puppet-sec-lint 0.5.7 → 0.5.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7b342570d0cd33a8818a927585edab299dc3117eea0bd92ca2b017045627836f
-  data.tar.gz: 14c9957c5262ca2b9dfa209740fc3de748fb326009ca24a98b3fc046b99defa2
+  metadata.gz: 844e10fd83efbd1c88d6347db5efefa488118e636da85ccb16354e0176d95465
+  data.tar.gz: 0eca06adb099f34d833d581bffc019cfd8ad61153c2cffd53b3f6d70709f706e
 SHA512:
-  metadata.gz: 326b1e1ef9084032fa9fe0e2403c666d7ea385806a42848a9939ff0e3b62837d28f2af794ee9f4cf45cabaffac891b5787164a8b89d0182f1d0cb21d3ba17fee
-  data.tar.gz: 440a31bcac39c6818463e8fec34611e7df7f7779ac05b69b697c1caa24ce9006dbdd5e8316081708eeae19f85af18c381fb1a07cf25f4efb5fd3fe3d18074e63
+  metadata.gz: 2150f2863771a997167858fb75561b848671788047d09bf8ef0dccde18f77d8756851ddfd68a2b94fb2dc096ce089465b7377a6270a1aed9d2786d1fd8b525d6
+  data.tar.gz: c33d424d3f105db9d88be69ce103263dbbaf1da1ecc4648d4b5bd06bfede2d9ee18de4d491d71104e9db93d1cd73177f2feb7bcf1e911bc98dafaeea23629ac7

data/.idea/puppet-sec-lint.iml

@@ -13,8 +13,6 @@
     <orderEntry type="sourceFolder" forTests="false" />
     <orderEntry type="library" scope="PROVIDED" name="addressable (v2.7.0, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="bundler (v2.2.3, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="daemons (v1.3.1, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="eventmachine (v1.2.7, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="inifile (v3.0.0, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="launchy (v2.5.0, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="minitest (v5.14.4, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
@@ -22,22 +20,22 @@
     <orderEntry type="library" scope="PROVIDED" name="puppet-lint (v2.4.2, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="rack (v2.2.3, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="rake (v13.0.3, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="thin (v1.8.0, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="webrick (v1.7.0, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
   </component>
   <component name="RakeTasksCache">
     <option name="myRootTask">
       <RakeTaskImpl id="rake">
         <subtasks>
-          <RakeTaskImpl description="Build puppet-sec-lint-0.1.0.gem into the pkg directory" fullCommand="build" id="build" />
+          <RakeTaskImpl description="Build puppet-sec-lint-0.5.7.gem into the pkg directory" fullCommand="build" id="build" />
           <RakeTaskImpl description="Remove any temporary products" fullCommand="clean" id="clean" />
           <RakeTaskImpl description="Remove any generated files" fullCommand="clobber" id="clobber" />
-          <RakeTaskImpl description="Build and install puppet-sec-lint-0.1.0.gem into system gems" fullCommand="install" id="install" />
+          <RakeTaskImpl description="Build and install puppet-sec-lint-0.5.7.gem into system gems" fullCommand="install" id="install" />
           <RakeTaskImpl id="install">
             <subtasks>
-              <RakeTaskImpl description="Build and install puppet-sec-lint-0.1.0.gem into system gems without network access" fullCommand="install:local" id="local" />
+              <RakeTaskImpl description="Build and install puppet-sec-lint-0.5.7.gem into system gems without network access" fullCommand="install:local" id="local" />
             </subtasks>
           </RakeTaskImpl>
-          <RakeTaskImpl description="Create tag v0.1.0 and build and push puppet-sec-lint-0.1.0.gem to TODO: Set to 'http://mygemserver.com'" fullCommand="release[remote]" id="release[remote]" />
+          <RakeTaskImpl description="Create tag v0.5.7 and build and push puppet-sec-lint-0.5.7.gem to https://rubygems.org" fullCommand="release[remote]" id="release[remote]" />
           <RakeTaskImpl description="Run tests" fullCommand="test" id="test" />
           <RakeTaskImpl description="" fullCommand="default" id="default" />
           <RakeTaskImpl description="" fullCommand="release" id="release" />

data/Gemfile

@@ -13,7 +13,7 @@ gem "puppet-lint"
 
 gem "rack"
 
-gem 'thin'
+gem 'webrick'
 
 gem 'inifile'
 

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    puppet-sec-lint (0.5.6)
+    puppet-sec-lint (0.5.7)
       inifile (~> 3.0.0)
       launchy (~> 2.5.0)
       minitest (~> 5.0)
@@ -14,8 +14,6 @@ GEM
   specs:
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
-    daemons (1.3.1)
-    eventmachine (1.2.7)
     inifile (3.0.0)
     launchy (2.5.0)
       addressable (~> 2.7)
@@ -24,10 +22,7 @@ GEM
     puppet-lint (2.4.2)
     rack (2.2.3)
     rake (13.0.3)
-    thin (1.8.0)
-      daemons (~> 1.0, >= 1.0.9)
-      eventmachine (~> 1.0, >= 1.0.4)
-      rack (>= 1, < 3)
+    webrick (1.7.0)
 
 PLATFORMS
   x86_64-linux
@@ -40,7 +35,7 @@ DEPENDENCIES
   puppet-sec-lint!
   rack
   rake (~> 13.0)
-  thin
+  webrick
 
