puppet-lint 4.1.0 → 4.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +18 -4
- data/lib/puppet-lint/lexer.rb +2 -2
- data/lib/puppet-lint/plugins/legacy_facts/legacy_facts.rb +2 -2
- data/lib/puppet-lint/plugins/top_scope_facts/top_scope_facts.rb +4 -4
- data/lib/puppet-lint/version.rb +1 -1
- data/rubocop_baseline.yml +7 -0
- data/spec/spec_helper.rb +0 -1
- data/spec/unit/puppet-lint/checks_spec.rb +7 -2
- data/spec/unit/puppet-lint/ignore_overrides_spec.rb +6 -6
- data/spec/unit/puppet-lint/lexer_spec.rb +702 -699
- data/spec/unit/puppet-lint/plugins/check_classes/arrow_on_right_operand_line_spec.rb +5 -5
- data/spec/unit/puppet-lint/plugins/check_classes/autoloader_layout_spec.rb +8 -8
- data/spec/unit/puppet-lint/plugins/check_classes/class_inherits_from_params_class_spec.rb +2 -2
- data/spec/unit/puppet-lint/plugins/check_classes/code_on_top_scope_spec.rb +2 -1
- data/spec/unit/puppet-lint/plugins/check_classes/inherits_across_namespaces_spec.rb +3 -3
- data/spec/unit/puppet-lint/plugins/check_classes/name_contains_uppercase_spec.rb +3 -3
- data/spec/unit/puppet-lint/plugins/check_classes/names_containing_dash_spec.rb +3 -3
- data/spec/unit/puppet-lint/plugins/check_classes/nested_classes_or_defines_spec.rb +5 -5
- data/spec/unit/puppet-lint/plugins/check_classes/parameter_order_spec.rb +14 -14
- data/spec/unit/puppet-lint/plugins/check_classes/right_to_left_relationship_spec.rb +2 -2
- data/spec/unit/puppet-lint/plugins/check_classes/variable_scope_spec.rb +21 -21
- data/spec/unit/puppet-lint/plugins/check_comments/slash_comments_spec.rb +2 -2
- data/spec/unit/puppet-lint/plugins/check_comments/star_comments_spec.rb +4 -4
- data/spec/unit/puppet-lint/plugins/check_conditionals/case_without_default_spec.rb +6 -6
- data/spec/unit/puppet-lint/plugins/check_conditionals/selector_inside_resource_spec.rb +2 -2
- data/spec/unit/puppet-lint/plugins/check_documentation/documentation_spec.rb +5 -5
- data/spec/unit/puppet-lint/plugins/check_nodes/unquoted_node_name_spec.rb +11 -11
- data/spec/unit/puppet-lint/plugins/check_resources/duplicate_params_spec.rb +6 -6
- data/spec/unit/puppet-lint/plugins/check_resources/ensure_first_param_spec.rb +12 -12
- data/spec/unit/puppet-lint/plugins/check_resources/ensure_not_symlink_target_spec.rb +4 -4
- data/spec/unit/puppet-lint/plugins/check_resources/file_mode_spec.rb +22 -22
- data/spec/unit/puppet-lint/plugins/check_resources/unquoted_file_mode_spec.rb +8 -8
- data/spec/unit/puppet-lint/plugins/check_resources/unquoted_resource_title_spec.rb +13 -13
- data/spec/unit/puppet-lint/plugins/check_strings/double_quoted_strings_spec.rb +18 -18
- data/spec/unit/puppet-lint/plugins/check_strings/only_variable_string_spec.rb +6 -6
- data/spec/unit/puppet-lint/plugins/check_strings/puppet_url_without_modules_spec.rb +4 -4
- data/spec/unit/puppet-lint/plugins/check_strings/quoted_booleans_spec.rb +8 -8
- data/spec/unit/puppet-lint/plugins/check_strings/single_quote_string_with_variables_spec.rb +3 -3
- data/spec/unit/puppet-lint/plugins/check_strings/variables_not_enclosed_spec.rb +7 -7
- data/spec/unit/puppet-lint/plugins/check_variables/variable_contains_dash_spec.rb +2 -2
- data/spec/unit/puppet-lint/plugins/check_variables/variable_is_lowercase_spec.rb +5 -5
- data/spec/unit/puppet-lint/plugins/check_whitespace/140chars_spec.rb +4 -4
- data/spec/unit/puppet-lint/plugins/check_whitespace/2sp_soft_tabs_spec.rb +1 -1
- data/spec/unit/puppet-lint/plugins/check_whitespace/80chars_spec.rb +4 -4
- data/spec/unit/puppet-lint/plugins/check_whitespace/arrow_alignment_spec.rb +37 -37
