Class: Inspec::BaseCLI

Inherits:
Thor
  • Object
show all
Defined in:
lib/inspec/plugin/v2/plugin_types/cli.rb,
lib/inspec/base_cli.rb

Overview

The InSpec load order has this file being loaded before ‘inspec/base_cli` can finish being loaded. So, we must define Inspec::BaseCLI here first to avoid a NameError below.

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.inspec_cli_commandObject

Returns the value of attribute inspec_cli_command.



27
28
29
 
# File 'lib/inspec/base_cli.rb', line 27

def inspec_cli_command
  @inspec_cli_command
end

Class Method Details

.check_license!Object

EULA acceptance



37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/inspec/base_cli.rb', line 37

def self.check_license!
  allowed_commands = ["-h", "--help", "help", "-v", "--version", "version"]

  require "license_acceptance/acceptor"
  begin
    if (allowed_commands & ARGV.map(&:downcase)).empty? && # Did they use a non-exempt command?
        !ARGV.empty? # Did they supply at least one command?
      LicenseAcceptance::Acceptor.check_and_persist(
        Inspec::Dist::EXEC_NAME,
        Inspec::VERSION,
        logger: Inspec::Log
      )
    end
  rescue LicenseAcceptance::LicenseNotAcceptedError
    Inspec::Log.error "#{Inspec::Dist::PRODUCT_NAME} cannot execute without accepting the license"
    Inspec::UI.new.exit(:license_not_accepted)
  end
end

.exec_optionsObject 



128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
 
# File 'lib/inspec/base_cli.rb', line 128

def self.exec_options
  target_options
  profile_options
  option :controls, type: :array,
    desc: "A list of control names to run, or a list of /regexes/ to match against control names. Ignore all other tests."
  option :reporter, type: :array,
    banner: "one two:/output/file/path",
    desc: "Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit, yaml"
  option :input, type: :array, banner: "name1=value1 name2=value2",
    desc: "Specify one or more inputs directly on the command line, as --input NAME=VALUE"
  option :input_file, type: :array,
    desc: "Load one or more input files, a YAML file with values for the profile to use"
  option :waiver_file, type: :array,
    desc: "Load one or more waiver files."
  option :attrs, type: :array,
    desc: "Legacy name for --input-file - deprecated."
  option :create_lockfile, type: :boolean,
    desc: "Write out a lockfile based on this execution (unless one already exists)"
  option :backend_cache, type: :boolean,
    desc: "Allow caching for backend command output. (default: true)"
  option :show_progress, type: :boolean,
    desc: "Show progress while executing tests."
  option :distinct_exit, type: :boolean, default: true,
    desc: "Exit with code 101 if any tests fail, and 100 if any are skipped (default).  If disabled, exit 0 on skips and 1 for failures."
end

.exit_on_failure?Boolean

github.com/erikhuda/thor/issues/244

Returns:

  • (Boolean) 


57
58
59
 
# File 'lib/inspec/base_cli.rb', line 57

def self.exit_on_failure?
  true
end

.format_platform_info(params: {}, indent: 0, color: 39) ⇒ Object 



154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
 
# File 'lib/inspec/base_cli.rb', line 154

def self.format_platform_info(params: {}, indent: 0, color: 39)
  str = ""
  params.each do |item, info|
    data = info

    # Format Array for better output if applicable
    data = data.join(", ") if data.is_a?(Array)

    # Do not output fields of data is missing ('unknown' is fine)
    next if data.nil?

    data = "\e[1m\e[#{color}m#{data}\e[0m"
    str << format("#{" " * indent}%-10s %s\n", item.to_s.capitalize + ":", data)
  end
  str
end

.profile_optionsObject 



121
122
123
124
125
126
 
# File 'lib/inspec/base_cli.rb', line 121

def self.profile_options
  option :profiles_path, type: :string,
    desc: "Folder which contains referenced profiles."
  option :vendor_cache, type: :string,
    desc: "Use the given path for caching dependencies. (default: ~/.inspec/cache)"
end

.start(given_args = ARGV, config = {}) ⇒ Object 



30
31
32
33
34
 
# File 'lib/inspec/base_cli.rb', line 30

def self.start(given_args = ARGV, config = {})
  check_license! if config[:enforce_license] || config[:enforce_license].nil?

  super(given_args, config)
end

.target_optionsObject

rubocop:disable MethodLength



61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
# File 'lib/inspec/base_cli.rb', line 61

def self.target_options # rubocop:disable MethodLength
  option :target, aliases: :t, type: :string,
    desc: "Simple targeting option using URIs, e.g. ssh://user:pass@host:port"
  option :backend, aliases: :b, type: :string,
    desc: "Choose a backend: local, ssh, winrm, docker."
  option :host, type: :string,
    desc: "Specify a remote host which is tested."
  option :port, aliases: :p, type: :numeric,
    desc: "Specify the login port for a remote scan."
  option :user, type: :string,
    desc: "The login user for a remote scan."
  option :password, type: :string, lazy_default: -1,
    desc: "Login password for a remote scan, if required."
  option :enable_password, type: :string, lazy_default: -1,
    desc: "Password for enable mode on Cisco IOS devices."
  option :key_files, aliases: :i, type: :array,
    desc: "Login key or certificate file for a remote scan."
  option :path, type: :string,
    desc: "Login path to use when connecting to the target (WinRM)."
  option :sudo, type: :boolean,
    desc: "Run scans with sudo. Only activates on Unix and non-root user."
  option :sudo_password, type: :string, lazy_default: -1,
    desc: "Specify a sudo password, if it is required."
  option :sudo_options, type: :string,
    desc: "Additional sudo options for a remote scan."
  option :sudo_command, type: :string,
    desc: "Alternate command for sudo."
  option :shell, type: :boolean,
    desc: "Run scans in a subshell. Only activates on Unix."
  option :shell_options, type: :string,
    desc: "Additional shell options."
  option :shell_command, type: :string,
    desc: "Specify a particular shell to use."
  option :ssl, type: :boolean,
    desc: "Use SSL for transport layer encryption (WinRM)."
  option :self_signed, type: :boolean,
    desc: "Allow remote scans with self-signed certificates (WinRM)."
  option :winrm_transport, type: :string, default: "negotiate",
    desc: "Specify which transport to use, defaults to negotiate (WinRM)."
  option :winrm_disable_sspi, type: :boolean,
    desc: "Whether to use disable sspi authentication, defaults to false (WinRM)."
  option :winrm_basic_auth, type: :boolean,
    desc: "Whether to use basic authentication, defaults to false (WinRM)."
  option :config, type: :string,
    desc: "Read configuration from JSON file (`-` reads from stdin)."
  option :json_config, type: :string, hide: true
  option :proxy_command, type: :string,
    desc: "Specifies the command to use to connect to the server"
  option :bastion_host, type: :string,
    desc: "Specifies the bastion host if applicable"
  option :bastion_user, type: :string,
    desc: "Specifies the bastion user if applicable"
  option :bastion_port, type: :string,
    desc: "Specifies the bastion port if applicable"
  option :insecure, type: :boolean, default: false,
    desc: "Disable SSL verification on select targets"
  option :target_id, type: :string,
    desc: "Provide a ID which will be included on reports"
end