 BUNDLED WITH
    2.2.3

data/exe/puppet-sec-lint

@@ -9,6 +9,9 @@ require_relative '../lib/puppet-sec-lint/version'
 require_relative '../lib/visitors/configuration_visitor'
 require_relative '../lib/facades/configuration_file_facade'
 
+ConfigurationVisitor.GenerateIDs
+ConfigurationFileFacade.LoadConfigurations
+
 #get free port
 loop do
   $port = rand(3000..9999)

data/lib/puppet-sec-lint/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module PuppetSecLint
-  VERSION = "0.5.7"
+  VERSION = "0.5.8"
   YEAR = "2021"
   AUTHOR = "Tiago Ribeiro"
 end

data/lib/servers/language_server.rb

@@ -7,8 +7,6 @@ require_relative '../facades/configuration_page_facade'
 require_relative '../facades/configuration_file_facade'
 
 class LanguageServer
-  ConfigurationVisitor.GenerateIDs
-  ConfigurationFileFacade.LoadConfigurations
 
   def self.start(port)
     port ||= 5007

data/lib/servers/linter_server.rb

@@ -1,5 +1,4 @@
 require "rack"
-require "thin"
 require 'json'
 require 'uri'
 require_relative '../rule_engine'
@@ -8,8 +7,6 @@ require_relative '../facades/configuration_page_facade'
 require_relative '../facades/configuration_file_facade'
 
 class LinterServer
-  ConfigurationVisitor.GenerateIDs
-  ConfigurationFileFacade.LoadConfigurations
 
   def call(env)
     req = Rack::Request.new(env)
@@ -46,7 +43,7 @@ class LinterServer
   end
 
   def self.start(port)
-    Rack::Handler::Thin.run(LinterServer.new, :Port => port)
+    Rack::Handler::WEBrick.run(LinterServer.new, :Port => port)
   end
 
 end

data/lib/settings.ini

@@ -0,0 +1,39 @@
+[HardCodedCredentialsRule]
+HardCodedCredentialsRule-enable_configuration = false
+HardCodedCredentialsRule-list_of_known_words_not_considered_in_credentials = pe-puppet,pe-webserver,pe-puppetdb,pe-postgres,pe-console-services,pe-orchestration-services,pe-ace-server,pe-bolt-server
+HardCodedCredentialsRule-list_of_invalid_values_in_credentials = undefined,unset,www-data,wwwrun,www,no,yes,[],root
+HardCodedCredentialsRule-regular_expression_of_words_present_in_credentials = (?-mix:user|usr|pass(word|_|$)|pwd|key|secret)
+HardCodedCredentialsRule-regular_expression_of_words_not_present_in_credentials = (?-mix:gpg|path|type|buff|zone|mode|tag|header|scheme|length|guid)
+
+[NoHTTPRule]
+NoHTTPRule-enable_configuration = false
+NoHTTPRule-list_of_resources_that_can_use_http = apt::source,::apt::source,wget::fetch,yumrepo,yum::,aptly::mirror,util::system_package,yum::managed_yumrepo
+NoHTTPRule-list_of_keywords_for_urls = backport,key,download,uri,mirror
+NoHTTPRule-regular_expression_of_a_normal_http_address = (?-mix:^http:\/\/.+)
+
+[AdminByDefaultRule]
+AdminByDefaultRule-enable_configuration = true
+AdminByDefaultRule-regular_expression_of_words_present_in_credentials = (?-mix:user|usr|pass(word|_|$)|pwd)
+
+[EmptyPasswordRule]
+EmptyPasswordRule-enable_configuration = true
+EmptyPasswordRule-list_of_trigger_words = pwd,password,pass
+EmptyPasswordRule-regular_expression_of_password_name = (?-mix:pass(word|_|$)|pwd)
+
+[InvalidIPAddrBindingRule]
+InvalidIPAddrBindingRule-enable_configuration = true
+InvalidIPAddrBindingRule-regular_expression_of_an_invalid_ip_address = (?-mix:^((http(s)?:\/\/)?0.0.0.0(:\d{1,5})?)$)
+
+[UseWeakCryptoAlgorithmsRule]
+UseWeakCryptoAlgorithmsRule-enable_configuration = true
+UseWeakCryptoAlgorithmsRule-regular_expression_of_weak_crypto_algorithms = (?-mix:^(sha1|md5))
+
+[SuspiciousCommentRule]
+SuspiciousCommentRule-enable_configuration = true
+SuspiciousCommentRule-list_of_trigger_words = hack,fixme,later,later2,todo,ticket,launchpad,bug,to-do
+SuspiciousCommentRule-regular_expression_of_keywords_present_in_suspicious_comments = (?-mix:hack|fixme|ticket|bug|secur|debug|defect|weak)
+
+[CyrillicHomographAttack]
+CyrillicHomographAttack-enable_configuration = true
+CyrillicHomographAttack-regular_expression_of_links_with_cyrillic_characters = (?-mix:^(http(s)?:\/\/)?.*\p{Cyrillic}+)
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: puppet-sec-lint
 version: !ruby/object:Gem::Version
-  version: 0.5.7
+  version: 0.5.8
 platform: ruby
 authors:
 - Tiago Ribeiro
@@ -169,6 +169,7 @@ files:
 - lib/rules/use_weak_crypto_algorithms_rule.rb
 - lib/servers/language_server.rb
 - lib/servers/linter_server.rb
+- lib/settings.ini
 - lib/sin/sin.rb
 - lib/sin/sin_type.rb
 - lib/visitors/configuration_visitor.rb