puppet-lint-security-plugins 0.1.6

data/spec/puppet-lint/plugins/check_security_tidy_all_files_spec.rb

@@ -0,0 +1,36 @@
+require 'spec_helper'
+
+describe 'security_tidy_all_files' do
+  let(:msg) { 'Purging all files, be warned!' }
+
+  context 'with fix disabled' do
+    context 'code having unspecific tidy' do
+      let(:code) { "
+tidy { '/usr/local':
+}
+" }
+
+      it 'should detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'should create a warning' do
+        expect(problems).to contain_warning(msg).on_line(2).in_column(21)
+      end
+    end
+
+    context 'code having specific tidy' do
+      let(:code) { "
+tidy { '/tmp':
+  age     => '1w',
+  matches => [ '[0-9]pub*.tmp', '*.temp', 'tmpfile?' ]
+}
+" }
+
+      it 'should not detect any problems' do
+        expect(problems).to have(0).problems
+      end
+    end
+
+  end
+end

data/spec/puppet-lint/plugins/check_security_tidy_matches_greedy_spec.rb

@@ -0,0 +1,37 @@
+require 'spec_helper'
+
+describe 'security_tidy_matches_greedy' do
+  let(:msg) { 'This will delete all files, be warned!' }
+
+  context 'with fix disabled' do
+    context 'code having greedy tidy' do
+      let(:code) { "
+tidy { '/usr/local':
+  matches => [ '[0-9]pub*.tmp', '*', '*.temp', 'tmpfile?' ]
+}
+" }
+
+      it 'should detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'should create a warning' do
+        expect(problems).to contain_warning(msg).on_line(3).in_column(33)
+      end
+    end
+
+    context 'code having no greedy tidy' do
+      let(:code) { "
+tidy { '/tmp':
+  age     => '1w',
+  matches => [ '[0-9]pub*.tmp', '*.temp', 'tmpfile?' ]
+}
+" }
+
+      it 'should not detect any problems' do
+        expect(problems).to have(0).problems
+      end
+    end
+
+  end
+end

data/spec/puppet-lint/plugins/check_security_tidy_recurse_spec.rb

@@ -0,0 +1,37 @@
+require 'spec_helper'
+
+describe 'security_tidy_recurse' do
+  let(:msg) { 'Purging files recurse, be warned!' }
+
+  context 'with fix disabled' do
+    context 'code having recurse purging tidy' do
+      let(:code) { "
+tidy { '/usr/local':
+  recurse => true,
+}
+" }
+
+      it 'should detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'should create a warning' do
+        expect(problems).to contain_warning(msg).on_line(3).in_column(14)
+      end
+    end
+
+    context 'code having no recurse purging tidy' do
+      let(:code) { "
+tidy { '/tmp':
+  age     => '1w',
+  matches => [ '[0-9]pub*.tmp', '*.temp', 'tmpfile?' ]
+}
+" }
+
+      it 'should not detect any problems' do
+        expect(problems).to have(0).problems
+      end
+    end
+
+  end
+end

data/spec/puppet-lint/plugins/check_security_user_with_id_0_created_spec.rb

@@ -0,0 +1,47 @@
+require 'spec_helper'
+
+describe 'security_user_with_id_0_created' do
+  let(:msg) { 'Another User with ID 0 would be created (security!)' }
+
+  context 'with fix disabled' do
+    context 'code having user with id 0 created' do
+      let(:code) { "
+
+user {'myroot':
+  ensure     => present,
+  managehome => true,
+  allowdupe  => true,
+  shell      => '/bin/bash',
+  password   => '$6$vvj6dlOH$ORJ0dok0GJIbuTMAexlSsxOHMBmtz1qCioS3xB4f3ap5azQdZjqRLzHpJhCNjAVsW3E3GtZwcnHJu/baLjhr3.',
+  uid        => 0,
+}
+
+                   " }
+
+      it 'should detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'should create a error' do
+        expect(problems).to contain_error(msg).on_line(3).in_column(16)
+      end
+    end
+
+    context 'code having no user with id 0 created' do
+      let(:code) { "
+user {'myroot':
+  ensure     => present,
+  managehome => true,
+  shell      => '/bin/bash',
+  password   => '$6$vvj6dlOH$ORJ0dok0GJIbuTMAexlSsxOHMBmtz1qCioS3xB4f3ap5azQdZjqRLzHpJhCNjAVsW3E3GtZwcnHJu/baLjhr3.',
+}
+
+                   " }
+
+      it 'should not detect any problems' do
+        expect(problems).to have(0).problems
+      end
+    end
+
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,5 @@
+require 'bundler/setup'
+require 'puppet-lint'
+require 'puppet-lint-security-plugins'
+
+PuppetLint::Plugins.load_spec_helper

