puppet-sec-lint 0.5.10 → 0.5.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2e9b10e41f2f6a673053460d8e040acf2c41f4e4517549d9b873481926df8d56
4
- data.tar.gz: ef49504ea9432e60e5294e23094fcda3429f8fdde7b856f69544e502e0a2881c
3
+ metadata.gz: 67a4dd80a401b71eaab4f79e3fa450d165c442e0ea1dd94a5f42e857da6ea1bf
4
+ data.tar.gz: d2c8e7e7dc3dc0c408a5c37e7a1625f49dd02702a1367944f7a7697f9cb96b32
5
5
  SHA512:
6
- metadata.gz: 98b234b5c4749c2f66aba4bbdb701582f817bec17d923fff5b8220196eed3f4d61744e9ce772a372d1d4d67e871a033ea9c869e4f4320f943ec4ce84e5a9393e
7
- data.tar.gz: 67bab3f7f9f11fb69ab77f52a961a45674df324cb423ea3f33f5415b973d8cce95506dc49d70a62f3f8e070eadbb65362e39c15cca92e22587233885aa2d17a1
6
+ metadata.gz: 17b1aaa97c44c6bdec2ef334ae7bbe3214023f8b75f9de42cd510a9debaf499ef86e6a02611f115809ec20433b9ad7c279b86d5acde6255aa78831a5fa2804e9
7
+ data.tar.gz: 2d911ad4836cea34361647374c448d506f5b9be896e2e5d664f38e81e1915a162760ec89a3b7648328be525f9129b88aba039252bcd9a5055913deaafe2d4513
data/Gemfile.lock CHANGED
@@ -1,13 +1,14 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- puppet-sec-lint (0.5.7)
4
+ puppet-sec-lint (0.5.10)
5
5
  inifile (~> 3.0.0)
6
6
  launchy (~> 2.5.0)
7
7
  minitest (~> 5.0)
8
8
  puppet-lint (~> 2.4, >= 2.4.2)
9
9
  rack (~> 2.2.3)
10
10
  rake (~> 13.0)
11
+ webrick (~> 1.7.0)
11
12
 
12
13
  GEM
13
14
  remote: https://rubygems.org/
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PuppetSecLint
4
- VERSION = "0.5.10"
4
+ VERSION = "0.5.11"
5
5
  YEAR = "2021"
6
6
  AUTHOR = "Tiago Ribeiro"
7
7
  end
data/lib/rule_engine.rb CHANGED
@@ -35,8 +35,12 @@ class RuleEngine
35
35
  tokens = self.getTokens(code)
36
36
 
37
37
  @rules.each do |rule|
38
- if rule.configurations[0].value
39
- (result << rule.AnalyzeTokens(tokens)).flatten!
38
+ begin
39
+ if rule.configurations[0].value
40
+ (result << rule.AnalyzeTokens(tokens)).flatten!
41
+ end
42
+ rescue
43
+ puts "Error in running rule #{rule.name}"
40
44
  end
41
45
  end
42
46
 
@@ -8,21 +8,22 @@ class NoHTTPRule < Rule
8
8
  @resources = %w[apt::source ::apt::source wget::fetch yumrepo yum:: aptly::mirror util::system_package yum::managed_yumrepo]
9
9
  @keywords = %w[backport key download uri mirror]
10
10
  @http = /^http:\/\/.+/
11
- @whitelist = [] # Todo:Need to check how is this set up
11
+ @whitelist = ""
12
12
 
13
13
  @resources_conf = ListConfiguration.new("List of resources that can use HTTP", @resources, "List of resources that are known to not use HTTPS but that validate the transferred content with other secure methods.")
14
14
  @keywords_conf = ListConfiguration.new("List of keywords for URLs", @keywords, "List of keywords that identify hyperlinks that should be analyzed.")
15
+ @whitelist_conf = RegexConfiguration.new("HTTP Address whitelist", @whitelist, "List of addresses that are allowed to have non-secure http connections to them.")
15
16
  @http_conf = RegexConfiguration.new("Regular expression of a normal HTTP address", @http, "Regular expression that identifies the URL of a website using the regular non-secure HTTP protocol.")
16
17
 
