API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 16th, 2019
132
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.33 KB | None | 0 0
raw download clone embed print report
  1. ## First hand experience with the waivers support in inspec v4.17.7
  2.  
  3. **myprofile1/controls/profile1.rb**
  4.  
  5. ```ruby
  6. control 'pro1-con1' do
  7. impact 0.8
  8. title 'Profile 1 - Control 1'
  9. describe file('/etc/hosts11111') do
  10. its('mode') { should eq 0644 }
  11. end
  12. end
  13.  
  14. control 'pro1-con2' do
  15. impact 0.9
  16. title 'Profile 1 - Control 2'
  17. tag 'password'
  18. describe file('/etc/222222') do
  19. it { should exist }
  20. end
  21. only_if { 1 == 2 }
  22. end
  23.  
  24. control 'pro1-con3' do
  25. impact 1
  26. title 'Profile 1 - Control 3'
  27. describe file('/tmp/33333') do
  28. it { should exist }
  29. end
  30. describe file('/etc/44444') do
  31. it { should exist }
  32. end
  33. end
  34.  
  35. control 'pro1-con4' do
  36. impact 0.9
  37. title 'Profile 1 - Control 4'
  38. describe file('/etc/4-1') do
  39. it { should exist }
  40. end
  41. describe file('/etc/4-2') do
  42. it { should exist }
  43. end
  44. end
  45.  
  46. control 'pro1-con5' do
  47. impact 0.9
  48. title 'Profile 1 - Control 5'
  49. describe file('/etc/55555555') do
  50. it { should exist }
  51. end
  52. end
  53.  
  54. ```
  55.  
  56. -------
  57.  
  58. **waivers.yaml**
  59. ```yaml
  60. pro1-con1:
  61. justification: Sound reasoning
  62. skip: no
  63.  
  64. pro1-con2:
  65. justification: Sheer cleverness
  66. skip: no
  67.  
  68. pro1-con3:
  69. expiration_date: 1977-06-01
  70. justification: Necessity
  71. skip: yes
  72.  
  73. pro1-con4:
  74. expiration_date: 2025-06-01
  75. justification: Whimsy
  76. skip: yes
  77. ```
  78.  
  79. ------
  80.  
  81. **json output for inspec v4.17.7**
  82.  
  83. ```bash
  84. inspec exec ~/git/myprofile1 --waiver-file ~/git/waivers.yaml --reporter json-automate | jq .
  85. ```
  86.  
  87. ```json
  88. {
  89. "platform": {
  90. "name": "mac_os_x",
  91. "release": "17.7.0"
  92. },
  93. "profiles": [
  94. {
  95. "name": "myprofile1",
  96. "version": "1.0.1",
  97. "sha256": "447542ecfb8a8800ed0146039da3af8fed047f575f6037cfba75f3b664a97ea4",
  98. "title": "My Profile 1 title",
  99. "maintainer": "Demo, Inc.",
  100. "summary": "My Profile 1 summary",
  101. "license": "Apache-2.0",
  102. "copyright": "Demo, Inc.",
  103. "copyright_email": "support@example.com",
  104. "supports": [],
  105. "attributes": [],
  106. "groups": [
  107. {
  108. "id": "controls/profile1.rb",
  109. "controls": [
  110. "pro1-con1",
  111. "pro1-con2",
  112. "pro1-con3",
  113. "pro1-con4",
  114. "pro1-con5"
  115. ]
  116. }
  117. ],
  118. "controls": [
  119. {
  120. "id": "pro1-con1",
  121. "title": "Profile 1 - Control 1",
  122. "desc": null,
  123. "descriptions": [],
  124. "impact": 0.8,
  125. "refs": [],
  126. "tags": {},
  127. "code": "control 'pro1-con1' do\n impact 0.8\n title 'Profile 1 - Control 1'\n describe file('/etc/hosts11111') do\n its('mode') { should eq 0644 }\n end\nend\n",
  128. "source_location": {
  129. "line": 1,
  130. "ref": "/Users/apop/git/mycompliance-profile/myprofile1/controls/profile1.rb"
  131. },
  132. "results": [
  133. {
  134. "status": "failed",
  135. "code_desc": "File /etc/hosts11111 mode should eq 420",
  136. "run_time": 0.032021,
  137. "start_time": "2019-10-04T20:49:22+01:00",
  138. "message": "\nexpected: 420\n got: nil\n\n(compared using ==)\n",
  139. "waiver_data": {
  140. "justification": "Sound reasoning",
  141. "skip": false,
  142. "skipped_due_to_waiver": false,
  143. "message": ""
  144. }
  145. }
  146. ]
  147. },
  148. {
  149. "id": "pro1-con2",
  150. "title": "Profile 1 - Control 2",
  151. "desc": null,
  152. "descriptions": [],
  153. "impact": 0.9,
  154. "refs": [],
  155. "tags": {
  156. "password": null
  157. },
  158. "code": "control 'pro1-con2' do\n impact 0.9\n title 'Profile 1 - Control 2'\n tag 'password'\n describe file('/etc/222222') do\n it { should exist }\n end\n only_if { 1 == 2 }\nend\n",
