inspecstyle 0.1.2 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +0 -1
- data/Gemfile +1 -0
- data/Gemfile.lock +12 -7
- data/README.md +39 -1
- data/Rakefile +3 -0
- data/config/default.yml +95 -2
- data/doc/RuboCop.html +128 -0
- data/doc/RuboCop/Cop.html +117 -0
- data/doc/RuboCop/Cop/InSpecStyle.html +117 -0
- data/doc/RuboCop/Cop/InSpecStyle/AzureGenericResource.html +249 -0
- data/doc/RuboCop/Cop/InSpecStyle/DeprecatedAttributes.html +310 -0
- data/doc/RuboCop/Cop/InSpecStyle/FirstCop.html +345 -0
- data/doc/RuboCop/InSpecStyle.html +140 -0
- data/doc/RuboCop/InSpecStyle/Error.html +124 -0
- data/doc/RuboCop/InSpecStyle/Inject.html +195 -0
- data/doc/_index.html +211 -0
- data/doc/class_list.html +51 -0
- data/doc/css/common.css +1 -0
- data/doc/css/full_list.css +58 -0
- data/doc/css/style.css +496 -0
- data/doc/file.README.html +131 -0
- data/doc/file_list.html +56 -0
- data/doc/frames.html +17 -0
- data/doc/index.html +131 -0
- data/doc/js/app.js +314 -0
- data/doc/js/full_list.js +216 -0
- data/doc/js/jquery.js +4 -0
- data/doc/method_list.html +99 -0
- data/doc/top-level-namespace.html +110 -0
- data/lib/rubocop/cop/inspecstyle/apache.rb +57 -0
- data/lib/rubocop/cop/inspecstyle/aws_iam_user_property.rb +96 -0
- data/lib/rubocop/cop/inspecstyle/azure_generic_resource.rb +35 -0
- data/lib/rubocop/cop/inspecstyle/deprecated_attributes.rb +16 -16
- data/lib/rubocop/cop/inspecstyle/file_be_mounted.rb +65 -0
- data/lib/rubocop/cop/inspecstyle/file_size.rb +77 -0
- data/lib/rubocop/cop/inspecstyle/host_proto.rb +71 -0
- data/lib/rubocop/cop/inspecstyle/iis_website.rb +36 -0
- data/lib/rubocop/cop/inspecstyle/linux_kernel_parameter.rb +41 -0
- data/lib/rubocop/cop/inspecstyle/mssql_session_pass.rb +59 -0
- data/lib/rubocop/cop/inspecstyle/oracle_db_session_pass.rb +59 -0
- data/lib/rubocop/cop/inspecstyle/ppa_resource.rb +36 -0
- data/lib/rubocop/cop/inspecstyle/processes_list.rb +77 -0
- data/lib/rubocop/cop/inspecstyle/script_resource.rb +48 -0
- data/lib/rubocop/cop/inspecstyle/shadow_properties.rb +83 -0
- data/lib/rubocop/cop/inspecstyle/users_resource_matchers.rb +98 -0
- data/lib/rubocop/cop/inspecstyle/windows_registry_key.rb +36 -0
- data/lib/rubocop/cop/inspecstyle/wmi_wmis_class.rb +37 -0
- data/lib/rubocop/cop/inspecstyle_cops.rb +17 -1
- data/lib/rubocop/inspecstyle/version.rb +1 -1
- data/notes-for-development.md +10 -0
- data/tasks/cops_documentation.rake +300 -0
- metadata +43 -3
- data/lib/rubocop/cop/inspecstyle/first_cop.rb +0 -69
@@ -0,0 +1,41 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module RuboCop
|
4
|
+
module Cop
|
5
|
+
module InSpecStyle
|
6
|
+
# @example EnforcedStyle: InSpecStyle (default)
|
7
|
+
# # linux_kernel_parameter has been deprecated as a resource. Use kernel_parameter instead
|
8
|
+
#
|
9
|
+
class LinuxKernelParameter < Cop
|
10
|
+
MSG = 'Use `kernel_parameter` instead of `linux_kernel_parameter`. '\
|
11
|
+
'This resource will be removed in InSpec 5.'
|
12
|
+
|
13
|
+
def_node_matcher :linux_kernel_parameter?, <<~PATTERN
|
14
|
+
(send nil? :linux_kernel_parameter ...)
