers retrieve file contents
  fetcher = Inspec::Fetcher.resolve(target)
  if fetcher.nil?
    fail("Could not fetch inspec profile in #{target.inspect}.")
  end
  # Source readers understand the target's structure and provide
  # access to tests, libraries, and metadata
  reader = Inspec::SourceReader.resolve(fetcher.relative_target)
  if reader.nil?
    fail("Don't understand inspec profile in #{target.inspect}, it "\
         "doesn't look like a supported profile structure.")
  end
  reader
end

Instance Method Details

#archive(opts) ⇒ Object

generates a archive of a folder profile assumes that the profile was checked before



225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
 
# File 'lib/inspec/profile.rb', line 225

def archive(opts)
  # check if file exists otherwise overwrite the archive
  dst = archive_name(opts)
  if dst.exist? && !opts[:overwrite]
    @logger.info "Archive #{dst} exists already. Use --overwrite."
    return false
  end

  # remove existing archive
  File.delete(dst) if dst.exist?
  @logger.info "Generate archive #{dst}."

  # filter files that should not be part of the profile
  # TODO ignore all .files, but add the files to debug output

  # display all files that will be part of the archive
  @logger.debug 'Add the following files to archive:'
  root_path = @source_reader.target.prefix
  files = @source_reader.target.files
  files.each { |f| @logger.debug '    ' + f }

  if opts[:zip]
    # generate zip archive
    require 'inspec/archive/zip'
    zag = Inspec::Archive::ZipArchiveGenerator.new
    zag.archive(root_path, files, dst)
  else
    # generate tar archive
    require 'inspec/archive/tar'
    tag = Inspec::Archive::TarArchiveGenerator.new
    tag.archive(root_path, files, dst)
  end

  @logger.info 'Finished archive generation.'
  true
end

#checkBoolean

Check if the profile is internall well-structured. The logger will be used to print information on errors and warnings which are found.

Returns:

  • (Boolean)

    true if no errors were found, false otherwise



134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
 
# File 'lib/inspec/profile.rb', line 134

def check # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/MethodLength
  # initial values for response object
  result = {
    summary: {
      valid: false,
      timestamp: Time.now.iso8601,
      location: @target,
      profile: nil,
      controls: 0,
    },
    errors: [],
    warnings: [],
  }

  entry = lambda { |file, line, column, control, msg|
    {
      file: file,
      line: line,
      column: column,
      control_id: control,
      msg: msg,
    }
  }

  warn = lambda { |file, line, column, control, msg|
    @logger.warn(msg)
    result[:warnings].push(entry.call(file, line, column, control, msg))
  }

  error = lambda { |file, line, column, control, msg|
    @logger.error(msg)
    result[:errors].push(entry.call(file, line, column, control, msg))
  }

  @logger.info "Checking profile in #{@target}"
  meta_path = @source_reader.target.abs_path(@source_reader.metadata.ref)
  if meta_path =~ /metadata\.rb$/
    warn.call(@target, 0, 0, nil, 'The use of `metadata.rb` is deprecated. Use `inspec.yml`.')
  end

  # verify metadata
  m_errors, m_warnings = metadata.valid
  m_errors.each { |msg| error.call(meta_path, 0, 0, nil, msg) }
  m_warnings.each { |msg| warn.call(meta_path, 0, 0, nil, msg) }
  m_unsupported = metadata.unsupported
  m_unsupported.each { |u| warn.call(meta_path, 0, 0, nil, "doesn't support: #{u}") }
  @logger.info 'Metadata OK.' if m_errors.empty? && m_unsupported.empty?

  # extract profile name
  result[:summary][:profile] = metadata.params[:name]

  # check if the profile is using the old test directory instead of the
  # new controls directory
  if @source_reader.tests.keys.any? { |x| x =~ %r{^test/$} }
    warn.call(@target, 0, 0, nil, 'Profile uses deprecated `test` directory, rename it to `controls`.')
  end

  count = controls_count
  result[:summary][:controls] = count
  if count == 0
    warn.call(nil, nil, nil, nil, 'No controls or tests were defined.')
  else
    @logger.info("Found #{count} controls.")
  end

  # iterate over hash of groups
  params[:controls].each { |id, control|
    sfile = control[:source_location][:ref]
    sline = control[:source_location][:line]
    error.call(sfile, sline, nil, id, 'Avoid controls with empty IDs') if id.nil? or id.empty?
    next if id.start_with? '(generated '
    warn.call(sfile, sline, nil, id, "Control #{id} has no title") if control[:title].to_s.empty?
    warn.call(sfile, sline, nil, id, "Control #{id} has no description") if control[:desc].to_s.empty?
    warn.call(sfile, sline, nil, id, "Control #{id} has impact > 1.0") if control[:impact].to_f > 1.0
    warn.call(sfile, sline, nil, id, "Control #{id} has impact < 0.0") if control[:impact].to_f < 0.0
    warn.call(sfile, sline, nil, id, "Control #{id} has no tests defined") if control[:checks].nil? or control[:checks].empty?
  }

