class Inspec::Resources::WindowsFirewall
Public Class Methods
new(profile = "Public")
click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 14 def initialize(profile = "Public") @profile = profile @state = {} load_profile_cmd = load_firewall_profile(profile) cmd = inspec.powershell(load_profile_cmd) @state = JSON.load(cmd.stdout) unless cmd.stdout.empty? end
Public Instance Methods
default_inbound_allowed?()
click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 36 def default_inbound_allowed? @state["default_inbound_action"] == "Allow" end
default_outbound_allowed?()
click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 40 def default_outbound_allowed? @state["default_outbound_action"] == "Allow" end
enabled?()
click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 32 def enabled? @state["enabled"] end
exist?()
click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 28 def exist? !@state.empty? end
method_missing(method_name, *arguments, &_block)
click to toggle source
Access to return values from Powershell
via `its(“PROPERTY”)` and `have_PROPERTY “VALUE”`
# File lib/inspec/resources/windows_firewall.rb, line 45 def method_missing(method_name, *arguments, &_block) property = normalize_for_have_access(method_name) if method_name.to_s.start_with? "has_" expected_value = arguments.first respond_to_have(property, expected_value) else access_property(property) end end
respond_to_missing?(method_name, _include_private = false)
click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 56 def respond_to_missing?(method_name, _include_private = false) property = normalize_for_have_access(method_name) @state.key? property end
to_s()
click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 24 def to_s "Windows Firewall (Profile #{@profile})" end
Private Instance Methods
access_property(property)
click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 70 def access_property(property) @state[property] end
load_firewall_profile(profile_name)
click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 78 def load_firewall_profile(profile_name) <<-EOH Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M $profile = Get-NetFirewallProfile -Name "#{profile_name}" $count = @($profile | Get-NetFirewallRule).Count ([PSCustomObject]@{ profile_name = $profile.Name profile = $profile.Profile.ToString() description = $profile.Description enabled = [bool]::Parse($profile.Enabled.ToString()) default_inbound_action = $profile.DefaultInboundAction.ToString() default_outbound_action = $profile.DefaultOutboundAction.ToString() allow_inbound_rules = $profile.AllowInboundRules.ToString() allow_local_firewall_rules = $profile.AllowLocalFirewallRules.ToString() allow_local_ipsec_rules = $profile.AllowLocalIPsecRules.ToString() allow_user_apps = $profile.AllowUserApps.ToString() allow_user_ports = $profile.AllowUserPorts.ToString() allow_unicast_response_to_multicast = $profile.AllowUnicastResponseToMulticast.ToString() notify_on_listen = $profile.NotifyOnListen.ToString() enable_stealth_mode_for_ipsec = $profile.EnableStealthModeForIPsec.ToString() log_max_size_kilobytes = $profile.LogMaxSizeKilobytes log_allowed = $profile.LogAllowed.ToString() log_blocked = $profile.LogBlocked.ToString() log_ignored = $profile.LogIgnored.ToString() num_rules = $count }) | ConvertTo-Json EOH end
normalize_for_have_access(property)
click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 64 def normalize_for_have_access(property) property.to_s .delete_prefix("has_") .delete_suffix("?") end
respond_to_have(property, value)
click to toggle source
# File lib/inspec/resources/windows_firewall.rb, line 74 def respond_to_have(property, value) @state[property] == value end