puppet-lint-security-plugins 0.1.6 → 0.1.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/puppet-lint/plugins/{check_class_or_define_parameter_in_exec.rb → check_security_class_or_define_parameter_in_exec.rb} +0 -0
- data/spec/puppet-lint/plugins/{check_class_or_define_parameter_in_exec_spec.rb → check_security_class_or_define_parameter_in_exec_spec.rb} +0 -0
- metadata +7 -10
- data/lib/puppet-lint/plugins/check_security_regex_unspecific.rb +0 -23
- data/spec/puppet-lint/plugins/check_security_regex_unspecific_spec.rb +0 -40
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ca2d2823689fee2c5355557052f052a8ee154b88
|
4
|
+
data.tar.gz: f49555ff6d3ef1634104cd81027349f9bc524b37
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e1bd04bfa0cc93d486bb84d7fb15b14b7647b558672cf708f9b18f66ec78f9d6e7188a02c71e21ce38a14ba0315fcfe7c000a93478e4aa7065ee8f96f333b17b
|
7
|
+
data.tar.gz: 63f202e85d363a2f5c93cbb60a2b0bb493d35e7cc2e03194a1a4e80fe38f570ee67b1763c91766de78ff48e155f6c6e3d36e9151e56414e57e6e0515d6d602ed
|
File without changes
|
File without changes
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: puppet-lint-security-plugins
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Florian Freund
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-11-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: puppet-lint
|
@@ -30,14 +30,14 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: '3.
|
33
|
+
version: '3.3'
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: '3.
|
40
|
+
version: '3.3'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: rspec-its
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -116,10 +116,10 @@ extra_rdoc_files: []
|
|
116
116
|
files:
|
117
117
|
- README.md
|
118
118
|
- LICENSE
|
119
|
-
- lib/puppet-lint/plugins/check_class_or_define_parameter_in_exec.rb
|
120
119
|
- lib/puppet-lint/plugins/check_security_apache_bad_cipher.rb
|
121
120
|
- lib/puppet-lint/plugins/check_security_apache_no_ssl_vhost.rb
|
122
121
|
- lib/puppet-lint/plugins/check_security_apt_no_key.rb
|
122
|
+
- lib/puppet-lint/plugins/check_security_class_or_define_parameter_in_exec.rb
|
123
123
|
- lib/puppet-lint/plugins/check_security_eval_in_erb.rb
|
124
124
|
- lib/puppet-lint/plugins/check_security_file_with_setgid_permission.rb
|
125
125
|
- lib/puppet-lint/plugins/check_security_file_with_setuid_permission.rb
|
@@ -131,7 +131,6 @@ files:
|
|
131
131
|
- lib/puppet-lint/plugins/check_security_package_pinned_version.rb
|
132
132
|
- lib/puppet-lint/plugins/check_security_password_in_code.rb
|
133
133
|
- lib/puppet-lint/plugins/check_security_password_variable_in_exec.rb
|
134
|
-
- lib/puppet-lint/plugins/check_security_regex_unspecific.rb
|
135
134
|
- lib/puppet-lint/plugins/check_security_service_mysql_disabled.rb
|
136
135
|
- lib/puppet-lint/plugins/check_security_service_puppetmaster_disabled.rb
|
137
136
|
- lib/puppet-lint/plugins/check_security_ssh_root_allowed.rb
|
@@ -142,11 +141,11 @@ files:
|
|
142
141
|
- lib/puppet-lint/plugins/check_security_user_with_id_0_created.rb
|
143
142
|
- lib/puppet-lint/security.rb
|
144
143
|
- lib/puppet-lint-security-plugins.rb
|
145
|
-
- spec/puppet-lint/plugins/check_class_or_define_parameter_in_exec_spec.rb
|
146
144
|
- spec/puppet-lint/plugins/check_security_apache_bad_cipher_spec.rb
|
147
145
|
- spec/puppet-lint/plugins/check_security_apache_no_ssl_vhost_spec.rb
|
148
146
|
- spec/puppet-lint/plugins/check_security_apt_absent_no_key_spec.rb
|
149
147
|
- spec/puppet-lint/plugins/check_security_apt_no_key_spec.rb
|
148
|
+
- spec/puppet-lint/plugins/check_security_class_or_define_parameter_in_exec_spec.rb
|
150
149
|
- spec/puppet-lint/plugins/check_security_dir_guid_permissions_spec.rb
|
151
150
|
- spec/puppet-lint/plugins/check_security_dir_world_permissions_spec.rb
|
152
151
|
- spec/puppet-lint/plugins/check_security_eval_in_erb_spec.rb
|
@@ -162,7 +161,6 @@ files:
|
|
162
161
|
- spec/puppet-lint/plugins/check_security_package_pinned_version_spec.rb
|
163
162
|
- spec/puppet-lint/plugins/check_security_password_in_code_spec.rb
|
164
163
|
- spec/puppet-lint/plugins/check_security_password_variable_in_exec_spec.rb
|
165
|
-
- spec/puppet-lint/plugins/check_security_regex_unspecific_spec.rb
|
166
164
|
- spec/puppet-lint/plugins/check_security_service_mysql_disabled_spec.rb
|
167
165
|
- spec/puppet-lint/plugins/check_security_service_puppetmaster_disabled_spec.rb
|
168
166
|
- spec/puppet-lint/plugins/check_security_ssh_root_allowed_spec.rb
|
@@ -198,11 +196,11 @@ signing_key:
|
|
198
196
|
specification_version: 4
|
199
197
|
summary: A puppet-lint plugin to check security issues.
