puppet-lint 4.1.0 → 4.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3953f32f31f48881c186abdd6a5ce57c2debaf28d24afc4b207a2a84a2065ccf
-  data.tar.gz: 60730e1ecb6cbf54f72f23bbb96769d181b9132a2fb756bdc858949e953d3467
+  metadata.gz: 69069ebb59ecc423674d2918bf4493ae0da816b8d9a6f3da7db8a34cc7e657bf
+  data.tar.gz: 28cfb8db332d53efcaab17e412a1f965a382a341aa3696c2148116ce18b4570b
 SHA512:
-  metadata.gz: 2421fd601c8e371f8bcfa8ffff3f5f9674fa1334d7ced66e1c0bd4a376c8365822f57b11a6d3ad80e134ea2b6faf6c20281e3497715b34c3c22db163e424cb2e
-  data.tar.gz: 5ab8e9650e45521eb84ea8c8f89d0970c90f919bd51e82dc6be73fc5a2b0944875673a16058ad0894288730358772ef82f07540a8ac0230bdb32aa5727abab46
+  metadata.gz: 3f951b0291881ea53286adf57085a8cc0ef5164028ca2c815b05bd196f4f35f038d10910fb417d03465590ba0af20a835fceaa1037808f5a697d8c1ce0ce3b76
+  data.tar.gz: 4c6347b7c83ab801cc03994c4422239ebec41ce851179f4362c43b0aa012f61ea362aebc27b0a8da5abd3c42fea1274d10c97092782f24635d95eb9b96612b03

data/lib/puppet-lint/version.rb

@@ -1,3 +1,3 @@
 class PuppetLint
-  VERSION = '4.1.0'.freeze
+  VERSION = '4.2.0'.freeze
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: puppet-lint
 version: !ruby/object:Gem::Version
-  version: 4.1.0
+  version: 4.2.0
 platform: ruby
 authors:
 - Tim Sharpe
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-08-25 00:00:00.000000000 Z
+date: 2023-08-29 00:00:00.000000000 Z
 dependencies: []
 description: "    Checks your Puppet manifests against the Puppetlabs style guide
   and alerts you to any discrepancies.\n"
@@ -66,7 +66,6 @@ files:
 - lib/puppet-lint/plugins/check_strings/quoted_booleans.rb
 - lib/puppet-lint/plugins/check_strings/single_quote_string_with_variables.rb
 - lib/puppet-lint/plugins/check_strings/variables_not_enclosed.rb
-- lib/puppet-lint/plugins/check_unsafe_interpolations/check_unsafe_interpolations.rb
 - lib/puppet-lint/plugins/check_variables/variable_contains_dash.rb
 - lib/puppet-lint/plugins/check_variables/variable_is_lowercase.rb
 - lib/puppet-lint/plugins/check_whitespace/140chars.rb
@@ -140,7 +139,6 @@ files:
 - spec/unit/puppet-lint/plugins/check_strings/quoted_booleans_spec.rb
 - spec/unit/puppet-lint/plugins/check_strings/single_quote_string_with_variables_spec.rb
 - spec/unit/puppet-lint/plugins/check_strings/variables_not_enclosed_spec.rb
-- spec/unit/puppet-lint/plugins/check_unsafe_interpolations/check_unsafe_interpolations_spec.rb
 - spec/unit/puppet-lint/plugins/check_variables/variable_contains_dash_spec.rb
 - spec/unit/puppet-lint/plugins/check_variables/variable_is_lowercase_spec.rb
 - spec/unit/puppet-lint/plugins/check_whitespace/140chars_spec.rb

data/lib/puppet-lint/plugins/check_unsafe_interpolations/check_unsafe_interpolations.rb