  # profile is valid if we could not find any error
  result[:summary][:valid] = result[:errors].empty?

  @logger.info 'Control definitions OK.' if result[:warnings].empty?
  result
end

#collect_tests(include_list = @controls) ⇒ Object 



71
72
73
74
75
76
77
78
79
80
81
82
83
 
# File 'lib/inspec/profile.rb', line 71

def collect_tests(include_list = @controls)
  if !@tests_collected
    locked_dependencies.each(&:collect_tests)

    tests.each do |path, content|
      next if content.nil? || content.empty?
      abs_path = source_reader.target.abs_path(path)
      @runner_context.load_control_file(content, abs_path, nil)
    end
    @tests_collected = true
  end
  filter_controls(@runner_context.all_rules, include_list)
end

#controls_countObject 



219
220
221
 
# File 'lib/inspec/profile.rb', line 219

def controls_count
  params[:controls].values.length
end

#cwdObject

TODO(ssd): Relative path handling really needs to be carefully thought through, especially with respect to relative paths in tarballs.



279
280
281
 
# File 'lib/inspec/profile.rb', line 279

def cwd
  @target.is_a?(String) && File.directory?(@target) ? @target : './'
end

#filter_controls(controls_array, include_list) ⇒ Object 



85
86
87
88
89
90
91
 
# File 'lib/inspec/profile.rb', line 85

def filter_controls(controls_array, include_list)
  return controls_array if include_list.nil? || include_list.empty?
  controls_array.select do |c|
    id = ::Inspec::Rule.rule_id(c)
    include_list.include?(id)
  end
end

#generate_lockfile(vendor_path = nil) ⇒ Inspec::Lockfile

Generate an in-memory lockfile. This won’t render the lock file to disk, it must be explicitly written to disk by the caller.

Parameters:

  • vendor_path (String) (defaults to: nil)

    Path to the on-disk vendor dir

Returns:



298
299
300
301
302
 
# File 'lib/inspec/profile.rb', line 298

def generate_lockfile(vendor_path = nil)
  res = Inspec::DependencySet.new(cwd, vendor_path, nil, @backend)
  res.vendor(metadata.dependencies)
  Inspec::Lockfile.from_dependency_set(res)
end

#infoObject 



111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
 
# File 'lib/inspec/profile.rb', line 111

def info
  res = params.dup
  # add information about the controls
  controls = res[:controls].map do |id, rule|
    next if id.to_s.empty?
    data = rule.dup
    data.delete(:checks)
    data[:impact] ||= 0.5
    data[:impact] = 1.0 if data[:impact] > 1.0
    data[:impact] = 0.0 if data[:impact] < 0.0
    [id, data]
  end
  res[:controls] = Hash[controls.compact]

  # add information about the required attributes
  res[:attributes] = res[:attributes].map(&:to_hash) unless res[:attributes].nil? || res[:attributes].empty?
  res
end

#load_dependenciesObject 



304
305
306
 
# File 'lib/inspec/profile.rb', line 304

def load_dependencies
  Inspec::DependencySet.from_lockfile(lockfile, cwd, nil, @backend)
end

#load_librariesObject 



93
94
95
96
97
98
99
100
101
102
103
104
105
 
# File 'lib/inspec/profile.rb', line 93

def load_libraries
  locked_dependencies.each do |d|
    c = d.load_libraries
    @runner_context.add_resources(c)
  end

  libs = libraries.map do |path, content|
    [content, path]
  end

  @runner_context.load_libraries(libs)
  @runner_context
end

#locked_dependenciesObject 



262
263
264
 
# File 'lib/inspec/profile.rb', line 262

def locked_dependencies
  @locked_dependencies ||= load_dependencies
end

#lockfileObject 



283
284
285
286
287
288
289
 
# File 'lib/inspec/profile.rb', line 283

def lockfile
  @lockfile ||= if lockfile_exists?
                  Inspec::Lockfile.from_file(lockfile_path)
                else
                  generate_lockfile
                end
end

#lockfile_exists?Boolean

Returns:

  • (Boolean) 


266
267
268
 
# File 'lib/inspec/profile.rb', line 266

def lockfile_exists?
  File.exist?(lockfile_path)
end

#lockfile_pathObject 



270
271
272
 
# File 'lib/inspec/profile.rb', line 270

def lockfile_path
  File.join(cwd, 'inspec.lock')
end

#nameObject 



63
64
65
 
# File 'lib/inspec/profile.rb', line 63

def name
  metadata.params[:name]
end

#paramsObject 



67
68
69
 
# File 'lib/inspec/profile.rb', line 67

def params
  @params ||= load_params
end

#to_sObject 



107
108
109
 
# File 'lib/inspec/profile.rb', line 107

def to_s
  "Inspec::Profile<#{name}>"
end