puppet-sec-lint 0.5.7 → 0.5.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.idea/puppet-sec-lint.iml +5 -7
- data/Gemfile +1 -1
- data/Gemfile.lock +3 -8
- data/exe/puppet-sec-lint +3 -0
- data/lib/puppet-sec-lint/version.rb +1 -1
- data/lib/servers/language_server.rb +0 -2
- data/lib/servers/linter_server.rb +1 -4
- data/lib/settings.ini +39 -0
- metadata +2 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 844e10fd83efbd1c88d6347db5efefa488118e636da85ccb16354e0176d95465
|
4
|
+
data.tar.gz: 0eca06adb099f34d833d581bffc019cfd8ad61153c2cffd53b3f6d70709f706e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2150f2863771a997167858fb75561b848671788047d09bf8ef0dccde18f77d8756851ddfd68a2b94fb2dc096ce089465b7377a6270a1aed9d2786d1fd8b525d6
|
7
|
+
data.tar.gz: c33d424d3f105db9d88be69ce103263dbbaf1da1ecc4648d4b5bd06bfede2d9ee18de4d491d71104e9db93d1cd73177f2feb7bcf1e911bc98dafaeea23629ac7
|
data/.idea/puppet-sec-lint.iml
CHANGED
@@ -13,8 +13,6 @@
|
|
13
13
|
<orderEntry type="sourceFolder" forTests="false" />
|
14
14
|
<orderEntry type="library" scope="PROVIDED" name="addressable (v2.7.0, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
|
15
15
|
<orderEntry type="library" scope="PROVIDED" name="bundler (v2.2.3, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
|
16
|
-
<orderEntry type="library" scope="PROVIDED" name="daemons (v1.3.1, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
|
17
|
-
<orderEntry type="library" scope="PROVIDED" name="eventmachine (v1.2.7, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
|
18
16
|
<orderEntry type="library" scope="PROVIDED" name="inifile (v3.0.0, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
|
19
17
|
<orderEntry type="library" scope="PROVIDED" name="launchy (v2.5.0, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
|
20
18
|
<orderEntry type="library" scope="PROVIDED" name="minitest (v5.14.4, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
|
@@ -22,22 +20,22 @@
|
|
22
20
|
<orderEntry type="library" scope="PROVIDED" name="puppet-lint (v2.4.2, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
|
23
21
|
<orderEntry type="library" scope="PROVIDED" name="rack (v2.2.3, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
|
24
22
|
<orderEntry type="library" scope="PROVIDED" name="rake (v13.0.3, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
|
25
|
-
<orderEntry type="library" scope="PROVIDED" name="
|
23
|
+
<orderEntry type="library" scope="PROVIDED" name="webrick (v1.7.0, RVM: ruby-3.0.0 [global]) [gem]" level="application" />
|
26
24
|
</component>
|
27
25
|
<component name="RakeTasksCache">
|
28
26
|
<option name="myRootTask">
|
29
27
|
<RakeTaskImpl id="rake">
|
30
28
|
<subtasks>
|
31
|
-
<RakeTaskImpl description="Build puppet-sec-lint-0.
|
29
|
+
<RakeTaskImpl description="Build puppet-sec-lint-0.5.7.gem into the pkg directory" fullCommand="build" id="build" />
|
32
30
|
<RakeTaskImpl description="Remove any temporary products" fullCommand="clean" id="clean" />
|
33
31
|
<RakeTaskImpl description="Remove any generated files" fullCommand="clobber" id="clobber" />
|
34
|
-
<RakeTaskImpl description="Build and install puppet-sec-lint-0.
|
32
|
+
<RakeTaskImpl description="Build and install puppet-sec-lint-0.5.7.gem into system gems" fullCommand="install" id="install" />
|
35
33
|
<RakeTaskImpl id="install">
|
36
34
|
<subtasks>
|
37
|
-
<RakeTaskImpl description="Build and install puppet-sec-lint-0.
|
35
|
+
<RakeTaskImpl description="Build and install puppet-sec-lint-0.5.7.gem into system gems without network access" fullCommand="install:local" id="local" />
|
38
36
|
</subtasks>
|
39
37
|
</RakeTaskImpl>
|
40
|
-
<RakeTaskImpl description="Create tag v0.
|
38
|
+
<RakeTaskImpl description="Create tag v0.5.7 and build and push puppet-sec-lint-0.5.7.gem to https://rubygems.org" fullCommand="release[remote]" id="release[remote]" />
|
41
39
|
<RakeTaskImpl description="Run tests" fullCommand="test" id="test" />
|
42
40
|
<RakeTaskImpl description="" fullCommand="default" id="default" />
|
43
41
|
<RakeTaskImpl description="" fullCommand="release" id="release" />
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
puppet-sec-lint (0.5.
|
4
|
+
puppet-sec-lint (0.5.7)
|
5
5
|
inifile (~> 3.0.0)
|
6
6
|
launchy (~> 2.5.0)
|
7
7
|
minitest (~> 5.0)
|
@@ -14,8 +14,6 @@ GEM
|
|
14
14
|
specs:
|
15
15
|
addressable (2.7.0)
|
16
16
|
public_suffix (>= 2.0.2, < 5.0)
|
17
|
-
daemons (1.3.1)
|
18
|
-
eventmachine (1.2.7)
|
19
17
|
inifile (3.0.0)
|
20
18
|
launchy (2.5.0)
|
21
19
|
addressable (~> 2.7)
|
@@ -24,10 +22,7 @@ GEM
|
|
24
22
|
puppet-lint (2.4.2)
|
25
23
|
rack (2.2.3)
|
26
24
|
rake (13.0.3)
|
27
|
-
|
28
|
-
daemons (~> 1.0, >= 1.0.9)
|
29
|
-
eventmachine (~> 1.0, >= 1.0.4)
|
30
|
-
rack (>= 1, < 3)
|
25
|
+
webrick (1.7.0)
|
31
26
|
|
32
27
|
PLATFORMS
|
33
28
|
x86_64-linux
|
@@ -40,7 +35,7 @@ DEPENDENCIES
|
|
40
35
|
puppet-sec-lint!
|
41
36
|
rack
|
42
37
|
rake (~> 13.0)
|
43
|
-
|
38
|
+
webrick
|
44
39
|
|
45
40
|
BUNDLED WITH
|
46
41
|
2.2.3
|
data/exe/puppet-sec-lint
CHANGED
@@ -9,6 +9,9 @@ require_relative '../lib/puppet-sec-lint/version'
|
|
9
9
|
require_relative '../lib/visitors/configuration_visitor'
|
10
10
|
require_relative '../lib/facades/configuration_file_facade'
|
11
11
|
|
12
|
+
ConfigurationVisitor.GenerateIDs
|
13
|
+
ConfigurationFileFacade.LoadConfigurations
|
14
|
+
|
12
15
|
#get free port
|
13
16
|
loop do
|
14
17
|
$port = rand(3000..9999)
|
@@ -1,5 +1,4 @@
|
|
1
1
|
require "rack"
|
2
|
-
require "thin"
|
3
2
|
require 'json'
|
4
3
|
require 'uri'
|
5
4
|
require_relative '../rule_engine'
|
@@ -8,8 +7,6 @@ require_relative '../facades/configuration_page_facade'
|
|
8
7
|
require_relative '../facades/configuration_file_facade'
|
9
8
|
|
10
9
|
class LinterServer
|
11
|
-
ConfigurationVisitor.GenerateIDs
|
12
|
-
ConfigurationFileFacade.LoadConfigurations
|
13
10
|
|
14
11
|
def call(env)
|
15
12
|
req = Rack::Request.new(env)
|
@@ -46,7 +43,7 @@ class LinterServer
|
|
46
43
|
end
|
47
44
|
|
48
45
|
def self.start(port)
|
49
|
-
Rack::Handler::
|
46
|
+
Rack::Handler::WEBrick.run(LinterServer.new, :Port => port)
|
50
47
|
end
|
51
48
|
|
52
49
|
end
|
data/lib/settings.ini
ADDED
@@ -0,0 +1,39 @@
|
|
1
|
+
[HardCodedCredentialsRule]
|
2
|
+
HardCodedCredentialsRule-enable_configuration = false
|
3
|
+
HardCodedCredentialsRule-list_of_known_words_not_considered_in_credentials = pe-puppet,pe-webserver,pe-puppetdb,pe-postgres,pe-console-services,pe-orchestration-services,pe-ace-server,pe-bolt-server
