Class: PuppetLint::CheckPlugin

Inherits:
Object
  • Object
show all
Defined in:
lib/puppet-lint/security.rb

Overview

Defines helper methods for check plugins

Constant Summary collapse

VALID_CONTENT_TOKENS =

This types represent valid values for variables and parameters

[:NAME,:SSTRING,:STRING,:NUMBER,:TRUE,:FALSE,:DQPRE,:DQMID,:DQPOST,:VARIABLE]

Instance Method Summary collapse

Instance Method Details

#bulk_notify(hash) ⇒ Object

Warps puppet-lint notify and generates notifies for array of problems

Parameters:

  • hash (Hash)

    Hash with options

Options Hash (hash):

  • :result (Array)

    Array of PuppetLint::Lexer::Token containing problems

  • :severity (Symbol)

    Severity of problem (:warning or :critical)

  • :message (String)

    Description of problem

Returns:

  • nothing



195
196
197
198
199
200
201
202
203
 
# File 'lib/puppet-lint/security.rb', line 195

def bulk_notify(hash)
  hash[:result].each do |v|
    notify hash[:severity], {
      :message => hash[:message],
      :line    => v.line,
      :column  => v.column,
    }
  end
end

#check_resource_index(hash) ⇒ Object

Wrapper to check logic. Searches tokens matching given puppet resource or class.

Parameters:

  • hash (Hash)

    Hash with options

Options Hash (hash):

  • :resource_type (Array)

    Array of PuppetLint::Lexer::Token containing problems

  • :severity (Symbol)

    Severity of problem (:warning or :critical)

  • :message (String)

    Description of problem

Returns:

  • nothing



213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
 
# File 'lib/puppet-lint/security.rb', line 213

def check_resource_index(hash)

  # Operate on arrays
  unless hash[:resource_type].is_a? Array
    resource_types=[hash[:resource_type]]
  else
    resource_types=hash[:resource_type]
  end

  rules=resource_indexes.find_all do |resource|
    # Need to search resource titles, when not a predefined puppet resource
    if resource[:type].type == :CLASS
       resource_titles = title_tokens.map { |t| t.value }
       diff_titles = (resource_types - resource_titles)

       # Difference is smaler then original
       # so some elements where substracted
       diff_titles.count < resource_types.count
    else
      resource_types.include? resource[:type].value
    end
  end

  result=rules.map do |rule|
    yield rule
  end.flatten.compact

  bulk_notify(hash.merge(:result => result))

end

#get_argument_token_for_function(tokens, function) ⇒ Array

Get array of tokens with arguments of a puppet-function

Parameters:

  • tokens (Array)

    puppet-lint token objects

  • function (String)

    search only mathing functions

Returns:

  • (Array)

    an array of matching token objects



120
121
122
123
124
125
126
127
128
129
130
131
132
 
# File 'lib/puppet-lint/security.rb', line 120

def get_argument_token_for_function(tokens,function)
  lparen=tokens.find do |token|
    token.type == :LPAREN and
      token.prev_code_token.type == :NAME and
      token.prev_code_token.value == function
  end

  if lparen.nil?
    return []
  else
    return get_block_between(:PAREN,lparen)
  end
end

#get_array_tokens_for_parameter(tokens, parameter) ⇒ Array

Get array of tokens for given parameter out of puppet resource definition

Parameters:

  • tokens (Array)

    puppet-lint token objects

  • parameter (String)

    search only mathing parameters

Returns:

  • (Array)

    an array of matching token objects



37
38
39
40
41
 
# File 'lib/puppet-lint/security.rb', line 37

def get_array_tokens_for_parameter(tokens,parameter)
  get_tokens_between(tokens,:BRACK,parameter).reject do |token|
    token.type == :COMMA
  end
end

#get_hash_tokens_for_parameter(tokens, parameter) ⇒ Array

Get array of tokens with given parameter out of a hash

Parameters:

  • tokens (Array)

    puppet-lint token objects

  • parameter (String)

    search only mathing parameters

Returns:

  • (Array)

    an array of matching token objects



48
49
50
 
# File 'lib/puppet-lint/security.rb', line 48

def get_hash_tokens_for_parameter(tokens,parameter)
  get_tokens_between(tokens,:BRACE,parameter)
end

#get_resource_block_for(resource_title, token) ⇒ Array

Get resource block for given puppet resource name. Resource type is irrelevant

Parameters:

  • resource_title (String)

    resource title of queried resource block

  • token (PuppetLint::Lexer::Token)

    Token of a puppet resource

Returns:

  • (Array)

    an array of array with matching token objects



79
80
81
82
83
84
85
86
 
# File 'lib/puppet-lint/security.rb', line 79

def get_resource_block_for(resource_title,token)
    titles=title_tokens_with_block

    titles.find_all do | hash |
      hash[:title].value == resource_title
    end.first.values.flatten

end

#get_resource_title_for(rule) ⇒ String

Get resource title for rule

Parameters:

  • representing (Hash)

    a resource_index

Returns:

  • (String)

    resource title of given rule



179
180
181
182
183
184
 
# File 'lib/puppet-lint/security.rb', line 179

def get_resource_title_for(rule)
  title_token=title_tokens_with_block.find do |h|
    h[:tokens].first == rule[:tokens].first
  end
  title_token[:title] unless title_token.nil?
end

#get_tokens_between(tokens, type, parameter) ⇒ Array

Get array of tokens with given parameter out of any puppet block

Parameters:

  • tokens (Array)

    puppet-lint token objects

  • parameter (String)

    search only mathing parameters

Returns:

  • (Array)

    an array of matching token objects



57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
# File 'lib/puppet-lint/security.rb', line 57

def get_tokens_between(tokens,type,parameter)
  brace_open=tokens.find do |token|
    token.type == left(type) and
      # Vorher kommt ein Pfeil, somit ist es der  Wert eines Parmeters
      token.prev_code_token.type == :FARROW and
      # Vor dem Pfeil kommt der gesuchte Parameter
      token.prev_code_token.prev_code_token.value == parameter
  end

  if brace_open.nil?
    return []
  else
    return get_block_between(type,brace_open)
  end
end

#get_value_token_for_parameter(tokens, parameter) ⇒ Array

Get array of tokens with values of given parameter

Parameters:

  • tokens (Array)

    puppet-lint token objects

  • parameter (String)

    search only mathing parameters

Returns:

  • (Array)

    an array of matching token objects



93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
 
# File 'lib/puppet-lint/security.rb', line 93

def get_value_token_for_parameter(tokens,parameter)
  value_starts_tokens=tokens.find_all do |token|
    VALID_CONTENT_TOKENS.include? token.type and
      # An arrow first indicates the value of a parameter
      token.prev_code_token.type == :FARROW and
      # The given parameter comes first, then the arrow
      token.prev_code_token.prev_code_token.value == parameter
  end
  value_starts_tokens.map do |token|
    if token.type==:DQPRE
      t=[]
      until token.type == :DQPOST
        t << token
        token=token.next_code_token
      end
      t
    else
      token
    end
  end.flatten
end

#get_variable_value_for(token) ⇒ PuppetLint::Lexer::Token

Get first token with begin of value to a given parameter token

Parameters:

  • token (PuppetLint::Lexer::Token)

    Token of a parameter to a puppet resource

Returns:

  • (PuppetLint::Lexer::Token)

    Token with value (first token after equals



138
139
140
141
142
143
144
145
146
147
148
 
# File 'lib/puppet-lint/security.rb', line 138

def get_variable_value_for(token)
  if token.type == :VARIABLE and token.next_code_token.type == :EQUALS
    token=token.next_code_token
    until token.next_code_token.nil? or VALID_CONTENT_TOKENS.include? token.type or token.type == :VARIABLE
      token=token.next_code_token
    end
    return token
  else
    return nil
  end
end

#resource_in_class_or_define?(resource, class_or_define) ⇒ Boolean

Checks if given resource is defined in given class or define

Parameters:

  • resource (Hash)

    puppet-lint resource_index hash

  • class_or_define (Hash)

    puppet-lint class_index or defined_type_index hash

Returns:

  • (Boolean)

    it is defined inside or not



12
13
14
15
 
# File 'lib/puppet-lint/security.rb', line 12

def resource_in_class_or_define?(resource,class_or_define)
  resource[:start] > class_or_define[:start] and
    resource[:end] < class_or_define[:end]
end

#title_tokens_with_blockArray

Get Hash of titles and tokens of puppet manifest

Returns:

  • (Array)

    of [Hashes] with title as [PuppetLint::Lexer::Token] token and array of token with parameters as [PuppetLint::Lexer::Token]



154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
 
# File 'lib/puppet-lint/security.rb', line 154

def title_tokens_with_block

  # Get all token blocks having between colon and semic or rbrace
  title_tokens.map do |block_starter|
    token_array=[]
    t = block_starter.next_token

    until [:SEMIC,:RBRACE].include? t.type
      token_array << t unless t.type == :COLON
      t = t.next_token
    end

    {
      :title   => block_starter,
      :tokens  => token_array
    }

  end

end

#value_is_array?(tokens, parameter) ⇒ Boolean

Checks if given parameter of a puppet resource is an array

Parameters:

  • tokens (Array)

    puppet-lint token objects

  • parameter (String)

    search only mathing parameters

Returns:

  • (Boolean)

    it is an array or not



22
23
24
25
26
27
28
29
30
 
# File 'lib/puppet-lint/security.rb', line 22

def value_is_array?(tokens,parameter)
  values_with_lbracks=tokens.find_all do |token|
    #  match 'parameter => ['
    token.type == :LBRACK and
      token.prev_code_token.type == :FARROW and
      token.prev_code_token.prev_code_token.value == parameter
  end
  not values_with_lbracks.empty?
end