cookstyle 7.27.0 → 7.28.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 897bcf0f8e234120fb9cfcb1077210e70fbe23e1fb82bde3d7eac7a549eee3ec
4
- data.tar.gz: 15a3664f0d54c8b1c4404d4c21d000d328090fc73280ee888819b8d6f1a8625b
3
+ metadata.gz: 205f14a7f600dc2fe712e9407e16165b72cadab5624913efba78a6f0748f65ae
4
+ data.tar.gz: c03813392f90967e5036e49a8886d6c1b7e31ea7319da75c12008d3a01c635f8
5
5
  SHA512:
6
- metadata.gz: 7d8ea69d16659e4fdb8c13a33cffd486321f44b9040d308702f3018c4ab4372becd941701bbf21127d6bd5db3b35b235a9295d12a2c7276a33b17e41a2066366
7
- data.tar.gz: afcf222bfddc0bdc6816b0221beb4a975f9d215e36a809a32af45ea1ccd1dbda2c31eb5ebbd5f2fbd9e253b4dce84ed8ad6c5a43cf105f77626f8b48a07af228
6
+ metadata.gz: 6f7f8c8c719dbb83b740882be2f247250c95fb7f330a82a0cf8d7b5b96fa7071ca7b55761a8a599ac4801f2c75eb403f64c04bde4245f31fc12b8f753418d3f5
7
+ data.tar.gz: 8a32adeedb7654948337162eeb9a8c660f66ab13655ec537aa584b15a156f726130f16630dddb2f1fa0169d10e5dd4a84b7353392591431490f12129ed0245c4
data/config/cookstyle.yml CHANGED
@@ -514,6 +514,16 @@ Chef/Correctness/InvalidCookbookName:
514
514
  Include:
515
515
  - '**/metadata.rb'
516
516
 
517
+ Chef/Correctness/InvalidNotificationResource:
518
+ Description: The resource to notify when calling `notifies` or `subscribes` must be a string.
519
+ StyleGuide: 'chef_correctness_invalidnotificationresource'
520
+ Enabled: true
521
+ VersionAdded: '7.28'
522
+ Exclude:
523
+ - '**/attributes/*.rb'
524
+ - '**/metadata.rb'
525
+ - '**/Berksfile'
526
+
517
527
  ###############################
518
528
  # Chef/Sharing: Issues that prevent sharing code with other teams or with the Chef community in general
519
529
  ###############################
@@ -2289,6 +2299,24 @@ InSpec/Deprecations/AttributeDefault:
2289
2299
  Include:
2290
2300
  - '**/controls/*.rb'
2291
2301
 
2302
+ #### Security Cops
2303
+
2304
+ Chef/Security:
2305
+ StyleGuideBaseURL: https://docs.chef.io/workstation/cookstyle/
2306
+
2307
+ Chef/Security/ :
2308
+ Description: Do not include plain text SSH private keys in your cookbook code. This sensitive data should be fetched from secrets management systems so that secrets are not uploaded in plain text to the Chef Infra Server or committed to source control systems.
2309
+ StyleGuide: 'chef_security_sshprivatekey'
2310
+ Enabled: true
2311
+ VersionAdded: '7.28'
2312
+ Include:
2313
+ - '**/libraries/*.rb'
2314
+ - '**/resources/*.rb'
2315
+ - '**/providers/*.rb'
2316
+ - '**/recipes/*.rb'
2317
+ - '**/attributes/*.rb'
2318
+ - '**/definitions/*.rb'
2319
+
2292
2320
  #### The base rubocop 0.37 enabled.yml file we started with ####
2293
2321
 
