Skip to content

Commit c845274

Browse files
authored
Merge pull request #120 from dev-sec/newlint
Change linting to Cookstyle
2 parents 6bcfe60 + 87009dc commit c845274

30 files changed

+86
-118
lines changed

.rubocop.yml

Lines changed: 0 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -2,35 +2,3 @@
22
AllCops:
33
Exclude:
44
- vendor/**/*
5-
Documentation:
6-
Enabled: false
7-
Layout/ParameterAlignment:
8-
Enabled: true
9-
HashSyntax:
10-
Enabled: true
11-
LineLength:
12-
Enabled: false
13-
EmptyLinesAroundBlockBody:
14-
Enabled: false
15-
Style/Encoding:
16-
Enabled: false
17-
MethodLength:
18-
Max: 40
19-
NumericLiterals:
20-
MinDigits: 10
21-
Metrics/BlockLength:
22-
Max: 45 # needed for 6.1.1
23-
Metrics/CyclomaticComplexity:
24-
Max: 10
25-
Metrics/PerceivedComplexity:
26-
Max: 10
27-
Metrics/AbcSize:
28-
Max: 30
29-
# Lint/AmbiguousBlockAssociation is incompatible with RSpec
30-
# https://github.com/rubocop-hq/rubocop/issues/4222
31-
Lint/AmbiguousBlockAssociation:
32-
Enabled: false
33-
Lint/AmbiguousRegexpLiteral:
34-
Enabled: false
35-
Style/NumericPredicate:
36-
Enabled: false

Gemfile

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22

33
source 'https://rubygems.org'
44

5+
gem 'cookstyle'
56
gem 'highline'
67
gem 'rack'
78
gem 'rake'

Rakefile

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
# frozen_string_literal: true
22

3+
require 'cookstyle'
34
require 'rake/testtask'
45
require 'rubocop/rake_task'
56

@@ -9,6 +10,10 @@ task :rubocop do
910
RuboCop::RakeTask.new
1011
end
1112

13+
RuboCop::RakeTask.new(:cookstyle) do |task|
14+
task.options << '--display-cop-names'
15+
end
16+
1217
# lint the project
1318
desc 'Run robocop linter'
1419
task lint: [:rubocop]

controls/1_1_filesystem_configuration.rb

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# frozen_string_literal: true
22

33
#
4-
# Copyright 2017, Schuberg Philis B.V.
4+
# Copyright:: 2017, Schuberg Philis B.V.
55
#
66
# Licensed under the Apache License, Version 2.0 (the "License");
77
# you may not use this file except in compliance with the License.
@@ -230,7 +230,6 @@
230230
describe mount('/var/tmp') do
231231
its('options') { should include 'nodev' }
232232
end
233-
234233
end
235234

236235
control 'cis-dil-benchmark-1.1.9' do
@@ -248,7 +247,6 @@
248247
describe mount('/var/tmp') do
249248
its('options') { should include 'nosuid' }
250249
end
251-
252250
end
253251

254252
control 'cis-dil-benchmark-1.1.10' do
@@ -266,7 +264,6 @@
266264
describe mount('/var/tmp') do
267265
its('options') { should include 'noexec' }
268266
end
269-
270267
end
271268

272269
control 'cis-dil-benchmark-1.1.11' do

controls/1_2_configure_software_updates.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# frozen_string_literal: true
22

33
#
4-
# Copyright 2017, Schuberg Philis B.V.
4+
# Copyright:: 2017, Schuberg Philis B.V.
55
#
66
# Licensed under the Apache License, Version 2.0 (the "License");
77
# you may not use this file except in compliance with the License.

controls/1_3_filesystem_integrity_checking.rb

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# frozen_string_literal: true
22

33
#
4-
# Copyright 2017, Schuberg Philis B.V.
4+
# Copyright:: 2017, Schuberg Philis B.V.
55
#
66
# Licensed under the Apache License, Version 2.0 (the "License");
77
# you may not use this file except in compliance with the License.
@@ -48,13 +48,13 @@
4848
tag level: 1
4949

5050
describe.one do
51-
%w[/var/spool/cron/crontabs/root /var/spool/cron/root /etc/crontab].each do |f|
51+
%w(/var/spool/cron/crontabs/root /var/spool/cron/root /etc/crontab).each do |f|
5252
describe file(f) do
5353
its('content') { should match(/aide (--check|-C)/) }
5454
end
5555
end
5656

57-
%w[cron.d cron.hourly cron.daily cron.weekly cron.monthly].each do |f|
57+
%w(cron.d cron.hourly cron.daily cron.weekly cron.monthly).each do |f|
5858
command("find /etc/#{f} -type f").stdout.split.each do |entry|
5959
describe file(entry) do
6060
its('content') { should match(/aide (--check|-C)/) }

controls/1_4_secure_boot_settings.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# frozen_string_literal: true
22

33
#
4-
# Copyright 2017, Schuberg Philis B.V.
4+
# Copyright:: 2017, Schuberg Philis B.V.
55
#
66
# Licensed under the Apache License, Version 2.0 (the "License");
77
# you may not use this file except in compliance with the License.

