cookstyle 7.27.0 → 7.28.2
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 205f14a7f600dc2fe712e9407e16165b72cadab5624913efba78a6f0748f65ae
|
|
4
|
+
data.tar.gz: c03813392f90967e5036e49a8886d6c1b7e31ea7319da75c12008d3a01c635f8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6f7f8c8c719dbb83b740882be2f247250c95fb7f330a82a0cf8d7b5b96fa7071ca7b55761a8a599ac4801f2c75eb403f64c04bde4245f31fc12b8f753418d3f5
|
|
7
|
+
data.tar.gz: 8a32adeedb7654948337162eeb9a8c660f66ab13655ec537aa584b15a156f726130f16630dddb2f1fa0169d10e5dd4a84b7353392591431490f12129ed0245c4
|
data/config/cookstyle.yml
CHANGED
|
@@ -514,6 +514,16 @@ Chef/Correctness/InvalidCookbookName:
|
|
|
514
514
|
Include:
|
|
515
515
|
- '**/metadata.rb'
|
|
516
516
|
|
|
517
|
+
Chef/Correctness/InvalidNotificationResource:
|
|
518
|
+
Description: The resource to notify when calling `notifies` or `subscribes` must be a string.
|
|
519
|
+
StyleGuide: 'chef_correctness_invalidnotificationresource'
|
|
520
|
+
Enabled: true
|
|
521
|
+
VersionAdded: '7.28'
|
|
522
|
+
Exclude:
|
|
523
|
+
- '**/attributes/*.rb'
|
|
524
|
+
- '**/metadata.rb'
|
|
525
|
+
- '**/Berksfile'
|
|
526
|
+
|
|
517
527
|
###############################
|
|
518
528
|
# Chef/Sharing: Issues that prevent sharing code with other teams or with the Chef community in general
|
|
519
529
|
###############################
|
|
@@ -2289,6 +2299,24 @@ InSpec/Deprecations/AttributeDefault:
|
|
|
2289
2299
|
Include:
|
|
2290
2300
|
- '**/controls/*.rb'
|
|
2291
2301
|
|
|
2302
|
+
#### Security Cops
|
|
2303
|
+
|
|
2304
|
+
Chef/Security:
|
|
2305
|
+
StyleGuideBaseURL: https://docs.chef.io/workstation/cookstyle/
|
|
2306
|
+
|
|
2307
|
+
Chef/Security/ :
|
|
2308
|
+
Description: Do not include plain text SSH private keys in your cookbook code. This sensitive data should be fetched from secrets management systems so that secrets are not uploaded in plain text to the Chef Infra Server or committed to source control systems.
|
|
2309
|
+
StyleGuide: 'chef_security_sshprivatekey'
|
|
2310
|
+
Enabled: true
|
|
2311
|
+
VersionAdded: '7.28'
|
|
2312
|
+
Include:
|
|
2313
|
+
- '**/libraries/*.rb'
|
|
2314
|
+
- '**/resources/*.rb'
|
|
2315
|
+
- '**/providers/*.rb'
|
|
2316
|
+
- '**/recipes/*.rb'
|
|
2317
|
+
- '**/attributes/*.rb'
|
|
2318
|
+
- '**/definitions/*.rb'
|
|
2319
|
+
|
|
2292
2320
|
#### The base rubocop 0.37 enabled.yml file we started with ####
|
|
2293
2321
|
|
|
2294
2322
|
Layout/AccessModifierIndentation:
|
data/lib/cookstyle/version.rb
CHANGED
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
#
|
|
3
|
+
# Copyright:: 2022, Chef Software, Inc.
|
|
4
|
+
# Author:: Tim Smith (<tsmith@chef.io>)
|
|
5
|
+
#
|
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
7
|
+
# you may not use this file except in compliance with the License.
|
|
8
|
+
# You may obtain a copy of the License at
|
|
9
|
+
#
|
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
|
11
|
+
#
|
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
15
|
+
# See the License for the specific language governing permissions and
|
|
16
|
+
# limitations under the License.
|
|
17
|
+
#
|
|
18
|
+
module RuboCop
|
|
19
|
+
module Cop
|
|
20
|
+
module Chef
|
|
21
|
+
module Correctness
|
|
22
|
+
# The resource to notify when calling `notifies` or `subscribes` must be a string.
|
|
23
|
+
#
|
|
24
|
+
# @example
|
|
25
|
+
#
|
|
26
|
+
# #### incorrect
|
|
27
|
+
#
|
|
28
|
+
# template '/etc/www/configures-apache.conf' do
|
|
29
|
+
# notifies :restart, service['apache'], :immediately
|
|
30
|
+
# end
|
|
31
|
+
#
|
|
32
|
+
# template '/etc/www/configures-apache.conf' do
|
|
33
|
+
# notifies :restart, service[apache], :immediately
|
|
34
|
+
# end
|
|
35
|
+
#
|
|
36
|
+
# #### correct
|
|
37
|
+
#
|
|
38
|
+
# template '/etc/www/configures-apache.conf' do
|
|
39
|
+
# notifies :restart, 'service[apache]', :immediately
|
|
40
|
+
# end
|
|
41
|
+
#
|
|
42
|
+
class InvalidNotificationResource < Base
|
|
43
|
+
MSG = 'The resource to notify when calling `notifies` or `subscribes` must be a string.'
