Class: RuboCop::Cop::Chef::Modernize::WindowsRegistryUAC

Inherits:

Base

• Object
• Base
• RuboCop::Cop::Chef::Modernize::WindowsRegistryUAC

Extended by:

TargetChefVersion

Includes:

RuboCop::Chef::CookbookHelpers

Defined in:

lib/rubocop/cop/chef/modernize/windows_registry_uac.rb

Overview

Chef Infra Client 15.0 and later includes a windows_uac resource that should be used to set Windows UAC values instead of setting registry keys directly.

Examples:

### incorrect
registry_key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' do
  values [{ name: 'EnableLUA', type: :dword, data: 0 },
          { name: 'PromptOnSecureDesktop', type: :dword, data: 0 },
          { name: 'ConsentPromptBehaviorAdmin', type: :dword, data: 0 },
         ]
  action :create
end

### correct
windows_uac 'Set Windows UAC settings' do
  enable_uac false
  prompt_on_secure_desktop true
  consent_behavior_admins :no_prompt
end

Constant Summary

MSG =

'Chef Infra Client 15.0 and later includes a windows_uac resource that should be used to set Windows UAC values instead of setting registry keys directly.'

RESTRICT_ON_SEND =

[:registry_key].freeze

VALID_VALUES =

%w(EnableLUA ValidateAdminCodeSignatures PromptOnSecureDesktop ConsentPromptBehaviorAdmin ConsentPromptBehaviorUser EnableInstallerDetection).freeze

Instance Method Summary

• #correct_key?(node) ⇒ Boolean

  make sure the registry_key resource is running against the correct key check the block name and the key property (registry_key’s name property).

• #on_block(node) ⇒ Object

  block registry_key resources.

• #uac_supported_values?(node) ⇒ Boolean

  make sure the values passed are all the ones in the uac resource this key has other values we don’t support in the windows_uac resource.

Methods included from TargetChefVersion

minimum_target_chef_version, required_minimum_chef_version, support_target_chef_version?

Methods included from RuboCop::Chef::CookbookHelpers

#match_property_in_resource?, #match_resource_type?, #method_arg_ast_to_string, #resource_block_name_if_string

Methods inherited from Base

#target_chef_version

Instance Method Details

#correct_key?(node) ⇒ Boolean

make sure the registry_key resource is running against the correct key check the block name and the key property (registry_key’s name property)

Returns:

• (Boolean)

# File 'lib/rubocop/cop/chef/modernize/windows_registry_uac.rb', line 79

def correct_key?(node)
  return true if node.send_node.arguments.first.source.match?(/(HKLM|HKEY_LOCAL_MACHINE)\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System/i)

  match_property_in_resource?(:registry_key, 'key', node) do |key_prop|
    property_data = method_arg_ast_to_string(key_prop)
    return true if property_data && property_data.match?(/(HKLM|HKEY_LOCAL_MACHINE)\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System/i)
  end
  false
end

#on_block(node) ⇒ Object

block registry_key resources

# File 'lib/rubocop/cop/chef/modernize/windows_registry_uac.rb', line 53

def on_block(node)
  return unless node.method?(:registry_key)
  return unless correct_key?(node)
  return unless uac_supported_values?(node)
  add_offense(node, severity: :refactor)
end

#uac_supported_values?(node) ⇒ Boolean

make sure the values passed are all the ones in the uac resource this key has other values we don’t support in the windows_uac resource

Returns:

• (Boolean)

# File 'lib/rubocop/cop/chef/modernize/windows_registry_uac.rb', line 62

def uac_supported_values?(node)
  match_property_in_resource?(:registry_key, 'values', node) do |val_prop|
    return false unless val_prop&.arguments[0].array_type? # make sure values isn't being passed a variable or method
    val_prop.arguments[0].each_value do |array|
      array.each_pair do |key, value|
        if key == s(:sym, :name)
          return false unless value.str_type? # make sure it isn't being a variable or method that we can't parse
          return false unless VALID_VALUES.include?(value.value)
        end
      end
    end
  end
  true
end