class Inspec::Resources::WindowsFirewallRule

Public Class Methods

new(name) click to toggle source
# File lib/inspec/resources/windows_firewall_rule.rb, line 17
def initialize(name)
  @name = name
  @state = {}

  query = load_firewall_state(name)
  cmd = inspec.powershell(query)
  @state = JSON.load(cmd.stdout) unless cmd.stdout.empty?
end

Public Instance Methods

allowed?() click to toggle source
# File lib/inspec/resources/windows_firewall_rule.rb, line 38
def allowed?
  @state["action"] == "Allow"
end
enabled?() click to toggle source
# File lib/inspec/resources/windows_firewall_rule.rb, line 34
def enabled?
  @state["enabled"]
end
exist?() click to toggle source
# File lib/inspec/resources/windows_firewall_rule.rb, line 30
def exist?
  !@state.empty?
end
icmp?() click to toggle source
# File lib/inspec/resources/windows_firewall_rule.rb, line 58
def icmp?
  @state["protocol"].start_with? "ICMP"
end
icmpv4?() click to toggle source
# File lib/inspec/resources/windows_firewall_rule.rb, line 62
def icmpv4?
  @state["protocol"] == "ICMPv4"
end
icmpv6?() click to toggle source
# File lib/inspec/resources/windows_firewall_rule.rb, line 66
def icmpv6?
  @state["protocol"] == "ICMPv6"
end
inbound?() click to toggle source
# File lib/inspec/resources/windows_firewall_rule.rb, line 42
def inbound?
  @state["direction"] == "Inbound"
end
method_missing(method_name, *arguments, &_block) click to toggle source

Access to return values from Powershell via `its(“PROPERTY”)` and `have_PROPERTY? “VALUE”`

# File lib/inspec/resources/windows_firewall_rule.rb, line 71
def method_missing(method_name, *arguments, &_block)
  property = normalize_for_have_access(method_name)

  if method_name.to_s.start_with? "has_"
    expected_value = arguments.first
    respond_to_have(property, expected_value)
  else
    access_property(property)
  end
end
outbound?() click to toggle source
# File lib/inspec/resources/windows_firewall_rule.rb, line 46
def outbound?
  ! inbound?
end
respond_to_missing?(method_name, _include_private = false) click to toggle source
# File lib/inspec/resources/windows_firewall_rule.rb, line 82
def respond_to_missing?(method_name, _include_private = false)
  property = normalize_for_have_access(method_name)

  @state.key? property
end
tcp?() click to toggle source
# File lib/inspec/resources/windows_firewall_rule.rb, line 50
def tcp?
  @state["protocol"] == "TCP"
end
to_s() click to toggle source
# File lib/inspec/resources/windows_firewall_rule.rb, line 26
def to_s
  "Windows Firewall Rule #{@name}"
end
udp?() click to toggle source
# File lib/inspec/resources/windows_firewall_rule.rb, line 54
def udp?
  @state["protocol"] == "UDP"
end

Private Instance Methods

access_property(property) click to toggle source
# File lib/inspec/resources/windows_firewall_rule.rb, line 96
def access_property(property)
  @state[property]
end
load_firewall_state(rule_name) click to toggle source

Taken from Chef, but changed `firewall_action` to `action` for consistency @see github.com/chef/chef/blob/master/lib/chef/resource/windows_firewall_rule.rb

# File lib/inspec/resources/windows_firewall_rule.rb, line 106
    def load_firewall_state(rule_name)
      <<-EOH
        Get-TypeData -TypeName System.Array | Remove-TypeData # workaround for PS bug here: https://bit.ly/2SRMQ8M
        $rule = Get-NetFirewallRule -Name "#{rule_name}"
        $addressFilter = $rule | Get-NetFirewallAddressFilter
        $portFilter = $rule | Get-NetFirewallPortFilter
        $applicationFilter = $rule | Get-NetFirewallApplicationFilter
        $serviceFilter = $rule | Get-NetFirewallServiceFilter
        $interfaceTypeFilter = $rule | Get-NetFirewallInterfaceTypeFilter
        ([PSCustomObject]@{
          rule_name = $rule.Name
          description = $rule.Description
          displayname = $rule.DisplayName
          group = $rule.Group
          local_address = $addressFilter.LocalAddress
          local_port = $portFilter.LocalPort
          remote_address = $addressFilter.RemoteAddress
          remote_port = $portFilter.RemotePort
          direction = $rule.Direction.ToString()
          protocol = $portFilter.Protocol
          icmp_type = $portFilter.IcmpType
          action = $rule.Action.ToString()
          profile = $rule.Profile.ToString()
          program = $applicationFilter.Program
          service = $serviceFilter.Service
          interface_type = $interfaceTypeFilter.InterfaceType.ToString()
          enabled = [bool]::Parse($rule.Enabled.ToString())
        }) | ConvertTo-Json
      EOH
    end
normalize_for_have_access(property) click to toggle source
# File lib/inspec/resources/windows_firewall_rule.rb, line 90
def normalize_for_have_access(property)
  property.to_s
    .delete_prefix("has_")
    .delete_suffix("?")
end
respond_to_have(property, value) click to toggle source
# File lib/inspec/resources/windows_firewall_rule.rb, line 100
def respond_to_have(property, value)
  @state[property] == value
end