Class: Rules::GitConfigGlobal

Inherits:

Base

• Object
• Base
• Rules::GitConfigGlobal

Defined in:

lib/rules/git_config_global.rb

Instance Method Summary

• #check(workflow) ⇒ Object
• #description ⇒ Object
• #name ⇒ Object
• #severity ⇒ Object

Instance Method Details

#check(workflow) ⇒ Object

# File 'lib/rules/git_config_global.rb', line 7

def check(workflow)
    findings = []

    workflow.lines_of(/git config --global/).each do |line_num|
        line = workflow.line_content(line_num)
        next unless line&.match?(/insteadOf|url\.|credential/)

        findings << finding(workflow,
            line: line_num,
            code: line.strip,
            message: "git config --global writes credentials to ~/.gitconfig — accessible to all subsequent git operations",
            fix: "Use --local instead of --global to scope to the repo clone"
        )
    end

    findings
end

#description ⇒ Object

# File 'lib/rules/git_config_global.rb', line 4

def description = "git config --global persists credentials beyond the repo clone"

#name ⇒ Object

# File 'lib/rules/git_config_global.rb', line 3

def name = "git-config-global"

#severity ⇒ Object

# File 'lib/rules/git_config_global.rb', line 5

def severity = :medium