  159. "source_location": {
  160. "line": 9,
  161. "ref": "/Users/apop/git/mycompliance-profile/myprofile1/controls/profile1.rb"
  162. },
  163. "results": [
  164. {
  165. "status": "skipped",
  166. "code_desc": "Operating System Detection",
  167. "run_time": 9e-06,
  168. "start_time": "2019-10-04T20:49:22+01:00",
  169. "resource": "Operating System Detection",
  170. "skip_message": "Skipped control due to only_if condition.",
  171. "waiver_data": {
  172. "justification": "Sheer cleverness",
  173. "skip": false,
  174. "skipped_due_to_waiver": false,
  175. "message": ""
  176. }
  177. }
  178. ]
  179. },
  180. {
  181. "id": "pro1-con3",
  182. "title": "Profile 1 - Control 3",
  183. "desc": null,
  184. "descriptions": [],
  185. "impact": 1,
  186. "refs": [],
  187. "tags": {},
  188. "code": "control 'pro1-con3' do\n impact 1\n title 'Profile 1 - Control 3'\n describe file('/tmp/33333') do\n it { should exist }\n end\n describe file('/etc/44444') do\n it { should exist }\n end\nend\n",
  189. "source_location": {
  190. "line": 19,
  191. "ref": "/Users/apop/git/mycompliance-profile/myprofile1/controls/profile1.rb"
  192. },
  193. "results": [
  194. {
  195. "status": "failed",
  196. "code_desc": "File /tmp/33333 should exist",
  197. "run_time": 0.002398,
  198. "start_time": "2019-10-04T20:49:22+01:00",
  199. "message": "expected File /tmp/33333 to exist",
  200. "waiver_data": {
  201. "expiration_date": "1977-06-01",
  202. "justification": "Necessity",
  203. "skip": true,
  204. "skipped_due_to_waiver": false,
  205. "message": "Waiver expired on 1977-06-01, evaluating control normally"
  206. }
  207. },
  208. {
  209. "status": "failed",
  210. "code_desc": "File /etc/44444 should exist",
  211. "run_time": 0.000871,
  212. "start_time": "2019-10-04T20:49:22+01:00",
  213. "message": "expected File /etc/44444 to exist",
  214. "waiver_data": {
  215. "expiration_date": "1977-06-01",
  216. "justification": "Necessity",
  217. "skip": true,
  218. "skipped_due_to_waiver": false,
  219. "message": "Waiver expired on 1977-06-01, evaluating control normally"
  220. }
  221. }
  222. ]
  223. },
  224. {
  225. "id": "pro1-con4",
  226. "title": "Profile 1 - Control 4",
  227. "desc": null,
  228. "descriptions": [],
  229. "impact": 0.9,
  230. "refs": [],
  231. "tags": {},
  232. "code": "control 'pro1-con4' do\n impact 0.9\n title 'Profile 1 - Control 4'\n describe file('/etc/4-1') do\n it { should exist }\n end\n describe file('/etc/4-2') do\n it { should exist }\n end\nend\n",
  233. "source_location": {
  234. "line": 30,
  235. "ref": "/Users/apop/git/mycompliance-profile/myprofile1/controls/profile1.rb"
  236. },
  237. "results": [
  238. {
  239. "status": "skipped",
  240. "code_desc": "Operating System Detection",
  241. "run_time": 7e-06,
  242. "start_time": "2019-10-04T20:49:22+01:00",
  243. "resource": "Operating System Detection",
  244. "skip_message": "Skipped control due to waiver condition: Whimsy",
  245. "waiver_data": {
  246. "expiration_date": "2025-06-01",
  247. "justification": "Whimsy",
  248. "skip": true,
  249. "skipped_due_to_waiver": true,
  250. "message": ""
  251. }
  252. }
  253. ]
  254. },
  255. {
  256. "id": "pro1-con5",
  257. "title": "Profile 1 - Control 5",
  258. "desc": null,
  259. "descriptions": [],
  260. "impact": 0.9,
  261. "refs": [],
  262. "tags": {},
  263. "code": "control 'pro1-con5' do\n impact 0.9\n title 'Profile 1 - Control 5'\n describe file('/etc/55555555') do\n it { should exist }\n end\nend\n",
  264. "source_location": {
  265. "line": 41,
  266. "ref": "/Users/apop/git/mycompliance-profile/myprofile1/controls/profile1.rb"
  267. },
  268. "results": [
  269. {
  270. "status": "failed",
  271. "code_desc": "File /etc/55555555 should exist",
  272. "run_time": 0.000189,
  273. "start_time": "2019-10-04T20:49:22+01:00",
  274. "message": "expected File /etc/55555555 to exist"
  275. }
  276. ]
  277. }
  278. ],
  279. "status": "loaded"
  280. }
  281. ],
  282. "statistics": {
  283. "duration": 0.040207
  284. },
  285. "version": "4.17.7"
  286. }
  287. ```
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!