Sha256: ebeb4eb26f121d7c5384b8000d982474ddd66061901b6c06905104c1fa814a39
Contents?: true
Size: 1.84 KB
Versions: 3
Compression:
Stored size: 1.84 KB
Contents
require_relative '../configurations/list_configuration'
require_relative '../sin/sin'
require_relative '../sin/sin_type'
class NoHTTPRule < Rule
@name="No HTTPS Connections"
@resources = %w[apt::source ::apt::source wget::fetch yumrepo yum:: aptly::mirror util::system_package yum::managed_yumrepo]
@keywords = %w[backport key download uri mirror]
@http = /^http:\/\/.+/
@whitelist = ""
@resources_conf = ListConfiguration.new("List of resources that can use HTTP", @resources, "List of resources that are known to not use HTTPS but that validate the transferred content with other secure methods.")
@keywords_conf = ListConfiguration.new("List of keywords for URLs", @keywords, "List of keywords that identify hyperlinks that should be analyzed.")
@whitelist_conf = RegexConfiguration.new("HTTP Address whitelist", @whitelist, "List of addresses that are allowed to have non-secure http connections to them.")
@http_conf = RegexConfiguration.new("Regular expression of a normal HTTP address", @http, "Regular expression that identifies the URL of a website using the regular non-secure HTTP protocol.")
@configurations+=[@resources_conf, @keywords_conf, @http_conf, @whitelist_conf]
def self.AnalyzeTokens(tokens)
result = []
ptokens = self.filter_resources(tokens, @resources_conf.value)
ctokens = self.filter_variables(ptokens, @keywords_conf.value) #TODO: It's working upside down
if @whitelist_conf.value
wtokens = self.filter_whitelist(ctokens, @whitelist_conf.value)
else
wtokens = ptokens
end
wtokens.each do |token|
token_value = token.value.downcase
token_type = token.type.to_s
if (token_value =~ @http_conf.value)
result.append(Sin.new(SinType::HttpWithoutTLS, token.line, token.column, token.line, token.column+token_value.length))
end
end
return result
end
end
Version data entries
3 entries across 3 versions & 1 rubygems
| Version | Path |
|---|---|
| puppet-sec-lint-0.5.14 | lib/rules/no_http_rule.rb |
| puppet-sec-lint-0.5.13 | lib/rules/no_http_rule.rb |
| puppet-sec-lint-0.5.11 | lib/rules/no_http_rule.rb |