puppet-sec-lint 0.1.1 → 0.5.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/main.yml +4 -2
- data/.idea/puppet-sec-lint.iml +7 -4
- data/Gemfile +3 -1
- data/Gemfile.lock +14 -1
- data/README.md +36 -17
- data/_config.yml +1 -0
- data/docs/404.html +24 -0
- data/docs/Gemfile +30 -0
- data/docs/Gemfile.lock +275 -0
- data/docs/_config.yml +41 -0
- data/docs/_posts/2021-05-03-welcome-to-jekyll.markdown +25 -0
- data/docs/_site/404.html +71 -0
- data/docs/_site/feed.xml +13 -0
- data/docs/_site/index.html +1 -0
- data/docs/_site/jekyll/update/2021/05/03/welcome-to-jekyll.html +77 -0
- data/docs/hard-coded-credentials.md +17 -0
- data/docs/images/puppet-sec-lint_console.png +0 -0
- data/docs/images/puppet-sec-lint_vscode.png +0 -0
- data/docs/index.md +6 -0
- data/exe/puppet-sec-lint +81 -15
- data/file.pp +77 -0
- data/lib/configurations/configuration.rb +2 -1
- data/lib/configurations/regex_configuration.rb +9 -0
- data/lib/facades/configuration_file_facade.rb +3 -1
- data/lib/facades/configuration_page_facade.rb +6 -0
- data/lib/lol.pp +6 -6
- data/lib/puppet-sec-lint/version.rb +3 -1
- data/lib/rule_engine.rb +15 -3
- data/lib/rules/admin_by_default_rule.rb +33 -0
- data/lib/rules/cyrillic_homograph_attack.rb +27 -0
- data/lib/rules/empty_password_rule.rb +35 -0
- data/lib/rules/hard_coded_credentials_rule.rb +22 -31
- data/lib/rules/invalid_ip_addr_binding_rule.rb +37 -0
- data/lib/rules/no_http_rule.rb +26 -9
- data/lib/rules/rule.rb +72 -0
- data/lib/rules/suspicious_comment_rule.rb +28 -0
- data/lib/rules/use_weak_crypto_algorithms_rule.rb +28 -0
- data/lib/servers/language_server.rb +101 -0
- data/lib/servers/linter_server.rb +52 -0
- data/lib/settings.ini +39 -0
- data/lib/{sin.rb → sin/sin.rb} +6 -1
- data/lib/sin/sin_type.rb +44 -0
- data/lib/test.txt +15 -0
- data/lib/test2.rb +16 -0
- data/lib/test3.rb +32 -0
- data/lib/test_new.rb +19 -0
- data/puppet-sec-lint.gemspec +7 -1
- metadata +138 -7
- data/lib/language_server.rb +0 -78
- data/lib/sin_type.rb +0 -12
- data/puppet-sec-lint-0.1.0.gem +0 -0
@@ -0,0 +1,28 @@
|
|
1
|
+
require_relative '../configurations/list_configuration'
|
2
|
+
|
3
|
+
class SuspiciousCommentRule < Rule
|
4
|
+
@trigger_words = %w[hack fixme later later2 todo ticket launchpad bug to-do]
|
5
|
+
@suspicious = /hack|fixme|ticket|bug|secur|debug|defect|weak/
|
6
|
+
|
7
|
+
@trigger_words_conf = ListConfiguration.new("List of trigger words", @trigger_words, "List of words that identify a suspicious comment")
|
8
|
+
@suspicious_conf = RegexConfiguration.new("Regular expression of keywords present in suspicious comments", @suspicious, "Regular expression that identifies words that are immediately considered suspicious comments that shouldn't be present in a finalized product.")
|
9
|
+
|
10
|
+
@configurations+=[@trigger_words_conf, @suspicious_conf]
|
11
|
+
|
12
|
+
@name = "Suspicious comments"
|
13
|
+
|
14
|
+
def self.AnalyzeTokens(tokens)
|
15
|
+
result = []
|
16
|
+
|
17
|
+
ftokens = self.get_comments(tokens)
|
18
|
+
ftokens.each do |token|
|
19
|
+
token_value = token.value.downcase
|
20
|
+
token_type = token.type.to_s
|
21
|
+
if (token_value =~ @suspicious_conf.value)
|
22
|
+
result.append(Sin.new(SinType::SuspiciousComments, token.line, token.column, token.line, token.column+token_value.length))
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
return result
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
require_relative '../configurations/list_configuration'
|
2
|
+
|
3
|
+
class UseWeakCryptoAlgorithmsRule < Rule
|
4
|
+
@name = "Use of weak crypto algorithm"
|
5
|
+
|
6
|
+
@poor_crypto = /^(sha1|md5)/
|
7
|
+
|
8
|
+
@poor_crypto_conf = RegexConfiguration.new("Regular expression of weak Crypto Algorithms", @poor_crypto, "Regular expression for names of known weak Cryptographic algorithms that shouldn't be used to secure sensitive information.")
