puppet-sec-lint 0.5.10 → 0.5.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2e9b10e41f2f6a673053460d8e040acf2c41f4e4517549d9b873481926df8d56
-  data.tar.gz: ef49504ea9432e60e5294e23094fcda3429f8fdde7b856f69544e502e0a2881c
+  metadata.gz: 67a4dd80a401b71eaab4f79e3fa450d165c442e0ea1dd94a5f42e857da6ea1bf
+  data.tar.gz: d2c8e7e7dc3dc0c408a5c37e7a1625f49dd02702a1367944f7a7697f9cb96b32
 SHA512:
-  metadata.gz: 98b234b5c4749c2f66aba4bbdb701582f817bec17d923fff5b8220196eed3f4d61744e9ce772a372d1d4d67e871a033ea9c869e4f4320f943ec4ce84e5a9393e
-  data.tar.gz: 67bab3f7f9f11fb69ab77f52a961a45674df324cb423ea3f33f5415b973d8cce95506dc49d70a62f3f8e070eadbb65362e39c15cca92e22587233885aa2d17a1
+  metadata.gz: 17b1aaa97c44c6bdec2ef334ae7bbe3214023f8b75f9de42cd510a9debaf499ef86e6a02611f115809ec20433b9ad7c279b86d5acde6255aa78831a5fa2804e9
+  data.tar.gz: 2d911ad4836cea34361647374c448d506f5b9be896e2e5d664f38e81e1915a162760ec89a3b7648328be525f9129b88aba039252bcd9a5055913deaafe2d4513

data/Gemfile.lock

@@ -1,13 +1,14 @@
 PATH
   remote: .
   specs:
-    puppet-sec-lint (0.5.7)
+    puppet-sec-lint (0.5.10)
       inifile (~> 3.0.0)
       launchy (~> 2.5.0)
       minitest (~> 5.0)
       puppet-lint (~> 2.4, >= 2.4.2)
       rack (~> 2.2.3)
       rake (~> 13.0)
+      webrick (~> 1.7.0)
 
 GEM
   remote: https://rubygems.org/

data/lib/puppet-sec-lint/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module PuppetSecLint
-  VERSION = "0.5.10"
+  VERSION = "0.5.11"
   YEAR = "2021"
   AUTHOR = "Tiago Ribeiro"
 end

data/lib/rule_engine.rb

@@ -35,8 +35,12 @@ class RuleEngine
     tokens = self.getTokens(code)
 
     @rules.each do |rule|
-      if rule.configurations[0].value
-        (result << rule.AnalyzeTokens(tokens)).flatten!
+      begin
+        if rule.configurations[0].value
+          (result << rule.AnalyzeTokens(tokens)).flatten!
+        end
+      rescue
+        puts "Error in running rule #{rule.name}"
       end
     end
 

data/lib/rules/no_http_rule.rb

@@ -8,21 +8,22 @@ class NoHTTPRule < Rule
   @resources = %w[apt::source ::apt::source wget::fetch yumrepo yum:: aptly::mirror util::system_package yum::managed_yumrepo]
   @keywords = %w[backport key download uri mirror]
   @http = /^http:\/\/.+/
-  @whitelist = [] # Todo:Need to check how is this set up
+  @whitelist = ""
 
   @resources_conf = ListConfiguration.new("List of resources that can use HTTP", @resources, "List of resources that are known to not use HTTPS but that validate the transferred content with other secure methods.")
   @keywords_conf = ListConfiguration.new("List of keywords for URLs", @keywords, "List of keywords that identify hyperlinks that should be analyzed.")
+  @whitelist_conf = RegexConfiguration.new("HTTP Address whitelist", @whitelist, "List of addresses that are allowed to have non-secure http connections to them.")
   @http_conf = RegexConfiguration.new("Regular expression of a normal HTTP address", @http, "Regular expression that identifies the URL of a website using the regular non-secure HTTP protocol.")
 
-  @configurations+=[@resources_conf, @keywords_conf, @http_conf]
+  @configurations+=[@resources_conf, @keywords_conf, @http_conf, @whitelist_conf]
 
   def self.AnalyzeTokens(tokens)
     result = []
 
     ptokens = self.filter_resources(tokens, @resources_conf.value)
-    ctokens = self.filter_variables(ptokens, @keywords_conf.value)
-    if @whitelist
-      wtokens = self.filter_whitelist(ctokens)
+    ctokens = self.filter_variables(ptokens, @keywords_conf.value) #TODO: It's working upside down
+    if @whitelist_conf.value
+      wtokens = self.filter_whitelist(ctokens, @whitelist_conf.value)
     else
       wtokens = ptokens
     end

data/lib/rules/rule.rb

@@ -67,10 +67,9 @@ class Rule
     return ftokens
   end
 
-  def self.filter_whitelist(tokens)
+  def self.filter_whitelist(tokens, whitelist)
     ftokens=tokens.find_all do |hash|
-      #!(@whitelist =~ hash.value.downcase)
-      true # TODO: Understand the whitelist
+      !(whitelist =~ hash.value.downcase)
     end
     return ftokens
   end

data/lib/settings.ini

@@ -1,15 +1,16 @@
 [HardCodedCredentialsRule]
-HardCodedCredentialsRule-enable_configuration = false
+HardCodedCredentialsRule-enable_configuration = true
 HardCodedCredentialsRule-list_of_known_words_not_considered_in_credentials = pe-puppet,pe-webserver,pe-puppetdb,pe-postgres,pe-console-services,pe-orchestration-services,pe-ace-server,pe-bolt-server
 HardCodedCredentialsRule-list_of_invalid_values_in_credentials = undefined,unset,www-data,wwwrun,www,no,yes,[],root
 HardCodedCredentialsRule-regular_expression_of_words_present_in_credentials = (?-mix:user|usr|pass(word|_|$)|pwd|key|secret)
 HardCodedCredentialsRule-regular_expression_of_words_not_present_in_credentials = (?-mix:gpg|path|type|buff|zone|mode|tag|header|scheme|length|guid)
 
 [NoHTTPRule]
-NoHTTPRule-enable_configuration = false
+NoHTTPRule-enable_configuration = true
 NoHTTPRule-list_of_resources_that_can_use_http = apt::source,::apt::source,wget::fetch,yumrepo,yum::,aptly::mirror,util::system_package,yum::managed_yumrepo
 NoHTTPRule-list_of_keywords_for_urls = backport,key,download,uri,mirror
 NoHTTPRule-regular_expression_of_a_normal_http_address = (?-mix:^http:\/\/.+)
+NoHTTPRule-http_address_whitelist = (?-mix:^(127.0.0.1))
 
 [AdminByDefaultRule]
 AdminByDefaultRule-enable_configuration = true

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppet-sec-lint
 version: !ruby/object:Gem::Version
-  version: 0.5.10
+  version: 0.5.11
 platform: ruby
 authors:
 - Tiago Ribeiro
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-05-14 00:00:00.000000000 Z
+date: 2021-05-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: puppet-lint
@@ -187,8 +187,6 @@ files:
 - lib/sin/sin.rb
 - lib/sin/sin_type.rb
 - lib/visitors/configuration_visitor.rb
-- puppet-sec-lint-0.5.8.gem
-- puppet-sec-lint-0.5.9.gem
 - puppet-sec-lint.gemspec
 homepage: https://github.com/TiagoR98/puppet-sec-lint
 licenses: