puppet-sec-lint 0.1.2 → 0.5.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/main.yml +4 -2
- data/.idea/puppet-sec-lint.iml +7 -4
- data/Gemfile +3 -1
- data/Gemfile.lock +14 -1
- data/README.md +36 -17
- data/_config.yml +1 -0
- data/docs/404.html +24 -0
- data/docs/Gemfile +30 -0
- data/docs/Gemfile.lock +275 -0
- data/docs/_config.yml +41 -0
- data/docs/_posts/2021-05-03-welcome-to-jekyll.markdown +25 -0
- data/docs/_site/404.html +71 -0
- data/docs/_site/feed.xml +13 -0
- data/docs/_site/index.html +1 -0
- data/docs/_site/jekyll/update/2021/05/03/welcome-to-jekyll.html +77 -0
- data/docs/hard-coded-credentials.md +17 -0
- data/docs/images/puppet-sec-lint_console.png +0 -0
- data/docs/images/puppet-sec-lint_vscode.png +0 -0
- data/docs/index.md +6 -0
- data/exe/puppet-sec-lint +81 -15
- data/file.pp +77 -0
- data/lib/configurations/configuration.rb +2 -1
- data/lib/configurations/regex_configuration.rb +9 -0
- data/lib/facades/configuration_file_facade.rb +3 -1
- data/lib/facades/configuration_page_facade.rb +6 -0
- data/lib/lol.pp +6 -6
- data/lib/puppet-sec-lint/version.rb +3 -1
- data/lib/rule_engine.rb +15 -3
- data/lib/rules/admin_by_default_rule.rb +33 -0
- data/lib/rules/cyrillic_homograph_attack.rb +27 -0
- data/lib/rules/empty_password_rule.rb +35 -0
- data/lib/rules/hard_coded_credentials_rule.rb +22 -31
- data/lib/rules/invalid_ip_addr_binding_rule.rb +37 -0
- data/lib/rules/no_http_rule.rb +26 -9
- data/lib/rules/rule.rb +72 -0
- data/lib/rules/suspicious_comment_rule.rb +28 -0
- data/lib/rules/use_weak_crypto_algorithms_rule.rb +28 -0
- data/lib/servers/language_server.rb +101 -0
- data/lib/servers/linter_server.rb +52 -0
- data/lib/settings.ini +39 -0
- data/lib/{sin.rb → sin/sin.rb} +6 -1
- data/lib/sin/sin_type.rb +44 -0
- data/lib/test.txt +15 -0
- data/lib/test2.rb +16 -0
- data/lib/test3.rb +32 -0
- data/lib/test_new.rb +19 -0
- data/puppet-sec-lint-0.5.3.gem +0 -0
- data/puppet-sec-lint.gemspec +7 -1
- metadata +139 -6
- data/lib/language_server.rb +0 -78
- data/lib/sin_type.rb +0 -12
data/lib/language_server.rb
DELETED
|
@@ -1,78 +0,0 @@
|
|
|
1
|
-
require "rack"
|
|
2
|
-
require "thin"
|
|
3
|
-
require 'json'
|
|
4
|
-
require 'uri'
|
|
5
|
-
require_relative 'rule_engine'
|
|
6
|
-
require_relative 'visitors/configuration_visitor'
|
|
7
|
-
require_relative 'facades/configuration_page_facade'
|
|
8
|
-
require_relative 'facades/configuration_file_facade'
|
|
9
|
-
|
|
10
|
-
class LanguageServer
|
|
11
|
-
ConfigurationVisitor.GenerateIDs
|
|
12
|
-
ConfigurationFileFacade.LoadConfigurations
|
|
13
|
-
|
|
14
|
-
def call(env)
|
|
15
|
-
req = Rack::Request.new(env)
|
|
16
|
-
|
|
17
|
-
case req.path
|
|
18
|
-
when "/"
|
|
19
|
-
if req.post?
|
|
20
|
-
process_analysis(req)
|
|
21
|
-
end
|
|
22
|
-
when "/configuration"
|
|
23
|
-
if req.post?
|
|
24
|
-
process_form(req)
|
|
25
|
-
elsif req.get?
|
|
26
|
-
configurations_page
|
|
27
|
-
end
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
end
|
|
31
|
-
|
|
32
|
-
def process_form(req)
|
|
33
|
-
new_conf = URI.decode_www_form(req.body.read)
|
|
34
|
-
new_conf_hash = Hash[new_conf.map {|key, value| [key, value]}]
|
|
35
|
-
|
|
36
|
-
ConfigurationPageFacade.ApplyConfigurations(new_conf_hash)
|
|
37
|
-
ConfigurationFileFacade.SaveConfigurations
|
|
38
|
-
|
|
39
|
-
return [200, { 'Content-Type' => 'text/plain' }, ["Changes saved successfully"]]
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
def process_analysis(req)
|
|
43
|
-
body = JSON.parse(req.body.read)
|
|
44
|
-
|
|
45
|
-
if body['documentContent']
|
|
46
|
-
code = body['documentContent']
|
|
47
|
-
|
|
48
|
-
result_json = []
|
|
49
|
-
|
|
50
|
-
result = RuleEngine.analyzeDocument(code) #convert to json
|
|
51
|
-
|
|
52
|
-
result.each do |sin|
|
|
53
|
-
result_json.append(JSON.generate({
|
|
54
|
-
'name' => sin.type[:name],
|
|
55
|
-
'message' => sin.type[:message],
|
|
56
|
-
'recommendation' => sin.type[:recommendation],
|
|
57
|
-
'begin_line' => sin.begin_line,
|
|
58
|
-
'begin_char' => sin.begin_char,
|
|
59
|
-
'end_line' => sin.end_line,
|
|
60
|
-
'end_char' => sin.end_char
|
|
61
|
-
}))
|
|
62
|
-
end
|
|
63
|
-
|
|
64
|
-
return [200, { 'Content-Type' => 'application/json' }, [result_json.to_json]]
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
[401, { 'Content-Type' => 'text/html' }, ['Invalid Request']]
|
|
68
|
-
end
|
|
69
|
-
|
|
70
|
-
def configurations_page
|
|
71
|
-
configuration_page = ConfigurationPageFacade.AssemblePage
|
|
72
|
-
|
|
73
|
-
return [200, { 'Content-Type' => 'text/html' }, [configuration_page]]
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
end
|
|
77
|
-
|
|
78
|
-
Rack::Handler::Thin.run(LanguageServer.new, :Port => 9292)
|
data/lib/sin_type.rb
DELETED
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
module SinType
|
|
2
|
-
HardCodedCred = {
|
|
3
|
-
name: "Hard Coded Credentials",
|
|
4
|
-
message: "Do not hard code secrets. This may help an attacker to attack the system.",
|
|
5
|
-
recommendation: "You can use hiera to avoid this issue."
|
|
6
|
-
}
|
|
7
|
-
HttpWithoutTLS = {
|
|
8
|
-
name: "HTTP without TLS",
|
|
9
|
-
message: "Do not use HTTP without TLS. This may cause a man in the middle attack.",
|
|
10
|
-
recommendation: "Use TLS with HTTP"
|
|
11
|
-
}
|
|
12
|
-
end
|