|
15
|
+
PATTERN
|
16
|
+
|
17
|
+
def on_send(node)
|
18
|
+
return unless linux_kernel_parameter?(node)
|
19
|
+
|
20
|
+
add_offense(node, location: :selector)
|
21
|
+
end
|
22
|
+
|
23
|
+
def autocorrect(node)
|
24
|
+
lambda do |corrector|
|
25
|
+
corrector.replace(node.loc.selector, preferred_replacement)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
private
|
30
|
+
|
31
|
+
def inside_spec?(root)
|
32
|
+
spec?(root)
|
33
|
+
end
|
34
|
+
|
35
|
+
def preferred_replacement
|
36
|
+
cop_config.fetch('PreferredReplacement')
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
@@ -0,0 +1,59 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Note: highlighting could possibly be better
|
4
|
+
|
5
|
+
module RuboCop
|
6
|
+
module Cop
|
7
|
+
module InSpecStyle
|
8
|
+
#
|
9
|
+
# @example EnforcedStyle: InSpecStyle (default)
|
10
|
+
# # Description of the `bar` style.
|
11
|
+
#
|
12
|
+
# # bad
|
13
|
+
# sql = mssql_session(user: 'my_user', pass: 'password')
|
14
|
+
#
|
15
|
+
# # good
|
16
|
+
# sql = mssql_session(user: 'my_user', password: 'password
|
17
|
+
#
|
18
|
+
class MSSQLSessionPass < Cop
|
19
|
+
include MatchRange
|
20
|
+
MSG = 'Use `:password` instead of `:pass`. This will be removed in '\
|
21
|
+
'InSpec 5'
|
22
|
+
|
23
|
+
def_node_matcher :mssql_session_pass?, <<~PATTERN
|
24
|
+
(send _ :mssql_session
|
25
|
+
(hash
|
26
|
+
...
|
27
|
+
(pair
|
28
|
+
(sym $:pass)
|
29
|
+
...)))
|
30
|
+
PATTERN
|
31
|
+
|
32
|
+
# Getting location was a bit tricky on this one, looking at docs perhaps
|
33
|
+
# convention does allow highlighting an entire line.
|
34
|
+
def on_send(node)
|
35
|
+
return unless result = mssql_session_pass?(node)
|
36
|
+
add_offense(node, message: MSG)
|
37
|
+
end
|
38
|
+
|
39
|
+
def autocorrect(node)
|
40
|
+
lambda do |corrector|
|
41
|
+
corrector.replace(offense_range(node), preferred_replacement)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
private
|
46
|
+
|
47
|
+
def offense_range(node)
|
48
|
+
node.descendants.map do |x|
|
49
|
+
x.descendants.find {|y| y.inspect == "s(:sym, :pass)"}
|
50
|
+
end.compact.first.source_range
|
51
|
+
end
|
52
|
+
|
53
|
+
def preferred_replacement
|
54
|
+
cop_config.fetch('PreferredReplacement')
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
@@ -0,0 +1,59 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Note: highlighting could possibly be better
|
4
|
+
|
5
|
+
module RuboCop
|
6
|
+
module Cop
|
7
|
+
module InSpecStyle
|
8
|
+
#
|
9
|
+
# @example EnforcedStyle: InSpecStyle (default)
|
10
|
+
# # Description of the `bar` style.
|
11
|
+
#
|
12
|
+
# # bad
|
13
|
+
# sql = oracledb_session(user: 'my_user', pass: 'password')
|
14
|
+
#
|
15
|
+
# # good
|
16
|
+
# sql = oracledb_session(user: 'my_user', password: 'password
|
17
|
+
#
|
18
|
+
class OracleDbSessionPass < Cop
|
19
|
+
include MatchRange
|
20
|
+
MSG = 'Use `:password` instead of `:pass`. This will be removed in '\
|
21
|
+
'InSpec 5'
|
22
|
+
|
23
|
+
def_node_matcher :oracledb_session_pass?, <<~PATTERN
|
24
|
+
(send _ :oracledb_session
|
25
|
+
(hash
|
26
|
+
...
|
27
|
+
(pair
|
28
|
+
(sym $:pass)
|
29
|
+
...)))
|
30
|
+
PATTERN
|
31
|
+
|
32
|
+
# Getting location was a bit tricky on this one, looking at docs perhaps
|
33
|
+
# convention does allow highlighting an entire line.
|
34
|
+
def on_send(node)
|
35
|
+
return unless result = oracledb_session_pass?(node)
|
36
|
+
add_offense(node, message: MSG)
|
37
|
+
end
|
38
|
+
|
39
|
+
def autocorrect(node)
|
40
|
+
lambda do |corrector|
|
41
|
+
corrector.replace(offense_range(node), preferred_replacement)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
private
|
46
|
+
|
47
|
+
def offense_range(node)
|
48
|
+
node.descendants.map do |x|
|
49
|
+
x.descendants.find {|y| y.inspect == "s(:sym, :pass)"}
|
50
|
+
end.compact.first.source_range
|
51
|
+
end
|
52
|
+
|
53
|
+
def preferred_replacement
|
54
|
+
cop_config.fetch('PreferredReplacement')
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module RuboCop
|
4
|
+
module Cop
|
5
|
+
module InSpecStyle
|
6
|
+
# @example EnforcedStyle: InSpecStyle (default)
|
7
|
+
# # ppa has been deprecated as a resource. Use apt instead
|
8
|
+
#
|
9
|
+
class PPAResource < Cop
|
10
|
+
MSG = 'Use `apt` instead of `ppa`. '\
|
11
|
+
'This resource will be removed in InSpec 5.'
|
12
|
+
|
13
|
+
def_node_matcher :ppa?, <<~PATTERN
|
14
|
+
(send _ :ppa ...)
|
15
|
+
PATTERN
|
16
|
+
|
17
|
+
def on_send(node)
|
18
|
+
return unless ppa?(node)
|
19
|
+
add_offense(node, location: :selector)
|
20
|
+
end
|
21
|
+
|
22
|
+
def autocorrect(node)
|
23
|
+
lambda do |corrector|
|
24
|
+
corrector.replace(node.loc.selector, preferred_replacement)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
private
|
29
|
+
|
30
|
+
def preferred_replacement
|
31
|
+
cop_config.fetch('PreferredReplacement')
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
@@ -0,0 +1,77 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module RuboCop
|
4
|
+
module Cop
|
5
|
+
module InSpecStyle
|
6
|
+
# @example EnforcedStyle: InSpecStyle (default)
|
7
|
+
# `list` property for `processes` resource is deprecated for `entries` and will be removed in InSpec5
|
8
|
+
#
|
9
|
+
# # bad
|
10
|
+
# describe processes('my_processes.txt') do
|
11
|
+
# its('list') { should eq 12345 }
|
12
|
+
# end
|
13
|
+
#
|
14
|
+
# # good
|
15
|
+
# describe processes('my_processes.txt') do
|
16
|
+
# its('entries') { should eq 12345 }
|
17
|
+
# end
|
18
|
+
#
|
19
|
+
class ProcessesList < Cop
|
20
|
+
include RangeHelp
|
21
|
+
|
22
|
+
MSG = '`list` property for `processes` resource is deprecated for `entries` and will be removed in InSpec5'
|
23
|
+
|
24
|
+
def_node_matcher :processes_resource_list?, <<~PATTERN
|
25
|
+
(block
|
26
|
+
(send _ :its
|
27
|
+
(str "list") ...)
|
28
|
+
...)
|
29
|
+
PATTERN
|
30
|
+
|
31
|
+
def_node_matcher :spec?, <<-PATTERN
|
32
|
+
(block
|
33
|
+
(send nil? :describe ...)
|
34
|
+
...)
|
35
|
+
PATTERN
|
36
|
+
|
37
|
+
def_node_matcher :processes_resource?, <<-PATTERN
|
38
|
+
(block
|
39
|
+
(send nil? :describe
|
40
|
+
(send nil? :processes ...)
|
41
|
+
...)
|
42
|
+
...)
|
43
|
+
PATTERN
|
44
|
+
|
45
|
+
|
46
|
+
def on_block(node)
|
47
|
+
return unless inside_processes_spec?(node)
|
48
|
+
node.descendants.each do |descendant|
|
49
|
+
next unless processes_resource_list?(descendant)
|
50
|
+
add_offense(descendant, location: offense_range(descendant))
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
def autocorrect(node)
|
55
|
+
lambda do |corrector|
|
56
|
+
corrector.replace(offense_range(node), preferred_replacement)
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
private
|
61
|
+
|
62
|
+
def inside_processes_spec?(root)
|
63
|
+
spec?(root) && processes_resource?(root)
|
64
|
+
end
|
65
|
+
|
66
|
+
def preferred_replacement
|
67
|
+
cop_config.fetch('PreferredReplacement')
|
68
|
+
end
|
69
|
+
|
70
|
+
def offense_range(node)
|
71
|
+
source = node.children[0].children[-1].loc.expression
|
72
|
+
range_between(source.begin_pos+1, source.end_pos-1)
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
@@ -0,0 +1,48 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module RuboCop
|
4
|
+
module Cop
|
5
|
+
module InSpecStyle
|
6
|
+
# @example EnforcedStyle: InSpecStyle (default)
|
7
|
+
# # script has been deprecated as a resource. Use powershell instead
|
8
|
+
#
|
9
|
+
class ScriptResource < Cop
|
10
|
+
MSG = 'Use `powershell` instead of `script`. '\
|
11
|
+
'This resource will be removed in InSpec 5.'
