Class: RuboCop::Cop::Chef::Correctness::OpenSSLPasswordHelpers

Inherits:

Base

Object
Base
RuboCop::Cop::Chef::Correctness::OpenSSLPasswordHelpers

show all

Defined in:: lib/rubocop/cop/chef/correctness/openssl_password_helpers.rb

Overview

The OpenSSL cookbook provides a deprecated ‘secure_password` helper in the `Opscode::OpenSSL::Password` class, which should no longer be used. This helper would generate a random password that would be used when a data bag or attribute was no present. The practice of generating passwords to be stored on the node is bad security as it exposes the password to anyone that can view the nodes, and deleting a node deletes the password. Passwords should be retrieved from a secure source for use in cookbooks.

### incorrect
::Chef::Recipe.send(:include, Opscode::OpenSSL::Password)
basic_auth_password = secure_password

Constant Summary collapse

MSG =

'The `secure_password` helper from the openssl cookbooks `Opscode::OpenSSL::Password` class should not be used to generate passwords.'

Instance Method Summary collapse

#on_const(node) ⇒ Object

Methods inherited from Base

#target_chef_version

Instance Method Details

#on_const(node) ⇒ `Object`

# File 'lib/rubocop/cop/chef/correctness/openssl_password_helpers.rb', line 37

def on_const(node)
  openssl_helper?(node) do
    add_offense(node, severity: :warning)
  end
end