metadata

@@ -0,0 +1,232 @@
+--- !ruby/object:Gem::Specification
+name: puppet-lint-security-plugins
+version: !ruby/object:Gem::Version
+  version: 0.1.6
+platform: ruby
+authors:
+- Florian Freund
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-07-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: puppet-lint
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-collection_matchers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mail
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: "    Checks puppet manifests for security related problems.\n"
+email: mail@floek.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- LICENSE
+- lib/puppet-lint/plugins/check_class_or_define_parameter_in_exec.rb
+- lib/puppet-lint/plugins/check_security_apache_bad_cipher.rb
+- lib/puppet-lint/plugins/check_security_apache_no_ssl_vhost.rb
+- lib/puppet-lint/plugins/check_security_apt_no_key.rb
+- lib/puppet-lint/plugins/check_security_eval_in_erb.rb
+- lib/puppet-lint/plugins/check_security_file_with_setgid_permission.rb
+- lib/puppet-lint/plugins/check_security_file_with_setuid_permission.rb
+- lib/puppet-lint/plugins/check_security_file_with_world_permissions.rb
+- lib/puppet-lint/plugins/check_security_firewall_any_any_allow.rb
+- lib/puppet-lint/plugins/check_security_firewall_any_any_deny.rb
+- lib/puppet-lint/plugins/check_security_firewall_dns_used.rb
+- lib/puppet-lint/plugins/check_security_firewall_puppetmaster_any_deny.rb
+- lib/puppet-lint/plugins/check_security_package_pinned_version.rb
+- lib/puppet-lint/plugins/check_security_password_in_code.rb
+- lib/puppet-lint/plugins/check_security_password_variable_in_exec.rb
+- lib/puppet-lint/plugins/check_security_regex_unspecific.rb
+- lib/puppet-lint/plugins/check_security_service_mysql_disabled.rb
+- lib/puppet-lint/plugins/check_security_service_puppetmaster_disabled.rb
+- lib/puppet-lint/plugins/check_security_ssh_root_allowed.rb
+- lib/puppet-lint/plugins/check_security_sudo_with_world_nopasswd.rb
+- lib/puppet-lint/plugins/check_security_tidy_all_files.rb
+- lib/puppet-lint/plugins/check_security_tidy_matches_greedy.rb
+- lib/puppet-lint/plugins/check_security_tidy_recurse.rb
+- lib/puppet-lint/plugins/check_security_user_with_id_0_created.rb
+- lib/puppet-lint/security.rb
+- lib/puppet-lint-security-plugins.rb
+- spec/puppet-lint/plugins/check_class_or_define_parameter_in_exec_spec.rb
+- spec/puppet-lint/plugins/check_security_apache_bad_cipher_spec.rb
+- spec/puppet-lint/plugins/check_security_apache_no_ssl_vhost_spec.rb
+- spec/puppet-lint/plugins/check_security_apt_absent_no_key_spec.rb
+- spec/puppet-lint/plugins/check_security_apt_no_key_spec.rb
+- spec/puppet-lint/plugins/check_security_dir_guid_permissions_spec.rb
+- spec/puppet-lint/plugins/check_security_dir_world_permissions_spec.rb
+- spec/puppet-lint/plugins/check_security_eval_in_erb_spec.rb
+- spec/puppet-lint/plugins/check_security_file_suid_permissions_spec.rb
+- spec/puppet-lint/plugins/check_security_file_with_setgid_permission_spec.rb
+- spec/puppet-lint/plugins/check_security_file_with_setuid_permission_spec.rb
+- spec/puppet-lint/plugins/check_security_file_with_world_permissions_spec.rb
+- spec/puppet-lint/plugins/check_security_file_world_and_guid_permissions_spec.rb
+- spec/puppet-lint/plugins/check_security_firewall_any_any_allow_spec.rb
+- spec/puppet-lint/plugins/check_security_firewall_any_any_deny_spec.rb
+- spec/puppet-lint/plugins/check_security_firewall_dns_used_spec.rb