- data/spec/unit/puppet-lint/plugins/check_whitespace/hard_tabs_spec.rb +2 -2
- data/spec/unit/puppet-lint/plugins/check_whitespace/trailing_whitespace_spec.rb +6 -6
- data/spec/unit/puppet-lint/plugins/legacy_facts/legacy_facts_spec.rb +83 -75
- data/spec/unit/puppet-lint/plugins/top_scope_facts/top_scope_facts_spec.rb +19 -19
- metadata +6 -6
- data/lib/puppet-lint/plugins/check_unsafe_interpolations/check_unsafe_interpolations.rb +0 -130
- data/spec/unit/puppet-lint/plugins/check_unsafe_interpolations/check_unsafe_interpolations_spec.rb +0 -186
@@ -1,130 +0,0 @@
|
|
1
|
-
COMMANDS = Array['command', 'onlyif', 'unless']
|
2
|
-
INTERPOLATED_STRINGS = Array[:DQPRE, :DQMID]
|
3
|
-
USELESS_CHARS = Array[:WHITESPACE, :COMMA]
|
4
|
-
|
5
|
-
PuppetLint.new_check(:check_unsafe_interpolations) do
|
6
|
-
def check
|
7
|
-
# Gather any exec commands' resources into an array
|
8
|
-
exec_resources = resource_indexes.filter_map do |resource|
|
9
|
-
resource_parameters = resource[:param_tokens].map(&:value)
|
10
|
-
resource if resource[:type].value == 'exec' && !(COMMANDS & resource_parameters).empty?
|
11
|
-
end
|
12
|
-
|
13
|
-
# Iterate over title tokens and raise a warning if any are variables
|
14
|
-
unless get_exec_titles.empty?
|
15
|
-
get_exec_titles.each do |title|
|
16
|
-
check_unsafe_title(title)
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
# Iterate over each command found in any exec
|
21
|
-
exec_resources.each do |command_resources|
|
22
|
-
check_unsafe_interpolations(command_resources)
|
23
|
-
end
|
24
|
-
end
|
25
|
-
|
26
|
-
# Iterate over the tokens in a title and raise a warning if an interpolated variable is found
|
27
|
-
def check_unsafe_title(title)
|
28
|
-
title.each do |token|
|
29
|
-
notify_warning(token.next_code_token) if interpolated?(token)
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
33
|
-
# Iterates over an exec resource and if a command, onlyif or unless paramter is found, it is checked for unsafe interpolations
|
34
|
-
def check_unsafe_interpolations(command_resources)
|
35
|
-
command_resources[:tokens].each do |token|
|
36
|
-
# Skip iteration if token isn't a command of type :NAME
|
37
|
-
next unless COMMANDS.include?(token.value) && token.type == :NAME
|
38
|
-
# Don't check the command if it is parameterised
|
39
|
-
next if parameterised?(token)
|
40
|
-
|
41
|
-
check_command(token).each do |t|
|
42
|
-
notify_warning(t)
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
# Raises a warning given a token and message
|
48
|
-
def notify_warning(token)
|
49
|
-
notify :warning,
|
50
|
-
message: "unsafe interpolation of variable '#{token.value}' in exec command",
|
51
|
-
line: token.line,
|
52
|
-
column: token.column
|
53
|
-
end
|
54
|
-
|
55
|
-
# Iterates over the tokens in a command and adds it to an array of violations if it is an input variable
|
56
|
-
def check_command(token)
|
57
|
-
# Initialise variables needed in while loop
|
58
|
-
rule_violations = []
|
59
|
-
current_token = token
|
60
|
-
|
61
|
-
# Iterate through tokens in command
|
62
|
-
while current_token.type != :NEWLINE
|
63
|
-
# Check if token is a varibale and if it is parameterised
|
64
|
-
rule_violations.append(current_token.next_code_token) if interpolated?(current_token)
|
65
|
-
current_token = current_token.next_token
|
66
|
-
end
|
67
|
-
|
68
|
-
rule_violations
|
69
|
-
end
|
70
|
-
|
71
|
-
# A command is parameterised if its args are placed in an array
|
72
|
-