|
9
|
+
|
10
|
+
@configurations+=[@poor_crypto_conf]
|
11
|
+
|
12
|
+
def self.AnalyzeTokens(tokens)
|
13
|
+
result = []
|
14
|
+
|
15
|
+
tokens.each do |token|
|
16
|
+
token_value = token.value.downcase
|
17
|
+
token_type = token.type.to_s
|
18
|
+
if !token.next_token.nil?
|
19
|
+
next_token_type = token.next_token.type.to_s
|
20
|
+
end
|
21
|
+
if (token_value =~ @poor_crypto_conf.value) && (next_token_type.eql? "LPAREN")
|
22
|
+
result.append(Sin.new(SinType::WeakCryptoAlgorithm, token.line, token.column, token.line, token.column+token_value.length))
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
return result
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,101 @@
|
|
1
|
+
require 'json'
|
2
|
+
require 'uri'
|
3
|
+
require 'socket'
|
4
|
+
require_relative '../rule_engine'
|
5
|
+
require_relative '../visitors/configuration_visitor'
|
6
|
+
require_relative '../facades/configuration_page_facade'
|
7
|
+
require_relative '../facades/configuration_file_facade'
|
8
|
+
|
9
|
+
class LanguageServer
|
10
|
+
ConfigurationVisitor.GenerateIDs
|
11
|
+
ConfigurationFileFacade.LoadConfigurations
|
12
|
+
|
13
|
+
def self.start(port)
|
14
|
+
port ||= 5007
|
15
|
+
server = TCPServer.open(port)
|
16
|
+
|
17
|
+
loop {
|
18
|
+
Thread.fork(server.accept) do |client|
|
19
|
+
while line=client.gets
|
20
|
+
length=Integer(line.scan(/\d/).join(''))
|
21
|
+
line=client.read(length+2)
|
22
|
+
request = JSON.parse(line)
|
23
|
+
puts line
|
24
|
+
|
25
|
+
method_name = request['method'].sub('/', '_')
|
26
|
+
response = if self.respond_to? "client_"+method_name then self.send("client_"+method_name,request['id'],request['params']) end
|
27
|
+
|
28
|
+
if not response.nil?
|
29
|
+
client.flush
|
30
|
+
client.print("Content-Length: "+response.length.to_s+"\r\n\r\n")
|
31
|
+
client.print(response)
|
32
|
+
puts response
|
33
|
+
end
|
34
|
+
end
|
35
|
+
client.close
|
36
|
+
end
|
37
|
+
}
|
38
|
+
end
|
39
|
+
|
40
|
+
def self.client_initialize(id,params)
|
41
|
+
return JSON.generate({
|
42
|
+
jsonrpc: '2.0',
|
43
|
+
result: {
|
44
|
+
capabilities: {
|
45
|
+
textDocumentSync:1,
|
46
|
+
implementationProvider: "true"
|
47
|
+
}
|
48
|
+
},
|
49
|
+
id: id
|
50
|
+
})
|
51
|
+
end
|
52
|
+
|
53
|
+
def self.client_textDocument_didOpen(id,params)
|
54
|
+
uri = params["textDocument"]["uri"]
|
55
|
+
version = params["textDocument"]["version"]
|
56
|
+
code = params['textDocument']['text']
|
57
|
+
return self.generate_diagnostics(uri,version,code)
|
58
|
+
return
|
59
|
+
end
|
60
|
+
|
61
|
+
def self.client_textDocument_didChange(id,params)
|
62
|
+
uri = params["textDocument"]["uri"]
|
63
|
+
version = params["textDocument"]["version"]
|
64
|
+
code = params['contentChanges'][0]['text']
|
65
|
+
return self.generate_diagnostics(uri,version,code)
|
66
|
+
return
|
67
|
+
end
|
68
|
+
|
69
|
+
def self.generate_diagnostics(uri,version,code)
|
70
|
+
result = RuleEngine.analyzeDocument(code) #convert to json
|
71
|
+
|
72
|
+
diagnostics = []
|
73
|
+
|
74
|
+
result.each do |sin|
|
75
|
+
diagnostics.append({
|
76
|
+
range:{
|
77
|
+
start: { line: sin.begin_line-1, character: sin.begin_char },
|
78
|
+