+- spec/puppet-lint/plugins/check_security_firewall_puppetmaster_any_deny_spec.rb
+- spec/puppet-lint/plugins/check_security_package_pinned_version_spec.rb
+- spec/puppet-lint/plugins/check_security_password_in_code_spec.rb
+- spec/puppet-lint/plugins/check_security_password_variable_in_exec_spec.rb
+- spec/puppet-lint/plugins/check_security_regex_unspecific_spec.rb
+- spec/puppet-lint/plugins/check_security_service_mysql_disabled_spec.rb
+- spec/puppet-lint/plugins/check_security_service_puppetmaster_disabled_spec.rb
+- spec/puppet-lint/plugins/check_security_ssh_root_allowed_spec.rb
+- spec/puppet-lint/plugins/check_security_ssh_server_root_allowed_spec.rb
+- spec/puppet-lint/plugins/check_security_sudo_with_world_nopasswd_spec.rb
+- spec/puppet-lint/plugins/check_security_tidy_all_files_spec.rb
+- spec/puppet-lint/plugins/check_security_tidy_matches_greedy_spec.rb
+- spec/puppet-lint/plugins/check_security_tidy_recurse_spec.rb
+- spec/puppet-lint/plugins/check_security_user_with_id_0_created_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/floek/puppet-lint-security-plugins
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.14
+signing_key: 
+specification_version: 4
+summary: A puppet-lint plugin to check security issues.
+test_files:
+- spec/puppet-lint/plugins/check_class_or_define_parameter_in_exec_spec.rb
+- spec/puppet-lint/plugins/check_security_apache_bad_cipher_spec.rb
+- spec/puppet-lint/plugins/check_security_apache_no_ssl_vhost_spec.rb
+- spec/puppet-lint/plugins/check_security_apt_absent_no_key_spec.rb
+- spec/puppet-lint/plugins/check_security_apt_no_key_spec.rb
+- spec/puppet-lint/plugins/check_security_dir_guid_permissions_spec.rb
+- spec/puppet-lint/plugins/check_security_dir_world_permissions_spec.rb
+- spec/puppet-lint/plugins/check_security_eval_in_erb_spec.rb
+- spec/puppet-lint/plugins/check_security_file_suid_permissions_spec.rb
+- spec/puppet-lint/plugins/check_security_file_with_setgid_permission_spec.rb
+- spec/puppet-lint/plugins/check_security_file_with_setuid_permission_spec.rb
+- spec/puppet-lint/plugins/check_security_file_with_world_permissions_spec.rb
+- spec/puppet-lint/plugins/check_security_file_world_and_guid_permissions_spec.rb
+- spec/puppet-lint/plugins/check_security_firewall_any_any_allow_spec.rb
+- spec/puppet-lint/plugins/check_security_firewall_any_any_deny_spec.rb
+- spec/puppet-lint/plugins/check_security_firewall_dns_used_spec.rb
+- spec/puppet-lint/plugins/check_security_firewall_puppetmaster_any_deny_spec.rb
+- spec/puppet-lint/plugins/check_security_package_pinned_version_spec.rb
+- spec/puppet-lint/plugins/check_security_password_in_code_spec.rb
+- spec/puppet-lint/plugins/check_security_password_variable_in_exec_spec.rb
+- spec/puppet-lint/plugins/check_security_regex_unspecific_spec.rb
+- spec/puppet-lint/plugins/check_security_service_mysql_disabled_spec.rb
+- spec/puppet-lint/plugins/check_security_service_puppetmaster_disabled_spec.rb
+- spec/puppet-lint/plugins/check_security_ssh_root_allowed_spec.rb
+- spec/puppet-lint/plugins/check_security_ssh_server_root_allowed_spec.rb
+- spec/puppet-lint/plugins/check_security_sudo_with_world_nopasswd_spec.rb
+- spec/puppet-lint/plugins/check_security_tidy_all_files_spec.rb
+- spec/puppet-lint/plugins/check_security_tidy_matches_greedy_spec.rb
+- spec/puppet-lint/plugins/check_security_tidy_recurse_spec.rb
+- spec/puppet-lint/plugins/check_security_user_with_id_0_created_spec.rb
+- spec/spec_helper.rb
+has_rdoc: