diff --git a/.rubocop.yml b/.rubocop.yml index 119c10f..3161ad1 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -26,3 +26,7 @@ Metrics/PerceivedComplexity: Max: 10 Metrics/AbcSize: Max: 30 +# Lint/AmbiguousBlockAssociation is incompatible with RSpec +# https://github.com/rubocop-hq/rubocop/issues/4222 +Lint/AmbiguousBlockAssociation: + Enabled: false diff --git a/Rakefile b/Rakefile index e1f86e6..b875a7b 100644 --- a/Rakefile +++ b/Rakefile @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'rake/testtask' require 'rubocop/rake_task' diff --git a/controls/os_spec.rb b/controls/os_spec.rb index 5b746df..c375c79 100644 --- a/controls/os_spec.rb +++ b/controls/os_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # # Copyright 2015, Patrick Muench # @@ -26,10 +28,10 @@ shadow_group = 'root' shadow_group = 'shadow' if os.debian? || os.suse? || os.name == 'alpine' container_execution = begin - virtualization.role == 'guest' && virtualization.system =~ /^(lxc|docker)$/ - rescue NoMethodError - false - end + virtualization.role == 'guest' && virtualization.system =~ /^(lxc|docker)$/ +rescue NoMethodError + false +end blacklist = attribute( 'blacklist', @@ -250,7 +252,7 @@ it { should be_directory } end - loaded_files = command('find ' + cpuvulndir + ' -type f -maxdepth 1').stdout.split(/\n/).map(&:strip).find_all { |vulnfiles| !vulnfiles.empty? } + loaded_files = command("find #{cpuvulndir} -type f -maxdepth 1").stdout.split(/\n/).map(&:strip).find_all { |vulnfiles| !vulnfiles.empty? } loaded_files.each do |vulnfile| describe file(vulnfile) do diff --git a/controls/package_spec.rb b/controls/package_spec.rb index 37ab434..e754d21 100644 --- a/controls/package_spec.rb +++ b/controls/package_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # # Copyright 2015, Patrick Muench # @@ -19,10 +21,10 @@ val_syslog_pkg = attribute('syslog_pkg', value: 'rsyslog', description: 'syslog package to ensure present (default: rsyslog, alternative: syslog-ng...') container_execution = begin - virtualization.role == 'guest' && virtualization.system =~ /^(lxc|docker)$/ - rescue NoMethodError - false - end + virtualization.role == 'guest' && virtualization.system =~ /^(lxc|docker)$/ +rescue NoMethodError + false +end control 'package-01' do impact 1.0 diff --git a/controls/sysctl_spec.rb b/controls/sysctl_spec.rb index c8e2a1b..332ab5c 100644 --- a/controls/sysctl_spec.rb +++ b/controls/sysctl_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # # Copyright 2015, Patrick Muench # @@ -20,10 +22,10 @@ sysctl_forwarding = attribute('sysctl_forwarding', value: false, description: 'Is network forwarding needed?') kernel_modules_disabled = attribute('kernel_modules_disabled', value: 0, description: 'Should loading of kernel modules be disabled?') container_execution = begin - virtualization.role == 'guest' && virtualization.system =~ /^(lxc|docker)$/ - rescue NoMethodError - false - end + virtualization.role == 'guest' && virtualization.system =~ /^(lxc|docker)$/ +rescue NoMethodError + false +end control 'sysctl-01' do impact 1.0 diff --git a/libraries/suid_blacklist.rb b/libraries/suid_blacklist.rb index 8c6bd49..3155324 100644 --- a/libraries/suid_blacklist.rb +++ b/libraries/suid_blacklist.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # author: Christoph Hartmann class SUIDBlacklist < Inspec.resource(1) diff --git a/libraries/suid_check.rb b/libraries/suid_check.rb index 42690b4..4c509ed 100644 --- a/libraries/suid_check.rb +++ b/libraries/suid_check.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # author: Christoph Hartmann class SUIDCheck < Inspec.resource(1) @@ -10,6 +12,7 @@ class SUIDCheck < Inspec.resource(1) " def initialize(blacklist = nil) + super() blacklist = default if blacklist.nil? @blacklist = blacklist end