end: { line: sin.end_line-1, character: sin.end_char }
|
79
|
+
},
|
80
|
+
severity: 2,
|
81
|
+
code: {
|
82
|
+
value:sin.type[:name],
|
83
|
+
target:sin.type[:solution]
|
84
|
+
},
|
85
|
+
source:'Puppet-sec-lint',
|
86
|
+
message: sin.type[:message]
|
87
|
+
})
|
88
|
+
end
|
89
|
+
|
90
|
+
return JSON.generate({
|
91
|
+
jsonrpc: '2.0',
|
92
|
+
method: 'textDocument/publishDiagnostics',
|
93
|
+
params: {
|
94
|
+
uri: uri,
|
95
|
+
version: version,
|
96
|
+
diagnostics: diagnostics
|
97
|
+
}
|
98
|
+
})
|
99
|
+
end
|
100
|
+
|
101
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
require "rack"
|
2
|
+
require "thin"
|
3
|
+
require 'json'
|
4
|
+
require 'uri'
|
5
|
+
require_relative '../rule_engine'
|
6
|
+
require_relative '../visitors/configuration_visitor'
|
7
|
+
require_relative '../facades/configuration_page_facade'
|
8
|
+
require_relative '../facades/configuration_file_facade'
|
9
|
+
|
10
|
+
class LinterServer
|
11
|
+
ConfigurationVisitor.GenerateIDs
|
12
|
+
ConfigurationFileFacade.LoadConfigurations
|
13
|
+
|
14
|
+
def call(env)
|
15
|
+
req = Rack::Request.new(env)
|
16
|
+
|
17
|
+
case req.path
|
18
|
+
when "/configuration"
|
19
|
+
if req.post?
|
20
|
+
process_form(req)
|
21
|
+
elsif req.get?
|
22
|
+
configurations_page
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
end
|
27
|
+
|
28
|
+
def configurations_page
|
29
|
+
configuration_page = ConfigurationPageFacade.AssemblePage
|
30
|
+
|
31
|
+
return [200, { 'Content-Type' => 'text/html' }, [configuration_page]]
|
32
|
+
end
|
33
|
+
|
34
|
+
def process_form(req)
|
35
|
+
new_conf = URI.decode_www_form(req.body.read)
|
36
|
+
new_conf_hash = Hash[new_conf.map {|key, value| [key, value]}]
|
37
|
+
|
38
|
+
begin
|
39
|
+
ConfigurationPageFacade.ApplyConfigurations(new_conf_hash)
|
40
|
+
ConfigurationFileFacade.SaveConfigurations
|
41
|
+
rescue StandardError => error
|
42
|
+
return [400, { 'Content-Type' => 'text/plain' }, ["Error: #{error.message}"]]
|
43
|
+
end
|
44
|
+
|
45
|
+
return [200, { 'Content-Type' => 'text/plain' }, ["Changes saved successfully"]]
|
46
|
+
end
|
47
|
+
|
48
|
+
def self.start(port)
|
49
|
+
Rack::Handler::Thin.run(LinterServer.new, :Port => port)
|
50
|
+
end
|
51
|
+
|
52
|
+
end
|
data/lib/settings.ini
ADDED
@@ -0,0 +1,39 @@
|
|
1
|
+
[HardCodedCredentialsRule]
|
2
|
+
HardCodedCredentialsRule-enable_configuration = true
|
3
|
+
HardCodedCredentialsRule-list_of_known_words_not_considered_in_credentials = pe-puppet,pe-webserver,pe-puppetdb,pe-postgres,pe-console-services,pe-orchestration-services,pe-ace-server,pe-bolt-server
|
4
|
+
HardCodedCredentialsRule-list_of_invalid_values_in_credentials = undefined,unset,www-data,wwwrun,www,no,yes,[],root
|
5
|
+
HardCodedCredentialsRule-regular_expression_of_words_present_in_credentials = (?-mix:user|usr|pass(word|_|$)|pwd|key|secret)
|
6
|
+
HardCodedCredentialsRule-regular_expression_of_words_not_present_in_credentials = (?-mix:gpg|path|type|buff|zone|mode|tag|header|scheme|length|guid)
|
7
|
+
|
8
|
+
[NoHTTPRule]
|
9
|
+
NoHTTPRule-enable_configuration = true
|
10
|
+
NoHTTPRule-list_of_resources_that_can_use_http = apt::source,::apt::source,wget::fetch,yumrepo,yum::,aptly::mirror,util::system_package,yum::managed_yumrepo
