Method: Inspec::Profile#check
- Defined in:
- lib/inspec/profile.rb
#check ⇒ Boolean
Check if the profile is internally well-structured. The logger will be used to print information on errors and warnings which are found.
332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 |
# File 'lib/inspec/profile.rb', line 332 def check # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/MethodLength # initial values for response object result = { summary: { valid: false, timestamp: Time.now.iso8601, location: @target, profile: nil, controls: 0, }, errors: [], warnings: [], } entry = lambda { |file, line, column, control, msg| { file: file, line: line, column: column, control_id: control, msg: msg, } } warn = lambda { |file, line, column, control, msg| @logger.warn(msg) result[:warnings].push(entry.call(file, line, column, control, msg)) } error = lambda { |file, line, column, control, msg| @logger.error(msg) result[:errors].push(entry.call(file, line, column, control, msg)) } @logger.info "Checking profile in #{@target}" = @source_reader.target.abs_path(@source_reader..ref) # verify metadata m_errors, m_warnings = .valid m_errors.each { |msg| error.call(, 0, 0, nil, msg) } m_warnings.each { |msg| warn.call(, 0, 0, nil, msg) } m_unsupported = .unsupported m_unsupported.each { |u| warn.call(, 0, 0, nil, "doesn't support: #{u}") } @logger.info 'Metadata OK.' if m_errors.empty? && m_unsupported.empty? # only run the vendor check if the legacy profile-path is not used as argument if @legacy_profile_path == false # verify that a lockfile is present if we have dependencies if !.dependencies.empty? error.call(, 0, 0, nil, 'Your profile needs to be vendored with `inspec vendor`.') if !lockfile_exists? end if lockfile_exists? # verify if metadata and lockfile are out of sync if lockfile.deps.size != .dependencies.size error.call(, 0, 0, nil, 'inspec.yml and inspec.lock are out-of-sync. Please re-vendor with `inspec vendor`.') end # verify if metadata and lockfile have the same dependency names .dependencies.each { |dep| # Skip if the dependency does not specify a name next if dep[:name].nil? # TODO: should we also verify that the soure is the same? if !lockfile.deps.map { |x| x[:name] }.include? dep[:name] error.call(, 0, 0, nil, "Cannot find #{dep[:name]} in lockfile. Please re-vendor with `inspec vendor`.") end } end end # extract profile name result[:summary][:profile] = .params[:name] count = controls_count result[:summary][:controls] = count if count == 0 warn.call(nil, nil, nil, nil, 'No controls or tests were defined.') else @logger.info("Found #{count} controls.") end # iterate over hash of groups params[:controls].each { |id, control| sfile = control[:source_location][:ref] sline = control[:source_location][:line] error.call(sfile, sline, nil, id, 'Avoid controls with empty IDs') if id.nil? or id.empty? next if id.start_with? '(generated ' warn.call(sfile, sline, nil, id, "Control #{id} has no title") if control[:title].to_s.empty? warn.call(sfile, sline, nil, id, "Control #{id} has no descriptions") if control[:descriptions][:default].to_s.empty? warn.call(sfile, sline, nil, id, "Control #{id} has impact > 1.0") if control[:impact].to_f > 1.0 warn.call(sfile, sline, nil, id, "Control #{id} has impact < 0.0") if control[:impact].to_f < 0.0 warn.call(sfile, sline, nil, id, "Control #{id} has no tests defined") if control[:checks].nil? or control[:checks].empty? } # profile is valid if we could not find any error result[:summary][:valid] = result[:errors].empty? @logger.info 'Control definitions OK.' if result[:warnings].empty? result end |