puppet-sec-lint 0.1.2 → 0.5.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/main.yml +4 -2
- data/.idea/puppet-sec-lint.iml +7 -4
- data/Gemfile +3 -1
- data/Gemfile.lock +14 -1
- data/README.md +36 -17
- data/_config.yml +1 -0
- data/docs/404.html +24 -0
- data/docs/Gemfile +30 -0
- data/docs/Gemfile.lock +275 -0
- data/docs/_config.yml +41 -0
- data/docs/_posts/2021-05-03-welcome-to-jekyll.markdown +25 -0
- data/docs/_site/404.html +71 -0
- data/docs/_site/feed.xml +13 -0
- data/docs/_site/index.html +1 -0
- data/docs/_site/jekyll/update/2021/05/03/welcome-to-jekyll.html +77 -0
- data/docs/hard-coded-credentials.md +17 -0
- data/docs/images/puppet-sec-lint_console.png +0 -0
- data/docs/images/puppet-sec-lint_vscode.png +0 -0
- data/docs/index.md +6 -0
- data/exe/puppet-sec-lint +81 -15
- data/file.pp +77 -0
- data/lib/configurations/configuration.rb +2 -1
- data/lib/configurations/regex_configuration.rb +9 -0
- data/lib/facades/configuration_file_facade.rb +3 -1
- data/lib/facades/configuration_page_facade.rb +6 -0
- data/lib/lol.pp +6 -6
- data/lib/puppet-sec-lint/version.rb +3 -1
- data/lib/rule_engine.rb +15 -3
- data/lib/rules/admin_by_default_rule.rb +33 -0
- data/lib/rules/cyrillic_homograph_attack.rb +27 -0
- data/lib/rules/empty_password_rule.rb +35 -0
- data/lib/rules/hard_coded_credentials_rule.rb +22 -31
- data/lib/rules/invalid_ip_addr_binding_rule.rb +37 -0
- data/lib/rules/no_http_rule.rb +26 -9
- data/lib/rules/rule.rb +72 -0
- data/lib/rules/suspicious_comment_rule.rb +28 -0
- data/lib/rules/use_weak_crypto_algorithms_rule.rb +28 -0
- data/lib/servers/language_server.rb +101 -0
- data/lib/servers/linter_server.rb +52 -0
- data/lib/settings.ini +39 -0
- data/lib/{sin.rb → sin/sin.rb} +6 -1
- data/lib/sin/sin_type.rb +44 -0
- data/lib/test.txt +15 -0
- data/lib/test2.rb +16 -0
- data/lib/test3.rb +32 -0
- data/lib/test_new.rb +19 -0
- data/puppet-sec-lint-0.5.3.gem +0 -0
- data/puppet-sec-lint.gemspec +7 -1
- metadata +139 -6
- data/lib/language_server.rb +0 -78
- data/lib/sin_type.rb +0 -12
data/lib/language_server.rb
DELETED
|
@@ -1,78 +0,0 @@
|
|
|
1
|
-
require "rack"
|
|
2
|
-
require "thin"
|
|
3
|
-
require 'json'
|
|
4
|
-
require 'uri'
|
|
5
|
-
require_relative 'rule_engine'
|
|
6
|
-
require_relative 'visitors/configuration_visitor'
|
|
7
|
-
require_relative 'facades/configuration_page_facade'
|
|
8
|
-
require_relative 'facades/configuration_file_facade'
|
|
9
|
-
|
|
10
|
-
class LanguageServer
|
|
11
|
-
ConfigurationVisitor.GenerateIDs
|
|
12
|
-
ConfigurationFileFacade.LoadConfigurations
|
|
13
|
-
|
|
14
|
-
def call(env)
|
|
15
|
-
req = Rack::Request.new(env)
|
|
16
|
-
|
|
17
|
-
case req.path
|
|
18
|
-
when "/"
|
|
19
|
-
if req.post?
|
|
20
|
-
process_analysis(req)
|
|
21
|
-
end
|
|
22
|
-
when "/configuration"
|
|
23
|
-
if req.post?
|
|
24
|
-
process_form(req)
|
|
25
|
-
elsif req.get?
|
|
26
|
-
configurations_page
|
|
27
|
-
end
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
end
|
|
31
|
-
|
|
32
|
-
def process_form(req)
|
|
33
|
-
new_conf = URI.decode_www_form(req.body.read)
|
|
34
|
-
new_conf_hash = Hash[new_conf.map {|key, value| [key, value]}]
|
|
35
|
-
|
|
36
|
-
ConfigurationPageFacade.ApplyConfigurations(new_conf_hash)
|
|
37
|
-
ConfigurationFileFacade.SaveConfigurations
|
|
38
|
-
|
|
39
|
-
return [200, { 'Content-Type' => 'text/plain' }, ["Changes saved successfully"]]
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
def process_analysis(req)
|
|
43
|
-
body = JSON.parse(req.body.read)
|
|
44
|
-
|
|
45
|
-
if body['documentContent']
|
|
46
|
-
code = body['documentContent']
|
|
47
|
-
|
|
48
|
-
result_json = []
|
|
49
|
-
|
|
50
|
-
result = RuleEngine.analyzeDocument(code) #convert to json
|
|
51
|
-
|
|
52
|
-
result.each do |sin|
|
|
53
|
-
result_json.append(JSON.generate({
|
|
54
|
-
'name' => sin.type[:name],
|
|
55
|
-
'message' => sin.type[:message],
|
|
56
|
-
'recommendation' => sin.type[:recommendation],
|
|
57
|
-
'begin_line' => sin.begin_line,
|
|
58
|
-
'begin_char' => sin.begin_char,
|
|
59
|
-
'end_line' => sin.end_line,
|
|
60
|
-
'end_char' => sin.end_char
|
|
61
|
-
}))
|
|
62
|
-
end
|
|
63
|
-
|
|
64
|
-
return [200, { 'Content-Type' => 'application/json' }, [result_json.to_json]]
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
[401, { 'Content-Type' => 'text/html' }, ['Invalid Request']]
|
|
68
|
-
end
|
|
69
|
-
|
|
70
|
-
def configurations_page
|
|
71
|
-
configuration_page = ConfigurationPageFacade.AssemblePage
|
|
72
|
-
|
|
73
|
-
return [200, { 'Content-Type' => 'text/html' }, [configuration_page]]
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
end
|
|
77
|
-
|
|
78
|
-
Rack::Handler::Thin.run(LanguageServer.new, :Port => 9292)
|
data/lib/sin_type.rb
DELETED
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
module SinType
|
|
2
|
-
HardCodedCred = {
|
|
3
|
-
name: "Hard Coded Credentials",
|
|
4
|
-
message: "Do not hard code secrets. This may help an attacker to attack the system.",
|
|
5
|
-
recommendation: "You can use hiera to avoid this issue."
|
|
6
|
-
}
|
|
7
|
-
HttpWithoutTLS = {
|
|
8
|
-
name: "HTTP without TLS",
|
|
9
|
-
message: "Do not use HTTP without TLS. This may cause a man in the middle attack.",
|
|
10
|
-
recommendation: "Use TLS with HTTP"
|
|
11
|
-
}
|
|
12
|
-
end
|