|
11
|
+
NoHTTPRule-list_of_keywords_for_urls = backport,key,download,uri,mirror
|
12
|
+
NoHTTPRule-regular_expression_of_a_normal_http_address = (?-mix:^http:\/\/.+)
|
13
|
+
|
14
|
+
[AdminByDefaultRule]
|
15
|
+
AdminByDefaultRule-enable_configuration = true
|
16
|
+
AdminByDefaultRule-regular_expression_of_words_present_in_credentials = (?-mix:user|usr|pass(word|_|$)|pwd)
|
17
|
+
|
18
|
+
[EmptyPasswordRule]
|
19
|
+
EmptyPasswordRule-enable_configuration = true
|
20
|
+
EmptyPasswordRule-list_of_trigger_words = pwd,password,pass
|
21
|
+
EmptyPasswordRule-regular_expression_of_password_name = (?-mix:pass(word|_|$)|pwd)
|
22
|
+
|
23
|
+
[InvalidIPAddrBindingRule]
|
24
|
+
InvalidIPAddrBindingRule-enable_configuration = true
|
25
|
+
InvalidIPAddrBindingRule-regular_expression_of_an_invalid_ip_address = (?-mix:^((http(s)?:\/\/)?0.0.0.0(:\d{1,5})?)$)
|
26
|
+
|
27
|
+
[UseWeakCryptoAlgorithmsRule]
|
28
|
+
UseWeakCryptoAlgorithmsRule-enable_configuration = true
|
29
|
+
UseWeakCryptoAlgorithmsRule-regular_expression_of_weak_crypto_algorithms = (?-mix:^(sha1|md5))
|
30
|
+
|
31
|
+
[SuspiciousCommentRule]
|
32
|
+
SuspiciousCommentRule-enable_configuration = true
|
33
|
+
SuspiciousCommentRule-list_of_trigger_words = hack,fixme,later,later2,todo,ticket,launchpad,bug,to-do
|
34
|
+
SuspiciousCommentRule-regular_expression_of_keywords_present_in_suspicious_comments = (?-mix:hack|fixme|ticket|bug|secur|debug|defect|weak)
|
35
|
+
|
36
|
+
[CyrillicHomographAttack]
|
37
|
+
CyrillicHomographAttack-enable_configuration = true
|
38
|
+
CyrillicHomographAttack-regular_expression_of_links_with_cyrillic_characters = (?-mix:^(http(s)?:\/\/)?.*\p{Cyrillic}+)
|
39
|
+
|
data/lib/{sin.rb → sin/sin.rb}
RENAMED
@@ -10,6 +10,11 @@ class Sin
|
|
10
10
|
end
|
11
11
|
|
12
12
|
def ToString
|
13
|
-
return "<Sin:#{@type[:name]}, Line:#{@begin_line}, Char:#{@begin_char}, Message:#{@type[:message]}, Recommendation:#{@type[:
|
13
|
+
return "<Sin:#{@type[:name]}, Line:#{@begin_line}, Char:#{@begin_char}, Message:#{@type[:message]}, Recommendation:#{@type[:solution]}>"
|
14
14
|
end
|
15
|
+
|
16
|
+
def ==(other_object)
|
17
|
+
@type == other_object.type && @begin_line == other_object.begin_line && @begin_char == other_object.begin_char && @end_line == other_object.end_line && @end_char == other_object.end_char
|
18
|
+
end
|
19
|
+
|
15
20
|
end
|
data/lib/sin/sin_type.rb
ADDED
@@ -0,0 +1,44 @@
|
|
1
|
+
module SinType
|
2
|
+
base_url="https://tiagor98.github.io/puppet-sec-lint"
|
3
|
+
|
4
|
+
HardCodedCred = {
|
5
|
+
name: "Hard Coded Credentials",
|
6
|
+
message: "Do not hard code secrets. This may help an attacker to attack the system.",
|
7
|
+
solution: "#{base_url}/hard-coded-credentials"
|
8
|
+
}
|
9
|
+
HttpWithoutTLS = {
|
10
|
+
name: "HTTP without TLS",
|
11
|
+
message: "Do not use HTTP without TLS. This may cause a man in the middle attack.",
|
12
|
+
solution: "#{base_url}/http-without-tls"
|
13
|
+
}
|
14
|
+
AdminByDefault = {
|
15
|
+
name: "Admin by default",
|
16
|
+
message: "This violates the secure by design principle.",
|
17
|
+
solution: "#{base_url}/admin-by-default"
|
18
|
+
}
|
19
|
+
EmptyPassword = {
|
20
|
+
name: "Empty password",
|
21
|
+
message: "Do not keep password field empty. This may help an attacker to attack.",
|
22
|
+
solution: "#{base_url}/empty-password"
|
23
|
+
}
|
24
|
+
InvalidIPAddrBinding = {
|
25
|
+
name: "Invalid IP Address Binding",
|
26
|
+
message: "This config allows connections from every possible network.",
|
27
|
+
solution: "#{base_url}/invalid-ip-addr-binding"
|
28
|
+
}
|
29
|
+
SuspiciousComments = {
|
30
|
+
name: "Suspicious Comments",
|
31
|
+
message: "This comment can expose sensitive information to attackers.",
|
32
|
+
solution: "#{base_url}/suspicious-comments"
|
33
|
+
}
|
34
|
+
WeakCryptoAlgorithm = {
|
35
|
+
name: "Weak Crypto Algorithm",
|
36
|
+
message: "Do not use this algorithm, as it may have security weaknesses.",
|
37
|
+
solution: "#{base_url}/weak-crypto-algorithm"
|
38
|
+
}
|
39
|
+
CyrillicHomographAttack = {
|
40
|
+
name: "Cyrillic Homograph attack",
|
41
|
+
message: "This link has a cyrillic char. These are not rendered by browsers and are sometimes used for phishing attacks.",
|
42
|
+
solution: "#{base_url}/cyrillic-homograph-attack"
|
43
|
+
}
|
44
|
+
end
|
data/lib/test.txt
ADDED
data/lib/test2.rb
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
require 'rjr/nodes/ws'
|
2
|
+
|
3
|
+
# listen for methods via amqp, websockets, http, and via local calls
|
4
|
+
|
5
|
+
ws_node = RJR::Nodes::WS.new :node_id => 'server', :host => '127.0.0.1', :port => 5007
|
6
|
+
|
7
|
+
|
8
|
+
# define a rpc method called 'hello' which takes
|
9
|
+
# one argument and returns it in upper case
|
10
|
+
ws_node.dispatcher.handle("initialize") { |processId,clientInfo,locale,rootPath,rootUri,capabilities,trace,workspaceFolders|
|
11
|
+
arg.upcase
|
12
|
+
}
|
13
|
+
|
14
|
+
# start the server and block
|
15
|
+
ws_node.listen
|
16
|
+
ws_node.join
|
data/lib/test3.rb
ADDED
@@ -0,0 +1,32 @@
|
|
1
|
+
require 'socket' # Get sockets from stdlib
|
2
|
+
require 'json'
|
3
|
+
|
4
|
+
server = TCPServer.open(5007) # Socket to listen on port 2000
|
5
|
+
|
6
|
+
loop {
|
7
|
+
Thread.fork(server.accept) do |client|
|
8
|
+
while line=client.gets
|
9
|
+
length=Integer(line.scan(/\d/).join(''))
|
10
|
+
line=client.read(length+2)
|
11
|
+
request = JSON.parse(line)
|
12
|
+
puts line
|
13
|
+
|
14
|
+
response = {
|
15
|
+
jsonrpc: request['jsonrpc'],
|
16
|
+
result: {
|
17
|
+
capabilities: {
|
18
|
+
textDocumentSync:1
|
19
|
+
}
|
20
|
+
},
|
21
|
+
id: request['id']
|
22
|
+
}
|
23
|
+
|
24
|
+
response = JSON.generate(response)
|
25
|
+
|
26
|
+
client.flush
|
27
|
+
client.puts("Content-Length: "+response.length.to_s+"\r\n\r\n")
|
28
|
+
client.puts(response)
|
29
|
+
end
|
30
|
+
client.close
|
31
|
+
end
|
32
|
+
}
|
data/lib/test_new.rb
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
require 'jimson'
|
2
|
+
|
3
|
+
class MyHandler
|
4
|
+
extend Jimson::Handler
|
5
|
+
|
6
|
+
def initi(a,b)
|
7
|
+
a + b
|
8
|
+
end
|
9
|
+
|
10
|
+
def initialize
|
11
|
+
super
|
12
|
+
end
|
13
|
+
|
14
|
+
end
|
15
|
+
|
16
|
+
server = Jimson::Server.new(MyHandler.new)
|
17
|
+
server.port = 5007
|
18
|
+
server.host = '127.0.0.1'
|
19
|
+
