improve code style

Author: chris-rock

.rubocop.yml

@@ -0,0 +1,74 @@
+---
+AllCops:
+  Exclude:
+  - Gemfile
+  - Rakefile
+  - 'test/**/*'
+  - 'vendor/**/*'
+Documentation:
+  Enabled: false
+AlignParameters:
+  Enabled: true
+Encoding:
+  Enabled: false
+HashSyntax:
+  Enabled: true
+LineLength:
+  Enabled: false
+EmptyLinesAroundBlockBody:
+  Enabled: false
+MethodLength:
+  Max: 40
+NumericLiterals:
+  MinDigits: 10
+Metrics/CyclomaticComplexity:
+  Max: 10
+Metrics/PerceivedComplexity:
+  Max: 11
+Metrics/AbcSize:
+  Max: 33
+Style/PercentLiteralDelimiters:
+  PreferredDelimiters:
+    '%':  '{}'
+    '%i': ()
+    '%q': '{}'
+    '%Q': ()
+    '%r': '{}'
+    '%s': ()
+    '%w': '{}'
+    '%W': ()
+    '%x': ()
+Style/AlignHash:
+  Enabled: false
+Style/PredicateName:
+  Enabled: false
+Style/ZeroLengthPredicate:
+  Enabled: false
+Style/NumericPredicate:
+  Enabled: false
+Style/ClassAndModuleChildren:
+  Enabled: false
+Style/ConditionalAssignment:
+  Enabled: false
+Style/BracesAroundHashParameters:
+  Enabled: false
+Style/AndOr:
+  Enabled: false
+Style/Not:
+  Enabled: false
+Style/FileName:
+  Enabled: false
+Style/TrailingCommaInLiteral:
+  EnforcedStyleForMultiline: comma
+Style/TrailingCommaInArguments:
+  EnforcedStyleForMultiline: comma
+Style/NegatedIf:
+  Enabled: false
+Style/UnlessElse:
+  Enabled: false
+BlockDelimiters:
+  Enabled: false
+Style/SpaceAroundOperators:
+  Enabled: false
+Style/IfUnlessModifier:
+  Enabled: false

controls/patches.rb

@@ -9,18 +9,18 @@
 
 control 'verify-patches' do
   impact 0.3
-  title "All patches should be installed"
+  title 'Operating system is up-to-date'
   describe linux_update do
-    it { should be_uptodate}
+    it { should be_uptodate }
   end
 end
 
 control 'patches' do
   impact 0.3
-  title "All updates are installed"
+  title 'All operating system updates are installed'
   linux_update.updates.each { |update|
     describe package(update['name']) do
-      its('version') { should eq update['version']}
+      its('version') { should eq update['version'] }
     end
   }
 end

libraries/linux_updates.rb

@@ -16,32 +16,35 @@ class LinuxUpdateManager < Inspec.resource(1)
   def initialize
     if inspec.os.redhat?
       @update_mgmt = RHELUpdateFetcher.new(inspec)
-    else inspec.os.debian?
+    elsif inspec.os.debian?
       @update_mgmt = UbuntuUpdateFetcher.new(inspec)
     end
     return skip_resource 'The `linux_update` resource is not supported on your OS.' if @update_mgmt.nil?
   end
 
   def updates
+    return [] if @update_mgmt.nil?
     u = @update_mgmt.updates
     return [] if u.nil? || u.empty?
     u['available']
   end
 
   def uptodate?
+    return nil if @update_mgmt.nil?
     u = @update_mgmt.updates
     return false if u.nil? || !u['available'].empty?
     true
   end
 
   def packages
+    return [] if @update_mgmt.nil?
     p = @update_mgmt.packages
     return [] if p.nil? || u.empty?
     p['installed']
   end
 
   def to_s
-    "Linux Update"
+    'Linux Update'
   end
 end
 
@@ -62,24 +65,15 @@ def parse_json(script)
     cmd = @inspec.bash(script)
     begin
       JSON.parse(cmd.stdout)
-    rescue JSON::ParserError => e
+    rescue JSON::ParserError => _e
       return []
     end
   end
 end
 
 class UbuntuUpdateFetcher < UpdateFetcher
-  # ubuntu base
-  UBUNTU_BASE = <<-EOH
-#!/bin/sh
-DEBIAN_FRONTEND=noninteractive apt-get update >/dev/null 2>&1
-readlock() { cat /proc/locks | awk '{print $5}' | grep -v ^0 | xargs -I {1} find /proc/{1}/fd -maxdepth 1 -exec readlink {} \\; | grep '^/var/lib/dpkg/lock$'; }
-while test -n "$(readlock)"; do sleep 1; done
-echo " "
-  EOH
-
   def packages
-    ubuntu_packages = UBUNTU_BASE + <<-EOH
+    ubuntu_packages = ubuntu_base + <<-EOH
 echo -n '{"installed":['
 dpkg-query -W -f='${Status}\\t${Package}\\t${Version}\\t${Architecture}\\n' |\\
   grep '^install ok installed\\s' |\\
@@ -90,14 +84,27 @@ def packages
   end
 
   def updates
-    ubuntu_updates = UBUNTU_BASE + <<-EOH
+    ubuntu_updates = ubuntu_base + <<-EOH
 echo -n '{"available":['
 DEBIAN_FRONTEND=noninteractive apt-get upgrade --dry-run | grep Inst | tr -d '[]()' |\\
   awk '{ printf "{\\"name\\":\\""$2"\\",\\"version\\":\\""$4"\\",\\"repo\\":\\""$5"\\",\\"arch\\":\\""$6"\\"}," }' | rev | cut -c 2- | rev | tr -d '\\n'
 echo -n ']}'
 EOH
     parse_json(ubuntu_updates)
   end
+
+  private
+
+  def ubuntu_base
+    base = <<-EOH
+  #!/bin/sh
+  DEBIAN_FRONTEND=noninteractive apt-get update >/dev/null 2>&1
+  readlock() { cat /proc/locks | awk '{print $5}' | grep -v ^0 | xargs -I {1} find /proc/{1}/fd -maxdepth 1 -exec readlink {} \\; | grep '^/var/lib/dpkg/lock$'; }
+  while test -n "$(readlock)"; do sleep 1; done
+  echo " "
+    EOH
+    base
+  end
 end
 
 class RHELUpdateFetcher < UpdateFetcher
@@ -121,15 +128,15 @@ def updates
     cmd = @inspec.bash(rhel_updates)
     unless cmd.exit_status == 0
       # essentially we want https://github.com/chef/inspec/issues/1205
-      STDERR.puts "Could not determine patch status."
+      STDERR.puts 'Could not determine patch status.'
       return nil
     end
 
     first = cmd.stdout.index('{')
     res = cmd.stdout.slice(first, cmd.stdout.size - first)
     begin
       JSON.parse(res)
-    rescue JSON::ParserError => e
+    rescue JSON::ParserError => _e
       return []
     end
   end