puppet-sec-lint 0.5.0 → 0.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +3 -1
- data/docs/images/puppet-sec-lint_console.png +0 -0
- data/docs/images/puppet-sec-lint_vscode.png +0 -0
- data/exe/puppet-sec-lint +15 -4
- data/{lol2.pp → file.pp} +6 -12
- data/lib/puppet-sec-lint/version.rb +1 -1
- data/lib/servers/language_server.rb +3 -2
- data/lib/servers/linter_server.rb +4 -2
- metadata +5 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2c75ec06021b919c8daf8dec13912c044a5bff527d3e3ea4f9b1c03dd00ca218
|
4
|
+
data.tar.gz: 8ffbf00594099263843f1e696f0acc6a55d693f516b47cac72880cdc5fa423f1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ab18a79dfa394fd006e68066aafafaab2112ddbaac1fe0c55f9b1cae2e8a1c6f6dea187228b46a50b6b483133ca5bf68e6c7ed03ec8758078c88e2831212c5ce
|
7
|
+
data.tar.gz: b019f6dea23cadb892b9f4d5a1c9069f2aaca737d5badfcf9d3bfd03a847940c27af3690adfd38711649838232924bfb4c88530477b38119e639433bbf732dc7
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -2,6 +2,8 @@
|
|
2
2
|
|
3
3
|
Puppet linter focused on finding security vulnerabilities in code.
|
4
4
|
|
5
|
+

|
6
|
+
|
5
7
|
## Installation
|
6
8
|
|
7
9
|
Install the Ruby gem:
|
@@ -39,7 +41,7 @@ Then, install the [puppet-sec-lint VSCode extension](https://marketplace.visuals
|
|
39
41
|
|
40
42
|
Now, after that the extension is activate, it should be activated automatically when a Puppet file is opened, analyzing and displaying warnings in real time.
|
41
43
|
|
42
|
-
|
44
|
+

|
43
45
|
|
44
46
|
## Development
|
45
47
|
|
Binary file
|
Binary file
|
data/exe/puppet-sec-lint
CHANGED
@@ -9,7 +9,13 @@ require_relative '../lib/puppet-sec-lint/version'
|
|
9
9
|
require_relative '../lib/visitors/configuration_visitor'
|
10
10
|
require_relative '../lib/facades/configuration_file_facade'
|
11
11
|
|
12
|
-
|
12
|
+
#get free port
|
13
|
+
loop do
|
14
|
+
$port = rand(3000..9999)
|
15
|
+
break if (Socket.tcp('localhost', port, connect_timeout: 5) { false } rescue true)
|
16
|
+
end
|
17
|
+
|
18
|
+
conf_page_url = "http://localhost:#{$port}/configuration"
|
13
19
|
|
14
20
|
options = {}
|
15
21
|
@success = true
|
@@ -36,6 +42,10 @@ OptionParser.new do |opts|
|
|
36
42
|
opts.on("-c", "--configurations", "Open the linter rules configurations page on a browser") do |v|
|
37
43
|
options[:configurations] = v
|
38
44
|
end
|
45
|
+
|
46
|
+
opts.on("-p", "--port=PORT", "TCP Port open for socket communication with the language server (Default:5007)") do |port|
|
47
|
+
options[:port] = port
|
48
|
+
end
|
39
49
|
end.parse!
|
40
50
|
|
41
51
|
puts '___ _ _ ___ ___ ____ ___ ____ ____ ____ _ _ ____ _ ___ _ _ _ _ _ _ ___ ____ ____ '
|
@@ -66,18 +76,19 @@ end
|
|
66
76
|
|
67
77
|
if ARGV[0].nil? || options[:configurations]
|
68
78
|
linter_server = Thread.new {
|
69
|
-
|
79
|
+
require_relative '../lib/servers/linter_server'
|
80
|
+
LinterServer.start($port)
|
70
81
|
}
|
71
82
|
language_server = Thread.new {
|
72
83
|
require_relative '../lib/servers/language_server'
|
73
|
-
LanguageServer.start
|
84
|
+
LanguageServer.start(options[:port])
|
74
85
|
}
|
75
86
|
|
76
87
|
if options[:configurations]
|
77
88
|
puts "\nLaunching configurations page at #{conf_page_url}...\n\n"
|
78
89
|
Launchy.open(conf_page_url)
|
79
90
|
else
|
80
|
-
puts "\nLinter configurations page available at #{conf_page_url}\n\n"
|
91
|
+
puts "\nLinter configurations page available at #{conf_page_url} #{@port}\n\n"