|
4
|
+
HardCodedCredentialsRule-list_of_invalid_values_in_credentials = undefined,unset,www-data,wwwrun,www,no,yes,[],root
|
5
|
+
HardCodedCredentialsRule-regular_expression_of_words_present_in_credentials = (?-mix:user|usr|pass(word|_|$)|pwd|key|secret)
|
6
|
+
HardCodedCredentialsRule-regular_expression_of_words_not_present_in_credentials = (?-mix:gpg|path|type|buff|zone|mode|tag|header|scheme|length|guid)
|
7
|
+
|
8
|
+
[NoHTTPRule]
|
9
|
+
NoHTTPRule-enable_configuration = false
|
10
|
+
NoHTTPRule-list_of_resources_that_can_use_http = apt::source,::apt::source,wget::fetch,yumrepo,yum::,aptly::mirror,util::system_package,yum::managed_yumrepo
|
11
|
+
NoHTTPRule-list_of_keywords_for_urls = backport,key,download,uri,mirror
|
12
|
+
NoHTTPRule-regular_expression_of_a_normal_http_address = (?-mix:^http:\/\/.+)
|
13
|
+
|
14
|
+
[AdminByDefaultRule]
|
15
|
+
AdminByDefaultRule-enable_configuration = true
|
16
|
+
AdminByDefaultRule-regular_expression_of_words_present_in_credentials = (?-mix:user|usr|pass(word|_|$)|pwd)
|
17
|
+
|
18
|
+
[EmptyPasswordRule]
|
19
|
+
EmptyPasswordRule-enable_configuration = true
|
20
|
+
EmptyPasswordRule-list_of_trigger_words = pwd,password,pass
|
21
|
+
EmptyPasswordRule-regular_expression_of_password_name = (?-mix:pass(word|_|$)|pwd)
|
22
|
+
|
23
|
+
[InvalidIPAddrBindingRule]
|
24
|
+
InvalidIPAddrBindingRule-enable_configuration = true
|
25
|
+
InvalidIPAddrBindingRule-regular_expression_of_an_invalid_ip_address = (?-mix:^((http(s)?:\/\/)?0.0.0.0(:\d{1,5})?)$)
|
26
|
+
|
27
|
+
[UseWeakCryptoAlgorithmsRule]
|
28
|
+
UseWeakCryptoAlgorithmsRule-enable_configuration = true
|
29
|
+
UseWeakCryptoAlgorithmsRule-regular_expression_of_weak_crypto_algorithms = (?-mix:^(sha1|md5))
|
30
|
+
|
31
|
+
[SuspiciousCommentRule]
|
32
|
+
SuspiciousCommentRule-enable_configuration = true
|
33
|
+
SuspiciousCommentRule-list_of_trigger_words = hack,fixme,later,later2,todo,ticket,launchpad,bug,to-do
|
34
|
+
SuspiciousCommentRule-regular_expression_of_keywords_present_in_suspicious_comments = (?-mix:hack|fixme|ticket|bug|secur|debug|defect|weak)
|
35
|
+
|
36
|
+
[CyrillicHomographAttack]
|
37
|
+
CyrillicHomographAttack-enable_configuration = true
|
38
|
+
CyrillicHomographAttack-regular_expression_of_links_with_cyrillic_characters = (?-mix:^(http(s)?:\/\/)?.*\p{Cyrillic}+)
|
39
|
+
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: puppet-sec-lint
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tiago Ribeiro
|
@@ -169,6 +169,7 @@ files:
|
|
169
169
|
- lib/rules/use_weak_crypto_algorithms_rule.rb
|
170
170
|
- lib/servers/language_server.rb
|
171
171
|
- lib/servers/linter_server.rb
|
172
|
+
- lib/settings.ini
|
172
173
|
- lib/sin/sin.rb
|
173
174
|
- lib/sin/sin_type.rb
|
174
175
|
- lib/visitors/configuration_visitor.rb
|