# This function checks if the current token is a :FARROW and if so, if it is followed by an LBRACK
|
73
|
-
def parameterised?(token)
|
74
|
-
current_token = token
|
75
|
-
while current_token.type != :NEWLINE
|
76
|
-
return true if current_token.type == :FARROW && current_token.next_token.next_token.type == :LBRACK
|
77
|
-
|
78
|
-
current_token = current_token.next_token
|
79
|
-
end
|
80
|
-
end
|
81
|
-
|
82
|
-
# This function is a replacement for puppet_lint's title_tokens function which assumes titles have single quotes
|
83
|
-
# This function adds a check for titles in double quotes where there could be interpolated variables
|
84
|
-
def get_exec_titles
|
85
|
-
result = []
|
86
|
-
tokens.each_with_index do |_token, token_idx|
|
87
|
-
next if tokens[token_idx].value != 'exec'
|
88
|
-
|
89
|
-
# We have a resource declaration. Now find the title
|
90
|
-
tokens_array = []
|
91
|
-
# Check if title is an array
|
92
|
-
if tokens[token_idx]&.next_code_token&.next_code_token&.type == :LBRACK
|
93
|
-
# Get the start and end indices of the array of titles
|
94
|
-
array_start_idx = tokens.rindex { |r| r.type == :LBRACK }
|
95
|
-
array_end_idx = tokens.rindex { |r| r.type == :RBRACK }
|
96
|
-
|
97
|
-
# Grab everything within the array
|
98
|
-
title_array_tokens = tokens[(array_start_idx + 1)..(array_end_idx - 1)]
|
99
|
-
tokens_array.concat(title_array_tokens.reject do |token|
|
100
|
-
USELESS_CHARS.include?(token.type)
|
101
|
-
end)
|
102
|
-
result << tokens_array
|
103
|
-
# Check if title is double quotes string
|
104
|
-
elsif tokens[token_idx].next_code_token.next_code_token.type == :DQPRE
|
105
|
-
# Find the start and end of the title
|
106
|
-
title_start_idx = tokens.find_index(tokens[token_idx].next_code_token.next_code_token)
|
107
|
-
title_end_idx = title_start_idx + index_offset_for(':', tokens[title_start_idx..tokens.length])
|
108
|
-
|
109
|
-
result << tokens[title_start_idx..title_end_idx]
|
110
|
-
# Title is in single quotes
|
111
|
-
else
|
112
|
-
tokens_array.concat([tokens[token_idx].next_code_token.next_code_token])
|
113
|
-
|
114
|
-
result << tokens_array
|
115
|
-
end
|
116
|
-
end
|
117
|
-
result
|
118
|
-
end
|
119
|
-
|
120
|
-
def interpolated?(token)
|
121
|
-
INTERPOLATED_STRINGS.include?(token.type)
|
122
|
-
end
|
123
|
-
|
124
|
-
# Finds the index offset of the next instance of `value` in `tokens_slice` from the original index
|
125
|
-
def index_offset_for(value, tokens_slice)
|
126
|
-
tokens_slice.each_with_index do |token, i|
|
127
|
-
return i if value.include?(token.value)
|
128
|
-
end
|
129
|
-
end
|
130
|
-
end
|
data/spec/unit/puppet-lint/plugins/check_unsafe_interpolations/check_unsafe_interpolations_spec.rb
DELETED
@@ -1,186 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
describe 'check_unsafe_interpolations' do
|
4
|
-
let(:msg) { "unsafe interpolation of variable 'foo' in exec command" }
|
5
|
-
|
6
|
-
context 'with fix disabled' do
|
7
|
-
context 'exec with unsafe interpolation in command' do
|
8
|
-
let(:code) do
|
9
|
-
<<-PUPPET
|
10
|
-
class foo {
|
11
|
-
|
12
|
-
exec { 'bar':
|
13
|
-
command => "echo ${foo}",
|
14
|
-
}
|
15
|
-
|
16
|
-
}
|
17
|
-
PUPPET
|
18
|
-
end
|
19
|
-
|
20
|
-
it 'detects an unsafe exec command argument' do
|
21
|
-
expect(problems).to have(1).problems
|
22
|
-
end
|
23
|
-
|
24
|
-
it 'creates one warning' do
|
25
|
-
expect(problems).to contain_warning(msg)
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
|
-
context 'exec with multiple unsafe interpolations in command' do
