puppet-lint-security-plugins 0.1.7 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: ca2d2823689fee2c5355557052f052a8ee154b88
4
- data.tar.gz: f49555ff6d3ef1634104cd81027349f9bc524b37
3
+ metadata.gz: 1b6def59f026140613ea0c905c9a133fcfd78760
4
+ data.tar.gz: e46af64b3174e0806b3c1e312ebd5f19cda01828
5
5
  SHA512:
6
- metadata.gz: e1bd04bfa0cc93d486bb84d7fb15b14b7647b558672cf708f9b18f66ec78f9d6e7188a02c71e21ce38a14ba0315fcfe7c000a93478e4aa7065ee8f96f333b17b
7
- data.tar.gz: 63f202e85d363a2f5c93cbb60a2b0bb493d35e7cc2e03194a1a4e80fe38f570ee67b1763c91766de78ff48e155f6c6e3d36e9151e56414e57e6e0515d6d602ed
6
+ metadata.gz: 7e1bca0361771c490655bf68e6682167e479c44a35899fdd7ebc04d7ee73a42803b48ab711c860385678ba93dcdfc8b71cbf6c27fb9a4af544fd1548fe4e686c
7
+ data.tar.gz: 16c00da9f12c451052e6ff12afd0ae4207088e4aa4fe0e3b0dd9f3375fba15d24cef9b6e5d36cb33628a9eccf36ffaf47bab3e2c2c3f484e4b0f74a86108a7a8
data/README.md CHANGED
@@ -7,6 +7,8 @@ are implemented, please feel free to contribute.
7
7
 
8
8
  gem install puppet-lint-security-plugins
9
9
 
10
+ [![Gem Version](https://badge.fury.io/rb/puppet-lint-security-plugins@2x.png)](https://badge.fury.io/rb/puppet-lint-security-plugins)
11
+
10
12
  ## Testing your manifests
11
13
 
12
14
  Just use `puppet-lint`. After installation security checks are enabled by default.
@@ -24,7 +26,6 @@ At the moment, the following tests have been implemented:
24
26
  * Should not pin packages to specific version
25
27
  * Must not store plaintext passwords in the manifest
26
28
  * Must not use password variables in exec
27
- * Should use range markers (\A,\z,^,$) in regular expressions
28
29
  * Must not use class or defined\_type parameters in `exec`
29
30
  * Should not use `tidy`with `age` and/or `size` parameter
30
31
  * Should not use `tidy` with `match` equals to `*`
@@ -7,11 +7,11 @@ PuppetLint.new_check(:security_class_or_define_parameter_in_exec) do
7
7
  check_resource_index(
8
8
  :resource_type => 'exec',
9
9
  :severity => :error,
10
- :message => 'Class or definded_type parameter in exec used (security!)'
10
+ :message => 'Class or defined_type parameter in exec used (security!)'
11
11
  ) do |rule|
12
12
 
13
13
  class_definitions=class_indexes.find_all do |cd|
14
- resource_in_class_or_define?(rule,cd)
14
+ resource_in_class_or_define?(rule,cd)
15
15
  end
16
16
 
17
17
  defined_types=defined_type_indexes.find_all do |dt|
@@ -2,7 +2,7 @@
2
2
  class PuppetLint::CheckPlugin
3
3
 
4
4
  # This types represent valid values for variables and parameters
5
- VALID_CONTENT_TOKENS=[:NAME,:SSTRING,:STRING,:NUMBER,:TRUE,:FALSE,:DQPRE,:DQMID,:DQPOST,:VARIABLE]
5
+ VALID_CONTENT_TOKENS=[:NAME,:FUNCTION_NAME,:SSTRING,:STRING,:NUMBER,:TRUE,:FALSE,:DQPRE,:DQMID,:DQPOST,:VARIABLE]
6
6
 
7
7
  # Checks if given resource is defined in given class or define
8
8
  #
@@ -120,7 +120,7 @@ class PuppetLint::CheckPlugin
120
120
  def get_argument_token_for_function(tokens,function)
121
121
  lparen=tokens.find do |token|
122
122
  token.type == :LPAREN and
123
- token.prev_code_token.type == :NAME and
123
+ token.prev_code_token.type == :FUNCTION_NAME and
124
124
  token.prev_code_token.value == function
125
125
  end
126
126
 
@@ -159,7 +159,7 @@ class PuppetLint::CheckPlugin
159
159
  t = block_starter.next_token
160
160
 
