puppet-sec-lint 0.5.17 → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/README.md +40 -8
  4. data/docs/images/puppet-sec-lint_configuration_bool.png +0 -0
  5. data/docs/images/puppet-sec-lint_configuration_list.png +0 -0
  6. data/docs/images/puppet-sec-lint_configuration_regex.png +0 -0
  7. data/docs/images/puppet-sec-lint_rule.png +0 -0
  8. data/lib/puppet-sec-lint/version.rb +1 -1
  9. data/puppet-sec-lint.gemspec +1 -1
  10. metadata +6 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6bfe95cea2d99930169041dca391fc75092615989bf760110c9e30aa129e4cfa
4
- data.tar.gz: 74eebb1a8c0173313962c2f89a59f051228b32148deca9abebfad22345dc4728
3
+ metadata.gz: 0ed39e8fd69a0dd1d3091aaee274f88cc192e973ef2b2cd21076a86aa21f6712
4
+ data.tar.gz: 9483297393e0eaebe4551b037d87260552c0e26b2b76d77dd9db14485c0a197c
5
5
  SHA512:
6
- metadata.gz: 61ef7a949e6eb553397d1e3497daee79e7d53d5bc87b4d11c6dcb825652ccd31bd395a38956a503bd4f2a157e7a35c19b81a3c67a5794381022253b424417e34
7
- data.tar.gz: 5a630410caafefd0c5536fde1503591f0e9f8ebc82718b020b3b8a81f583a7746e69ff2cbba4e8c05971cf68ab22bbf4617467f2bcb4a44762ed40e7cf2bc5d3
6
+ metadata.gz: c759dca11c5156be203bafff3ccb26dfcc02a10936a5157b061dabdb42de8689ddc69e79865a999e792c704712cbd95757f383ee1afac33e75b326ad1dbeb9dd
7
+ data.tar.gz: 49d80107d0ab6d01c73fa24b6482cd7a483f7bf0ec049e860b12b67a27aa69293df98b00bf24cd36def138d3bce3884c4d2b87421b2162f7bec90251d957bf11
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- puppet-sec-lint (0.5.17)
4
+ puppet-sec-lint (1.0.0)
5
5
  inifile (~> 3.0.0)
6
6
  launchy (~> 2.5.0)
7
7
  logger (~> 1.4.3)
data/README.md CHANGED
@@ -50,20 +50,52 @@ puppet-sec-lint -c
50
50
 
51
51
  ## Development
52
52
 
53
- ### Development of new rules
54
-
55
53
  The linter was built on top of a modular architecture, which means that new customizable rules can be added fairly easy facing the discovery of new scenarios and vulnerabilities.
56
54
 
57
- <!--
58
- (add instructions on how to clone, build and run tool)
55
+ ### Cloning and running
56
+
57
+ To add new functionality to the tool, start by cloning the repository into a folder.
58
+ To run the software locally, run the executable **exe/puppet-sec-lint** from a command line.
59
+
60
+ ### Adding new rules
61
+
62
+ To add a new rule, the easiest way is to duplicate the file of an existing rule inside the **lib/rules** folder. Taking the *Admin By Default* rule as an example, here is everything that can be changed and customized.
63
+
64
+ ![puppet-sec-lint rule](docs/images/puppet-sec-lint_rule.png)
65
+
66
+ #### Naming
67
+
68
+ The class should have an unique and meaningful name, both at the class name itself and the property @Name (that's what's displayed in the Configurations page). It should also be derived from the **Rule** class.
69
+
70
+ #### Token analysis
71
+
72
+ Each rule works by running the **AnalyzeTokens** method, receiving a list of tokens (that represent the entire code of the file being analyzed) and after analyzing everything, it should return a list of results (each result is a vulnerability found represented by the **Sin** class). Adding new types of vulnerabilities can be done by adding new elements to the **SinType** class.
73
+
74
+ #### Configurations
75
+
76
+ To add configurable elements to the class, simply create new instances of the child classes of the **Configuration** class, as exemplified in the above rule. The constructor takes as arguments the title and description (to be shown in the configurations page) and the initial default value (before the user modifies the application settings).
77
+
78
+ All configurations should then be added to the @configurations array.
79
+
80
+ The current types of configurations available (children of the **Configuration** class) are:
81
+
82
+ * Boolean
83
+
84
+ ![puppet-sec-lint configuration_bool](docs/images/puppet-sec-lint_configuration_bool.png)
85
+ * List of elements
86
+
87
+ ![puppet-sec-lint configuration_list](docs/images/puppet-sec-lint_configuration_list.png)
88
+ * Regular Expression
89
+
90
+ ![puppet-sec-lint configuration_regex](docs/images/puppet-sec-lint_configuration_regex.png)
59
91
 
60
- (add instructions on where and how to add new rule and configurations)
61
- -->
92
+ #### Add rule to rule engine
62
93
 
63
- <!--After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
94
+ The final step is to ensure that the Rule Engine can detect and run the rule everytime an analysis is performed. As such, in the **lib/rule_engine.rb** file, import the newly created rule and add it to the @rules array.
64
95
 
65
- To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).-->
96
+ ---
66
97
 
98
+ After following these steps, the rule should then be automatically run everytime an analysis is performed. Also, the configurations now show up automatically in the configurations page, giving the user the possibility to customize its values.
67
99
 
68
100
  ## Contributing
69
101
 
data/lib/puppet-sec-lint/version.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PuppetSecLint
4
- VERSION = "0.5.17"
4
+ VERSION = "1.0.0"
5
5
  YEAR = "2021"
6
6
  AUTHOR = "TQRG"
7
7
  end
data/puppet-sec-lint.gemspec CHANGED
@@ -12,7 +12,7 @@ Gem::Specification.new do |spec|
12
12
  spec.description = "Linter built to detect potential security vulnerabilities in Puppet manifests code. It also offers integration with Visual Studio Code https://marketplace.visualstudio.com/items?itemName=tiago1998.puppet-sec-lint-vscode"
13
13
  spec.homepage = "https://github.com/TiagoR98/puppet-sec-lint"
14
14
  spec.license = "MIT"
15
- spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
15
+ spec.required_ruby_version = Gem::Requirement.new(">= 2.7.0")
16
16
 
17
17
  spec.metadata["allowed_push_host"] = "https://rubygems.org"
18
18
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: puppet-sec-lint
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.17
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tiago Ribeiro
@@ -173,8 +173,12 @@ files:
173
173
  - docs/empty-password.md
174
174
  - docs/hard-coded-credentials.md
175
175
  - docs/http-without-tls.md
176
+ - docs/images/puppet-sec-lint_configuration_bool.png
177
+ - docs/images/puppet-sec-lint_configuration_list.png
178
+ - docs/images/puppet-sec-lint_configuration_regex.png
176
179
  - docs/images/puppet-sec-lint_configurations.png
177
180
  - docs/images/puppet-sec-lint_console.png
181
+ - docs/images/puppet-sec-lint_rule.png
178
182
  - docs/images/puppet-sec-lint_vscode.png
179
183
  - docs/index.md
180
184
  - docs/invalid-ip-addr-binding.md
@@ -224,7 +228,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
224
228
  requirements:
225
229
  - - ">="
226
230
  - !ruby/object:Gem::Version
227
- version: 2.3.0
231
+ version: 2.7.0
228
232
  required_rubygems_version: !ruby/object:Gem::Requirement
229
233
  requirements:
230
234
  - - ">="