|
12
|
+
|
13
|
+
def_node_matcher :spec?, <<-PATTERN
|
14
|
+
(block
|
15
|
+
(send nil? :describe ...)
|
16
|
+
...)
|
17
|
+
PATTERN
|
18
|
+
|
19
|
+
def_node_matcher :script?, <<~PATTERN
|
20
|
+
(send nil? :script ...)
|
21
|
+
PATTERN
|
22
|
+
|
23
|
+
def on_send(node)
|
24
|
+
return unless inside_spec?(node)
|
25
|
+
return unless script?(node)
|
26
|
+
|
27
|
+
add_offense(node, location: :selector)
|
28
|
+
end
|
29
|
+
|
30
|
+
def autocorrect(node)
|
31
|
+
lambda do |corrector|
|
32
|
+
corrector.replace(node.loc.selector, preferred_replacement)
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
private
|
37
|
+
|
38
|
+
def inside_spec?(root)
|
39
|
+
spec?(root)
|
40
|
+
end
|
41
|
+
|
42
|
+
def preferred_replacement
|
43
|
+
cop_config.fetch('PreferredReplacement')
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
@@ -0,0 +1,83 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module RuboCop
|
4
|
+
module Cop
|
5
|
+
module InSpecStyle
|
6
|
+
# Shadow resource properties `user|password|last_change|expiry_date|line` is deprecated in favor of `users|passwords|last_changes|expiry_dates|lines`
|
7
|
+
#
|
8
|
+
# @example EnforcedStyle: InSpecStyle (default)
|
9
|
+
# # Use users instead
|
10
|
+
#
|
11
|
+
# # bad
|
12
|
+
# describe shadow('/etc/my-custom-place/shadow') do
|
13
|
+
# its('user') { should eq 'user' }
|
14
|
+
# end
|
15
|
+
#
|
16
|
+
# # good
|
17
|
+
# describe shadow('/etc/my-custom-place/shadow') do
|
18
|
+
# its('users') { should eq 'user' }
|
19
|
+
# end
|
20
|
+
#
|
21
|
+
class ShadowProperties < Cop
|
22
|
+
include RangeHelp
|
23
|
+
|
24
|
+
MSG = 'Use `:%<violation>ss` instead of `:%<violation>s` as a property ' \
|
25
|
+
'for the `shadow` resource. This property will be removed in InSpec 5'
|
26
|
+
|
27
|
+
def_node_matcher :deprecated_shadow_property?, <<~PATTERN
|
28
|
+
(block
|
29
|
+
(send _ :its
|
30
|
+
(str ${"user" "password" "last_change" "expiry_date" "line"}) ...)
|
31
|
+
...)
|
32
|
+
PATTERN
|
33
|
+
|
34
|
+
def_node_matcher :spec?, <<-PATTERN
|
35
|
+
(block
|
36
|
+
(send nil? :describe ...)
|
37
|
+
...)
|
38
|
+
PATTERN
|
39
|
+
|
40
|
+
def_node_matcher :shadow_resource?, <<-PATTERN
|
41
|
+
(block
|
42
|
+
(send nil? :describe
|
43
|
+
(send nil? :shadow ...)
|
44
|
+
...)
|
45
|
+
...)