161
161
  until [:SEMIC,:RBRACE].include? t.type
162
- token_array << t unless t.type == :COLON
162
+ token_array << t
163
163
  t = t.next_token
164
164
  end
165
165
 
@@ -16,7 +16,7 @@ apache::vhost { 'fourth.example.com':
16
16
  end
17
17
 
18
18
  it 'should create a warning' do
19
- expect(problems).to contain_warning(msg).on_line(2).in_column(38)
19
+ expect(problems).to contain_warning(msg).on_line(2).in_column(37)
20
20
  end
21
21
  end
22
22
 
@@ -24,7 +24,7 @@ apt::source {
24
24
  end
25
25
 
26
26
  it 'should create a error' do
27
- expect(problems).to contain_error(msg).on_line(6).in_column(16)
27
+ expect(problems).to contain_error(msg).on_line(6).in_column(15)
28
28
  end
29
29
  end
30
30
 
@@ -5,7 +5,8 @@ describe 'security_apt_no_key' do
5
5
 
6
6
  context 'with fix disabled' do
7
7
  context 'code having no key parameter in apt' do
8
- let(:code) { "apt::source { 'puppetlabs':
8
+ let(:code) { "
9
+ apt::source { 'puppetlabs':
9
10
  location => 'http://apt.puppetlabs.com',
10
11
  repos => 'main',
11
12
  }
@@ -16,7 +17,7 @@ describe 'security_apt_no_key' do
16
17
  end
17
18
 
18
19
  it 'should create a error' do
19
- expect(problems).to contain_error(msg).on_line(1).in_column(28)
20
+ expect(problems).to contain_error(msg).on_line(2).in_column(27)
20
21
  end
21
22
  end
22
23
 
@@ -1,7 +1,7 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe 'security_class_or_define_parameter_in_exec' do
4
- let(:msg) { 'Class or definded_type parameter in exec used (security!)' }
4
+ let(:msg) { 'Class or defined_type parameter in exec used (security!)' }
5
5
 
6
6
  context 'with fix disabled' do
7
7
  context 'code having variables in execs' do
@@ -18,7 +18,7 @@ describe 'security_firewall_any_any_deny' do
18
18
  end
19
19
 
20
20
  it 'should create a warning' do
21
- expect(problems).to contain_warning(msg).on_line(2).in_column(29)
21
+ expect(problems).to contain_warning(msg).on_line(2).in_column(28)
22
22
  end
23
23
  end
24
24
 
@@ -36,7 +36,7 @@ describe 'security_firewall_any_any_deny' do
36
36
  end
37
37
 
38
38
  it 'should create a warning' do
39
- expect(problems).to contain_warning(msg).on_line(2).in_column(29)
39
+ expect(problems).to contain_warning(msg).on_line(2).in_column(28)
40
40
  end
41
41
  end
42
42
 
@@ -52,7 +52,7 @@ describe 'security_firewall_any_any_deny' do
52
52
  end
53
53
 
54
54
  it 'should create a warning' do
55
- expect(problems).to contain_warning(msg).on_line(2).in_column(29)
55
+ expect(problems).to contain_warning(msg).on_line(2).in_column(28)
56
56
  end
57
57
  end
58
58
 
@@ -69,7 +69,7 @@ describe 'security_firewall_any_any_deny' do
69
69
  end
70
70
 
71
71
  it 'should create a warning' do
72
- expect(problems).to contain_warning(msg).on_line(2).in_column(29)
72
+ expect(problems).to contain_warning(msg).on_line(2).in_column(28)
73
73
  end
74
74
  end
75
75
 
@@ -86,7 +86,7 @@ describe 'security_firewall_any_any_deny' do
86
86
  end
87
87
 
88
88
  it 'should create a warning' do
89
- expect(problems).to contain_warning(msg).on_line(2).in_column(29)
89
+ expect(problems).to contain_warning(msg).on_line(2).in_column(28)
90
90
  end
91
91
  end
92
92
 
@@ -103,7 +103,7 @@ describe 'security_firewall_any_any_deny' do
103
103
  end
104
104
 
105
105
  it 'should create a warning' do
106
- expect(problems).to contain_warning(msg).on_line(2).in_column(29)
106
+ expect(problems).to contain_warning(msg).on_line(2).in_column(28)
107
107
  end
108
108
  end
109
109
 
@@ -18,7 +18,7 @@ describe 'security_firewall_puppetmaster_any_deny' do
18
18
  end
19
19
 
