class Inspec::Resources::MysqlSession

Public Class Methods

new(user = nil, pass = nil, host = "localhost", port = nil, socket = nil) click to toggle source
# File lib/inspec/resources/mysql_session.rb, line 40
def initialize(user = nil, pass = nil, host = "localhost", port = nil, socket = nil)
  @user = user
  @pass = pass
  @host = host
  @port = port
  @socket = socket
  init_fallback if user.nil? || pass.nil?
  raise Inspec::Exceptions::ResourceFailed, "Can't run MySQL SQL checks without authentication." if @user.nil? || @pass.nil?

  test_connection
end

Public Instance Methods

query(q, db = "") click to toggle source
# File lib/inspec/resources/mysql_session.rb, line 52
def query(q, db = "")
  raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?

  mysql_cmd = create_mysql_cmd(q, db)
  cmd = if !@pass.nil?
          inspec.command(mysql_cmd, redact_regex: /(mysql -u\w+ -p).+(\s-(h|S).*)/)
        else
          inspec.command(mysql_cmd)
        end
  out = cmd.stdout + "\n" + cmd.stderr
  if cmd.exit_status != 0 || out =~ /Can't connect to .* MySQL server/ || out.downcase =~ /^error:.*/
    raise Inspec::Exceptions::ResourceFailed, "MySQL query with errors: #{out}"
  else
    Lines.new(cmd.stdout.strip, "MySQL query: #{q}", cmd.exit_status)
  end
end
to_s() click to toggle source
# File lib/inspec/resources/mysql_session.rb, line 69
def to_s
  "MySQL Session"
end

Private Instance Methods

create_mysql_cmd(q, db = "") click to toggle source
# File lib/inspec/resources/mysql_session.rb, line 85
def create_mysql_cmd(q, db = "")
  # TODO: simple escape, must be handled by a library
  # that does this securely
  escaped_query = q.gsub(/\\/, "\\\\").gsub(/"/, '\\"').gsub(/\$/, '\\$')

  # construct the query
  command = "mysql"
  command += " -u#{escape_string(@user)}" unless @user.nil?
  command += " -p#{escape_string(@pass)}" unless @pass.nil?

  if !@socket.nil?
    command += " -S #{@socket}"
  else
    command += " -h #{@host}"
  end
  command += " --port #{@port}" unless @port.nil?
  command += " #{db}" unless db.empty?
  command += %{ -s -e "#{escaped_query}"}
  command
end
escape_string(query) click to toggle source
# File lib/inspec/resources/mysql_session.rb, line 81
def escape_string(query)
  Shellwords.escape(query)
end
init_fallback() click to toggle source
# File lib/inspec/resources/mysql_session.rb, line 106
def init_fallback
  # support debian mysql administration login
  return if inspec.platform.in_family?("windows")

  debian = inspec.command("test -f /etc/mysql/debian.cnf && cat /etc/mysql/debian.cnf").stdout
  return if debian.empty?

  user = debian.match(/^\s*user\s*=\s*([^ ]*)\s*$/)
  pass = debian.match(/^\s*password\s*=\s*([^ ]*)\s*$/)
  return if user.nil? || pass.nil?

  @user = user[1]
  @pass = pass[1]
end
test_connection() click to toggle source

Querying on the database to make sure conneciton can be established. If not this will set the resource exception message which we raise before querying on the database using mysql_session object.

# File lib/inspec/resources/mysql_session.rb, line 77
def test_connection
  query("select now()")
end