controls/1_5_additional_process_hardening.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# frozen_string_literal: true
22

33
#
4-
# Copyright 2017, Schuberg Philis B.V.
4+
# Copyright:: 2017, Schuberg Philis B.V.
55
#
66
# Licensed under the Apache License, Version 2.0 (the "License");
77
# you may not use this file except in compliance with the License.

controls/1_6_mandatory_access_control.rb

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# frozen_string_literal: true
22

33
#
4-
# Copyright 2017, Schuberg Philis B.V.
4+
# Copyright:: 2017, Schuberg Philis B.V.
55
#
66
# Licensed under the Apache License, Version 2.0 (the "License");
77
# you may not use this file except in compliance with the License.
@@ -30,7 +30,7 @@
3030
tag level: 2
3131

3232
describe.one do
33-
%w[libselinux libselinux1 apparmor].each do |p|
33+
%w(libselinux libselinux1 apparmor).each do |p|
3434
describe package(p) do
3535
it { should be_installed }
3636
end
@@ -49,7 +49,7 @@
4949
tag level: 2
5050

5151
describe.one do
52-
%w[/boot/grub2/grub.cfg /boot/grub/menu.lst].each do |f|
52+
%w(/boot/grub2/grub.cfg /boot/grub/menu.lst).each do |f|
5353
describe file(f) do
5454
its('content') { should_not match /selinux=0/ }
5555
its('content') { should_not match /enforcing=0/ }

controls/1_7_warning_banners.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# frozen_string_literal: true
22

33
#
4-
# Copyright 2017, Schuberg Philis B.V.
4+
# Copyright:: 2017, Schuberg Philis B.V.
55
#
66
# Licensed under the Apache License, Version 2.0 (the "License");
77
# you may not use this file except in compliance with the License.

controls/1_8_ensure_patches.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# frozen_string_literal: true
22

33
#
4-
# Copyright 2017, Schuberg Philis B.V.
4+
# Copyright:: 2017, Schuberg Philis B.V.
55
#
66
# Licensed under the Apache License, Version 2.0 (the "License");
77
# you may not use this file except in compliance with the License.

controls/2_1_inetd_services.rb

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# frozen_string_literal: true
22

33
#
4-
# Copyright 2017, Schuberg Philis B.V.
4+
# Copyright:: 2017, Schuberg Philis B.V.
55
#
66
# Licensed under the Apache License, Version 2.0 (the "License");
77
# you may not use this file except in compliance with the License.
@@ -166,7 +166,7 @@
166166
file('/etc/xinetd.conf').exist? || file('/etc/inetd.conf').exist?
167167
end
168168

169-
%w[shell login exec rsh rlogin rexec].each do |s|
169+
%w(shell login exec rsh rlogin rexec).each do |s|
170170
describe xinetd_conf.services(s) do
171171
it { should be_disabled }
172172
end
@@ -195,7 +195,7 @@
195195
file('/etc/xinetd.conf').exist? || file('/etc/inetd.conf').exist?
196196
end
197197

198-
%w[talk ntalk].each do |s|
198+
%w(talk ntalk).each do |s|
199199
describe xinetd_conf.services(s) do
200200
it { should be_disabled }
201201
end

controls/2_2_special_purpose_services.rb

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# frozen_string_literal: true
22

33
#
4-
# Copyright 2017, Schuberg Philis B.V.
4+
# Copyright:: 2017, Schuberg Philis B.V.
55
#
66
# Licensed under the Apache License, Version 2.0 (the "License");
77
# you may not use this file except in compliance with the License.
@@ -108,7 +108,7 @@
108108
end
109109

110110
describe.one do
111-
%w[/etc/chrony/chrony.conf /etc/chrony.conf].each do |f|
111+
%w(/etc/chrony/chrony.conf /etc/chrony.conf).each do |f|
112112
describe file(f) do
113113
its('content') { should match(/^(pool|server)\s+\S+/) }
114114
end
@@ -192,7 +192,7 @@
192192
tag cis: 'distribution-independent-linux:2.2.5'
193193
tag level: 1
194194

195-
%w[isc-dhcp-server isc-dhcp-server6 dhcpd].each do |s|
195+
%w(isc-dhcp-server isc-dhcp-server6 dhcpd).each do |s|
196196
describe service(s) do
197197
it { should_not be_enabled }
198198
it { should_not be_running }
@@ -222,7 +222,7 @@
222222
tag cis: 'distribution-independent-linux:2.2.7'
223223
tag level: 1
224224

225-
%w[nfs-kernel-server nfs rpcbind].each do |s|
225+
%w(nfs-kernel-server nfs rpcbind).each do |s|
226226
describe service(s) do
227227
it { should_not be_enabled }
228228
it { should_not be_running }
@@ -238,7 +238,7 @@
238238
tag cis: 'distribution-independent-linux:2.2.8'
239239
tag level: 1
240240