|
200
198
|
test_files:
|
201
|
-
- spec/puppet-lint/plugins/check_class_or_define_parameter_in_exec_spec.rb
|
202
199
|
- spec/puppet-lint/plugins/check_security_apache_bad_cipher_spec.rb
|
203
200
|
- spec/puppet-lint/plugins/check_security_apache_no_ssl_vhost_spec.rb
|
204
201
|
- spec/puppet-lint/plugins/check_security_apt_absent_no_key_spec.rb
|
205
202
|
- spec/puppet-lint/plugins/check_security_apt_no_key_spec.rb
|
203
|
+
- spec/puppet-lint/plugins/check_security_class_or_define_parameter_in_exec_spec.rb
|
206
204
|
- spec/puppet-lint/plugins/check_security_dir_guid_permissions_spec.rb
|
207
205
|
- spec/puppet-lint/plugins/check_security_dir_world_permissions_spec.rb
|
208
206
|
- spec/puppet-lint/plugins/check_security_eval_in_erb_spec.rb
|
@@ -218,7 +216,6 @@ test_files:
|
|
218
216
|
- spec/puppet-lint/plugins/check_security_package_pinned_version_spec.rb
|
219
217
|
- spec/puppet-lint/plugins/check_security_password_in_code_spec.rb
|
220
218
|
- spec/puppet-lint/plugins/check_security_password_variable_in_exec_spec.rb
|
221
|
-
- spec/puppet-lint/plugins/check_security_regex_unspecific_spec.rb
|
222
219
|
- spec/puppet-lint/plugins/check_security_service_mysql_disabled_spec.rb
|
223
220
|
- spec/puppet-lint/plugins/check_security_service_puppetmaster_disabled_spec.rb
|
224
221
|
- spec/puppet-lint/plugins/check_security_ssh_root_allowed_spec.rb
|
@@ -1,23 +0,0 @@
|
|
1
|
-
require 'puppet-lint-security-plugins'
|
2
|
-
|
3
|
-
# Matches regular expression without start or end of string (\A,\z)
|
4
|
-
# or line (^,$) range markers
|
5
|
-
PuppetLint.new_check(:security_regex_unspecific) do
|
6
|
-
|
7
|
-
def check
|
8
|
-
|
9
|
-
start_or_end_of_line_or_string_used = /\A(\\A|\^).*(\\z|\$)\z/
|
10
|
-
|
11
|
-
result = tokens.find_all do |token|
|
12
|
-
token.type == :REGEX and
|
13
|
-
token.value !~ start_or_end_of_line_or_string_used
|
14
|
-
end
|
15
|
-
|
16
|
-
bulk_notify(
|
17
|
-
:result => result,
|
18
|
-
:severity => :warning,
|
19
|
-
:message => 'Unspecific regex used, maybe too much is matched.'
|
20
|
-
|
21
|
-
)
|
22
|
-
end
|
23
|
-
end
|
@@ -1,40 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
describe 'security_regex_unspecific' do
|
4
|
-
let(:msg) { 'Unspecific regex used, maybe too much is matched.' }
|
5
|
-
|
6
|
-
context 'with fix disabled' do
|
7
|
-
context 'code having unspecific regex' do
|
8
|
-
let(:code) { "
|
9
|
-
if $::kernelversion =~ /3.*/ {
|
10
|
-
notice ('Linux Kernel 3 used')
|
11
|
-
}
|
12
|
-
" }
|
13
|
-
|
14
|
-
it 'should detect a single problem' do
|
15
|
-
expect(problems).to have(1).problem
|
16
|
-
end
|
17
|
-
|
18
|
-
it 'should create a warning' do
|
19
|
-
expect(problems).to contain_warning(msg).on_line(2).in_column(24)
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
context 'code having specific regex' do
|
24
|
-
let(:code) { "
|
25
|
-
if $::kernelversion =~ /\\A3.*\\z/ {
|
26
|
-
notice ('Linux Kernel 3 used')
|
27
|
-
}
|
28
|
-
|
29
|
-
if $::kernelversion =~ /^3.*$/ {
|
30
|
-
notice ('Linux Kernel 3 used')
|
31
|
-
}
|
32
|
-
" }
|
33
|
-
|
34
|
-
it 'should not detect any problems' do
|
35
|
-
expect(problems).to have(0).problems
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
end
|
40
|
-
end
|