class Inspec::Resources::UnixHostProvider

Public Class Methods

new(inspec) click to toggle source
Calls superclass method Inspec::Resources::HostProvider::new
# File lib/inspec/resources/host.rb, line 153
def initialize(inspec)
  super

  @has_nc = inspec.command("nc").exist?
  @has_ncat = inspec.command("ncat").exist?
  @has_net_redirections = inspec.command("strings `which bash` | grep -qE '/dev/(tcp|udp)/'").exit_status == 0
end

Public Instance Methods

missing_requirements(protocol) click to toggle source
# File lib/inspec/resources/host.rb, line 161
def missing_requirements(protocol)
  missing = []

  if %w{tcp udp}.include?(protocol) && !@has_nc && !@has_ncat
    if @has_net_redirections
      missing << "#{timeout} (part of coreutils) or netcat must be installed" unless inspec.command(timeout).exist?
    else
      missing << "netcat must be installed"
    end
  end

  missing
end
netcat_check_command(hostname, port, protocol) click to toggle source
# File lib/inspec/resources/host.rb, line 194
def netcat_check_command(hostname, port, protocol)
  if @has_nc
    base_cmd = "nc"
  elsif @has_ncat
    base_cmd = "ncat"
  else
    return
  end

  if protocol == "udp"
    extra_flags = "-u"
  else
    extra_flags = ""
  end

  "echo | #{base_cmd} -v -w 1 #{extra_flags} #{hostname} #{port}"
end
ping(hostname, port, protocol) click to toggle source
# File lib/inspec/resources/host.rb, line 175
def ping(hostname, port, protocol)
  if %w{tcp udp}.include?(protocol)
    if @has_nc || @has_ncat
      resp = inspec.command(netcat_check_command(hostname, port, protocol))
    else
      resp = inspec.command("#{timeout} 1 bash -c \"< /dev/#{protocol}/#{hostname}/#{port}\"")
    end
  else
    # fall back to ping, but we can only test ICMP packages with ping
    resp = inspec.command("ping -w 1 -c 1 #{hostname}")
  end

  {
    success: resp.exit_status.to_i == 0,
    connection: resp.stderr,
    socket: resp.stdout,
  }
end
resolve_with_dig(hostname) click to toggle source
# File lib/inspec/resources/host.rb, line 216
def resolve_with_dig(hostname)
  addresses = []

  # look for IPv4 addresses
  cmd = inspec.command("dig +short A #{hostname}")
  cmd.stdout.lines.each do |line|
    matched = line.chomp.match(Resolv::IPv4::Regex)
    addresses << matched.to_s unless matched.nil?
  end

  # look for IPv6 addresses
  cmd = inspec.command("dig +short AAAA #{hostname}")
  cmd.stdout.lines.each do |line|
    matched = line.chomp.match(Resolv::IPv6::Regex)
    addresses << matched.to_s unless matched.nil?
  end

  addresses.empty? ? nil : addresses
end
resolve_with_getent(hostname) click to toggle source
# File lib/inspec/resources/host.rb, line 236
def resolve_with_getent(hostname)
  cmd = inspec.command("getent ahosts #{hostname}")
  return nil unless cmd.exit_status.to_i == 0

  # getent ahosts output is formatted like so:
  # $ getent ahosts www.google.com
  # 172.217.8.4     STREAM www.google.com
  # 172.217.8.4     DGRAM
  # 172.217.8.4     RAW
  # 2607:f8b0:4004:803::2004 STREAM
  # 2607:f8b0:4004:803::2004 DGRAM
  # 2607:f8b0:4004:803::2004 RAW
  addresses = []
  cmd.stdout.lines.each do |line|
    ip, = line.split(/\s+/, 2)
    next unless ip.match(Resolv::IPv4::Regex) || ip.match(Resolv::IPv6::Regex)

    addresses << ip unless addresses.include?(ip)
  end

  addresses
end
timeout() click to toggle source
# File lib/inspec/resources/host.rb, line 212
def timeout
  "timeout"
end