Merge pull request #6 from dev-sec/chris-rock/lint

improve code style

.rubocop.yml

@@ -0,0 +1,74 @@
+---
+AllCops:
+  Exclude:
+  - Gemfile
+  - Rakefile
+  - 'test/**/*'
+  - 'vendor/**/*'
+Documentation:
+  Enabled: false
+AlignParameters:
+  Enabled: true
+Encoding:
+  Enabled: false
+HashSyntax:
+  Enabled: true
+LineLength:
+  Enabled: false
+EmptyLinesAroundBlockBody:
+  Enabled: false
+MethodLength:
+  Max: 40
+NumericLiterals:
+  MinDigits: 10
+Metrics/CyclomaticComplexity:
+  Max: 10
+Metrics/PerceivedComplexity:
+  Max: 11
+Metrics/AbcSize:
+  Max: 33
+Style/PercentLiteralDelimiters:
+  PreferredDelimiters:
+    '%':  '{}'
+    '%i': ()
+    '%q': '{}'
+    '%Q': ()
+    '%r': '{}'
+    '%s': ()
+    '%w': '{}'
+    '%W': ()
+    '%x': ()
+Style/AlignHash:
+  Enabled: false
+Style/PredicateName:
+  Enabled: false
+Style/ZeroLengthPredicate:
+  Enabled: false
+Style/NumericPredicate:
+  Enabled: false
+Style/ClassAndModuleChildren:
+  Enabled: false
+Style/ConditionalAssignment:
+  Enabled: false
+Style/BracesAroundHashParameters:
+  Enabled: false
+Style/AndOr:
+  Enabled: false
+Style/Not:
+  Enabled: false
+Style/FileName:
+  Enabled: false
+Style/TrailingCommaInLiteral:
+  EnforcedStyleForMultiline: comma
+Style/TrailingCommaInArguments:
+  EnforcedStyleForMultiline: comma
+Style/NegatedIf:
+  Enabled: false
+Style/UnlessElse:
+  Enabled: false
+BlockDelimiters:
+  Enabled: false
+Style/SpaceAroundOperators:
+  Enabled: false
+Style/IfUnlessModifier:
+  Enabled: false

.travis.yml

@@ -0,0 +1,10 @@
+---
+language: ruby
+cache: bundler
+rvm:
+  - 2.0
+  - 2.2
+  - 2.3.1
+
+bundler_args: --without integration
+script: bundle exec rake

Gemfile

@@ -0,0 +1,18 @@
+source 'https://rubygems.org'
+
+gem 'rake'
+gem 'rack', '1.6.4'
+gem 'inspec', '~> 1'
+gem 'rubocop', '~> 0.44.0'
+gem 'highline', '~> 1.6.0'
+
+group :integration do
+  gem 'berkshelf'
+  gem 'kitchen-inspec'
+  gem 'test-kitchen'
+  gem 'kitchen-vagrant'
+end
+
+group :tools do
+  gem 'github_changelog_generator', '~> 1.12.0'
+end

Rakefile

@@ -0,0 +1,40 @@
+#!/usr/bin/env rake
+
+require 'rake/testtask'
+require 'rubocop/rake_task'
+
+# Rubocop
+desc 'Run Rubocop lint checks'
+task :rubocop do
+  RuboCop::RakeTask.new
+end
+
+# lint the project
+desc 'Run robocop linter'
+task lint: [:rubocop]
+
+# run tests
+task default: [:lint, 'test:check']
+
+namespace :test do
+  # run inspec check to verify that the profile is properly configured
+  task :check do
+    dir = File.join(File.dirname(__FILE__))
+    sh("bundle exec inspec check #{dir}")
+  end
+end
+
+# Automatically generate a changelog for this project. Only loaded if
+# the necessary gem is installed.
+# use `rake changelog to=1.2.0`
+begin
+  v = ENV['to']
+  require 'github_changelog_generator/task'
+  GitHubChangelogGenerator::RakeTask.new :changelog do |config|
+    config.future_release = v
+    config.user = 'dev-sec'
+    config.project = 'windows-patch-baseline'
+  end
+rescue LoadError
+  puts '>>>>> GitHub Changelog Generator not loaded, omitting tasks'
+end

controls/patches.rb

@@ -11,23 +11,23 @@
 
 control 'verify-kb' do
   impact 0.3
-  title "All updates should be installed"
+  title 'All updates should be installed'
   describe win_update.all.length do
-    it { should eq 0}
+    it { should eq 0 }
   end
 end
 
 control 'important-count' do
   impact 1.0
-  title "No important updates should be available"
+  title 'No important updates should be available'
   describe win_update.important.length do
-    it { should eq 0}
+    it { should eq 0 }
   end
 end
 
 control 'important-patches' do
   impact 1.0
-  title "All important updates are installed"
+  title 'All important updates are installed'
   win_update.important.each { |update|
     describe update do
       it { should be_installed }
@@ -37,15 +37,15 @@
 
 control 'optional-count' do
   impact 0.3
-  title "No optional updates should be available"
+  title 'No optional updates should be available'
   describe win_update.optional.length do
-    it { should eq 0}
+    it { should eq 0 }
   end
 end
 
 control 'optional-patches' do
   impact 0.3
-  title "All optional updates are installed"
+  title 'All optional updates are installed'
   win_update.optional.each { |update|
     describe update do
       it { should be_installed }

libraries/windows_updates.rb

@@ -35,7 +35,7 @@ def criticality
   end
 
   def installed?
-    return false
+    false
   end
 
   def to_s
@@ -55,28 +55,29 @@ def initialize
 
   # returns all available updates
   def all
-    updates = fetchUpdates
+    updates = fetch_updates
     updates.map { |update| WindowsUpdate.new(update) }
   end
 
