Jira (PUP-5550) linter should print warning for code that will result in logging or backups of secrets
Title: Message Title Henrik Lindberg commented on PUP-5550 Re: linter should print warning for code that will result in logging or backups of secrets The puppet-lint tool is a community project that you can find on github. This is not the right issue tracker for the project. What you are proposing sounds like a good idea, and i suggest you log this issue with the puppet-lint project. Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5550) linter should print warning for code that will result in logging or backups of secrets
Title: Message Title Jesse Endahl created an issue Puppet / PUP-5550 linter should print warning for code that will result in logging or backups of secrets Issue Type: Improvement Assignee: Unassigned Created: 2015/11/25 2:38 PM Priority: Normal Reporter: Jesse Endahl It would be great if `puppet lint` could print a warning anytime it sees a puppet file resource that references a file containing what is likely to be a secret. If a hit was found, the warning could look something like this: ``` WARNING: Potentially insecure use of file resource. String `BEGIN PRIVATE KEY` found in file referenced by your file resource at line 20. Your current Puppet code will result in logging and backups of this file whenever its contents are updated by Puppet. To prevent contents of this file from being written to log files, add the following line to the file resource: show_diff => false, To prevent filebucketing of this file, add the following line to the file resource: backup => false, ``` The linter would accomplish this by parsing the contents of files referenced by file resources and checking for various headers associated with secrets. For a start, looking for the string `BEGIN PRIVATE KEY` would catch both SSL and SSH private keys.
Jira (PUP-5550) linter should print warning for code that will result in logging or backups of secrets
Title: Message Title Jesse Endahl updated an issue Puppet / PUP-5550 linter should print warning for code that will result in logging or backups of secrets Change By: Jesse Endahl It would be great if `puppet lint` could print a warning anytime it sees a puppet file resource that references a file containing what is likely to be a secret. If a hit was found, the warning could look something like this: ``` {{ WARNING: Potentially insecure use of file resource. String `BEGIN PRIVATE KEY` found in file referenced by your file resource at line 20. Your current Puppet code will result in logging and backups of this file whenever its contents are updated by Puppet.To prevent contents of this file from being written to log files, add the following line to the file resource:show_diff => false,To prevent filebucketing of this file, add the following line to the file resource:backup=> false, }} ``` The linter would accomplish this by parsing the contents of files referenced by file resources and checking for various headers associated with secrets. For a start, looking for the string `BEGIN PRIVATE KEY` would catch both SSL and SSH private keys. Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs.
Jira (PUP-5550) linter should print warning for code that will result in logging or backups of secrets
Title: Message Title Jesse Endahl updated an issue Puppet / PUP-5550 linter should print warning for code that will result in logging or backups of secrets Change By: Jesse Endahl It would be great if `puppet lint` could print a warning anytime it sees a puppet file resource that references a file containing what is likely to be a secret. If a hit was found, the warning could look something like this:{ { quote} WARNING: Potentially insecure use of file resource. String `BEGIN PRIVATE KEY` found in file referenced by your file resource at line 20. Your current Puppet code will result in logging and backups of this file whenever its contents are updated by Puppet.To prevent contents of this file from being written to log files, add the following line to the file resource:show_diff => false,To prevent filebucketing of this file, add the following line to the file resource:backup=> false, {quote } } The linter would accomplish this by parsing the contents of files referenced by file resources and checking for various headers associated with secrets. For a start, looking for the string `BEGIN PRIVATE KEY` would catch both SSL and SSH private keys. Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at