1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
""" Check for data that claims to be encrypted, but is not. """
import os
import lxml.etree
import Bcfg2.Options
from Bcfg2.Server.Lint import ServerlessPlugin
from Bcfg2.Server.Encryption import is_encrypted
class Crypto(ServerlessPlugin):
""" Check for templated scripts or executables. """
def Run(self):
if os.path.exists(os.path.join(Bcfg2.Options.setup.repository, "Cfg")):
self.check_cfg()
if os.path.exists(os.path.join(Bcfg2.Options.setup.repository,
"Properties")):
self.check_properties()
# TODO: check all XML files
@classmethod
def Errors(cls):
return {"unencrypted-cfg": "error",
"empty-encrypted-properties": "error",
"unencrypted-properties": "error"}
def check_cfg(self):
""" Check for Cfg files that end in .crypt but aren't encrypted """
for root, _, files in os.walk(
os.path.join(Bcfg2.Options.setup.repository, "Cfg")):
for fname in files:
fpath = os.path.join(root, fname)
if self.HandlesFile(fpath) and fname.endswith(".crypt"):
if not is_encrypted(open(fpath).read()):
self.LintError(
"unencrypted-cfg",
"%s is a .crypt file, but it is not encrypted" %
fpath)
def check_properties(self):
""" Check for Properties data that has an ``encrypted`` attribute but
aren't encrypted """
for root, _, files in os.walk(
os.path.join(Bcfg2.Options.setup.repository, "Properties")):
for fname in files:
fpath = os.path.join(root, fname)
if self.HandlesFile(fpath) and fname.endswith(".xml"):
xdata = lxml.etree.parse(fpath)
for elt in xdata.xpath('//*[@encrypted]'):
if not elt.text:
self.LintError(
"empty-encrypted-properties",
"Element in %s has an 'encrypted' attribute, "
"but no text content: %s" %
(fpath, self.RenderXML(elt)))
elif not is_encrypted(elt.text):
self.LintError(
"unencrypted-properties",
"Element in %s has an 'encrypted' attribute, "
"but is not encrypted: %s" %
(fpath, self.RenderXML(elt)))
|