17
- @configurations+=[@resources_conf, @keywords_conf, @http_conf]
18
+ @configurations+=[@resources_conf, @keywords_conf, @http_conf, @whitelist_conf]
18
19
 
19
20
  def self.AnalyzeTokens(tokens)
20
21
  result = []
21
22
 
22
23
  ptokens = self.filter_resources(tokens, @resources_conf.value)
23
- ctokens = self.filter_variables(ptokens, @keywords_conf.value)
24
- if @whitelist
25
- wtokens = self.filter_whitelist(ctokens)
24
+ ctokens = self.filter_variables(ptokens, @keywords_conf.value) #TODO: It's working upside down
25
+ if @whitelist_conf.value
26
+ wtokens = self.filter_whitelist(ctokens, @whitelist_conf.value)
26
27
  else
27
28
  wtokens = ptokens
28
29
  end
data/lib/rules/rule.rb CHANGED
@@ -67,10 +67,9 @@ class Rule
67
67
  return ftokens
68
68
  end
69
69
 
70
- def self.filter_whitelist(tokens)
70
+ def self.filter_whitelist(tokens, whitelist)
71
71
  ftokens=tokens.find_all do |hash|
72
- #!(@whitelist =~ hash.value.downcase)
73
- true # TODO: Understand the whitelist
72
+ !(whitelist =~ hash.value.downcase)
74
73
  end
75
74
  return ftokens
76
75
  end
data/lib/settings.ini CHANGED
@@ -1,15 +1,16 @@
1
1
  [HardCodedCredentialsRule]
2
- HardCodedCredentialsRule-enable_configuration = false
2
+ HardCodedCredentialsRule-enable_configuration = true
3
3
  HardCodedCredentialsRule-list_of_known_words_not_considered_in_credentials = pe-puppet,pe-webserver,pe-puppetdb,pe-postgres,pe-console-services,pe-orchestration-services,pe-ace-server,pe-bolt-server
4
4
  HardCodedCredentialsRule-list_of_invalid_values_in_credentials = undefined,unset,www-data,wwwrun,www,no,yes,[],root
5
5
  HardCodedCredentialsRule-regular_expression_of_words_present_in_credentials = (?-mix:user|usr|pass(word|_|$)|pwd|key|secret)
6
6
  HardCodedCredentialsRule-regular_expression_of_words_not_present_in_credentials = (?-mix:gpg|path|type|buff|zone|mode|tag|header|scheme|length|guid)
7
7
 
8
8
  [NoHTTPRule]
9
- NoHTTPRule-enable_configuration = false
9
+ NoHTTPRule-enable_configuration = true
10
10
  NoHTTPRule-list_of_resources_that_can_use_http = apt::source,::apt::source,wget::fetch,yumrepo,yum::,aptly::mirror,util::system_package,yum::managed_yumrepo
11
11
  NoHTTPRule-list_of_keywords_for_urls = backport,key,download,uri,mirror
12
12
  NoHTTPRule-regular_expression_of_a_normal_http_address = (?-mix:^http:\/\/.+)
13
+ NoHTTPRule-http_address_whitelist = (?-mix:^(127.0.0.1))
13
14
 
14
15
  [AdminByDefaultRule]
15
16
  AdminByDefaultRule-enable_configuration = true
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: puppet-sec-lint
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.10
4
+ version: 0.5.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tiago Ribeiro
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-05-14 00:00:00.000000000 Z
11
+ date: 2021-05-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: puppet-lint
@@ -187,8 +187,6 @@ files:
187
187
  - lib/sin/sin.rb
188
188
  - lib/sin/sin_type.rb
189
189
  - lib/visitors/configuration_visitor.rb
190
- - puppet-sec-lint-0.5.8.gem
191
- - puppet-sec-lint-0.5.9.gem
192
190
  - puppet-sec-lint.gemspec
193
191
  homepage: https://github.com/TiagoR98/puppet-sec-lint
194
192
  licenses:
Binary file
Binary file