|
46
|
+
PATTERN
|
47
|
+
|
48
|
+
def on_block(node)
|
49
|
+
return unless inside_shadow_spec?(node)
|
50
|
+
node.descendants.each do |descendant|
|
51
|
+
deprecated_shadow_property?(descendant) do |violation|
|
52
|
+
add_offense(
|
53
|
+
descendant,
|
54
|
+
location: offense_range(descendant),
|
55
|
+
message: format(
|
56
|
+
MSG,
|
57
|
+
violation: violation
|
58
|
+
)
|
59
|
+
)
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
def autocorrect(node)
|
65
|
+
lambda do |corrector|
|
66
|
+
corrector.insert_after(offense_range(node), 's')
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
private
|
71
|
+
|
72
|
+
def inside_shadow_spec?(root)
|
73
|
+
spec?(root) && shadow_resource?(root)
|
74
|
+
end
|
75
|
+
|
76
|
+
def offense_range(node)
|
77
|
+
source = node.children[0].children[-1].loc.expression
|
78
|
+
range_between(source.begin_pos+1, source.end_pos-1)
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
@@ -0,0 +1,98 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# NOTE TO SELF - this one works BUT not if other its statements are defined. Needs
|
4
|
+
# to work in any arrangement. This is a powerful one to crack as this pattern
|
5
|
+
# will be used in a LOT of other cops.
|
6
|
+
|
7
|
+
module RuboCop
|
8
|
+
module Cop
|
9
|
+
module InSpecStyle
|
10
|
+
# Users resource deprecated matchers
|
11
|
+
#
|
12
|
+
# @example EnforcedStyle: InSpecStyle (default)
|
13
|
+
#
|
14
|
+
# # bad
|
15
|
+
# describe users('/etc/my-custom-place/users') do
|
16
|
+
# its('has_home_directory?') { should eq 'foo' }
|
17
|
+
# end
|
18
|
+
#
|
19
|
+
# # good
|
20
|
+
# describe users('/etc/my-custom-place/users') do
|
21
|
+
# its('users') { should eq 'foo' }
|
22
|
+
# end
|
23
|
+
#
|
24
|
+
class UsersResourceMatchers < Cop
|
25
|
+
MSG = 'Use `%<solution>s` instead of `%<violation>s` as a matcher ' \
|
26
|
+
"for the `users` resource. \nThis matcher will be removed in InSpec 5"
|
27
|
+
|
28
|
+
MAP = {
|
29
|
+
has_home_directory?: "its('home')",
|
30
|
+
has_login_shell?: "its('shell')",
|
31
|
+
has_authorized_key?: "another matcher",
|
32
|
+
maximum_days_between_password_change: :maxdays,
|
33
|
+
has_uid?: "another matcher",
|
34
|
+
minimum_days_between_password_change: "mindays"
|
35
|
+
}
|
36
|
+
|
37
|
+
def_node_matcher :deprecated_users_matcher?, <<~PATTERN
|
38
|
+
(send _ ${#{MAP.keys.map(&:inspect).join(' ')}} ...)
|
39
|
+
PATTERN
|
40
|
+
|
41
|
+
def_node_matcher :spec?, <<-PATTERN
|
42
|
+
(block
|
43
|
+
(send nil? :describe ...)
|
44
|
+
...)
|
45
|
+
PATTERN
|
46
|
+
|
47
|
+
def_node_matcher :users_resource?, <<-PATTERN
|
48
|
+
(block
|
49
|
+
(send nil? :describe
|
50
|
+
(send nil? :users ...)
|
51
|
+
...)
|
52
|
+
...)
|
53
|
+
PATTERN
|
54
|
+
|
55
|
+
def on_block(node)
|
56
|
+
return unless inside_users_spec?(node)
|
57
|
+
node.descendants.each do |descendant|
|
58
|
+
deprecated_users_matcher?(descendant) do |violation|
|
59
|
+
add_offense(
|
60
|
+
descendant,
|
61
|
+
location: offense_range(descendant),
|
62
|
+
message: format(
|
63
|
+
MSG,
|
64
|
+
violation: violation,
|
65
|
+
solution: MAP[violation]
|
66
|
+
)
|
67
|
+
)
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
def autocorrect(node)
|
73
|
+
lambda do |corrector|
|
74
|
+
# Only these two matchers are autocorrectable
|
75
|
+
[
|
76
|
+
'maximum_days_between_password_change',
|
77
|
+
'minimum_days_between_password_change'
|
78
|
+
].map do |violation|
|
79
|
+
if node.inspect.include?(violation)
|
80
|
+
corrector.replace(node.loc.selector, MAP[violation.to_sym])
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
86
|
+
private
|
87
|
+
|
88
|
+
def inside_users_spec?(root)
|
89
|
+
spec?(root) && users_resource?(root)
|
90
|
+
end
|
91
|
+
|
92
|
+
def offense_range(node)
|
93
|
+
node.loc.selector
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|