class Inspec::Resources::SecurityIdentifier

Public Class Methods

new(opts = {}) click to toggle source
# File lib/inspec/resources/security_identifier.rb, line 17
def initialize(opts = {})
  supported_opt_keys = %i{user group unspecified}
  raise ArgumentError, "Invalid security_identifier param '#{opts}'. Please pass a hash with these supported keys: #{supported_opt_keys}" unless opts.respond_to?(:keys)
  raise ArgumentError, "Unsupported security_identifier options '#{opts.keys - supported_opt_keys}'. Supported keys: #[supported_opt_keys]" unless (opts.keys - supported_opt_keys).empty?
  raise ArgumentError, "Specifying more than one of :user :group or :unspecified for security_identifier is not supported" unless opts.keys && (opts.keys & supported_opt_keys).length == 1

  if opts[:user]
    @type = :user
    @name = opts[:user]
  end
  if opts[:group]
    @type = :group
    @name = opts[:group]
  end
  if opts[:unspecified]
    @type = :unspecified
    @name = opts[:unspecified]
  end
  raise ArgumentError, "Specify one of :user :group or :unspecified for security_identifier" unless @name

  @sids = nil
end

Public Instance Methods

exist?() click to toggle source
# File lib/inspec/resources/security_identifier.rb, line 45
def exist?
  fetch_sids unless @sids
  @sids.key?(@name)
end
sid() click to toggle source
# File lib/inspec/resources/security_identifier.rb, line 40
def sid
  fetch_sids unless @sids
  @sids[@name] # nil if not found
end
to_s() click to toggle source
# File lib/inspec/resources/security_identifier.rb, line 50
def to_s
  "Security Identifier"
end

Private Instance Methods

cim_results(type) click to toggle source
# File lib/inspec/resources/security_identifier.rb, line 75
def cim_results(type)
  case type
  when :group
    cmd = "Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID | Where-Object { $_.Name -eq '#{@name}' -and { $_.SIDType -eq 4 -or $_.SIDType -eq 5 } } | ConvertTo-Csv -NoTypeInformation"
  when :user
    cmd = "Get-CimInstance -ClassName Win32_Account | Select-Object -Property Domain, Name, SID, SIDType | Where-Object { $_.Name -eq '#{@name}' -and $_.SIDType -eq 1 } | ConvertTo-Csv -NoTypeInformation"
  end
  inspec.command(cmd).stdout.strip.gsub("\"", "").tr("\r", "").split("\n")[1..-1].map { |entry| entry.split(",") }
end
fetch_sids() click to toggle source
# File lib/inspec/resources/security_identifier.rb, line 56
def fetch_sids
  @sids = {}
  case @type
  when :group
    sid_data = cim_results(:group)
  when :user
    sid_data = cim_results(:user)
  when :unspecified
    # try group first, then user
    sid_data = cim_results(:group)
    if sid_data.empty?
      sid_data = cim_results(:user)
    end
  else
    raise "Unhandled entity type '#{@type}'"
  end
  sid_data.each { |sid| @sids[sid[1]] = sid[2] }
end