class Inspec::Resources::WindowsFirewall

Public Class Methods

new(profile = "Public") click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 14
def initialize(profile = "Public")
  @profile = profile
  @state = {}

  load_profile_cmd = load_firewall_profile(profile)
  cmd = inspec.powershell(load_profile_cmd)

  @state = JSON.load(cmd.stdout) unless cmd.stdout.empty?
end

Public Instance Methods

default_inbound_allowed?() click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 36
def default_inbound_allowed?
  @state["default_inbound_action"] == "Allow"
end
default_outbound_allowed?() click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 40
def default_outbound_allowed?
  @state["default_outbound_action"] == "Allow"
end
enabled?() click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 32
def enabled?
  @state["enabled"]
end
exist?() click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 28
def exist?
  !@state.empty?
end
method_missing(method_name, *arguments, &_block) click to toggle source

Access to return values from Powershell via `its(“PROPERTY”)` and `have_PROPERTY “VALUE”`

# File lib/inspec/resources/windows_firewall.rb, line 45
def method_missing(method_name, *arguments, &_block)
  property = normalize_for_have_access(method_name)

  if method_name.to_s.start_with? "has_"
    expected_value = arguments.first
    respond_to_have(property, expected_value)
  else
    access_property(property)
  end
end
respond_to_missing?(method_name, _include_private = false) click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 56
def respond_to_missing?(method_name, _include_private = false)
  property = normalize_for_have_access(method_name)

  @state.key? property
end
to_s() click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 24
def to_s
  "Windows Firewall (Profile #{@profile})"
end

Private Instance Methods

access_property(property) click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 70
def access_property(property)
  @state[property]
end
load_firewall_profile(profile_name) click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 78
    def load_firewall_profile(profile_name)
      <<-EOH
        Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M
        $profile = Get-NetFirewallProfile -Name "#{profile_name}"
        $count = @($profile | Get-NetFirewallRule).Count
        ([PSCustomObject]@{
          profile_name = $profile.Name
          profile = $profile.Profile.ToString()
          description = $profile.Description
          enabled = [bool]::Parse($profile.Enabled.ToString())
          default_inbound_action = $profile.DefaultInboundAction.ToString()
          default_outbound_action = $profile.DefaultOutboundAction.ToString()

          allow_inbound_rules = $profile.AllowInboundRules.ToString()
          allow_local_firewall_rules = $profile.AllowLocalFirewallRules.ToString()
          allow_local_ipsec_rules = $profile.AllowLocalIPsecRules.ToString()
          allow_user_apps = $profile.AllowUserApps.ToString()
          allow_user_ports = $profile.AllowUserPorts.ToString()
          allow_unicast_response_to_multicast = $profile.AllowUnicastResponseToMulticast.ToString()

          notify_on_listen = $profile.NotifyOnListen.ToString()
          enable_stealth_mode_for_ipsec = $profile.EnableStealthModeForIPsec.ToString()
          log_max_size_kilobytes = $profile.LogMaxSizeKilobytes
          log_allowed = $profile.LogAllowed.ToString()
          log_blocked = $profile.LogBlocked.ToString()
          log_ignored = $profile.LogIgnored.ToString()

          num_rules = $count
        }) | ConvertTo-Json
      EOH
    end
normalize_for_have_access(property) click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 64
def normalize_for_have_access(property)
  property.to_s
    .delete_prefix("has_")
    .delete_suffix("?")
end
respond_to_have(property, value) click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 74
def respond_to_have(property, value)
  @state[property] == value
end