2294
2322
  Layout/AccessModifierIndentation:
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
  module Cookstyle
3
- VERSION = "7.27.0" # rubocop: disable Style/StringLiterals
3
+ VERSION = "7.28.2" # rubocop: disable Style/StringLiterals
4
4
  RUBOCOP_VERSION = '1.24.1'
5
5
  end
@@ -0,0 +1,59 @@
1
+ # frozen_string_literal: true
2
+ #
3
+ # Copyright:: 2022, Chef Software, Inc.
4
+ # Author:: Tim Smith (<tsmith@chef.io>)
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+ module RuboCop
19
+ module Cop
20
+ module Chef
21
+ module Correctness
22
+ # The resource to notify when calling `notifies` or `subscribes` must be a string.
23
+ #
24
+ # @example
25
+ #
26
+ # #### incorrect
27
+ #
28
+ # template '/etc/www/configures-apache.conf' do
29
+ # notifies :restart, service['apache'], :immediately
30
+ # end
31
+ #
32
+ # template '/etc/www/configures-apache.conf' do
33
+ # notifies :restart, service[apache], :immediately
34
+ # end
35
+ #
36
+ # #### correct
37
+ #
38
+ # template '/etc/www/configures-apache.conf' do
39
+ # notifies :restart, 'service[apache]', :immediately
40
+ # end
41
+ #
42
+ class InvalidNotificationResource < Base
43
+ MSG = 'The resource to notify when calling `notifies` or `subscribes` must be a string.'
44
+ RESTRICT_ON_SEND = [:notifies, :subscribes].freeze
45
+
46
+ def_node_matcher :invalid_notification?, <<-PATTERN
47
+ (send nil? {:notifies :subscribes} (sym _) $(send (send nil? _) :[] ...) ...)
48
+ PATTERN
49
+
50
+ def on_send(node)
51
+ invalid_notification?(node) do |resource|
52
+ add_offense(resource, message: MSG, severity: :refactor)
53
+ end
54
+ end
55
+ end
56
+ end
57
+ end
58
+ end
59
+ end
@@ -0,0 +1,49 @@
1
+ # frozen_string_literal: true
2
+ #
3
+ # Copyright:: 2021-2022, Chef Software, Inc.
4
+ # Author:: Tim Smith (<tsmith@chef.io>)
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+ module RuboCop
19
+ module Cop
20
+ module Chef
21
+ module Security
22
+ # Do not include plain text SSH private keys in your cookbook code. This sensitive data should be fetched from secrets management systems so that secrets are not uploaded in plain text to the Chef Infra Server or committed to source control systems.
23
+ #
24
+ # @example
25
+ #
26
+ # #### incorrect
27
+ # file '/Users/bob_bobberson/.ssh/id_rsa' do
28
+ # content '-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----'
29
+ # mode '600'
30
+ # end
31
+ #
32
+ class SshPrivateKey < Base
33
+ MSG = 'Do not include plain text SSH private keys in your cookbook code. This sensitive data should be fetched from secrets management systems so that secrets are not uploaded in plain text to the Chef Infra Server or committed to source control systems.'
34
+
35
+ def on_send(node)
36
+ return unless node.arguments?
37
+ node.arguments.each do |arg|
38
+ next unless arg.str_type? || arg.dstr_type?
39
+
40
+ if arg.value.start_with?('-----BEGIN RSA PRIVATE', '-----BEGIN EC PRIVATE') # cookstyle: disable Chef/Security/SshPrivateKey
41
+ add_offense(node, message: MSG, severity: :warning)
42
+ end
43
+ end
44
+ end
45
+ end
46
+ end
47
+ end
48
+ end
49
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cookstyle
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.27.0
4
+ version: 7.28.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Thom May
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2022-01-13 00:00:00.000000000 Z
12
+ date: 2022-01-14 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rubocop
@@ -57,6 +57,7 @@ files:
57
57
  - lib/rubocop/cop/chef/correctness/incorrect_library_injection.rb
58
58
  - lib/rubocop/cop/chef/correctness/invalid_cookbook_name.rb
59
59
  - lib/rubocop/cop/chef/correctness/invalid_default_action.rb
60
+ - lib/rubocop/cop/chef/correctness/invalid_notification_resource.rb
60
61
  - lib/rubocop/cop/chef/correctness/invalid_notification_timing.rb
61
62
  - lib/rubocop/cop/chef/correctness/invalid_platform_family_helper.rb
62
63
  - lib/rubocop/cop/chef/correctness/invalid_platform_family_values_in_case.rb
@@ -274,6 +275,7 @@ files:
274
275
  - lib/rubocop/cop/chef/redundant/unnecessary_desired_state.rb
275
276
  - lib/rubocop/cop/chef/redundant/unnecessary_name_property.rb
276
277
  - lib/rubocop/cop/chef/redundant/use_create_if_missing.rb
278
+ - lib/rubocop/cop/chef/security/ssh_private_key.rb
277
279
  - lib/rubocop/cop/chef/sharing/default_maintainer_metadata.rb
278
280
  - lib/rubocop/cop/chef/sharing/empty_metadata_field.rb
279
281
  - lib/rubocop/cop/chef/sharing/include_property_descriptions.rb