20
20
  it 'should create a warning' do
21
- expect(problems).to contain_warning(msg).on_line(2).in_column(38)
21
+ expect(problems).to contain_warning(msg).on_line(2).in_column(37)
22
22
  end
23
23
  end
24
24
 
@@ -37,7 +37,7 @@ describe 'security_firewall_puppetmaster_any_deny' do
37
37
  end
38
38
 
39
39
  it 'should create a warning' do
40
- expect(problems).to contain_warning(msg).on_line(2).in_column(38)
40
+ expect(problems).to contain_warning(msg).on_line(2).in_column(37)
41
41
  end
42
42
  end
43
43
 
@@ -15,7 +15,7 @@ tidy { '/usr/local':
15
15
  end
16
16
 
17
17
  it 'should create a warning' do
18
- expect(problems).to contain_warning(msg).on_line(2).in_column(21)
18
+ expect(problems).to contain_warning(msg).on_line(2).in_column(20)
19
19
  end
20
20
  end
21
21
 
@@ -23,7 +23,7 @@ user {'myroot':
23
23
  end
24
24
 
25
25
  it 'should create a error' do
26
- expect(problems).to contain_error(msg).on_line(3).in_column(16)
26
+ expect(problems).to contain_error(msg).on_line(3).in_column(15)
27
27
  end
28
28
  end
29
29
 
metadata CHANGED
@@ -1,114 +1,115 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: puppet-lint-security-plugins
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.7
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Florian Freund
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-11-01 00:00:00.000000000 Z
11
+ date: 2017-08-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: puppet-lint
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - "~>"
17
+ - - ~>
18
18
  - !ruby/object:Gem::Version
19
- version: '1.0'
19
+ version: '2.0'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - "~>"
24
+ - - ~>
25
25
  - !ruby/object:Gem::Version
26
- version: '1.0'
26
+ version: '2.0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rspec
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - "~>"
31
+ - - ~>
32
32
  - !ruby/object:Gem::Version
33
33
  version: '3.3'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - "~>"
38
+ - - ~>
39
39
  - !ruby/object:Gem::Version
40
40
  version: '3.3'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rspec-its
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - "~>"
45
+ - - ~>
46
46
  - !ruby/object:Gem::Version
47
47
  version: '1.0'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - "~>"
52
+ - - ~>
53
53
  - !ruby/object:Gem::Version
54
54
  version: '1.0'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: rspec-collection_matchers
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
- - - "~>"
59
+ - - ~>
60
60
  - !ruby/object:Gem::Version
61
61
  version: '1.0'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
- - - "~>"
66
+ - - ~>
67
67
  - !ruby/object:Gem::Version
68
68
  version: '1.0'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rake
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
- - - ">="
73
+ - - '>='
74
74
  - !ruby/object:Gem::Version
75
75
  version: '0'
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
- - - ">="
80
+ - - '>='
81
81
  - !ruby/object:Gem::Version
82
82
  version: '0'
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: mail
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
- - - ">="
87
+ - - '>='
88
88
  - !ruby/object:Gem::Version
89
89
  version: '0'
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
- - - ">="
94
+ - - '>='
95
95
  - !ruby/object:Gem::Version
96
96
  version: '0'
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: yard
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
- - - ">="
101
+ - - '>='
102
102
  - !ruby/object:Gem::Version
103
103
  version: '0'
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
- - - ">="
108
+ - - '>='
109
109
  - !ruby/object:Gem::Version
110
110
  version: '0'
111
- description: " Checks puppet manifests for security related problems.\n"
111
+ description: |2
112
+ Checks puppet manifests for security related problems.
112
113
  email: mail@floek.net
113
114
  executables: []
114
115
  extensions: []
@@ -181,17 +182,17 @@ require_paths:
181
182
  - lib
182
183
  required_ruby_version: !ruby/object:Gem::Requirement
183
184
  requirements:
184
- - - ">="
185
+ - - '>='
185
186
  - !ruby/object:Gem::Version
186
187
  version: '0'
187
188
  required_rubygems_version: !ruby/object:Gem::Requirement
188
189
  requirements:
189
- - - ">="
190
+ - - '>='
190
191
  - !ruby/object:Gem::Version
191
192
  version: '0'
192
193
  requirements: []
193
194
  rubyforge_project:
194
- rubygems_version: 2.0.14
195
+ rubygems_version: 2.0.14.1
195
196
  signing_key:
196
197
  specification_version: 4
197
198
  summary: A puppet-lint plugin to check security issues.