class Inspec::Resources::OracledbSession
STABILITY: Experimental This resource needs further testing and refinement
Attributes
bin[R]
db_role[R]
host[R]
password[R]
port[R]
service[R]
su_user[R]
user[R]
Public Class Methods
new(opts = {})
click to toggle source
# File lib/inspec/resources/oracledb_session.rb, line 25 def initialize(opts = {}) @user = opts[:user] @password = opts[:password] || opts[:pass] if opts[:pass] Inspec.deprecate(:oracledb_session_pass_option, "The oracledb_session `pass` option is deprecated. Please use `password`.") end @bin = "sqlplus" @host = opts[:host] || "localhost" @port = opts[:port] || "1521" @service = opts[:service] @su_user = opts[:as_os_user] @db_role = opts[:as_db_role] @sqlcl_bin = opts[:sqlcl_bin] || nil @sqlplus_bin = opts[:sqlplus_bin] || "sqlplus" skip_resource "Option 'as_os_user' not available in Windows" if inspec.os.windows? && su_user fail_resource "Can't run Oracle checks without authentication" unless su_user || (user || password) end
Public Instance Methods
query(sql)
click to toggle source
# File lib/inspec/resources/oracledb_session.rb, line 44 def query(sql) raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed? if @sqlcl_bin && inspec.command(@sqlcl_bin).exist? @bin = @sqlcl_bin format_options = "set sqlformat csv\nSET FEEDBACK OFF" else @bin = "#{@sqlplus_bin} -S" format_options = "SET PAGESIZE 32000\nSET FEEDBACK OFF\nSET UNDERLINE OFF" end command = command_builder(format_options, sql) inspec_cmd = inspec.command(command) out = inspec_cmd.stdout + "\n" + inspec_cmd.stderr if inspec_cmd.exit_status != 0 || !inspec_cmd.stderr.empty? || out.downcase =~ /^error.*/ raise Inspec::Exceptions::ResourceFailed, "Oracle query with errors: #{out}" else begin DatabaseHelper::SQLQueryResult.new(inspec_cmd, parse_csv_result(inspec_cmd.stdout)) rescue raise Inspec::Exceptions::ResourceFailed, "Oracle query with errors: #{out}" end end end
to_s()
click to toggle source
# File lib/inspec/resources/oracledb_session.rb, line 70 def to_s "Oracle Session" end
Private Instance Methods
command_builder(format_options, query)
click to toggle source
3 commands regular user password using a db_role
su, using a db_role
# File lib/inspec/resources/oracledb_session.rb, line 80 def command_builder(format_options, query) verified_query = verify_query(query) sql_prefix, sql_postfix = "", "" if inspec.os.windows? sql_prefix = %{@'\n#{format_options}\n#{verified_query}\nEXIT\n'@ | } else sql_postfix = %{ <<'EOC'\n#{format_options}\n#{verified_query}\nEXIT\nEOC} end if @db_role.nil? "#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service}#{sql_postfix}" elsif @su_user.nil? "#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service} as #{@db_role}#{sql_postfix}" else "su - #{@su_user} -c env ORACLE_SID=#{@service} #{@bin} / as #{@db_role}#{sql_postfix}" end end
parse_csv_result(stdout)
click to toggle source
# File lib/inspec/resources/oracledb_session.rb, line 103 def parse_csv_result(stdout) output = stdout.sub(/\r/, "").strip converter = ->(header) { header.downcase } CSV.parse(output, headers: true, header_converters: converter).map { |row| Hashie::Mash.new(row.to_h) } end
verify_query(query)
click to toggle source
# File lib/inspec/resources/oracledb_session.rb, line 98 def verify_query(query) query += ";" unless query.strip.end_with?(";") query end