server.start # serve with webrick on http://0.0.0.0:8999/
|
data/puppet-sec-lint.gemspec
CHANGED
@@ -30,7 +30,13 @@ Gem::Specification.new do |spec|
|
|
30
30
|
spec.require_paths = ["lib"]
|
31
31
|
|
32
32
|
# Uncomment to register a new dependency of your gem
|
33
|
-
|
33
|
+
spec.add_dependency 'puppet-lint', '~> 2.4', '>= 2.4.2'
|
34
|
+
spec.add_dependency 'rake', '~> 13.0'
|
35
|
+
spec.add_dependency 'minitest', '~> 5.0'
|
36
|
+
spec.add_dependency 'rack', '~> 2.2.3'
|
37
|
+
spec.add_dependency 'thin', '~> 1.8.0'
|
38
|
+
spec.add_dependency 'inifile', '~> 3.0.0'
|
39
|
+
spec.add_dependency 'launchy', '~> 2.5.0'
|
34
40
|
|
35
41
|
# For more information and examples about making a new gem, checkout our
|
36
42
|
# guide at: https://bundler.io/guides/creating_gem.html
|
metadata
CHANGED
@@ -1,15 +1,119 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: puppet-sec-lint
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.5.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tiago Ribeiro
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
12
|
-
dependencies:
|
11
|
+
date: 2021-05-12 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: puppet-lint
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '2.4'
|
20
|
+
- - ">="
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: 2.4.2
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
requirements:
|
27
|
+
- - "~>"
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '2.4'
|
30
|
+
- - ">="
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: 2.4.2
|
33
|
+
- !ruby/object:Gem::Dependency
|
34
|
+
name: rake
|
35
|
+
requirement: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - "~>"
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '13.0'
|
40
|
+
type: :runtime
|
41
|
+
prerelease: false
|
42
|
+
version_requirements: !ruby/object:Gem::Requirement
|
43
|
+
requirements:
|
44
|
+
- - "~>"
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: '13.0'
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
name: minitest
|
49
|
+
requirement: !ruby/object:Gem::Requirement
|
50
|
+
requirements:
|
51
|
+
- - "~>"
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: '5.0'
|
54
|
+
type: :runtime
|
55
|
+
prerelease: false
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
requirements:
|
58
|
+
- - "~>"
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: '5.0'
|
61
|
+
- !ruby/object:Gem::Dependency
|
62
|
+
name: rack
|
63
|
+
requirement: !ruby/object:Gem::Requirement
|
64
|
+
requirements:
|
65
|
+
- - "~>"
|
66
|
+
- !ruby/object:Gem::Version
|
67
|
+
version: 2.2.3
|
68
|
+
type: :runtime
|
69
|
+
prerelease: false
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
71
|
+
requirements:
|
72
|
+
- - "~>"
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: 2.2.3
|
75
|
+
- !ruby/object:Gem::Dependency
|
76
|
+
name: thin
|
77
|
+
requirement: !ruby/object:Gem::Requirement
|
78
|
+
requirements:
|
79
|
+
- - "~>"
|
80
|
+
- !ruby/object:Gem::Version
|
81
|
+
version: 1.8.0
|
82
|
+
type: :runtime
|
83
|
+
prerelease: false
|
84
|
+
version_requirements: !ruby/object:Gem::Requirement
|
85
|
+
requirements:
|
86
|
+
- - "~>"
|
87
|
+
- !ruby/object:Gem::Version
|
88
|
+
version: 1.8.0
|
89
|
+
- !ruby/object:Gem::Dependency
|
90
|
+
name: inifile
|
91
|
+
requirement: !ruby/object:Gem::Requirement
|
92
|
+
requirements:
|
93
|
+
- - "~>"
|
94
|
+
- !ruby/object:Gem::Version
|
95
|
+
version: 3.0.0
|
96
|
+
type: :runtime
|
97
|
+
prerelease: false
|
98
|
+
version_requirements: !ruby/object:Gem::Requirement
|
99
|
+
requirements:
|
100
|
+
- - "~>"
|
101
|
+
- !ruby/object:Gem::Version
|
102
|
+
version: 3.0.0
|
103
|
+
- !ruby/object:Gem::Dependency
|
104
|
+
name: launchy
|
105
|
+
requirement: !ruby/object:Gem::Requirement
|
106
|
+
requirements:
|
107
|
+
- - "~>"
|
108
|
+
- !ruby/object:Gem::Version
|
109
|
+
version: 2.5.0
|
110
|
+
type: :runtime
|
111
|
+
prerelease: false
|
112
|
+
version_requirements: !ruby/object:Gem::Requirement
|
113
|
+
requirements:
|
114
|
+
- - "~>"
|
115
|
+
- !ruby/object:Gem::Version
|
116
|
+
version: 2.5.0
|
13
117
|
description: This is a more complete security linter for the puppet language
|
14
118
|
email:
|
15
119
|
- tiago7b27@gmail.com
|
@@ -35,25 +139,52 @@ files:
|
|
35
139
|
- LICENSE.txt
|
36
140
|
- README.md
|
37
141
|
- Rakefile
|
142
|
+
- _config.yml
|
38
143
|
- bin/console
|
39
144
|
- bin/setup
|
145
|
+
- docs/404.html
|
146
|
+
- docs/Gemfile
|
147
|
+
- docs/Gemfile.lock
|
148
|
+
- docs/_config.yml
|
149
|
+
- docs/_posts/2021-05-03-welcome-to-jekyll.markdown
|
150
|
+
- docs/_site/404.html
|
151
|
+
- docs/_site/feed.xml
|
152
|
+
- docs/_site/index.html
|
153
|
+
- docs/_site/jekyll/update/2021/05/03/welcome-to-jekyll.html
|
154
|
+
- docs/hard-coded-credentials.md
|
155
|
+
- docs/images/puppet-sec-lint_console.png
|
156
|
+
- docs/images/puppet-sec-lint_vscode.png
|
157
|
+
- docs/index.md
|
40
158
|
- exe/puppet-sec-lint
|
159
|
+
- file.pp
|
41
160
|
- lib/configurations/boolean_configuration.rb
|
42
161
|
- lib/configurations/configuration.rb
|
43
162
|
- lib/configurations/list_configuration.rb
|
163
|
+
- lib/configurations/regex_configuration.rb
|
44
164
|
- lib/facades/configuration_file_facade.rb
|
45
165
|
- lib/facades/configuration_page_facade.rb
|
46
|
-
- lib/language_server.rb
|
47
166
|
- lib/lol.pp
|
48
167
|
- lib/puppet-sec-lint/version.rb
|
49
168
|
- lib/rule_engine.rb
|
169
|
+
- lib/rules/admin_by_default_rule.rb
|
170
|
+
- lib/rules/cyrillic_homograph_attack.rb
|
171
|
+
- lib/rules/empty_password_rule.rb
|
50
172
|
- lib/rules/hard_coded_credentials_rule.rb
|
173
|
+
- lib/rules/invalid_ip_addr_binding_rule.rb
|
51
174
|
- lib/rules/no_http_rule.rb
|
52
175
|
- lib/rules/rule.rb
|
53
|
-
- lib/
|
54
|
-
- lib/
|
176
|
+
- lib/rules/suspicious_comment_rule.rb
|
177
|
+
- lib/rules/use_weak_crypto_algorithms_rule.rb
|
178
|
+
- lib/servers/language_server.rb
|
179
|
+
- lib/servers/linter_server.rb
|
180
|
+
- lib/settings.ini
|
181
|
+
- lib/sin/sin.rb
|
182
|
+
- lib/sin/sin_type.rb
|
183
|
+
- lib/test.txt
|
184
|
+
- lib/test2.rb
|
185
|
+
- lib/test3.rb
|
186
|
+
- lib/test_new.rb
|
55
187
|
- lib/visitors/configuration_visitor.rb
|
56
|
-
- puppet-sec-lint-0.1.0.gem
|
57
188
|
- puppet-sec-lint.gemspec
|
58
189
|
homepage: https://github.com/TiagoR98/puppet-sec-lint
|
59
190
|
licenses:
|