@@ -1,130 +0,0 @@
-COMMANDS = Array['command', 'onlyif', 'unless']
-INTERPOLATED_STRINGS = Array[:DQPRE, :DQMID]
-USELESS_CHARS = Array[:WHITESPACE, :COMMA]
-
-PuppetLint.new_check(:check_unsafe_interpolations) do
-  def check
-    # Gather any exec commands' resources into an array
-    exec_resources = resource_indexes.filter_map do |resource|
-      resource_parameters = resource[:param_tokens].map(&:value)
-      resource if resource[:type].value == 'exec' && !(COMMANDS & resource_parameters).empty?
-    end
-
-    # Iterate over title tokens and raise a warning if any are variables
-    unless get_exec_titles.empty?
-      get_exec_titles.each do |title|
-        check_unsafe_title(title)
-      end
-    end
-
-    # Iterate over each command found in any exec
-    exec_resources.each do |command_resources|
-      check_unsafe_interpolations(command_resources)
-    end
-  end
-
-  # Iterate over the tokens in a title and raise a warning if an interpolated variable is found
-  def check_unsafe_title(title)
-    title.each do |token|
-      notify_warning(token.next_code_token) if interpolated?(token)
-    end
-  end
-
-  # Iterates over an exec resource and if a command, onlyif or unless paramter is found, it is checked for unsafe interpolations
-  def check_unsafe_interpolations(command_resources)
-    command_resources[:tokens].each do |token|
-      # Skip iteration if token isn't a command of type :NAME
-      next unless COMMANDS.include?(token.value) && token.type == :NAME
-      # Don't check the command if it is parameterised
-      next if parameterised?(token)
-
-      check_command(token).each do |t|
-        notify_warning(t)
-      end
-    end
-  end
-
-  # Raises a warning given a token and message
-  def notify_warning(token)
-    notify :warning,
-           message: "unsafe interpolation of variable '#{token.value}' in exec command",
-           line: token.line,
-           column: token.column
-  end
-
-  # Iterates over the tokens in a command and adds it to an array of violations if it is an input variable
-  def check_command(token)
-    # Initialise variables needed in while loop
-    rule_violations = []
-    current_token = token
-
-    # Iterate through tokens in command
-    while current_token.type != :NEWLINE
-      # Check if token is a varibale and if it is parameterised
-      rule_violations.append(current_token.next_code_token) if interpolated?(current_token)
-      current_token = current_token.next_token
-    end
-
-    rule_violations
-  end
-
-  # A command is parameterised if its args are placed in an array
-  # This function checks if the current token is a :FARROW and if so, if it is followed by an LBRACK
-  def parameterised?(token)
-    current_token = token
-    while current_token.type != :NEWLINE
-      return true if current_token.type == :FARROW && current_token.next_token.next_token.type == :LBRACK
-
-      current_token = current_token.next_token
-    end
-  end
-
-  # This function is a replacement for puppet_lint's title_tokens function which assumes titles have single quotes
-  # This function adds a check for titles in double quotes where there could be interpolated variables
-  def get_exec_titles
-    result = []
-    tokens.each_with_index do |_token, token_idx|
-      next if tokens[token_idx].value != 'exec'
-
-      # We have a resource declaration. Now find the title
-      tokens_array = []
-      # Check if title is an array
-      if tokens[token_idx]&.next_code_token&.next_code_token&.type == :LBRACK
-        # Get the start and end indices of the array of titles
-        array_start_idx = tokens.rindex { |r| r.type == :LBRACK }
-        array_end_idx = tokens.rindex { |r| r.type == :RBRACK }
-
-        # Grab everything within the array
-        title_array_tokens = tokens[(array_start_idx + 1)..(array_end_idx - 1)]
-        tokens_array.concat(title_array_tokens.reject do |token|
-          USELESS_CHARS.include?(token.type)
-        end)
-        result << tokens_array
-      # Check if title is double quotes string
-      elsif tokens[token_idx].next_code_token.next_code_token.type == :DQPRE
-        # Find the start and end of the title
-        title_start_idx = tokens.find_index(tokens[token_idx].next_code_token.next_code_token)
-        title_end_idx = title_start_idx + index_offset_for(':', tokens[title_start_idx..tokens.length])
-
-        result << tokens[title_start_idx..title_end_idx]
-      # Title is in single quotes
-      else
-        tokens_array.concat([tokens[token_idx].next_code_token.next_code_token])
-
-        result << tokens_array
-      end
-    end
-    result
-  end
-
-  def interpolated?(token)
-    INTERPOLATED_STRINGS.include?(token.type)
-  end
-
-  # Finds the index offset of the next instance of `value` in `tokens_slice` from the original index
-  def index_offset_for(value, tokens_slice)
-    tokens_slice.each_with_index do |token, i|
-      return i if value.include?(token.value)
-    end
-  end
-end

data/spec/unit/puppet-lint/plugins/check_unsafe_interpolations/check_unsafe_interpolations_spec.rb

@@ -1,186 +0,0 @@
-require 'spec_helper'
-
-describe 'check_unsafe_interpolations' do
-  let(:msg) { "unsafe interpolation of variable 'foo' in exec command" }
-
-  context 'with fix disabled' do
-    context 'exec with unsafe interpolation in command' do
-      let(:code) do
-        <<-PUPPET
-        class foo {
-
-          exec { 'bar':
-            command => "echo ${foo}",
-          }
-
-        }
-        PUPPET
-      end
-
-      it 'detects an unsafe exec command argument' do
-        expect(problems).to have(1).problems
-      end
-
-      it 'creates one warning' do
-        expect(problems).to contain_warning(msg)
-      end
-    end
-
-    context 'exec with multiple unsafe interpolations in command' do
-      let(:code) do
-        <<-PUPPET
-        class foo {
-
-          exec { 'bar':
-            command => "echo ${foo} ${bar}",
-          }
-
-        }
-        PUPPET
-      end
-
-      it 'detects multiple unsafe exec command arguments' do
-        expect(problems).to have(2).problems
-      end
-
-      it 'creates two warnings' do
-        expect(problems).to contain_warning(msg)
-        expect(problems).to contain_warning(msg)
-      end
-    end
-
-    context 'code that uses title with unsafe string as command' do
-      let(:code) do
-        <<-PUPPET
-        class foo {
-
-          exec { "echo ${foo}": }
-
-        }
-        PUPPET
-      end
-
-      it 'detects one problem' do
-        expect(problems).to have(1).problems
-      end
-
-      it 'creates one warning' do
-        expect(problems).to contain_warning(msg)
-      end
-    end
-
-    context 'exec with a safe string in command' do
-      let(:code) do
-        <<-PUPPET
-        class foo {
-
-          exec { 'bar':
-            command => "echo foo",
-          }
-
-        }
-        PUPPET
-      end
-
-      it 'detects zero problems' do
-        expect(problems).to have(0).problems
-      end
-    end
-
-    context 'exec that has an array of args in command' do
-      let(:code) do
-        <<-PUPPET
-        class foo {
-
-          exec { 'bar':
-            command => ['echo', $foo],
-          }
-        }
-        PUPPET
-      end
-
-      it 'detects zero problems' do
-        expect(problems).to have(0).problems
-      end
-    end
-
-    context 'exec that has an array of args in command' do
-      let(:code) do
-        <<-PUPPET
-        class foo {
-
-          exec { ["foo", "bar", "baz"]:
-            command => echo qux,
-          }
-        }
-        PUPPET
-      end
-
-      it 'detects zero problems' do
-        expect(problems).to have(0).problems
-      end
-    end
-
-    context 'file resource' do
-      let(:code) do
-        <<-PUPPET
-        class foo {
-          file { '/etc/bar':
-            ensure  => file,
-            backup  => false,
-            content => $baz,
-          }
-        }
-        PUPPET
-      end
-
-      it 'detects zero problems' do
-        expect(problems).to have(0).problems
-      end
-    end
-
-    context 'file resource and an exec with unsafe interpolation in command' do
-      let(:code) do
-        <<-PUPPET
-        class foo {
-          file { '/etc/bar':
-            ensure  => file,
-            backup  => false,
-            content => $baz,
-          }
-
-          exec { 'qux':
-            command => "echo ${foo}",
-          }
-        }
-        PUPPET
-      end
-
-      it 'detects one problem' do
-        expect(problems).to have(1).problems
-      end
-    end
-
-    context 'case statement and an exec' do
-      let(:code) do
-        <<-PUPPET
-        class foo {
-          case bar {
-            baz : {
-              echo qux
-            }
-          }
-
-          exec { 'foo':
-            command => "echo bar",
-          }
-        }
-        PUPPET
-      end
-
-      it 'detects zero problems' do
-        expect(problems).to have(0).problems
-      end
-    end
-  end
-end