class Inspec::Resources::OracledbSession

STABILITY: Experimental This resource needs further testing and refinement

Attributes

bin[R]
db_role[R]
host[R]
password[R]
port[R]
service[R]
su_user[R]
user[R]

Public Class Methods

new(opts = {}) click to toggle source
# File lib/inspec/resources/oracledb_session.rb, line 25
def initialize(opts = {})
  @user = opts[:user]
  @password = opts[:password] || opts[:pass]
  if opts[:pass]
    Inspec.deprecate(:oracledb_session_pass_option, "The oracledb_session `pass` option is deprecated. Please use `password`.")
  end

  @bin = "sqlplus"
  @host = opts[:host] || "localhost"
  @port = opts[:port] || "1521"
  @service = opts[:service]
  @su_user = opts[:as_os_user]
  @db_role = opts[:as_db_role]
  @sqlcl_bin = opts[:sqlcl_bin] || nil
  @sqlplus_bin = opts[:sqlplus_bin] || "sqlplus"
  skip_resource "Option 'as_os_user' not available in Windows" if inspec.os.windows? && su_user
  fail_resource "Can't run Oracle checks without authentication" unless su_user || (user || password)
end

Public Instance Methods

query(sql) click to toggle source
# File lib/inspec/resources/oracledb_session.rb, line 44
def query(sql)
  raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?

  if @sqlcl_bin && inspec.command(@sqlcl_bin).exist?
    @bin = @sqlcl_bin
    format_options = "set sqlformat csv\nSET FEEDBACK OFF"
  else
    @bin = "#{@sqlplus_bin} -S"
    format_options = "SET PAGESIZE 32000\nSET FEEDBACK OFF\nSET UNDERLINE OFF"
  end

  command = command_builder(format_options, sql)
  inspec_cmd = inspec.command(command)
  out = inspec_cmd.stdout + "\n" + inspec_cmd.stderr

  if inspec_cmd.exit_status != 0 || !inspec_cmd.stderr.empty? || out.downcase =~ /^error.*/
    raise Inspec::Exceptions::ResourceFailed, "Oracle query with errors: #{out}"
  else
    begin
      DatabaseHelper::SQLQueryResult.new(inspec_cmd, parse_csv_result(inspec_cmd.stdout))
    rescue
      raise Inspec::Exceptions::ResourceFailed, "Oracle query with errors: #{out}"
    end
  end
end
to_s() click to toggle source
# File lib/inspec/resources/oracledb_session.rb, line 70
def to_s
  "Oracle Session"
end

Private Instance Methods

command_builder(format_options, query) click to toggle source

3 commands regular user password using a db_role su, using a db_role

# File lib/inspec/resources/oracledb_session.rb, line 80
def command_builder(format_options, query)
  verified_query = verify_query(query)
  sql_prefix, sql_postfix = "", ""
  if inspec.os.windows?
    sql_prefix = %{@'\n#{format_options}\n#{verified_query}\nEXIT\n'@ | }
  else
    sql_postfix = %{ <<'EOC'\n#{format_options}\n#{verified_query}\nEXIT\nEOC}
  end

  if @db_role.nil?
    "#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service}#{sql_postfix}"
  elsif @su_user.nil?
    "#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service} as #{@db_role}#{sql_postfix}"
  else
    "su - #{@su_user} -c env ORACLE_SID=#{@service} #{@bin} / as #{@db_role}#{sql_postfix}"
  end
end
parse_csv_result(stdout) click to toggle source
# File lib/inspec/resources/oracledb_session.rb, line 103
def parse_csv_result(stdout)
  output = stdout.sub(/\r/, "").strip
  converter = ->(header) { header.downcase }
  CSV.parse(output, headers: true, header_converters: converter).map { |row| Hashie::Mash.new(row.to_h) }
end
verify_query(query) click to toggle source
# File lib/inspec/resources/oracledb_session.rb, line 98
def verify_query(query)
  query += ";" unless query.strip.end_with?(";")
  query
end