241-
%w[named bind bind9].each do |s|
241+
%w(named bind bind9).each do |s|
242242
describe service(s) do
243243
it { should_not be_enabled }
244244
it { should_not be_running }
@@ -268,7 +268,7 @@
268268
tag cis: 'distribution-independent-linux:2.2.10'
269269
tag level: 1
270270

271-
%w[apache apache2 httpd lighttpd nginx].each do |s|
271+
%w(apache apache2 httpd lighttpd nginx).each do |s|
272272
describe service(s) do
273273
it { should_not be_enabled }
274274
it { should_not be_running }
@@ -284,7 +284,7 @@
284284
tag cis: 'distribution-independent-linux:2.2.11'
285285
tag level: 1
286286

287-
%w[dovecot courier-imap cyrus-imap].each do |s|
287+
%w(dovecot courier-imap cyrus-imap).each do |s|
288288
describe service(s) do
289289
it { should_not be_enabled }
290290
it { should_not be_running }
@@ -300,7 +300,7 @@
300300
tag cis: 'distribution-independent-linux:2.2.12'
301301
tag level: 1
302302

303-
%w[samba smb smbd].each do |s|
303+
%w(samba smb smbd).each do |s|
304304
describe service(s) do
305305
it { should_not be_enabled }
306306
it { should_not be_running }
@@ -316,7 +316,7 @@
316316
tag cis: 'distribution-independent-linux:2.2.13'
317317
tag level: 1
318318

319-
%w[squid squid3].each do |s|
319+
%w(squid squid3).each do |s|
320320
describe service(s) do
321321
it { should_not be_enabled }
322322
it { should_not be_running }
@@ -359,7 +359,7 @@
359359
tag cis: 'distribution-independent-linux:2.2.16'
360360
tag level: 1
361361

362-
%w[rsync rsyncd].each do |s|
362+
%w(rsync rsyncd).each do |s|
363363
describe service(s) do
364364
it { should_not be_enabled }
365365
it { should_not be_running }
@@ -375,7 +375,7 @@
375375
tag cis: 'distribution-independent-linux:2.2.17'
376376
tag level: 1
377377

378-
%w[nis ypserv].each do |s|
378+
%w(nis ypserv).each do |s|
379379
describe service(s) do
380380
it { should_not be_enabled }
381381
it { should_not be_running }

controls/2_3_service_clients.rb

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# frozen_string_literal: true
22

33
#
4-
# Copyright 2017, Schuberg Philis B.V.
4+
# Copyright:: 2017, Schuberg Philis B.V.
55
#
66
# Licensed under the Apache License, Version 2.0 (the "License");
77
# you may not use this file except in compliance with the License.
@@ -27,7 +27,7 @@
2727
tag cis: 'distribution-independent-linux:2.3.1'
2828
tag level: 1
2929

30-
%w[nis ypbind].each do |p|
30+
%w(nis ypbind).each do |p|
3131
describe package(p) do
3232
it { should_not be_installed }
3333
end
@@ -42,7 +42,7 @@
4242
tag cis: 'distribution-independent-linux:2.3.2'
4343
tag level: 1
4444

45-
%w[rsh-client rsh-redone-client rsh].each do |p|
45+
%w(rsh-client rsh-redone-client rsh).each do |p|
4646
describe package(p) do
4747
it { should_not be_installed }
4848
end
@@ -83,7 +83,7 @@
8383
tag cis: 'distribution-independent-linux:2.3.5'
8484
tag level: 1
8585

86-
%w[ldap-utils openldap-clients openldap2-client].each do |p|
86+
%w(ldap-utils openldap-clients openldap2-client).each do |p|
8787
describe package(p) do
8888
it { should_not be_installed }
8989
end

controls/3_1_network_parameters_host_only.rb

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# frozen_string_literal: true
22

33
#
4-
# Copyright 2017, Schuberg Philis B.V.
4+
# Copyright:: 2017, Schuberg Philis B.V.
55
#
66
# Licensed under the Apache License, Version 2.0 (the "License");
77
# you may not use this file except in compliance with the License.
@@ -27,10 +27,10 @@
2727
tag cis: 'distribution-independent-linux:3.1.1'
2828
tag level: 1
2929

30-
%w[
30+
%w(
3131
net.ipv4.ip_forward
3232
net.ipv6.conf.all.forwarding
33-
].each do |kp|
33+
).each do |kp|
3434
describe kernel_parameter(kp) do
3535
its('value') { should_not be_nil }
3636
its('value') { should cmp 0 }
@@ -46,10 +46,10 @@
4646
tag cis: 'distribution-independent-linux:3.1.2'
4747
tag level: 1
4848

49-
%w[
49+
%w(
5050
net.ipv4.conf.all.send_redirects
5151
net.ipv4.conf.default.send_redirects
52-
].each do |kp|
52+
).each do |kp|
5353
describe kernel_parameter(kp) do
5454
its('value') { should_not be_nil }
5555
its('value') { should cmp 0 }

0 commit comments

Comments
 (0)