|
|
44
|
+
RESTRICT_ON_SEND = [:notifies, :subscribes].freeze
|
|
45
|
+
|
|
46
|
+
def_node_matcher :invalid_notification?, <<-PATTERN
|
|
47
|
+
(send nil? {:notifies :subscribes} (sym _) $(send (send nil? _) :[] ...) ...)
|
|
48
|
+
PATTERN
|
|
49
|
+
|
|
50
|
+
def on_send(node)
|
|
51
|
+
invalid_notification?(node) do |resource|
|
|
52
|
+
add_offense(resource, message: MSG, severity: :refactor)
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
#
|
|
3
|
+
# Copyright:: 2021-2022, Chef Software, Inc.
|
|
4
|
+
# Author:: Tim Smith (<tsmith@chef.io>)
|
|
5
|
+
#
|
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
7
|
+
# you may not use this file except in compliance with the License.
|
|
8
|
+
# You may obtain a copy of the License at
|
|
9
|
+
#
|
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
|
11
|
+
#
|
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
15
|
+
# See the License for the specific language governing permissions and
|
|
16
|
+
# limitations under the License.
|
|
17
|
+
#
|
|
18
|
+
module RuboCop
|
|
19
|
+
module Cop
|
|
20
|
+
module Chef
|
|
21
|
+
module Security
|
|
22
|
+
# Do not include plain text SSH private keys in your cookbook code. This sensitive data should be fetched from secrets management systems so that secrets are not uploaded in plain text to the Chef Infra Server or committed to source control systems.
|
|
23
|
+
#
|
|
24
|
+
# @example
|
|
25
|
+
#
|
|
26
|
+
# #### incorrect
|
|
27
|
+
# file '/Users/bob_bobberson/.ssh/id_rsa' do
|
|
28
|
+
# content '-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----'
|
|
29
|
+
# mode '600'
|
|
30
|
+
# end
|
|
31
|
+
#
|
|
32
|
+
class SshPrivateKey < Base
|
|
33
|
+
MSG = 'Do not include plain text SSH private keys in your cookbook code. This sensitive data should be fetched from secrets management systems so that secrets are not uploaded in plain text to the Chef Infra Server or committed to source control systems.'
|
|
34
|
+
|
|
35
|
+
def on_send(node)
|
|
36
|
+
return unless node.arguments?
|
|
37
|
+
node.arguments.each do |arg|
|
|
38
|
+
next unless arg.str_type? || arg.dstr_type?
|
|
39
|
+
|
|
40
|
+
if arg.value.start_with?('-----BEGIN RSA PRIVATE', '-----BEGIN EC PRIVATE') # cookstyle: disable Chef/Security/SshPrivateKey
|
|
41
|
+
add_offense(node, message: MSG, severity: :warning)
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cookstyle
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 7.
|
|
4
|
+
version: 7.28.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Thom May
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2022-01-
|
|
12
|
+
date: 2022-01-14 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rubocop
|
|
@@ -57,6 +57,7 @@ files:
|
|
|
57
57
|
- lib/rubocop/cop/chef/correctness/incorrect_library_injection.rb
|
|
58
58
|
- lib/rubocop/cop/chef/correctness/invalid_cookbook_name.rb
|
|
59
59
|
- lib/rubocop/cop/chef/correctness/invalid_default_action.rb
|
|
60
|
+
- lib/rubocop/cop/chef/correctness/invalid_notification_resource.rb
|
|
60
61
|
- lib/rubocop/cop/chef/correctness/invalid_notification_timing.rb
|
|
61
62
|
- lib/rubocop/cop/chef/correctness/invalid_platform_family_helper.rb
|
|
62
63
|
- lib/rubocop/cop/chef/correctness/invalid_platform_family_values_in_case.rb
|
|
@@ -274,6 +275,7 @@ files:
|
|
|
274
275
|
- lib/rubocop/cop/chef/redundant/unnecessary_desired_state.rb
|
|
275
276
|
- lib/rubocop/cop/chef/redundant/unnecessary_name_property.rb
|
|
276
277
|
- lib/rubocop/cop/chef/redundant/use_create_if_missing.rb
|
|
278
|
+
- lib/rubocop/cop/chef/security/ssh_private_key.rb
|
|
277
279
|
- lib/rubocop/cop/chef/sharing/default_maintainer_metadata.rb
|
|
278
280
|
- lib/rubocop/cop/chef/sharing/empty_metadata_field.rb
|
|
279
281
|
- lib/rubocop/cop/chef/sharing/include_property_descriptions.rb
|