|
81
92
|
end
|
82
93
|
|
83
94
|
linter_server.join
|
data/{lol2.pp → file.pp}
RENAMED
@@ -1,17 +1,10 @@
|
|
1
|
-
#
|
2
|
-
# file { 'ssh_config_file':
|
3
|
-
# path => '/etc/ssh/sshd_config',
|
4
|
-
# content => 'Bad path attribute, bad.',
|
5
|
-
# }
|
6
|
-
#}
|
7
|
-
|
8
|
-
# the following code addresses the bujjjg: https://bukkkgs.launchpad.net/keystone/+bug/1472285 .
|
1
|
+
# the following code addresses the bug: https://bugs.launchpad.net/keystone/+bug/1472285 .
|
9
2
|
|
10
3
|
class consul_template::service (
|
11
4
|
$pass = lols(3),
|
12
5
|
$aijoijooiumihhn_password = 'pe-puppet'
|
13
6
|
$admin = 'ceisssesrelometer',
|
14
|
-
$
|
7
|
+
$aijoijooiumihhn_password = '(adiyu(guygmin',
|
15
8
|
) {
|
16
9
|
exec { 'network-restart':
|
17
10
|
command => 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM release-runner key',
|
@@ -21,8 +14,9 @@ class consul_template::service (
|
|
21
14
|
autho => 'MDi09i09i5',
|
22
15
|
cmd => 'virsh secret-define --file ${secret_xml} && virsh secret-set-value --secret ${rbd_secret_uuid} --base64 $(ceph auth get-key client.${user})',
|
23
16
|
$auth_uri => 'http://127.0.0.1:5000',
|
24
|
-
|
25
|
-
|
17
|
+
address => '0.0.0.0',
|
18
|
+
user = 'admin',
|
19
|
+
password => '',
|
26
20
|
}
|
27
21
|
case $::osfamily {
|
28
22
|
'RedHat': {
|
@@ -36,7 +30,7 @@ class consul_template::service (
|
|
36
30
|
exec { 'upload-img':
|
37
31
|
command => "/usr/bin/glance -N ${os_auth_url} -T ${os_tenant_name} -I ${os_username} -K ${os_password} add name=${img_name} is_public=${public} container_format=${container_format} disk_format=${disk_format} distro=${os_name} < /usr/share/cirros-testvm/cirros-x86_64-disk.img",
|
38
32
|
unless => "/usr/bin/glance -N ${os_auth_url} -T ${os_tenant_name} -I ${os_username} -K ${os_password} index && (/usr/bin/glance -N ${os_auth_url} -T ${os_tenant_name} -I ${os_username} -K ${os_password} index | grep ${img_name})",
|
39
|
-
|
33
|
+
key => "E8CC67053ED3B199",
|
40
34
|
key_content => '-----BEGIN PGP PUBLIC KEY BLOCK-----
|
41
35
|
Version: GnuPG v1.4.11 (GNU/Linux)
|
42
36
|
|
@@ -10,8 +10,9 @@ class LanguageServer
|
|
10
10
|
ConfigurationVisitor.GenerateIDs
|
11
11
|
ConfigurationFileFacade.LoadConfigurations
|
12
12
|
|
13
|
-
def self.start
|
14
|
-
|
13
|
+
def self.start(port)
|
14
|
+
port ||= 5007
|
15
|
+
server = TCPServer.open(port)
|
15
16
|
|
16
17
|
loop {
|
17
18
|
Thread.fork(server.accept) do |client|
|
@@ -45,6 +45,8 @@ class LinterServer
|
|
45
45
|
return [200, { 'Content-Type' => 'text/plain' }, ["Changes saved successfully"]]
|
46
46
|
end
|
47
47
|
|
48
|
-
|
48
|
+
def self.start(port)
|
49
|
+
Rack::Handler::Thin.run(LinterServer.new, :Port => port)
|
50
|
+
end
|
49
51
|
|
50
|
-
|
52
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: puppet-sec-lint
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tiago Ribeiro
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-05-
|
11
|
+
date: 2021-05-08 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: This is a more complete security linter for the puppet language
|
14
14
|
email:
|
@@ -48,8 +48,11 @@ files:
|
|
48
48
|
- docs/_site/index.html
|
49
49
|
- docs/_site/jekyll/update/2021/05/03/welcome-to-jekyll.html
|
50
50
|
- docs/hard-coded-credentials.md
|
51
|
+
- docs/images/puppet-sec-lint_console.png
|
52
|
+
- docs/images/puppet-sec-lint_vscode.png
|
51
53
|
- docs/index.md
|
52
54
|
- exe/puppet-sec-lint
|
55
|
+
- file.pp
|
53
56
|
- lib/configurations/boolean_configuration.rb
|
54
57
|
- lib/configurations/configuration.rb
|
55
58
|
- lib/configurations/list_configuration.rb
|
@@ -77,7 +80,6 @@ files:
|
|
77
80
|
- lib/test3.rb
|
78
81
|
- lib/test_new.rb
|
79
82
|
- lib/visitors/configuration_visitor.rb
|
80
|
-
- lol2.pp
|
81
83
|
- puppet-sec-lint.gemspec
|
82
84
|
homepage: https://github.com/TiagoR98/puppet-sec-lint
|
83
85
|
licenses:
|