class Inspec::Resources::FileResource
TODO: rename file_resource.rb
Attributes
file[R]
mount_options[R]
Public Class Methods
new(path)
click to toggle source
# File lib/inspec/resources/file.rb, line 39 def initialize(path) # select permissions style @perms_provider = select_file_perms_style(inspec.os) @file = inspec.backend.file(path) end
Public Instance Methods
allowed?(permission, opts = {})
click to toggle source
# File lib/inspec/resources/file.rb, line 89 def allowed?(permission, opts = {}) return false unless exist? return skip_resource "`allowed?` is not supported on your OS yet." if @perms_provider.nil? file_permission_granted?(permission, opts[:by], opts[:by_user]) end
contain(*_)
click to toggle source
# File lib/inspec/resources/file.rb, line 64 def contain(*_) raise "Contain is not supported. Please use standard RSpec matchers." end
content()
click to toggle source
# File lib/inspec/resources/file.rb, line 57 def content res = file.content return nil if res.nil? res.force_encoding("utf-8") end
executable?(by_usergroup, by_specific_user)
click to toggle source
# File lib/inspec/resources/file.rb, line 82 def executable?(by_usergroup, by_specific_user) return false unless exist? return skip_resource "`executable?` is not supported on your OS yet." if @perms_provider.nil? file_permission_granted?("execute", by_usergroup, by_specific_user) end
more_permissive_than?(max_mode = nil)
click to toggle source
# File lib/inspec/resources/file.rb, line 138 def more_permissive_than?(max_mode = nil) return nil unless exist? raise ArgumentError, "You must provide a value for the `maximum allowable permission` for the file." if max_mode.nil? raise ArgumentError, "You must provide the `maximum permission target` as a `String`, you provided: " + max_mode.class.to_s unless max_mode.is_a?(String) raise ArgumentError, "The value of the `maximum permission target` should be a valid file mode in 4-digit octal format: for example, `0644` or `0777`" unless /(0)?([0-7])([0-7])([0-7])/.match?(max_mode) # Using the files mode and a few bit-wise calculations we can ensure a # file is no more permisive than desired. # # 1. Calculate the inverse of the desired mode (e.g., 0644) by XOR it with # 0777 (all 1s). We are interested in the bits that are currently 0 since # it indicates that the actual mode is more permissive than the desired mode. # Conversely, we dont care about the bits that are currently 1 because they # cannot be any more permissive and we can safely ignore them. # # 2. Calculate the above result of ANDing the actual mode and the inverse # mode. This will determine if any of the bits that would indicate a more # permissive mode are set in the actual mode. # # 3. If the result is 0000, the files mode is equal # to or less permissive than the desired mode (PASS). Otherwise, the files # mode is more permissive than the desired mode (FAIL). max_mode = max_mode.to_i(8) inv_mode = 0777 ^ max_mode inv_mode & file.mode != 0 end
mounted?(expected_options = nil, identical = false)
click to toggle source
# File lib/inspec/resources/file.rb, line 96 def mounted?(expected_options = nil, identical = false) mounted = file.mounted # return if no additional parameters have been provided return file.mounted? if expected_options.nil? # deprecation warning, this functionality will be removed in future version Inspec.deprecate(:file_resource_be_mounted_matchers, "The file resource `be_mounted.with` and `be_mounted.only_with` matchers are deprecated. Please use the `mount` resource instead") # we cannot read mount data on non-Linux systems return nil unless inspec.os.linux? # parse content if we are on linux @mount_options ||= parse_mount_options(mounted.stdout, true) if identical # check if the options should be identical @mount_options == expected_options else # otherwise compare the selected values @mount_options.contains(expected_options) end end
readable?(by_usergroup, by_specific_user)
click to toggle source
# File lib/inspec/resources/file.rb, line 68 def readable?(by_usergroup, by_specific_user) return false unless exist? return skip_resource "`readable?` is not supported on your OS yet." if @perms_provider.nil? file_permission_granted?("read", by_usergroup, by_specific_user) end
sgid()
click to toggle source
# File lib/inspec/resources/file.rb, line 126 def sgid (mode & 02000) > 0 end
Also aliased as: setgid?
sticky()
click to toggle source
# File lib/inspec/resources/file.rb, line 132 def sticky (mode & 01000) > 0 end
Also aliased as: sticky?
suid()
click to toggle source
# File lib/inspec/resources/file.rb, line 120 def suid (mode & 04000) > 0 end
Also aliased as: setuid?
to_s()
click to toggle source
# File lib/inspec/resources/file.rb, line 166 def to_s if file "File #{source_path}" else "Bad File on %s" % [inspec.backend.class] end end
writable?(by_usergroup, by_specific_user)
click to toggle source
# File lib/inspec/resources/file.rb, line 75 def writable?(by_usergroup, by_specific_user) return false unless exist? return skip_resource "`writable?` is not supported on your OS yet." if @perms_provider.nil? file_permission_granted?("write", by_usergroup, by_specific_user) end
Private Instance Methods
file_permission_granted?(access_type, by_usergroup, by_specific_user)
click to toggle source
# File lib/inspec/resources/file.rb, line 176 def file_permission_granted?(access_type, by_usergroup, by_specific_user) raise "`file_permission_granted?` is not supported on your OS" if @perms_provider.nil? if by_specific_user.nil? || by_specific_user.empty? @perms_provider.check_file_permission_by_mask(file, access_type, by_usergroup, by_specific_user) else @perms_provider.check_file_permission_by_user(access_type, by_specific_user, source_path) end end