   # returns all important updates
   def important
-    updates = fetchUpdates
+    updates = fetch_updates
     updates
       .select { |update|
-        @update_mgmt.isImportant(update)
+        @update_mgmt.important?(update)
+      }.map { |update| # rubocop:disable Style/MultilineBlockChain
+        WindowsUpdate.new(update)
       }
-      .map { |update| WindowsUpdate.new(update) }
   end
 
   # returns all optional updates
   def optional
-    updates = fetchUpdates
-    updates
-      .select { |update|
-        @update_mgmt.isOptional(update)
-      }
-      .map { |update| WindowsUpdate.new(update) }
+    updates = fetch_updates
+    updates.select { |update|
+      @update_mgmt.optional?(update)
+    }.map { |update| # rubocop:disable Style/MultilineBlockChain
+      WindowsUpdate.new(update)
+    }
   end
 
   def reboot_required?
@@ -85,29 +86,31 @@ def reboot_required?
   end
 
   def to_s
-    "Windows Update Services"
+    'Windows Update Services'
   end
 
   # private
 
   # detection for nano server
   # @see https://msdn.microsoft.com/en-us/library/hh846315(v=vs.85).aspx
-  def detect_nano
+  def windows_nano?
     return false unless inspec.os[:release].to_i >= 10
     '1' == inspec.powershell('Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Server\ServerLevels" | Select -ExpandProperty "NanoServer" ').stdout.chomp
   end
 
+  private
+
   def select_update_mgmt
-    if detect_nano
+    if windows_nano?
       WindowsNanoUpdateFetcher.new(inspec)
     else
       Windows2012UpdateFetcher.new(inspec)
     end
   end
 
-  def fetchUpdates
+  def fetch_updates
     return [] if @update_mgmt.nil?
-    @update_mgmt.fetchUpdates
+    @update_mgmt.fetch_updates
   end
 
   def hotfixes
@@ -125,7 +128,7 @@ def hotfixes
     []
   end
 
-  def fetchUpdates
+  def fetch_updates
     []
   end
 end
@@ -134,7 +137,7 @@ class Windows2012UpdateFetcher < UpdateFetcher
   def hotfixes
     return @cache_hotfix_installed if defined?(@cache_hotfix_installed)
 
-    hotfix_cmd = "Get-HotFix | Select-Object -Property Status, Description, HotFixId, Caption, InstallDate, InstalledBy | ConvertTo-Json"
+    hotfix_cmd = 'Get-HotFix | Select-Object -Property Status, Description, HotFixId, Caption, InstallDate, InstalledBy | ConvertTo-Json'
     cmd = @inspec.command(hotfix_cmd)
     begin
       @cache_hotfix_installed = JSON.parse(cmd.stdout)
@@ -143,7 +146,7 @@ def hotfixes
     end
   end
 
-  def fetchUpdates
+  def fetch_updates
     return @cache_available if defined?(@cache_available)
     script = <<-EOH
 $updateSession = new-object -com "Microsoft.Update.Session"
@@ -175,29 +178,29 @@ def fetchUpdates
     end
   end
 
-  def isImportant(update)
-    isSecurityCategory(update['CategoryIDs'])
+  def important?(update)
+    security_category?(update['CategoryIDs'])
   end
 
-  def isOptional(update)
-    !isImportant(update)
+  def optional?(update)
+    !important?(update)
   end
 
   # @see: https://msdn.microsoft.com/en-us/library/ff357803(v=vs.85).aspx
   # e6cf1350-c01b-414d-a61f-263d14d133b4 -> Critical Updates
   # 0fa1201d-4330-4fa8-8ae9-b877473b6441 -> Security Updates
   # 28bc880e-0592-4cbf-8f95-c79b17911d5f -> Update Rollups
   # does not include recommended updates yet
-  def isSecurityCategory(uuids)
+  def security_category?(uuids)
     return if uuids.nil?
     uuids.include?('0fa1201d-4330-4fa8-8ae9-b877473b6441') ||
-    uuids.include?('28bc880e-0592-4cbf-8f95-c79b17911d5f') ||
-    uuids.include?('e6cf1350-c01b-414d-a61f-263d14d133b4')
+      uuids.include?('28bc880e-0592-4cbf-8f95-c79b17911d5f') ||
+      uuids.include?('e6cf1350-c01b-414d-a61f-263d14d133b4')
   end
 end
 
 class WindowsNanoUpdateFetcher < UpdateFetcher
-  def fetchUpdates
+  def fetch_updates
     return @cache_available if defined?(@cache_available)
     script = <<-EOH
 $sess = New-CimInstance -Namespace root/Microsoft/Windows/WindowsUpdate -ClassName MSFT_WUOperationsSession
@@ -224,11 +227,11 @@ def fetchUpdates
     end
   end
 
-  def isImportant(update)
+  def important?(update)
     %w{Important Critical}.include? update['MsrcSeverity']
   end
 
-  def isOptional(update)
-    !isImportant(update)
+  def optional?(update)
+    !important?(update)
   end
 end