puppet-sec-lint 0.5.16 → 0.5.17
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/facades/configuration_page_facade.rb +1 -2
- data/lib/puppet-sec-lint/version.rb +1 -2
- data/lib/rules/no_http_rule.rb +1 -1
- data/lib/settings.ini +40 -0
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6bfe95cea2d99930169041dca391fc75092615989bf760110c9e30aa129e4cfa
|
|
4
|
+
data.tar.gz: 74eebb1a8c0173313962c2f89a59f051228b32148deca9abebfad22345dc4728
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 61ef7a949e6eb553397d1e3497daee79e7d53d5bc87b4d11c6dcb825652ccd31bd395a38956a503bd4f2a157e7a35c19b81a3c67a5794381022253b424417e34
|
|
7
|
+
data.tar.gz: 5a630410caafefd0c5536fde1503591f0e9f8ebc82718b020b3b8a81f583a7746e69ff2cbba4e8c05971cf68ab22bbf4617467f2bcb4a44762ed40e7cf2bc5d3
|
data/Gemfile.lock
CHANGED
|
@@ -75,8 +75,7 @@ class ConfigurationPageFacade
|
|
|
75
75
|
configuration.value = new_conf[configuration.id].split(/\r?\n/).delete_if(&:empty?)
|
|
76
76
|
|
|
77
77
|
when DisplayField[:RegexBox]
|
|
78
|
-
configuration.value = Regexp.new new_conf[configuration.id]
|
|
79
|
-
|
|
78
|
+
configuration.value = if new_conf[configuration.id].empty? then new_conf[configuration.id] else Regexp.new new_conf[configuration.id] end
|
|
80
79
|
else
|
|
81
80
|
configuration.value = new_conf[configuration.id]
|
|
82
81
|
end
|
data/lib/rules/no_http_rule.rb
CHANGED
|
@@ -22,7 +22,7 @@ class NoHTTPRule < Rule
|
|
|
22
22
|
|
|
23
23
|
ptokens = self.filter_resources(tokens, @resources_conf.value)
|
|
24
24
|
ctokens = self.filter_variables(ptokens, @keywords_conf.value) #TODO: It's working upside down
|
|
25
|
-
if not @whitelist_conf.value.empty?
|
|
25
|
+
if not @whitelist_conf.value.to_s.empty?
|
|
26
26
|
wtokens = self.filter_whitelist(ctokens, @whitelist_conf.value)
|
|
27
27
|
else
|
|
28
28
|
wtokens = ptokens
|
data/lib/settings.ini
ADDED
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
[HardCodedCredentialsRule]
|
|
2
|
+
HardCodedCredentialsRule-enable_configuration = true
|
|
3
|
+
HardCodedCredentialsRule-list_of_known_words_not_considered_in_credentials = pe-puppet,pe-webserver,pe-puppetdb,pe-postgres,pe-console-services,pe-orchestration-services,pe-ace-server,pe-bolt-server
|
|
4
|
+
HardCodedCredentialsRule-list_of_invalid_values_in_credentials = undefined,unset,www-data,wwwrun,www,no,yes,[],root
|
|
5
|
+
HardCodedCredentialsRule-regular_expression_of_words_present_in_credentials = (?-mix:user|usr|pass(word|_|$)|pwd|key|secret)
|
|
6
|
+
HardCodedCredentialsRule-regular_expression_of_words_not_present_in_credentials = (?-mix:gpg|path|type|buff|zone|mode|tag|header|scheme|length|guid)
|
|
7
|
+
|
|
8
|
+
[NoHTTPRule]
|
|
9
|
+
NoHTTPRule-enable_configuration = true
|
|
10
|
+
NoHTTPRule-list_of_resources_that_can_use_http = apt::source,::apt::source,wget::fetch,yumrepo,yum::,aptly::mirror,util::system_package,yum::managed_yumrepo,apt::repository
|
|
11
|
+
NoHTTPRule-list_of_keywords_for_urls = backport,key,download,uri,mirror
|
|
12
|
+
NoHTTPRule-regular_expression_of_a_normal_http_address = (?-mix:^http:\/\/.+)
|
|
13
|
+
NoHTTPRule-http_address_whitelist =
|
|
14
|
+
|
|
15
|
+
[AdminByDefaultRule]
|
|
16
|
+
AdminByDefaultRule-enable_configuration = true
|
|
17
|
+
AdminByDefaultRule-regular_expression_of_words_present_in_credentials = (?-mix:user|usr|pass(word|_|$)|pwd)
|
|
18
|
+
|
|
19
|
+
[EmptyPasswordRule]
|
|
20
|
+
EmptyPasswordRule-enable_configuration = true
|
|
21
|
+
EmptyPasswordRule-list_of_trigger_words = pwd,password,pass
|
|
22
|
+
EmptyPasswordRule-regular_expression_of_password_name = (?-mix:pass(word|_|$)|pwd)
|
|
23
|
+
|
|
24
|
+
[InvalidIPAddrBindingRule]
|
|
25
|
+
InvalidIPAddrBindingRule-enable_configuration = true
|
|
26
|
+
InvalidIPAddrBindingRule-regular_expression_of_an_invalid_ip_address = (?-mix:^((http(s)?:\/\/)?0.0.0.0(:\d{1,5})?)$)
|
|
27
|
+
|
|
28
|
+
[UseWeakCryptoAlgorithmsRule]
|
|
29
|
+
UseWeakCryptoAlgorithmsRule-enable_configuration = true
|
|
30
|
+
UseWeakCryptoAlgorithmsRule-regular_expression_of_weak_crypto_algorithms = (?-mix:^(sha1|md5))
|
|
31
|
+
|
|
32
|
+
[SuspiciousCommentRule]
|
|
33
|
+
SuspiciousCommentRule-enable_configuration = true
|
|
34
|
+
SuspiciousCommentRule-list_of_trigger_words = hack,fixme,later,later2,todo,ticket,launchpad,bug,to-do
|
|
35
|
+
SuspiciousCommentRule-regular_expression_of_keywords_present_in_suspicious_comments = (?-mix:hack|fixme|ticket|bug|secur|debug|defect|weak)
|
|
36
|
+
|
|
37
|
+
[CyrillicHomographAttack]
|
|
38
|
+
CyrillicHomographAttack-enable_configuration = true
|
|
39
|
+
CyrillicHomographAttack-regular_expression_of_links_with_cyrillic_characters = (?-mix:^(http(s)?:\/\/)?.*\p{Cyrillic}+)
|
|
40
|
+
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: puppet-sec-lint
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.17
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tiago Ribeiro
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-06-
|
|
11
|
+
date: 2021-06-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: puppet-lint
|
|
@@ -203,6 +203,7 @@ files:
|
|
|
203
203
|
- lib/rules/use_weak_crypto_algorithms_rule.rb
|
|
204
204
|
- lib/servers/language_server.rb
|
|
205
205
|
- lib/servers/linter_server.rb
|
|
206
|
+
- lib/settings.ini
|
|
206
207
|
- lib/sin/sin.rb
|
|
207
208
|
- lib/sin/sin_type.rb
|
|
208
209
|
- lib/visitors/configuration_visitor.rb
|