|
30
|
-
let(:code) do
|
31
|
-
<<-PUPPET
|
32
|
-
class foo {
|
33
|
-
|
34
|
-
exec { 'bar':
|
35
|
-
command => "echo ${foo} ${bar}",
|
36
|
-
}
|
37
|
-
|
38
|
-
}
|
39
|
-
PUPPET
|
40
|
-
end
|
41
|
-
|
42
|
-
it 'detects multiple unsafe exec command arguments' do
|
43
|
-
expect(problems).to have(2).problems
|
44
|
-
end
|
45
|
-
|
46
|
-
it 'creates two warnings' do
|
47
|
-
expect(problems).to contain_warning(msg)
|
48
|
-
expect(problems).to contain_warning(msg)
|
49
|
-
end
|
50
|
-
end
|
51
|
-
|
52
|
-
context 'code that uses title with unsafe string as command' do
|
53
|
-
let(:code) do
|
54
|
-
<<-PUPPET
|
55
|
-
class foo {
|
56
|
-
|
57
|
-
exec { "echo ${foo}": }
|
58
|
-
|
59
|
-
}
|
60
|
-
PUPPET
|
61
|
-
end
|
62
|
-
|
63
|
-
it 'detects one problem' do
|
64
|
-
expect(problems).to have(1).problems
|
65
|
-
end
|
66
|
-
|
67
|
-
it 'creates one warning' do
|
68
|
-
expect(problems).to contain_warning(msg)
|
69
|
-
end
|
70
|
-
end
|
71
|
-
|
72
|
-
context 'exec with a safe string in command' do
|
73
|
-
let(:code) do
|
74
|
-
<<-PUPPET
|
75
|
-
class foo {
|
76
|
-
|
77
|
-
exec { 'bar':
|
78
|
-
command => "echo foo",
|
79
|
-
}
|
80
|
-
|
81
|
-
}
|
82
|
-
PUPPET
|
83
|
-
end
|
84
|
-
|
85
|
-
it 'detects zero problems' do
|
86
|
-
expect(problems).to have(0).problems
|
87
|
-
end
|
88
|
-
end
|
89
|
-
|
90
|
-
context 'exec that has an array of args in command' do
|
91
|
-
let(:code) do
|
92
|
-
<<-PUPPET
|
93
|
-
class foo {
|
94
|
-
|
95
|
-
exec { 'bar':
|
96
|
-
command => ['echo', $foo],
|
97
|
-
}
|
98
|
-
}
|
99
|
-
PUPPET
|
100
|
-
end
|
101
|
-
|
102
|
-
it 'detects zero problems' do
|
103
|
-
expect(problems).to have(0).problems
|
104
|
-
end
|
105
|
-
end
|
106
|
-
|
107
|
-
context 'exec that has an array of args in command' do
|
108
|
-
let(:code) do
|
109
|
-
<<-PUPPET
|
110
|
-
class foo {
|
111
|
-
|
112
|
-
exec { ["foo", "bar", "baz"]:
|
113
|
-
command => echo qux,
|
114
|
-
}
|
115
|
-
}
|
116
|
-
PUPPET
|
117
|
-
end
|
118
|
-
|
119
|
-
it 'detects zero problems' do
|
120
|
-
expect(problems).to have(0).problems
|
121
|
-
end
|
122
|
-
end
|
123
|
-
|
124
|
-
context 'file resource' do
|
125
|
-
let(:code) do
|
126
|
-
<<-PUPPET
|
127
|
-
class foo {
|
128
|
-
file { '/etc/bar':
|
129
|
-
ensure => file,
|
130
|
-
backup => false,
|
131
|
-
content => $baz,
|
132
|
-
}
|
133
|
-
}
|
134
|
-
PUPPET
|
135
|
-
end
|
136
|
-
|
137
|
-
it 'detects zero problems' do
|
138
|
-
expect(problems).to have(0).problems
|
139
|
-
end
|
140
|
-
end
|
141
|
-
|
142
|
-
context 'file resource and an exec with unsafe interpolation in command' do
|
143
|
-
let(:code) do
|
144
|
-
<<-PUPPET
|
145
|
-
class foo {
|
146
|
-
file { '/etc/bar':
|
147
|
-
ensure => file,
|
148
|
-
backup => false,
|
149
|
-
content => $baz,
|
150
|
-
}
|
151
|
-
|
152
|
-
exec { 'qux':
|
153
|
-
command => "echo ${foo}",
|
154
|
-
}
|
155
|
-
}
|
156
|
-
PUPPET
|
157
|
-
end
|
158
|
-
|
159
|
-
it 'detects one problem' do
|
160
|
-
expect(problems).to have(1).problems
|
161
|
-
end
|
162
|
-
end
|
163
|
-
|
164
|
-
context 'case statement and an exec' do
|
165
|
-
let(:code) do
|
166
|
-
<<-PUPPET
|
167
|
-
class foo {
|
168
|
-
case bar {
|
169
|
-
baz : {
|
170
|
-
echo qux
|
171
|
-
}
|
172
|
-
}
|
173
|
-
|
174
|
-
exec { 'foo':
|
175
|
-
command => "echo bar",
|
176
|
-
}
|
177
|
-
}
|
178
|
-
PUPPET
|
179
|
-
end
|
180
|
-
|
181
|
-
it 'detects zero problems' do
|
182
|
-
expect(problems).to have(0).problems
|
183
|
-
end
|
184
|
-
end
|
185
|
-
end
|
186
|
-
end
|