Class: RuboCop::Cop::Chef::Security::SshPrivateKey

Inherits:

Base

Object
Base
RuboCop::Cop::Chef::Security::SshPrivateKey

show all

Defined in:: lib/rubocop/cop/chef/security/ssh_private_key.rb

Overview

Do not include plain text SSH private keys in your cookbook code. This sensitive data should be fetched from secrets management systems so that secrets are not uploaded in plain text to the Chef Infra Server or committed to source control systems.

Examples:


### incorrect
file '/Users/bob_bobberson/.ssh/id_rsa' do
  content '-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----'
  mode '600'
end

Constant Summary collapse

MSG =

'Do not include plain text SSH private keys in your cookbook code. This sensitive data should be fetched from secrets management systems so that secrets are not uploaded in plain text to the Chef Infra Server or committed to source control systems.'

Instance Method Summary collapse

#on_send(node) ⇒ Object

Methods inherited from Base

#target_chef_version

Instance Method Details

#on_send(node) ⇒ `Object`

# File 'lib/rubocop/cop/chef/security/ssh_private_key.rb', line 35

def on_send(node)
  return unless node.arguments?
  node.arguments.each do |arg|
    next unless arg.str_type? || arg.dstr_type?

    if arg.value.start_with?('-----BEGIN RSA PRIVATE', '-----BEGIN EC PRIVATE') # cookstyle: disable Chef/Security/SshPrivateKey
      add_offense(node, severity: :warning)
    end
  end
end